summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorsimon <simon@FreeBSD.org>2008-08-23 10:51:00 +0000
committersimon <simon@FreeBSD.org>2008-08-23 10:51:00 +0000
commit64fcbc70db16b1c94d818662746bb0e9c4fdb705 (patch)
tree596c39f00d5968b1519e8cd7f0546412b14c20f0 /crypto
parent8f21bfc1756ff75fb4caf97e5c9612a4d7106243 (diff)
downloadFreeBSD-src-64fcbc70db16b1c94d818662746bb0e9c4fdb705.zip
FreeBSD-src-64fcbc70db16b1c94d818662746bb0e9c4fdb705.tar.gz
Flatten OpenSSL vendor tree.
Diffstat (limited to 'crypto')
-rw-r--r--crypto/LPdir_nyi.c (renamed from crypto/openssl/crypto/LPdir_nyi.c)0
-rw-r--r--crypto/LPdir_unix.c (renamed from crypto/openssl/crypto/LPdir_unix.c)0
-rw-r--r--crypto/LPdir_vms.c (renamed from crypto/openssl/crypto/LPdir_vms.c)0
-rw-r--r--crypto/LPdir_win.c (renamed from crypto/openssl/crypto/LPdir_win.c)0
-rw-r--r--crypto/LPdir_win32.c (renamed from crypto/openssl/crypto/LPdir_win32.c)0
-rw-r--r--crypto/LPdir_wince.c (renamed from crypto/openssl/crypto/LPdir_wince.c)0
-rw-r--r--crypto/Makefile (renamed from crypto/openssl/crypto/Makefile)0
-rw-r--r--crypto/aes/Makefile (renamed from crypto/openssl/crypto/aes/Makefile)0
-rw-r--r--crypto/aes/README (renamed from crypto/openssl/crypto/aes/README)0
-rw-r--r--crypto/aes/aes.h (renamed from crypto/openssl/crypto/aes/aes.h)0
-rw-r--r--crypto/aes/aes_cbc.c (renamed from crypto/openssl/crypto/aes/aes_cbc.c)0
-rw-r--r--crypto/aes/aes_cfb.c (renamed from crypto/openssl/crypto/aes/aes_cfb.c)0
-rw-r--r--crypto/aes/aes_core.c (renamed from crypto/openssl/crypto/aes/aes_core.c)0
-rw-r--r--crypto/aes/aes_ctr.c (renamed from crypto/openssl/crypto/aes/aes_ctr.c)0
-rw-r--r--crypto/aes/aes_ecb.c (renamed from crypto/openssl/crypto/aes/aes_ecb.c)0
-rw-r--r--crypto/aes/aes_ige.c (renamed from crypto/openssl/crypto/aes/aes_ige.c)0
-rw-r--r--crypto/aes/aes_locl.h (renamed from crypto/openssl/crypto/aes/aes_locl.h)0
-rw-r--r--crypto/aes/aes_misc.c (renamed from crypto/openssl/crypto/aes/aes_misc.c)0
-rw-r--r--crypto/aes/aes_ofb.c (renamed from crypto/openssl/crypto/aes/aes_ofb.c)0
-rwxr-xr-xcrypto/aes/asm/aes-586.pl (renamed from crypto/openssl/crypto/aes/asm/aes-586.pl)0
-rw-r--r--crypto/aes/asm/aes-ia64.S (renamed from crypto/openssl/crypto/aes/asm/aes-ia64.S)0
-rw-r--r--crypto/asn1/Makefile (renamed from crypto/openssl/crypto/asn1/Makefile)0
-rw-r--r--crypto/asn1/a_bitstr.c (renamed from crypto/openssl/crypto/asn1/a_bitstr.c)0
-rw-r--r--crypto/asn1/a_bool.c (renamed from crypto/openssl/crypto/asn1/a_bool.c)0
-rw-r--r--crypto/asn1/a_bytes.c (renamed from crypto/openssl/crypto/asn1/a_bytes.c)0
-rw-r--r--crypto/asn1/a_d2i_fp.c (renamed from crypto/openssl/crypto/asn1/a_d2i_fp.c)0
-rw-r--r--crypto/asn1/a_digest.c (renamed from crypto/openssl/crypto/asn1/a_digest.c)0
-rw-r--r--crypto/asn1/a_dup.c (renamed from crypto/openssl/crypto/asn1/a_dup.c)0
-rw-r--r--crypto/asn1/a_enum.c (renamed from crypto/openssl/crypto/asn1/a_enum.c)0
-rw-r--r--crypto/asn1/a_gentm.c (renamed from crypto/openssl/crypto/asn1/a_gentm.c)0
-rw-r--r--crypto/asn1/a_hdr.c (renamed from crypto/openssl/crypto/asn1/a_hdr.c)0
-rw-r--r--crypto/asn1/a_i2d_fp.c (renamed from crypto/openssl/crypto/asn1/a_i2d_fp.c)0
-rw-r--r--crypto/asn1/a_int.c (renamed from crypto/openssl/crypto/asn1/a_int.c)0
-rw-r--r--crypto/asn1/a_mbstr.c (renamed from crypto/openssl/crypto/asn1/a_mbstr.c)0
-rw-r--r--crypto/asn1/a_meth.c (renamed from crypto/openssl/crypto/asn1/a_meth.c)0
-rw-r--r--crypto/asn1/a_object.c (renamed from crypto/openssl/crypto/asn1/a_object.c)0
-rw-r--r--crypto/asn1/a_octet.c (renamed from crypto/openssl/crypto/asn1/a_octet.c)0
-rw-r--r--crypto/asn1/a_print.c (renamed from crypto/openssl/crypto/asn1/a_print.c)0
-rw-r--r--crypto/asn1/a_set.c (renamed from crypto/openssl/crypto/asn1/a_set.c)0
-rw-r--r--crypto/asn1/a_sign.c (renamed from crypto/openssl/crypto/asn1/a_sign.c)0
-rw-r--r--crypto/asn1/a_strex.c (renamed from crypto/openssl/crypto/asn1/a_strex.c)0
-rw-r--r--crypto/asn1/a_strnid.c (renamed from crypto/openssl/crypto/asn1/a_strnid.c)0
-rw-r--r--crypto/asn1/a_time.c (renamed from crypto/openssl/crypto/asn1/a_time.c)0
-rw-r--r--crypto/asn1/a_type.c (renamed from crypto/openssl/crypto/asn1/a_type.c)0
-rw-r--r--crypto/asn1/a_utctm.c (renamed from crypto/openssl/crypto/asn1/a_utctm.c)0
-rw-r--r--crypto/asn1/a_utf8.c (renamed from crypto/openssl/crypto/asn1/a_utf8.c)0
-rw-r--r--crypto/asn1/a_verify.c (renamed from crypto/openssl/crypto/asn1/a_verify.c)0
-rw-r--r--crypto/asn1/asn1.h (renamed from crypto/openssl/crypto/asn1/asn1.h)0
-rw-r--r--crypto/asn1/asn1_err.c (renamed from crypto/openssl/crypto/asn1/asn1_err.c)0
-rw-r--r--crypto/asn1/asn1_gen.c (renamed from crypto/openssl/crypto/asn1/asn1_gen.c)0
-rw-r--r--crypto/asn1/asn1_lib.c (renamed from crypto/openssl/crypto/asn1/asn1_lib.c)0
-rw-r--r--crypto/asn1/asn1_mac.h (renamed from crypto/openssl/crypto/asn1/asn1_mac.h)0
-rw-r--r--crypto/asn1/asn1_par.c (renamed from crypto/openssl/crypto/asn1/asn1_par.c)0
-rw-r--r--crypto/asn1/asn1t.h (renamed from crypto/openssl/crypto/asn1/asn1t.h)0
-rw-r--r--crypto/asn1/asn_moid.c (renamed from crypto/openssl/crypto/asn1/asn_moid.c)0
-rw-r--r--crypto/asn1/asn_pack.c (renamed from crypto/openssl/crypto/asn1/asn_pack.c)0
-rw-r--r--crypto/asn1/charmap.h (renamed from crypto/openssl/crypto/asn1/charmap.h)0
-rw-r--r--crypto/asn1/charmap.pl (renamed from crypto/openssl/crypto/asn1/charmap.pl)0
-rw-r--r--crypto/asn1/d2i_pr.c (renamed from crypto/openssl/crypto/asn1/d2i_pr.c)0
-rw-r--r--crypto/asn1/d2i_pu.c (renamed from crypto/openssl/crypto/asn1/d2i_pu.c)0
-rw-r--r--crypto/asn1/evp_asn1.c (renamed from crypto/openssl/crypto/asn1/evp_asn1.c)0
-rw-r--r--crypto/asn1/f_enum.c (renamed from crypto/openssl/crypto/asn1/f_enum.c)0
-rw-r--r--crypto/asn1/f_int.c (renamed from crypto/openssl/crypto/asn1/f_int.c)0
-rw-r--r--crypto/asn1/f_string.c (renamed from crypto/openssl/crypto/asn1/f_string.c)0
-rw-r--r--crypto/asn1/i2d_pr.c (renamed from crypto/openssl/crypto/asn1/i2d_pr.c)0
-rw-r--r--crypto/asn1/i2d_pu.c (renamed from crypto/openssl/crypto/asn1/i2d_pu.c)0
-rw-r--r--crypto/asn1/n_pkey.c (renamed from crypto/openssl/crypto/asn1/n_pkey.c)0
-rw-r--r--crypto/asn1/nsseq.c (renamed from crypto/openssl/crypto/asn1/nsseq.c)0
-rw-r--r--crypto/asn1/p5_pbe.c (renamed from crypto/openssl/crypto/asn1/p5_pbe.c)0
-rw-r--r--crypto/asn1/p5_pbev2.c (renamed from crypto/openssl/crypto/asn1/p5_pbev2.c)0
-rw-r--r--crypto/asn1/p8_key.c (renamed from crypto/openssl/crypto/asn1/p8_key.c)0
-rw-r--r--crypto/asn1/p8_pkey.c (renamed from crypto/openssl/crypto/asn1/p8_pkey.c)0
-rw-r--r--crypto/asn1/t_bitst.c (renamed from crypto/openssl/crypto/asn1/t_bitst.c)0
-rw-r--r--crypto/asn1/t_crl.c (renamed from crypto/openssl/crypto/asn1/t_crl.c)0
-rw-r--r--crypto/asn1/t_pkey.c (renamed from crypto/openssl/crypto/asn1/t_pkey.c)0
-rw-r--r--crypto/asn1/t_req.c (renamed from crypto/openssl/crypto/asn1/t_req.c)0
-rw-r--r--crypto/asn1/t_spki.c (renamed from crypto/openssl/crypto/asn1/t_spki.c)0
-rw-r--r--crypto/asn1/t_x509.c (renamed from crypto/openssl/crypto/asn1/t_x509.c)0
-rw-r--r--crypto/asn1/t_x509a.c (renamed from crypto/openssl/crypto/asn1/t_x509a.c)0
-rw-r--r--crypto/asn1/tasn_dec.c (renamed from crypto/openssl/crypto/asn1/tasn_dec.c)0
-rw-r--r--crypto/asn1/tasn_enc.c (renamed from crypto/openssl/crypto/asn1/tasn_enc.c)0
-rw-r--r--crypto/asn1/tasn_fre.c (renamed from crypto/openssl/crypto/asn1/tasn_fre.c)0
-rw-r--r--crypto/asn1/tasn_new.c (renamed from crypto/openssl/crypto/asn1/tasn_new.c)0
-rw-r--r--crypto/asn1/tasn_prn.c (renamed from crypto/openssl/crypto/asn1/tasn_prn.c)0
-rw-r--r--crypto/asn1/tasn_typ.c (renamed from crypto/openssl/crypto/asn1/tasn_typ.c)0
-rw-r--r--crypto/asn1/tasn_utl.c (renamed from crypto/openssl/crypto/asn1/tasn_utl.c)0
-rw-r--r--crypto/asn1/x_algor.c (renamed from crypto/openssl/crypto/asn1/x_algor.c)0
-rw-r--r--crypto/asn1/x_attrib.c (renamed from crypto/openssl/crypto/asn1/x_attrib.c)0
-rw-r--r--crypto/asn1/x_bignum.c (renamed from crypto/openssl/crypto/asn1/x_bignum.c)0
-rw-r--r--crypto/asn1/x_crl.c (renamed from crypto/openssl/crypto/asn1/x_crl.c)0
-rw-r--r--crypto/asn1/x_exten.c (renamed from crypto/openssl/crypto/asn1/x_exten.c)0
-rw-r--r--crypto/asn1/x_info.c (renamed from crypto/openssl/crypto/asn1/x_info.c)0
-rw-r--r--crypto/asn1/x_long.c (renamed from crypto/openssl/crypto/asn1/x_long.c)0
-rw-r--r--crypto/asn1/x_name.c (renamed from crypto/openssl/crypto/asn1/x_name.c)0
-rw-r--r--crypto/asn1/x_pkey.c (renamed from crypto/openssl/crypto/asn1/x_pkey.c)0
-rw-r--r--crypto/asn1/x_pubkey.c (renamed from crypto/openssl/crypto/asn1/x_pubkey.c)0
-rw-r--r--crypto/asn1/x_req.c (renamed from crypto/openssl/crypto/asn1/x_req.c)0
-rw-r--r--crypto/asn1/x_sig.c (renamed from crypto/openssl/crypto/asn1/x_sig.c)0
-rw-r--r--crypto/asn1/x_spki.c (renamed from crypto/openssl/crypto/asn1/x_spki.c)0
-rw-r--r--crypto/asn1/x_val.c (renamed from crypto/openssl/crypto/asn1/x_val.c)0
-rw-r--r--crypto/asn1/x_x509.c (renamed from crypto/openssl/crypto/asn1/x_x509.c)0
-rw-r--r--crypto/asn1/x_x509a.c (renamed from crypto/openssl/crypto/asn1/x_x509a.c)0
-rw-r--r--crypto/bf/COPYRIGHT (renamed from crypto/openssl/crypto/bf/COPYRIGHT)0
-rw-r--r--crypto/bf/INSTALL (renamed from crypto/openssl/crypto/bf/INSTALL)0
-rw-r--r--crypto/bf/Makefile (renamed from crypto/openssl/crypto/bf/Makefile)0
-rw-r--r--crypto/bf/README (renamed from crypto/openssl/crypto/bf/README)0
-rw-r--r--crypto/bf/VERSION (renamed from crypto/openssl/crypto/bf/VERSION)0
-rw-r--r--crypto/bf/asm/bf-586.pl (renamed from crypto/openssl/crypto/bf/asm/bf-586.pl)0
-rw-r--r--crypto/bf/asm/bf-686.pl (renamed from crypto/openssl/crypto/bf/asm/bf-686.pl)0
-rw-r--r--crypto/bf/asm/readme (renamed from crypto/openssl/crypto/bf/asm/readme)0
-rw-r--r--crypto/bf/bf_cbc.c (renamed from crypto/openssl/crypto/bf/bf_cbc.c)0
-rw-r--r--crypto/bf/bf_cfb64.c (renamed from crypto/openssl/crypto/bf/bf_cfb64.c)0
-rw-r--r--crypto/bf/bf_ecb.c (renamed from crypto/openssl/crypto/bf/bf_ecb.c)0
-rw-r--r--crypto/bf/bf_enc.c (renamed from crypto/openssl/crypto/bf/bf_enc.c)0
-rw-r--r--crypto/bf/bf_locl.h (renamed from crypto/openssl/crypto/bf/bf_locl.h)0
-rw-r--r--crypto/bf/bf_ofb64.c (renamed from crypto/openssl/crypto/bf/bf_ofb64.c)0
-rw-r--r--crypto/bf/bf_opts.c (renamed from crypto/openssl/crypto/bf/bf_opts.c)0
-rw-r--r--crypto/bf/bf_pi.h (renamed from crypto/openssl/crypto/bf/bf_pi.h)0
-rw-r--r--crypto/bf/bf_skey.c (renamed from crypto/openssl/crypto/bf/bf_skey.c)0
-rw-r--r--crypto/bf/bfs.cpp (renamed from crypto/openssl/crypto/bf/bfs.cpp)0
-rw-r--r--crypto/bf/bfspeed.c (renamed from crypto/openssl/crypto/bf/bfspeed.c)0
-rw-r--r--crypto/bf/bftest.c (renamed from crypto/openssl/crypto/bf/bftest.c)0
-rw-r--r--crypto/bf/blowfish.h (renamed from crypto/openssl/crypto/bf/blowfish.h)0
-rw-r--r--crypto/bio/Makefile (renamed from crypto/openssl/crypto/bio/Makefile)0
-rw-r--r--crypto/bio/b_dump.c (renamed from crypto/openssl/crypto/bio/b_dump.c)0
-rw-r--r--crypto/bio/b_print.c (renamed from crypto/openssl/crypto/bio/b_print.c)0
-rw-r--r--crypto/bio/b_sock.c (renamed from crypto/openssl/crypto/bio/b_sock.c)0
-rw-r--r--crypto/bio/bf_buff.c (renamed from crypto/openssl/crypto/bio/bf_buff.c)0
-rw-r--r--crypto/bio/bf_lbuf.c (renamed from crypto/openssl/crypto/bio/bf_lbuf.c)0
-rw-r--r--crypto/bio/bf_nbio.c (renamed from crypto/openssl/crypto/bio/bf_nbio.c)0
-rw-r--r--crypto/bio/bf_null.c (renamed from crypto/openssl/crypto/bio/bf_null.c)0
-rw-r--r--crypto/bio/bio.h (renamed from crypto/openssl/crypto/bio/bio.h)0
-rw-r--r--crypto/bio/bio_cb.c (renamed from crypto/openssl/crypto/bio/bio_cb.c)0
-rw-r--r--crypto/bio/bio_err.c (renamed from crypto/openssl/crypto/bio/bio_err.c)0
-rw-r--r--crypto/bio/bio_lcl.h (renamed from crypto/openssl/crypto/bio/bio_lcl.h)0
-rw-r--r--crypto/bio/bio_lib.c (renamed from crypto/openssl/crypto/bio/bio_lib.c)0
-rw-r--r--crypto/bio/bss_acpt.c (renamed from crypto/openssl/crypto/bio/bss_acpt.c)0
-rw-r--r--crypto/bio/bss_bio.c (renamed from crypto/openssl/crypto/bio/bss_bio.c)0
-rw-r--r--crypto/bio/bss_conn.c (renamed from crypto/openssl/crypto/bio/bss_conn.c)0
-rw-r--r--crypto/bio/bss_dgram.c (renamed from crypto/openssl/crypto/bio/bss_dgram.c)0
-rw-r--r--crypto/bio/bss_fd.c (renamed from crypto/openssl/crypto/bio/bss_fd.c)0
-rw-r--r--crypto/bio/bss_file.c (renamed from crypto/openssl/crypto/bio/bss_file.c)0
-rw-r--r--crypto/bio/bss_log.c (renamed from crypto/openssl/crypto/bio/bss_log.c)0
-rw-r--r--crypto/bio/bss_mem.c (renamed from crypto/openssl/crypto/bio/bss_mem.c)0
-rw-r--r--crypto/bio/bss_null.c (renamed from crypto/openssl/crypto/bio/bss_null.c)0
-rw-r--r--crypto/bio/bss_rtcp.c (renamed from crypto/openssl/crypto/bio/bss_rtcp.c)0
-rw-r--r--crypto/bio/bss_sock.c (renamed from crypto/openssl/crypto/bio/bss_sock.c)0
-rw-r--r--crypto/bn/Makefile (renamed from crypto/openssl/crypto/bn/Makefile)0
-rw-r--r--crypto/bn/asm/README (renamed from crypto/openssl/crypto/bn/asm/README)0
-rw-r--r--crypto/bn/asm/alpha.s (renamed from crypto/openssl/crypto/bn/asm/alpha.s)0
-rw-r--r--crypto/bn/asm/alpha.s.works (renamed from crypto/openssl/crypto/bn/asm/alpha.s.works)0
-rw-r--r--crypto/bn/asm/alpha.works/add.pl (renamed from crypto/openssl/crypto/bn/asm/alpha.works/add.pl)0
-rw-r--r--crypto/bn/asm/alpha.works/div.pl (renamed from crypto/openssl/crypto/bn/asm/alpha.works/div.pl)0
-rw-r--r--crypto/bn/asm/alpha.works/mul.pl (renamed from crypto/openssl/crypto/bn/asm/alpha.works/mul.pl)0
-rw-r--r--crypto/bn/asm/alpha.works/mul_add.pl (renamed from crypto/openssl/crypto/bn/asm/alpha.works/mul_add.pl)0
-rw-r--r--crypto/bn/asm/alpha.works/mul_c4.pl (renamed from crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.pl)0
-rw-r--r--crypto/bn/asm/alpha.works/mul_c4.works.pl (renamed from crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.works.pl)0
-rw-r--r--crypto/bn/asm/alpha.works/mul_c8.pl (renamed from crypto/openssl/crypto/bn/asm/alpha.works/mul_c8.pl)0
-rw-r--r--crypto/bn/asm/alpha.works/sqr.pl (renamed from crypto/openssl/crypto/bn/asm/alpha.works/sqr.pl)0
-rw-r--r--crypto/bn/asm/alpha.works/sqr_c4.pl (renamed from crypto/openssl/crypto/bn/asm/alpha.works/sqr_c4.pl)0
-rw-r--r--crypto/bn/asm/alpha.works/sqr_c8.pl (renamed from crypto/openssl/crypto/bn/asm/alpha.works/sqr_c8.pl)0
-rw-r--r--crypto/bn/asm/alpha.works/sub.pl (renamed from crypto/openssl/crypto/bn/asm/alpha.works/sub.pl)0
-rw-r--r--crypto/bn/asm/alpha/add.pl (renamed from crypto/openssl/crypto/bn/asm/alpha/add.pl)0
-rw-r--r--crypto/bn/asm/alpha/div.pl (renamed from crypto/openssl/crypto/bn/asm/alpha/div.pl)0
-rw-r--r--crypto/bn/asm/alpha/mul.pl (renamed from crypto/openssl/crypto/bn/asm/alpha/mul.pl)0
-rw-r--r--crypto/bn/asm/alpha/mul_add.pl (renamed from crypto/openssl/crypto/bn/asm/alpha/mul_add.pl)0
-rw-r--r--crypto/bn/asm/alpha/mul_c4.pl (renamed from crypto/openssl/crypto/bn/asm/alpha/mul_c4.pl)0
-rw-r--r--crypto/bn/asm/alpha/mul_c4.works.pl (renamed from crypto/openssl/crypto/bn/asm/alpha/mul_c4.works.pl)0
-rw-r--r--crypto/bn/asm/alpha/mul_c8.pl (renamed from crypto/openssl/crypto/bn/asm/alpha/mul_c8.pl)0
-rw-r--r--crypto/bn/asm/alpha/sqr.pl (renamed from crypto/openssl/crypto/bn/asm/alpha/sqr.pl)0
-rw-r--r--crypto/bn/asm/alpha/sqr_c4.pl (renamed from crypto/openssl/crypto/bn/asm/alpha/sqr_c4.pl)0
-rw-r--r--crypto/bn/asm/alpha/sqr_c8.pl (renamed from crypto/openssl/crypto/bn/asm/alpha/sqr_c8.pl)0
-rw-r--r--crypto/bn/asm/alpha/sub.pl (renamed from crypto/openssl/crypto/bn/asm/alpha/sub.pl)0
-rw-r--r--crypto/bn/asm/bn-586.pl (renamed from crypto/openssl/crypto/bn/asm/bn-586.pl)0
-rw-r--r--crypto/bn/asm/bn-alpha.pl (renamed from crypto/openssl/crypto/bn/asm/bn-alpha.pl)0
-rw-r--r--crypto/bn/asm/ca.pl (renamed from crypto/openssl/crypto/bn/asm/ca.pl)0
-rw-r--r--crypto/bn/asm/co-586.pl (renamed from crypto/openssl/crypto/bn/asm/co-586.pl)0
-rw-r--r--crypto/bn/asm/co-alpha.pl (renamed from crypto/openssl/crypto/bn/asm/co-alpha.pl)0
-rw-r--r--crypto/bn/asm/ia64.S (renamed from crypto/openssl/crypto/bn/asm/ia64.S)0
-rw-r--r--crypto/bn/asm/mips1.s (renamed from crypto/openssl/crypto/bn/asm/mips1.s)0
-rw-r--r--crypto/bn/asm/mips3.s (renamed from crypto/openssl/crypto/bn/asm/mips3.s)0
-rw-r--r--crypto/bn/asm/pa-risc.s (renamed from crypto/openssl/crypto/bn/asm/pa-risc.s)0
-rw-r--r--crypto/bn/asm/pa-risc2.s (renamed from crypto/openssl/crypto/bn/asm/pa-risc2.s)0
-rw-r--r--crypto/bn/asm/pa-risc2W.s (renamed from crypto/openssl/crypto/bn/asm/pa-risc2W.s)0
-rw-r--r--crypto/bn/asm/ppc.pl (renamed from crypto/openssl/crypto/bn/asm/ppc.pl)0
-rw-r--r--crypto/bn/asm/r3000.s (renamed from crypto/openssl/crypto/bn/asm/r3000.s)0
-rw-r--r--crypto/bn/asm/sparcv8.S (renamed from crypto/openssl/crypto/bn/asm/sparcv8.S)0
-rw-r--r--crypto/bn/asm/sparcv8plus.S (renamed from crypto/openssl/crypto/bn/asm/sparcv8plus.S)0
-rw-r--r--crypto/bn/asm/x86.pl (renamed from crypto/openssl/crypto/bn/asm/x86.pl)0
-rw-r--r--crypto/bn/asm/x86/add.pl (renamed from crypto/openssl/crypto/bn/asm/x86/add.pl)0
-rw-r--r--crypto/bn/asm/x86/comba.pl (renamed from crypto/openssl/crypto/bn/asm/x86/comba.pl)0
-rw-r--r--crypto/bn/asm/x86/div.pl (renamed from crypto/openssl/crypto/bn/asm/x86/div.pl)0
-rw-r--r--crypto/bn/asm/x86/f (renamed from crypto/openssl/crypto/bn/asm/x86/f)0
-rw-r--r--crypto/bn/asm/x86/mul.pl (renamed from crypto/openssl/crypto/bn/asm/x86/mul.pl)0
-rw-r--r--crypto/bn/asm/x86/mul_add.pl (renamed from crypto/openssl/crypto/bn/asm/x86/mul_add.pl)0
-rw-r--r--crypto/bn/asm/x86/sqr.pl (renamed from crypto/openssl/crypto/bn/asm/x86/sqr.pl)0
-rw-r--r--crypto/bn/asm/x86/sub.pl (renamed from crypto/openssl/crypto/bn/asm/x86/sub.pl)0
-rw-r--r--crypto/bn/asm/x86_64-gcc.c (renamed from crypto/openssl/crypto/bn/asm/x86_64-gcc.c)0
-rw-r--r--crypto/bn/bn.h (renamed from crypto/openssl/crypto/bn/bn.h)0
-rw-r--r--crypto/bn/bn.mul (renamed from crypto/openssl/crypto/bn/bn.mul)0
-rw-r--r--crypto/bn/bn_add.c (renamed from crypto/openssl/crypto/bn/bn_add.c)0
-rw-r--r--crypto/bn/bn_asm.c (renamed from crypto/openssl/crypto/bn/bn_asm.c)0
-rw-r--r--crypto/bn/bn_blind.c (renamed from crypto/openssl/crypto/bn/bn_blind.c)0
-rwxr-xr-xcrypto/bn/bn_const.c (renamed from crypto/openssl/crypto/bn/bn_const.c)0
-rw-r--r--crypto/bn/bn_ctx.c (renamed from crypto/openssl/crypto/bn/bn_ctx.c)0
-rw-r--r--crypto/bn/bn_depr.c (renamed from crypto/openssl/crypto/bn/bn_depr.c)0
-rw-r--r--crypto/bn/bn_div.c (renamed from crypto/openssl/crypto/bn/bn_div.c)0
-rw-r--r--crypto/bn/bn_err.c (renamed from crypto/openssl/crypto/bn/bn_err.c)0
-rw-r--r--crypto/bn/bn_exp.c (renamed from crypto/openssl/crypto/bn/bn_exp.c)0
-rw-r--r--crypto/bn/bn_exp2.c (renamed from crypto/openssl/crypto/bn/bn_exp2.c)0
-rw-r--r--crypto/bn/bn_gcd.c (renamed from crypto/openssl/crypto/bn/bn_gcd.c)0
-rw-r--r--crypto/bn/bn_gf2m.c (renamed from crypto/openssl/crypto/bn/bn_gf2m.c)0
-rw-r--r--crypto/bn/bn_kron.c (renamed from crypto/openssl/crypto/bn/bn_kron.c)0
-rw-r--r--crypto/bn/bn_lcl.h (renamed from crypto/openssl/crypto/bn/bn_lcl.h)0
-rw-r--r--crypto/bn/bn_lib.c (renamed from crypto/openssl/crypto/bn/bn_lib.c)0
-rw-r--r--crypto/bn/bn_mod.c (renamed from crypto/openssl/crypto/bn/bn_mod.c)0
-rw-r--r--crypto/bn/bn_mont.c (renamed from crypto/openssl/crypto/bn/bn_mont.c)0
-rw-r--r--crypto/bn/bn_mpi.c (renamed from crypto/openssl/crypto/bn/bn_mpi.c)0
-rw-r--r--crypto/bn/bn_mul.c (renamed from crypto/openssl/crypto/bn/bn_mul.c)0
-rw-r--r--crypto/bn/bn_nist.c (renamed from crypto/openssl/crypto/bn/bn_nist.c)0
-rw-r--r--crypto/bn/bn_prime.c (renamed from crypto/openssl/crypto/bn/bn_prime.c)0
-rw-r--r--crypto/bn/bn_prime.h (renamed from crypto/openssl/crypto/bn/bn_prime.h)0
-rw-r--r--crypto/bn/bn_prime.pl (renamed from crypto/openssl/crypto/bn/bn_prime.pl)0
-rw-r--r--crypto/bn/bn_print.c (renamed from crypto/openssl/crypto/bn/bn_print.c)0
-rw-r--r--crypto/bn/bn_rand.c (renamed from crypto/openssl/crypto/bn/bn_rand.c)0
-rw-r--r--crypto/bn/bn_recp.c (renamed from crypto/openssl/crypto/bn/bn_recp.c)0
-rw-r--r--crypto/bn/bn_shift.c (renamed from crypto/openssl/crypto/bn/bn_shift.c)0
-rw-r--r--crypto/bn/bn_sqr.c (renamed from crypto/openssl/crypto/bn/bn_sqr.c)0
-rw-r--r--crypto/bn/bn_sqrt.c (renamed from crypto/openssl/crypto/bn/bn_sqrt.c)0
-rw-r--r--crypto/bn/bn_word.c (renamed from crypto/openssl/crypto/bn/bn_word.c)0
-rw-r--r--crypto/bn/bnspeed.c (renamed from crypto/openssl/crypto/bn/bnspeed.c)0
-rw-r--r--crypto/bn/bntest.c (renamed from crypto/openssl/crypto/bn/bntest.c)0
-rw-r--r--crypto/bn/divtest.c (renamed from crypto/openssl/crypto/bn/divtest.c)0
-rw-r--r--crypto/bn/exp.c (renamed from crypto/openssl/crypto/bn/exp.c)0
-rw-r--r--crypto/bn/expspeed.c (renamed from crypto/openssl/crypto/bn/expspeed.c)0
-rw-r--r--crypto/bn/exptest.c (renamed from crypto/openssl/crypto/bn/exptest.c)0
-rw-r--r--crypto/bn/todo (renamed from crypto/openssl/crypto/bn/todo)0
-rw-r--r--crypto/buffer/Makefile (renamed from crypto/openssl/crypto/buffer/Makefile)0
-rw-r--r--crypto/buffer/buf_err.c (renamed from crypto/openssl/crypto/buffer/buf_err.c)0
-rw-r--r--crypto/buffer/buffer.c (renamed from crypto/openssl/crypto/buffer/buffer.c)0
-rw-r--r--crypto/buffer/buffer.h (renamed from crypto/openssl/crypto/buffer/buffer.h)0
-rw-r--r--crypto/camellia/Makefile (renamed from crypto/openssl/crypto/camellia/Makefile)0
-rw-r--r--crypto/camellia/camellia.c (renamed from crypto/openssl/crypto/camellia/camellia.c)0
-rw-r--r--crypto/camellia/camellia.h (renamed from crypto/openssl/crypto/camellia/camellia.h)0
-rw-r--r--crypto/camellia/cmll_cbc.c (renamed from crypto/openssl/crypto/camellia/cmll_cbc.c)0
-rw-r--r--crypto/camellia/cmll_cfb.c (renamed from crypto/openssl/crypto/camellia/cmll_cfb.c)0
-rw-r--r--crypto/camellia/cmll_ctr.c (renamed from crypto/openssl/crypto/camellia/cmll_ctr.c)0
-rw-r--r--crypto/camellia/cmll_ecb.c (renamed from crypto/openssl/crypto/camellia/cmll_ecb.c)0
-rw-r--r--crypto/camellia/cmll_locl.h (renamed from crypto/openssl/crypto/camellia/cmll_locl.h)0
-rw-r--r--crypto/camellia/cmll_misc.c (renamed from crypto/openssl/crypto/camellia/cmll_misc.c)0
-rw-r--r--crypto/camellia/cmll_ofb.c (renamed from crypto/openssl/crypto/camellia/cmll_ofb.c)0
-rw-r--r--crypto/cast/Makefile (renamed from crypto/openssl/crypto/cast/Makefile)0
-rw-r--r--crypto/cast/asm/cast-586.pl (renamed from crypto/openssl/crypto/cast/asm/cast-586.pl)0
-rw-r--r--crypto/cast/asm/readme (renamed from crypto/openssl/crypto/cast/asm/readme)0
-rw-r--r--crypto/cast/c_cfb64.c (renamed from crypto/openssl/crypto/cast/c_cfb64.c)0
-rw-r--r--crypto/cast/c_ecb.c (renamed from crypto/openssl/crypto/cast/c_ecb.c)0
-rw-r--r--crypto/cast/c_enc.c (renamed from crypto/openssl/crypto/cast/c_enc.c)0
-rw-r--r--crypto/cast/c_ofb64.c (renamed from crypto/openssl/crypto/cast/c_ofb64.c)0
-rw-r--r--crypto/cast/c_skey.c (renamed from crypto/openssl/crypto/cast/c_skey.c)0
-rw-r--r--crypto/cast/cast.h (renamed from crypto/openssl/crypto/cast/cast.h)0
-rw-r--r--crypto/cast/cast_lcl.h (renamed from crypto/openssl/crypto/cast/cast_lcl.h)0
-rw-r--r--crypto/cast/cast_s.h (renamed from crypto/openssl/crypto/cast/cast_s.h)0
-rw-r--r--crypto/cast/cast_spd.c (renamed from crypto/openssl/crypto/cast/cast_spd.c)0
-rw-r--r--crypto/cast/castopts.c (renamed from crypto/openssl/crypto/cast/castopts.c)0
-rw-r--r--crypto/cast/casts.cpp (renamed from crypto/openssl/crypto/cast/casts.cpp)0
-rw-r--r--crypto/cast/casttest.c (renamed from crypto/openssl/crypto/cast/casttest.c)0
-rw-r--r--crypto/comp/Makefile (renamed from crypto/openssl/crypto/comp/Makefile)0
-rw-r--r--crypto/comp/c_rle.c (renamed from crypto/openssl/crypto/comp/c_rle.c)0
-rw-r--r--crypto/comp/c_zlib.c (renamed from crypto/openssl/crypto/comp/c_zlib.c)0
-rw-r--r--crypto/comp/comp.h (renamed from crypto/openssl/crypto/comp/comp.h)0
-rw-r--r--crypto/comp/comp_err.c (renamed from crypto/openssl/crypto/comp/comp_err.c)0
-rw-r--r--crypto/comp/comp_lib.c (renamed from crypto/openssl/crypto/comp/comp_lib.c)0
-rw-r--r--crypto/conf/Makefile (renamed from crypto/openssl/crypto/conf/Makefile)0
-rw-r--r--crypto/conf/README (renamed from crypto/openssl/crypto/conf/README)0
-rw-r--r--crypto/conf/cnf_save.c (renamed from crypto/openssl/crypto/conf/cnf_save.c)0
-rw-r--r--crypto/conf/conf.h (renamed from crypto/openssl/crypto/conf/conf.h)0
-rw-r--r--crypto/conf/conf_api.c (renamed from crypto/openssl/crypto/conf/conf_api.c)0
-rw-r--r--crypto/conf/conf_api.h (renamed from crypto/openssl/crypto/conf/conf_api.h)0
-rw-r--r--crypto/conf/conf_def.c (renamed from crypto/openssl/crypto/conf/conf_def.c)0
-rw-r--r--crypto/conf/conf_def.h (renamed from crypto/openssl/crypto/conf/conf_def.h)0
-rw-r--r--crypto/conf/conf_err.c (renamed from crypto/openssl/crypto/conf/conf_err.c)0
-rw-r--r--crypto/conf/conf_lib.c (renamed from crypto/openssl/crypto/conf/conf_lib.c)0
-rw-r--r--crypto/conf/conf_mall.c (renamed from crypto/openssl/crypto/conf/conf_mall.c)0
-rw-r--r--crypto/conf/conf_mod.c (renamed from crypto/openssl/crypto/conf/conf_mod.c)0
-rw-r--r--crypto/conf/conf_sap.c (renamed from crypto/openssl/crypto/conf/conf_sap.c)0
-rw-r--r--crypto/conf/keysets.pl (renamed from crypto/openssl/crypto/conf/keysets.pl)0
-rw-r--r--crypto/conf/ssleay.cnf (renamed from crypto/openssl/crypto/conf/ssleay.cnf)0
-rw-r--r--crypto/conf/test.c (renamed from crypto/openssl/crypto/conf/test.c)0
-rw-r--r--crypto/cpt_err.c (renamed from crypto/openssl/crypto/cpt_err.c)0
-rw-r--r--crypto/cryptlib.c (renamed from crypto/openssl/crypto/cryptlib.c)0
-rw-r--r--crypto/cryptlib.h (renamed from crypto/openssl/crypto/cryptlib.h)0
-rw-r--r--crypto/crypto.h (renamed from crypto/openssl/crypto/crypto.h)0
-rw-r--r--crypto/cversion.c (renamed from crypto/openssl/crypto/cversion.c)0
-rw-r--r--crypto/des/COPYRIGHT (renamed from crypto/openssl/crypto/des/COPYRIGHT)0
-rw-r--r--crypto/des/DES.pm (renamed from crypto/openssl/crypto/des/DES.pm)0
-rw-r--r--crypto/des/DES.xs (renamed from crypto/openssl/crypto/des/DES.xs)0
-rw-r--r--crypto/des/FILES0 (renamed from crypto/openssl/crypto/des/FILES0)0
-rw-r--r--crypto/des/INSTALL (renamed from crypto/openssl/crypto/des/INSTALL)0
-rw-r--r--crypto/des/Imakefile (renamed from crypto/openssl/crypto/des/Imakefile)0
-rw-r--r--crypto/des/KERBEROS (renamed from crypto/openssl/crypto/des/KERBEROS)0
-rw-r--r--crypto/des/Makefile (renamed from crypto/openssl/crypto/des/Makefile)0
-rw-r--r--crypto/des/README (renamed from crypto/openssl/crypto/des/README)0
-rw-r--r--crypto/des/VERSION (renamed from crypto/openssl/crypto/des/VERSION)0
-rw-r--r--crypto/des/asm/crypt586.pl (renamed from crypto/openssl/crypto/des/asm/crypt586.pl)0
-rw-r--r--crypto/des/asm/des-586.pl (renamed from crypto/openssl/crypto/des/asm/des-586.pl)0
-rw-r--r--crypto/des/asm/des686.pl (renamed from crypto/openssl/crypto/des/asm/des686.pl)0
-rw-r--r--crypto/des/asm/des_enc.m4 (renamed from crypto/openssl/crypto/des/asm/des_enc.m4)0
-rw-r--r--crypto/des/asm/desboth.pl (renamed from crypto/openssl/crypto/des/asm/desboth.pl)0
-rw-r--r--crypto/des/asm/readme (renamed from crypto/openssl/crypto/des/asm/readme)0
-rw-r--r--crypto/des/cbc3_enc.c (renamed from crypto/openssl/crypto/des/cbc3_enc.c)0
-rw-r--r--crypto/des/cbc_cksm.c (renamed from crypto/openssl/crypto/des/cbc_cksm.c)0
-rw-r--r--crypto/des/cbc_enc.c (renamed from crypto/openssl/crypto/des/cbc_enc.c)0
-rw-r--r--crypto/des/cfb64ede.c (renamed from crypto/openssl/crypto/des/cfb64ede.c)0
-rw-r--r--crypto/des/cfb64enc.c (renamed from crypto/openssl/crypto/des/cfb64enc.c)0
-rw-r--r--crypto/des/cfb_enc.c (renamed from crypto/openssl/crypto/des/cfb_enc.c)0
-rw-r--r--crypto/des/des.c (renamed from crypto/openssl/crypto/des/des.c)0
-rw-r--r--crypto/des/des.h (renamed from crypto/openssl/crypto/des/des.h)0
-rw-r--r--crypto/des/des.pod (renamed from crypto/openssl/crypto/des/des.pod)0
-rw-r--r--crypto/des/des3s.cpp (renamed from crypto/openssl/crypto/des/des3s.cpp)0
-rw-r--r--crypto/des/des_enc.c (renamed from crypto/openssl/crypto/des/des_enc.c)0
-rw-r--r--crypto/des/des_locl.h (renamed from crypto/openssl/crypto/des/des_locl.h)0
-rw-r--r--crypto/des/des_old.c (renamed from crypto/openssl/crypto/des/des_old.c)0
-rw-r--r--crypto/des/des_old.h (renamed from crypto/openssl/crypto/des/des_old.h)0
-rw-r--r--crypto/des/des_old2.c (renamed from crypto/openssl/crypto/des/des_old2.c)0
-rw-r--r--crypto/des/des_opts.c (renamed from crypto/openssl/crypto/des/des_opts.c)0
-rw-r--r--crypto/des/des_ver.h (renamed from crypto/openssl/crypto/des/des_ver.h)0
-rw-r--r--crypto/des/dess.cpp (renamed from crypto/openssl/crypto/des/dess.cpp)0
-rw-r--r--crypto/des/destest.c (renamed from crypto/openssl/crypto/des/destest.c)0
-rw-r--r--crypto/des/ecb3_enc.c (renamed from crypto/openssl/crypto/des/ecb3_enc.c)0
-rw-r--r--crypto/des/ecb_enc.c (renamed from crypto/openssl/crypto/des/ecb_enc.c)0
-rw-r--r--crypto/des/ede_cbcm_enc.c (renamed from crypto/openssl/crypto/des/ede_cbcm_enc.c)0
-rw-r--r--crypto/des/enc_read.c (renamed from crypto/openssl/crypto/des/enc_read.c)0
-rw-r--r--crypto/des/enc_writ.c (renamed from crypto/openssl/crypto/des/enc_writ.c)0
-rw-r--r--crypto/des/fcrypt.c (renamed from crypto/openssl/crypto/des/fcrypt.c)0
-rw-r--r--crypto/des/fcrypt_b.c (renamed from crypto/openssl/crypto/des/fcrypt_b.c)0
-rw-r--r--crypto/des/makefile.bc (renamed from crypto/openssl/crypto/des/makefile.bc)0
-rw-r--r--crypto/des/ncbc_enc.c (renamed from crypto/openssl/crypto/des/ncbc_enc.c)0
-rw-r--r--crypto/des/ofb64ede.c (renamed from crypto/openssl/crypto/des/ofb64ede.c)0
-rw-r--r--crypto/des/ofb64enc.c (renamed from crypto/openssl/crypto/des/ofb64enc.c)0
-rw-r--r--crypto/des/ofb_enc.c (renamed from crypto/openssl/crypto/des/ofb_enc.c)0
-rw-r--r--crypto/des/options.txt (renamed from crypto/openssl/crypto/des/options.txt)0
-rw-r--r--crypto/des/pcbc_enc.c (renamed from crypto/openssl/crypto/des/pcbc_enc.c)0
-rw-r--r--crypto/des/qud_cksm.c (renamed from crypto/openssl/crypto/des/qud_cksm.c)0
-rw-r--r--crypto/des/rand_key.c (renamed from crypto/openssl/crypto/des/rand_key.c)0
-rw-r--r--crypto/des/read2pwd.c (renamed from crypto/openssl/crypto/des/read2pwd.c)0
-rw-r--r--crypto/des/read_pwd.c (renamed from crypto/openssl/crypto/des/read_pwd.c)0
-rw-r--r--crypto/des/rpc_des.h (renamed from crypto/openssl/crypto/des/rpc_des.h)0
-rw-r--r--crypto/des/rpc_enc.c (renamed from crypto/openssl/crypto/des/rpc_enc.c)0
-rw-r--r--crypto/des/rpw.c (renamed from crypto/openssl/crypto/des/rpw.c)0
-rw-r--r--crypto/des/set_key.c (renamed from crypto/openssl/crypto/des/set_key.c)0
-rw-r--r--crypto/des/speed.c (renamed from crypto/openssl/crypto/des/speed.c)0
-rw-r--r--crypto/des/spr.h (renamed from crypto/openssl/crypto/des/spr.h)0
-rw-r--r--crypto/des/str2key.c (renamed from crypto/openssl/crypto/des/str2key.c)0
-rw-r--r--crypto/des/t/test (renamed from crypto/openssl/crypto/des/t/test)0
-rw-r--r--crypto/des/times/486-50.sol (renamed from crypto/openssl/crypto/des/times/486-50.sol)0
-rw-r--r--crypto/des/times/586-100.lnx (renamed from crypto/openssl/crypto/des/times/586-100.lnx)0
-rw-r--r--crypto/des/times/686-200.fre (renamed from crypto/openssl/crypto/des/times/686-200.fre)0
-rw-r--r--crypto/des/times/aix.cc (renamed from crypto/openssl/crypto/des/times/aix.cc)0
-rw-r--r--crypto/des/times/alpha.cc (renamed from crypto/openssl/crypto/des/times/alpha.cc)0
-rw-r--r--crypto/des/times/hpux.cc (renamed from crypto/openssl/crypto/des/times/hpux.cc)0
-rw-r--r--crypto/des/times/sparc.gcc (renamed from crypto/openssl/crypto/des/times/sparc.gcc)0
-rw-r--r--crypto/des/times/usparc.cc (renamed from crypto/openssl/crypto/des/times/usparc.cc)0
-rw-r--r--crypto/des/typemap (renamed from crypto/openssl/crypto/des/typemap)0
-rw-r--r--crypto/des/xcbc_enc.c (renamed from crypto/openssl/crypto/des/xcbc_enc.c)0
-rw-r--r--crypto/dh/Makefile (renamed from crypto/openssl/crypto/dh/Makefile)0
-rw-r--r--crypto/dh/dh.h (renamed from crypto/openssl/crypto/dh/dh.h)0
-rw-r--r--crypto/dh/dh1024.pem (renamed from crypto/openssl/crypto/dh/dh1024.pem)0
-rw-r--r--crypto/dh/dh192.pem (renamed from crypto/openssl/crypto/dh/dh192.pem)0
-rw-r--r--crypto/dh/dh2048.pem (renamed from crypto/openssl/crypto/dh/dh2048.pem)0
-rw-r--r--crypto/dh/dh4096.pem (renamed from crypto/openssl/crypto/dh/dh4096.pem)0
-rw-r--r--crypto/dh/dh512.pem (renamed from crypto/openssl/crypto/dh/dh512.pem)0
-rw-r--r--crypto/dh/dh_asn1.c (renamed from crypto/openssl/crypto/dh/dh_asn1.c)0
-rw-r--r--crypto/dh/dh_check.c (renamed from crypto/openssl/crypto/dh/dh_check.c)0
-rw-r--r--crypto/dh/dh_depr.c (renamed from crypto/openssl/crypto/dh/dh_depr.c)0
-rw-r--r--crypto/dh/dh_err.c (renamed from crypto/openssl/crypto/dh/dh_err.c)0
-rw-r--r--crypto/dh/dh_gen.c (renamed from crypto/openssl/crypto/dh/dh_gen.c)0
-rw-r--r--crypto/dh/dh_key.c (renamed from crypto/openssl/crypto/dh/dh_key.c)0
-rw-r--r--crypto/dh/dh_lib.c (renamed from crypto/openssl/crypto/dh/dh_lib.c)0
-rw-r--r--crypto/dh/dhtest.c (renamed from crypto/openssl/crypto/dh/dhtest.c)0
-rw-r--r--crypto/dh/example (renamed from crypto/openssl/crypto/dh/example)0
-rw-r--r--crypto/dh/generate (renamed from crypto/openssl/crypto/dh/generate)0
-rw-r--r--crypto/dh/p1024.c (renamed from crypto/openssl/crypto/dh/p1024.c)0
-rw-r--r--crypto/dh/p192.c (renamed from crypto/openssl/crypto/dh/p192.c)0
-rw-r--r--crypto/dh/p512.c (renamed from crypto/openssl/crypto/dh/p512.c)0
-rw-r--r--crypto/dsa/Makefile (renamed from crypto/openssl/crypto/dsa/Makefile)0
-rw-r--r--crypto/dsa/README (renamed from crypto/openssl/crypto/dsa/README)0
-rw-r--r--crypto/dsa/dsa.h (renamed from crypto/openssl/crypto/dsa/dsa.h)0
-rw-r--r--crypto/dsa/dsa_asn1.c (renamed from crypto/openssl/crypto/dsa/dsa_asn1.c)0
-rw-r--r--crypto/dsa/dsa_depr.c (renamed from crypto/openssl/crypto/dsa/dsa_depr.c)0
-rw-r--r--crypto/dsa/dsa_err.c (renamed from crypto/openssl/crypto/dsa/dsa_err.c)0
-rw-r--r--crypto/dsa/dsa_gen.c (renamed from crypto/openssl/crypto/dsa/dsa_gen.c)0
-rw-r--r--crypto/dsa/dsa_key.c (renamed from crypto/openssl/crypto/dsa/dsa_key.c)0
-rw-r--r--crypto/dsa/dsa_lib.c (renamed from crypto/openssl/crypto/dsa/dsa_lib.c)0
-rw-r--r--crypto/dsa/dsa_ossl.c (renamed from crypto/openssl/crypto/dsa/dsa_ossl.c)0
-rw-r--r--crypto/dsa/dsa_sign.c (renamed from crypto/openssl/crypto/dsa/dsa_sign.c)0
-rw-r--r--crypto/dsa/dsa_vrf.c (renamed from crypto/openssl/crypto/dsa/dsa_vrf.c)0
-rw-r--r--crypto/dsa/dsagen.c (renamed from crypto/openssl/crypto/dsa/dsagen.c)0
-rw-r--r--crypto/dsa/dsatest.c (renamed from crypto/openssl/crypto/dsa/dsatest.c)0
-rw-r--r--crypto/dsa/fips186a.txt (renamed from crypto/openssl/crypto/dsa/fips186a.txt)0
-rw-r--r--crypto/dso/Makefile (renamed from crypto/openssl/crypto/dso/Makefile)0
-rw-r--r--crypto/dso/README (renamed from crypto/openssl/crypto/dso/README)0
-rw-r--r--crypto/dso/dso.h (renamed from crypto/openssl/crypto/dso/dso.h)0
-rw-r--r--crypto/dso/dso_dl.c (renamed from crypto/openssl/crypto/dso/dso_dl.c)0
-rw-r--r--crypto/dso/dso_dlfcn.c (renamed from crypto/openssl/crypto/dso/dso_dlfcn.c)0
-rw-r--r--crypto/dso/dso_err.c (renamed from crypto/openssl/crypto/dso/dso_err.c)0
-rw-r--r--crypto/dso/dso_lib.c (renamed from crypto/openssl/crypto/dso/dso_lib.c)0
-rw-r--r--crypto/dso/dso_null.c (renamed from crypto/openssl/crypto/dso/dso_null.c)0
-rw-r--r--crypto/dso/dso_openssl.c (renamed from crypto/openssl/crypto/dso/dso_openssl.c)0
-rw-r--r--crypto/ebcdic.c (renamed from crypto/openssl/crypto/ebcdic.c)0
-rw-r--r--crypto/ebcdic.h (renamed from crypto/openssl/crypto/ebcdic.h)0
-rw-r--r--crypto/ec/Makefile (renamed from crypto/openssl/crypto/ec/Makefile)0
-rw-r--r--crypto/ec/ec.h (renamed from crypto/openssl/crypto/ec/ec.h)0
-rw-r--r--crypto/ec/ec2_mult.c (renamed from crypto/openssl/crypto/ec/ec2_mult.c)0
-rw-r--r--crypto/ec/ec2_smpl.c (renamed from crypto/openssl/crypto/ec/ec2_smpl.c)0
-rw-r--r--crypto/ec/ec2_smpt.c (renamed from crypto/openssl/crypto/ec/ec2_smpt.c)0
-rw-r--r--crypto/ec/ec_asn1.c (renamed from crypto/openssl/crypto/ec/ec_asn1.c)0
-rw-r--r--crypto/ec/ec_check.c (renamed from crypto/openssl/crypto/ec/ec_check.c)0
-rw-r--r--crypto/ec/ec_curve.c (renamed from crypto/openssl/crypto/ec/ec_curve.c)0
-rw-r--r--crypto/ec/ec_cvt.c (renamed from crypto/openssl/crypto/ec/ec_cvt.c)0
-rw-r--r--crypto/ec/ec_err.c (renamed from crypto/openssl/crypto/ec/ec_err.c)0
-rw-r--r--crypto/ec/ec_key.c (renamed from crypto/openssl/crypto/ec/ec_key.c)0
-rw-r--r--crypto/ec/ec_lcl.h (renamed from crypto/openssl/crypto/ec/ec_lcl.h)0
-rw-r--r--crypto/ec/ec_lib.c (renamed from crypto/openssl/crypto/ec/ec_lib.c)0
-rw-r--r--crypto/ec/ec_mult.c (renamed from crypto/openssl/crypto/ec/ec_mult.c)0
-rw-r--r--crypto/ec/ec_print.c (renamed from crypto/openssl/crypto/ec/ec_print.c)0
-rw-r--r--crypto/ec/ecp_mont.c (renamed from crypto/openssl/crypto/ec/ecp_mont.c)0
-rw-r--r--crypto/ec/ecp_nist.c (renamed from crypto/openssl/crypto/ec/ecp_nist.c)0
-rw-r--r--crypto/ec/ecp_recp.c (renamed from crypto/openssl/crypto/ec/ecp_recp.c)0
-rw-r--r--crypto/ec/ecp_smpl.c (renamed from crypto/openssl/crypto/ec/ecp_smpl.c)0
-rw-r--r--crypto/ec/ectest.c (renamed from crypto/openssl/crypto/ec/ectest.c)0
-rw-r--r--crypto/ecdh/Makefile (renamed from crypto/openssl/crypto/ecdh/Makefile)0
-rw-r--r--crypto/ecdh/ecdh.h (renamed from crypto/openssl/crypto/ecdh/ecdh.h)0
-rw-r--r--crypto/ecdh/ecdhtest.c (renamed from crypto/openssl/crypto/ecdh/ecdhtest.c)0
-rw-r--r--crypto/ecdh/ech_err.c (renamed from crypto/openssl/crypto/ecdh/ech_err.c)0
-rw-r--r--crypto/ecdh/ech_key.c (renamed from crypto/openssl/crypto/ecdh/ech_key.c)0
-rw-r--r--crypto/ecdh/ech_lib.c (renamed from crypto/openssl/crypto/ecdh/ech_lib.c)0
-rw-r--r--crypto/ecdh/ech_locl.h (renamed from crypto/openssl/crypto/ecdh/ech_locl.h)0
-rw-r--r--crypto/ecdh/ech_ossl.c (renamed from crypto/openssl/crypto/ecdh/ech_ossl.c)0
-rw-r--r--crypto/ecdsa/Makefile (renamed from crypto/openssl/crypto/ecdsa/Makefile)0
-rw-r--r--crypto/ecdsa/ecdsa.h (renamed from crypto/openssl/crypto/ecdsa/ecdsa.h)0
-rw-r--r--crypto/ecdsa/ecdsatest.c (renamed from crypto/openssl/crypto/ecdsa/ecdsatest.c)0
-rw-r--r--crypto/ecdsa/ecs_asn1.c (renamed from crypto/openssl/crypto/ecdsa/ecs_asn1.c)0
-rw-r--r--crypto/ecdsa/ecs_err.c (renamed from crypto/openssl/crypto/ecdsa/ecs_err.c)0
-rw-r--r--crypto/ecdsa/ecs_lib.c (renamed from crypto/openssl/crypto/ecdsa/ecs_lib.c)0
-rw-r--r--crypto/ecdsa/ecs_locl.h (renamed from crypto/openssl/crypto/ecdsa/ecs_locl.h)0
-rw-r--r--crypto/ecdsa/ecs_ossl.c (renamed from crypto/openssl/crypto/ecdsa/ecs_ossl.c)0
-rw-r--r--crypto/ecdsa/ecs_sign.c (renamed from crypto/openssl/crypto/ecdsa/ecs_sign.c)0
-rw-r--r--crypto/ecdsa/ecs_vrf.c (renamed from crypto/openssl/crypto/ecdsa/ecs_vrf.c)0
-rw-r--r--crypto/engine/Makefile (renamed from crypto/openssl/crypto/engine/Makefile)0
-rw-r--r--crypto/engine/README (renamed from crypto/openssl/crypto/engine/README)0
-rw-r--r--crypto/engine/eng_all.c (renamed from crypto/openssl/crypto/engine/eng_all.c)0
-rw-r--r--crypto/engine/eng_cnf.c (renamed from crypto/openssl/crypto/engine/eng_cnf.c)0
-rw-r--r--crypto/engine/eng_cryptodev.c (renamed from crypto/openssl/crypto/engine/eng_cryptodev.c)0
-rw-r--r--crypto/engine/eng_ctrl.c (renamed from crypto/openssl/crypto/engine/eng_ctrl.c)0
-rw-r--r--crypto/engine/eng_dyn.c (renamed from crypto/openssl/crypto/engine/eng_dyn.c)0
-rw-r--r--crypto/engine/eng_err.c (renamed from crypto/openssl/crypto/engine/eng_err.c)0
-rw-r--r--crypto/engine/eng_fat.c (renamed from crypto/openssl/crypto/engine/eng_fat.c)0
-rw-r--r--crypto/engine/eng_init.c (renamed from crypto/openssl/crypto/engine/eng_init.c)0
-rw-r--r--crypto/engine/eng_int.h (renamed from crypto/openssl/crypto/engine/eng_int.h)0
-rw-r--r--crypto/engine/eng_lib.c (renamed from crypto/openssl/crypto/engine/eng_lib.c)0
-rw-r--r--crypto/engine/eng_list.c (renamed from crypto/openssl/crypto/engine/eng_list.c)0
-rw-r--r--crypto/engine/eng_openssl.c (renamed from crypto/openssl/crypto/engine/eng_openssl.c)0
-rw-r--r--crypto/engine/eng_padlock.c (renamed from crypto/openssl/crypto/engine/eng_padlock.c)0
-rw-r--r--crypto/engine/eng_pkey.c (renamed from crypto/openssl/crypto/engine/eng_pkey.c)0
-rw-r--r--crypto/engine/eng_table.c (renamed from crypto/openssl/crypto/engine/eng_table.c)0
-rw-r--r--crypto/engine/engine.h (renamed from crypto/openssl/crypto/engine/engine.h)0
-rw-r--r--crypto/engine/enginetest.c (renamed from crypto/openssl/crypto/engine/enginetest.c)0
-rw-r--r--crypto/engine/hw.ec (renamed from crypto/openssl/crypto/engine/hw.ec)0
-rw-r--r--crypto/engine/hw_4758_cca.c (renamed from crypto/openssl/crypto/engine/hw_4758_cca.c)0
-rw-r--r--crypto/engine/hw_4758_cca_err.c (renamed from crypto/openssl/crypto/engine/hw_4758_cca_err.c)0
-rw-r--r--crypto/engine/hw_4758_cca_err.h (renamed from crypto/openssl/crypto/engine/hw_4758_cca_err.h)0
-rw-r--r--crypto/engine/hw_aep.c (renamed from crypto/openssl/crypto/engine/hw_aep.c)0
-rw-r--r--crypto/engine/hw_aep_err.c (renamed from crypto/openssl/crypto/engine/hw_aep_err.c)0
-rw-r--r--crypto/engine/hw_aep_err.h (renamed from crypto/openssl/crypto/engine/hw_aep_err.h)0
-rw-r--r--crypto/engine/hw_atalla.c (renamed from crypto/openssl/crypto/engine/hw_atalla.c)0
-rw-r--r--crypto/engine/hw_atalla_err.c (renamed from crypto/openssl/crypto/engine/hw_atalla_err.c)0
-rw-r--r--crypto/engine/hw_atalla_err.h (renamed from crypto/openssl/crypto/engine/hw_atalla_err.h)0
-rw-r--r--crypto/engine/hw_cryptodev.c (renamed from crypto/openssl/crypto/engine/hw_cryptodev.c)0
-rw-r--r--crypto/engine/hw_cswift.c (renamed from crypto/openssl/crypto/engine/hw_cswift.c)0
-rw-r--r--crypto/engine/hw_cswift_err.c (renamed from crypto/openssl/crypto/engine/hw_cswift_err.c)0
-rw-r--r--crypto/engine/hw_cswift_err.h (renamed from crypto/openssl/crypto/engine/hw_cswift_err.h)0
-rw-r--r--crypto/engine/hw_ncipher.c (renamed from crypto/openssl/crypto/engine/hw_ncipher.c)0
-rw-r--r--crypto/engine/hw_ncipher_err.c (renamed from crypto/openssl/crypto/engine/hw_ncipher_err.c)0
-rw-r--r--crypto/engine/hw_ncipher_err.h (renamed from crypto/openssl/crypto/engine/hw_ncipher_err.h)0
-rw-r--r--crypto/engine/hw_nuron.c (renamed from crypto/openssl/crypto/engine/hw_nuron.c)0
-rw-r--r--crypto/engine/hw_nuron_err.c (renamed from crypto/openssl/crypto/engine/hw_nuron_err.c)0
-rw-r--r--crypto/engine/hw_nuron_err.h (renamed from crypto/openssl/crypto/engine/hw_nuron_err.h)0
-rw-r--r--crypto/engine/hw_sureware.c (renamed from crypto/openssl/crypto/engine/hw_sureware.c)0
-rw-r--r--crypto/engine/hw_sureware_err.c (renamed from crypto/openssl/crypto/engine/hw_sureware_err.c)0
-rw-r--r--crypto/engine/hw_sureware_err.h (renamed from crypto/openssl/crypto/engine/hw_sureware_err.h)0
-rw-r--r--crypto/engine/hw_ubsec.c (renamed from crypto/openssl/crypto/engine/hw_ubsec.c)0
-rw-r--r--crypto/engine/hw_ubsec_err.c (renamed from crypto/openssl/crypto/engine/hw_ubsec_err.c)0
-rw-r--r--crypto/engine/hw_ubsec_err.h (renamed from crypto/openssl/crypto/engine/hw_ubsec_err.h)0
-rw-r--r--crypto/engine/tb_cipher.c (renamed from crypto/openssl/crypto/engine/tb_cipher.c)0
-rw-r--r--crypto/engine/tb_dh.c (renamed from crypto/openssl/crypto/engine/tb_dh.c)0
-rw-r--r--crypto/engine/tb_digest.c (renamed from crypto/openssl/crypto/engine/tb_digest.c)0
-rw-r--r--crypto/engine/tb_dsa.c (renamed from crypto/openssl/crypto/engine/tb_dsa.c)0
-rw-r--r--crypto/engine/tb_ecdh.c (renamed from crypto/openssl/crypto/engine/tb_ecdh.c)0
-rw-r--r--crypto/engine/tb_ecdsa.c (renamed from crypto/openssl/crypto/engine/tb_ecdsa.c)0
-rw-r--r--crypto/engine/tb_rand.c (renamed from crypto/openssl/crypto/engine/tb_rand.c)0
-rw-r--r--crypto/engine/tb_rsa.c (renamed from crypto/openssl/crypto/engine/tb_rsa.c)0
-rw-r--r--crypto/engine/tb_store.c (renamed from crypto/openssl/crypto/engine/tb_store.c)0
-rw-r--r--crypto/engine/vendor_defns/aep.h (renamed from crypto/openssl/crypto/engine/vendor_defns/aep.h)0
-rw-r--r--crypto/engine/vendor_defns/atalla.h (renamed from crypto/openssl/crypto/engine/vendor_defns/atalla.h)0
-rw-r--r--crypto/engine/vendor_defns/cswift.h (renamed from crypto/openssl/crypto/engine/vendor_defns/cswift.h)0
-rw-r--r--crypto/engine/vendor_defns/hw_4758_cca.h (renamed from crypto/openssl/crypto/engine/vendor_defns/hw_4758_cca.h)0
-rw-r--r--crypto/engine/vendor_defns/hw_ubsec.h (renamed from crypto/openssl/crypto/engine/vendor_defns/hw_ubsec.h)0
-rw-r--r--crypto/engine/vendor_defns/hwcryptohook.h (renamed from crypto/openssl/crypto/engine/vendor_defns/hwcryptohook.h)0
-rw-r--r--crypto/engine/vendor_defns/sureware.h (renamed from crypto/openssl/crypto/engine/vendor_defns/sureware.h)0
-rw-r--r--crypto/err/Makefile (renamed from crypto/openssl/crypto/err/Makefile)0
-rw-r--r--crypto/err/err.c (renamed from crypto/openssl/crypto/err/err.c)0
-rw-r--r--crypto/err/err.h (renamed from crypto/openssl/crypto/err/err.h)0
-rw-r--r--crypto/err/err_all.c (renamed from crypto/openssl/crypto/err/err_all.c)0
-rw-r--r--crypto/err/err_prn.c (renamed from crypto/openssl/crypto/err/err_prn.c)0
-rw-r--r--crypto/err/openssl.ec (renamed from crypto/openssl/crypto/err/openssl.ec)0
-rw-r--r--crypto/evp/Makefile (renamed from crypto/openssl/crypto/evp/Makefile)0
-rw-r--r--crypto/evp/bio_b64.c (renamed from crypto/openssl/crypto/evp/bio_b64.c)0
-rw-r--r--crypto/evp/bio_enc.c (renamed from crypto/openssl/crypto/evp/bio_enc.c)0
-rw-r--r--crypto/evp/bio_md.c (renamed from crypto/openssl/crypto/evp/bio_md.c)0
-rw-r--r--crypto/evp/bio_ok.c (renamed from crypto/openssl/crypto/evp/bio_ok.c)0
-rw-r--r--crypto/evp/c_all.c (renamed from crypto/openssl/crypto/evp/c_all.c)0
-rw-r--r--crypto/evp/c_allc.c (renamed from crypto/openssl/crypto/evp/c_allc.c)0
-rw-r--r--crypto/evp/c_alld.c (renamed from crypto/openssl/crypto/evp/c_alld.c)0
-rw-r--r--crypto/evp/digest.c (renamed from crypto/openssl/crypto/evp/digest.c)0
-rw-r--r--crypto/evp/e_aes.c (renamed from crypto/openssl/crypto/evp/e_aes.c)0
-rw-r--r--crypto/evp/e_bf.c (renamed from crypto/openssl/crypto/evp/e_bf.c)0
-rw-r--r--crypto/evp/e_camellia.c (renamed from crypto/openssl/crypto/evp/e_camellia.c)0
-rw-r--r--crypto/evp/e_cast.c (renamed from crypto/openssl/crypto/evp/e_cast.c)0
-rw-r--r--crypto/evp/e_des.c (renamed from crypto/openssl/crypto/evp/e_des.c)0
-rw-r--r--crypto/evp/e_des3.c (renamed from crypto/openssl/crypto/evp/e_des3.c)0
-rw-r--r--crypto/evp/e_dsa.c (renamed from crypto/openssl/crypto/evp/e_dsa.c)0
-rw-r--r--crypto/evp/e_idea.c (renamed from crypto/openssl/crypto/evp/e_idea.c)0
-rw-r--r--crypto/evp/e_null.c (renamed from crypto/openssl/crypto/evp/e_null.c)0
-rw-r--r--crypto/evp/e_old.c (renamed from crypto/openssl/crypto/evp/e_old.c)0
-rw-r--r--crypto/evp/e_rc2.c (renamed from crypto/openssl/crypto/evp/e_rc2.c)0
-rw-r--r--crypto/evp/e_rc4.c (renamed from crypto/openssl/crypto/evp/e_rc4.c)0
-rw-r--r--crypto/evp/e_rc5.c (renamed from crypto/openssl/crypto/evp/e_rc5.c)0
-rw-r--r--crypto/evp/e_xcbc_d.c (renamed from crypto/openssl/crypto/evp/e_xcbc_d.c)0
-rw-r--r--crypto/evp/encode.c (renamed from crypto/openssl/crypto/evp/encode.c)0
-rw-r--r--crypto/evp/evp.h (renamed from crypto/openssl/crypto/evp/evp.h)0
-rw-r--r--crypto/evp/evp_acnf.c (renamed from crypto/openssl/crypto/evp/evp_acnf.c)0
-rw-r--r--crypto/evp/evp_enc.c (renamed from crypto/openssl/crypto/evp/evp_enc.c)0
-rw-r--r--crypto/evp/evp_err.c (renamed from crypto/openssl/crypto/evp/evp_err.c)0
-rw-r--r--crypto/evp/evp_key.c (renamed from crypto/openssl/crypto/evp/evp_key.c)0
-rw-r--r--crypto/evp/evp_lib.c (renamed from crypto/openssl/crypto/evp/evp_lib.c)0
-rw-r--r--crypto/evp/evp_locl.h (renamed from crypto/openssl/crypto/evp/evp_locl.h)0
-rw-r--r--crypto/evp/evp_pbe.c (renamed from crypto/openssl/crypto/evp/evp_pbe.c)0
-rw-r--r--crypto/evp/evp_pkey.c (renamed from crypto/openssl/crypto/evp/evp_pkey.c)0
-rw-r--r--crypto/evp/evp_test.c (renamed from crypto/openssl/crypto/evp/evp_test.c)0
-rw-r--r--crypto/evp/evptests.txt (renamed from crypto/openssl/crypto/evp/evptests.txt)0
-rw-r--r--crypto/evp/m_dss.c (renamed from crypto/openssl/crypto/evp/m_dss.c)0
-rw-r--r--crypto/evp/m_dss1.c (renamed from crypto/openssl/crypto/evp/m_dss1.c)0
-rw-r--r--crypto/evp/m_ecdsa.c (renamed from crypto/openssl/crypto/evp/m_ecdsa.c)0
-rw-r--r--crypto/evp/m_md2.c (renamed from crypto/openssl/crypto/evp/m_md2.c)0
-rw-r--r--crypto/evp/m_md4.c (renamed from crypto/openssl/crypto/evp/m_md4.c)0
-rw-r--r--crypto/evp/m_md5.c (renamed from crypto/openssl/crypto/evp/m_md5.c)0
-rw-r--r--crypto/evp/m_mdc2.c (renamed from crypto/openssl/crypto/evp/m_mdc2.c)0
-rw-r--r--crypto/evp/m_null.c (renamed from crypto/openssl/crypto/evp/m_null.c)0
-rw-r--r--crypto/evp/m_ripemd.c (renamed from crypto/openssl/crypto/evp/m_ripemd.c)0
-rw-r--r--crypto/evp/m_sha.c (renamed from crypto/openssl/crypto/evp/m_sha.c)0
-rw-r--r--crypto/evp/m_sha1.c (renamed from crypto/openssl/crypto/evp/m_sha1.c)0
-rw-r--r--crypto/evp/names.c (renamed from crypto/openssl/crypto/evp/names.c)0
-rw-r--r--crypto/evp/openbsd_hw.c (renamed from crypto/openssl/crypto/evp/openbsd_hw.c)0
-rw-r--r--crypto/evp/p5_crpt.c (renamed from crypto/openssl/crypto/evp/p5_crpt.c)0
-rw-r--r--crypto/evp/p5_crpt2.c (renamed from crypto/openssl/crypto/evp/p5_crpt2.c)0
-rw-r--r--crypto/evp/p_dec.c (renamed from crypto/openssl/crypto/evp/p_dec.c)0
-rw-r--r--crypto/evp/p_enc.c (renamed from crypto/openssl/crypto/evp/p_enc.c)0
-rw-r--r--crypto/evp/p_lib.c (renamed from crypto/openssl/crypto/evp/p_lib.c)0
-rw-r--r--crypto/evp/p_open.c (renamed from crypto/openssl/crypto/evp/p_open.c)0
-rw-r--r--crypto/evp/p_seal.c (renamed from crypto/openssl/crypto/evp/p_seal.c)0
-rw-r--r--crypto/evp/p_sign.c (renamed from crypto/openssl/crypto/evp/p_sign.c)0
-rw-r--r--crypto/evp/p_verify.c (renamed from crypto/openssl/crypto/evp/p_verify.c)0
-rw-r--r--crypto/ex_data.c (renamed from crypto/openssl/crypto/ex_data.c)0
-rw-r--r--crypto/hmac/Makefile (renamed from crypto/openssl/crypto/hmac/Makefile)0
-rw-r--r--crypto/hmac/hmac.c (renamed from crypto/openssl/crypto/hmac/hmac.c)0
-rw-r--r--crypto/hmac/hmac.h (renamed from crypto/openssl/crypto/hmac/hmac.h)0
-rw-r--r--crypto/hmac/hmactest.c (renamed from crypto/openssl/crypto/hmac/hmactest.c)0
-rw-r--r--crypto/ia64cpuid.S (renamed from crypto/openssl/crypto/ia64cpuid.S)0
-rw-r--r--crypto/idea/Makefile (renamed from crypto/openssl/crypto/idea/Makefile)0
-rw-r--r--crypto/idea/i_cbc.c (renamed from crypto/openssl/crypto/idea/i_cbc.c)0
-rw-r--r--crypto/idea/i_cfb64.c (renamed from crypto/openssl/crypto/idea/i_cfb64.c)0
-rw-r--r--crypto/idea/i_ecb.c (renamed from crypto/openssl/crypto/idea/i_ecb.c)0
-rw-r--r--crypto/idea/i_ofb64.c (renamed from crypto/openssl/crypto/idea/i_ofb64.c)0
-rw-r--r--crypto/idea/i_skey.c (renamed from crypto/openssl/crypto/idea/i_skey.c)0
-rw-r--r--crypto/idea/idea.h (renamed from crypto/openssl/crypto/idea/idea.h)0
-rw-r--r--crypto/idea/idea_lcl.h (renamed from crypto/openssl/crypto/idea/idea_lcl.h)0
-rw-r--r--crypto/idea/idea_spd.c (renamed from crypto/openssl/crypto/idea/idea_spd.c)0
-rw-r--r--crypto/idea/ideatest.c (renamed from crypto/openssl/crypto/idea/ideatest.c)0
-rw-r--r--crypto/idea/version (renamed from crypto/openssl/crypto/idea/version)0
-rw-r--r--crypto/krb5/Makefile (renamed from crypto/openssl/crypto/krb5/Makefile)0
-rw-r--r--crypto/krb5/krb5_asn.c (renamed from crypto/openssl/crypto/krb5/krb5_asn.c)0
-rw-r--r--crypto/krb5/krb5_asn.h (renamed from crypto/openssl/crypto/krb5/krb5_asn.h)0
-rw-r--r--crypto/lhash/Makefile (renamed from crypto/openssl/crypto/lhash/Makefile)0
-rw-r--r--crypto/lhash/lh_stats.c (renamed from crypto/openssl/crypto/lhash/lh_stats.c)0
-rw-r--r--crypto/lhash/lh_test.c (renamed from crypto/openssl/crypto/lhash/lh_test.c)0
-rw-r--r--crypto/lhash/lhash.c (renamed from crypto/openssl/crypto/lhash/lhash.c)0
-rw-r--r--crypto/lhash/lhash.h (renamed from crypto/openssl/crypto/lhash/lhash.h)0
-rw-r--r--crypto/lhash/num.pl (renamed from crypto/openssl/crypto/lhash/num.pl)0
-rw-r--r--crypto/md2/Makefile (renamed from crypto/openssl/crypto/md2/Makefile)0
-rw-r--r--crypto/md2/md2.c (renamed from crypto/openssl/crypto/md2/md2.c)0
-rw-r--r--crypto/md2/md2.h (renamed from crypto/openssl/crypto/md2/md2.h)0
-rw-r--r--crypto/md2/md2_dgst.c (renamed from crypto/openssl/crypto/md2/md2_dgst.c)0
-rw-r--r--crypto/md2/md2_one.c (renamed from crypto/openssl/crypto/md2/md2_one.c)0
-rw-r--r--crypto/md2/md2test.c (renamed from crypto/openssl/crypto/md2/md2test.c)0
-rw-r--r--crypto/md32_common.h (renamed from crypto/openssl/crypto/md32_common.h)0
-rw-r--r--crypto/md4/Makefile (renamed from crypto/openssl/crypto/md4/Makefile)0
-rw-r--r--crypto/md4/md4.c (renamed from crypto/openssl/crypto/md4/md4.c)0
-rw-r--r--crypto/md4/md4.h (renamed from crypto/openssl/crypto/md4/md4.h)0
-rw-r--r--crypto/md4/md4_dgst.c (renamed from crypto/openssl/crypto/md4/md4_dgst.c)0
-rw-r--r--crypto/md4/md4_locl.h (renamed from crypto/openssl/crypto/md4/md4_locl.h)0
-rw-r--r--crypto/md4/md4_one.c (renamed from crypto/openssl/crypto/md4/md4_one.c)0
-rw-r--r--crypto/md4/md4s.cpp (renamed from crypto/openssl/crypto/md4/md4s.cpp)0
-rw-r--r--crypto/md4/md4test.c (renamed from crypto/openssl/crypto/md4/md4test.c)0
-rw-r--r--crypto/md5/Makefile (renamed from crypto/openssl/crypto/md5/Makefile)0
-rw-r--r--crypto/md5/asm/md5-586.pl (renamed from crypto/openssl/crypto/md5/asm/md5-586.pl)0
-rw-r--r--crypto/md5/asm/md5-sparcv9.S (renamed from crypto/openssl/crypto/md5/asm/md5-sparcv9.S)0
-rwxr-xr-xcrypto/md5/asm/md5-x86_64.pl (renamed from crypto/openssl/crypto/md5/asm/md5-x86_64.pl)0
-rw-r--r--crypto/md5/md5.c (renamed from crypto/openssl/crypto/md5/md5.c)0
-rw-r--r--crypto/md5/md5.h (renamed from crypto/openssl/crypto/md5/md5.h)0
-rw-r--r--crypto/md5/md5_dgst.c (renamed from crypto/openssl/crypto/md5/md5_dgst.c)0
-rw-r--r--crypto/md5/md5_locl.h (renamed from crypto/openssl/crypto/md5/md5_locl.h)0
-rw-r--r--crypto/md5/md5_one.c (renamed from crypto/openssl/crypto/md5/md5_one.c)0
-rw-r--r--crypto/md5/md5s.cpp (renamed from crypto/openssl/crypto/md5/md5s.cpp)0
-rw-r--r--crypto/md5/md5test.c (renamed from crypto/openssl/crypto/md5/md5test.c)0
-rw-r--r--crypto/mdc2/Makefile (renamed from crypto/openssl/crypto/mdc2/Makefile)0
-rw-r--r--crypto/mdc2/mdc2.h (renamed from crypto/openssl/crypto/mdc2/mdc2.h)0
-rw-r--r--crypto/mdc2/mdc2_one.c (renamed from crypto/openssl/crypto/mdc2/mdc2_one.c)0
-rw-r--r--crypto/mdc2/mdc2dgst.c (renamed from crypto/openssl/crypto/mdc2/mdc2dgst.c)0
-rw-r--r--crypto/mdc2/mdc2test.c (renamed from crypto/openssl/crypto/mdc2/mdc2test.c)0
-rw-r--r--crypto/mem.c (renamed from crypto/openssl/crypto/mem.c)0
-rw-r--r--crypto/mem_clr.c (renamed from crypto/openssl/crypto/mem_clr.c)0
-rw-r--r--crypto/mem_dbg.c (renamed from crypto/openssl/crypto/mem_dbg.c)0
-rw-r--r--crypto/o_dir.c (renamed from crypto/openssl/crypto/o_dir.c)0
-rw-r--r--crypto/o_dir.h (renamed from crypto/openssl/crypto/o_dir.h)0
-rw-r--r--crypto/o_dir_test.c (renamed from crypto/openssl/crypto/o_dir_test.c)0
-rw-r--r--crypto/o_str.c (renamed from crypto/openssl/crypto/o_str.c)0
-rw-r--r--crypto/o_str.h (renamed from crypto/openssl/crypto/o_str.h)0
-rw-r--r--crypto/o_time.c (renamed from crypto/openssl/crypto/o_time.c)0
-rw-r--r--crypto/o_time.h (renamed from crypto/openssl/crypto/o_time.h)0
-rw-r--r--crypto/objects/Makefile (renamed from crypto/openssl/crypto/objects/Makefile)0
-rw-r--r--crypto/objects/o_names.c (renamed from crypto/openssl/crypto/objects/o_names.c)0
-rw-r--r--crypto/objects/obj_dat.c (renamed from crypto/openssl/crypto/objects/obj_dat.c)0
-rw-r--r--crypto/objects/obj_dat.h (renamed from crypto/openssl/crypto/objects/obj_dat.h)0
-rw-r--r--crypto/objects/obj_dat.pl (renamed from crypto/openssl/crypto/objects/obj_dat.pl)0
-rw-r--r--crypto/objects/obj_err.c (renamed from crypto/openssl/crypto/objects/obj_err.c)0
-rw-r--r--crypto/objects/obj_lib.c (renamed from crypto/openssl/crypto/objects/obj_lib.c)0
-rw-r--r--crypto/objects/obj_mac.h (renamed from crypto/openssl/crypto/objects/obj_mac.h)0
-rw-r--r--crypto/objects/obj_mac.num (renamed from crypto/openssl/crypto/objects/obj_mac.num)0
-rw-r--r--crypto/objects/objects.README (renamed from crypto/openssl/crypto/objects/objects.README)0
-rw-r--r--crypto/objects/objects.h (renamed from crypto/openssl/crypto/objects/objects.h)0
-rw-r--r--crypto/objects/objects.pl (renamed from crypto/openssl/crypto/objects/objects.pl)0
-rw-r--r--crypto/objects/objects.txt (renamed from crypto/openssl/crypto/objects/objects.txt)0
-rw-r--r--crypto/ocsp/Makefile (renamed from crypto/openssl/crypto/ocsp/Makefile)0
-rw-r--r--crypto/ocsp/ocsp.h (renamed from crypto/openssl/crypto/ocsp/ocsp.h)0
-rw-r--r--crypto/ocsp/ocsp_asn.c (renamed from crypto/openssl/crypto/ocsp/ocsp_asn.c)0
-rwxr-xr-xcrypto/ocsp/ocsp_cl.c (renamed from crypto/openssl/crypto/ocsp/ocsp_cl.c)0
-rw-r--r--crypto/ocsp/ocsp_err.c (renamed from crypto/openssl/crypto/ocsp/ocsp_err.c)0
-rwxr-xr-xcrypto/ocsp/ocsp_ext.c (renamed from crypto/openssl/crypto/ocsp/ocsp_ext.c)0
-rw-r--r--crypto/ocsp/ocsp_ht.c (renamed from crypto/openssl/crypto/ocsp/ocsp_ht.c)0
-rwxr-xr-xcrypto/ocsp/ocsp_lib.c (renamed from crypto/openssl/crypto/ocsp/ocsp_lib.c)0
-rw-r--r--crypto/ocsp/ocsp_prn.c (renamed from crypto/openssl/crypto/ocsp/ocsp_prn.c)0
-rwxr-xr-xcrypto/ocsp/ocsp_srv.c (renamed from crypto/openssl/crypto/ocsp/ocsp_srv.c)0
-rw-r--r--crypto/ocsp/ocsp_vfy.c (renamed from crypto/openssl/crypto/ocsp/ocsp_vfy.c)0
-rw-r--r--crypto/openssl/CHANGES7860
-rw-r--r--crypto/openssl/CHANGES.SSLeay968
-rw-r--r--crypto/openssl/ChangeLog.0_9_7-stable_not-in-head163
-rw-r--r--crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS1494
-rwxr-xr-xcrypto/openssl/Configure1819
-rw-r--r--crypto/openssl/FAQ898
-rw-r--r--crypto/openssl/INSTALL350
-rw-r--r--crypto/openssl/LICENSE127
-rw-r--r--crypto/openssl/Makefile590
-rw-r--r--crypto/openssl/Makefile.org588
-rw-r--r--crypto/openssl/Makefile.shared603
-rw-r--r--crypto/openssl/NEWS462
-rw-r--r--crypto/openssl/PROBLEMS197
-rw-r--r--crypto/openssl/README200
-rw-r--r--crypto/openssl/README.ASN1187
-rw-r--r--crypto/openssl/README.ENGINE289
-rwxr-xr-xcrypto/openssl/apps/CA.pl189
-rw-r--r--crypto/openssl/apps/CA.pl.in189
-rw-r--r--crypto/openssl/apps/CA.sh139
-rw-r--r--crypto/openssl/apps/Makefile901
-rw-r--r--crypto/openssl/apps/app_rand.c218
-rw-r--r--crypto/openssl/apps/apps.c2335
-rw-r--r--crypto/openssl/apps/apps.h345
-rw-r--r--crypto/openssl/apps/asn1pars.c444
-rw-r--r--crypto/openssl/apps/ca-cert.srl1
-rw-r--r--crypto/openssl/apps/ca-key.pem15
-rw-r--r--crypto/openssl/apps/ca-req.pem11
-rw-r--r--crypto/openssl/apps/ca.c3003
-rw-r--r--crypto/openssl/apps/cert.pem11
-rw-r--r--crypto/openssl/apps/ciphers.c208
-rw-r--r--crypto/openssl/apps/client.pem24
-rw-r--r--crypto/openssl/apps/crl.c429
-rw-r--r--crypto/openssl/apps/crl2p7.c345
-rw-r--r--crypto/openssl/apps/demoCA/cacert.pem14
-rw-r--r--crypto/openssl/apps/demoCA/index.txt39
-rw-r--r--crypto/openssl/apps/demoCA/private/cakey.pem24
-rw-r--r--crypto/openssl/apps/demoCA/serial1
-rw-r--r--crypto/openssl/apps/der_chop305
-rw-r--r--crypto/openssl/apps/der_chop.in305
-rw-r--r--crypto/openssl/apps/dgst.c507
-rw-r--r--crypto/openssl/apps/dh.c352
-rw-r--r--crypto/openssl/apps/dh1024.pem10
-rw-r--r--crypto/openssl/apps/dh2048.pem12
-rw-r--r--crypto/openssl/apps/dh4096.pem18
-rw-r--r--crypto/openssl/apps/dh512.pem9
-rw-r--r--crypto/openssl/apps/dhparam.c557
-rw-r--r--crypto/openssl/apps/dsa-ca.pem40
-rw-r--r--crypto/openssl/apps/dsa-pca.pem46
-rw-r--r--crypto/openssl/apps/dsa.c341
-rw-r--r--crypto/openssl/apps/dsa1024.pem9
-rw-r--r--crypto/openssl/apps/dsa512.pem6
-rw-r--r--crypto/openssl/apps/dsap.pem6
-rw-r--r--crypto/openssl/apps/dsaparam.c478
-rw-r--r--crypto/openssl/apps/ec.c403
-rw-r--r--crypto/openssl/apps/ecparam.c728
-rw-r--r--crypto/openssl/apps/enc.c681
-rw-r--r--crypto/openssl/apps/engine.c542
-rw-r--r--crypto/openssl/apps/errstr.c126
-rw-r--r--crypto/openssl/apps/gendh.c238
-rw-r--r--crypto/openssl/apps/gendsa.c274
-rw-r--r--crypto/openssl/apps/genrsa.c320
-rw-r--r--crypto/openssl/apps/nseq.c167
-rw-r--r--crypto/openssl/apps/ocsp.c1234
-rw-r--r--crypto/openssl/apps/oid.cnf6
-rw-r--r--crypto/openssl/apps/openssl.c526
-rw-r--r--crypto/openssl/apps/openssl.cnf313
-rw-r--r--crypto/openssl/apps/passwd.c512
-rw-r--r--crypto/openssl/apps/pca-cert.srl1
-rw-r--r--crypto/openssl/apps/pca-key.pem15
-rw-r--r--crypto/openssl/apps/pca-req.pem11
-rw-r--r--crypto/openssl/apps/pkcs12.c945
-rw-r--r--crypto/openssl/apps/pkcs7.c318
-rw-r--r--crypto/openssl/apps/pkcs8.c460
-rw-r--r--crypto/openssl/apps/prime.c130
-rw-r--r--crypto/openssl/apps/privkey.pem18
-rw-r--r--crypto/openssl/apps/progs.h324
-rw-r--r--crypto/openssl/apps/progs.pl91
-rw-r--r--crypto/openssl/apps/rand.c227
-rw-r--r--crypto/openssl/apps/req.c1686
-rw-r--r--crypto/openssl/apps/req.pem11
-rw-r--r--crypto/openssl/apps/rsa.c397
-rw-r--r--crypto/openssl/apps/rsa8192.pem101
-rw-r--r--crypto/openssl/apps/rsautl.c333
-rw-r--r--crypto/openssl/apps/s1024key.pem15
-rw-r--r--crypto/openssl/apps/s1024req.pem11
-rw-r--r--crypto/openssl/apps/s512-key.pem9
-rw-r--r--crypto/openssl/apps/s512-req.pem8
-rw-r--r--crypto/openssl/apps/s_apps.h170
-rw-r--r--crypto/openssl/apps/s_cb.c577
-rw-r--r--crypto/openssl/apps/s_client.c1308
-rw-r--r--crypto/openssl/apps/s_server.c2015
-rw-r--r--crypto/openssl/apps/s_socket.c617
-rw-r--r--crypto/openssl/apps/s_time.c735
-rw-r--r--crypto/openssl/apps/server.pem369
-rw-r--r--crypto/openssl/apps/server.srl1
-rw-r--r--crypto/openssl/apps/server2.pem376
-rw-r--r--crypto/openssl/apps/sess_id.c320
-rw-r--r--crypto/openssl/apps/set/set-g-ca.pem21
-rw-r--r--crypto/openssl/apps/set/set-m-ca.pem21
-rw-r--r--crypto/openssl/apps/set/set_b_ca.pem23
-rw-r--r--crypto/openssl/apps/set/set_c_ca.pem21
-rw-r--r--crypto/openssl/apps/set/set_d_ct.pem21
-rw-r--r--crypto/openssl/apps/set/set_root.pem21
-rw-r--r--crypto/openssl/apps/smime.c794
-rw-r--r--crypto/openssl/apps/speed.c2834
-rw-r--r--crypto/openssl/apps/spkac.c308
-rw-r--r--crypto/openssl/apps/testCA.pem8
-rw-r--r--crypto/openssl/apps/testdsa.h217
-rw-r--r--crypto/openssl/apps/testrsa.h518
-rw-r--r--crypto/openssl/apps/timeouts.h67
-rw-r--r--crypto/openssl/apps/verify.c370
-rw-r--r--crypto/openssl/apps/version.c217
-rw-r--r--crypto/openssl/apps/winrand.c148
-rw-r--r--crypto/openssl/apps/x509.c1278
-rw-r--r--crypto/openssl/bugs/MS7
-rw-r--r--crypto/openssl/bugs/SSLv349
-rw-r--r--crypto/openssl/bugs/VC16.bug18
-rw-r--r--crypto/openssl/bugs/alpha.c91
-rw-r--r--crypto/openssl/bugs/dggccbug.c45
-rw-r--r--crypto/openssl/bugs/sgiccbug.c57
-rw-r--r--crypto/openssl/bugs/sslref.dif26
-rw-r--r--crypto/openssl/bugs/stream.c131
-rw-r--r--crypto/openssl/bugs/ultrixcc.c45
-rw-r--r--crypto/openssl/certs/ICE-CA.pem59
-rw-r--r--crypto/openssl/certs/ICE-root.pem48
-rw-r--r--crypto/openssl/certs/ICE-user.pem63
-rw-r--r--crypto/openssl/certs/ICE.crl9
-rw-r--r--crypto/openssl/certs/RegTP-4R.pem19
-rw-r--r--crypto/openssl/certs/RegTP-5R.pem19
-rw-r--r--crypto/openssl/certs/RegTP-6R.pem19
-rw-r--r--crypto/openssl/certs/aol1.pem22
-rw-r--r--crypto/openssl/certs/aol2.pem33
-rw-r--r--crypto/openssl/certs/aoltw1.pem23
-rw-r--r--crypto/openssl/certs/aoltw2.pem34
-rw-r--r--crypto/openssl/certs/argena.pem39
-rw-r--r--crypto/openssl/certs/argeng.pem23
-rw-r--r--crypto/openssl/certs/ca-cert.pem33
-rw-r--r--crypto/openssl/certs/demo/ca-cert.pem33
-rw-r--r--crypto/openssl/certs/demo/dsa-ca.pem43
-rw-r--r--crypto/openssl/certs/demo/dsa-pca.pem49
-rw-r--r--crypto/openssl/certs/demo/nortelCA.pem16
-rw-r--r--crypto/openssl/certs/demo/pca-cert.pem33
-rw-r--r--crypto/openssl/certs/demo/timCA.pem16
-rw-r--r--crypto/openssl/certs/demo/tjhCA.pem15
-rw-r--r--crypto/openssl/certs/demo/vsigntca.pem18
-rw-r--r--crypto/openssl/certs/dsa-ca.pem43
-rw-r--r--crypto/openssl/certs/dsa-pca.pem49
-rw-r--r--crypto/openssl/certs/eng1.pem23
-rw-r--r--crypto/openssl/certs/eng2.pem23
-rw-r--r--crypto/openssl/certs/eng3.pem34
-rw-r--r--crypto/openssl/certs/eng4.pem23
-rw-r--r--crypto/openssl/certs/eng5.pem23
-rw-r--r--crypto/openssl/certs/expired/ICE-CA.pem59
-rw-r--r--crypto/openssl/certs/expired/ICE-root.pem48
-rw-r--r--crypto/openssl/certs/expired/ICE-user.pem63
-rw-r--r--crypto/openssl/certs/expired/ICE.crl9
-rw-r--r--crypto/openssl/certs/expired/RegTP-4R.pem19
-rw-r--r--crypto/openssl/certs/expired/factory.pem15
-rw-r--r--crypto/openssl/certs/expired/rsa-cca.pem19
-rw-r--r--crypto/openssl/certs/expired/rsa-ssca.pem19
-rw-r--r--crypto/openssl/certs/expired/vsign2.pem18
-rw-r--r--crypto/openssl/certs/expired/vsign3.pem18
-rw-r--r--crypto/openssl/certs/factory.pem15
-rw-r--r--crypto/openssl/certs/nortelCA.pem16
-rw-r--r--crypto/openssl/certs/pca-cert.pem33
-rw-r--r--crypto/openssl/certs/rsa-cca.pem19
-rw-r--r--crypto/openssl/certs/thawteCb.pem19
-rw-r--r--crypto/openssl/certs/thawteCp.pem19
-rw-r--r--crypto/openssl/certs/timCA.pem16
-rw-r--r--crypto/openssl/certs/tjhCA.pem15
-rw-r--r--crypto/openssl/certs/vsign1.pem17
-rw-r--r--crypto/openssl/certs/vsign2.pem18
-rw-r--r--crypto/openssl/certs/vsign3.pem17
-rw-r--r--crypto/openssl/certs/vsignss.pem17
-rw-r--r--crypto/openssl/certs/vsigntca.pem18
-rw-r--r--crypto/openssl/certs/wellsfgo.pem23
-rw-r--r--crypto/openssl/comm.txt1
-rw-r--r--crypto/openssl/comms.txt1
-rwxr-xr-xcrypto/openssl/config881
-rw-r--r--crypto/openssl/demos/README9
-rw-r--r--crypto/openssl/demos/asn1/README.ASN17
-rw-r--r--crypto/openssl/demos/asn1/ocsp.c366
-rw-r--r--crypto/openssl/demos/b64.c268
-rw-r--r--crypto/openssl/demos/b64.pl20
-rw-r--r--crypto/openssl/demos/bio/Makefile16
-rw-r--r--crypto/openssl/demos/bio/README3
-rw-r--r--crypto/openssl/demos/bio/saccept.c112
-rw-r--r--crypto/openssl/demos/bio/sconnect.c121
-rw-r--r--crypto/openssl/demos/bio/server.pem30
-rw-r--r--crypto/openssl/demos/easy_tls/Makefile123
-rw-r--r--crypto/openssl/demos/easy_tls/README65
-rw-r--r--crypto/openssl/demos/easy_tls/cacerts.pem18
-rw-r--r--crypto/openssl/demos/easy_tls/cert.pem31
-rw-r--r--crypto/openssl/demos/easy_tls/easy-tls.c1240
-rw-r--r--crypto/openssl/demos/easy_tls/easy-tls.h57
-rw-r--r--crypto/openssl/demos/easy_tls/test.c244
-rw-r--r--crypto/openssl/demos/easy_tls/test.h11
-rw-r--r--crypto/openssl/demos/eay/Makefile24
-rw-r--r--crypto/openssl/demos/eay/base64.c49
-rw-r--r--crypto/openssl/demos/eay/conn.c105
-rw-r--r--crypto/openssl/demos/eay/loadrsa.c53
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/Makefile114
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/cluster_labs.h35
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.c721
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.ec8
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.c151
-rw-r--r--crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h95
-rw-r--r--crypto/openssl/demos/engines/ibmca/Makefile114
-rw-r--r--crypto/openssl/demos/engines/ibmca/hw_ibmca.c920
-rw-r--r--crypto/openssl/demos/engines/ibmca/hw_ibmca.ec8
-rw-r--r--crypto/openssl/demos/engines/ibmca/hw_ibmca_err.c154
-rw-r--r--crypto/openssl/demos/engines/ibmca/hw_ibmca_err.h98
-rw-r--r--crypto/openssl/demos/engines/ibmca/ica_openssl_api.h189
-rw-r--r--crypto/openssl/demos/engines/zencod/Makefile114
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod.c1739
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod.ec8
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod.h160
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod_err.c151
-rw-r--r--crypto/openssl/demos/engines/zencod/hw_zencod_err.h95
-rw-r--r--crypto/openssl/demos/maurice/Makefile59
-rw-r--r--crypto/openssl/demos/maurice/README34
-rw-r--r--crypto/openssl/demos/maurice/cert.pem77
-rw-r--r--crypto/openssl/demos/maurice/example1.c198
-rw-r--r--crypto/openssl/demos/maurice/example2.c75
-rw-r--r--crypto/openssl/demos/maurice/example3.c87
-rw-r--r--crypto/openssl/demos/maurice/example4.c123
-rw-r--r--crypto/openssl/demos/maurice/loadkeys.c72
-rw-r--r--crypto/openssl/demos/maurice/loadkeys.h19
-rw-r--r--crypto/openssl/demos/maurice/privkey.pem27
-rw-r--r--crypto/openssl/demos/pkcs12/README3
-rw-r--r--crypto/openssl/demos/pkcs12/pkread.c61
-rw-r--r--crypto/openssl/demos/pkcs12/pkwrite.c46
-rw-r--r--crypto/openssl/demos/prime/Makefile20
-rw-r--r--crypto/openssl/demos/prime/prime.c101
-rw-r--r--crypto/openssl/demos/privkey.pem9
-rw-r--r--crypto/openssl/demos/selfsign.c180
-rw-r--r--crypto/openssl/demos/sign/Makefile15
-rw-r--r--crypto/openssl/demos/sign/cert.pem14
-rw-r--r--crypto/openssl/demos/sign/key.pem9
-rw-r--r--crypto/openssl/demos/sign/sig.txt158
-rw-r--r--crypto/openssl/demos/sign/sign.c153
-rw-r--r--crypto/openssl/demos/sign/sign.txt170
-rw-r--r--crypto/openssl/demos/spkigen.c161
-rw-r--r--crypto/openssl/demos/ssl/cli.cpp110
-rw-r--r--crypto/openssl/demos/ssl/inetdsrv.cpp98
-rw-r--r--crypto/openssl/demos/ssl/serv.cpp152
-rwxr-xr-xcrypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh98
-rwxr-xr-xcrypto/openssl/demos/ssltest-ecc/ECCcertgen.sh164
-rw-r--r--crypto/openssl/demos/ssltest-ecc/README15
-rwxr-xr-xcrypto/openssl/demos/ssltest-ecc/RSAcertgen.sh121
-rwxr-xr-xcrypto/openssl/demos/ssltest-ecc/ssltest.sh188
-rw-r--r--crypto/openssl/demos/state_machine/Makefile9
-rw-r--r--crypto/openssl/demos/state_machine/state_machine.c416
-rw-r--r--crypto/openssl/demos/tunala/A-client.pem84
-rw-r--r--crypto/openssl/demos/tunala/A-server.pem84
-rw-r--r--crypto/openssl/demos/tunala/CA.pem24
-rw-r--r--crypto/openssl/demos/tunala/INSTALL107
-rw-r--r--crypto/openssl/demos/tunala/Makefile41
-rw-r--r--crypto/openssl/demos/tunala/Makefile.am7
-rw-r--r--crypto/openssl/demos/tunala/README233
-rwxr-xr-xcrypto/openssl/demos/tunala/autogunk.sh25
-rwxr-xr-xcrypto/openssl/demos/tunala/autoungunk.sh18
-rw-r--r--crypto/openssl/demos/tunala/breakage.c66
-rw-r--r--crypto/openssl/demos/tunala/buffer.c205
-rw-r--r--crypto/openssl/demos/tunala/cb.c143
-rw-r--r--crypto/openssl/demos/tunala/configure.in29
-rw-r--r--crypto/openssl/demos/tunala/ip.c146
-rw-r--r--crypto/openssl/demos/tunala/sm.c151
-rwxr-xr-xcrypto/openssl/demos/tunala/test.sh107
-rw-r--r--crypto/openssl/demos/tunala/tunala.c1107
-rw-r--r--crypto/openssl/demos/tunala/tunala.h215
-rw-r--r--crypto/openssl/demos/x509/README3
-rw-r--r--crypto/openssl/demos/x509/mkcert.c172
-rw-r--r--crypto/openssl/demos/x509/mkreq.c161
-rw-r--r--crypto/openssl/doc/HOWTO/certificates.txt105
-rw-r--r--crypto/openssl/doc/HOWTO/keys.txt73
-rw-r--r--crypto/openssl/doc/HOWTO/proxy_certificates.txt322
-rw-r--r--crypto/openssl/doc/README12
-rw-r--r--crypto/openssl/doc/apps/CA.pl.pod179
-rw-r--r--crypto/openssl/doc/apps/asn1parse.pod171
-rw-r--r--crypto/openssl/doc/apps/ca.pod671
-rw-r--r--crypto/openssl/doc/apps/ciphers.pod418
-rw-r--r--crypto/openssl/doc/apps/config.pod279
-rw-r--r--crypto/openssl/doc/apps/crl.pod117
-rw-r--r--crypto/openssl/doc/apps/crl2pkcs7.pod91
-rw-r--r--crypto/openssl/doc/apps/dgst.pod110
-rw-r--r--crypto/openssl/doc/apps/dhparam.pod141
-rw-r--r--crypto/openssl/doc/apps/dsa.pod158
-rw-r--r--crypto/openssl/doc/apps/dsaparam.pod110
-rw-r--r--crypto/openssl/doc/apps/ec.pod190
-rw-r--r--crypto/openssl/doc/apps/ecparam.pod179
-rw-r--r--crypto/openssl/doc/apps/enc.pod271
-rw-r--r--crypto/openssl/doc/apps/errstr.pod39
-rw-r--r--crypto/openssl/doc/apps/gendsa.pod66
-rw-r--r--crypto/openssl/doc/apps/genrsa.pod96
-rw-r--r--crypto/openssl/doc/apps/nseq.pod70
-rw-r--r--crypto/openssl/doc/apps/ocsp.pod365
-rw-r--r--crypto/openssl/doc/apps/openssl.pod345
-rw-r--r--crypto/openssl/doc/apps/passwd.pod82
-rw-r--r--crypto/openssl/doc/apps/pkcs12.pod330
-rw-r--r--crypto/openssl/doc/apps/pkcs7.pod105
-rw-r--r--crypto/openssl/doc/apps/pkcs8.pod243
-rw-r--r--crypto/openssl/doc/apps/rand.pod50
-rw-r--r--crypto/openssl/doc/apps/req.pod611
-rw-r--r--crypto/openssl/doc/apps/rsa.pod189
-rw-r--r--crypto/openssl/doc/apps/rsautl.pod183
-rw-r--r--crypto/openssl/doc/apps/s_client.pod266
-rw-r--r--crypto/openssl/doc/apps/s_server.pod327
-rw-r--r--crypto/openssl/doc/apps/s_time.pod173
-rw-r--r--crypto/openssl/doc/apps/sess_id.pod151
-rw-r--r--crypto/openssl/doc/apps/smime.pod385
-rw-r--r--crypto/openssl/doc/apps/speed.pod59
-rw-r--r--crypto/openssl/doc/apps/spkac.pod133
-rw-r--r--crypto/openssl/doc/apps/verify.pod328
-rw-r--r--crypto/openssl/doc/apps/version.pod64
-rw-r--r--crypto/openssl/doc/apps/x509.pod832
-rw-r--r--crypto/openssl/doc/apps/x509v3_config.pod456
-rw-r--r--crypto/openssl/doc/c-indentation.el44
-rw-r--r--crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod43
-rw-r--r--crypto/openssl/doc/crypto/ASN1_STRING_length.pod81
-rw-r--r--crypto/openssl/doc/crypto/ASN1_STRING_new.pod44
-rw-r--r--crypto/openssl/doc/crypto/ASN1_STRING_print_ex.pod96
-rw-r--r--crypto/openssl/doc/crypto/ASN1_generate_nconf.pod253
-rw-r--r--crypto/openssl/doc/crypto/BIO_ctrl.pod128
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_base64.pod81
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_buffer.pod69
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_cipher.pod76
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_md.pod138
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_null.pod32
-rw-r--r--crypto/openssl/doc/crypto/BIO_f_ssl.pod313
-rw-r--r--crypto/openssl/doc/crypto/BIO_find_type.pod98
-rw-r--r--crypto/openssl/doc/crypto/BIO_new.pod65
-rw-r--r--crypto/openssl/doc/crypto/BIO_push.pod69
-rw-r--r--crypto/openssl/doc/crypto/BIO_read.pod66
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_accept.pod195
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_bio.pod182
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_connect.pod192
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_fd.pod89
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_file.pod144
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_mem.pod115
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_null.pod37
-rw-r--r--crypto/openssl/doc/crypto/BIO_s_socket.pod63
-rw-r--r--crypto/openssl/doc/crypto/BIO_set_callback.pod108
-rw-r--r--crypto/openssl/doc/crypto/BIO_should_retry.pod114
-rw-r--r--crypto/openssl/doc/crypto/BN_BLINDING_new.pod109
-rw-r--r--crypto/openssl/doc/crypto/BN_CTX_new.pod53
-rw-r--r--crypto/openssl/doc/crypto/BN_CTX_start.pod52
-rw-r--r--crypto/openssl/doc/crypto/BN_add.pod126
-rw-r--r--crypto/openssl/doc/crypto/BN_add_word.pod61
-rw-r--r--crypto/openssl/doc/crypto/BN_bn2bin.pod95
-rw-r--r--crypto/openssl/doc/crypto/BN_cmp.pod48
-rw-r--r--crypto/openssl/doc/crypto/BN_copy.pod34
-rw-r--r--crypto/openssl/doc/crypto/BN_generate_prime.pod102
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_inverse.pod36
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod101
-rw-r--r--crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod81
-rw-r--r--crypto/openssl/doc/crypto/BN_new.pod53
-rw-r--r--crypto/openssl/doc/crypto/BN_num_bytes.pod57
-rw-r--r--crypto/openssl/doc/crypto/BN_rand.pod58
-rw-r--r--crypto/openssl/doc/crypto/BN_set_bit.pod66
-rw-r--r--crypto/openssl/doc/crypto/BN_swap.pod23
-rw-r--r--crypto/openssl/doc/crypto/BN_zero.pod59
-rw-r--r--crypto/openssl/doc/crypto/CONF_modules_free.pod47
-rw-r--r--crypto/openssl/doc/crypto/CONF_modules_load_file.pod60
-rw-r--r--crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod51
-rw-r--r--crypto/openssl/doc/crypto/DH_generate_key.pod50
-rw-r--r--crypto/openssl/doc/crypto/DH_generate_parameters.pod73
-rw-r--r--crypto/openssl/doc/crypto/DH_get_ex_new_index.pod36
-rw-r--r--crypto/openssl/doc/crypto/DH_new.pod40
-rw-r--r--crypto/openssl/doc/crypto/DH_set_method.pod129
-rw-r--r--crypto/openssl/doc/crypto/DH_size.pod33
-rw-r--r--crypto/openssl/doc/crypto/DSA_SIG_new.pod40
-rw-r--r--crypto/openssl/doc/crypto/DSA_do_sign.pod47
-rw-r--r--crypto/openssl/doc/crypto/DSA_dup_DH.pod36
-rw-r--r--crypto/openssl/doc/crypto/DSA_generate_key.pod34
-rw-r--r--crypto/openssl/doc/crypto/DSA_generate_parameters.pod105
-rw-r--r--crypto/openssl/doc/crypto/DSA_get_ex_new_index.pod36
-rw-r--r--crypto/openssl/doc/crypto/DSA_new.pod42
-rw-r--r--crypto/openssl/doc/crypto/DSA_set_method.pod143
-rw-r--r--crypto/openssl/doc/crypto/DSA_sign.pod66
-rw-r--r--crypto/openssl/doc/crypto/DSA_size.pod33
-rw-r--r--crypto/openssl/doc/crypto/ERR_GET_LIB.pod51
-rw-r--r--crypto/openssl/doc/crypto/ERR_clear_error.pod29
-rw-r--r--crypto/openssl/doc/crypto/ERR_error_string.pod73
-rw-r--r--crypto/openssl/doc/crypto/ERR_get_error.pod76
-rw-r--r--crypto/openssl/doc/crypto/ERR_load_crypto_strings.pod46
-rw-r--r--crypto/openssl/doc/crypto/ERR_load_strings.pod54
-rw-r--r--crypto/openssl/doc/crypto/ERR_print_errors.pod51
-rw-r--r--crypto/openssl/doc/crypto/ERR_put_error.pod44
-rw-r--r--crypto/openssl/doc/crypto/ERR_remove_state.pod34
-rw-r--r--crypto/openssl/doc/crypto/ERR_set_mark.pod38
-rw-r--r--crypto/openssl/doc/crypto/EVP_BytesToKey.pod67
-rw-r--r--crypto/openssl/doc/crypto/EVP_DigestInit.pod256
-rw-r--r--crypto/openssl/doc/crypto/EVP_EncryptInit.pod511
-rw-r--r--crypto/openssl/doc/crypto/EVP_OpenInit.pod63
-rw-r--r--crypto/openssl/doc/crypto/EVP_PKEY_new.pod47
-rw-r--r--crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod80
-rw-r--r--crypto/openssl/doc/crypto/EVP_SealInit.pod85
-rw-r--r--crypto/openssl/doc/crypto/EVP_SignInit.pod95
-rw-r--r--crypto/openssl/doc/crypto/EVP_VerifyInit.pod86
-rw-r--r--crypto/openssl/doc/crypto/OBJ_nid2obj.pod149
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_Applink.pod21
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod101
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_config.pod82
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_ia32cap.pod35
-rw-r--r--crypto/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod51
-rw-r--r--crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod66
-rw-r--r--crypto/openssl/doc/crypto/PKCS12_create.pod75
-rw-r--r--crypto/openssl/doc/crypto/PKCS12_parse.pod50
-rw-r--r--crypto/openssl/doc/crypto/PKCS7_decrypt.pod53
-rw-r--r--crypto/openssl/doc/crypto/PKCS7_encrypt.pod65
-rw-r--r--crypto/openssl/doc/crypto/PKCS7_sign.pod101
-rw-r--r--crypto/openssl/doc/crypto/PKCS7_verify.pod116
-rw-r--r--crypto/openssl/doc/crypto/RAND_add.pod77
-rw-r--r--crypto/openssl/doc/crypto/RAND_bytes.pod47
-rw-r--r--crypto/openssl/doc/crypto/RAND_cleanup.pod29
-rw-r--r--crypto/openssl/doc/crypto/RAND_egd.pod85
-rw-r--r--crypto/openssl/doc/crypto/RAND_load_file.pod53
-rw-r--r--crypto/openssl/doc/crypto/RAND_set_rand_method.pod83
-rw-r--r--crypto/openssl/doc/crypto/RSA_blinding_on.pod43
-rw-r--r--crypto/openssl/doc/crypto/RSA_check_key.pod67
-rw-r--r--crypto/openssl/doc/crypto/RSA_generate_key.pod69
-rw-r--r--crypto/openssl/doc/crypto/RSA_get_ex_new_index.pod120
-rw-r--r--crypto/openssl/doc/crypto/RSA_new.pod41
-rw-r--r--crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod124
-rw-r--r--crypto/openssl/doc/crypto/RSA_print.pod49
-rw-r--r--crypto/openssl/doc/crypto/RSA_private_encrypt.pod70
-rw-r--r--crypto/openssl/doc/crypto/RSA_public_encrypt.pod84
-rw-r--r--crypto/openssl/doc/crypto/RSA_set_method.pod202
-rw-r--r--crypto/openssl/doc/crypto/RSA_sign.pod62
-rw-r--r--crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod59
-rw-r--r--crypto/openssl/doc/crypto/RSA_size.pod33
-rw-r--r--crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod71
-rw-r--r--crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod61
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod72
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod114
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod106
-rw-r--r--crypto/openssl/doc/crypto/X509_NAME_print_ex.pod105
-rw-r--r--crypto/openssl/doc/crypto/X509_new.pod37
-rw-r--r--crypto/openssl/doc/crypto/bio.pod54
-rw-r--r--crypto/openssl/doc/crypto/blowfish.pod112
-rw-r--r--crypto/openssl/doc/crypto/bn.pod181
-rw-r--r--crypto/openssl/doc/crypto/bn_internal.pod226
-rw-r--r--crypto/openssl/doc/crypto/buffer.pod73
-rw-r--r--crypto/openssl/doc/crypto/crypto.pod85
-rw-r--r--crypto/openssl/doc/crypto/d2i_ASN1_OBJECT.pod29
-rw-r--r--crypto/openssl/doc/crypto/d2i_DHparams.pod30
-rw-r--r--crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod83
-rw-r--r--crypto/openssl/doc/crypto/d2i_PKCS8PrivateKey.pod56
-rw-r--r--crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod67
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509.pod231
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_ALGOR.pod30
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_CRL.pod37
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_NAME.pod31
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_REQ.pod36
-rw-r--r--crypto/openssl/doc/crypto/d2i_X509_SIG.pod30
-rw-r--r--crypto/openssl/doc/crypto/des.pod358
-rw-r--r--crypto/openssl/doc/crypto/des_modes.pod255
-rw-r--r--crypto/openssl/doc/crypto/dh.pod78
-rw-r--r--crypto/openssl/doc/crypto/dsa.pod114
-rw-r--r--crypto/openssl/doc/crypto/ecdsa.pod210
-rw-r--r--crypto/openssl/doc/crypto/engine.pod599
-rw-r--r--crypto/openssl/doc/crypto/err.pod187
-rw-r--r--crypto/openssl/doc/crypto/evp.pod45
-rw-r--r--crypto/openssl/doc/crypto/hmac.pod102
-rw-r--r--crypto/openssl/doc/crypto/lh_stats.pod60
-rw-r--r--crypto/openssl/doc/crypto/lhash.pod294
-rw-r--r--crypto/openssl/doc/crypto/md5.pod101
-rw-r--r--crypto/openssl/doc/crypto/mdc2.pod64
-rw-r--r--crypto/openssl/doc/crypto/pem.pod476
-rw-r--r--crypto/openssl/doc/crypto/rand.pod175
-rw-r--r--crypto/openssl/doc/crypto/rc4.pod62
-rw-r--r--crypto/openssl/doc/crypto/ripemd.pod66
-rw-r--r--crypto/openssl/doc/crypto/rsa.pod123
-rw-r--r--crypto/openssl/doc/crypto/sha.pod70
-rw-r--r--crypto/openssl/doc/crypto/threads.pod175
-rw-r--r--crypto/openssl/doc/crypto/ui.pod194
-rw-r--r--crypto/openssl/doc/crypto/ui_compat.pod55
-rw-r--r--crypto/openssl/doc/crypto/x509.pod64
-rw-r--r--crypto/openssl/doc/fingerprints.txt57
-rw-r--r--crypto/openssl/doc/openssl-shared.txt32
-rw-r--r--crypto/openssl/doc/openssl.txt1254
-rw-r--r--crypto/openssl/doc/openssl_button.gifbin2063 -> 0 bytes
-rw-r--r--crypto/openssl/doc/openssl_button.html7
-rw-r--r--crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod112
-rw-r--r--crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod70
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod39
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_add_session.pod73
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod34
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_flush_sessions.pod49
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_free.pod41
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod53
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_get_verify_mode.pod50
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod124
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_new.pod94
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_sess_number.pod76
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod51
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod87
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_sessions.pod34
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod57
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod75
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod70
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod94
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod94
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod76
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_generate_session_id.pod150
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod153
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod77
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod81
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod99
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_options.pod235
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod63
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod137
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod83
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod61
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod59
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod170
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod166
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod294
-rw-r--r--crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod169
-rw-r--r--crypto/openssl/doc/ssl/SSL_SESSION_free.pod55
-rw-r--r--crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod61
-rw-r--r--crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod64
-rw-r--r--crypto/openssl/doc/ssl/SSL_accept.pod76
-rw-r--r--crypto/openssl/doc/ssl/SSL_alert_type_string.pod228
-rw-r--r--crypto/openssl/doc/ssl/SSL_clear.pod69
-rw-r--r--crypto/openssl/doc/ssl/SSL_connect.pod73
-rw-r--r--crypto/openssl/doc/ssl/SSL_do_handshake.pod75
-rw-r--r--crypto/openssl/doc/ssl/SSL_free.pod44
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod26
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_ciphers.pod42
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod53
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_current_cipher.pod43
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_default_timeout.pod41
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_error.pod114
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod61
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod59
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_fd.pod44
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_peer_cert_chain.pod52
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod55
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_rbio.pod40
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_session.pod73
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_verify_result.pod57
-rw-r--r--crypto/openssl/doc/ssl/SSL_get_version.pod46
-rw-r--r--crypto/openssl/doc/ssl/SSL_library_init.pod52
-rw-r--r--crypto/openssl/doc/ssl/SSL_load_client_CA_file.pod62
-rw-r--r--crypto/openssl/doc/ssl/SSL_new.pod44
-rw-r--r--crypto/openssl/doc/ssl/SSL_pending.pod43
-rw-r--r--crypto/openssl/doc/ssl/SSL_read.pod118
-rw-r--r--crypto/openssl/doc/ssl/SSL_rstate_string.pod59
-rw-r--r--crypto/openssl/doc/ssl/SSL_session_reused.pod45
-rw-r--r--crypto/openssl/doc/ssl/SSL_set_bio.pod34
-rw-r--r--crypto/openssl/doc/ssl/SSL_set_connect_state.pod55
-rw-r--r--crypto/openssl/doc/ssl/SSL_set_fd.pod54
-rw-r--r--crypto/openssl/doc/ssl/SSL_set_session.pod57
-rw-r--r--crypto/openssl/doc/ssl/SSL_set_shutdown.pod72
-rw-r--r--crypto/openssl/doc/ssl/SSL_set_verify_result.pod38
-rw-r--r--crypto/openssl/doc/ssl/SSL_shutdown.pod125
-rw-r--r--crypto/openssl/doc/ssl/SSL_state_string.pod45
-rw-r--r--crypto/openssl/doc/ssl/SSL_want.pod77
-rw-r--r--crypto/openssl/doc/ssl/SSL_write.pod109
-rw-r--r--crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod66
-rw-r--r--crypto/openssl/doc/ssl/ssl.pod736
-rw-r--r--crypto/openssl/doc/ssleay.txt7030
-rw-r--r--crypto/openssl/doc/standards.txt272
-rw-r--r--crypto/openssl/e_os.h665
-rw-r--r--crypto/openssl/e_os2.h279
-rw-r--r--crypto/openssl/engines/Makefile249
-rw-r--r--crypto/openssl/engines/axp.opt1
-rw-r--r--crypto/openssl/engines/e_4758cca.c994
-rw-r--r--crypto/openssl/engines/e_4758cca.ec1
-rw-r--r--crypto/openssl/engines/e_4758cca_err.c153
-rw-r--r--crypto/openssl/engines/e_4758cca_err.h93
-rw-r--r--crypto/openssl/engines/e_aep.c1137
-rw-r--r--crypto/openssl/engines/e_aep.ec1
-rw-r--r--crypto/openssl/engines/e_aep_err.c161
-rw-r--r--crypto/openssl/engines/e_aep_err.h101
-rw-r--r--crypto/openssl/engines/e_atalla.c607
-rw-r--r--crypto/openssl/engines/e_atalla.ec1
-rw-r--r--crypto/openssl/engines/e_atalla_err.c149
-rw-r--r--crypto/openssl/engines/e_atalla_err.h89
-rw-r--r--crypto/openssl/engines/e_chil.c1374
-rw-r--r--crypto/openssl/engines/e_chil.ec1
-rw-r--r--crypto/openssl/engines/e_chil_err.c161
-rw-r--r--crypto/openssl/engines/e_chil_err.h101
-rw-r--r--crypto/openssl/engines/e_cswift.c1131
-rw-r--r--crypto/openssl/engines/e_cswift.ec1
-rw-r--r--crypto/openssl/engines/e_cswift_err.c154
-rw-r--r--crypto/openssl/engines/e_cswift_err.h94
-rw-r--r--crypto/openssl/engines/e_gmp.c435
-rw-r--r--crypto/openssl/engines/e_gmp.ec1
-rw-r--r--crypto/openssl/engines/e_gmp_err.c141
-rw-r--r--crypto/openssl/engines/e_gmp_err.h81
-rw-r--r--crypto/openssl/engines/e_nuron.c434
-rw-r--r--crypto/openssl/engines/e_nuron.ec1
-rw-r--r--crypto/openssl/engines/e_nuron_err.c146
-rw-r--r--crypto/openssl/engines/e_nuron_err.h86
-rw-r--r--crypto/openssl/engines/e_sureware.c1057
-rw-r--r--crypto/openssl/engines/e_sureware.ec1
-rw-r--r--crypto/openssl/engines/e_sureware_err.c158
-rw-r--r--crypto/openssl/engines/e_sureware_err.h98
-rw-r--r--crypto/openssl/engines/e_ubsec.c1070
-rw-r--r--crypto/openssl/engines/e_ubsec.ec1
-rw-r--r--crypto/openssl/engines/e_ubsec_err.c157
-rw-r--r--crypto/openssl/engines/e_ubsec_err.h97
-rw-r--r--crypto/openssl/engines/engine_vector.mar24
-rw-r--r--crypto/openssl/engines/vax.opt9
-rw-r--r--crypto/openssl/engines/vendor_defns/aep.h178
-rw-r--r--crypto/openssl/engines/vendor_defns/atalla.h48
-rw-r--r--crypto/openssl/engines/vendor_defns/cswift.h234
-rw-r--r--crypto/openssl/engines/vendor_defns/hw_4758_cca.h149
-rw-r--r--crypto/openssl/engines/vendor_defns/hw_ubsec.h100
-rw-r--r--crypto/openssl/engines/vendor_defns/hwcryptohook.h486
-rw-r--r--crypto/openssl/engines/vendor_defns/sureware.h239
-rw-r--r--crypto/openssl/openssl.doxy7
-rw-r--r--crypto/openssl/openssl.spec209
-rw-r--r--crypto/openssl/shlib/README1
-rw-r--r--crypto/openssl/ssl/Makefile970
-rw-r--r--crypto/openssl/ssl/bio_ssl.c598
-rw-r--r--crypto/openssl/ssl/d1_both.c1191
-rw-r--r--crypto/openssl/ssl/d1_clnt.c1143
-rw-r--r--crypto/openssl/ssl/d1_enc.c281
-rw-r--r--crypto/openssl/ssl/d1_lib.c190
-rw-r--r--crypto/openssl/ssl/d1_meth.c77
-rw-r--r--crypto/openssl/ssl/d1_pkt.c1772
-rw-r--r--crypto/openssl/ssl/d1_srvr.c1130
-rw-r--r--crypto/openssl/ssl/dtls1.h211
-rw-r--r--crypto/openssl/ssl/kssl.c2203
-rw-r--r--crypto/openssl/ssl/kssl.h179
-rw-r--r--crypto/openssl/ssl/kssl_lcl.h87
-rw-r--r--crypto/openssl/ssl/s23_clnt.c581
-rw-r--r--crypto/openssl/ssl/s23_lib.c198
-rw-r--r--crypto/openssl/ssl/s23_meth.c88
-rw-r--r--crypto/openssl/ssl/s23_pkt.c117
-rw-r--r--crypto/openssl/ssl/s23_srvr.c572
-rw-r--r--crypto/openssl/ssl/s2_clnt.c1123
-rw-r--r--crypto/openssl/ssl/s2_enc.c194
-rw-r--r--crypto/openssl/ssl/s2_lib.c478
-rw-r--r--crypto/openssl/ssl/s2_meth.c84
-rw-r--r--crypto/openssl/ssl/s2_pkt.c737
-rw-r--r--crypto/openssl/ssl/s2_srvr.c1143
-rw-r--r--crypto/openssl/ssl/s3_both.c622
-rw-r--r--crypto/openssl/ssl/s3_clnt.c2458
-rw-r--r--crypto/openssl/ssl/s3_enc.c720
-rw-r--r--crypto/openssl/ssl/s3_lib.c2406
-rw-r--r--crypto/openssl/ssl/s3_meth.c77
-rw-r--r--crypto/openssl/ssl/s3_pkt.c1311
-rw-r--r--crypto/openssl/ssl/s3_srvr.c2618
-rw-r--r--crypto/openssl/ssl/ssl.h1961
-rw-r--r--crypto/openssl/ssl/ssl2.h268
-rw-r--r--crypto/openssl/ssl/ssl23.h83
-rw-r--r--crypto/openssl/ssl/ssl3.h555
-rw-r--r--crypto/openssl/ssl/ssl_algs.c131
-rw-r--r--crypto/openssl/ssl/ssl_asn1.c398
-rw-r--r--crypto/openssl/ssl/ssl_cert.c829
-rw-r--r--crypto/openssl/ssl/ssl_ciph.c1365
-rw-r--r--crypto/openssl/ssl/ssl_err.c498
-rw-r--r--crypto/openssl/ssl/ssl_err2.c70
-rw-r--r--crypto/openssl/ssl/ssl_lib.c2590
-rw-r--r--crypto/openssl/ssl/ssl_locl.h950
-rw-r--r--crypto/openssl/ssl/ssl_rsa.c777
-rw-r--r--crypto/openssl/ssl/ssl_sess.c836
-rw-r--r--crypto/openssl/ssl/ssl_stat.c502
-rw-r--r--crypto/openssl/ssl/ssl_task.c369
-rw-r--r--crypto/openssl/ssl/ssl_txt.c188
-rw-r--r--crypto/openssl/ssl/ssltest.c2294
-rw-r--r--crypto/openssl/ssl/t1_clnt.c79
-rw-r--r--crypto/openssl/ssl/t1_enc.c840
-rw-r--r--crypto/openssl/ssl/t1_lib.c119
-rw-r--r--crypto/openssl/ssl/t1_meth.c76
-rw-r--r--crypto/openssl/ssl/t1_srvr.c80
-rw-r--r--crypto/openssl/ssl/tls1.h305
-rw-r--r--crypto/openssl/test/CAss.cnf76
-rw-r--r--crypto/openssl/test/CAssdh.cnf24
-rw-r--r--crypto/openssl/test/CAssdsa.cnf23
-rw-r--r--crypto/openssl/test/CAssrsa.cnf24
-rw-r--r--crypto/openssl/test/Makefile627
-rw-r--r--crypto/openssl/test/P1ss.cnf37
-rw-r--r--crypto/openssl/test/P2ss.cnf45
-rw-r--r--crypto/openssl/test/Sssdsa.cnf27
-rw-r--r--crypto/openssl/test/Sssrsa.cnf26
-rw-r--r--crypto/openssl/test/Uss.cnf36
-rw-r--r--crypto/openssl/test/VMSca-response.11
-rw-r--r--crypto/openssl/test/VMSca-response.22
-rwxr-xr-xcrypto/openssl/test/bctest111
-rw-r--r--crypto/openssl/test/dummytest.c48
-rw-r--r--crypto/openssl/test/evptests.txt312
-rw-r--r--crypto/openssl/test/igetest.c486
-rw-r--r--crypto/openssl/test/methtest.c105
-rw-r--r--crypto/openssl/test/pkcs7-1.pem15
-rw-r--r--crypto/openssl/test/pkcs7.pem54
-rw-r--r--crypto/openssl/test/r160test.c57
-rw-r--r--crypto/openssl/test/tcrl78
-rw-r--r--crypto/openssl/test/test.cnf88
-rw-r--r--crypto/openssl/test/testca51
-rw-r--r--crypto/openssl/test/testcrl.pem16
-rw-r--r--crypto/openssl/test/testenc54
-rw-r--r--crypto/openssl/test/testfipsssl113
-rw-r--r--crypto/openssl/test/testgen44
-rw-r--r--crypto/openssl/test/testp7.pem46
-rw-r--r--crypto/openssl/test/testreq2.pem7
-rw-r--r--crypto/openssl/test/testrsa.pem9
-rw-r--r--crypto/openssl/test/testsid.pem12
-rw-r--r--crypto/openssl/test/testss163
-rw-r--r--crypto/openssl/test/testssl145
-rw-r--r--crypto/openssl/test/testsslproxy10
-rw-r--r--crypto/openssl/test/testx509.pem10
-rw-r--r--crypto/openssl/test/times113
-rw-r--r--crypto/openssl/test/tpkcs748
-rw-r--r--crypto/openssl/test/tpkcs7d41
-rw-r--r--crypto/openssl/test/treq83
-rw-r--r--crypto/openssl/test/trsa83
-rw-r--r--crypto/openssl/test/tsid78
-rw-r--r--crypto/openssl/test/tx50978
-rw-r--r--crypto/openssl/test/v3-cert1.pem16
-rw-r--r--crypto/openssl/test/v3-cert2.pem16
-rw-r--r--crypto/openssl/times/090/586-100.nt32
-rw-r--r--crypto/openssl/times/091/486-50.nt30
-rw-r--r--crypto/openssl/times/091/586-100.lnx32
-rw-r--r--crypto/openssl/times/091/68000.bsd32
-rw-r--r--crypto/openssl/times/091/686-200.lnx32
-rw-r--r--crypto/openssl/times/091/alpha064.osf32
-rw-r--r--crypto/openssl/times/091/alpha164.lnx32
-rw-r--r--crypto/openssl/times/091/alpha164.osf31
-rw-r--r--crypto/openssl/times/091/mips-rel.pl21
-rw-r--r--crypto/openssl/times/091/r10000.irx37
-rw-r--r--crypto/openssl/times/091/r3000.ult32
-rw-r--r--crypto/openssl/times/091/r4400.irx32
-rw-r--r--crypto/openssl/times/100.lnx32
-rw-r--r--crypto/openssl/times/100.nt29
-rw-r--r--crypto/openssl/times/200.lnx30
-rw-r--r--crypto/openssl/times/486-66.dos22
-rw-r--r--crypto/openssl/times/486-66.nt22
-rw-r--r--crypto/openssl/times/486-66.w3123
-rw-r--r--crypto/openssl/times/5.lnx29
-rw-r--r--crypto/openssl/times/586-085i.nt29
-rw-r--r--crypto/openssl/times/586-100.LN326
-rw-r--r--crypto/openssl/times/586-100.NT226
-rw-r--r--crypto/openssl/times/586-100.dos24
-rw-r--r--crypto/openssl/times/586-100.ln426
-rw-r--r--crypto/openssl/times/586-100.lnx23
-rw-r--r--crypto/openssl/times/586-100.nt23
-rw-r--r--crypto/openssl/times/586-100.ntx30
-rw-r--r--crypto/openssl/times/586-100.w3127
-rw-r--r--crypto/openssl/times/586-1002.lnx26
-rw-r--r--crypto/openssl/times/586p-100.lnx26
-rw-r--r--crypto/openssl/times/686-200.bsd25
-rw-r--r--crypto/openssl/times/686-200.lnx26
-rw-r--r--crypto/openssl/times/686-200.nt24
-rw-r--r--crypto/openssl/times/L127
-rw-r--r--crypto/openssl/times/R10000.t24
-rw-r--r--crypto/openssl/times/R4400.t26
-rw-r--r--crypto/openssl/times/aix.t34
-rw-r--r--crypto/openssl/times/aixold.t23
-rw-r--r--crypto/openssl/times/alpha.t81
-rw-r--r--crypto/openssl/times/alpha400.t25
-rw-r--r--crypto/openssl/times/cyrix100.lnx22
-rw-r--r--crypto/openssl/times/dgux-x86.t23
-rw-r--r--crypto/openssl/times/dgux.t17
-rw-r--r--crypto/openssl/times/hpux-acc.t25
-rw-r--r--crypto/openssl/times/hpux-kr.t23
-rw-r--r--crypto/openssl/times/hpux.t86
-rw-r--r--crypto/openssl/times/p2.w9522
-rw-r--r--crypto/openssl/times/pent2.t24
-rw-r--r--crypto/openssl/times/readme11
-rw-r--r--crypto/openssl/times/s586-100.lnx25
-rw-r--r--crypto/openssl/times/s586-100.nt23
-rw-r--r--crypto/openssl/times/sgi.t29
-rw-r--r--crypto/openssl/times/sparc.t26
-rw-r--r--crypto/openssl/times/sparc221
-rw-r--r--crypto/openssl/times/sparcLX.t22
-rw-r--r--crypto/openssl/times/usparc.t25
-rw-r--r--crypto/openssl/times/x86/bfs.cpp67
-rw-r--r--crypto/openssl/times/x86/casts.cpp67
-rw-r--r--crypto/openssl/times/x86/des3s.cpp67
-rw-r--r--crypto/openssl/times/x86/dess.cpp67
-rw-r--r--crypto/openssl/times/x86/md4s.cpp78
-rw-r--r--crypto/openssl/times/x86/md5s.cpp78
-rw-r--r--crypto/openssl/times/x86/rc4s.cpp73
-rw-r--r--crypto/openssl/times/x86/sha1s.cpp79
-rw-r--r--crypto/openssl/tools/Makefile58
-rwxr-xr-xcrypto/openssl/tools/c89.sh15
-rw-r--r--crypto/openssl/tools/c_hash9
-rw-r--r--crypto/openssl/tools/c_info12
-rw-r--r--crypto/openssl/tools/c_issuer10
-rw-r--r--crypto/openssl/tools/c_name10
-rw-r--r--crypto/openssl/tools/c_rehash160
-rw-r--r--crypto/openssl/tools/c_rehash.in160
-rwxr-xr-xcrypto/openssl/util/FreeBSD.sh6
-rwxr-xr-xcrypto/openssl/util/add_cr.pl123
-rwxr-xr-xcrypto/openssl/util/bat.sh134
-rwxr-xr-xcrypto/openssl/util/ck_errf.pl50
-rwxr-xr-xcrypto/openssl/util/clean-depend.pl54
-rw-r--r--crypto/openssl/util/copy.pl59
-rwxr-xr-xcrypto/openssl/util/deleof.pl7
-rw-r--r--crypto/openssl/util/dirname.pl18
-rwxr-xr-xcrypto/openssl/util/do_ms.sh19
-rwxr-xr-xcrypto/openssl/util/domd34
-rwxr-xr-xcrypto/openssl/util/err-ins.pl33
-rw-r--r--crypto/openssl/util/extract-names.pl26
-rw-r--r--crypto/openssl/util/extract-section.pl12
-rwxr-xr-xcrypto/openssl/util/files.pl61
-rwxr-xr-xcrypto/openssl/util/fixNT.sh14
-rwxr-xr-xcrypto/openssl/util/install.sh108
-rwxr-xr-xcrypto/openssl/util/libeay.num3512
-rwxr-xr-xcrypto/openssl/util/mk1mf.pl1092
-rwxr-xr-xcrypto/openssl/util/mkcerts.sh220
-rwxr-xr-xcrypto/openssl/util/mkdef.pl1447
-rwxr-xr-xcrypto/openssl/util/mkdir-p.pl34
-rw-r--r--crypto/openssl/util/mkerr.pl714
-rwxr-xr-xcrypto/openssl/util/mkfiles.pl123
-rwxr-xr-xcrypto/openssl/util/mklink.pl72
-rwxr-xr-xcrypto/openssl/util/mkstack.pl126
-rwxr-xr-xcrypto/openssl/util/opensslwrap.sh22
-rwxr-xr-xcrypto/openssl/util/perlpath.pl35
-rw-r--r--crypto/openssl/util/pl/BC-16.pl151
-rw-r--r--crypto/openssl/util/pl/BC-32.pl139
-rw-r--r--crypto/openssl/util/pl/Mingw32.pl106
-rw-r--r--crypto/openssl/util/pl/OS2-EMX.pl120
-rw-r--r--crypto/openssl/util/pl/VC-16.pl177
-rw-r--r--crypto/openssl/util/pl/VC-32.pl298
-rw-r--r--crypto/openssl/util/pl/VC-CE.pl116
-rw-r--r--crypto/openssl/util/pl/linux.pl104
-rw-r--r--crypto/openssl/util/pl/netware.pl341
-rw-r--r--crypto/openssl/util/pl/ultrix.pl38
-rw-r--r--crypto/openssl/util/pl/unix.pl96
-rwxr-xr-xcrypto/openssl/util/pod2man.pl1184
-rwxr-xr-xcrypto/openssl/util/pod2mantest58
-rw-r--r--crypto/openssl/util/pod2mantest.pod15
-rwxr-xr-xcrypto/openssl/util/point.sh10
-rw-r--r--crypto/openssl/util/selftest.pl201
-rwxr-xr-xcrypto/openssl/util/shlib_wrap.sh70
-rwxr-xr-xcrypto/openssl/util/sp-diff.pl80
-rwxr-xr-xcrypto/openssl/util/speed.sh39
-rwxr-xr-xcrypto/openssl/util/src-dep.pl147
-rwxr-xr-xcrypto/openssl/util/ssleay.num240
-rwxr-xr-xcrypto/openssl/util/tab_num.pl17
-rwxr-xr-xcrypto/openssl/util/x86asm.sh42
-rw-r--r--crypto/opensslconf.h (renamed from crypto/openssl/crypto/opensslconf.h)0
-rw-r--r--crypto/opensslconf.h.in (renamed from crypto/openssl/crypto/opensslconf.h.in)0
-rw-r--r--crypto/opensslv.h (renamed from crypto/openssl/crypto/opensslv.h)0
-rw-r--r--crypto/ossl_typ.h (renamed from crypto/openssl/crypto/ossl_typ.h)0
-rw-r--r--crypto/pem/Makefile (renamed from crypto/openssl/crypto/pem/Makefile)0
-rw-r--r--crypto/pem/message (renamed from crypto/openssl/crypto/pem/message)0
-rw-r--r--crypto/pem/pem.h (renamed from crypto/openssl/crypto/pem/pem.h)0
-rw-r--r--crypto/pem/pem2.h (renamed from crypto/openssl/crypto/pem/pem2.h)0
-rw-r--r--crypto/pem/pem_all.c (renamed from crypto/openssl/crypto/pem/pem_all.c)0
-rw-r--r--crypto/pem/pem_err.c (renamed from crypto/openssl/crypto/pem/pem_err.c)0
-rw-r--r--crypto/pem/pem_info.c (renamed from crypto/openssl/crypto/pem/pem_info.c)0
-rw-r--r--crypto/pem/pem_lib.c (renamed from crypto/openssl/crypto/pem/pem_lib.c)0
-rw-r--r--crypto/pem/pem_oth.c (renamed from crypto/openssl/crypto/pem/pem_oth.c)0
-rw-r--r--crypto/pem/pem_pk8.c (renamed from crypto/openssl/crypto/pem/pem_pk8.c)0
-rw-r--r--crypto/pem/pem_pkey.c (renamed from crypto/openssl/crypto/pem/pem_pkey.c)0
-rw-r--r--crypto/pem/pem_seal.c (renamed from crypto/openssl/crypto/pem/pem_seal.c)0
-rw-r--r--crypto/pem/pem_sign.c (renamed from crypto/openssl/crypto/pem/pem_sign.c)0
-rw-r--r--crypto/pem/pem_x509.c (renamed from crypto/openssl/crypto/pem/pem_x509.c)0
-rw-r--r--crypto/pem/pem_xaux.c (renamed from crypto/openssl/crypto/pem/pem_xaux.c)0
-rw-r--r--crypto/pem/pkcs7.lis (renamed from crypto/openssl/crypto/pem/pkcs7.lis)0
-rw-r--r--crypto/perlasm/alpha.pl (renamed from crypto/openssl/crypto/perlasm/alpha.pl)0
-rw-r--r--crypto/perlasm/cbc.pl (renamed from crypto/openssl/crypto/perlasm/cbc.pl)0
-rw-r--r--crypto/perlasm/readme (renamed from crypto/openssl/crypto/perlasm/readme)0
-rwxr-xr-xcrypto/perlasm/x86_64-xlate.pl (renamed from crypto/openssl/crypto/perlasm/x86_64-xlate.pl)0
-rw-r--r--crypto/perlasm/x86asm.pl (renamed from crypto/openssl/crypto/perlasm/x86asm.pl)0
-rw-r--r--crypto/perlasm/x86ms.pl (renamed from crypto/openssl/crypto/perlasm/x86ms.pl)0
-rw-r--r--crypto/perlasm/x86nasm.pl (renamed from crypto/openssl/crypto/perlasm/x86nasm.pl)0
-rw-r--r--crypto/perlasm/x86unix.pl (renamed from crypto/openssl/crypto/perlasm/x86unix.pl)0
-rw-r--r--crypto/pkcs12/Makefile (renamed from crypto/openssl/crypto/pkcs12/Makefile)0
-rw-r--r--crypto/pkcs12/p12_add.c (renamed from crypto/openssl/crypto/pkcs12/p12_add.c)0
-rw-r--r--crypto/pkcs12/p12_asn.c (renamed from crypto/openssl/crypto/pkcs12/p12_asn.c)0
-rw-r--r--crypto/pkcs12/p12_attr.c (renamed from crypto/openssl/crypto/pkcs12/p12_attr.c)0
-rw-r--r--crypto/pkcs12/p12_crpt.c (renamed from crypto/openssl/crypto/pkcs12/p12_crpt.c)0
-rw-r--r--crypto/pkcs12/p12_crt.c (renamed from crypto/openssl/crypto/pkcs12/p12_crt.c)0
-rw-r--r--crypto/pkcs12/p12_decr.c (renamed from crypto/openssl/crypto/pkcs12/p12_decr.c)0
-rw-r--r--crypto/pkcs12/p12_init.c (renamed from crypto/openssl/crypto/pkcs12/p12_init.c)0
-rw-r--r--crypto/pkcs12/p12_key.c (renamed from crypto/openssl/crypto/pkcs12/p12_key.c)0
-rw-r--r--crypto/pkcs12/p12_kiss.c (renamed from crypto/openssl/crypto/pkcs12/p12_kiss.c)0
-rw-r--r--crypto/pkcs12/p12_mutl.c (renamed from crypto/openssl/crypto/pkcs12/p12_mutl.c)0
-rw-r--r--crypto/pkcs12/p12_npas.c (renamed from crypto/openssl/crypto/pkcs12/p12_npas.c)0
-rw-r--r--crypto/pkcs12/p12_p8d.c (renamed from crypto/openssl/crypto/pkcs12/p12_p8d.c)0
-rw-r--r--crypto/pkcs12/p12_p8e.c (renamed from crypto/openssl/crypto/pkcs12/p12_p8e.c)0
-rw-r--r--crypto/pkcs12/p12_utl.c (renamed from crypto/openssl/crypto/pkcs12/p12_utl.c)0
-rw-r--r--crypto/pkcs12/pk12err.c (renamed from crypto/openssl/crypto/pkcs12/pk12err.c)0
-rw-r--r--crypto/pkcs12/pkcs12.h (renamed from crypto/openssl/crypto/pkcs12/pkcs12.h)0
-rw-r--r--crypto/pkcs7/Makefile (renamed from crypto/openssl/crypto/pkcs7/Makefile)0
-rw-r--r--crypto/pkcs7/bio_ber.c (renamed from crypto/openssl/crypto/pkcs7/bio_ber.c)0
-rw-r--r--crypto/pkcs7/dec.c (renamed from crypto/openssl/crypto/pkcs7/dec.c)0
-rw-r--r--crypto/pkcs7/des.pem (renamed from crypto/openssl/crypto/pkcs7/des.pem)0
-rw-r--r--crypto/pkcs7/doc (renamed from crypto/openssl/crypto/pkcs7/doc)0
-rw-r--r--crypto/pkcs7/enc.c (renamed from crypto/openssl/crypto/pkcs7/enc.c)0
-rw-r--r--crypto/pkcs7/es1.pem (renamed from crypto/openssl/crypto/pkcs7/es1.pem)0
-rw-r--r--crypto/pkcs7/example.c (renamed from crypto/openssl/crypto/pkcs7/example.c)0
-rw-r--r--crypto/pkcs7/example.h (renamed from crypto/openssl/crypto/pkcs7/example.h)0
-rw-r--r--crypto/pkcs7/info.pem (renamed from crypto/openssl/crypto/pkcs7/info.pem)0
-rw-r--r--crypto/pkcs7/infokey.pem (renamed from crypto/openssl/crypto/pkcs7/infokey.pem)0
-rw-r--r--crypto/pkcs7/p7/a1 (renamed from crypto/openssl/crypto/pkcs7/p7/a1)0
-rw-r--r--crypto/pkcs7/p7/a2 (renamed from crypto/openssl/crypto/pkcs7/p7/a2)0
-rw-r--r--crypto/pkcs7/p7/cert.p7c (renamed from crypto/openssl/crypto/pkcs7/p7/cert.p7c)bin1728 -> 1728 bytes
-rw-r--r--crypto/pkcs7/p7/smime.p7m (renamed from crypto/openssl/crypto/pkcs7/p7/smime.p7m)bin4894 -> 4894 bytes
-rw-r--r--crypto/pkcs7/p7/smime.p7s (renamed from crypto/openssl/crypto/pkcs7/p7/smime.p7s)bin2625 -> 2625 bytes
-rw-r--r--crypto/pkcs7/pk7_asn1.c (renamed from crypto/openssl/crypto/pkcs7/pk7_asn1.c)0
-rw-r--r--crypto/pkcs7/pk7_attr.c (renamed from crypto/openssl/crypto/pkcs7/pk7_attr.c)0
-rw-r--r--crypto/pkcs7/pk7_dgst.c (renamed from crypto/openssl/crypto/pkcs7/pk7_dgst.c)0
-rw-r--r--crypto/pkcs7/pk7_doit.c (renamed from crypto/openssl/crypto/pkcs7/pk7_doit.c)0
-rw-r--r--crypto/pkcs7/pk7_enc.c (renamed from crypto/openssl/crypto/pkcs7/pk7_enc.c)0
-rw-r--r--crypto/pkcs7/pk7_lib.c (renamed from crypto/openssl/crypto/pkcs7/pk7_lib.c)0
-rw-r--r--crypto/pkcs7/pk7_mime.c (renamed from crypto/openssl/crypto/pkcs7/pk7_mime.c)0
-rw-r--r--crypto/pkcs7/pk7_smime.c (renamed from crypto/openssl/crypto/pkcs7/pk7_smime.c)0
-rw-r--r--crypto/pkcs7/pkcs7.h (renamed from crypto/openssl/crypto/pkcs7/pkcs7.h)0
-rw-r--r--crypto/pkcs7/pkcs7err.c (renamed from crypto/openssl/crypto/pkcs7/pkcs7err.c)0
-rw-r--r--crypto/pkcs7/server.pem (renamed from crypto/openssl/crypto/pkcs7/server.pem)0
-rw-r--r--crypto/pkcs7/sign.c (renamed from crypto/openssl/crypto/pkcs7/sign.c)0
-rw-r--r--crypto/pkcs7/t/3des.pem (renamed from crypto/openssl/crypto/pkcs7/t/3des.pem)0
-rw-r--r--crypto/pkcs7/t/3dess.pem (renamed from crypto/openssl/crypto/pkcs7/t/3dess.pem)0
-rw-r--r--crypto/pkcs7/t/c.pem (renamed from crypto/openssl/crypto/pkcs7/t/c.pem)0
-rw-r--r--crypto/pkcs7/t/ff (renamed from crypto/openssl/crypto/pkcs7/t/ff)0
-rw-r--r--crypto/pkcs7/t/msie-e (renamed from crypto/openssl/crypto/pkcs7/t/msie-e)0
-rw-r--r--crypto/pkcs7/t/msie-e.pem (renamed from crypto/openssl/crypto/pkcs7/t/msie-e.pem)0
-rw-r--r--crypto/pkcs7/t/msie-enc-01 (renamed from crypto/openssl/crypto/pkcs7/t/msie-enc-01)0
-rw-r--r--crypto/pkcs7/t/msie-enc-01.pem (renamed from crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem)0
-rw-r--r--crypto/pkcs7/t/msie-enc-02 (renamed from crypto/openssl/crypto/pkcs7/t/msie-enc-02)0
-rw-r--r--crypto/pkcs7/t/msie-enc-02.pem (renamed from crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem)0
-rw-r--r--crypto/pkcs7/t/msie-s-a-e (renamed from crypto/openssl/crypto/pkcs7/t/msie-s-a-e)0
-rw-r--r--crypto/pkcs7/t/msie-s-a-e.pem (renamed from crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem)0
-rw-r--r--crypto/pkcs7/t/nav-smime (renamed from crypto/openssl/crypto/pkcs7/t/nav-smime)0
-rw-r--r--crypto/pkcs7/t/s.pem (renamed from crypto/openssl/crypto/pkcs7/t/s.pem)0
-rw-r--r--crypto/pkcs7/t/server.pem (renamed from crypto/openssl/crypto/pkcs7/t/server.pem)0
-rw-r--r--crypto/pkcs7/verify.c (renamed from crypto/openssl/crypto/pkcs7/verify.c)0
-rw-r--r--crypto/pqueue/Makefile (renamed from crypto/openssl/crypto/pqueue/Makefile)0
-rw-r--r--crypto/pqueue/pq_compat.h (renamed from crypto/openssl/crypto/pqueue/pq_compat.h)0
-rw-r--r--crypto/pqueue/pq_test.c (renamed from crypto/openssl/crypto/pqueue/pq_test.c)0
-rw-r--r--crypto/pqueue/pqueue.c (renamed from crypto/openssl/crypto/pqueue/pqueue.c)0
-rw-r--r--crypto/pqueue/pqueue.h (renamed from crypto/openssl/crypto/pqueue/pqueue.h)0
-rw-r--r--crypto/rand/Makefile (renamed from crypto/openssl/crypto/rand/Makefile)0
-rw-r--r--crypto/rand/md_rand.c (renamed from crypto/openssl/crypto/rand/md_rand.c)0
-rw-r--r--crypto/rand/rand.h (renamed from crypto/openssl/crypto/rand/rand.h)0
-rw-r--r--crypto/rand/rand_egd.c (renamed from crypto/openssl/crypto/rand/rand_egd.c)0
-rw-r--r--crypto/rand/rand_err.c (renamed from crypto/openssl/crypto/rand/rand_err.c)0
-rwxr-xr-xcrypto/rand/rand_lcl.h (renamed from crypto/openssl/crypto/rand/rand_lcl.h)0
-rw-r--r--crypto/rand/rand_lib.c (renamed from crypto/openssl/crypto/rand/rand_lib.c)0
-rw-r--r--crypto/rand/rand_nw.c (renamed from crypto/openssl/crypto/rand/rand_nw.c)0
-rw-r--r--crypto/rand/rand_os2.c (renamed from crypto/openssl/crypto/rand/rand_os2.c)0
-rw-r--r--crypto/rand/rand_unix.c (renamed from crypto/openssl/crypto/rand/rand_unix.c)0
-rw-r--r--crypto/rand/rand_vms.c (renamed from crypto/openssl/crypto/rand/rand_vms.c)0
-rw-r--r--crypto/rand/rand_win.c (renamed from crypto/openssl/crypto/rand/rand_win.c)0
-rw-r--r--crypto/rand/randfile.c (renamed from crypto/openssl/crypto/rand/randfile.c)0
-rw-r--r--crypto/rand/randtest.c (renamed from crypto/openssl/crypto/rand/randtest.c)0
-rw-r--r--crypto/rc2/Makefile (renamed from crypto/openssl/crypto/rc2/Makefile)0
-rw-r--r--crypto/rc2/rc2.h (renamed from crypto/openssl/crypto/rc2/rc2.h)0
-rw-r--r--crypto/rc2/rc2_cbc.c (renamed from crypto/openssl/crypto/rc2/rc2_cbc.c)0
-rw-r--r--crypto/rc2/rc2_ecb.c (renamed from crypto/openssl/crypto/rc2/rc2_ecb.c)0
-rw-r--r--crypto/rc2/rc2_locl.h (renamed from crypto/openssl/crypto/rc2/rc2_locl.h)0
-rw-r--r--crypto/rc2/rc2_skey.c (renamed from crypto/openssl/crypto/rc2/rc2_skey.c)0
-rw-r--r--crypto/rc2/rc2cfb64.c (renamed from crypto/openssl/crypto/rc2/rc2cfb64.c)0
-rw-r--r--crypto/rc2/rc2ofb64.c (renamed from crypto/openssl/crypto/rc2/rc2ofb64.c)0
-rw-r--r--crypto/rc2/rc2speed.c (renamed from crypto/openssl/crypto/rc2/rc2speed.c)0
-rw-r--r--crypto/rc2/rc2test.c (renamed from crypto/openssl/crypto/rc2/rc2test.c)0
-rw-r--r--crypto/rc2/rrc2.doc (renamed from crypto/openssl/crypto/rc2/rrc2.doc)0
-rw-r--r--crypto/rc2/tab.c (renamed from crypto/openssl/crypto/rc2/tab.c)0
-rw-r--r--crypto/rc2/version (renamed from crypto/openssl/crypto/rc2/version)0
-rw-r--r--crypto/rc4/Makefile (renamed from crypto/openssl/crypto/rc4/Makefile)0
-rw-r--r--crypto/rc4/asm/rc4-586.pl (renamed from crypto/openssl/crypto/rc4/asm/rc4-586.pl)0
-rw-r--r--crypto/rc4/asm/rc4-ia64.S (renamed from crypto/openssl/crypto/rc4/asm/rc4-ia64.S)0
-rwxr-xr-xcrypto/rc4/asm/rc4-x86_64.pl (renamed from crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl)0
-rw-r--r--crypto/rc4/rc4.c (renamed from crypto/openssl/crypto/rc4/rc4.c)0
-rw-r--r--crypto/rc4/rc4.h (renamed from crypto/openssl/crypto/rc4/rc4.h)0
-rw-r--r--crypto/rc4/rc4_enc.c (renamed from crypto/openssl/crypto/rc4/rc4_enc.c)0
-rw-r--r--crypto/rc4/rc4_locl.h (renamed from crypto/openssl/crypto/rc4/rc4_locl.h)0
-rw-r--r--crypto/rc4/rc4_skey.c (renamed from crypto/openssl/crypto/rc4/rc4_skey.c)0
-rw-r--r--crypto/rc4/rc4s.cpp (renamed from crypto/openssl/crypto/rc4/rc4s.cpp)0
-rw-r--r--crypto/rc4/rc4speed.c (renamed from crypto/openssl/crypto/rc4/rc4speed.c)0
-rw-r--r--crypto/rc4/rc4test.c (renamed from crypto/openssl/crypto/rc4/rc4test.c)0
-rw-r--r--crypto/rc4/rrc4.doc (renamed from crypto/openssl/crypto/rc4/rrc4.doc)0
-rw-r--r--crypto/rc5/Makefile (renamed from crypto/openssl/crypto/rc5/Makefile)0
-rw-r--r--crypto/rc5/asm/rc5-586.pl (renamed from crypto/openssl/crypto/rc5/asm/rc5-586.pl)0
-rw-r--r--crypto/rc5/rc5.h (renamed from crypto/openssl/crypto/rc5/rc5.h)0
-rw-r--r--crypto/rc5/rc5_ecb.c (renamed from crypto/openssl/crypto/rc5/rc5_ecb.c)0
-rw-r--r--crypto/rc5/rc5_enc.c (renamed from crypto/openssl/crypto/rc5/rc5_enc.c)0
-rw-r--r--crypto/rc5/rc5_locl.h (renamed from crypto/openssl/crypto/rc5/rc5_locl.h)0
-rw-r--r--crypto/rc5/rc5_skey.c (renamed from crypto/openssl/crypto/rc5/rc5_skey.c)0
-rw-r--r--crypto/rc5/rc5cfb64.c (renamed from crypto/openssl/crypto/rc5/rc5cfb64.c)0
-rw-r--r--crypto/rc5/rc5ofb64.c (renamed from crypto/openssl/crypto/rc5/rc5ofb64.c)0
-rw-r--r--crypto/rc5/rc5s.cpp (renamed from crypto/openssl/crypto/rc5/rc5s.cpp)0
-rw-r--r--crypto/rc5/rc5speed.c (renamed from crypto/openssl/crypto/rc5/rc5speed.c)0
-rw-r--r--crypto/rc5/rc5test.c (renamed from crypto/openssl/crypto/rc5/rc5test.c)0
-rw-r--r--crypto/ripemd/Makefile (renamed from crypto/openssl/crypto/ripemd/Makefile)0
-rw-r--r--crypto/ripemd/README (renamed from crypto/openssl/crypto/ripemd/README)0
-rw-r--r--crypto/ripemd/asm/rips.cpp (renamed from crypto/openssl/crypto/ripemd/asm/rips.cpp)0
-rw-r--r--crypto/ripemd/asm/rmd-586.pl (renamed from crypto/openssl/crypto/ripemd/asm/rmd-586.pl)0
-rw-r--r--crypto/ripemd/ripemd.h (renamed from crypto/openssl/crypto/ripemd/ripemd.h)0
-rw-r--r--crypto/ripemd/rmd160.c (renamed from crypto/openssl/crypto/ripemd/rmd160.c)0
-rw-r--r--crypto/ripemd/rmd_dgst.c (renamed from crypto/openssl/crypto/ripemd/rmd_dgst.c)0
-rw-r--r--crypto/ripemd/rmd_locl.h (renamed from crypto/openssl/crypto/ripemd/rmd_locl.h)0
-rw-r--r--crypto/ripemd/rmd_one.c (renamed from crypto/openssl/crypto/ripemd/rmd_one.c)0
-rw-r--r--crypto/ripemd/rmdconst.h (renamed from crypto/openssl/crypto/ripemd/rmdconst.h)0
-rw-r--r--crypto/ripemd/rmdtest.c (renamed from crypto/openssl/crypto/ripemd/rmdtest.c)0
-rw-r--r--crypto/rsa/Makefile (renamed from crypto/openssl/crypto/rsa/Makefile)0
-rw-r--r--crypto/rsa/rsa.h (renamed from crypto/openssl/crypto/rsa/rsa.h)0
-rw-r--r--crypto/rsa/rsa_asn1.c (renamed from crypto/openssl/crypto/rsa/rsa_asn1.c)0
-rw-r--r--crypto/rsa/rsa_chk.c (renamed from crypto/openssl/crypto/rsa/rsa_chk.c)0
-rw-r--r--crypto/rsa/rsa_depr.c (renamed from crypto/openssl/crypto/rsa/rsa_depr.c)0
-rw-r--r--crypto/rsa/rsa_eay.c (renamed from crypto/openssl/crypto/rsa/rsa_eay.c)0
-rw-r--r--crypto/rsa/rsa_err.c (renamed from crypto/openssl/crypto/rsa/rsa_err.c)0
-rw-r--r--crypto/rsa/rsa_gen.c (renamed from crypto/openssl/crypto/rsa/rsa_gen.c)0
-rw-r--r--crypto/rsa/rsa_lib.c (renamed from crypto/openssl/crypto/rsa/rsa_lib.c)0
-rw-r--r--crypto/rsa/rsa_none.c (renamed from crypto/openssl/crypto/rsa/rsa_none.c)0
-rw-r--r--crypto/rsa/rsa_null.c (renamed from crypto/openssl/crypto/rsa/rsa_null.c)0
-rw-r--r--crypto/rsa/rsa_oaep.c (renamed from crypto/openssl/crypto/rsa/rsa_oaep.c)0
-rw-r--r--crypto/rsa/rsa_pk1.c (renamed from crypto/openssl/crypto/rsa/rsa_pk1.c)0
-rw-r--r--crypto/rsa/rsa_pss.c (renamed from crypto/openssl/crypto/rsa/rsa_pss.c)0
-rw-r--r--crypto/rsa/rsa_saos.c (renamed from crypto/openssl/crypto/rsa/rsa_saos.c)0
-rw-r--r--crypto/rsa/rsa_sign.c (renamed from crypto/openssl/crypto/rsa/rsa_sign.c)0
-rw-r--r--crypto/rsa/rsa_ssl.c (renamed from crypto/openssl/crypto/rsa/rsa_ssl.c)0
-rw-r--r--crypto/rsa/rsa_test.c (renamed from crypto/openssl/crypto/rsa/rsa_test.c)0
-rw-r--r--crypto/rsa/rsa_x931.c (renamed from crypto/openssl/crypto/rsa/rsa_x931.c)0
-rw-r--r--crypto/sha/Makefile (renamed from crypto/openssl/crypto/sha/Makefile)0
-rw-r--r--crypto/sha/asm/README (renamed from crypto/openssl/crypto/sha/asm/README)0
-rw-r--r--crypto/sha/asm/sha1-586.pl (renamed from crypto/openssl/crypto/sha/asm/sha1-586.pl)0
-rw-r--r--crypto/sha/asm/sha1-ia64.pl (renamed from crypto/openssl/crypto/sha/asm/sha1-ia64.pl)0
-rwxr-xr-xcrypto/sha/asm/sha512-ia64.pl (renamed from crypto/openssl/crypto/sha/asm/sha512-ia64.pl)0
-rw-r--r--crypto/sha/asm/sha512-sse2.pl (renamed from crypto/openssl/crypto/sha/asm/sha512-sse2.pl)0
-rw-r--r--crypto/sha/sha.c (renamed from crypto/openssl/crypto/sha/sha.c)0
-rw-r--r--crypto/sha/sha.h (renamed from crypto/openssl/crypto/sha/sha.h)0
-rw-r--r--crypto/sha/sha1.c (renamed from crypto/openssl/crypto/sha/sha1.c)0
-rw-r--r--crypto/sha/sha1_one.c (renamed from crypto/openssl/crypto/sha/sha1_one.c)0
-rw-r--r--crypto/sha/sha1dgst.c (renamed from crypto/openssl/crypto/sha/sha1dgst.c)0
-rw-r--r--crypto/sha/sha1s.cpp (renamed from crypto/openssl/crypto/sha/sha1s.cpp)0
-rw-r--r--crypto/sha/sha1test.c (renamed from crypto/openssl/crypto/sha/sha1test.c)0
-rw-r--r--crypto/sha/sha256.c (renamed from crypto/openssl/crypto/sha/sha256.c)0
-rw-r--r--crypto/sha/sha256t.c (renamed from crypto/openssl/crypto/sha/sha256t.c)0
-rw-r--r--crypto/sha/sha512.c (renamed from crypto/openssl/crypto/sha/sha512.c)0
-rw-r--r--crypto/sha/sha512t.c (renamed from crypto/openssl/crypto/sha/sha512t.c)0
-rw-r--r--crypto/sha/sha_dgst.c (renamed from crypto/openssl/crypto/sha/sha_dgst.c)0
-rw-r--r--crypto/sha/sha_locl.h (renamed from crypto/openssl/crypto/sha/sha_locl.h)0
-rw-r--r--crypto/sha/sha_one.c (renamed from crypto/openssl/crypto/sha/sha_one.c)0
-rw-r--r--crypto/sha/shatest.c (renamed from crypto/openssl/crypto/sha/shatest.c)0
-rw-r--r--crypto/sparccpuid.S (renamed from crypto/openssl/crypto/sparccpuid.S)0
-rw-r--r--crypto/stack/Makefile (renamed from crypto/openssl/crypto/stack/Makefile)0
-rw-r--r--crypto/stack/safestack.h (renamed from crypto/openssl/crypto/stack/safestack.h)0
-rw-r--r--crypto/stack/stack.c (renamed from crypto/openssl/crypto/stack/stack.c)0
-rw-r--r--crypto/stack/stack.h (renamed from crypto/openssl/crypto/stack/stack.h)0
-rw-r--r--crypto/store/Makefile (renamed from crypto/openssl/crypto/store/Makefile)0
-rw-r--r--crypto/store/README (renamed from crypto/openssl/crypto/store/README)0
-rw-r--r--crypto/store/store.h (renamed from crypto/openssl/crypto/store/store.h)0
-rw-r--r--crypto/store/str_err.c (renamed from crypto/openssl/crypto/store/str_err.c)0
-rw-r--r--crypto/store/str_lib.c (renamed from crypto/openssl/crypto/store/str_lib.c)0
-rw-r--r--crypto/store/str_locl.h (renamed from crypto/openssl/crypto/store/str_locl.h)0
-rw-r--r--crypto/store/str_mem.c (renamed from crypto/openssl/crypto/store/str_mem.c)0
-rw-r--r--crypto/store/str_meth.c (renamed from crypto/openssl/crypto/store/str_meth.c)0
-rw-r--r--crypto/symhacks.h (renamed from crypto/openssl/crypto/symhacks.h)0
-rw-r--r--crypto/threads/README (renamed from crypto/openssl/crypto/threads/README)0
-rw-r--r--crypto/threads/mttest.c (renamed from crypto/openssl/crypto/threads/mttest.c)0
-rw-r--r--crypto/threads/profile.sh (renamed from crypto/openssl/crypto/threads/profile.sh)0
-rw-r--r--crypto/threads/pthread.sh (renamed from crypto/openssl/crypto/threads/pthread.sh)0
-rwxr-xr-xcrypto/threads/pthread2.sh (renamed from crypto/openssl/crypto/threads/pthread2.sh)0
-rw-r--r--crypto/threads/purify.sh (renamed from crypto/openssl/crypto/threads/purify.sh)0
-rw-r--r--crypto/threads/th-lock.c (renamed from crypto/openssl/crypto/threads/th-lock.c)0
-rw-r--r--crypto/tmdiff.c (renamed from crypto/openssl/crypto/tmdiff.c)0
-rw-r--r--crypto/tmdiff.h (renamed from crypto/openssl/crypto/tmdiff.h)0
-rw-r--r--crypto/txt_db/Makefile (renamed from crypto/openssl/crypto/txt_db/Makefile)0
-rw-r--r--crypto/txt_db/txt_db.c (renamed from crypto/openssl/crypto/txt_db/txt_db.c)0
-rw-r--r--crypto/txt_db/txt_db.h (renamed from crypto/openssl/crypto/txt_db/txt_db.h)0
-rw-r--r--crypto/ui/Makefile (renamed from crypto/openssl/crypto/ui/Makefile)0
-rw-r--r--crypto/ui/ui.h (renamed from crypto/openssl/crypto/ui/ui.h)0
-rw-r--r--crypto/ui/ui_compat.c (renamed from crypto/openssl/crypto/ui/ui_compat.c)0
-rw-r--r--crypto/ui/ui_compat.h (renamed from crypto/openssl/crypto/ui/ui_compat.h)0
-rw-r--r--crypto/ui/ui_err.c (renamed from crypto/openssl/crypto/ui/ui_err.c)0
-rw-r--r--crypto/ui/ui_lib.c (renamed from crypto/openssl/crypto/ui/ui_lib.c)0
-rw-r--r--crypto/ui/ui_locl.h (renamed from crypto/openssl/crypto/ui/ui_locl.h)0
-rw-r--r--crypto/ui/ui_openssl.c (renamed from crypto/openssl/crypto/ui/ui_openssl.c)0
-rw-r--r--crypto/ui/ui_util.c (renamed from crypto/openssl/crypto/ui/ui_util.c)0
-rw-r--r--crypto/uid.c (renamed from crypto/openssl/crypto/uid.c)0
-rw-r--r--crypto/x509/Makefile (renamed from crypto/openssl/crypto/x509/Makefile)0
-rw-r--r--crypto/x509/by_dir.c (renamed from crypto/openssl/crypto/x509/by_dir.c)0
-rw-r--r--crypto/x509/by_file.c (renamed from crypto/openssl/crypto/x509/by_file.c)0
-rw-r--r--crypto/x509/x509.h (renamed from crypto/openssl/crypto/x509/x509.h)0
-rw-r--r--crypto/x509/x509_att.c (renamed from crypto/openssl/crypto/x509/x509_att.c)0
-rw-r--r--crypto/x509/x509_cmp.c (renamed from crypto/openssl/crypto/x509/x509_cmp.c)0
-rw-r--r--crypto/x509/x509_d2.c (renamed from crypto/openssl/crypto/x509/x509_d2.c)0
-rw-r--r--crypto/x509/x509_def.c (renamed from crypto/openssl/crypto/x509/x509_def.c)0
-rw-r--r--crypto/x509/x509_err.c (renamed from crypto/openssl/crypto/x509/x509_err.c)0
-rw-r--r--crypto/x509/x509_ext.c (renamed from crypto/openssl/crypto/x509/x509_ext.c)0
-rw-r--r--crypto/x509/x509_lu.c (renamed from crypto/openssl/crypto/x509/x509_lu.c)0
-rw-r--r--crypto/x509/x509_obj.c (renamed from crypto/openssl/crypto/x509/x509_obj.c)0
-rw-r--r--crypto/x509/x509_r2x.c (renamed from crypto/openssl/crypto/x509/x509_r2x.c)0
-rw-r--r--crypto/x509/x509_req.c (renamed from crypto/openssl/crypto/x509/x509_req.c)0
-rw-r--r--crypto/x509/x509_set.c (renamed from crypto/openssl/crypto/x509/x509_set.c)0
-rw-r--r--crypto/x509/x509_trs.c (renamed from crypto/openssl/crypto/x509/x509_trs.c)0
-rw-r--r--crypto/x509/x509_txt.c (renamed from crypto/openssl/crypto/x509/x509_txt.c)0
-rw-r--r--crypto/x509/x509_v3.c (renamed from crypto/openssl/crypto/x509/x509_v3.c)0
-rw-r--r--crypto/x509/x509_vfy.c (renamed from crypto/openssl/crypto/x509/x509_vfy.c)0
-rw-r--r--crypto/x509/x509_vfy.h (renamed from crypto/openssl/crypto/x509/x509_vfy.h)0
-rw-r--r--crypto/x509/x509_vpm.c (renamed from crypto/openssl/crypto/x509/x509_vpm.c)0
-rw-r--r--crypto/x509/x509cset.c (renamed from crypto/openssl/crypto/x509/x509cset.c)0
-rw-r--r--crypto/x509/x509name.c (renamed from crypto/openssl/crypto/x509/x509name.c)0
-rw-r--r--crypto/x509/x509rset.c (renamed from crypto/openssl/crypto/x509/x509rset.c)0
-rw-r--r--crypto/x509/x509spki.c (renamed from crypto/openssl/crypto/x509/x509spki.c)0
-rw-r--r--crypto/x509/x509type.c (renamed from crypto/openssl/crypto/x509/x509type.c)0
-rw-r--r--crypto/x509/x_all.c (renamed from crypto/openssl/crypto/x509/x_all.c)0
-rw-r--r--crypto/x509v3/Makefile (renamed from crypto/openssl/crypto/x509v3/Makefile)0
-rw-r--r--crypto/x509v3/ext_dat.h (renamed from crypto/openssl/crypto/x509v3/ext_dat.h)0
-rw-r--r--crypto/x509v3/pcy_cache.c (renamed from crypto/openssl/crypto/x509v3/pcy_cache.c)0
-rw-r--r--crypto/x509v3/pcy_data.c (renamed from crypto/openssl/crypto/x509v3/pcy_data.c)0
-rw-r--r--crypto/x509v3/pcy_int.h (renamed from crypto/openssl/crypto/x509v3/pcy_int.h)0
-rw-r--r--crypto/x509v3/pcy_lib.c (renamed from crypto/openssl/crypto/x509v3/pcy_lib.c)0
-rw-r--r--crypto/x509v3/pcy_map.c (renamed from crypto/openssl/crypto/x509v3/pcy_map.c)0
-rw-r--r--crypto/x509v3/pcy_node.c (renamed from crypto/openssl/crypto/x509v3/pcy_node.c)0
-rw-r--r--crypto/x509v3/pcy_tree.c (renamed from crypto/openssl/crypto/x509v3/pcy_tree.c)0
-rw-r--r--crypto/x509v3/tabtest.c (renamed from crypto/openssl/crypto/x509v3/tabtest.c)0
-rw-r--r--crypto/x509v3/v3_addr.c (renamed from crypto/openssl/crypto/x509v3/v3_addr.c)0
-rw-r--r--crypto/x509v3/v3_akey.c (renamed from crypto/openssl/crypto/x509v3/v3_akey.c)0
-rw-r--r--crypto/x509v3/v3_akeya.c (renamed from crypto/openssl/crypto/x509v3/v3_akeya.c)0
-rw-r--r--crypto/x509v3/v3_alt.c (renamed from crypto/openssl/crypto/x509v3/v3_alt.c)0
-rw-r--r--crypto/x509v3/v3_asid.c (renamed from crypto/openssl/crypto/x509v3/v3_asid.c)0
-rw-r--r--crypto/x509v3/v3_bcons.c (renamed from crypto/openssl/crypto/x509v3/v3_bcons.c)0
-rw-r--r--crypto/x509v3/v3_bitst.c (renamed from crypto/openssl/crypto/x509v3/v3_bitst.c)0
-rw-r--r--crypto/x509v3/v3_conf.c (renamed from crypto/openssl/crypto/x509v3/v3_conf.c)0
-rw-r--r--crypto/x509v3/v3_cpols.c (renamed from crypto/openssl/crypto/x509v3/v3_cpols.c)0
-rw-r--r--crypto/x509v3/v3_crld.c (renamed from crypto/openssl/crypto/x509v3/v3_crld.c)0
-rw-r--r--crypto/x509v3/v3_enum.c (renamed from crypto/openssl/crypto/x509v3/v3_enum.c)0
-rw-r--r--crypto/x509v3/v3_extku.c (renamed from crypto/openssl/crypto/x509v3/v3_extku.c)0
-rw-r--r--crypto/x509v3/v3_genn.c (renamed from crypto/openssl/crypto/x509v3/v3_genn.c)0
-rw-r--r--crypto/x509v3/v3_ia5.c (renamed from crypto/openssl/crypto/x509v3/v3_ia5.c)0
-rw-r--r--crypto/x509v3/v3_info.c (renamed from crypto/openssl/crypto/x509v3/v3_info.c)0
-rw-r--r--crypto/x509v3/v3_int.c (renamed from crypto/openssl/crypto/x509v3/v3_int.c)0
-rw-r--r--crypto/x509v3/v3_lib.c (renamed from crypto/openssl/crypto/x509v3/v3_lib.c)0
-rw-r--r--crypto/x509v3/v3_ncons.c (renamed from crypto/openssl/crypto/x509v3/v3_ncons.c)0
-rw-r--r--crypto/x509v3/v3_ocsp.c (renamed from crypto/openssl/crypto/x509v3/v3_ocsp.c)0
-rw-r--r--crypto/x509v3/v3_pci.c (renamed from crypto/openssl/crypto/x509v3/v3_pci.c)0
-rw-r--r--crypto/x509v3/v3_pcia.c (renamed from crypto/openssl/crypto/x509v3/v3_pcia.c)0
-rw-r--r--crypto/x509v3/v3_pcons.c (renamed from crypto/openssl/crypto/x509v3/v3_pcons.c)0
-rw-r--r--crypto/x509v3/v3_pku.c (renamed from crypto/openssl/crypto/x509v3/v3_pku.c)0
-rw-r--r--crypto/x509v3/v3_pmaps.c (renamed from crypto/openssl/crypto/x509v3/v3_pmaps.c)0
-rw-r--r--crypto/x509v3/v3_prn.c (renamed from crypto/openssl/crypto/x509v3/v3_prn.c)0
-rw-r--r--crypto/x509v3/v3_purp.c (renamed from crypto/openssl/crypto/x509v3/v3_purp.c)0
-rw-r--r--crypto/x509v3/v3_skey.c (renamed from crypto/openssl/crypto/x509v3/v3_skey.c)0
-rw-r--r--crypto/x509v3/v3_sxnet.c (renamed from crypto/openssl/crypto/x509v3/v3_sxnet.c)0
-rw-r--r--crypto/x509v3/v3_utl.c (renamed from crypto/openssl/crypto/x509v3/v3_utl.c)0
-rw-r--r--crypto/x509v3/v3conf.c (renamed from crypto/openssl/crypto/x509v3/v3conf.c)0
-rw-r--r--crypto/x509v3/v3err.c (renamed from crypto/openssl/crypto/x509v3/v3err.c)0
-rw-r--r--crypto/x509v3/v3prin.c (renamed from crypto/openssl/crypto/x509v3/v3prin.c)0
-rw-r--r--crypto/x509v3/x509v3.h (renamed from crypto/openssl/crypto/x509v3/x509v3.h)0
-rw-r--r--crypto/x86_64cpuid.pl (renamed from crypto/openssl/crypto/x86_64cpuid.pl)0
-rw-r--r--crypto/x86cpuid.pl (renamed from crypto/openssl/crypto/x86cpuid.pl)0
1806 files changed, 0 insertions, 183756 deletions
diff --git a/crypto/openssl/crypto/LPdir_nyi.c b/crypto/LPdir_nyi.c
index 6c1a50e..6c1a50e 100644
--- a/crypto/openssl/crypto/LPdir_nyi.c
+++ b/crypto/LPdir_nyi.c
diff --git a/crypto/openssl/crypto/LPdir_unix.c b/crypto/LPdir_unix.c
index b004cd9..b004cd9 100644
--- a/crypto/openssl/crypto/LPdir_unix.c
+++ b/crypto/LPdir_unix.c
diff --git a/crypto/openssl/crypto/LPdir_vms.c b/crypto/LPdir_vms.c
index 85b427a..85b427a 100644
--- a/crypto/openssl/crypto/LPdir_vms.c
+++ b/crypto/LPdir_vms.c
diff --git a/crypto/openssl/crypto/LPdir_win.c b/crypto/LPdir_win.c
index 09b475b..09b475b 100644
--- a/crypto/openssl/crypto/LPdir_win.c
+++ b/crypto/LPdir_win.c
diff --git a/crypto/openssl/crypto/LPdir_win32.c b/crypto/LPdir_win32.c
index e39872d..e39872d 100644
--- a/crypto/openssl/crypto/LPdir_win32.c
+++ b/crypto/LPdir_win32.c
diff --git a/crypto/openssl/crypto/LPdir_wince.c b/crypto/LPdir_wince.c
index ab0e1e6..ab0e1e6 100644
--- a/crypto/openssl/crypto/LPdir_wince.c
+++ b/crypto/LPdir_wince.c
diff --git a/crypto/openssl/crypto/Makefile b/crypto/Makefile
index bb8eaa0..bb8eaa0 100644
--- a/crypto/openssl/crypto/Makefile
+++ b/crypto/Makefile
diff --git a/crypto/openssl/crypto/aes/Makefile b/crypto/aes/Makefile
index 0f939eb..0f939eb 100644
--- a/crypto/openssl/crypto/aes/Makefile
+++ b/crypto/aes/Makefile
diff --git a/crypto/openssl/crypto/aes/README b/crypto/aes/README
index 0f9620a..0f9620a 100644
--- a/crypto/openssl/crypto/aes/README
+++ b/crypto/aes/README
diff --git a/crypto/openssl/crypto/aes/aes.h b/crypto/aes/aes.h
index e6fc44a..e6fc44a 100644
--- a/crypto/openssl/crypto/aes/aes.h
+++ b/crypto/aes/aes.h
diff --git a/crypto/openssl/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c
index d2ba6bc..d2ba6bc 100644
--- a/crypto/openssl/crypto/aes/aes_cbc.c
+++ b/crypto/aes/aes_cbc.c
diff --git a/crypto/openssl/crypto/aes/aes_cfb.c b/crypto/aes/aes_cfb.c
index 49f0411..49f0411 100644
--- a/crypto/openssl/crypto/aes/aes_cfb.c
+++ b/crypto/aes/aes_cfb.c
diff --git a/crypto/openssl/crypto/aes/aes_core.c b/crypto/aes/aes_core.c
index 3a80e18..3a80e18 100644
--- a/crypto/openssl/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
diff --git a/crypto/openssl/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c
index f36982b..f36982b 100644
--- a/crypto/openssl/crypto/aes/aes_ctr.c
+++ b/crypto/aes/aes_ctr.c
diff --git a/crypto/openssl/crypto/aes/aes_ecb.c b/crypto/aes/aes_ecb.c
index 28aa561..28aa561 100644
--- a/crypto/openssl/crypto/aes/aes_ecb.c
+++ b/crypto/aes/aes_ecb.c
diff --git a/crypto/openssl/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c
index 2082d06..2082d06 100644
--- a/crypto/openssl/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
diff --git a/crypto/openssl/crypto/aes/aes_locl.h b/crypto/aes/aes_locl.h
index 054b442..054b442 100644
--- a/crypto/openssl/crypto/aes/aes_locl.h
+++ b/crypto/aes/aes_locl.h
diff --git a/crypto/openssl/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c
index 4fead1b..4fead1b 100644
--- a/crypto/openssl/crypto/aes/aes_misc.c
+++ b/crypto/aes/aes_misc.c
diff --git a/crypto/openssl/crypto/aes/aes_ofb.c b/crypto/aes/aes_ofb.c
index f358bb3..f358bb3 100644
--- a/crypto/openssl/crypto/aes/aes_ofb.c
+++ b/crypto/aes/aes_ofb.c
diff --git a/crypto/openssl/crypto/aes/asm/aes-586.pl b/crypto/aes/asm/aes-586.pl
index 2774d1c..2774d1c 100755
--- a/crypto/openssl/crypto/aes/asm/aes-586.pl
+++ b/crypto/aes/asm/aes-586.pl
diff --git a/crypto/openssl/crypto/aes/asm/aes-ia64.S b/crypto/aes/asm/aes-ia64.S
index 542cf33..542cf33 100644
--- a/crypto/openssl/crypto/aes/asm/aes-ia64.S
+++ b/crypto/aes/asm/aes-ia64.S
diff --git a/crypto/openssl/crypto/asn1/Makefile b/crypto/asn1/Makefile
index f67c5eb..f67c5eb 100644
--- a/crypto/openssl/crypto/asn1/Makefile
+++ b/crypto/asn1/Makefile
diff --git a/crypto/openssl/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index 0fb9ce0..0fb9ce0 100644
--- a/crypto/openssl/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
diff --git a/crypto/openssl/crypto/asn1/a_bool.c b/crypto/asn1/a_bool.c
index 331acdf..331acdf 100644
--- a/crypto/openssl/crypto/asn1/a_bool.c
+++ b/crypto/asn1/a_bool.c
diff --git a/crypto/openssl/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c
index 8d13f9c..8d13f9c 100644
--- a/crypto/openssl/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c
diff --git a/crypto/openssl/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index ece40bc..ece40bc 100644
--- a/crypto/openssl/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
diff --git a/crypto/openssl/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c
index d00d9e2..d00d9e2 100644
--- a/crypto/openssl/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
diff --git a/crypto/openssl/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c
index 199d50f..199d50f 100644
--- a/crypto/openssl/crypto/asn1/a_dup.c
+++ b/crypto/asn1/a_dup.c
diff --git a/crypto/openssl/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c
index fe9aa13..fe9aa13 100644
--- a/crypto/openssl/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
diff --git a/crypto/openssl/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c
index def7906..def7906 100644
--- a/crypto/openssl/crypto/asn1/a_gentm.c
+++ b/crypto/asn1/a_gentm.c
diff --git a/crypto/openssl/crypto/asn1/a_hdr.c b/crypto/asn1/a_hdr.c
index d1c2a7b..d1c2a7b 100644
--- a/crypto/openssl/crypto/asn1/a_hdr.c
+++ b/crypto/asn1/a_hdr.c
diff --git a/crypto/openssl/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c
index a3ad76d..a3ad76d 100644
--- a/crypto/openssl/crypto/asn1/a_i2d_fp.c
+++ b/crypto/asn1/a_i2d_fp.c
diff --git a/crypto/openssl/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index f8d198e..f8d198e 100644
--- a/crypto/openssl/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
diff --git a/crypto/openssl/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c
index 2d4800a..2d4800a 100644
--- a/crypto/openssl/crypto/asn1/a_mbstr.c
+++ b/crypto/asn1/a_mbstr.c
diff --git a/crypto/openssl/crypto/asn1/a_meth.c b/crypto/asn1/a_meth.c
index 50bea91..50bea91 100644
--- a/crypto/openssl/crypto/asn1/a_meth.c
+++ b/crypto/asn1/a_meth.c
diff --git a/crypto/openssl/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index a36356e..a36356e 100644
--- a/crypto/openssl/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
diff --git a/crypto/openssl/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c
index 24fd0f8..24fd0f8 100644
--- a/crypto/openssl/crypto/asn1/a_octet.c
+++ b/crypto/asn1/a_octet.c
diff --git a/crypto/openssl/crypto/asn1/a_print.c b/crypto/asn1/a_print.c
index d18e772..d18e772 100644
--- a/crypto/openssl/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
diff --git a/crypto/openssl/crypto/asn1/a_set.c b/crypto/asn1/a_set.c
index 958558c..958558c 100644
--- a/crypto/openssl/crypto/asn1/a_set.c
+++ b/crypto/asn1/a_set.c
diff --git a/crypto/openssl/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
index 1081950..1081950 100644
--- a/crypto/openssl/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
diff --git a/crypto/openssl/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index c2dbb6f..c2dbb6f 100644
--- a/crypto/openssl/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
diff --git a/crypto/openssl/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index 613bbc4..613bbc4 100644
--- a/crypto/openssl/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
diff --git a/crypto/openssl/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
index 159681f..159681f 100644
--- a/crypto/openssl/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
diff --git a/crypto/openssl/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
index a6acef1..a6acef1 100644
--- a/crypto/openssl/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
diff --git a/crypto/openssl/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
index d31c028..d31c028 100644
--- a/crypto/openssl/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
diff --git a/crypto/openssl/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c
index 508e11e..508e11e 100644
--- a/crypto/openssl/crypto/asn1/a_utf8.c
+++ b/crypto/asn1/a_utf8.c
diff --git a/crypto/openssl/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index fdce6e4..fdce6e4 100644
--- a/crypto/openssl/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
diff --git a/crypto/openssl/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 30f1eec..30f1eec 100644
--- a/crypto/openssl/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
diff --git a/crypto/openssl/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index f6b5c3f..f6b5c3f 100644
--- a/crypto/openssl/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
diff --git a/crypto/openssl/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
index 26c8327..26c8327 100644
--- a/crypto/openssl/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
diff --git a/crypto/openssl/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index d5ae5b2..d5ae5b2 100644
--- a/crypto/openssl/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
diff --git a/crypto/openssl/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h
index d958ca6..d958ca6 100644
--- a/crypto/openssl/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
diff --git a/crypto/openssl/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index 501b62a..501b62a 100644
--- a/crypto/openssl/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
diff --git a/crypto/openssl/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h
index adbc2a6..adbc2a6 100644
--- a/crypto/openssl/crypto/asn1/asn1t.h
+++ b/crypto/asn1/asn1t.h
diff --git a/crypto/openssl/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c
index 72cc121..72cc121 100644
--- a/crypto/openssl/crypto/asn1/asn_moid.c
+++ b/crypto/asn1/asn_moid.c
diff --git a/crypto/openssl/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c
index e8b671b..e8b671b 100644
--- a/crypto/openssl/crypto/asn1/asn_pack.c
+++ b/crypto/asn1/asn_pack.c
diff --git a/crypto/openssl/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
index bd020a9..bd020a9 100644
--- a/crypto/openssl/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h
diff --git a/crypto/openssl/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl
index 2875c59..2875c59 100644
--- a/crypto/openssl/crypto/asn1/charmap.pl
+++ b/crypto/asn1/charmap.pl
diff --git a/crypto/openssl/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index 207ccda..207ccda 100644
--- a/crypto/openssl/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
diff --git a/crypto/openssl/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
index 3694f51..3694f51 100644
--- a/crypto/openssl/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
diff --git a/crypto/openssl/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
index f3d9804..f3d9804 100644
--- a/crypto/openssl/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
diff --git a/crypto/openssl/crypto/asn1/f_enum.c b/crypto/asn1/f_enum.c
index 56e3cc8..56e3cc8 100644
--- a/crypto/openssl/crypto/asn1/f_enum.c
+++ b/crypto/asn1/f_enum.c
diff --git a/crypto/openssl/crypto/asn1/f_int.c b/crypto/asn1/f_int.c
index 9494e59..9494e59 100644
--- a/crypto/openssl/crypto/asn1/f_int.c
+++ b/crypto/asn1/f_int.c
diff --git a/crypto/openssl/crypto/asn1/f_string.c b/crypto/asn1/f_string.c
index 968698a..968698a 100644
--- a/crypto/openssl/crypto/asn1/f_string.c
+++ b/crypto/asn1/f_string.c
diff --git a/crypto/openssl/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c
index 0be52c5..0be52c5 100644
--- a/crypto/openssl/crypto/asn1/i2d_pr.c
+++ b/crypto/asn1/i2d_pr.c
diff --git a/crypto/openssl/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c
index 34286db..34286db 100644
--- a/crypto/openssl/crypto/asn1/i2d_pu.c
+++ b/crypto/asn1/i2d_pu.c
diff --git a/crypto/openssl/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 60bc437..60bc437 100644
--- a/crypto/openssl/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
diff --git a/crypto/openssl/crypto/asn1/nsseq.c b/crypto/asn1/nsseq.c
index 50e2d4d..50e2d4d 100644
--- a/crypto/openssl/crypto/asn1/nsseq.c
+++ b/crypto/asn1/nsseq.c
diff --git a/crypto/openssl/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
index da91170..da91170 100644
--- a/crypto/openssl/crypto/asn1/p5_pbe.c
+++ b/crypto/asn1/p5_pbe.c
diff --git a/crypto/openssl/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
index c834a38..c834a38 100644
--- a/crypto/openssl/crypto/asn1/p5_pbev2.c
+++ b/crypto/asn1/p5_pbev2.c
diff --git a/crypto/openssl/crypto/asn1/p8_key.c b/crypto/asn1/p8_key.c
index 3a31248..3a31248 100644
--- a/crypto/openssl/crypto/asn1/p8_key.c
+++ b/crypto/asn1/p8_key.c
diff --git a/crypto/openssl/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c
index 24b4091..24b4091 100644
--- a/crypto/openssl/crypto/asn1/p8_pkey.c
+++ b/crypto/asn1/p8_pkey.c
diff --git a/crypto/openssl/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c
index 397332d..397332d 100644
--- a/crypto/openssl/crypto/asn1/t_bitst.c
+++ b/crypto/asn1/t_bitst.c
diff --git a/crypto/openssl/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c
index 929b3e5..929b3e5 100644
--- a/crypto/openssl/crypto/asn1/t_crl.c
+++ b/crypto/asn1/t_crl.c
diff --git a/crypto/openssl/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
index afb95d6..afb95d6 100644
--- a/crypto/openssl/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
diff --git a/crypto/openssl/crypto/asn1/t_req.c b/crypto/asn1/t_req.c
index c779a9b..c779a9b 100644
--- a/crypto/openssl/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
diff --git a/crypto/openssl/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c
index c2a5797..c2a5797 100644
--- a/crypto/openssl/crypto/asn1/t_spki.c
+++ b/crypto/asn1/t_spki.c
diff --git a/crypto/openssl/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index fe2ea40..fe2ea40 100644
--- a/crypto/openssl/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
diff --git a/crypto/openssl/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c
index ffbbfb5..ffbbfb5 100644
--- a/crypto/openssl/crypto/asn1/t_x509a.c
+++ b/crypto/asn1/t_x509a.c
diff --git a/crypto/openssl/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index 66d229b..66d229b 100644
--- a/crypto/openssl/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
diff --git a/crypto/openssl/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 25c94aa..25c94aa 100644
--- a/crypto/openssl/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
diff --git a/crypto/openssl/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index b68b66a..b68b66a 100644
--- a/crypto/openssl/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
diff --git a/crypto/openssl/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index 531dad3..531dad3 100644
--- a/crypto/openssl/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
diff --git a/crypto/openssl/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c
index 719639b..719639b 100644
--- a/crypto/openssl/crypto/asn1/tasn_prn.c
+++ b/crypto/asn1/tasn_prn.c
diff --git a/crypto/openssl/crypto/asn1/tasn_typ.c b/crypto/asn1/tasn_typ.c
index 6f17f1b..6f17f1b 100644
--- a/crypto/openssl/crypto/asn1/tasn_typ.c
+++ b/crypto/asn1/tasn_typ.c
diff --git a/crypto/openssl/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index 34d520b..34d520b 100644
--- a/crypto/openssl/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
diff --git a/crypto/openssl/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
index 00b9ea5..00b9ea5 100644
--- a/crypto/openssl/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
diff --git a/crypto/openssl/crypto/asn1/x_attrib.c b/crypto/asn1/x_attrib.c
index 1e3713f..1e3713f 100644
--- a/crypto/openssl/crypto/asn1/x_attrib.c
+++ b/crypto/asn1/x_attrib.c
diff --git a/crypto/openssl/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c
index 869c05d..869c05d 100644
--- a/crypto/openssl/crypto/asn1/x_bignum.c
+++ b/crypto/asn1/x_bignum.c
diff --git a/crypto/openssl/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index b99f8fc..b99f8fc 100644
--- a/crypto/openssl/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
diff --git a/crypto/openssl/crypto/asn1/x_exten.c b/crypto/asn1/x_exten.c
index 702421b..702421b 100644
--- a/crypto/openssl/crypto/asn1/x_exten.c
+++ b/crypto/asn1/x_exten.c
diff --git a/crypto/openssl/crypto/asn1/x_info.c b/crypto/asn1/x_info.c
index d44f6cd..d44f6cd 100644
--- a/crypto/openssl/crypto/asn1/x_info.c
+++ b/crypto/asn1/x_info.c
diff --git a/crypto/openssl/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
index 0db233c..0db233c 100644
--- a/crypto/openssl/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
diff --git a/crypto/openssl/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
index 681e5d1..681e5d1 100644
--- a/crypto/openssl/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
diff --git a/crypto/openssl/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c
index 8453618..8453618 100644
--- a/crypto/openssl/crypto/asn1/x_pkey.c
+++ b/crypto/asn1/x_pkey.c
diff --git a/crypto/openssl/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index 91c2756..91c2756 100644
--- a/crypto/openssl/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
diff --git a/crypto/openssl/crypto/asn1/x_req.c b/crypto/asn1/x_req.c
index 59ca8ce..59ca8ce 100644
--- a/crypto/openssl/crypto/asn1/x_req.c
+++ b/crypto/asn1/x_req.c
diff --git a/crypto/openssl/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c
index 42efa86..42efa86 100644
--- a/crypto/openssl/crypto/asn1/x_sig.c
+++ b/crypto/asn1/x_sig.c
diff --git a/crypto/openssl/crypto/asn1/x_spki.c b/crypto/asn1/x_spki.c
index 2aece07..2aece07 100644
--- a/crypto/openssl/crypto/asn1/x_spki.c
+++ b/crypto/asn1/x_spki.c
diff --git a/crypto/openssl/crypto/asn1/x_val.c b/crypto/asn1/x_val.c
index dc17c67..dc17c67 100644
--- a/crypto/openssl/crypto/asn1/x_val.c
+++ b/crypto/asn1/x_val.c
diff --git a/crypto/openssl/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index e118696..e118696 100644
--- a/crypto/openssl/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
diff --git a/crypto/openssl/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c
index 13db5fd..13db5fd 100644
--- a/crypto/openssl/crypto/asn1/x_x509a.c
+++ b/crypto/asn1/x_x509a.c
diff --git a/crypto/openssl/crypto/bf/COPYRIGHT b/crypto/bf/COPYRIGHT
index 6857223..6857223 100644
--- a/crypto/openssl/crypto/bf/COPYRIGHT
+++ b/crypto/bf/COPYRIGHT
diff --git a/crypto/openssl/crypto/bf/INSTALL b/crypto/bf/INSTALL
index 3b25923..3b25923 100644
--- a/crypto/openssl/crypto/bf/INSTALL
+++ b/crypto/bf/INSTALL
diff --git a/crypto/openssl/crypto/bf/Makefile b/crypto/bf/Makefile
index 8441954..8441954 100644
--- a/crypto/openssl/crypto/bf/Makefile
+++ b/crypto/bf/Makefile
diff --git a/crypto/openssl/crypto/bf/README b/crypto/bf/README
index f2712fd..f2712fd 100644
--- a/crypto/openssl/crypto/bf/README
+++ b/crypto/bf/README
diff --git a/crypto/openssl/crypto/bf/VERSION b/crypto/bf/VERSION
index be99585..be99585 100644
--- a/crypto/openssl/crypto/bf/VERSION
+++ b/crypto/bf/VERSION
diff --git a/crypto/openssl/crypto/bf/asm/bf-586.pl b/crypto/bf/asm/bf-586.pl
index b556642..b556642 100644
--- a/crypto/openssl/crypto/bf/asm/bf-586.pl
+++ b/crypto/bf/asm/bf-586.pl
diff --git a/crypto/openssl/crypto/bf/asm/bf-686.pl b/crypto/bf/asm/bf-686.pl
index 8e4c25f..8e4c25f 100644
--- a/crypto/openssl/crypto/bf/asm/bf-686.pl
+++ b/crypto/bf/asm/bf-686.pl
diff --git a/crypto/openssl/crypto/bf/asm/readme b/crypto/bf/asm/readme
index 2385fa3..2385fa3 100644
--- a/crypto/openssl/crypto/bf/asm/readme
+++ b/crypto/bf/asm/readme
diff --git a/crypto/openssl/crypto/bf/bf_cbc.c b/crypto/bf/bf_cbc.c
index f949629..f949629 100644
--- a/crypto/openssl/crypto/bf/bf_cbc.c
+++ b/crypto/bf/bf_cbc.c
diff --git a/crypto/openssl/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c
index 6451c8d..6451c8d 100644
--- a/crypto/openssl/crypto/bf/bf_cfb64.c
+++ b/crypto/bf/bf_cfb64.c
diff --git a/crypto/openssl/crypto/bf/bf_ecb.c b/crypto/bf/bf_ecb.c
index 1607cef..1607cef 100644
--- a/crypto/openssl/crypto/bf/bf_ecb.c
+++ b/crypto/bf/bf_ecb.c
diff --git a/crypto/openssl/crypto/bf/bf_enc.c b/crypto/bf/bf_enc.c
index 2d21d09..2d21d09 100644
--- a/crypto/openssl/crypto/bf/bf_enc.c
+++ b/crypto/bf/bf_enc.c
diff --git a/crypto/openssl/crypto/bf/bf_locl.h b/crypto/bf/bf_locl.h
index cc7c3ec..cc7c3ec 100644
--- a/crypto/openssl/crypto/bf/bf_locl.h
+++ b/crypto/bf/bf_locl.h
diff --git a/crypto/openssl/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c
index f2a9ff6..f2a9ff6 100644
--- a/crypto/openssl/crypto/bf/bf_ofb64.c
+++ b/crypto/bf/bf_ofb64.c
diff --git a/crypto/openssl/crypto/bf/bf_opts.c b/crypto/bf/bf_opts.c
index 1721bb9..1721bb9 100644
--- a/crypto/openssl/crypto/bf/bf_opts.c
+++ b/crypto/bf/bf_opts.c
diff --git a/crypto/openssl/crypto/bf/bf_pi.h b/crypto/bf/bf_pi.h
index 9949513..9949513 100644
--- a/crypto/openssl/crypto/bf/bf_pi.h
+++ b/crypto/bf/bf_pi.h
diff --git a/crypto/openssl/crypto/bf/bf_skey.c b/crypto/bf/bf_skey.c
index 3673cde..3673cde 100644
--- a/crypto/openssl/crypto/bf/bf_skey.c
+++ b/crypto/bf/bf_skey.c
diff --git a/crypto/openssl/crypto/bf/bfs.cpp b/crypto/bf/bfs.cpp
index d74c457..d74c457 100644
--- a/crypto/openssl/crypto/bf/bfs.cpp
+++ b/crypto/bf/bfs.cpp
diff --git a/crypto/openssl/crypto/bf/bfspeed.c b/crypto/bf/bfspeed.c
index c41ef3b..c41ef3b 100644
--- a/crypto/openssl/crypto/bf/bfspeed.c
+++ b/crypto/bf/bfspeed.c
diff --git a/crypto/openssl/crypto/bf/bftest.c b/crypto/bf/bftest.c
index 97e6634..97e6634 100644
--- a/crypto/openssl/crypto/bf/bftest.c
+++ b/crypto/bf/bftest.c
diff --git a/crypto/openssl/crypto/bf/blowfish.h b/crypto/bf/blowfish.h
index cd49e85..cd49e85 100644
--- a/crypto/openssl/crypto/bf/blowfish.h
+++ b/crypto/bf/blowfish.h
diff --git a/crypto/openssl/crypto/bio/Makefile b/crypto/bio/Makefile
index 1ef6c2f..1ef6c2f 100644
--- a/crypto/openssl/crypto/bio/Makefile
+++ b/crypto/bio/Makefile
diff --git a/crypto/openssl/crypto/bio/b_dump.c b/crypto/bio/b_dump.c
index c80ecc4..c80ecc4 100644
--- a/crypto/openssl/crypto/bio/b_dump.c
+++ b/crypto/bio/b_dump.c
diff --git a/crypto/openssl/crypto/bio/b_print.c b/crypto/bio/b_print.c
index 4857cfe..4857cfe 100644
--- a/crypto/openssl/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
diff --git a/crypto/openssl/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
index 4b3860b..4b3860b 100644
--- a/crypto/openssl/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
diff --git a/crypto/openssl/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c
index c1fd75a..c1fd75a 100644
--- a/crypto/openssl/crypto/bio/bf_buff.c
+++ b/crypto/bio/bf_buff.c
diff --git a/crypto/openssl/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c
index ec0f7eb..ec0f7eb 100644
--- a/crypto/openssl/crypto/bio/bf_lbuf.c
+++ b/crypto/bio/bf_lbuf.c
diff --git a/crypto/openssl/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c
index c72a23c..c72a23c 100644
--- a/crypto/openssl/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
diff --git a/crypto/openssl/crypto/bio/bf_null.c b/crypto/bio/bf_null.c
index c1bf39a..c1bf39a 100644
--- a/crypto/openssl/crypto/bio/bf_null.c
+++ b/crypto/bio/bf_null.c
diff --git a/crypto/openssl/crypto/bio/bio.h b/crypto/bio/bio.h
index 2c9e8a7..2c9e8a7 100644
--- a/crypto/openssl/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
diff --git a/crypto/openssl/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c
index 6f4254a..6f4254a 100644
--- a/crypto/openssl/crypto/bio/bio_cb.c
+++ b/crypto/bio/bio_cb.c
diff --git a/crypto/openssl/crypto/bio/bio_err.c b/crypto/bio/bio_err.c
index 6603f1c..6603f1c 100644
--- a/crypto/openssl/crypto/bio/bio_err.c
+++ b/crypto/bio/bio_err.c
diff --git a/crypto/openssl/crypto/bio/bio_lcl.h b/crypto/bio/bio_lcl.h
index dba2919..dba2919 100644
--- a/crypto/openssl/crypto/bio/bio_lcl.h
+++ b/crypto/bio/bio_lcl.h
diff --git a/crypto/openssl/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index 3f52ae9..3f52ae9 100644
--- a/crypto/openssl/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
diff --git a/crypto/openssl/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index d090b72..d090b72 100644
--- a/crypto/openssl/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
diff --git a/crypto/openssl/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c
index 0f9f095..0f9f095 100644
--- a/crypto/openssl/crypto/bio/bss_bio.c
+++ b/crypto/bio/bss_bio.c
diff --git a/crypto/openssl/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index c147278..c147278 100644
--- a/crypto/openssl/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
diff --git a/crypto/openssl/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
index a0cb29b..a0cb29b 100644
--- a/crypto/openssl/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
diff --git a/crypto/openssl/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c
index 4c229bf..4c229bf 100644
--- a/crypto/openssl/crypto/bio/bss_fd.c
+++ b/crypto/bio/bss_fd.c
diff --git a/crypto/openssl/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
index b277367..b277367 100644
--- a/crypto/openssl/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
diff --git a/crypto/openssl/crypto/bio/bss_log.c b/crypto/bio/bss_log.c
index 6360dbc..6360dbc 100644
--- a/crypto/openssl/crypto/bio/bss_log.c
+++ b/crypto/bio/bss_log.c
diff --git a/crypto/openssl/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
index a4edb71..a4edb71 100644
--- a/crypto/openssl/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
diff --git a/crypto/openssl/crypto/bio/bss_null.c b/crypto/bio/bss_null.c
index 46b7333..46b7333 100644
--- a/crypto/openssl/crypto/bio/bss_null.c
+++ b/crypto/bio/bss_null.c
diff --git a/crypto/openssl/crypto/bio/bss_rtcp.c b/crypto/bio/bss_rtcp.c
index 7dae485..7dae485 100644
--- a/crypto/openssl/crypto/bio/bss_rtcp.c
+++ b/crypto/bio/bss_rtcp.c
diff --git a/crypto/openssl/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c
index 472dd75..472dd75 100644
--- a/crypto/openssl/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
diff --git a/crypto/openssl/crypto/bn/Makefile b/crypto/bn/Makefile
index 5c3e08f..5c3e08f 100644
--- a/crypto/openssl/crypto/bn/Makefile
+++ b/crypto/bn/Makefile
diff --git a/crypto/openssl/crypto/bn/asm/README b/crypto/bn/asm/README
index b0f3a68..b0f3a68 100644
--- a/crypto/openssl/crypto/bn/asm/README
+++ b/crypto/bn/asm/README
diff --git a/crypto/openssl/crypto/bn/asm/alpha.s b/crypto/bn/asm/alpha.s
index 555ff0b..555ff0b 100644
--- a/crypto/openssl/crypto/bn/asm/alpha.s
+++ b/crypto/bn/asm/alpha.s
diff --git a/crypto/openssl/crypto/bn/asm/alpha.s.works b/crypto/bn/asm/alpha.s.works
index ee6c587..ee6c587 100644
--- a/crypto/openssl/crypto/bn/asm/alpha.s.works
+++ b/crypto/bn/asm/alpha.s.works
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/add.pl b/crypto/bn/asm/alpha.works/add.pl
index 4dc76e6..4dc76e6 100644
--- a/crypto/openssl/crypto/bn/asm/alpha.works/add.pl
+++ b/crypto/bn/asm/alpha.works/add.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/div.pl b/crypto/bn/asm/alpha.works/div.pl
index 7ec1443..7ec1443 100644
--- a/crypto/openssl/crypto/bn/asm/alpha.works/div.pl
+++ b/crypto/bn/asm/alpha.works/div.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/mul.pl b/crypto/bn/asm/alpha.works/mul.pl
index b182bae..b182bae 100644
--- a/crypto/openssl/crypto/bn/asm/alpha.works/mul.pl
+++ b/crypto/bn/asm/alpha.works/mul.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/mul_add.pl b/crypto/bn/asm/alpha.works/mul_add.pl
index e37f631..e37f631 100644
--- a/crypto/openssl/crypto/bn/asm/alpha.works/mul_add.pl
+++ b/crypto/bn/asm/alpha.works/mul_add.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.pl b/crypto/bn/asm/alpha.works/mul_c4.pl
index 5efd201..5efd201 100644
--- a/crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.pl
+++ b/crypto/bn/asm/alpha.works/mul_c4.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.works.pl b/crypto/bn/asm/alpha.works/mul_c4.works.pl
index 79d86dd..79d86dd 100644
--- a/crypto/openssl/crypto/bn/asm/alpha.works/mul_c4.works.pl
+++ b/crypto/bn/asm/alpha.works/mul_c4.works.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/mul_c8.pl b/crypto/bn/asm/alpha.works/mul_c8.pl
index 525ca74..525ca74 100644
--- a/crypto/openssl/crypto/bn/asm/alpha.works/mul_c8.pl
+++ b/crypto/bn/asm/alpha.works/mul_c8.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/sqr.pl b/crypto/bn/asm/alpha.works/sqr.pl
index a55b696..a55b696 100644
--- a/crypto/openssl/crypto/bn/asm/alpha.works/sqr.pl
+++ b/crypto/bn/asm/alpha.works/sqr.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/sqr_c4.pl b/crypto/bn/asm/alpha.works/sqr_c4.pl
index bf33f5b..bf33f5b 100644
--- a/crypto/openssl/crypto/bn/asm/alpha.works/sqr_c4.pl
+++ b/crypto/bn/asm/alpha.works/sqr_c4.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/sqr_c8.pl b/crypto/bn/asm/alpha.works/sqr_c8.pl
index b4afe08..b4afe08 100644
--- a/crypto/openssl/crypto/bn/asm/alpha.works/sqr_c8.pl
+++ b/crypto/bn/asm/alpha.works/sqr_c8.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha.works/sub.pl b/crypto/bn/asm/alpha.works/sub.pl
index d998da5..d998da5 100644
--- a/crypto/openssl/crypto/bn/asm/alpha.works/sub.pl
+++ b/crypto/bn/asm/alpha.works/sub.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha/add.pl b/crypto/bn/asm/alpha/add.pl
index 13bf516..13bf516 100644
--- a/crypto/openssl/crypto/bn/asm/alpha/add.pl
+++ b/crypto/bn/asm/alpha/add.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha/div.pl b/crypto/bn/asm/alpha/div.pl
index e9e6808..e9e6808 100644
--- a/crypto/openssl/crypto/bn/asm/alpha/div.pl
+++ b/crypto/bn/asm/alpha/div.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha/mul.pl b/crypto/bn/asm/alpha/mul.pl
index 76c9265..76c9265 100644
--- a/crypto/openssl/crypto/bn/asm/alpha/mul.pl
+++ b/crypto/bn/asm/alpha/mul.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha/mul_add.pl b/crypto/bn/asm/alpha/mul_add.pl
index 0d6df69..0d6df69 100644
--- a/crypto/openssl/crypto/bn/asm/alpha/mul_add.pl
+++ b/crypto/bn/asm/alpha/mul_add.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha/mul_c4.pl b/crypto/bn/asm/alpha/mul_c4.pl
index 9cc876d..9cc876d 100644
--- a/crypto/openssl/crypto/bn/asm/alpha/mul_c4.pl
+++ b/crypto/bn/asm/alpha/mul_c4.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha/mul_c4.works.pl b/crypto/bn/asm/alpha/mul_c4.works.pl
index 79d86dd..79d86dd 100644
--- a/crypto/openssl/crypto/bn/asm/alpha/mul_c4.works.pl
+++ b/crypto/bn/asm/alpha/mul_c4.works.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha/mul_c8.pl b/crypto/bn/asm/alpha/mul_c8.pl
index 525ca74..525ca74 100644
--- a/crypto/openssl/crypto/bn/asm/alpha/mul_c8.pl
+++ b/crypto/bn/asm/alpha/mul_c8.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha/sqr.pl b/crypto/bn/asm/alpha/sqr.pl
index a55b696..a55b696 100644
--- a/crypto/openssl/crypto/bn/asm/alpha/sqr.pl
+++ b/crypto/bn/asm/alpha/sqr.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha/sqr_c4.pl b/crypto/bn/asm/alpha/sqr_c4.pl
index bf33f5b..bf33f5b 100644
--- a/crypto/openssl/crypto/bn/asm/alpha/sqr_c4.pl
+++ b/crypto/bn/asm/alpha/sqr_c4.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha/sqr_c8.pl b/crypto/bn/asm/alpha/sqr_c8.pl
index b4afe08..b4afe08 100644
--- a/crypto/openssl/crypto/bn/asm/alpha/sqr_c8.pl
+++ b/crypto/bn/asm/alpha/sqr_c8.pl
diff --git a/crypto/openssl/crypto/bn/asm/alpha/sub.pl b/crypto/bn/asm/alpha/sub.pl
index d998da5..d998da5 100644
--- a/crypto/openssl/crypto/bn/asm/alpha/sub.pl
+++ b/crypto/bn/asm/alpha/sub.pl
diff --git a/crypto/openssl/crypto/bn/asm/bn-586.pl b/crypto/bn/asm/bn-586.pl
index 26c2685..26c2685 100644
--- a/crypto/openssl/crypto/bn/asm/bn-586.pl
+++ b/crypto/bn/asm/bn-586.pl
diff --git a/crypto/openssl/crypto/bn/asm/bn-alpha.pl b/crypto/bn/asm/bn-alpha.pl
index 302edf2..302edf2 100644
--- a/crypto/openssl/crypto/bn/asm/bn-alpha.pl
+++ b/crypto/bn/asm/bn-alpha.pl
diff --git a/crypto/openssl/crypto/bn/asm/ca.pl b/crypto/bn/asm/ca.pl
index c1ce67a..c1ce67a 100644
--- a/crypto/openssl/crypto/bn/asm/ca.pl
+++ b/crypto/bn/asm/ca.pl
diff --git a/crypto/openssl/crypto/bn/asm/co-586.pl b/crypto/bn/asm/co-586.pl
index 5d962cb..5d962cb 100644
--- a/crypto/openssl/crypto/bn/asm/co-586.pl
+++ b/crypto/bn/asm/co-586.pl
diff --git a/crypto/openssl/crypto/bn/asm/co-alpha.pl b/crypto/bn/asm/co-alpha.pl
index 67dad3e..67dad3e 100644
--- a/crypto/openssl/crypto/bn/asm/co-alpha.pl
+++ b/crypto/bn/asm/co-alpha.pl
diff --git a/crypto/openssl/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S
index 7b82b82..7b82b82 100644
--- a/crypto/openssl/crypto/bn/asm/ia64.S
+++ b/crypto/bn/asm/ia64.S
diff --git a/crypto/openssl/crypto/bn/asm/mips1.s b/crypto/bn/asm/mips1.s
index 44fa125..44fa125 100644
--- a/crypto/openssl/crypto/bn/asm/mips1.s
+++ b/crypto/bn/asm/mips1.s
diff --git a/crypto/openssl/crypto/bn/asm/mips3.s b/crypto/bn/asm/mips3.s
index dca4105..dca4105 100644
--- a/crypto/openssl/crypto/bn/asm/mips3.s
+++ b/crypto/bn/asm/mips3.s
diff --git a/crypto/openssl/crypto/bn/asm/pa-risc.s b/crypto/bn/asm/pa-risc.s
index 775130a..775130a 100644
--- a/crypto/openssl/crypto/bn/asm/pa-risc.s
+++ b/crypto/bn/asm/pa-risc.s
diff --git a/crypto/openssl/crypto/bn/asm/pa-risc2.s b/crypto/bn/asm/pa-risc2.s
index f3b1629..f3b1629 100644
--- a/crypto/openssl/crypto/bn/asm/pa-risc2.s
+++ b/crypto/bn/asm/pa-risc2.s
diff --git a/crypto/openssl/crypto/bn/asm/pa-risc2W.s b/crypto/bn/asm/pa-risc2W.s
index a995457..a995457 100644
--- a/crypto/openssl/crypto/bn/asm/pa-risc2W.s
+++ b/crypto/bn/asm/pa-risc2W.s
diff --git a/crypto/openssl/crypto/bn/asm/ppc.pl b/crypto/bn/asm/ppc.pl
index 08e0053..08e0053 100644
--- a/crypto/openssl/crypto/bn/asm/ppc.pl
+++ b/crypto/bn/asm/ppc.pl
diff --git a/crypto/openssl/crypto/bn/asm/r3000.s b/crypto/bn/asm/r3000.s
index e95269a..e95269a 100644
--- a/crypto/openssl/crypto/bn/asm/r3000.s
+++ b/crypto/bn/asm/r3000.s
diff --git a/crypto/openssl/crypto/bn/asm/sparcv8.S b/crypto/bn/asm/sparcv8.S
index 88c5dc4..88c5dc4 100644
--- a/crypto/openssl/crypto/bn/asm/sparcv8.S
+++ b/crypto/bn/asm/sparcv8.S
diff --git a/crypto/openssl/crypto/bn/asm/sparcv8plus.S b/crypto/bn/asm/sparcv8plus.S
index 8c56e2e..8c56e2e 100644
--- a/crypto/openssl/crypto/bn/asm/sparcv8plus.S
+++ b/crypto/bn/asm/sparcv8plus.S
diff --git a/crypto/openssl/crypto/bn/asm/x86.pl b/crypto/bn/asm/x86.pl
index 1bc4f1b..1bc4f1b 100644
--- a/crypto/openssl/crypto/bn/asm/x86.pl
+++ b/crypto/bn/asm/x86.pl
diff --git a/crypto/openssl/crypto/bn/asm/x86/add.pl b/crypto/bn/asm/x86/add.pl
index 0b5cf58..0b5cf58 100644
--- a/crypto/openssl/crypto/bn/asm/x86/add.pl
+++ b/crypto/bn/asm/x86/add.pl
diff --git a/crypto/openssl/crypto/bn/asm/x86/comba.pl b/crypto/bn/asm/x86/comba.pl
index 2291253..2291253 100644
--- a/crypto/openssl/crypto/bn/asm/x86/comba.pl
+++ b/crypto/bn/asm/x86/comba.pl
diff --git a/crypto/openssl/crypto/bn/asm/x86/div.pl b/crypto/bn/asm/x86/div.pl
index 0e90152..0e90152 100644
--- a/crypto/openssl/crypto/bn/asm/x86/div.pl
+++ b/crypto/bn/asm/x86/div.pl
diff --git a/crypto/openssl/crypto/bn/asm/x86/f b/crypto/bn/asm/x86/f
index 22e4112..22e4112 100644
--- a/crypto/openssl/crypto/bn/asm/x86/f
+++ b/crypto/bn/asm/x86/f
diff --git a/crypto/openssl/crypto/bn/asm/x86/mul.pl b/crypto/bn/asm/x86/mul.pl
index 674cb9b..674cb9b 100644
--- a/crypto/openssl/crypto/bn/asm/x86/mul.pl
+++ b/crypto/bn/asm/x86/mul.pl
diff --git a/crypto/openssl/crypto/bn/asm/x86/mul_add.pl b/crypto/bn/asm/x86/mul_add.pl
index 61830d3..61830d3 100644
--- a/crypto/openssl/crypto/bn/asm/x86/mul_add.pl
+++ b/crypto/bn/asm/x86/mul_add.pl
diff --git a/crypto/openssl/crypto/bn/asm/x86/sqr.pl b/crypto/bn/asm/x86/sqr.pl
index 1f90993..1f90993 100644
--- a/crypto/openssl/crypto/bn/asm/x86/sqr.pl
+++ b/crypto/bn/asm/x86/sqr.pl
diff --git a/crypto/openssl/crypto/bn/asm/x86/sub.pl b/crypto/bn/asm/x86/sub.pl
index 837b0e1..837b0e1 100644
--- a/crypto/openssl/crypto/bn/asm/x86/sub.pl
+++ b/crypto/bn/asm/x86/sub.pl
diff --git a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c
index f13f52d..f13f52d 100644
--- a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/bn/asm/x86_64-gcc.c
diff --git a/crypto/openssl/crypto/bn/bn.h b/crypto/bn/bn.h
index 95c5d64..95c5d64 100644
--- a/crypto/openssl/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
diff --git a/crypto/openssl/crypto/bn/bn.mul b/crypto/bn/bn.mul
index 9728870..9728870 100644
--- a/crypto/openssl/crypto/bn/bn.mul
+++ b/crypto/bn/bn.mul
diff --git a/crypto/openssl/crypto/bn/bn_add.c b/crypto/bn/bn_add.c
index 9405163..9405163 100644
--- a/crypto/openssl/crypto/bn/bn_add.c
+++ b/crypto/bn/bn_add.c
diff --git a/crypto/openssl/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c
index 99bc2de..99bc2de 100644
--- a/crypto/openssl/crypto/bn/bn_asm.c
+++ b/crypto/bn/bn_asm.c
diff --git a/crypto/openssl/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index ca22d4f..ca22d4f 100644
--- a/crypto/openssl/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
diff --git a/crypto/openssl/crypto/bn/bn_const.c b/crypto/bn/bn_const.c
index eb60a25..eb60a25 100755
--- a/crypto/openssl/crypto/bn/bn_const.c
+++ b/crypto/bn/bn_const.c
diff --git a/crypto/openssl/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
index b3452f1..b3452f1 100644
--- a/crypto/openssl/crypto/bn/bn_ctx.c
+++ b/crypto/bn/bn_ctx.c
diff --git a/crypto/openssl/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c
index 27535e4..27535e4 100644
--- a/crypto/openssl/crypto/bn/bn_depr.c
+++ b/crypto/bn/bn_depr.c
diff --git a/crypto/openssl/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index 2857f44..2857f44 100644
--- a/crypto/openssl/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
diff --git a/crypto/openssl/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
index 24fbbb7..24fbbb7 100644
--- a/crypto/openssl/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 8f8c694..8f8c694 100644
--- a/crypto/openssl/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
diff --git a/crypto/openssl/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c
index b3f43ce..b3f43ce 100644
--- a/crypto/openssl/crypto/bn/bn_exp2.c
+++ b/crypto/bn/bn_exp2.c
diff --git a/crypto/openssl/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index f02e6fc..f02e6fc 100644
--- a/crypto/openssl/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
diff --git a/crypto/openssl/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
index 6a79385..6a79385 100644
--- a/crypto/openssl/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
diff --git a/crypto/openssl/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c
index 740359b..740359b 100644
--- a/crypto/openssl/crypto/bn/bn_kron.c
+++ b/crypto/bn/bn_kron.c
diff --git a/crypto/openssl/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
index ad4ca7f..ad4ca7f 100644
--- a/crypto/openssl/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
diff --git a/crypto/openssl/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 210ccb4..210ccb4 100644
--- a/crypto/openssl/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
diff --git a/crypto/openssl/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c
index 77d6ddb..77d6ddb 100644
--- a/crypto/openssl/crypto/bn/bn_mod.c
+++ b/crypto/bn/bn_mod.c
diff --git a/crypto/openssl/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 961ca67..961ca67 100644
--- a/crypto/openssl/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
diff --git a/crypto/openssl/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c
index a054d21a..a054d21a 100644
--- a/crypto/openssl/crypto/bn/bn_mpi.c
+++ b/crypto/bn/bn_mpi.c
diff --git a/crypto/openssl/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c
index aec1eaf..aec1eaf 100644
--- a/crypto/openssl/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
diff --git a/crypto/openssl/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c
index f8e306b..f8e306b 100644
--- a/crypto/openssl/crypto/bn/bn_nist.c
+++ b/crypto/bn/bn_nist.c
diff --git a/crypto/openssl/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 5bab019..5bab019 100644
--- a/crypto/openssl/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
diff --git a/crypto/openssl/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
index b7cf9a9..b7cf9a9 100644
--- a/crypto/openssl/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
diff --git a/crypto/openssl/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl
index e583d1d..e583d1d 100644
--- a/crypto/openssl/crypto/bn/bn_prime.pl
+++ b/crypto/bn/bn_prime.pl
diff --git a/crypto/openssl/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index 810dde3..810dde3 100644
--- a/crypto/openssl/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
diff --git a/crypto/openssl/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index f51830b..f51830b 100644
--- a/crypto/openssl/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
diff --git a/crypto/openssl/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
index 2e8efb8..2e8efb8 100644
--- a/crypto/openssl/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
diff --git a/crypto/openssl/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c
index de9312d..de9312d 100644
--- a/crypto/openssl/crypto/bn/bn_shift.c
+++ b/crypto/bn/bn_shift.c
diff --git a/crypto/openssl/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c
index 270d0cd..270d0cd 100644
--- a/crypto/openssl/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c
diff --git a/crypto/openssl/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
index 6beaf9e..6beaf9e 100644
--- a/crypto/openssl/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
diff --git a/crypto/openssl/crypto/bn/bn_word.c b/crypto/bn/bn_word.c
index ee7b87c..ee7b87c 100644
--- a/crypto/openssl/crypto/bn/bn_word.c
+++ b/crypto/bn/bn_word.c
diff --git a/crypto/openssl/crypto/bn/bnspeed.c b/crypto/bn/bnspeed.c
index b554ac8..b554ac8 100644
--- a/crypto/openssl/crypto/bn/bnspeed.c
+++ b/crypto/bn/bnspeed.c
diff --git a/crypto/openssl/crypto/bn/bntest.c b/crypto/bn/bntest.c
index c885300..c885300 100644
--- a/crypto/openssl/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
diff --git a/crypto/openssl/crypto/bn/divtest.c b/crypto/bn/divtest.c
index d3fc688..d3fc688 100644
--- a/crypto/openssl/crypto/bn/divtest.c
+++ b/crypto/bn/divtest.c
diff --git a/crypto/openssl/crypto/bn/exp.c b/crypto/bn/exp.c
index 4865b0e..4865b0e 100644
--- a/crypto/openssl/crypto/bn/exp.c
+++ b/crypto/bn/exp.c
diff --git a/crypto/openssl/crypto/bn/expspeed.c b/crypto/bn/expspeed.c
index 4d5f221..4d5f221 100644
--- a/crypto/openssl/crypto/bn/expspeed.c
+++ b/crypto/bn/expspeed.c
diff --git a/crypto/openssl/crypto/bn/exptest.c b/crypto/bn/exptest.c
index f598a07..f598a07 100644
--- a/crypto/openssl/crypto/bn/exptest.c
+++ b/crypto/bn/exptest.c
diff --git a/crypto/openssl/crypto/bn/todo b/crypto/bn/todo
index e47e381..e47e381 100644
--- a/crypto/openssl/crypto/bn/todo
+++ b/crypto/bn/todo
diff --git a/crypto/openssl/crypto/buffer/Makefile b/crypto/buffer/Makefile
index 9f3a88d..9f3a88d 100644
--- a/crypto/openssl/crypto/buffer/Makefile
+++ b/crypto/buffer/Makefile
diff --git a/crypto/openssl/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c
index 3e25bbe..3e25bbe 100644
--- a/crypto/openssl/crypto/buffer/buf_err.c
+++ b/crypto/buffer/buf_err.c
diff --git a/crypto/openssl/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index 3bf03c7..3bf03c7 100644
--- a/crypto/openssl/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
diff --git a/crypto/openssl/crypto/buffer/buffer.h b/crypto/buffer/buffer.h
index 1db9607..1db9607 100644
--- a/crypto/openssl/crypto/buffer/buffer.h
+++ b/crypto/buffer/buffer.h
diff --git a/crypto/openssl/crypto/camellia/Makefile b/crypto/camellia/Makefile
index 1579de5..1579de5 100644
--- a/crypto/openssl/crypto/camellia/Makefile
+++ b/crypto/camellia/Makefile
diff --git a/crypto/openssl/crypto/camellia/camellia.c b/crypto/camellia/camellia.c
index 491c26b..491c26b 100644
--- a/crypto/openssl/crypto/camellia/camellia.c
+++ b/crypto/camellia/camellia.c
diff --git a/crypto/openssl/crypto/camellia/camellia.h b/crypto/camellia/camellia.h
index 3c8a359..3c8a359 100644
--- a/crypto/openssl/crypto/camellia/camellia.h
+++ b/crypto/camellia/camellia.h
diff --git a/crypto/openssl/crypto/camellia/cmll_cbc.c b/crypto/camellia/cmll_cbc.c
index 4141a7b..4141a7b 100644
--- a/crypto/openssl/crypto/camellia/cmll_cbc.c
+++ b/crypto/camellia/cmll_cbc.c
diff --git a/crypto/openssl/crypto/camellia/cmll_cfb.c b/crypto/camellia/cmll_cfb.c
index af0f9f4..af0f9f4 100644
--- a/crypto/openssl/crypto/camellia/cmll_cfb.c
+++ b/crypto/camellia/cmll_cfb.c
diff --git a/crypto/openssl/crypto/camellia/cmll_ctr.c b/crypto/camellia/cmll_ctr.c
index cc21b70..cc21b70 100644
--- a/crypto/openssl/crypto/camellia/cmll_ctr.c
+++ b/crypto/camellia/cmll_ctr.c
diff --git a/crypto/openssl/crypto/camellia/cmll_ecb.c b/crypto/camellia/cmll_ecb.c
index 70dc0e5..70dc0e5 100644
--- a/crypto/openssl/crypto/camellia/cmll_ecb.c
+++ b/crypto/camellia/cmll_ecb.c
diff --git a/crypto/openssl/crypto/camellia/cmll_locl.h b/crypto/camellia/cmll_locl.h
index 2ac2e95..2ac2e95 100644
--- a/crypto/openssl/crypto/camellia/cmll_locl.h
+++ b/crypto/camellia/cmll_locl.h
diff --git a/crypto/openssl/crypto/camellia/cmll_misc.c b/crypto/camellia/cmll_misc.c
index f1047b5..f1047b5 100644
--- a/crypto/openssl/crypto/camellia/cmll_misc.c
+++ b/crypto/camellia/cmll_misc.c
diff --git a/crypto/openssl/crypto/camellia/cmll_ofb.c b/crypto/camellia/cmll_ofb.c
index d89cf9f..d89cf9f 100644
--- a/crypto/openssl/crypto/camellia/cmll_ofb.c
+++ b/crypto/camellia/cmll_ofb.c
diff --git a/crypto/openssl/crypto/cast/Makefile b/crypto/cast/Makefile
index 149956e..149956e 100644
--- a/crypto/openssl/crypto/cast/Makefile
+++ b/crypto/cast/Makefile
diff --git a/crypto/openssl/crypto/cast/asm/cast-586.pl b/crypto/cast/asm/cast-586.pl
index 6be0bfe..6be0bfe 100644
--- a/crypto/openssl/crypto/cast/asm/cast-586.pl
+++ b/crypto/cast/asm/cast-586.pl
diff --git a/crypto/openssl/crypto/cast/asm/readme b/crypto/cast/asm/readme
index fbcd762..fbcd762 100644
--- a/crypto/openssl/crypto/cast/asm/readme
+++ b/crypto/cast/asm/readme
diff --git a/crypto/openssl/crypto/cast/c_cfb64.c b/crypto/cast/c_cfb64.c
index 514c005..514c005 100644
--- a/crypto/openssl/crypto/cast/c_cfb64.c
+++ b/crypto/cast/c_cfb64.c
diff --git a/crypto/openssl/crypto/cast/c_ecb.c b/crypto/cast/c_ecb.c
index f2dc606..f2dc606 100644
--- a/crypto/openssl/crypto/cast/c_ecb.c
+++ b/crypto/cast/c_ecb.c
diff --git a/crypto/openssl/crypto/cast/c_enc.c b/crypto/cast/c_enc.c
index 0fe2cff..0fe2cff 100644
--- a/crypto/openssl/crypto/cast/c_enc.c
+++ b/crypto/cast/c_enc.c
diff --git a/crypto/openssl/crypto/cast/c_ofb64.c b/crypto/cast/c_ofb64.c
index fd0469a..fd0469a 100644
--- a/crypto/openssl/crypto/cast/c_ofb64.c
+++ b/crypto/cast/c_ofb64.c
diff --git a/crypto/openssl/crypto/cast/c_skey.c b/crypto/cast/c_skey.c
index 76e4000..76e4000 100644
--- a/crypto/openssl/crypto/cast/c_skey.c
+++ b/crypto/cast/c_skey.c
diff --git a/crypto/openssl/crypto/cast/cast.h b/crypto/cast/cast.h
index 90b45b9..90b45b9 100644
--- a/crypto/openssl/crypto/cast/cast.h
+++ b/crypto/cast/cast.h
diff --git a/crypto/openssl/crypto/cast/cast_lcl.h b/crypto/cast/cast_lcl.h
index e756021..e756021 100644
--- a/crypto/openssl/crypto/cast/cast_lcl.h
+++ b/crypto/cast/cast_lcl.h
diff --git a/crypto/openssl/crypto/cast/cast_s.h b/crypto/cast/cast_s.h
index c483fd5..c483fd5 100644
--- a/crypto/openssl/crypto/cast/cast_s.h
+++ b/crypto/cast/cast_s.h
diff --git a/crypto/openssl/crypto/cast/cast_spd.c b/crypto/cast/cast_spd.c
index d650af4..d650af4 100644
--- a/crypto/openssl/crypto/cast/cast_spd.c
+++ b/crypto/cast/cast_spd.c
diff --git a/crypto/openssl/crypto/cast/castopts.c b/crypto/cast/castopts.c
index 33b2c7b..33b2c7b 100644
--- a/crypto/openssl/crypto/cast/castopts.c
+++ b/crypto/cast/castopts.c
diff --git a/crypto/openssl/crypto/cast/casts.cpp b/crypto/cast/casts.cpp
index 8d7bd46..8d7bd46 100644
--- a/crypto/openssl/crypto/cast/casts.cpp
+++ b/crypto/cast/casts.cpp
diff --git a/crypto/openssl/crypto/cast/casttest.c b/crypto/cast/casttest.c
index 0d020d6..0d020d6 100644
--- a/crypto/openssl/crypto/cast/casttest.c
+++ b/crypto/cast/casttest.c
diff --git a/crypto/openssl/crypto/comp/Makefile b/crypto/comp/Makefile
index efda832..efda832 100644
--- a/crypto/openssl/crypto/comp/Makefile
+++ b/crypto/comp/Makefile
diff --git a/crypto/openssl/crypto/comp/c_rle.c b/crypto/comp/c_rle.c
index efd366f..efd366f 100644
--- a/crypto/openssl/crypto/comp/c_rle.c
+++ b/crypto/comp/c_rle.c
diff --git a/crypto/openssl/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
index 43402e7..43402e7 100644
--- a/crypto/openssl/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
diff --git a/crypto/openssl/crypto/comp/comp.h b/crypto/comp/comp.h
index 5d59354..5d59354 100644
--- a/crypto/openssl/crypto/comp/comp.h
+++ b/crypto/comp/comp.h
diff --git a/crypto/openssl/crypto/comp/comp_err.c b/crypto/comp/comp_err.c
index 0737222..0737222 100644
--- a/crypto/openssl/crypto/comp/comp_err.c
+++ b/crypto/comp/comp_err.c
diff --git a/crypto/openssl/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c
index b60ae37..b60ae37 100644
--- a/crypto/openssl/crypto/comp/comp_lib.c
+++ b/crypto/comp/comp_lib.c
diff --git a/crypto/openssl/crypto/conf/Makefile b/crypto/conf/Makefile
index 78bb324..78bb324 100644
--- a/crypto/openssl/crypto/conf/Makefile
+++ b/crypto/conf/Makefile
diff --git a/crypto/openssl/crypto/conf/README b/crypto/conf/README
index ca58d02..ca58d02 100644
--- a/crypto/openssl/crypto/conf/README
+++ b/crypto/conf/README
diff --git a/crypto/openssl/crypto/conf/cnf_save.c b/crypto/conf/cnf_save.c
index 1439487..1439487 100644
--- a/crypto/openssl/crypto/conf/cnf_save.c
+++ b/crypto/conf/cnf_save.c
diff --git a/crypto/openssl/crypto/conf/conf.h b/crypto/conf/conf.h
index 4c073dd..4c073dd 100644
--- a/crypto/openssl/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
diff --git a/crypto/openssl/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index 0032baa..0032baa 100644
--- a/crypto/openssl/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
diff --git a/crypto/openssl/crypto/conf/conf_api.h b/crypto/conf/conf_api.h
index 87a954a..87a954a 100644
--- a/crypto/openssl/crypto/conf/conf_api.h
+++ b/crypto/conf/conf_api.h
diff --git a/crypto/openssl/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index d8bce87..d8bce87 100644
--- a/crypto/openssl/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
diff --git a/crypto/openssl/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
index 92a7d8a..92a7d8a 100644
--- a/crypto/openssl/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
diff --git a/crypto/openssl/crypto/conf/conf_err.c b/crypto/conf/conf_err.c
index a16a5e0..a16a5e0 100644
--- a/crypto/openssl/crypto/conf/conf_err.c
+++ b/crypto/conf/conf_err.c
diff --git a/crypto/openssl/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 2a3399d..2a3399d 100644
--- a/crypto/openssl/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
diff --git a/crypto/openssl/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c
index 4ba40cf..4ba40cf 100644
--- a/crypto/openssl/crypto/conf/conf_mall.c
+++ b/crypto/conf/conf_mall.c
diff --git a/crypto/openssl/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 587211a..587211a 100644
--- a/crypto/openssl/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
diff --git a/crypto/openssl/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index e15c2e5..e15c2e5 100644
--- a/crypto/openssl/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
diff --git a/crypto/openssl/crypto/conf/keysets.pl b/crypto/conf/keysets.pl
index 50ed67f..50ed67f 100644
--- a/crypto/openssl/crypto/conf/keysets.pl
+++ b/crypto/conf/keysets.pl
diff --git a/crypto/openssl/crypto/conf/ssleay.cnf b/crypto/conf/ssleay.cnf
index ed33af6..ed33af6 100644
--- a/crypto/openssl/crypto/conf/ssleay.cnf
+++ b/crypto/conf/ssleay.cnf
diff --git a/crypto/openssl/crypto/conf/test.c b/crypto/conf/test.c
index 7fab850..7fab850 100644
--- a/crypto/openssl/crypto/conf/test.c
+++ b/crypto/conf/test.c
diff --git a/crypto/openssl/crypto/cpt_err.c b/crypto/cpt_err.c
index 9fd41ff..9fd41ff 100644
--- a/crypto/openssl/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/cryptlib.c
index 86af760..86af760 100644
--- a/crypto/openssl/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
diff --git a/crypto/openssl/crypto/cryptlib.h b/crypto/cryptlib.h
index 5ceaa96..5ceaa96 100644
--- a/crypto/openssl/crypto/cryptlib.h
+++ b/crypto/cryptlib.h
diff --git a/crypto/openssl/crypto/crypto.h b/crypto/crypto.h
index d2b5ffe..d2b5ffe 100644
--- a/crypto/openssl/crypto/crypto.h
+++ b/crypto/crypto.h
diff --git a/crypto/openssl/crypto/cversion.c b/crypto/cversion.c
index ea9f25f..ea9f25f 100644
--- a/crypto/openssl/crypto/cversion.c
+++ b/crypto/cversion.c
diff --git a/crypto/openssl/crypto/des/COPYRIGHT b/crypto/des/COPYRIGHT
index 5469e1e..5469e1e 100644
--- a/crypto/openssl/crypto/des/COPYRIGHT
+++ b/crypto/des/COPYRIGHT
diff --git a/crypto/openssl/crypto/des/DES.pm b/crypto/des/DES.pm
index 6a175b6..6a175b6 100644
--- a/crypto/openssl/crypto/des/DES.pm
+++ b/crypto/des/DES.pm
diff --git a/crypto/openssl/crypto/des/DES.xs b/crypto/des/DES.xs
index b8050b9..b8050b9 100644
--- a/crypto/openssl/crypto/des/DES.xs
+++ b/crypto/des/DES.xs
diff --git a/crypto/openssl/crypto/des/FILES0 b/crypto/des/FILES0
index 4c7ea2d..4c7ea2d 100644
--- a/crypto/openssl/crypto/des/FILES0
+++ b/crypto/des/FILES0
diff --git a/crypto/openssl/crypto/des/INSTALL b/crypto/des/INSTALL
index 8aebdfe..8aebdfe 100644
--- a/crypto/openssl/crypto/des/INSTALL
+++ b/crypto/des/INSTALL
diff --git a/crypto/openssl/crypto/des/Imakefile b/crypto/des/Imakefile
index 1b9b562..1b9b562 100644
--- a/crypto/openssl/crypto/des/Imakefile
+++ b/crypto/des/Imakefile
diff --git a/crypto/openssl/crypto/des/KERBEROS b/crypto/des/KERBEROS
index f401b10..f401b10 100644
--- a/crypto/openssl/crypto/des/KERBEROS
+++ b/crypto/des/KERBEROS
diff --git a/crypto/openssl/crypto/des/Makefile b/crypto/des/Makefile
index 523dfe3..523dfe3 100644
--- a/crypto/openssl/crypto/des/Makefile
+++ b/crypto/des/Makefile
diff --git a/crypto/openssl/crypto/des/README b/crypto/des/README
index 621a5ab..621a5ab 100644
--- a/crypto/openssl/crypto/des/README
+++ b/crypto/des/README
diff --git a/crypto/openssl/crypto/des/VERSION b/crypto/des/VERSION
index c7d0154..c7d0154 100644
--- a/crypto/openssl/crypto/des/VERSION
+++ b/crypto/des/VERSION
diff --git a/crypto/openssl/crypto/des/asm/crypt586.pl b/crypto/des/asm/crypt586.pl
index 1d04ed6..1d04ed6 100644
--- a/crypto/openssl/crypto/des/asm/crypt586.pl
+++ b/crypto/des/asm/crypt586.pl
diff --git a/crypto/openssl/crypto/des/asm/des-586.pl b/crypto/des/asm/des-586.pl
index b75d3c6..b75d3c6 100644
--- a/crypto/openssl/crypto/des/asm/des-586.pl
+++ b/crypto/des/asm/des-586.pl
diff --git a/crypto/openssl/crypto/des/asm/des686.pl b/crypto/des/asm/des686.pl
index d3ad5d5..d3ad5d5 100644
--- a/crypto/openssl/crypto/des/asm/des686.pl
+++ b/crypto/des/asm/des686.pl
diff --git a/crypto/openssl/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4
index f5b1928..f5b1928 100644
--- a/crypto/openssl/crypto/des/asm/des_enc.m4
+++ b/crypto/des/asm/des_enc.m4
diff --git a/crypto/openssl/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl
index eec0088..eec0088 100644
--- a/crypto/openssl/crypto/des/asm/desboth.pl
+++ b/crypto/des/asm/desboth.pl
diff --git a/crypto/openssl/crypto/des/asm/readme b/crypto/des/asm/readme
index 1beafe2..1beafe2 100644
--- a/crypto/openssl/crypto/des/asm/readme
+++ b/crypto/des/asm/readme
diff --git a/crypto/openssl/crypto/des/cbc3_enc.c b/crypto/des/cbc3_enc.c
index b5db4e1..b5db4e1 100644
--- a/crypto/openssl/crypto/des/cbc3_enc.c
+++ b/crypto/des/cbc3_enc.c
diff --git a/crypto/openssl/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c
index 09a7ba5..09a7ba5 100644
--- a/crypto/openssl/crypto/des/cbc_cksm.c
+++ b/crypto/des/cbc_cksm.c
diff --git a/crypto/openssl/crypto/des/cbc_enc.c b/crypto/des/cbc_enc.c
index 677903a..677903a 100644
--- a/crypto/openssl/crypto/des/cbc_enc.c
+++ b/crypto/des/cbc_enc.c
diff --git a/crypto/openssl/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c
index de34ecc..de34ecc 100644
--- a/crypto/openssl/crypto/des/cfb64ede.c
+++ b/crypto/des/cfb64ede.c
diff --git a/crypto/openssl/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c
index 5ec8683..5ec8683 100644
--- a/crypto/openssl/crypto/des/cfb64enc.c
+++ b/crypto/des/cfb64enc.c
diff --git a/crypto/openssl/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c
index 720f29a..720f29a 100644
--- a/crypto/openssl/crypto/des/cfb_enc.c
+++ b/crypto/des/cfb_enc.c
diff --git a/crypto/openssl/crypto/des/des.c b/crypto/des/des.c
index 343135f..343135f 100644
--- a/crypto/openssl/crypto/des/des.c
+++ b/crypto/des/des.c
diff --git a/crypto/openssl/crypto/des/des.h b/crypto/des/des.h
index 3cbc2b5..3cbc2b5 100644
--- a/crypto/openssl/crypto/des/des.h
+++ b/crypto/des/des.h
diff --git a/crypto/openssl/crypto/des/des.pod b/crypto/des/des.pod
index bf479e8..bf479e8 100644
--- a/crypto/openssl/crypto/des/des.pod
+++ b/crypto/des/des.pod
diff --git a/crypto/openssl/crypto/des/des3s.cpp b/crypto/des/des3s.cpp
index 02d527c..02d527c 100644
--- a/crypto/openssl/crypto/des/des3s.cpp
+++ b/crypto/des/des3s.cpp
diff --git a/crypto/openssl/crypto/des/des_enc.c b/crypto/des/des_enc.c
index 1c37ab9..1c37ab9 100644
--- a/crypto/openssl/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
diff --git a/crypto/openssl/crypto/des/des_locl.h b/crypto/des/des_locl.h
index 4b9ecff..4b9ecff 100644
--- a/crypto/openssl/crypto/des/des_locl.h
+++ b/crypto/des/des_locl.h
diff --git a/crypto/openssl/crypto/des/des_old.c b/crypto/des/des_old.c
index 7e4cd71..7e4cd71 100644
--- a/crypto/openssl/crypto/des/des_old.c
+++ b/crypto/des/des_old.c
diff --git a/crypto/openssl/crypto/des/des_old.h b/crypto/des/des_old.h
index 1b0620c..1b0620c 100644
--- a/crypto/openssl/crypto/des/des_old.h
+++ b/crypto/des/des_old.h
diff --git a/crypto/openssl/crypto/des/des_old2.c b/crypto/des/des_old2.c
index c8fa3ee..c8fa3ee 100644
--- a/crypto/openssl/crypto/des/des_old2.c
+++ b/crypto/des/des_old2.c
diff --git a/crypto/openssl/crypto/des/des_opts.c b/crypto/des/des_opts.c
index 2df8296..2df8296 100644
--- a/crypto/openssl/crypto/des/des_opts.c
+++ b/crypto/des/des_opts.c
diff --git a/crypto/openssl/crypto/des/des_ver.h b/crypto/des/des_ver.h
index d1ada25..d1ada25 100644
--- a/crypto/openssl/crypto/des/des_ver.h
+++ b/crypto/des/des_ver.h
diff --git a/crypto/openssl/crypto/des/dess.cpp b/crypto/des/dess.cpp
index 5549bab..5549bab 100644
--- a/crypto/openssl/crypto/des/dess.cpp
+++ b/crypto/des/dess.cpp
diff --git a/crypto/openssl/crypto/des/destest.c b/crypto/des/destest.c
index 64b92a3..64b92a3 100644
--- a/crypto/openssl/crypto/des/destest.c
+++ b/crypto/des/destest.c
diff --git a/crypto/openssl/crypto/des/ecb3_enc.c b/crypto/des/ecb3_enc.c
index c3437bc..c3437bc 100644
--- a/crypto/openssl/crypto/des/ecb3_enc.c
+++ b/crypto/des/ecb3_enc.c
diff --git a/crypto/openssl/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c
index 00d5b91..00d5b91 100644
--- a/crypto/openssl/crypto/des/ecb_enc.c
+++ b/crypto/des/ecb_enc.c
diff --git a/crypto/openssl/crypto/des/ede_cbcm_enc.c b/crypto/des/ede_cbcm_enc.c
index adfcb75..adfcb75 100644
--- a/crypto/openssl/crypto/des/ede_cbcm_enc.c
+++ b/crypto/des/ede_cbcm_enc.c
diff --git a/crypto/openssl/crypto/des/enc_read.c b/crypto/des/enc_read.c
index c70fb68..c70fb68 100644
--- a/crypto/openssl/crypto/des/enc_read.c
+++ b/crypto/des/enc_read.c
diff --git a/crypto/openssl/crypto/des/enc_writ.c b/crypto/des/enc_writ.c
index af5b8c2..af5b8c2 100644
--- a/crypto/openssl/crypto/des/enc_writ.c
+++ b/crypto/des/enc_writ.c
diff --git a/crypto/openssl/crypto/des/fcrypt.c b/crypto/des/fcrypt.c
index ccbdff2..ccbdff2 100644
--- a/crypto/openssl/crypto/des/fcrypt.c
+++ b/crypto/des/fcrypt.c
diff --git a/crypto/openssl/crypto/des/fcrypt_b.c b/crypto/des/fcrypt_b.c
index 1390138..1390138 100644
--- a/crypto/openssl/crypto/des/fcrypt_b.c
+++ b/crypto/des/fcrypt_b.c
diff --git a/crypto/openssl/crypto/des/makefile.bc b/crypto/des/makefile.bc
index 1fe6d49..1fe6d49 100644
--- a/crypto/openssl/crypto/des/makefile.bc
+++ b/crypto/des/makefile.bc
diff --git a/crypto/openssl/crypto/des/ncbc_enc.c b/crypto/des/ncbc_enc.c
index fda23d5..fda23d5 100644
--- a/crypto/openssl/crypto/des/ncbc_enc.c
+++ b/crypto/des/ncbc_enc.c
diff --git a/crypto/openssl/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c
index 26bbf9a..26bbf9a 100644
--- a/crypto/openssl/crypto/des/ofb64ede.c
+++ b/crypto/des/ofb64ede.c
diff --git a/crypto/openssl/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c
index 8ca3d49..8ca3d49 100644
--- a/crypto/openssl/crypto/des/ofb64enc.c
+++ b/crypto/des/ofb64enc.c
diff --git a/crypto/openssl/crypto/des/ofb_enc.c b/crypto/des/ofb_enc.c
index e887a3c..e887a3c 100644
--- a/crypto/openssl/crypto/des/ofb_enc.c
+++ b/crypto/des/ofb_enc.c
diff --git a/crypto/openssl/crypto/des/options.txt b/crypto/des/options.txt
index 6e2b50f..6e2b50f 100644
--- a/crypto/openssl/crypto/des/options.txt
+++ b/crypto/des/options.txt
diff --git a/crypto/openssl/crypto/des/pcbc_enc.c b/crypto/des/pcbc_enc.c
index 17a40f9..17a40f9 100644
--- a/crypto/openssl/crypto/des/pcbc_enc.c
+++ b/crypto/des/pcbc_enc.c
diff --git a/crypto/openssl/crypto/des/qud_cksm.c b/crypto/des/qud_cksm.c
index dac2012..dac2012 100644
--- a/crypto/openssl/crypto/des/qud_cksm.c
+++ b/crypto/des/qud_cksm.c
diff --git a/crypto/openssl/crypto/des/rand_key.c b/crypto/des/rand_key.c
index 2398165..2398165 100644
--- a/crypto/openssl/crypto/des/rand_key.c
+++ b/crypto/des/rand_key.c
diff --git a/crypto/openssl/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
index ee6969f..ee6969f 100644
--- a/crypto/openssl/crypto/des/read2pwd.c
+++ b/crypto/des/read2pwd.c
diff --git a/crypto/openssl/crypto/des/read_pwd.c b/crypto/des/read_pwd.c
index ce5fa00..ce5fa00 100644
--- a/crypto/openssl/crypto/des/read_pwd.c
+++ b/crypto/des/read_pwd.c
diff --git a/crypto/openssl/crypto/des/rpc_des.h b/crypto/des/rpc_des.h
index 4cbb4d2..4cbb4d2 100644
--- a/crypto/openssl/crypto/des/rpc_des.h
+++ b/crypto/des/rpc_des.h
diff --git a/crypto/openssl/crypto/des/rpc_enc.c b/crypto/des/rpc_enc.c
index d937d08..d937d08 100644
--- a/crypto/openssl/crypto/des/rpc_enc.c
+++ b/crypto/des/rpc_enc.c
diff --git a/crypto/openssl/crypto/des/rpw.c b/crypto/des/rpw.c
index 8a9473c..8a9473c 100644
--- a/crypto/openssl/crypto/des/rpw.c
+++ b/crypto/des/rpw.c
diff --git a/crypto/openssl/crypto/des/set_key.c b/crypto/des/set_key.c
index 55efe03..55efe03 100644
--- a/crypto/openssl/crypto/des/set_key.c
+++ b/crypto/des/set_key.c
diff --git a/crypto/openssl/crypto/des/speed.c b/crypto/des/speed.c
index 1616f4b..1616f4b 100644
--- a/crypto/openssl/crypto/des/speed.c
+++ b/crypto/des/speed.c
diff --git a/crypto/openssl/crypto/des/spr.h b/crypto/des/spr.h
index b91936a..b91936a 100644
--- a/crypto/openssl/crypto/des/spr.h
+++ b/crypto/des/spr.h
diff --git a/crypto/openssl/crypto/des/str2key.c b/crypto/des/str2key.c
index 9c2054b..9c2054b 100644
--- a/crypto/openssl/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
diff --git a/crypto/openssl/crypto/des/t/test b/crypto/des/t/test
index 97acd05..97acd05 100644
--- a/crypto/openssl/crypto/des/t/test
+++ b/crypto/des/t/test
diff --git a/crypto/openssl/crypto/des/times/486-50.sol b/crypto/des/times/486-50.sol
index 0de62d6..0de62d6 100644
--- a/crypto/openssl/crypto/des/times/486-50.sol
+++ b/crypto/des/times/486-50.sol
diff --git a/crypto/openssl/crypto/des/times/586-100.lnx b/crypto/des/times/586-100.lnx
index 4323914..4323914 100644
--- a/crypto/openssl/crypto/des/times/586-100.lnx
+++ b/crypto/des/times/586-100.lnx
diff --git a/crypto/openssl/crypto/des/times/686-200.fre b/crypto/des/times/686-200.fre
index 7d83f6a..7d83f6a 100644
--- a/crypto/openssl/crypto/des/times/686-200.fre
+++ b/crypto/des/times/686-200.fre
diff --git a/crypto/openssl/crypto/des/times/aix.cc b/crypto/des/times/aix.cc
index d96b74e..d96b74e 100644
--- a/crypto/openssl/crypto/des/times/aix.cc
+++ b/crypto/des/times/aix.cc
diff --git a/crypto/openssl/crypto/des/times/alpha.cc b/crypto/des/times/alpha.cc
index 95c17ef..95c17ef 100644
--- a/crypto/openssl/crypto/des/times/alpha.cc
+++ b/crypto/des/times/alpha.cc
diff --git a/crypto/openssl/crypto/des/times/hpux.cc b/crypto/des/times/hpux.cc
index 3de856d..3de856d 100644
--- a/crypto/openssl/crypto/des/times/hpux.cc
+++ b/crypto/des/times/hpux.cc
diff --git a/crypto/openssl/crypto/des/times/sparc.gcc b/crypto/des/times/sparc.gcc
index 8eaa042..8eaa042 100644
--- a/crypto/openssl/crypto/des/times/sparc.gcc
+++ b/crypto/des/times/sparc.gcc
diff --git a/crypto/openssl/crypto/des/times/usparc.cc b/crypto/des/times/usparc.cc
index f6ec8e8..f6ec8e8 100644
--- a/crypto/openssl/crypto/des/times/usparc.cc
+++ b/crypto/des/times/usparc.cc
diff --git a/crypto/openssl/crypto/des/typemap b/crypto/des/typemap
index a524f53..a524f53 100644
--- a/crypto/openssl/crypto/des/typemap
+++ b/crypto/des/typemap
diff --git a/crypto/openssl/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c
index 47246eb..47246eb 100644
--- a/crypto/openssl/crypto/des/xcbc_enc.c
+++ b/crypto/des/xcbc_enc.c
diff --git a/crypto/openssl/crypto/dh/Makefile b/crypto/dh/Makefile
index d368e33..d368e33 100644
--- a/crypto/openssl/crypto/dh/Makefile
+++ b/crypto/dh/Makefile
diff --git a/crypto/openssl/crypto/dh/dh.h b/crypto/dh/dh.h
index ccdf35a..ccdf35a 100644
--- a/crypto/openssl/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
diff --git a/crypto/openssl/crypto/dh/dh1024.pem b/crypto/dh/dh1024.pem
index 81d43f6..81d43f6 100644
--- a/crypto/openssl/crypto/dh/dh1024.pem
+++ b/crypto/dh/dh1024.pem
diff --git a/crypto/openssl/crypto/dh/dh192.pem b/crypto/dh/dh192.pem
index 521c072..521c072 100644
--- a/crypto/openssl/crypto/dh/dh192.pem
+++ b/crypto/dh/dh192.pem
diff --git a/crypto/openssl/crypto/dh/dh2048.pem b/crypto/dh/dh2048.pem
index 295460f..295460f 100644
--- a/crypto/openssl/crypto/dh/dh2048.pem
+++ b/crypto/dh/dh2048.pem
diff --git a/crypto/openssl/crypto/dh/dh4096.pem b/crypto/dh/dh4096.pem
index 390943a..390943a 100644
--- a/crypto/openssl/crypto/dh/dh4096.pem
+++ b/crypto/dh/dh4096.pem
diff --git a/crypto/openssl/crypto/dh/dh512.pem b/crypto/dh/dh512.pem
index 0a4d863..0a4d863 100644
--- a/crypto/openssl/crypto/dh/dh512.pem
+++ b/crypto/dh/dh512.pem
diff --git a/crypto/openssl/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
index 769b5b6..769b5b6 100644
--- a/crypto/openssl/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
diff --git a/crypto/openssl/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 058aec7..058aec7 100644
--- a/crypto/openssl/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
diff --git a/crypto/openssl/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c
index acc05f2..acc05f2 100644
--- a/crypto/openssl/crypto/dh/dh_depr.c
+++ b/crypto/dh/dh_depr.c
diff --git a/crypto/openssl/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
index a2d8196..a2d8196 100644
--- a/crypto/openssl/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
diff --git a/crypto/openssl/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index cfd5b11..cfd5b11 100644
--- a/crypto/openssl/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 37a2c1b..37a2c1b 100644
--- a/crypto/openssl/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
diff --git a/crypto/openssl/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 7aef080..7aef080 100644
--- a/crypto/openssl/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
diff --git a/crypto/openssl/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
index 882f5c3..882f5c3 100644
--- a/crypto/openssl/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
diff --git a/crypto/openssl/crypto/dh/example b/crypto/dh/example
index 16a33d2..16a33d2 100644
--- a/crypto/openssl/crypto/dh/example
+++ b/crypto/dh/example
diff --git a/crypto/openssl/crypto/dh/generate b/crypto/dh/generate
index 5d40723..5d40723 100644
--- a/crypto/openssl/crypto/dh/generate
+++ b/crypto/dh/generate
diff --git a/crypto/openssl/crypto/dh/p1024.c b/crypto/dh/p1024.c
index 368ceca..368ceca 100644
--- a/crypto/openssl/crypto/dh/p1024.c
+++ b/crypto/dh/p1024.c
diff --git a/crypto/openssl/crypto/dh/p192.c b/crypto/dh/p192.c
index 7bdf404..7bdf404 100644
--- a/crypto/openssl/crypto/dh/p192.c
+++ b/crypto/dh/p192.c
diff --git a/crypto/openssl/crypto/dh/p512.c b/crypto/dh/p512.c
index a9b6aa8..a9b6aa8 100644
--- a/crypto/openssl/crypto/dh/p512.c
+++ b/crypto/dh/p512.c
diff --git a/crypto/openssl/crypto/dsa/Makefile b/crypto/dsa/Makefile
index 676baf7..676baf7 100644
--- a/crypto/openssl/crypto/dsa/Makefile
+++ b/crypto/dsa/Makefile
diff --git a/crypto/openssl/crypto/dsa/README b/crypto/dsa/README
index 6a7e9c1..6a7e9c1 100644
--- a/crypto/openssl/crypto/dsa/README
+++ b/crypto/dsa/README
diff --git a/crypto/openssl/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index 3a8fe5b..3a8fe5b 100644
--- a/crypto/openssl/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
diff --git a/crypto/openssl/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index 23fce55..23fce55 100644
--- a/crypto/openssl/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
diff --git a/crypto/openssl/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c
index f2da680..f2da680 100644
--- a/crypto/openssl/crypto/dsa/dsa_depr.c
+++ b/crypto/dsa/dsa_depr.c
diff --git a/crypto/openssl/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
index 7687119..7687119 100644
--- a/crypto/openssl/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
diff --git a/crypto/openssl/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 6a6be3b..6a6be3b 100644
--- a/crypto/openssl/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
diff --git a/crypto/openssl/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index 0423f2e..0423f2e 100644
--- a/crypto/openssl/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
diff --git a/crypto/openssl/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index e9b7590..e9b7590 100644
--- a/crypto/openssl/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index e6aad85..e6aad85 100644
--- a/crypto/openssl/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
diff --git a/crypto/openssl/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index 8920502..8920502 100644
--- a/crypto/openssl/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
diff --git a/crypto/openssl/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
index c4aeddd..c4aeddd 100644
--- a/crypto/openssl/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
diff --git a/crypto/openssl/crypto/dsa/dsagen.c b/crypto/dsa/dsagen.c
index 1b6a1cc..1b6a1cc 100644
--- a/crypto/openssl/crypto/dsa/dsagen.c
+++ b/crypto/dsa/dsagen.c
diff --git a/crypto/openssl/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
index 912317b..912317b 100644
--- a/crypto/openssl/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
diff --git a/crypto/openssl/crypto/dsa/fips186a.txt b/crypto/dsa/fips186a.txt
index 3a2e0a0..3a2e0a0 100644
--- a/crypto/openssl/crypto/dsa/fips186a.txt
+++ b/crypto/dsa/fips186a.txt
diff --git a/crypto/openssl/crypto/dso/Makefile b/crypto/dso/Makefile
index 07f5d8d..07f5d8d 100644
--- a/crypto/openssl/crypto/dso/Makefile
+++ b/crypto/dso/Makefile
diff --git a/crypto/openssl/crypto/dso/README b/crypto/dso/README
index d0bc9a8..d0bc9a8 100644
--- a/crypto/openssl/crypto/dso/README
+++ b/crypto/dso/README
diff --git a/crypto/openssl/crypto/dso/dso.h b/crypto/dso/dso.h
index 3e51913..3e51913 100644
--- a/crypto/openssl/crypto/dso/dso.h
+++ b/crypto/dso/dso.h
diff --git a/crypto/openssl/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c
index 417abb6..417abb6 100644
--- a/crypto/openssl/crypto/dso/dso_dl.c
+++ b/crypto/dso/dso_dl.c
diff --git a/crypto/openssl/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c
index 1fd1010..1fd1010 100644
--- a/crypto/openssl/crypto/dso/dso_dlfcn.c
+++ b/crypto/dso/dso_dlfcn.c
diff --git a/crypto/openssl/crypto/dso/dso_err.c b/crypto/dso/dso_err.c
index a8b0a21..a8b0a21 100644
--- a/crypto/openssl/crypto/dso/dso_err.c
+++ b/crypto/dso/dso_err.c
diff --git a/crypto/openssl/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
index 49bdd71..49bdd71 100644
--- a/crypto/openssl/crypto/dso/dso_lib.c
+++ b/crypto/dso/dso_lib.c
diff --git a/crypto/openssl/crypto/dso/dso_null.c b/crypto/dso/dso_null.c
index 4972984..4972984 100644
--- a/crypto/openssl/crypto/dso/dso_null.c
+++ b/crypto/dso/dso_null.c
diff --git a/crypto/openssl/crypto/dso/dso_openssl.c b/crypto/dso/dso_openssl.c
index a4395eb..a4395eb 100644
--- a/crypto/openssl/crypto/dso/dso_openssl.c
+++ b/crypto/dso/dso_openssl.c
diff --git a/crypto/openssl/crypto/ebcdic.c b/crypto/ebcdic.c
index 43e53bc..43e53bc 100644
--- a/crypto/openssl/crypto/ebcdic.c
+++ b/crypto/ebcdic.c
diff --git a/crypto/openssl/crypto/ebcdic.h b/crypto/ebcdic.h
index 6d65afc..6d65afc 100644
--- a/crypto/openssl/crypto/ebcdic.h
+++ b/crypto/ebcdic.h
diff --git a/crypto/openssl/crypto/ec/Makefile b/crypto/ec/Makefile
index 42f7bb7..42f7bb7 100644
--- a/crypto/openssl/crypto/ec/Makefile
+++ b/crypto/ec/Makefile
diff --git a/crypto/openssl/crypto/ec/ec.h b/crypto/ec/ec.h
index 3c96fbd..3c96fbd 100644
--- a/crypto/openssl/crypto/ec/ec.h
+++ b/crypto/ec/ec.h
diff --git a/crypto/openssl/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c
index ff368fd..ff368fd 100644
--- a/crypto/openssl/crypto/ec/ec2_mult.c
+++ b/crypto/ec/ec2_mult.c
diff --git a/crypto/openssl/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
index 5cd1eac..5cd1eac 100644
--- a/crypto/openssl/crypto/ec/ec2_smpl.c
+++ b/crypto/ec/ec2_smpl.c
diff --git a/crypto/openssl/crypto/ec/ec2_smpt.c b/crypto/ec/ec2_smpt.c
index 72a8d57..72a8d57 100644
--- a/crypto/openssl/crypto/ec/ec2_smpt.c
+++ b/crypto/ec/ec2_smpt.c
diff --git a/crypto/openssl/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index ae55539..ae55539 100644
--- a/crypto/openssl/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
diff --git a/crypto/openssl/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index 0e316b4..0e316b4 100644
--- a/crypto/openssl/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
diff --git a/crypto/openssl/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
index beac209..beac209 100644
--- a/crypto/openssl/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
diff --git a/crypto/openssl/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c
index d45640b..d45640b 100644
--- a/crypto/openssl/crypto/ec/ec_cvt.c
+++ b/crypto/ec/ec_cvt.c
diff --git a/crypto/openssl/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
index 7be315b..7be315b 100644
--- a/crypto/openssl/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
diff --git a/crypto/openssl/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 3d6c900..3d6c900 100644
--- a/crypto/openssl/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
diff --git a/crypto/openssl/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h
index fdd7aa2..fdd7aa2 100644
--- a/crypto/openssl/crypto/ec/ec_lcl.h
+++ b/crypto/ec/ec_lcl.h
diff --git a/crypto/openssl/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index 5af8437..5af8437 100644
--- a/crypto/openssl/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
diff --git a/crypto/openssl/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
index a045139..a045139 100644
--- a/crypto/openssl/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
diff --git a/crypto/openssl/crypto/ec/ec_print.c b/crypto/ec/ec_print.c
index f7c8a30..f7c8a30 100644
--- a/crypto/openssl/crypto/ec/ec_print.c
+++ b/crypto/ec/ec_print.c
diff --git a/crypto/openssl/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c
index 9fc4a46..9fc4a46 100644
--- a/crypto/openssl/crypto/ec/ecp_mont.c
+++ b/crypto/ec/ecp_mont.c
diff --git a/crypto/openssl/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c
index 71893d5..71893d5 100644
--- a/crypto/openssl/crypto/ec/ecp_nist.c
+++ b/crypto/ec/ecp_nist.c
diff --git a/crypto/openssl/crypto/ec/ecp_recp.c b/crypto/ec/ecp_recp.c
index fec843b..fec843b 100644
--- a/crypto/openssl/crypto/ec/ecp_recp.c
+++ b/crypto/ec/ecp_recp.c
diff --git a/crypto/openssl/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
index 4d26f8b..4d26f8b 100644
--- a/crypto/openssl/crypto/ec/ecp_smpl.c
+++ b/crypto/ec/ecp_smpl.c
diff --git a/crypto/openssl/crypto/ec/ectest.c b/crypto/ec/ectest.c
index 9d469f1..9d469f1 100644
--- a/crypto/openssl/crypto/ec/ectest.c
+++ b/crypto/ec/ectest.c
diff --git a/crypto/openssl/crypto/ecdh/Makefile b/crypto/ecdh/Makefile
index 95aa69f..95aa69f 100644
--- a/crypto/openssl/crypto/ecdh/Makefile
+++ b/crypto/ecdh/Makefile
diff --git a/crypto/openssl/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h
index b4b58ee..b4b58ee 100644
--- a/crypto/openssl/crypto/ecdh/ecdh.h
+++ b/crypto/ecdh/ecdh.h
diff --git a/crypto/openssl/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c
index 01baa5f..01baa5f 100644
--- a/crypto/openssl/crypto/ecdh/ecdhtest.c
+++ b/crypto/ecdh/ecdhtest.c
diff --git a/crypto/openssl/crypto/ecdh/ech_err.c b/crypto/ecdh/ech_err.c
index 4d2ede7..4d2ede7 100644
--- a/crypto/openssl/crypto/ecdh/ech_err.c
+++ b/crypto/ecdh/ech_err.c
diff --git a/crypto/openssl/crypto/ecdh/ech_key.c b/crypto/ecdh/ech_key.c
index f44da92..f44da92 100644
--- a/crypto/openssl/crypto/ecdh/ech_key.c
+++ b/crypto/ecdh/ech_key.c
diff --git a/crypto/openssl/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c
index e89b1d4..e89b1d4 100644
--- a/crypto/openssl/crypto/ecdh/ech_lib.c
+++ b/crypto/ecdh/ech_lib.c
diff --git a/crypto/openssl/crypto/ecdh/ech_locl.h b/crypto/ecdh/ech_locl.h
index f658526..f658526 100644
--- a/crypto/openssl/crypto/ecdh/ech_locl.h
+++ b/crypto/ecdh/ech_locl.h
diff --git a/crypto/openssl/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
index 2a40ff1..2a40ff1 100644
--- a/crypto/openssl/crypto/ecdh/ech_ossl.c
+++ b/crypto/ecdh/ech_ossl.c
diff --git a/crypto/openssl/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile
index 16a93cd..16a93cd 100644
--- a/crypto/openssl/crypto/ecdsa/Makefile
+++ b/crypto/ecdsa/Makefile
diff --git a/crypto/openssl/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h
index f20c8ee..f20c8ee 100644
--- a/crypto/openssl/crypto/ecdsa/ecdsa.h
+++ b/crypto/ecdsa/ecdsa.h
diff --git a/crypto/openssl/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c
index 59be39b..59be39b 100644
--- a/crypto/openssl/crypto/ecdsa/ecdsatest.c
+++ b/crypto/ecdsa/ecdsatest.c
diff --git a/crypto/openssl/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c
index b295489..b295489 100644
--- a/crypto/openssl/crypto/ecdsa/ecs_asn1.c
+++ b/crypto/ecdsa/ecs_asn1.c
diff --git a/crypto/openssl/crypto/ecdsa/ecs_err.c b/crypto/ecdsa/ecs_err.c
index d2a5373..d2a5373 100644
--- a/crypto/openssl/crypto/ecdsa/ecs_err.c
+++ b/crypto/ecdsa/ecs_err.c
diff --git a/crypto/openssl/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c
index 85e8a3a..85e8a3a 100644
--- a/crypto/openssl/crypto/ecdsa/ecs_lib.c
+++ b/crypto/ecdsa/ecs_lib.c
diff --git a/crypto/openssl/crypto/ecdsa/ecs_locl.h b/crypto/ecdsa/ecs_locl.h
index 3a69a84..3a69a84 100644
--- a/crypto/openssl/crypto/ecdsa/ecs_locl.h
+++ b/crypto/ecdsa/ecs_locl.h
diff --git a/crypto/openssl/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
index 32d66a9..32d66a9 100644
--- a/crypto/openssl/crypto/ecdsa/ecs_ossl.c
+++ b/crypto/ecdsa/ecs_ossl.c
diff --git a/crypto/openssl/crypto/ecdsa/ecs_sign.c b/crypto/ecdsa/ecs_sign.c
index 74b1fe8..74b1fe8 100644
--- a/crypto/openssl/crypto/ecdsa/ecs_sign.c
+++ b/crypto/ecdsa/ecs_sign.c
diff --git a/crypto/openssl/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c
index ef9acf7..ef9acf7 100644
--- a/crypto/openssl/crypto/ecdsa/ecs_vrf.c
+++ b/crypto/ecdsa/ecs_vrf.c
diff --git a/crypto/openssl/crypto/engine/Makefile b/crypto/engine/Makefile
index 13f211a..13f211a 100644
--- a/crypto/openssl/crypto/engine/Makefile
+++ b/crypto/engine/Makefile
diff --git a/crypto/openssl/crypto/engine/README b/crypto/engine/README
index 6b69b70..6b69b70 100644
--- a/crypto/openssl/crypto/engine/README
+++ b/crypto/engine/README
diff --git a/crypto/openssl/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
index 8599046..8599046 100644
--- a/crypto/openssl/crypto/engine/eng_all.c
+++ b/crypto/engine/eng_all.c
diff --git a/crypto/openssl/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c
index a97e01e..a97e01e 100644
--- a/crypto/openssl/crypto/engine/eng_cnf.c
+++ b/crypto/engine/eng_cnf.c
diff --git a/crypto/openssl/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
index ab38cd5..ab38cd5 100644
--- a/crypto/openssl/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
diff --git a/crypto/openssl/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c
index 95b6b45..95b6b45 100644
--- a/crypto/openssl/crypto/engine/eng_ctrl.c
+++ b/crypto/engine/eng_ctrl.c
diff --git a/crypto/openssl/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index acb30c3..acb30c3 100644
--- a/crypto/openssl/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
diff --git a/crypto/openssl/crypto/engine/eng_err.c b/crypto/engine/eng_err.c
index 369f2e2..369f2e2 100644
--- a/crypto/openssl/crypto/engine/eng_err.c
+++ b/crypto/engine/eng_err.c
diff --git a/crypto/openssl/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c
index 27c1662..27c1662 100644
--- a/crypto/openssl/crypto/engine/eng_fat.c
+++ b/crypto/engine/eng_fat.c
diff --git a/crypto/openssl/crypto/engine/eng_init.c b/crypto/engine/eng_init.c
index 7633cf5..7633cf5 100644
--- a/crypto/openssl/crypto/engine/eng_init.c
+++ b/crypto/engine/eng_init.c
diff --git a/crypto/openssl/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
index a5b1ede..a5b1ede 100644
--- a/crypto/openssl/crypto/engine/eng_int.h
+++ b/crypto/engine/eng_int.h
diff --git a/crypto/openssl/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index 5815b86..5815b86 100644
--- a/crypto/openssl/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
diff --git a/crypto/openssl/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index bd51194..bd51194 100644
--- a/crypto/openssl/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
diff --git a/crypto/openssl/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 7c139ae..7c139ae 100644
--- a/crypto/openssl/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
diff --git a/crypto/openssl/crypto/engine/eng_padlock.c b/crypto/engine/eng_padlock.c
index e1d66ea..e1d66ea 100644
--- a/crypto/openssl/crypto/engine/eng_padlock.c
+++ b/crypto/engine/eng_padlock.c
diff --git a/crypto/openssl/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c
index bc8b21a..bc8b21a 100644
--- a/crypto/openssl/crypto/engine/eng_pkey.c
+++ b/crypto/engine/eng_pkey.c
diff --git a/crypto/openssl/crypto/engine/eng_table.c b/crypto/engine/eng_table.c
index a83c389..a83c389 100644
--- a/crypto/openssl/crypto/engine/eng_table.c
+++ b/crypto/engine/eng_table.c
diff --git a/crypto/openssl/crypto/engine/engine.h b/crypto/engine/engine.h
index 3ec5933..3ec5933 100644
--- a/crypto/openssl/crypto/engine/engine.h
+++ b/crypto/engine/engine.h
diff --git a/crypto/openssl/crypto/engine/enginetest.c b/crypto/engine/enginetest.c
index cf82f49..cf82f49 100644
--- a/crypto/openssl/crypto/engine/enginetest.c
+++ b/crypto/engine/enginetest.c
diff --git a/crypto/openssl/crypto/engine/hw.ec b/crypto/engine/hw.ec
index 5481a43..5481a43 100644
--- a/crypto/openssl/crypto/engine/hw.ec
+++ b/crypto/engine/hw.ec
diff --git a/crypto/openssl/crypto/engine/hw_4758_cca.c b/crypto/engine/hw_4758_cca.c
index 4f5ae8a..4f5ae8a 100644
--- a/crypto/openssl/crypto/engine/hw_4758_cca.c
+++ b/crypto/engine/hw_4758_cca.c
diff --git a/crypto/openssl/crypto/engine/hw_4758_cca_err.c b/crypto/engine/hw_4758_cca_err.c
index 7ea5c63..7ea5c63 100644
--- a/crypto/openssl/crypto/engine/hw_4758_cca_err.c
+++ b/crypto/engine/hw_4758_cca_err.c
diff --git a/crypto/openssl/crypto/engine/hw_4758_cca_err.h b/crypto/engine/hw_4758_cca_err.h
index 2fc563a..2fc563a 100644
--- a/crypto/openssl/crypto/engine/hw_4758_cca_err.h
+++ b/crypto/engine/hw_4758_cca_err.h
diff --git a/crypto/openssl/crypto/engine/hw_aep.c b/crypto/engine/hw_aep.c
index 8b8380a..8b8380a 100644
--- a/crypto/openssl/crypto/engine/hw_aep.c
+++ b/crypto/engine/hw_aep.c
diff --git a/crypto/openssl/crypto/engine/hw_aep_err.c b/crypto/engine/hw_aep_err.c
index 092f532..092f532 100644
--- a/crypto/openssl/crypto/engine/hw_aep_err.c
+++ b/crypto/engine/hw_aep_err.c
diff --git a/crypto/openssl/crypto/engine/hw_aep_err.h b/crypto/engine/hw_aep_err.h
index 8fe4cf9..8fe4cf9 100644
--- a/crypto/openssl/crypto/engine/hw_aep_err.h
+++ b/crypto/engine/hw_aep_err.h
diff --git a/crypto/openssl/crypto/engine/hw_atalla.c b/crypto/engine/hw_atalla.c
index e9eff9f..e9eff9f 100644
--- a/crypto/openssl/crypto/engine/hw_atalla.c
+++ b/crypto/engine/hw_atalla.c
diff --git a/crypto/openssl/crypto/engine/hw_atalla_err.c b/crypto/engine/hw_atalla_err.c
index 1df9c45..1df9c45 100644
--- a/crypto/openssl/crypto/engine/hw_atalla_err.c
+++ b/crypto/engine/hw_atalla_err.c
diff --git a/crypto/openssl/crypto/engine/hw_atalla_err.h b/crypto/engine/hw_atalla_err.h
index cdac052..cdac052 100644
--- a/crypto/openssl/crypto/engine/hw_atalla_err.h
+++ b/crypto/engine/hw_atalla_err.h
diff --git a/crypto/openssl/crypto/engine/hw_cryptodev.c b/crypto/engine/hw_cryptodev.c
index 3e7fff1..3e7fff1 100644
--- a/crypto/openssl/crypto/engine/hw_cryptodev.c
+++ b/crypto/engine/hw_cryptodev.c
diff --git a/crypto/openssl/crypto/engine/hw_cswift.c b/crypto/engine/hw_cswift.c
index f128ee5..f128ee5 100644
--- a/crypto/openssl/crypto/engine/hw_cswift.c
+++ b/crypto/engine/hw_cswift.c
diff --git a/crypto/openssl/crypto/engine/hw_cswift_err.c b/crypto/engine/hw_cswift_err.c
index 684f53b..684f53b 100644
--- a/crypto/openssl/crypto/engine/hw_cswift_err.c
+++ b/crypto/engine/hw_cswift_err.c
diff --git a/crypto/openssl/crypto/engine/hw_cswift_err.h b/crypto/engine/hw_cswift_err.h
index 7120c32..7120c32 100644
--- a/crypto/openssl/crypto/engine/hw_cswift_err.h
+++ b/crypto/engine/hw_cswift_err.h
diff --git a/crypto/openssl/crypto/engine/hw_ncipher.c b/crypto/engine/hw_ncipher.c
index 0d1c6b8..0d1c6b8 100644
--- a/crypto/openssl/crypto/engine/hw_ncipher.c
+++ b/crypto/engine/hw_ncipher.c
diff --git a/crypto/openssl/crypto/engine/hw_ncipher_err.c b/crypto/engine/hw_ncipher_err.c
index 5bc9458..5bc9458 100644
--- a/crypto/openssl/crypto/engine/hw_ncipher_err.c
+++ b/crypto/engine/hw_ncipher_err.c
diff --git a/crypto/openssl/crypto/engine/hw_ncipher_err.h b/crypto/engine/hw_ncipher_err.h
index d232d02..d232d02 100644
--- a/crypto/openssl/crypto/engine/hw_ncipher_err.h
+++ b/crypto/engine/hw_ncipher_err.h
diff --git a/crypto/openssl/crypto/engine/hw_nuron.c b/crypto/engine/hw_nuron.c
index fb9188b..fb9188b 100644
--- a/crypto/openssl/crypto/engine/hw_nuron.c
+++ b/crypto/engine/hw_nuron.c
diff --git a/crypto/openssl/crypto/engine/hw_nuron_err.c b/crypto/engine/hw_nuron_err.c
index df9d7bd..df9d7bd 100644
--- a/crypto/openssl/crypto/engine/hw_nuron_err.c
+++ b/crypto/engine/hw_nuron_err.c
diff --git a/crypto/openssl/crypto/engine/hw_nuron_err.h b/crypto/engine/hw_nuron_err.h
index a56bfdf..a56bfdf 100644
--- a/crypto/openssl/crypto/engine/hw_nuron_err.h
+++ b/crypto/engine/hw_nuron_err.h
diff --git a/crypto/openssl/crypto/engine/hw_sureware.c b/crypto/engine/hw_sureware.c
index fca467e..fca467e 100644
--- a/crypto/openssl/crypto/engine/hw_sureware.c
+++ b/crypto/engine/hw_sureware.c
diff --git a/crypto/openssl/crypto/engine/hw_sureware_err.c b/crypto/engine/hw_sureware_err.c
index 69955da..69955da 100644
--- a/crypto/openssl/crypto/engine/hw_sureware_err.c
+++ b/crypto/engine/hw_sureware_err.c
diff --git a/crypto/openssl/crypto/engine/hw_sureware_err.h b/crypto/engine/hw_sureware_err.h
index bc52af5..bc52af5 100644
--- a/crypto/openssl/crypto/engine/hw_sureware_err.h
+++ b/crypto/engine/hw_sureware_err.h
diff --git a/crypto/openssl/crypto/engine/hw_ubsec.c b/crypto/engine/hw_ubsec.c
index 5234a08..5234a08 100644
--- a/crypto/openssl/crypto/engine/hw_ubsec.c
+++ b/crypto/engine/hw_ubsec.c
diff --git a/crypto/openssl/crypto/engine/hw_ubsec_err.c b/crypto/engine/hw_ubsec_err.c
index d707331..d707331 100644
--- a/crypto/openssl/crypto/engine/hw_ubsec_err.c
+++ b/crypto/engine/hw_ubsec_err.c
diff --git a/crypto/openssl/crypto/engine/hw_ubsec_err.h b/crypto/engine/hw_ubsec_err.h
index 023d3be..023d3be 100644
--- a/crypto/openssl/crypto/engine/hw_ubsec_err.h
+++ b/crypto/engine/hw_ubsec_err.h
diff --git a/crypto/openssl/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c
index 177fc1f..177fc1f 100644
--- a/crypto/openssl/crypto/engine/tb_cipher.c
+++ b/crypto/engine/tb_cipher.c
diff --git a/crypto/openssl/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c
index 6e9d428..6e9d428 100644
--- a/crypto/openssl/crypto/engine/tb_dh.c
+++ b/crypto/engine/tb_dh.c
diff --git a/crypto/openssl/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c
index d3f4bb2..d3f4bb2 100644
--- a/crypto/openssl/crypto/engine/tb_digest.c
+++ b/crypto/engine/tb_digest.c
diff --git a/crypto/openssl/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c
index e4674f5..e4674f5 100644
--- a/crypto/openssl/crypto/engine/tb_dsa.c
+++ b/crypto/engine/tb_dsa.c
diff --git a/crypto/openssl/crypto/engine/tb_ecdh.c b/crypto/engine/tb_ecdh.c
index c8ec781..c8ec781 100644
--- a/crypto/openssl/crypto/engine/tb_ecdh.c
+++ b/crypto/engine/tb_ecdh.c
diff --git a/crypto/openssl/crypto/engine/tb_ecdsa.c b/crypto/engine/tb_ecdsa.c
index 005ecb6..005ecb6 100644
--- a/crypto/openssl/crypto/engine/tb_ecdsa.c
+++ b/crypto/engine/tb_ecdsa.c
diff --git a/crypto/openssl/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c
index f36f67c..f36f67c 100644
--- a/crypto/openssl/crypto/engine/tb_rand.c
+++ b/crypto/engine/tb_rand.c
diff --git a/crypto/openssl/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c
index fbc707f..fbc707f 100644
--- a/crypto/openssl/crypto/engine/tb_rsa.c
+++ b/crypto/engine/tb_rsa.c
diff --git a/crypto/openssl/crypto/engine/tb_store.c b/crypto/engine/tb_store.c
index 8cc435c..8cc435c 100644
--- a/crypto/openssl/crypto/engine/tb_store.c
+++ b/crypto/engine/tb_store.c
diff --git a/crypto/openssl/crypto/engine/vendor_defns/aep.h b/crypto/engine/vendor_defns/aep.h
index 2b2792d..2b2792d 100644
--- a/crypto/openssl/crypto/engine/vendor_defns/aep.h
+++ b/crypto/engine/vendor_defns/aep.h
diff --git a/crypto/openssl/crypto/engine/vendor_defns/atalla.h b/crypto/engine/vendor_defns/atalla.h
index 149970d..149970d 100644
--- a/crypto/openssl/crypto/engine/vendor_defns/atalla.h
+++ b/crypto/engine/vendor_defns/atalla.h
diff --git a/crypto/openssl/crypto/engine/vendor_defns/cswift.h b/crypto/engine/vendor_defns/cswift.h
index 6007932..6007932 100644
--- a/crypto/openssl/crypto/engine/vendor_defns/cswift.h
+++ b/crypto/engine/vendor_defns/cswift.h
diff --git a/crypto/openssl/crypto/engine/vendor_defns/hw_4758_cca.h b/crypto/engine/vendor_defns/hw_4758_cca.h
index 296636e..296636e 100644
--- a/crypto/openssl/crypto/engine/vendor_defns/hw_4758_cca.h
+++ b/crypto/engine/vendor_defns/hw_4758_cca.h
diff --git a/crypto/openssl/crypto/engine/vendor_defns/hw_ubsec.h b/crypto/engine/vendor_defns/hw_ubsec.h
index b6619d4..b6619d4 100644
--- a/crypto/openssl/crypto/engine/vendor_defns/hw_ubsec.h
+++ b/crypto/engine/vendor_defns/hw_ubsec.h
diff --git a/crypto/openssl/crypto/engine/vendor_defns/hwcryptohook.h b/crypto/engine/vendor_defns/hwcryptohook.h
index 39224bc..39224bc 100644
--- a/crypto/openssl/crypto/engine/vendor_defns/hwcryptohook.h
+++ b/crypto/engine/vendor_defns/hwcryptohook.h
diff --git a/crypto/openssl/crypto/engine/vendor_defns/sureware.h b/crypto/engine/vendor_defns/sureware.h
index 1d378921..1d378921 100644
--- a/crypto/openssl/crypto/engine/vendor_defns/sureware.h
+++ b/crypto/engine/vendor_defns/sureware.h
diff --git a/crypto/openssl/crypto/err/Makefile b/crypto/err/Makefile
index 23e3840..23e3840 100644
--- a/crypto/openssl/crypto/err/Makefile
+++ b/crypto/err/Makefile
diff --git a/crypto/openssl/crypto/err/err.c b/crypto/err/err.c
index 96bd255..96bd255 100644
--- a/crypto/openssl/crypto/err/err.c
+++ b/crypto/err/err.c
diff --git a/crypto/openssl/crypto/err/err.h b/crypto/err/err.h
index b723cd9..b723cd9 100644
--- a/crypto/openssl/crypto/err/err.h
+++ b/crypto/err/err.h
diff --git a/crypto/openssl/crypto/err/err_all.c b/crypto/err/err_all.c
index c33d24b..c33d24b 100644
--- a/crypto/openssl/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
diff --git a/crypto/openssl/crypto/err/err_prn.c b/crypto/err/err_prn.c
index 2224a90..2224a90 100644
--- a/crypto/openssl/crypto/err/err_prn.c
+++ b/crypto/err/err_prn.c
diff --git a/crypto/openssl/crypto/err/openssl.ec b/crypto/err/openssl.ec
index 64200fc..64200fc 100644
--- a/crypto/openssl/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
diff --git a/crypto/openssl/crypto/evp/Makefile b/crypto/evp/Makefile
index a4f9ae2..a4f9ae2 100644
--- a/crypto/openssl/crypto/evp/Makefile
+++ b/crypto/evp/Makefile
diff --git a/crypto/openssl/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c
index fa5cbc7..fa5cbc7 100644
--- a/crypto/openssl/crypto/evp/bio_b64.c
+++ b/crypto/evp/bio_b64.c
diff --git a/crypto/openssl/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c
index f6ac94c..f6ac94c 100644
--- a/crypto/openssl/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
diff --git a/crypto/openssl/crypto/evp/bio_md.c b/crypto/evp/bio_md.c
index d648ac6..d648ac6 100644
--- a/crypto/openssl/crypto/evp/bio_md.c
+++ b/crypto/evp/bio_md.c
diff --git a/crypto/openssl/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
index 98bc1ab..98bc1ab 100644
--- a/crypto/openssl/crypto/evp/bio_ok.c
+++ b/crypto/evp/bio_ok.c
diff --git a/crypto/openssl/crypto/evp/c_all.c b/crypto/evp/c_all.c
index a5da52e..a5da52e 100644
--- a/crypto/openssl/crypto/evp/c_all.c
+++ b/crypto/evp/c_all.c
diff --git a/crypto/openssl/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
index 9ba4d0c..9ba4d0c 100644
--- a/crypto/openssl/crypto/evp/c_allc.c
+++ b/crypto/evp/c_allc.c
diff --git a/crypto/openssl/crypto/evp/c_alld.c b/crypto/evp/c_alld.c
index d270b0e..d270b0e 100644
--- a/crypto/openssl/crypto/evp/c_alld.c
+++ b/crypto/evp/c_alld.c
diff --git a/crypto/openssl/crypto/evp/digest.c b/crypto/evp/digest.c
index 762e6d3..762e6d3 100644
--- a/crypto/openssl/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
diff --git a/crypto/openssl/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index bd6c0a3..bd6c0a3 100644
--- a/crypto/openssl/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
diff --git a/crypto/openssl/crypto/evp/e_bf.c b/crypto/evp/e_bf.c
index cc224e5..cc224e5 100644
--- a/crypto/openssl/crypto/evp/e_bf.c
+++ b/crypto/evp/e_bf.c
diff --git a/crypto/openssl/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
index a7b40d1..a7b40d1 100644
--- a/crypto/openssl/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
diff --git a/crypto/openssl/crypto/evp/e_cast.c b/crypto/evp/e_cast.c
index d77bcd9..d77bcd9 100644
--- a/crypto/openssl/crypto/evp/e_cast.c
+++ b/crypto/evp/e_cast.c
diff --git a/crypto/openssl/crypto/evp/e_des.c b/crypto/evp/e_des.c
index 8563236..8563236 100644
--- a/crypto/openssl/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
diff --git a/crypto/openssl/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index ac148ef..ac148ef 100644
--- a/crypto/openssl/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
diff --git a/crypto/openssl/crypto/evp/e_dsa.c b/crypto/evp/e_dsa.c
index b96f273..b96f273 100644
--- a/crypto/openssl/crypto/evp/e_dsa.c
+++ b/crypto/evp/e_dsa.c
diff --git a/crypto/openssl/crypto/evp/e_idea.c b/crypto/evp/e_idea.c
index 48c33a7..48c33a7 100644
--- a/crypto/openssl/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
diff --git a/crypto/openssl/crypto/evp/e_null.c b/crypto/evp/e_null.c
index 5205259..5205259 100644
--- a/crypto/openssl/crypto/evp/e_null.c
+++ b/crypto/evp/e_null.c
diff --git a/crypto/openssl/crypto/evp/e_old.c b/crypto/evp/e_old.c
index 1642af4..1642af4 100644
--- a/crypto/openssl/crypto/evp/e_old.c
+++ b/crypto/evp/e_old.c
diff --git a/crypto/openssl/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c
index d37726f..d37726f 100644
--- a/crypto/openssl/crypto/evp/e_rc2.c
+++ b/crypto/evp/e_rc2.c
diff --git a/crypto/openssl/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c
index 67af850..67af850 100644
--- a/crypto/openssl/crypto/evp/e_rc4.c
+++ b/crypto/evp/e_rc4.c
diff --git a/crypto/openssl/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c
index 19a10c6..19a10c6 100644
--- a/crypto/openssl/crypto/evp/e_rc5.c
+++ b/crypto/evp/e_rc5.c
diff --git a/crypto/openssl/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c
index 8832da2..8832da2 100644
--- a/crypto/openssl/crypto/evp/e_xcbc_d.c
+++ b/crypto/evp/e_xcbc_d.c
diff --git a/crypto/openssl/crypto/evp/encode.c b/crypto/evp/encode.c
index 5921f0d..5921f0d 100644
--- a/crypto/openssl/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
diff --git a/crypto/openssl/crypto/evp/evp.h b/crypto/evp/evp.h
index 636f426..636f426 100644
--- a/crypto/openssl/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
diff --git a/crypto/openssl/crypto/evp/evp_acnf.c b/crypto/evp/evp_acnf.c
index ff3e311..ff3e311 100644
--- a/crypto/openssl/crypto/evp/evp_acnf.c
+++ b/crypto/evp/evp_acnf.c
diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index a190499..a190499 100644
--- a/crypto/openssl/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
diff --git a/crypto/openssl/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index e8c9e8d..e8c9e8d 100644
--- a/crypto/openssl/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
diff --git a/crypto/openssl/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
index 361ea69..361ea69 100644
--- a/crypto/openssl/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
diff --git a/crypto/openssl/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index edb28ef..edb28ef 100644
--- a/crypto/openssl/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
diff --git a/crypto/openssl/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h
index 20139d2..20139d2 100644
--- a/crypto/openssl/crypto/evp/evp_locl.h
+++ b/crypto/evp/evp_locl.h
diff --git a/crypto/openssl/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
index c26d2de..c26d2de 100644
--- a/crypto/openssl/crypto/evp/evp_pbe.c
+++ b/crypto/evp/evp_pbe.c
diff --git a/crypto/openssl/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
index 0147f3e..0147f3e 100644
--- a/crypto/openssl/crypto/evp/evp_pkey.c
+++ b/crypto/evp/evp_pkey.c
diff --git a/crypto/openssl/crypto/evp/evp_test.c b/crypto/evp/evp_test.c
index 6ecbecc..6ecbecc 100644
--- a/crypto/openssl/crypto/evp/evp_test.c
+++ b/crypto/evp/evp_test.c
diff --git a/crypto/openssl/crypto/evp/evptests.txt b/crypto/evp/evptests.txt
index 193009f..193009f 100644
--- a/crypto/openssl/crypto/evp/evptests.txt
+++ b/crypto/evp/evptests.txt
diff --git a/crypto/openssl/crypto/evp/m_dss.c b/crypto/evp/m_dss.c
index a948c77..a948c77 100644
--- a/crypto/openssl/crypto/evp/m_dss.c
+++ b/crypto/evp/m_dss.c
diff --git a/crypto/openssl/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c
index c12e139..c12e139 100644
--- a/crypto/openssl/crypto/evp/m_dss1.c
+++ b/crypto/evp/m_dss1.c
diff --git a/crypto/openssl/crypto/evp/m_ecdsa.c b/crypto/evp/m_ecdsa.c
index fad270f..fad270f 100644
--- a/crypto/openssl/crypto/evp/m_ecdsa.c
+++ b/crypto/evp/m_ecdsa.c
diff --git a/crypto/openssl/crypto/evp/m_md2.c b/crypto/evp/m_md2.c
index 5ce849f..5ce849f 100644
--- a/crypto/openssl/crypto/evp/m_md2.c
+++ b/crypto/evp/m_md2.c
diff --git a/crypto/openssl/crypto/evp/m_md4.c b/crypto/evp/m_md4.c
index 1e0b7c5..1e0b7c5 100644
--- a/crypto/openssl/crypto/evp/m_md4.c
+++ b/crypto/evp/m_md4.c
diff --git a/crypto/openssl/crypto/evp/m_md5.c b/crypto/evp/m_md5.c
index 63c1421..63c1421 100644
--- a/crypto/openssl/crypto/evp/m_md5.c
+++ b/crypto/evp/m_md5.c
diff --git a/crypto/openssl/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c
index 36c4e9b..36c4e9b 100644
--- a/crypto/openssl/crypto/evp/m_mdc2.c
+++ b/crypto/evp/m_mdc2.c
diff --git a/crypto/openssl/crypto/evp/m_null.c b/crypto/evp/m_null.c
index cb07216..cb07216 100644
--- a/crypto/openssl/crypto/evp/m_null.c
+++ b/crypto/evp/m_null.c
diff --git a/crypto/openssl/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c
index a1d60ee..a1d60ee 100644
--- a/crypto/openssl/crypto/evp/m_ripemd.c
+++ b/crypto/evp/m_ripemd.c
diff --git a/crypto/openssl/crypto/evp/m_sha.c b/crypto/evp/m_sha.c
index acccc8f..acccc8f 100644
--- a/crypto/openssl/crypto/evp/m_sha.c
+++ b/crypto/evp/m_sha.c
diff --git a/crypto/openssl/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
index 4679b1c..4679b1c 100644
--- a/crypto/openssl/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
diff --git a/crypto/openssl/crypto/evp/names.c b/crypto/evp/names.c
index 88c1e78..88c1e78 100644
--- a/crypto/openssl/crypto/evp/names.c
+++ b/crypto/evp/names.c
diff --git a/crypto/openssl/crypto/evp/openbsd_hw.c b/crypto/evp/openbsd_hw.c
index 3831a57..3831a57 100644
--- a/crypto/openssl/crypto/evp/openbsd_hw.c
+++ b/crypto/evp/openbsd_hw.c
diff --git a/crypto/openssl/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
index 48d5001..48d5001 100644
--- a/crypto/openssl/crypto/evp/p5_crpt.c
+++ b/crypto/evp/p5_crpt.c
diff --git a/crypto/openssl/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index c969d5a..c969d5a 100644
--- a/crypto/openssl/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
diff --git a/crypto/openssl/crypto/evp/p_dec.c b/crypto/evp/p_dec.c
index f64901f..f64901f 100644
--- a/crypto/openssl/crypto/evp/p_dec.c
+++ b/crypto/evp/p_dec.c
diff --git a/crypto/openssl/crypto/evp/p_enc.c b/crypto/evp/p_enc.c
index c2dfdc5..c2dfdc5 100644
--- a/crypto/openssl/crypto/evp/p_enc.c
+++ b/crypto/evp/p_enc.c
diff --git a/crypto/openssl/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 22155ec..22155ec 100644
--- a/crypto/openssl/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
diff --git a/crypto/openssl/crypto/evp/p_open.c b/crypto/evp/p_open.c
index 9935206..9935206 100644
--- a/crypto/openssl/crypto/evp/p_open.c
+++ b/crypto/evp/p_open.c
diff --git a/crypto/openssl/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index 8cc8fcb..8cc8fcb 100644
--- a/crypto/openssl/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
diff --git a/crypto/openssl/crypto/evp/p_sign.c b/crypto/evp/p_sign.c
index e4ae590..e4ae590 100644
--- a/crypto/openssl/crypto/evp/p_sign.c
+++ b/crypto/evp/p_sign.c
diff --git a/crypto/openssl/crypto/evp/p_verify.c b/crypto/evp/p_verify.c
index 21a40a3..21a40a3 100644
--- a/crypto/openssl/crypto/evp/p_verify.c
+++ b/crypto/evp/p_verify.c
diff --git a/crypto/openssl/crypto/ex_data.c b/crypto/ex_data.c
index 8914218..8914218 100644
--- a/crypto/openssl/crypto/ex_data.c
+++ b/crypto/ex_data.c
diff --git a/crypto/openssl/crypto/hmac/Makefile b/crypto/hmac/Makefile
index 01f10c3..01f10c3 100644
--- a/crypto/openssl/crypto/hmac/Makefile
+++ b/crypto/hmac/Makefile
diff --git a/crypto/openssl/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index c45e001..c45e001 100644
--- a/crypto/openssl/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
diff --git a/crypto/openssl/crypto/hmac/hmac.h b/crypto/hmac/hmac.h
index 719fc40..719fc40 100644
--- a/crypto/openssl/crypto/hmac/hmac.h
+++ b/crypto/hmac/hmac.h
diff --git a/crypto/openssl/crypto/hmac/hmactest.c b/crypto/hmac/hmactest.c
index 1b906b8..1b906b8 100644
--- a/crypto/openssl/crypto/hmac/hmactest.c
+++ b/crypto/hmac/hmactest.c
diff --git a/crypto/openssl/crypto/ia64cpuid.S b/crypto/ia64cpuid.S
index 04fbb34..04fbb34 100644
--- a/crypto/openssl/crypto/ia64cpuid.S
+++ b/crypto/ia64cpuid.S
diff --git a/crypto/openssl/crypto/idea/Makefile b/crypto/idea/Makefile
index b2e7add..b2e7add 100644
--- a/crypto/openssl/crypto/idea/Makefile
+++ b/crypto/idea/Makefile
diff --git a/crypto/openssl/crypto/idea/i_cbc.c b/crypto/idea/i_cbc.c
index ecb9cb8..ecb9cb8 100644
--- a/crypto/openssl/crypto/idea/i_cbc.c
+++ b/crypto/idea/i_cbc.c
diff --git a/crypto/openssl/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c
index 66d49d5..66d49d5 100644
--- a/crypto/openssl/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
diff --git a/crypto/openssl/crypto/idea/i_ecb.c b/crypto/idea/i_ecb.c
index fef3823..fef3823 100644
--- a/crypto/openssl/crypto/idea/i_ecb.c
+++ b/crypto/idea/i_ecb.c
diff --git a/crypto/openssl/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c
index e749e88..e749e88 100644
--- a/crypto/openssl/crypto/idea/i_ofb64.c
+++ b/crypto/idea/i_ofb64.c
diff --git a/crypto/openssl/crypto/idea/i_skey.c b/crypto/idea/i_skey.c
index 3b1bbd8..3b1bbd8 100644
--- a/crypto/openssl/crypto/idea/i_skey.c
+++ b/crypto/idea/i_skey.c
diff --git a/crypto/openssl/crypto/idea/idea.h b/crypto/idea/idea.h
index bf97a37..bf97a37 100644
--- a/crypto/openssl/crypto/idea/idea.h
+++ b/crypto/idea/idea.h
diff --git a/crypto/openssl/crypto/idea/idea_lcl.h b/crypto/idea/idea_lcl.h
index f3dbfa6..f3dbfa6 100644
--- a/crypto/openssl/crypto/idea/idea_lcl.h
+++ b/crypto/idea/idea_lcl.h
diff --git a/crypto/openssl/crypto/idea/idea_spd.c b/crypto/idea/idea_spd.c
index 699353e..699353e 100644
--- a/crypto/openssl/crypto/idea/idea_spd.c
+++ b/crypto/idea/idea_spd.c
diff --git a/crypto/openssl/crypto/idea/ideatest.c b/crypto/idea/ideatest.c
index e6ffc70..e6ffc70 100644
--- a/crypto/openssl/crypto/idea/ideatest.c
+++ b/crypto/idea/ideatest.c
diff --git a/crypto/openssl/crypto/idea/version b/crypto/idea/version
index 3f22293..3f22293 100644
--- a/crypto/openssl/crypto/idea/version
+++ b/crypto/idea/version
diff --git a/crypto/openssl/crypto/krb5/Makefile b/crypto/krb5/Makefile
index 1407739..1407739 100644
--- a/crypto/openssl/crypto/krb5/Makefile
+++ b/crypto/krb5/Makefile
diff --git a/crypto/openssl/crypto/krb5/krb5_asn.c b/crypto/krb5/krb5_asn.c
index 1fb741d..1fb741d 100644
--- a/crypto/openssl/crypto/krb5/krb5_asn.c
+++ b/crypto/krb5/krb5_asn.c
diff --git a/crypto/openssl/crypto/krb5/krb5_asn.h b/crypto/krb5/krb5_asn.h
index 41725d0..41725d0 100644
--- a/crypto/openssl/crypto/krb5/krb5_asn.h
+++ b/crypto/krb5/krb5_asn.h
diff --git a/crypto/openssl/crypto/lhash/Makefile b/crypto/lhash/Makefile
index 82bddac..82bddac 100644
--- a/crypto/openssl/crypto/lhash/Makefile
+++ b/crypto/lhash/Makefile
diff --git a/crypto/openssl/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c
index 5aa7766..5aa7766 100644
--- a/crypto/openssl/crypto/lhash/lh_stats.c
+++ b/crypto/lhash/lh_stats.c
diff --git a/crypto/openssl/crypto/lhash/lh_test.c b/crypto/lhash/lh_test.c
index 85700c8..85700c8 100644
--- a/crypto/openssl/crypto/lhash/lh_test.c
+++ b/crypto/lhash/lh_test.c
diff --git a/crypto/openssl/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
index 04ea802..04ea802 100644
--- a/crypto/openssl/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
diff --git a/crypto/openssl/crypto/lhash/lhash.h b/crypto/lhash/lhash.h
index d392d0c..d392d0c 100644
--- a/crypto/openssl/crypto/lhash/lhash.h
+++ b/crypto/lhash/lhash.h
diff --git a/crypto/openssl/crypto/lhash/num.pl b/crypto/lhash/num.pl
index 30fedf9..30fedf9 100644
--- a/crypto/openssl/crypto/lhash/num.pl
+++ b/crypto/lhash/num.pl
diff --git a/crypto/openssl/crypto/md2/Makefile b/crypto/md2/Makefile
index 17f878a..17f878a 100644
--- a/crypto/openssl/crypto/md2/Makefile
+++ b/crypto/md2/Makefile
diff --git a/crypto/openssl/crypto/md2/md2.c b/crypto/md2/md2.c
index f4d6f62..f4d6f62 100644
--- a/crypto/openssl/crypto/md2/md2.c
+++ b/crypto/md2/md2.c
diff --git a/crypto/openssl/crypto/md2/md2.h b/crypto/md2/md2.h
index a46120e..a46120e 100644
--- a/crypto/openssl/crypto/md2/md2.h
+++ b/crypto/md2/md2.h
diff --git a/crypto/openssl/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c
index 6f68b25..6f68b25 100644
--- a/crypto/openssl/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
diff --git a/crypto/openssl/crypto/md2/md2_one.c b/crypto/md2/md2_one.c
index f7fef5c..f7fef5c 100644
--- a/crypto/openssl/crypto/md2/md2_one.c
+++ b/crypto/md2/md2_one.c
diff --git a/crypto/openssl/crypto/md2/md2test.c b/crypto/md2/md2test.c
index db5f5bc..db5f5bc 100644
--- a/crypto/openssl/crypto/md2/md2test.c
+++ b/crypto/md2/md2test.c
diff --git a/crypto/openssl/crypto/md32_common.h b/crypto/md32_common.h
index 0e625a8..0e625a8 100644
--- a/crypto/openssl/crypto/md32_common.h
+++ b/crypto/md32_common.h
diff --git a/crypto/openssl/crypto/md4/Makefile b/crypto/md4/Makefile
index ef97bb0..ef97bb0 100644
--- a/crypto/openssl/crypto/md4/Makefile
+++ b/crypto/md4/Makefile
diff --git a/crypto/openssl/crypto/md4/md4.c b/crypto/md4/md4.c
index 141415a..141415a 100644
--- a/crypto/openssl/crypto/md4/md4.c
+++ b/crypto/md4/md4.c
diff --git a/crypto/openssl/crypto/md4/md4.h b/crypto/md4/md4.h
index 5598c93..5598c93 100644
--- a/crypto/openssl/crypto/md4/md4.h
+++ b/crypto/md4/md4.h
diff --git a/crypto/openssl/crypto/md4/md4_dgst.c b/crypto/md4/md4_dgst.c
index 86b79b8..86b79b8 100644
--- a/crypto/openssl/crypto/md4/md4_dgst.c
+++ b/crypto/md4/md4_dgst.c
diff --git a/crypto/openssl/crypto/md4/md4_locl.h b/crypto/md4/md4_locl.h
index abc7b9b..abc7b9b 100644
--- a/crypto/openssl/crypto/md4/md4_locl.h
+++ b/crypto/md4/md4_locl.h
diff --git a/crypto/openssl/crypto/md4/md4_one.c b/crypto/md4/md4_one.c
index bb64362..bb64362 100644
--- a/crypto/openssl/crypto/md4/md4_one.c
+++ b/crypto/md4/md4_one.c
diff --git a/crypto/openssl/crypto/md4/md4s.cpp b/crypto/md4/md4s.cpp
index c0ec97f..c0ec97f 100644
--- a/crypto/openssl/crypto/md4/md4s.cpp
+++ b/crypto/md4/md4s.cpp
diff --git a/crypto/openssl/crypto/md4/md4test.c b/crypto/md4/md4test.c
index 5da5338..5da5338 100644
--- a/crypto/openssl/crypto/md4/md4test.c
+++ b/crypto/md4/md4test.c
diff --git a/crypto/openssl/crypto/md5/Makefile b/crypto/md5/Makefile
index 849a0a5..849a0a5 100644
--- a/crypto/openssl/crypto/md5/Makefile
+++ b/crypto/md5/Makefile
diff --git a/crypto/openssl/crypto/md5/asm/md5-586.pl b/crypto/md5/asm/md5-586.pl
index fa3fa3b..fa3fa3b 100644
--- a/crypto/openssl/crypto/md5/asm/md5-586.pl
+++ b/crypto/md5/asm/md5-586.pl
diff --git a/crypto/openssl/crypto/md5/asm/md5-sparcv9.S b/crypto/md5/asm/md5-sparcv9.S
index db45aa4..db45aa4 100644
--- a/crypto/openssl/crypto/md5/asm/md5-sparcv9.S
+++ b/crypto/md5/asm/md5-sparcv9.S
diff --git a/crypto/openssl/crypto/md5/asm/md5-x86_64.pl b/crypto/md5/asm/md5-x86_64.pl
index c36a7fe..c36a7fe 100755
--- a/crypto/openssl/crypto/md5/asm/md5-x86_64.pl
+++ b/crypto/md5/asm/md5-x86_64.pl
diff --git a/crypto/openssl/crypto/md5/md5.c b/crypto/md5/md5.c
index 563733a..563733a 100644
--- a/crypto/openssl/crypto/md5/md5.c
+++ b/crypto/md5/md5.c
diff --git a/crypto/openssl/crypto/md5/md5.h b/crypto/md5/md5.h
index dbdc0e1..dbdc0e1 100644
--- a/crypto/openssl/crypto/md5/md5.h
+++ b/crypto/md5/md5.h
diff --git a/crypto/openssl/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c
index 953f049..953f049 100644
--- a/crypto/openssl/crypto/md5/md5_dgst.c
+++ b/crypto/md5/md5_dgst.c
diff --git a/crypto/openssl/crypto/md5/md5_locl.h b/crypto/md5/md5_locl.h
index 94f395f..94f395f 100644
--- a/crypto/openssl/crypto/md5/md5_locl.h
+++ b/crypto/md5/md5_locl.h
diff --git a/crypto/openssl/crypto/md5/md5_one.c b/crypto/md5/md5_one.c
index 43fee89..43fee89 100644
--- a/crypto/openssl/crypto/md5/md5_one.c
+++ b/crypto/md5/md5_one.c
diff --git a/crypto/openssl/crypto/md5/md5s.cpp b/crypto/md5/md5s.cpp
index dd343fd..dd343fd 100644
--- a/crypto/openssl/crypto/md5/md5s.cpp
+++ b/crypto/md5/md5s.cpp
diff --git a/crypto/openssl/crypto/md5/md5test.c b/crypto/md5/md5test.c
index 0628053..0628053 100644
--- a/crypto/openssl/crypto/md5/md5test.c
+++ b/crypto/md5/md5test.c
diff --git a/crypto/openssl/crypto/mdc2/Makefile b/crypto/mdc2/Makefile
index 1d064f1..1d064f1 100644
--- a/crypto/openssl/crypto/mdc2/Makefile
+++ b/crypto/mdc2/Makefile
diff --git a/crypto/openssl/crypto/mdc2/mdc2.h b/crypto/mdc2/mdc2.h
index 72778a5..72778a5 100644
--- a/crypto/openssl/crypto/mdc2/mdc2.h
+++ b/crypto/mdc2/mdc2.h
diff --git a/crypto/openssl/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c
index 72647f6..72647f6 100644
--- a/crypto/openssl/crypto/mdc2/mdc2_one.c
+++ b/crypto/mdc2/mdc2_one.c
diff --git a/crypto/openssl/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c
index 4aa406e..4aa406e 100644
--- a/crypto/openssl/crypto/mdc2/mdc2dgst.c
+++ b/crypto/mdc2/mdc2dgst.c
diff --git a/crypto/openssl/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c
index 017b31a..017b31a 100644
--- a/crypto/openssl/crypto/mdc2/mdc2test.c
+++ b/crypto/mdc2/mdc2test.c
diff --git a/crypto/openssl/crypto/mem.c b/crypto/mem.c
index 6635167..6635167 100644
--- a/crypto/openssl/crypto/mem.c
+++ b/crypto/mem.c
diff --git a/crypto/openssl/crypto/mem_clr.c b/crypto/mem_clr.c
index 75cbfb3..75cbfb3 100644
--- a/crypto/openssl/crypto/mem_clr.c
+++ b/crypto/mem_clr.c
diff --git a/crypto/openssl/crypto/mem_dbg.c b/crypto/mem_dbg.c
index 8316485..8316485 100644
--- a/crypto/openssl/crypto/mem_dbg.c
+++ b/crypto/mem_dbg.c
diff --git a/crypto/openssl/crypto/o_dir.c b/crypto/o_dir.c
index 42891ea..42891ea 100644
--- a/crypto/openssl/crypto/o_dir.c
+++ b/crypto/o_dir.c
diff --git a/crypto/openssl/crypto/o_dir.h b/crypto/o_dir.h
index 4b725c0..4b725c0 100644
--- a/crypto/openssl/crypto/o_dir.h
+++ b/crypto/o_dir.h
diff --git a/crypto/openssl/crypto/o_dir_test.c b/crypto/o_dir_test.c
index 3d75ecb..3d75ecb 100644
--- a/crypto/openssl/crypto/o_dir_test.c
+++ b/crypto/o_dir_test.c
diff --git a/crypto/openssl/crypto/o_str.c b/crypto/o_str.c
index 2db0993..2db0993 100644
--- a/crypto/openssl/crypto/o_str.c
+++ b/crypto/o_str.c
diff --git a/crypto/openssl/crypto/o_str.h b/crypto/o_str.h
index dfc9849..dfc9849 100644
--- a/crypto/openssl/crypto/o_str.h
+++ b/crypto/o_str.h
diff --git a/crypto/openssl/crypto/o_time.c b/crypto/o_time.c
index e29091d..e29091d 100644
--- a/crypto/openssl/crypto/o_time.c
+++ b/crypto/o_time.c
diff --git a/crypto/openssl/crypto/o_time.h b/crypto/o_time.h
index e660446..e660446 100644
--- a/crypto/openssl/crypto/o_time.h
+++ b/crypto/o_time.h
diff --git a/crypto/openssl/crypto/objects/Makefile b/crypto/objects/Makefile
index 08af092..08af092 100644
--- a/crypto/openssl/crypto/objects/Makefile
+++ b/crypto/objects/Makefile
diff --git a/crypto/openssl/crypto/objects/o_names.c b/crypto/objects/o_names.c
index adb5731..adb5731 100644
--- a/crypto/openssl/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
diff --git a/crypto/openssl/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 7a95c77..7a95c77 100644
--- a/crypto/openssl/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
diff --git a/crypto/openssl/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index a116bb7..a116bb7 100644
--- a/crypto/openssl/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
diff --git a/crypto/openssl/crypto/objects/obj_dat.pl b/crypto/objects/obj_dat.pl
index 8a09a46..8a09a46 100644
--- a/crypto/openssl/crypto/objects/obj_dat.pl
+++ b/crypto/objects/obj_dat.pl
diff --git a/crypto/openssl/crypto/objects/obj_err.c b/crypto/objects/obj_err.c
index 12b4885..12b4885 100644
--- a/crypto/openssl/crypto/objects/obj_err.c
+++ b/crypto/objects/obj_err.c
diff --git a/crypto/openssl/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c
index 706fa0b..706fa0b 100644
--- a/crypto/openssl/crypto/objects/obj_lib.c
+++ b/crypto/objects/obj_lib.c
diff --git a/crypto/openssl/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
index f447bbe..f447bbe 100644
--- a/crypto/openssl/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
diff --git a/crypto/openssl/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index eaa0178..eaa0178 100644
--- a/crypto/openssl/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
diff --git a/crypto/openssl/crypto/objects/objects.README b/crypto/objects/objects.README
index 4d74550..4d74550 100644
--- a/crypto/openssl/crypto/objects/objects.README
+++ b/crypto/objects/objects.README
diff --git a/crypto/openssl/crypto/objects/objects.h b/crypto/objects/objects.h
index 7242f76..7242f76 100644
--- a/crypto/openssl/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
diff --git a/crypto/openssl/crypto/objects/objects.pl b/crypto/objects/objects.pl
index 76c06cc..76c06cc 100644
--- a/crypto/openssl/crypto/objects/objects.pl
+++ b/crypto/objects/objects.pl
diff --git a/crypto/openssl/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 1ba517a..1ba517a 100644
--- a/crypto/openssl/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
diff --git a/crypto/openssl/crypto/ocsp/Makefile b/crypto/ocsp/Makefile
index 0fe0289..0fe0289 100644
--- a/crypto/openssl/crypto/ocsp/Makefile
+++ b/crypto/ocsp/Makefile
diff --git a/crypto/openssl/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h
index 53f3364..53f3364 100644
--- a/crypto/openssl/crypto/ocsp/ocsp.h
+++ b/crypto/ocsp/ocsp.h
diff --git a/crypto/openssl/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c
index 39b7a1c..39b7a1c 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_asn.c
+++ b/crypto/ocsp/ocsp_asn.c
diff --git a/crypto/openssl/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
index 17bab5f..17bab5f 100755
--- a/crypto/openssl/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
diff --git a/crypto/openssl/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c
index ad62364..ad62364 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_err.c
+++ b/crypto/ocsp/ocsp_err.c
diff --git a/crypto/openssl/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index 815cc29..815cc29 100755
--- a/crypto/openssl/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
diff --git a/crypto/openssl/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c
index 9213e58..9213e58 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_ht.c
+++ b/crypto/ocsp/ocsp_ht.c
diff --git a/crypto/openssl/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 2745081..2745081 100755
--- a/crypto/openssl/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
diff --git a/crypto/openssl/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
index 3dfb51c..3dfb51c 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
diff --git a/crypto/openssl/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c
index fffa134..fffa134 100755
--- a/crypto/openssl/crypto/ocsp/ocsp_srv.c
+++ b/crypto/ocsp/ocsp_srv.c
diff --git a/crypto/openssl/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 23ea41c..23ea41c 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
deleted file mode 100644
index c5a639f..0000000
--- a/crypto/openssl/CHANGES
+++ /dev/null
@@ -1,7860 +0,0 @@
-
- OpenSSL CHANGES
- _______________
-
- Changes between 0.9.8d and 0.9.8e [23 Feb 2007]
-
- *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
- a ciphersuite string such as "DEFAULT:RSA" cannot enable
- authentication-only ciphersuites.
- [Bodo Moeller]
-
- *) Since AES128 and AES256 (and similarly Camellia128 and
- Camellia256) share a single mask bit in the logic of
- ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
- kludge to work properly if AES128 is available and AES256 isn't
- (or if Camellia128 is available and Camellia256 isn't).
- [Victor Duchovni]
-
- *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c
- (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters):
- When a point or a seed is encoded in a BIT STRING, we need to
- prevent the removal of trailing zero bits to get the proper DER
- encoding. (By default, crypto/asn1/a_bitstr.c assumes the case
- of a NamedBitList, for which trailing 0 bits need to be removed.)
- [Bodo Moeller]
-
- *) Have SSL/TLS server implementation tolerate "mismatched" record
- protocol version while receiving ClientHello even if the
- ClientHello is fragmented. (The server can't insist on the
- particular protocol version it has chosen before the ServerHello
- message has informed the client about his choice.)
- [Bodo Moeller]
-
- *) Add RFC 3779 support.
- [Rob Austein for ARIN, Ben Laurie]
-
- *) Load error codes if they are not already present instead of using a
- static variable. This allows them to be cleanly unloaded and reloaded.
- Improve header file function name parsing.
- [Steve Henson]
-
- *) extend SMTP and IMAP protocol emulation in s_client to use EHLO
- or CAPABILITY handshake as required by RFCs.
- [Goetz Babin-Ebell]
-
- Changes between 0.9.8c and 0.9.8d [28 Sep 2006]
-
- *) Introduce limits to prevent malicious keys being able to
- cause a denial of service. (CVE-2006-2940)
- [Steve Henson, Bodo Moeller]
-
- *) Fix ASN.1 parsing of certain invalid structures that can result
- in a denial of service. (CVE-2006-2937) [Steve Henson]
-
- *) Fix buffer overflow in SSL_get_shared_ciphers() function.
- (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
-
- *) Fix SSL client code which could crash if connecting to a
- malicious SSLv2 server. (CVE-2006-4343)
- [Tavis Ormandy and Will Drewry, Google Security Team]
-
- *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
- match only those. Before that, "AES256-SHA" would be interpreted
- as a pattern and match "AES128-SHA" too (since AES128-SHA got
- the same strength classification in 0.9.7h) as we currently only
- have a single AES bit in the ciphersuite description bitmap.
- That change, however, also applied to ciphersuite strings such as
- "RC4-MD5" that intentionally matched multiple ciphersuites --
- namely, SSL 2.0 ciphersuites in addition to the more common ones
- from SSL 3.0/TLS 1.0.
-
- So we change the selection algorithm again: Naming an explicit
- ciphersuite selects this one ciphersuite, and any other similar
- ciphersuite (same bitmap) from *other* protocol versions.
- Thus, "RC4-MD5" again will properly select both the SSL 2.0
- ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
-
- Since SSL 2.0 does not have any ciphersuites for which the
- 128/256 bit distinction would be relevant, this works for now.
- The proper fix will be to use different bits for AES128 and
- AES256, which would have avoided the problems from the beginning;
- however, bits are scarce, so we can only do this in a new release
- (not just a patchlevel) when we can change the SSL_CIPHER
- definition to split the single 'unsigned long mask' bitmap into
- multiple values to extend the available space.
-
- [Bodo Moeller]
-
- Changes between 0.9.8b and 0.9.8c [05 Sep 2006]
-
- *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
- (CVE-2006-4339) [Ben Laurie and Google Security Team]
-
- *) Add AES IGE and biIGE modes.
- [Ben Laurie]
-
- *) Change the Unix randomness entropy gathering to use poll() when
- possible instead of select(), since the latter has some
- undesirable limitations.
- [Darryl Miles via Richard Levitte and Bodo Moeller]
-
- *) Disable "ECCdraft" ciphersuites more thoroughly. Now special
- treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
- cannot be implicitly activated as part of, e.g., the "AES" alias.
- However, please upgrade to OpenSSL 0.9.9[-dev] for
- non-experimental use of the ECC ciphersuites to get TLS extension
- support, which is required for curve and point format negotiation
- to avoid potential handshake problems.
- [Bodo Moeller]
-
- *) Disable rogue ciphersuites:
-
- - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
- - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
- - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
-
- The latter two were purportedly from
- draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
- appear there.
-
- Also deactivate the remaining ciphersuites from
- draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
- unofficial, and the ID has long expired.
- [Bodo Moeller]
-
- *) Fix RSA blinding Heisenbug (problems sometimes occured on
- dual-core machines) and other potential thread-safety issues.
- [Bodo Moeller]
-
- *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
- versions), which is now available for royalty-free use
- (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
- Also, add Camellia TLS ciphersuites from RFC 4132.
-
- To minimize changes between patchlevels in the OpenSSL 0.9.8
- series, Camellia remains excluded from compilation unless OpenSSL
- is configured with 'enable-camellia'.
- [NTT]
-
- *) Disable the padding bug check when compression is in use. The padding
- bug check assumes the first packet is of even length, this is not
- necessarily true if compresssion is enabled and can result in false
- positives causing handshake failure. The actual bug test is ancient
- code so it is hoped that implementations will either have fixed it by
- now or any which still have the bug do not support compression.
- [Steve Henson]
-
- Changes between 0.9.8a and 0.9.8b [04 May 2006]
-
- *) When applying a cipher rule check to see if string match is an explicit
- cipher suite and only match that one cipher suite if it is.
- [Steve Henson]
-
- *) Link in manifests for VC++ if needed.
- [Austin Ziegler <halostatue@gmail.com>]
-
- *) Update support for ECC-based TLS ciphersuites according to
- draft-ietf-tls-ecc-12.txt with proposed changes (but without
- TLS extensions, which are supported starting with the 0.9.9
- branch, not in the OpenSSL 0.9.8 branch).
- [Douglas Stebila]
-
- *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
- opaque EVP_CIPHER_CTX handling.
- [Steve Henson]
-
- *) Fixes and enhancements to zlib compression code. We now only use
- "zlib1.dll" and use the default __cdecl calling convention on Win32
- to conform with the standards mentioned here:
- http://www.zlib.net/DLL_FAQ.txt
- Static zlib linking now works on Windows and the new --with-zlib-include
- --with-zlib-lib options to Configure can be used to supply the location
- of the headers and library. Gracefully handle case where zlib library
- can't be loaded.
- [Steve Henson]
-
- *) Several fixes and enhancements to the OID generation code. The old code
- sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
- handle numbers larger than ULONG_MAX, truncated printing and had a
- non standard OBJ_obj2txt() behaviour.
- [Steve Henson]
-
- *) Add support for building of engines under engine/ as shared libraries
- under VC++ build system.
- [Steve Henson]
-
- *) Corrected the numerous bugs in the Win32 path splitter in DSO.
- Hopefully, we will not see any false combination of paths any more.
- [Richard Levitte]
-
- Changes between 0.9.8 and 0.9.8a [11 Oct 2005]
-
- *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
- (part of SSL_OP_ALL). This option used to disable the
- countermeasure against man-in-the-middle protocol-version
- rollback in the SSL 2.0 server implementation, which is a bad
- idea. (CVE-2005-2969)
-
- [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
- for Information Security, National Institute of Advanced Industrial
- Science and Technology [AIST], Japan)]
-
- *) Add two function to clear and return the verify parameter flags.
- [Steve Henson]
-
- *) Keep cipherlists sorted in the source instead of sorting them at
- runtime, thus removing the need for a lock.
- [Nils Larsch]
-
- *) Avoid some small subgroup attacks in Diffie-Hellman.
- [Nick Mathewson and Ben Laurie]
-
- *) Add functions for well-known primes.
- [Nick Mathewson]
-
- *) Extended Windows CE support.
- [Satoshi Nakamura and Andy Polyakov]
-
- *) Initialize SSL_METHOD structures at compile time instead of during
- runtime, thus removing the need for a lock.
- [Steve Henson]
-
- *) Make PKCS7_decrypt() work even if no certificate is supplied by
- attempting to decrypt each encrypted key in turn. Add support to
- smime utility.
- [Steve Henson]
-
- Changes between 0.9.7h and 0.9.8 [05 Jul 2005]
-
- [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after
- OpenSSL 0.9.8.]
-
- *) Add libcrypto.pc and libssl.pc for those who feel they need them.
- [Richard Levitte]
-
- *) Change CA.sh and CA.pl so they don't bundle the CSR and the private
- key into the same file any more.
- [Richard Levitte]
-
- *) Add initial support for Win64, both IA64 and AMD64/x64 flavors.
- [Andy Polyakov]
-
- *) Add -utf8 command line and config file option to 'ca'.
- [Stefan <stf@udoma.org]
-
- *) Removed the macro des_crypt(), as it seems to conflict with some
- libraries. Use DES_crypt().
- [Richard Levitte]
-
- *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
- involves renaming the source and generated shared-libs for
- both. The engines will accept the corrected or legacy ids
- ('ncipher' and '4758_cca' respectively) when binding. NB,
- this only applies when building 'shared'.
- [Corinna Vinschen <vinschen@redhat.com> and Geoff Thorpe]
-
- *) Add attribute functions to EVP_PKEY structure. Modify
- PKCS12_create() to recognize a CSP name attribute and
- use it. Make -CSP option work again in pkcs12 utility.
- [Steve Henson]
-
- *) Add new functionality to the bn blinding code:
- - automatic re-creation of the BN_BLINDING parameters after
- a fixed number of uses (currently 32)
- - add new function for parameter creation
- - introduce flags to control the update behaviour of the
- BN_BLINDING parameters
- - hide BN_BLINDING structure
- Add a second BN_BLINDING slot to the RSA structure to improve
- performance when a single RSA object is shared among several
- threads.
- [Nils Larsch]
-
- *) Add support for DTLS.
- [Nagendra Modadugu <nagendra@cs.stanford.edu> and Ben Laurie]
-
- *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
- to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
- [Walter Goulet]
-
- *) Remove buggy and incompletet DH cert support from
- ssl/ssl_rsa.c and ssl/s3_both.c
- [Nils Larsch]
-
- *) Use SHA-1 instead of MD5 as the default digest algorithm for
- the apps/openssl applications.
- [Nils Larsch]
-
- *) Compile clean with "-Wall -Wmissing-prototypes
- -Wstrict-prototypes -Wmissing-declarations -Werror". Currently
- DEBUG_SAFESTACK must also be set.
- [Ben Laurie]
-
- *) Change ./Configure so that certain algorithms can be disabled by default.
- The new counterpiece to "no-xxx" is "enable-xxx".
-
- The patented RC5 and MDC2 algorithms will now be disabled unless
- "enable-rc5" and "enable-mdc2", respectively, are specified.
-
- (IDEA remains enabled despite being patented. This is because IDEA
- is frequently required for interoperability, and there is no license
- fee for non-commercial use. As before, "no-idea" can be used to
- avoid this algorithm.)
-
- [Bodo Moeller]
-
- *) Add processing of proxy certificates (see RFC 3820). This work was
- sponsored by KTH (The Royal Institute of Technology in Stockholm) and
- EGEE (Enabling Grids for E-science in Europe).
- [Richard Levitte]
-
- *) RC4 performance overhaul on modern architectures/implementations, such
- as Intel P4, IA-64 and AMD64.
- [Andy Polyakov]
-
- *) New utility extract-section.pl. This can be used specify an alternative
- section number in a pod file instead of having to treat each file as
- a separate case in Makefile. This can be done by adding two lines to the
- pod file:
-
- =for comment openssl_section:XXX
-
- The blank line is mandatory.
-
- [Steve Henson]
-
- *) New arguments -certform, -keyform and -pass for s_client and s_server
- to allow alternative format key and certificate files and passphrase
- sources.
- [Steve Henson]
-
- *) New structure X509_VERIFY_PARAM which combines current verify parameters,
- update associated structures and add various utility functions.
-
- Add new policy related verify parameters, include policy checking in
- standard verify code. Enhance 'smime' application with extra parameters
- to support policy checking and print out.
- [Steve Henson]
-
- *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3
- Nehemiah processors. These extensions support AES encryption in hardware
- as well as RNG (though RNG support is currently disabled).
- [Michal Ludvig <michal@logix.cz>, with help from Andy Polyakov]
-
- *) Deprecate BN_[get|set]_params() functions (they were ignored internally).
- [Geoff Thorpe]
-
- *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
- [Andy Polyakov and a number of other people]
-
- *) Improved PowerPC platform support. Most notably BIGNUM assembler
- implementation contributed by IBM.
- [Suresh Chari, Peter Waltenberg, Andy Polyakov]
-
- *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
- exponent rather than 'unsigned long'. There is a corresponding change to
- the new 'rsa_keygen' element of the RSA_METHOD structure.
- [Jelte Jansen, Geoff Thorpe]
-
- *) Functionality for creating the initial serial number file is now
- moved from CA.pl to the 'ca' utility with a new option -create_serial.
-
- (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial
- number file to 1, which is bound to cause problems. To avoid
- the problems while respecting compatibility between different 0.9.7
- patchlevels, 0.9.7e employed 'openssl x509 -next_serial' in
- CA.pl for serial number initialization. With the new release 0.9.8,
- we can fix the problem directly in the 'ca' utility.)
- [Steve Henson]
-
- *) Reduced header interdepencies by declaring more opaque objects in
- ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
- give fewer recursive includes, which could break lazy source code - so
- this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
- developers should define this symbol when building and using openssl to
- ensure they track the recommended behaviour, interfaces, [etc], but
- backwards-compatible behaviour prevails when this isn't defined.
- [Geoff Thorpe]
-
- *) New function X509_POLICY_NODE_print() which prints out policy nodes.
- [Steve Henson]
-
- *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.
- This will generate a random key of the appropriate length based on the
- cipher context. The EVP_CIPHER can provide its own random key generation
- routine to support keys of a specific form. This is used in the des and
- 3des routines to generate a key of the correct parity. Update S/MIME
- code to use new functions and hence generate correct parity DES keys.
- Add EVP_CHECK_DES_KEY #define to return an error if the key is not
- valid (weak or incorrect parity).
- [Steve Henson]
-
- *) Add a local set of CRLs that can be used by X509_verify_cert() as well
- as looking them up. This is useful when the verified structure may contain
- CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
- present unless the new PKCS7_NO_CRL flag is asserted.
- [Steve Henson]
-
- *) Extend ASN1 oid configuration module. It now additionally accepts the
- syntax:
-
- shortName = some long name, 1.2.3.4
- [Steve Henson]
-
- *) Reimplemented the BN_CTX implementation. There is now no more static
- limitation on the number of variables it can handle nor the depth of the
- "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack
- information can now expand as required, and rather than having a single
- static array of bignums, BN_CTX now uses a linked-list of such arrays
- allowing it to expand on demand whilst maintaining the usefulness of
- BN_CTX's "bundling".
- [Geoff Thorpe]
-
- *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD
- to allow all RSA operations to function using a single BN_CTX.
- [Geoff Thorpe]
-
- *) Preliminary support for certificate policy evaluation and checking. This
- is initially intended to pass the tests outlined in "Conformance Testing
- of Relying Party Client Certificate Path Processing Logic" v1.07.
- [Steve Henson]
-
- *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and
- remained unused and not that useful. A variety of other little bignum
- tweaks and fixes have also been made continuing on from the audit (see
- below).
- [Geoff Thorpe]
-
- *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with
- associated ASN1, EVP and SSL functions and old ASN1 macros.
- [Richard Levitte]
-
- *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,
- and this should never fail. So the return value from the use of
- BN_set_word() (which can fail due to needless expansion) is now deprecated;
- if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.
- [Geoff Thorpe]
-
- *) BN_CTX_get() should return zero-valued bignums, providing the same
- initialised value as BN_new().
- [Geoff Thorpe, suggested by Ulf Möller]
-
- *) Support for inhibitAnyPolicy certificate extension.
- [Steve Henson]
-
- *) An audit of the BIGNUM code is underway, for which debugging code is
- enabled when BN_DEBUG is defined. This makes stricter enforcements on what
- is considered valid when processing BIGNUMs, and causes execution to
- assert() when a problem is discovered. If BN_DEBUG_RAND is defined,
- further steps are taken to deliberately pollute unused data in BIGNUM
- structures to try and expose faulty code further on. For now, openssl will
- (in its default mode of operation) continue to tolerate the inconsistent
- forms that it has tolerated in the past, but authors and packagers should
- consider trying openssl and their own applications when compiled with
- these debugging symbols defined. It will help highlight potential bugs in
- their own code, and will improve the test coverage for OpenSSL itself. At
- some point, these tighter rules will become openssl's default to improve
- maintainability, though the assert()s and other overheads will remain only
- in debugging configurations. See bn.h for more details.
- [Geoff Thorpe, Nils Larsch, Ulf Möller]
-
- *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
- that can only be obtained through BN_CTX_new() (which implicitly
- initialises it). The presence of this function only made it possible
- to overwrite an existing structure (and cause memory leaks).
- [Geoff Thorpe]
-
- *) Because of the callback-based approach for implementing LHASH as a
- template type, lh_insert() adds opaque objects to hash-tables and
- lh_doall() or lh_doall_arg() are typically used with a destructor callback
- to clean up those corresponding objects before destroying the hash table
- (and losing the object pointers). So some over-zealous constifications in
- LHASH have been relaxed so that lh_insert() does not take (nor store) the
- objects as "const" and the lh_doall[_arg] callback wrappers are not
- prototyped to have "const" restrictions on the object pointers they are
- given (and so aren't required to cast them away any more).
- [Geoff Thorpe]
-
- *) The tmdiff.h API was so ugly and minimal that our own timing utility
- (speed) prefers to use its own implementation. The two implementations
- haven't been consolidated as yet (volunteers?) but the tmdiff API has had
- its object type properly exposed (MS_TM) instead of casting to/from "char
- *". This may still change yet if someone realises MS_TM and "ms_time_***"
- aren't necessarily the greatest nomenclatures - but this is what was used
- internally to the implementation so I've used that for now.
- [Geoff Thorpe]
-
- *) Ensure that deprecated functions do not get compiled when
- OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of
- the self-tests were still using deprecated key-generation functions so
- these have been updated also.
- [Geoff Thorpe]
-
- *) Reorganise PKCS#7 code to separate the digest location functionality
- into PKCS7_find_digest(), digest addtion into PKCS7_bio_add_digest().
- New function PKCS7_set_digest() to set the digest type for PKCS#7
- digestedData type. Add additional code to correctly generate the
- digestedData type and add support for this type in PKCS7 initialization
- functions.
- [Steve Henson]
-
- *) New function PKCS7_set0_type_other() this initializes a PKCS7
- structure of type "other".
- [Steve Henson]
-
- *) Fix prime generation loop in crypto/bn/bn_prime.pl by making
- sure the loop does correctly stop and breaking ("division by zero")
- modulus operations are not performed. The (pre-generated) prime
- table crypto/bn/bn_prime.h was already correct, but it could not be
- re-generated on some platforms because of the "division by zero"
- situation in the script.
- [Ralf S. Engelschall]
-
- *) Update support for ECC-based TLS ciphersuites according to
- draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with
- SHA-1 now is only used for "small" curves (where the
- representation of a field element takes up to 24 bytes); for
- larger curves, the field element resulting from ECDH is directly
- used as premaster secret.
- [Douglas Stebila (Sun Microsystems Laboratories)]
-
- *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2
- curve secp160r1 to the tests.
- [Douglas Stebila (Sun Microsystems Laboratories)]
-
- *) Add the possibility to load symbols globally with DSO.
- [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte]
-
- *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
- control of the error stack.
- [Richard Levitte]
-
- *) Add support for STORE in ENGINE.
- [Richard Levitte]
-
- *) Add the STORE type. The intention is to provide a common interface
- to certificate and key stores, be they simple file-based stores, or
- HSM-type store, or LDAP stores, or...
- NOTE: The code is currently UNTESTED and isn't really used anywhere.
- [Richard Levitte]
-
- *) Add a generic structure called OPENSSL_ITEM. This can be used to
- pass a list of arguments to any function as well as provide a way
- for a function to pass data back to the caller.
- [Richard Levitte]
-
- *) Add the functions BUF_strndup() and BUF_memdup(). BUF_strndup()
- works like BUF_strdup() but can be used to duplicate a portion of
- a string. The copy gets NUL-terminated. BUF_memdup() duplicates
- a memory area.
- [Richard Levitte]
-
- *) Add the function sk_find_ex() which works like sk_find(), but will
- return an index to an element even if an exact match couldn't be
- found. The index is guaranteed to point at the element where the
- searched-for key would be inserted to preserve sorting order.
- [Richard Levitte]
-
- *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but
- takes an extra flags argument for optional functionality. Currently,
- the following flags are defined:
-
- OBJ_BSEARCH_VALUE_ON_NOMATCH
- This one gets OBJ_bsearch_ex() to return a pointer to the first
- element where the comparing function returns a negative or zero
- number.
-
- OBJ_BSEARCH_FIRST_VALUE_ON_MATCH
- This one gets OBJ_bsearch_ex() to return a pointer to the first
- element where the comparing function returns zero. This is useful
- if there are more than one element where the comparing function
- returns zero.
- [Richard Levitte]
-
- *) Make it possible to create self-signed certificates with 'openssl ca'
- in such a way that the self-signed certificate becomes part of the
- CA database and uses the same mechanisms for serial number generation
- as all other certificate signing. The new flag '-selfsign' enables
- this functionality. Adapt CA.sh and CA.pl.in.
- [Richard Levitte]
-
- *) Add functionality to check the public key of a certificate request
- against a given private. This is useful to check that a certificate
- request can be signed by that key (self-signing).
- [Richard Levitte]
-
- *) Make it possible to have multiple active certificates with the same
- subject in the CA index file. This is done only if the keyword
- 'unique_subject' is set to 'no' in the main CA section (default
- if 'CA_default') of the configuration file. The value is saved
- with the database itself in a separate index attribute file,
- named like the index file with '.attr' appended to the name.
- [Richard Levitte]
-
- *) Generate muti valued AVAs using '+' notation in config files for
- req and dirName.
- [Steve Henson]
-
- *) Support for nameConstraints certificate extension.
- [Steve Henson]
-
- *) Support for policyConstraints certificate extension.
- [Steve Henson]
-
- *) Support for policyMappings certificate extension.
- [Steve Henson]
-
- *) Make sure the default DSA_METHOD implementation only uses its
- dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL,
- and change its own handlers to be NULL so as to remove unnecessary
- indirection. This lets alternative implementations fallback to the
- default implementation more easily.
- [Geoff Thorpe]
-
- *) Support for directoryName in GeneralName related extensions
- in config files.
- [Steve Henson]
-
- *) Make it possible to link applications using Makefile.shared.
- Make that possible even when linking against static libraries!
- [Richard Levitte]
-
- *) Support for single pass processing for S/MIME signing. This now
- means that S/MIME signing can be done from a pipe, in addition
- cleartext signing (multipart/signed type) is effectively streaming
- and the signed data does not need to be all held in memory.
-
- This is done with a new flag PKCS7_STREAM. When this flag is set
- PKCS7_sign() only initializes the PKCS7 structure and the actual signing
- is done after the data is output (and digests calculated) in
- SMIME_write_PKCS7().
- [Steve Henson]
-
- *) Add full support for -rpath/-R, both in shared libraries and
- applications, at least on the platforms where it's known how
- to do it.
- [Richard Levitte]
-
- *) In crypto/ec/ec_mult.c, implement fast point multiplication with
- precomputation, based on wNAF splitting: EC_GROUP_precompute_mult()
- will now compute a table of multiples of the generator that
- makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul()
- faster (notably in the case of a single point multiplication,
- scalar * generator).
- [Nils Larsch, Bodo Moeller]
-
- *) IPv6 support for certificate extensions. The various extensions
- which use the IP:a.b.c.d can now take IPv6 addresses using the
- formats of RFC1884 2.2 . IPv6 addresses are now also displayed
- correctly.
- [Steve Henson]
-
- *) Added an ENGINE that implements RSA by performing private key
- exponentiations with the GMP library. The conversions to and from
- GMP's mpz_t format aren't optimised nor are any montgomery forms
- cached, and on x86 it appears OpenSSL's own performance has caught up.
- However there are likely to be other architectures where GMP could
- provide a boost. This ENGINE is not built in by default, but it can be
- specified at Configure time and should be accompanied by the necessary
- linker additions, eg;
- ./config -DOPENSSL_USE_GMP -lgmp
- [Geoff Thorpe]
-
- *) "openssl engine" will not display ENGINE/DSO load failure errors when
- testing availability of engines with "-t" - the old behaviour is
- produced by increasing the feature's verbosity with "-tt".
- [Geoff Thorpe]
-
- *) ECDSA routines: under certain error conditions uninitialized BN objects
- could be freed. Solution: make sure initialization is performed early
- enough. (Reported and fix supplied by Nils Larsch <nla@trustcenter.de>
- via PR#459)
- [Lutz Jaenicke]
-
- *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
- and DH_METHOD (eg. by ENGINE implementations) to override the normal
- software implementations. For DSA and DH, parameter generation can
- also be overriden by providing the appropriate method callbacks.
- [Geoff Thorpe]
-
- *) Change the "progress" mechanism used in key-generation and
- primality testing to functions that take a new BN_GENCB pointer in
- place of callback/argument pairs. The new API functions have "_ex"
- postfixes and the older functions are reimplemented as wrappers for
- the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
- declarations of the old functions to help (graceful) attempts to
- migrate to the new functions. Also, the new key-generation API
- functions operate on a caller-supplied key-structure and return
- success/failure rather than returning a key or NULL - this is to
- help make "keygen" another member function of RSA_METHOD etc.
-
- Example for using the new callback interface:
-
- int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;
- void *my_arg = ...;
- BN_GENCB my_cb;
-
- BN_GENCB_set(&my_cb, my_callback, my_arg);
-
- return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);
- /* For the meaning of a, b in calls to my_callback(), see the
- * documentation of the function that calls the callback.
- * cb will point to my_cb; my_arg can be retrieved as cb->arg.
- * my_callback should return 1 if it wants BN_is_prime_ex()
- * to continue, or 0 to stop.
- */
-
- [Geoff Thorpe]
-
- *) Change the ZLIB compression method to be stateful, and make it
- available to TLS with the number defined in
- draft-ietf-tls-compression-04.txt.
- [Richard Levitte]
-
- *) Add the ASN.1 structures and functions for CertificatePair, which
- is defined as follows (according to X.509_4thEditionDraftV6.pdf):
-
- CertificatePair ::= SEQUENCE {
- forward [0] Certificate OPTIONAL,
- reverse [1] Certificate OPTIONAL,
- -- at least one of the pair shall be present -- }
-
- Also implement the PEM functions to read and write certificate
- pairs, and defined the PEM tag as "CERTIFICATE PAIR".
-
- This needed to be defined, mostly for the sake of the LDAP
- attribute crossCertificatePair, but may prove useful elsewhere as
- well.
- [Richard Levitte]
-
- *) Make it possible to inhibit symlinking of shared libraries in
- Makefile.shared, for Cygwin's sake.
- [Richard Levitte]
-
- *) Extend the BIGNUM API by creating a function
- void BN_set_negative(BIGNUM *a, int neg);
- and a macro that behave like
- int BN_is_negative(const BIGNUM *a);
-
- to avoid the need to access 'a->neg' directly in applications.
- [Nils Larsch]
-
- *) Implement fast modular reduction for pseudo-Mersenne primes
- used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
- EC_GROUP_new_curve_GFp() will now automatically use this
- if applicable.
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add new lock type (CRYPTO_LOCK_BN).
- [Bodo Moeller]
-
- *) Change the ENGINE framework to automatically load engines
- dynamically from specific directories unless they could be
- found to already be built in or loaded. Move all the
- current engines except for the cryptodev one to a new
- directory engines/.
- The engines in engines/ are built as shared libraries if
- the "shared" options was given to ./Configure or ./config.
- Otherwise, they are inserted in libcrypto.a.
- /usr/local/ssl/engines is the default directory for dynamic
- engines, but that can be overriden at configure time through
- the usual use of --prefix and/or --openssldir, and at run
- time with the environment variable OPENSSL_ENGINES.
- [Geoff Thorpe and Richard Levitte]
-
- *) Add Makefile.shared, a helper makefile to build shared
- libraries. Addapt Makefile.org.
- [Richard Levitte]
-
- *) Add version info to Win32 DLLs.
- [Peter 'Luna' Runestig" <peter@runestig.com>]
-
- *) Add new 'medium level' PKCS#12 API. Certificates and keys
- can be added using this API to created arbitrary PKCS#12
- files while avoiding the low level API.
-
- New options to PKCS12_create(), key or cert can be NULL and
- will then be omitted from the output file. The encryption
- algorithm NIDs can be set to -1 for no encryption, the mac
- iteration count can be set to 0 to omit the mac.
-
- Enhance pkcs12 utility by making the -nokeys and -nocerts
- options work when creating a PKCS#12 file. New option -nomac
- to omit the mac, NONE can be set for an encryption algorithm.
- New code is modified to use the enhanced PKCS12_create()
- instead of the low level API.
- [Steve Henson]
-
- *) Extend ASN1 encoder to support indefinite length constructed
- encoding. This can output sequences tags and octet strings in
- this form. Modify pk7_asn1.c to support indefinite length
- encoding. This is experimental and needs additional code to
- be useful, such as an ASN1 bio and some enhanced streaming
- PKCS#7 code.
-
- Extend template encode functionality so that tagging is passed
- down to the template encoder.
- [Steve Henson]
-
- *) Let 'openssl req' fail if an argument to '-newkey' is not
- recognized instead of using RSA as a default.
- [Bodo Moeller]
-
- *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
- As these are not official, they are not included in "ALL";
- the "ECCdraft" ciphersuite group alias can be used to select them.
- [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
-
- *) Add ECDH engine support.
- [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
-
- *) Add ECDH in new directory crypto/ecdh/.
- [Douglas Stebila (Sun Microsystems Laboratories)]
-
- *) Let BN_rand_range() abort with an error after 100 iterations
- without success (which indicates a broken PRNG).
- [Bodo Moeller]
-
- *) Change BN_mod_sqrt() so that it verifies that the input value
- is really the square of the return value. (Previously,
- BN_mod_sqrt would show GIGO behaviour.)
- [Bodo Moeller]
-
- *) Add named elliptic curves over binary fields from X9.62, SECG,
- and WAP/WTLS; add OIDs that were still missing.
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) Extend the EC library for elliptic curves over binary fields
- (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
- New EC_METHOD:
-
- EC_GF2m_simple_method
-
- New API functions:
-
- EC_GROUP_new_curve_GF2m
- EC_GROUP_set_curve_GF2m
- EC_GROUP_get_curve_GF2m
- EC_POINT_set_affine_coordinates_GF2m
- EC_POINT_get_affine_coordinates_GF2m
- EC_POINT_set_compressed_coordinates_GF2m
-
- Point compression for binary fields is disabled by default for
- patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
- enable it).
-
- As binary polynomials are represented as BIGNUMs, various members
- of the EC_GROUP and EC_POINT data structures can be shared
- between the implementations for prime fields and binary fields;
- the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
- are essentially identical to their ..._GFp counterparts.
- (For simplicity, the '..._GFp' prefix has been dropped from
- various internal method names.)
-
- An internal 'field_div' method (similar to 'field_mul' and
- 'field_sqr') has been added; this is used only for binary fields.
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
- through methods ('mul', 'precompute_mult').
-
- The generic implementations (now internally called 'ec_wNAF_mul'
- and 'ec_wNAF_precomputed_mult') remain the default if these
- methods are undefined.
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) New function EC_GROUP_get_degree, which is defined through
- EC_METHOD. For curves over prime fields, this returns the bit
- length of the modulus.
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) New functions EC_GROUP_dup, EC_POINT_dup.
- (These simply call ..._new and ..._copy).
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
- Polynomials are represented as BIGNUMs (where the sign bit is not
- used) in the following functions [macros]:
-
- BN_GF2m_add
- BN_GF2m_sub [= BN_GF2m_add]
- BN_GF2m_mod [wrapper for BN_GF2m_mod_arr]
- BN_GF2m_mod_mul [wrapper for BN_GF2m_mod_mul_arr]
- BN_GF2m_mod_sqr [wrapper for BN_GF2m_mod_sqr_arr]
- BN_GF2m_mod_inv
- BN_GF2m_mod_exp [wrapper for BN_GF2m_mod_exp_arr]
- BN_GF2m_mod_sqrt [wrapper for BN_GF2m_mod_sqrt_arr]
- BN_GF2m_mod_solve_quad [wrapper for BN_GF2m_mod_solve_quad_arr]
- BN_GF2m_cmp [= BN_ucmp]
-
- (Note that only the 'mod' functions are actually for fields GF(2^m).
- BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
-
- For some functions, an the irreducible polynomial defining a
- field can be given as an 'unsigned int[]' with strictly
- decreasing elements giving the indices of those bits that are set;
- i.e., p[] represents the polynomial
- f(t) = t^p[0] + t^p[1] + ... + t^p[k]
- where
- p[0] > p[1] > ... > p[k] = 0.
- This applies to the following functions:
-
- BN_GF2m_mod_arr
- BN_GF2m_mod_mul_arr
- BN_GF2m_mod_sqr_arr
- BN_GF2m_mod_inv_arr [wrapper for BN_GF2m_mod_inv]
- BN_GF2m_mod_div_arr [wrapper for BN_GF2m_mod_div]
- BN_GF2m_mod_exp_arr
- BN_GF2m_mod_sqrt_arr
- BN_GF2m_mod_solve_quad_arr
- BN_GF2m_poly2arr
- BN_GF2m_arr2poly
-
- Conversion can be performed by the following functions:
-
- BN_GF2m_poly2arr
- BN_GF2m_arr2poly
-
- bntest.c has additional tests for binary polynomial arithmetic.
-
- Two implementations for BN_GF2m_mod_div() are available.
- The default algorithm simply uses BN_GF2m_mod_inv() and
- BN_GF2m_mod_mul(). The alternative algorithm is compiled in only
- if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
- copyright notice in crypto/bn/bn_gf2m.c before enabling it).
-
- [Sheueling Chang Shantz and Douglas Stebila
- (Sun Microsystems Laboratories)]
-
- *) Add new error code 'ERR_R_DISABLED' that can be used when some
- functionality is disabled at compile-time.
- [Douglas Stebila <douglas.stebila@sun.com>]
-
- *) Change default behaviour of 'openssl asn1parse' so that more
- information is visible when viewing, e.g., a certificate:
-
- Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
- mode the content of non-printable OCTET STRINGs is output in a
- style similar to INTEGERs, but with '[HEX DUMP]' prepended to
- avoid the appearance of a printable string.
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
- functions
- EC_GROUP_set_asn1_flag()
- EC_GROUP_get_asn1_flag()
- EC_GROUP_set_point_conversion_form()
- EC_GROUP_get_point_conversion_form()
- These control ASN1 encoding details:
- - Curves (i.e., groups) are encoded explicitly unless asn1_flag
- has been set to OPENSSL_EC_NAMED_CURVE.
- - Points are encoded in uncompressed form by default; options for
- asn1_for are as for point2oct, namely
- POINT_CONVERSION_COMPRESSED
- POINT_CONVERSION_UNCOMPRESSED
- POINT_CONVERSION_HYBRID
-
- Also add 'seed' and 'seed_len' members to EC_GROUP with access
- functions
- EC_GROUP_set_seed()
- EC_GROUP_get0_seed()
- EC_GROUP_get_seed_len()
- This is used only for ASN1 purposes (so far).
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add 'field_type' member to EC_METHOD, which holds the NID
- of the appropriate field type OID. The new function
- EC_METHOD_get_field_type() returns this value.
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add functions
- EC_POINT_point2bn()
- EC_POINT_bn2point()
- EC_POINT_point2hex()
- EC_POINT_hex2point()
- providing useful interfaces to EC_POINT_point2oct() and
- EC_POINT_oct2point().
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Change internals of the EC library so that the functions
- EC_GROUP_set_generator()
- EC_GROUP_get_generator()
- EC_GROUP_get_order()
- EC_GROUP_get_cofactor()
- are implemented directly in crypto/ec/ec_lib.c and not dispatched
- to methods, which would lead to unnecessary code duplication when
- adding different types of curves.
- [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
-
- *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
- arithmetic, and such that modified wNAFs are generated
- (which avoid length expansion in many cases).
- [Bodo Moeller]
-
- *) Add a function EC_GROUP_check_discriminant() (defined via
- EC_METHOD) that verifies that the curve discriminant is non-zero.
-
- Add a function EC_GROUP_check() that makes some sanity tests
- on a EC_GROUP, its generator and order. This includes
- EC_GROUP_check_discriminant().
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Add ECDSA in new directory crypto/ecdsa/.
-
- Add applications 'openssl ecparam' and 'openssl ecdsa'
- (these are based on 'openssl dsaparam' and 'openssl dsa').
-
- ECDSA support is also included in various other files across the
- library. Most notably,
- - 'openssl req' now has a '-newkey ecdsa:file' option;
- - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
- - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
- d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
- them suitable for ECDSA where domain parameters must be
- extracted before the specific public key;
- - ECDSA engine support has been added.
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Include some named elliptic curves, and add OIDs from X9.62,
- SECG, and WAP/WTLS. Each curve can be obtained from the new
- function
- EC_GROUP_new_by_curve_name(),
- and the list of available named curves can be obtained with
- EC_get_builtin_curves().
- Also add a 'curve_name' member to EC_GROUP objects, which can be
- accessed via
- EC_GROUP_set_curve_name()
- EC_GROUP_get_curve_name()
- [Nils Larsch <larsch@trustcenter.de, Bodo Moeller]
-
- *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
- was actually never needed) and in BN_mul(). The removal in BN_mul()
- required a small change in bn_mul_part_recursive() and the addition
- of the functions bn_cmp_part_words(), bn_sub_part_words() and
- bn_add_part_words(), which do the same thing as bn_cmp_words(),
- bn_sub_words() and bn_add_words() except they take arrays with
- differing sizes.
- [Richard Levitte]
-
- Changes between 0.9.7l and 0.9.7m [xx XXX xxxx]
-
- *) Cleanse PEM buffers before freeing them since they may contain
- sensitive data.
- [Benjamin Bennett <ben@psc.edu>]
-
- *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
- a ciphersuite string such as "DEFAULT:RSA" cannot enable
- authentication-only ciphersuites.
- [Bodo Moeller]
-
- *) Since AES128 and AES256 share a single mask bit in the logic of
- ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
- kludge to work properly if AES128 is available and AES256 isn't.
- [Victor Duchovni]
-
- *) Have SSL/TLS server implementation tolerate "mismatched" record
- protocol version while receiving ClientHello even if the
- ClientHello is fragmented. (The server can't insist on the
- particular protocol version it has chosen before the ServerHello
- message has informed the client about his choice.)
- [Bodo Moeller]
-
- *) Load error codes if they are not already present instead of using a
- static variable. This allows them to be cleanly unloaded and reloaded.
- [Steve Henson]
-
- Changes between 0.9.7k and 0.9.7l [28 Sep 2006]
-
- *) Introduce limits to prevent malicious keys being able to
- cause a denial of service. (CVE-2006-2940)
- [Steve Henson, Bodo Moeller]
-
- *) Fix ASN.1 parsing of certain invalid structures that can result
- in a denial of service. (CVE-2006-2937) [Steve Henson]
-
- *) Fix buffer overflow in SSL_get_shared_ciphers() function.
- (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
-
- *) Fix SSL client code which could crash if connecting to a
- malicious SSLv2 server. (CVE-2006-4343)
- [Tavis Ormandy and Will Drewry, Google Security Team]
-
- *) Change ciphersuite string processing so that an explicit
- ciphersuite selects this one ciphersuite (so that "AES256-SHA"
- will no longer include "AES128-SHA"), and any other similar
- ciphersuite (same bitmap) from *other* protocol versions (so that
- "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the
- SSL 3.0/TLS 1.0 ciphersuite). This is a backport combining
- changes from 0.9.8b and 0.9.8d.
- [Bodo Moeller]
-
- Changes between 0.9.7j and 0.9.7k [05 Sep 2006]
-
- *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
- (CVE-2006-4339) [Ben Laurie and Google Security Team]
-
- *) Change the Unix randomness entropy gathering to use poll() when
- possible instead of select(), since the latter has some
- undesirable limitations.
- [Darryl Miles via Richard Levitte and Bodo Moeller]
-
- *) Disable rogue ciphersuites:
-
- - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
- - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
- - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
-
- The latter two were purportedly from
- draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
- appear there.
-
- Also deactive the remaining ciphersuites from
- draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
- unofficial, and the ID has long expired.
- [Bodo Moeller]
-
- *) Fix RSA blinding Heisenbug (problems sometimes occured on
- dual-core machines) and other potential thread-safety issues.
- [Bodo Moeller]
-
- Changes between 0.9.7i and 0.9.7j [04 May 2006]
-
- *) Adapt fipsld and the build system to link against the validated FIPS
- module in FIPS mode.
- [Steve Henson]
-
- *) Fixes for VC++ 2005 build under Windows.
- [Steve Henson]
-
- *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make
- from a Windows bash shell such as MSYS. It is autodetected from the
- "config" script when run from a VC++ environment. Modify standard VC++
- build to use fipscanister.o from the GNU make build.
- [Steve Henson]
-
- Changes between 0.9.7h and 0.9.7i [14 Oct 2005]
-
- *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
- The value now differs depending on if you build for FIPS or not.
- BEWARE! A program linked with a shared FIPSed libcrypto can't be
- safely run with a non-FIPSed libcrypto, as it may crash because of
- the difference induced by this change.
- [Andy Polyakov]
-
- Changes between 0.9.7g and 0.9.7h [11 Oct 2005]
-
- *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
- (part of SSL_OP_ALL). This option used to disable the
- countermeasure against man-in-the-middle protocol-version
- rollback in the SSL 2.0 server implementation, which is a bad
- idea. (CVE-2005-2969)
-
- [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
- for Information Security, National Institute of Advanced Industrial
- Science and Technology [AIST], Japan)]
-
- *) Minimal support for X9.31 signatures and PSS padding modes. This is
- mainly for FIPS compliance and not fully integrated at this stage.
- [Steve Henson]
-
- *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
- the exponentiation using a fixed-length exponent. (Otherwise,
- the information leaked through timing could expose the secret key
- after many signatures; cf. Bleichenbacher's attack on DSA with
- biased k.)
- [Bodo Moeller]
-
- *) Make a new fixed-window mod_exp implementation the default for
- RSA, DSA, and DH private-key operations so that the sequence of
- squares and multiplies and the memory access pattern are
- independent of the particular secret key. This will mitigate
- cache-timing and potential related attacks.
-
- BN_mod_exp_mont_consttime() is the new exponentiation implementation,
- and this is automatically used by BN_mod_exp_mont() if the new flag
- BN_FLG_EXP_CONSTTIME is set for the exponent. RSA, DSA, and DH
- will use this BN flag for private exponents unless the flag
- RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or
- DH_FLAG_NO_EXP_CONSTTIME, respectively, is set.
-
- [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller]
-
- *) Change the client implementation for SSLv23_method() and
- SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
- Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
- (Previously, the SSL 2.0 backwards compatible Client Hello
- message format would be used even with SSL_OP_NO_SSLv2.)
- [Bodo Moeller]
-
- *) Add support for smime-type MIME parameter in S/MIME messages which some
- clients need.
- [Steve Henson]
-
- *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
- a threadsafe manner. Modify rsa code to use new function and add calls
- to dsa and dh code (which had race conditions before).
- [Steve Henson]
-
- *) Include the fixed error library code in the C error file definitions
- instead of fixing them up at runtime. This keeps the error code
- structures constant.
- [Steve Henson]
-
- Changes between 0.9.7f and 0.9.7g [11 Apr 2005]
-
- [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
- OpenSSL 0.9.8.]
-
- *) Fixes for newer kerberos headers. NB: the casts are needed because
- the 'length' field is signed on one version and unsigned on another
- with no (?) obvious way to tell the difference, without these VC++
- complains. Also the "definition" of FAR (blank) is no longer included
- nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
- some needed definitions.
- [Steve Henson]
-
- *) Undo Cygwin change.
- [Ulf Möller]
-
- *) Added support for proxy certificates according to RFC 3820.
- Because they may be a security thread to unaware applications,
- they must be explicitely allowed in run-time. See
- docs/HOWTO/proxy_certificates.txt for further information.
- [Richard Levitte]
-
- Changes between 0.9.7e and 0.9.7f [22 Mar 2005]
-
- *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
- server and client random values. Previously
- (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
- less random data when sizeof(time_t) > 4 (some 64 bit platforms).
-
- This change has negligible security impact because:
-
- 1. Server and client random values still have 24 bytes of pseudo random
- data.
-
- 2. Server and client random values are sent in the clear in the initial
- handshake.
-
- 3. The master secret is derived using the premaster secret (48 bytes in
- size for static RSA ciphersuites) as well as client server and random
- values.
-
- The OpenSSL team would like to thank the UK NISCC for bringing this issue
- to our attention.
-
- [Stephen Henson, reported by UK NISCC]
-
- *) Use Windows randomness collection on Cygwin.
- [Ulf Möller]
-
- *) Fix hang in EGD/PRNGD query when communication socket is closed
- prematurely by EGD/PRNGD.
- [Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014]
-
- *) Prompt for pass phrases when appropriate for PKCS12 input format.
- [Steve Henson]
-
- *) Back-port of selected performance improvements from development
- branch, as well as improved support for PowerPC platforms.
- [Andy Polyakov]
-
- *) Add lots of checks for memory allocation failure, error codes to indicate
- failure and freeing up memory if a failure occurs.
- [Nauticus Networks SSL Team <openssl@nauticusnet.com>, Steve Henson]
-
- *) Add new -passin argument to dgst.
- [Steve Henson]
-
- *) Perform some character comparisons of different types in X509_NAME_cmp:
- this is needed for some certificates that reencode DNs into UTF8Strings
- (in violation of RFC3280) and can't or wont issue name rollover
- certificates.
- [Steve Henson]
-
- *) Make an explicit check during certificate validation to see that
- the CA setting in each certificate on the chain is correct. As a
- side effect always do the following basic checks on extensions,
- not just when there's an associated purpose to the check:
-
- - if there is an unhandled critical extension (unless the user
- has chosen to ignore this fault)
- - if the path length has been exceeded (if one is set at all)
- - that certain extensions fit the associated purpose (if one has
- been given)
- [Richard Levitte]
-
- Changes between 0.9.7d and 0.9.7e [25 Oct 2004]
-
- *) Avoid a race condition when CRLs are checked in a multi threaded
- environment. This would happen due to the reordering of the revoked
- entries during signature checking and serial number lookup. Now the
- encoding is cached and the serial number sort performed under a lock.
- Add new STACK function sk_is_sorted().
- [Steve Henson]
-
- *) Add Delta CRL to the extension code.
- [Steve Henson]
-
- *) Various fixes to s3_pkt.c so alerts are sent properly.
- [David Holmes <d.holmes@f5.com>]
-
- *) Reduce the chances of duplicate issuer name and serial numbers (in
- violation of RFC3280) using the OpenSSL certificate creation utilities.
- This is done by creating a random 64 bit value for the initial serial
- number when a serial number file is created or when a self signed
- certificate is created using 'openssl req -x509'. The initial serial
- number file is created using 'openssl x509 -next_serial' in CA.pl
- rather than being initialized to 1.
- [Steve Henson]
-
- Changes between 0.9.7c and 0.9.7d [17 Mar 2004]
-
- *) Fix null-pointer assignment in do_change_cipher_spec() revealed
- by using the Codenomicon TLS Test Tool (CVE-2004-0079)
- [Joe Orton, Steve Henson]
-
- *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
- (CVE-2004-0112)
- [Joe Orton, Steve Henson]
-
- *) Make it possible to have multiple active certificates with the same
- subject in the CA index file. This is done only if the keyword
- 'unique_subject' is set to 'no' in the main CA section (default
- if 'CA_default') of the configuration file. The value is saved
- with the database itself in a separate index attribute file,
- named like the index file with '.attr' appended to the name.
- [Richard Levitte]
-
- *) X509 verify fixes. Disable broken certificate workarounds when
- X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
- keyUsage extension present. Don't accept CRLs with unhandled critical
- extensions: since verify currently doesn't process CRL extensions this
- rejects a CRL with *any* critical extensions. Add new verify error codes
- for these cases.
- [Steve Henson]
-
- *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
- A clarification of RFC2560 will require the use of OCTET STRINGs and
- some implementations cannot handle the current raw format. Since OpenSSL
- copies and compares OCSP nonces as opaque blobs without any attempt at
- parsing them this should not create any compatibility issues.
- [Steve Henson]
-
- *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
- calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
- this HMAC (and other) operations are several times slower than OpenSSL
- < 0.9.7.
- [Steve Henson]
-
- *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
- [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
-
- *) Use the correct content when signing type "other".
- [Steve Henson]
-
- Changes between 0.9.7b and 0.9.7c [30 Sep 2003]
-
- *) Fix various bugs revealed by running the NISCC test suite:
-
- Stop out of bounds reads in the ASN1 code when presented with
- invalid tags (CVE-2003-0543 and CVE-2003-0544).
-
- Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
-
- If verify callback ignores invalid public key errors don't try to check
- certificate signature with the NULL public key.
-
- [Steve Henson]
-
- *) New -ignore_err option in ocsp application to stop the server
- exiting on the first error in a request.
- [Steve Henson]
-
- *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
- if the server requested one: as stated in TLS 1.0 and SSL 3.0
- specifications.
- [Steve Henson]
-
- *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
- extra data after the compression methods not only for TLS 1.0
- but also for SSL 3.0 (as required by the specification).
- [Bodo Moeller; problem pointed out by Matthias Loepfe]
-
- *) Change X509_certificate_type() to mark the key as exported/exportable
- when it's 512 *bits* long, not 512 bytes.
- [Richard Levitte]
-
- *) Change AES_cbc_encrypt() so it outputs exact multiple of
- blocks during encryption.
- [Richard Levitte]
-
- *) Various fixes to base64 BIO and non blocking I/O. On write
- flushes were not handled properly if the BIO retried. On read
- data was not being buffered properly and had various logic bugs.
- This also affects blocking I/O when the data being decoded is a
- certain size.
- [Steve Henson]
-
- *) Various S/MIME bugfixes and compatibility changes:
- output correct application/pkcs7 MIME type if
- PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
- Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
- of files as .eml work). Correctly handle very long lines in MIME
- parser.
- [Steve Henson]
-
- Changes between 0.9.7a and 0.9.7b [10 Apr 2003]
-
- *) Countermeasure against the Klima-Pokorny-Rosa extension of
- Bleichbacher's attack on PKCS #1 v1.5 padding: treat
- a protocol version number mismatch like a decryption error
- in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
- [Bodo Moeller]
-
- *) Turn on RSA blinding by default in the default implementation
- to avoid a timing attack. Applications that don't want it can call
- RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
- They would be ill-advised to do so in most cases.
- [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
-
- *) Change RSA blinding code so that it works when the PRNG is not
- seeded (in this case, the secret RSA exponent is abused as
- an unpredictable seed -- if it is not unpredictable, there
- is no point in blinding anyway). Make RSA blinding thread-safe
- by remembering the creator's thread ID in rsa->blinding and
- having all other threads use local one-time blinding factors
- (this requires more computation than sharing rsa->blinding, but
- avoids excessive locking; and if an RSA object is not shared
- between threads, blinding will still be very fast).
- [Bodo Moeller]
-
- *) Fixed a typo bug that would cause ENGINE_set_default() to set an
- ENGINE as defaults for all supported algorithms irrespective of
- the 'flags' parameter. 'flags' is now honoured, so applications
- should make sure they are passing it correctly.
- [Geoff Thorpe]
-
- *) Target "mingw" now allows native Windows code to be generated in
- the Cygwin environment as well as with the MinGW compiler.
- [Ulf Moeller]
-
- Changes between 0.9.7 and 0.9.7a [19 Feb 2003]
-
- *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
- via timing by performing a MAC computation even if incorrrect
- block cipher padding has been found. This is a countermeasure
- against active attacks where the attacker has to distinguish
- between bad padding and a MAC verification error. (CVE-2003-0078)
-
- [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
- Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
- Martin Vuagnoux (EPFL, Ilion)]
-
- *) Make the no-err option work as intended. The intention with no-err
- is not to have the whole error stack handling routines removed from
- libcrypto, it's only intended to remove all the function name and
- reason texts, thereby removing some of the footprint that may not
- be interesting if those errors aren't displayed anyway.
-
- NOTE: it's still possible for any application or module to have it's
- own set of error texts inserted. The routines are there, just not
- used by default when no-err is given.
- [Richard Levitte]
-
- *) Add support for FreeBSD on IA64.
- [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454]
-
- *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
- Kerberos function mit_des_cbc_cksum(). Before this change,
- the value returned by DES_cbc_cksum() was like the one from
- mit_des_cbc_cksum(), except the bytes were swapped.
- [Kevin Greaney <Kevin.Greaney@hp.com> and Richard Levitte]
-
- *) Allow an application to disable the automatic SSL chain building.
- Before this a rather primitive chain build was always performed in
- ssl3_output_cert_chain(): an application had no way to send the
- correct chain if the automatic operation produced an incorrect result.
-
- Now the chain builder is disabled if either:
-
- 1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
-
- 2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
-
- The reasoning behind this is that an application would not want the
- auto chain building to take place if extra chain certificates are
- present and it might also want a means of sending no additional
- certificates (for example the chain has two certificates and the
- root is omitted).
- [Steve Henson]
-
- *) Add the possibility to build without the ENGINE framework.
- [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
-
- *) Under Win32 gmtime() can return NULL: check return value in
- OPENSSL_gmtime(). Add error code for case where gmtime() fails.
- [Steve Henson]
-
- *) DSA routines: under certain error conditions uninitialized BN objects
- could be freed. Solution: make sure initialization is performed early
- enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>,
- Nils Larsch <nla@trustcenter.de> via PR#459)
- [Lutz Jaenicke]
-
- *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
- checked on reconnect on the client side, therefore session resumption
- could still fail with a "ssl session id is different" error. This
- behaviour is masked when SSL_OP_ALL is used due to
- SSL_OP_MICROSOFT_SESS_ID_BUG being set.
- Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
- followup to PR #377.
- [Lutz Jaenicke]
-
- *) IA-32 assembler support enhancements: unified ELF targets, support
- for SCO/Caldera platforms, fix for Cygwin shared build.
- [Andy Polyakov]
-
- *) Add support for FreeBSD on sparc64. As a consequence, support for
- FreeBSD on non-x86 processors is separate from x86 processors on
- the config script, much like the NetBSD support.
- [Richard Levitte & Kris Kennaway <kris@obsecurity.org>]
-
- Changes between 0.9.6h and 0.9.7 [31 Dec 2002]
-
- [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
- OpenSSL 0.9.7.]
-
- *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
- code (06) was taken as the first octet of the session ID and the last
- octet was ignored consequently. As a result SSLv2 client side session
- caching could not have worked due to the session ID mismatch between
- client and server.
- Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
- PR #377.
- [Lutz Jaenicke]
-
- *) Change the declaration of needed Kerberos libraries to use EX_LIBS
- instead of the special (and badly supported) LIBKRB5. LIBKRB5 is
- removed entirely.
- [Richard Levitte]
-
- *) The hw_ncipher.c engine requires dynamic locks. Unfortunately, it
- seems that in spite of existing for more than a year, many application
- author have done nothing to provide the necessary callbacks, which
- means that this particular engine will not work properly anywhere.
- This is a very unfortunate situation which forces us, in the name
- of usability, to give the hw_ncipher.c a static lock, which is part
- of libcrypto.
- NOTE: This is for the 0.9.7 series ONLY. This hack will never
- appear in 0.9.8 or later. We EXPECT application authors to have
- dealt properly with this when 0.9.8 is released (unless we actually
- make such changes in the libcrypto locking code that changes will
- have to be made anyway).
- [Richard Levitte]
-
- *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
- octets have been read, EOF or an error occurs. Without this change
- some truncated ASN1 structures will not produce an error.
- [Steve Henson]
-
- *) Disable Heimdal support, since it hasn't been fully implemented.
- Still give the possibility to force the use of Heimdal, but with
- warnings and a request that patches get sent to openssl-dev.
- [Richard Levitte]
-
- *) Add the VC-CE target, introduce the WINCE sysname, and add
- INSTALL.WCE and appropriate conditionals to make it build.
- [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
-
- *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and
- cygssl-x.y.z.dll, where x, y and z are the major, minor and
- edit numbers of the version.
- [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
-
- *) Introduce safe string copy and catenation functions
- (BUF_strlcpy() and BUF_strlcat()).
- [Ben Laurie (CHATS) and Richard Levitte]
-
- *) Avoid using fixed-size buffers for one-line DNs.
- [Ben Laurie (CHATS)]
-
- *) Add BUF_MEM_grow_clean() to avoid information leakage when
- resizing buffers containing secrets, and use where appropriate.
- [Ben Laurie (CHATS)]
-
- *) Avoid using fixed size buffers for configuration file location.
- [Ben Laurie (CHATS)]
-
- *) Avoid filename truncation for various CA files.
- [Ben Laurie (CHATS)]
-
- *) Use sizeof in preference to magic numbers.
- [Ben Laurie (CHATS)]
-
- *) Avoid filename truncation in cert requests.
- [Ben Laurie (CHATS)]
-
- *) Add assertions to check for (supposedly impossible) buffer
- overflows.
- [Ben Laurie (CHATS)]
-
- *) Don't cache truncated DNS entries in the local cache (this could
- potentially lead to a spoofing attack).
- [Ben Laurie (CHATS)]
-
- *) Fix various buffers to be large enough for hex/decimal
- representations in a platform independent manner.
- [Ben Laurie (CHATS)]
-
- *) Add CRYPTO_realloc_clean() to avoid information leakage when
- resizing buffers containing secrets, and use where appropriate.
- [Ben Laurie (CHATS)]
-
- *) Add BIO_indent() to avoid much slightly worrying code to do
- indents.
- [Ben Laurie (CHATS)]
-
- *) Convert sprintf()/BIO_puts() to BIO_printf().
- [Ben Laurie (CHATS)]
-
- *) buffer_gets() could terminate with the buffer only half
- full. Fixed.
- [Ben Laurie (CHATS)]
-
- *) Add assertions to prevent user-supplied crypto functions from
- overflowing internal buffers by having large block sizes, etc.
- [Ben Laurie (CHATS)]
-
- *) New OPENSSL_assert() macro (similar to assert(), but enabled
- unconditionally).
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused copy of key in RC4.
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
- [Ben Laurie (CHATS)]
-
- *) Fix off-by-one error in EGD path.
- [Ben Laurie (CHATS)]
-
- *) If RANDFILE path is too long, ignore instead of truncating.
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused and incorrectly sized X.509 structure
- CBCParameter.
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused and dangerous function knumber().
- [Ben Laurie (CHATS)]
-
- *) Eliminate unused and dangerous structure, KSSL_ERR.
- [Ben Laurie (CHATS)]
-
- *) Protect against overlong session ID context length in an encoded
- session object. Since these are local, this does not appear to be
- exploitable.
- [Ben Laurie (CHATS)]
-
- *) Change from security patch (see 0.9.6e below) that did not affect
- the 0.9.6 release series:
-
- Remote buffer overflow in SSL3 protocol - an attacker could
- supply an oversized master key in Kerberos-enabled versions.
- (CVE-2002-0657)
- [Ben Laurie (CHATS)]
-
- *) Change the SSL kerb5 codes to match RFC 2712.
- [Richard Levitte]
-
- *) Make -nameopt work fully for req and add -reqopt switch.
- [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
-
- *) The "block size" for block ciphers in CFB and OFB mode should be 1.
- [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
-
- *) Make sure tests can be performed even if the corresponding algorithms
- have been removed entirely. This was also the last step to make
- OpenSSL compilable with DJGPP under all reasonable conditions.
- [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]
-
- *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
- to allow version independent disabling of normally unselected ciphers,
- which may be activated as a side-effect of selecting a single cipher.
-
- (E.g., cipher list string "RSA" enables ciphersuites that are left
- out of "ALL" because they do not provide symmetric encryption.
- "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
- [Lutz Jaenicke, Bodo Moeller]
-
- *) Add appropriate support for separate platform-dependent build
- directories. The recommended way to make a platform-dependent
- build directory is the following (tested on Linux), maybe with
- some local tweaks:
-
- # Place yourself outside of the OpenSSL source tree. In
- # this example, the environment variable OPENSSL_SOURCE
- # is assumed to contain the absolute OpenSSL source directory.
- mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
- cd objtree/"`uname -s`-`uname -r`-`uname -m`"
- (cd $OPENSSL_SOURCE; find . -type f) | while read F; do
- mkdir -p `dirname $F`
- ln -s $OPENSSL_SOURCE/$F $F
- done
-
- To be absolutely sure not to disturb the source tree, a "make clean"
- is a good thing. If it isn't successfull, don't worry about it,
- it probably means the source directory is very clean.
- [Richard Levitte]
-
- *) Make sure any ENGINE control commands make local copies of string
- pointers passed to them whenever necessary. Otherwise it is possible
- the caller may have overwritten (or deallocated) the original string
- data when a later ENGINE operation tries to use the stored values.
- [Götz Babin-Ebell <babinebell@trustcenter.de>]
-
- *) Improve diagnostics in file reading and command-line digests.
- [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
-
- *) Add AES modes CFB and OFB to the object database. Correct an
- error in AES-CFB decryption.
- [Richard Levitte]
-
- *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this
- allows existing EVP_CIPHER_CTX structures to be reused after
- calling EVP_*Final(). This behaviour is used by encryption
- BIOs and some applications. This has the side effect that
- applications must explicitly clean up cipher contexts with
- EVP_CIPHER_CTX_cleanup() or they will leak memory.
- [Steve Henson]
-
- *) Check the values of dna and dnb in bn_mul_recursive before calling
- bn_mul_comba (a non zero value means the a or b arrays do not contain
- n2 elements) and fallback to bn_mul_normal if either is not zero.
- [Steve Henson]
-
- *) Fix escaping of non-ASCII characters when using the -subj option
- of the "openssl req" command line tool. (Robert Joop <joop@fokus.gmd.de>)
- [Lutz Jaenicke]
-
- *) Make object definitions compliant to LDAP (RFC2256): SN is the short
- form for "surname", serialNumber has no short form.
- Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
- therefore remove "mail" short name for "internet 7".
- The OID for unique identifiers in X509 certificates is
- x500UniqueIdentifier, not uniqueIdentifier.
- Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>)
- [Lutz Jaenicke]
-
- *) Add an "init" command to the ENGINE config module and auto initialize
- ENGINEs. Without any "init" command the ENGINE will be initialized
- after all ctrl commands have been executed on it. If init=1 the
- ENGINE is initailized at that point (ctrls before that point are run
- on the uninitialized ENGINE and after on the initialized one). If
- init=0 then the ENGINE will not be iniatialized at all.
- [Steve Henson]
-
- *) Fix the 'app_verify_callback' interface so that the user-defined
- argument is actually passed to the callback: In the
- SSL_CTX_set_cert_verify_callback() prototype, the callback
- declaration has been changed from
- int (*cb)()
- into
- int (*cb)(X509_STORE_CTX *,void *);
- in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
- i=s->ctx->app_verify_callback(&ctx)
- has been changed into
- i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
-
- To update applications using SSL_CTX_set_cert_verify_callback(),
- a dummy argument can be added to their callback functions.
- [D. K. Smetters <smetters@parc.xerox.com>]
-
- *) Added the '4758cca' ENGINE to support IBM 4758 cards.
- [Maurice Gittens <maurice@gittens.nl>, touchups by Geoff Thorpe]
-
- *) Add and OPENSSL_LOAD_CONF define which will cause
- OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
- This allows older applications to transparently support certain
- OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
- Two new functions OPENSSL_add_all_algorithms_noconf() which will never
- load the config file and OPENSSL_add_all_algorithms_conf() which will
- always load it have also been added.
- [Steve Henson]
-
- *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.
- Adjust NIDs and EVP layer.
- [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
-
- *) Config modules support in openssl utility.
-
- Most commands now load modules from the config file,
- though in a few (such as version) this isn't done
- because it couldn't be used for anything.
-
- In the case of ca and req the config file used is
- the same as the utility itself: that is the -config
- command line option can be used to specify an
- alternative file.
- [Steve Henson]
-
- *) Move default behaviour from OPENSSL_config(). If appname is NULL
- use "openssl_conf" if filename is NULL use default openssl config file.
- [Steve Henson]
-
- *) Add an argument to OPENSSL_config() to allow the use of an alternative
- config section name. Add a new flag to tolerate a missing config file
- and move code to CONF_modules_load_file().
- [Steve Henson]
-
- *) Support for crypto accelerator cards from Accelerated Encryption
- Processing, www.aep.ie. (Use engine 'aep')
- The support was copied from 0.9.6c [engine] and adapted/corrected
- to work with the new engine framework.
- [AEP Inc. and Richard Levitte]
-
- *) Support for SureWare crypto accelerator cards from Baltimore
- Technologies. (Use engine 'sureware')
- The support was copied from 0.9.6c [engine] and adapted
- to work with the new engine framework.
- [Richard Levitte]
-
- *) Have the CHIL engine fork-safe (as defined by nCipher) and actually
- make the newer ENGINE framework commands for the CHIL engine work.
- [Toomas Kiisk <vix@cyber.ee> and Richard Levitte]
-
- *) Make it possible to produce shared libraries on ReliantUNIX.
- [Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> via Richard Levitte]
-
- *) Add the configuration target debug-linux-ppro.
- Make 'openssl rsa' use the general key loading routines
- implemented in apps.c, and make those routines able to
- handle the key format FORMAT_NETSCAPE and the variant
- FORMAT_IISSGC.
- [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
-
- *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
- [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
-
- *) Add -keyform to rsautl, and document -engine.
- [Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>]
-
- *) Change BIO_new_file (crypto/bio/bss_file.c) to use new
- BIO_R_NO_SUCH_FILE error code rather than the generic
- ERR_R_SYS_LIB error code if fopen() fails with ENOENT.
- [Ben Laurie]
-
- *) Add new functions
- ERR_peek_last_error
- ERR_peek_last_error_line
- ERR_peek_last_error_line_data.
- These are similar to
- ERR_peek_error
- ERR_peek_error_line
- ERR_peek_error_line_data,
- but report on the latest error recorded rather than the first one
- still in the error queue.
- [Ben Laurie, Bodo Moeller]
-
- *) default_algorithms option in ENGINE config module. This allows things
- like:
- default_algorithms = ALL
- default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS
- [Steve Henson]
-
- *) Prelminary ENGINE config module.
- [Steve Henson]
-
- *) New experimental application configuration code.
- [Steve Henson]
-
- *) Change the AES code to follow the same name structure as all other
- symmetric ciphers, and behave the same way. Move everything to
- the directory crypto/aes, thereby obsoleting crypto/rijndael.
- [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
-
- *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
- [Ben Laurie and Theo de Raadt]
-
- *) Add option to output public keys in req command.
- [Massimiliano Pala madwolf@openca.org]
-
- *) Use wNAFs in EC_POINTs_mul() for improved efficiency
- (up to about 10% better than before for P-192 and P-224).
- [Bodo Moeller]
-
- *) New functions/macros
-
- SSL_CTX_set_msg_callback(ctx, cb)
- SSL_CTX_set_msg_callback_arg(ctx, arg)
- SSL_set_msg_callback(ssl, cb)
- SSL_set_msg_callback_arg(ssl, arg)
-
- to request calling a callback function
-
- void cb(int write_p, int version, int content_type,
- const void *buf, size_t len, SSL *ssl, void *arg)
-
- whenever a protocol message has been completely received
- (write_p == 0) or sent (write_p == 1). Here 'version' is the
- protocol version according to which the SSL library interprets
- the current protocol message (SSL2_VERSION, SSL3_VERSION, or
- TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or
- the content type as defined in the SSL 3.0/TLS 1.0 protocol
- specification (change_cipher_spec(20), alert(21), handshake(22)).
- 'buf' and 'len' point to the actual message, 'ssl' to the
- SSL object, and 'arg' is the application-defined value set by
- SSL[_CTX]_set_msg_callback_arg().
-
- 'openssl s_client' and 'openssl s_server' have new '-msg' options
- to enable a callback that displays all protocol messages.
- [Bodo Moeller]
-
- *) Change the shared library support so shared libraries are built as
- soon as the corresponding static library is finished, and thereby get
- openssl and the test programs linked against the shared library.
- This still only happens when the keyword "shard" has been given to
- the configuration scripts.
-
- NOTE: shared library support is still an experimental thing, and
- backward binary compatibility is still not guaranteed.
- ["Maciej W. Rozycki" <macro@ds2.pg.gda.pl> and Richard Levitte]
-
- *) Add support for Subject Information Access extension.
- [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
-
- *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero
- additional bytes when new memory had to be allocated, not just
- when reusing an existing buffer.
- [Bodo Moeller]
-
- *) New command line and configuration option 'utf8' for the req command.
- This allows field values to be specified as UTF8 strings.
- [Steve Henson]
-
- *) Add -multi and -mr options to "openssl speed" - giving multiple parallel
- runs for the former and machine-readable output for the latter.
- [Ben Laurie]
-
- *) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion
- of the e-mail address in the DN (i.e., it will go into a certificate
- extension only). The new configuration file option 'email_in_dn = no'
- has the same effect.
- [Massimiliano Pala madwolf@openca.org]
-
- *) Change all functions with names starting with des_ to be starting
- with DES_ instead. Add wrappers that are compatible with libdes,
- but are named _ossl_old_des_*. Finally, add macros that map the
- des_* symbols to the corresponding _ossl_old_des_* if libdes
- compatibility is desired. If OpenSSL 0.9.6c compatibility is
- desired, the des_* symbols will be mapped to DES_*, with one
- exception.
-
- Since we provide two compatibility mappings, the user needs to
- define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes
- compatibility is desired. The default (i.e., when that macro
- isn't defined) is OpenSSL 0.9.6c compatibility.
-
- There are also macros that enable and disable the support of old
- des functions altogether. Those are OPENSSL_ENABLE_OLD_DES_SUPPORT
- and OPENSSL_DISABLE_OLD_DES_SUPPORT. If none or both of those
- are defined, the default will apply: to support the old des routines.
-
- In either case, one must include openssl/des.h to get the correct
- definitions. Do not try to just include openssl/des_old.h, that
- won't work.
-
- NOTE: This is a major break of an old API into a new one. Software
- authors are encouraged to switch to the DES_ style functions. Some
- time in the future, des_old.h and the libdes compatibility functions
- will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the
- default), and then completely removed.
- [Richard Levitte]
-
- *) Test for certificates which contain unsupported critical extensions.
- If such a certificate is found during a verify operation it is
- rejected by default: this behaviour can be overridden by either
- handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
- by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
- X509_supported_extension() has also been added which returns 1 if a
- particular extension is supported.
- [Steve Henson]
-
- *) Modify the behaviour of EVP cipher functions in similar way to digests
- to retain compatibility with existing code.
- [Steve Henson]
-
- *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
- compatibility with existing code. In particular the 'ctx' parameter does
- not have to be to be initialized before the call to EVP_DigestInit() and
- it is tidied up after a call to EVP_DigestFinal(). New function
- EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
- EVP_MD_CTX_copy() changed to not require the destination to be
- initialized valid and new function EVP_MD_CTX_copy_ex() added which
- requires the destination to be valid.
-
- Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
- EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
- [Steve Henson]
-
- *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
- so that complete 'Handshake' protocol structures are kept in memory
- instead of overwriting 'msg_type' and 'length' with 'body' data.
- [Bodo Moeller]
-
- *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
- [Massimo Santin via Richard Levitte]
-
- *) Major restructuring to the underlying ENGINE code. This includes
- reduction of linker bloat, separation of pure "ENGINE" manipulation
- (initialisation, etc) from functionality dealing with implementations
- of specific crypto iterfaces. This change also introduces integrated
- support for symmetric ciphers and digest implementations - so ENGINEs
- can now accelerate these by providing EVP_CIPHER and EVP_MD
- implementations of their own. This is detailed in crypto/engine/README
- as it couldn't be adequately described here. However, there are a few
- API changes worth noting - some RSA, DSA, DH, and RAND functions that
- were changed in the original introduction of ENGINE code have now
- reverted back - the hooking from this code to ENGINE is now a good
- deal more passive and at run-time, operations deal directly with
- RSA_METHODs, DSA_METHODs (etc) as they did before, rather than
- dereferencing through an ENGINE pointer any more. Also, the ENGINE
- functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -
- they were not being used by the framework as there is no concept of a
- BIGNUM_METHOD and they could not be generalised to the new
- 'ENGINE_TABLE' mechanism that underlies the new code. Similarly,
- ENGINE_cpy() has been removed as it cannot be consistently defined in
- the new code.
- [Geoff Thorpe]
-
- *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.
- [Steve Henson]
-
- *) Change mkdef.pl to sort symbols that get the same entry number,
- and make sure the automatically generated functions ERR_load_*
- become part of libeay.num as well.
- [Richard Levitte]
-
- *) New function SSL_renegotiate_pending(). This returns true once
- renegotiation has been requested (either SSL_renegotiate() call
- or HelloRequest/ClientHello receveived from the peer) and becomes
- false once a handshake has been completed.
- (For servers, SSL_renegotiate() followed by SSL_do_handshake()
- sends a HelloRequest, but does not ensure that a handshake takes
- place. SSL_renegotiate_pending() is useful for checking if the
- client has followed the request.)
- [Bodo Moeller]
-
- *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
- By default, clients may request session resumption even during
- renegotiation (if session ID contexts permit); with this option,
- session resumption is possible only in the first handshake.
-
- SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL. This makes
- more bits available for options that should not be part of
- SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
- [Bodo Moeller]
-
- *) Add some demos for certificate and certificate request creation.
- [Steve Henson]
-
- *) Make maximum certificate chain size accepted from the peer application
- settable (SSL*_get/set_max_cert_list()), as proposed by
- "Douglas E. Engert" <deengert@anl.gov>.
- [Lutz Jaenicke]
-
- *) Add support for shared libraries for Unixware-7
- (Boyd Lynn Gerber <gerberb@zenez.com>).
- [Lutz Jaenicke]
-
- *) Add a "destroy" handler to ENGINEs that allows structural cleanup to
- be done prior to destruction. Use this to unload error strings from
- ENGINEs that load their own error strings. NB: This adds two new API
- functions to "get" and "set" this destroy handler in an ENGINE.
- [Geoff Thorpe]
-
- *) Alter all existing ENGINE implementations (except "openssl" and
- "openbsd") to dynamically instantiate their own error strings. This
- makes them more flexible to be built both as statically-linked ENGINEs
- and self-contained shared-libraries loadable via the "dynamic" ENGINE.
- Also, add stub code to each that makes building them as self-contained
- shared-libraries easier (see README.ENGINE).
- [Geoff Thorpe]
-
- *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE
- implementations into applications that are completely implemented in
- self-contained shared-libraries. The "dynamic" ENGINE exposes control
- commands that can be used to configure what shared-library to load and
- to control aspects of the way it is handled. Also, made an update to
- the README.ENGINE file that brings its information up-to-date and
- provides some information and instructions on the "dynamic" ENGINE
- (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).
- [Geoff Thorpe]
-
- *) Make it possible to unload ranges of ERR strings with a new
- "ERR_unload_strings" function.
- [Geoff Thorpe]
-
- *) Add a copy() function to EVP_MD.
- [Ben Laurie]
-
- *) Make EVP_MD routines take a context pointer instead of just the
- md_data void pointer.
- [Ben Laurie]
-
- *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates
- that the digest can only process a single chunk of data
- (typically because it is provided by a piece of
- hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application
- is only going to provide a single chunk of data, and hence the
- framework needn't accumulate the data for oneshot drivers.
- [Ben Laurie]
-
- *) As with "ERR", make it possible to replace the underlying "ex_data"
- functions. This change also alters the storage and management of global
- ex_data state - it's now all inside ex_data.c and all "class" code (eg.
- RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class
- index counters. The API functions that use this state have been changed
- to take a "class_index" rather than pointers to the class's local STACK
- and counter, and there is now an API function to dynamically create new
- classes. This centralisation allows us to (a) plug a lot of the
- thread-safety problems that existed, and (b) makes it possible to clean
- up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)
- such data would previously have always leaked in application code and
- workarounds were in place to make the memory debugging turn a blind eye
- to it. Application code that doesn't use this new function will still
- leak as before, but their memory debugging output will announce it now
- rather than letting it slide.
-
- Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change
- induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
- has a return value to indicate success or failure.
- [Geoff Thorpe]
-
- *) Make it possible to replace the underlying "ERR" functions such that the
- global state (2 LHASH tables and 2 locks) is only used by the "default"
- implementation. This change also adds two functions to "get" and "set"
- the implementation prior to it being automatically set the first time
- any other ERR function takes place. Ie. an application can call "get",
- pass the return value to a module it has just loaded, and that module
- can call its own "set" function using that value. This means the
- module's "ERR" operations will use (and modify) the error state in the
- application and not in its own statically linked copy of OpenSSL code.
- [Geoff Thorpe]
-
- *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment
- reference counts. This performs normal REF_PRINT/REF_CHECK macros on
- the operation, and provides a more encapsulated way for external code
- (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
- to use these functions rather than manually incrementing the counts.
-
- Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".
- [Geoff Thorpe]
-
- *) Add EVP test program.
- [Ben Laurie]
-
- *) Add symmetric cipher support to ENGINE. Expect the API to change!
- [Ben Laurie]
-
- *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
- X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
- X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
- These allow a CRL to be built without having to access X509_CRL fields
- directly. Modify 'ca' application to use new functions.
- [Steve Henson]
-
- *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
- bug workarounds. Rollback attack detection is a security feature.
- The problem will only arise on OpenSSL servers when TLSv1 is not
- available (sslv3_server_method() or SSL_OP_NO_TLSv1).
- Software authors not wanting to support TLSv1 will have special reasons
- for their choice and can explicitly enable this option.
- [Bodo Moeller, Lutz Jaenicke]
-
- *) Rationalise EVP so it can be extended: don't include a union of
- cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
- (similar to those existing for EVP_CIPHER_CTX).
- Usage example:
-
- EVP_MD_CTX md;
-
- EVP_MD_CTX_init(&md); /* new function call */
- EVP_DigestInit(&md, EVP_sha1());
- EVP_DigestUpdate(&md, in, len);
- EVP_DigestFinal(&md, out, NULL);
- EVP_MD_CTX_cleanup(&md); /* new function call */
-
- [Ben Laurie]
-
- *) Make DES key schedule conform to the usual scheme, as well as
- correcting its structure. This means that calls to DES functions
- now have to pass a pointer to a des_key_schedule instead of a
- plain des_key_schedule (which was actually always a pointer
- anyway): E.g.,
-
- des_key_schedule ks;
-
- des_set_key_checked(..., &ks);
- des_ncbc_encrypt(..., &ks, ...);
-
- (Note that a later change renames 'des_...' into 'DES_...'.)
- [Ben Laurie]
-
- *) Initial reduction of linker bloat: the use of some functions, such as
- PEM causes large amounts of unused functions to be linked in due to
- poor organisation. For example pem_all.c contains every PEM function
- which has a knock on effect of linking in large amounts of (unused)
- ASN1 code. Grouping together similar functions and splitting unrelated
- functions prevents this.
- [Steve Henson]
-
- *) Cleanup of EVP macros.
- [Ben Laurie]
-
- *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
- correct _ecb suffix.
- [Ben Laurie]
-
- *) Add initial OCSP responder support to ocsp application. The
- revocation information is handled using the text based index
- use by the ca application. The responder can either handle
- requests generated internally, supplied in files (for example
- via a CGI script) or using an internal minimal server.
- [Steve Henson]
-
- *) Add configuration choices to get zlib compression for TLS.
- [Richard Levitte]
-
- *) Changes to Kerberos SSL for RFC 2712 compliance:
- 1. Implemented real KerberosWrapper, instead of just using
- KRB5 AP_REQ message. [Thanks to Simon Wilkinson <sxw@sxw.org.uk>]
- 2. Implemented optional authenticator field of KerberosWrapper.
-
- Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
- and authenticator structs; see crypto/krb5/.
-
- Generalized Kerberos calls to support multiple Kerberos libraries.
- [Vern Staats <staatsvr@asc.hpc.mil>,
- Jeffrey Altman <jaltman@columbia.edu>
- via Richard Levitte]
-
- *) Cause 'openssl speed' to use fully hard-coded DSA keys as it
- already does with RSA. testdsa.h now has 'priv_key/pub_key'
- values for each of the key sizes rather than having just
- parameters (and 'speed' generating keys each time).
- [Geoff Thorpe]
-
- *) Speed up EVP routines.
- Before:
-encrypt
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-des-cbc 4408.85k 5560.51k 5778.46k 5862.20k 5825.16k
-des-cbc 4389.55k 5571.17k 5792.23k 5846.91k 5832.11k
-des-cbc 4394.32k 5575.92k 5807.44k 5848.37k 5841.30k
-decrypt
-des-cbc 3482.66k 5069.49k 5496.39k 5614.16k 5639.28k
-des-cbc 3480.74k 5068.76k 5510.34k 5609.87k 5635.52k
-des-cbc 3483.72k 5067.62k 5504.60k 5708.01k 5724.80k
- After:
-encrypt
-des-cbc 4660.16k 5650.19k 5807.19k 5827.13k 5783.32k
-decrypt
-des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
- [Ben Laurie]
-
- *) Added the OS2-EMX target.
- ["Brian Havard" <brianh@kheldar.apana.org.au> and Richard Levitte]
-
- *) Rewrite apps to use NCONF routines instead of the old CONF. New functions
- to support NCONF routines in extension code. New function CONF_set_nconf()
- to allow functions which take an NCONF to also handle the old LHASH
- structure: this means that the old CONF compatible routines can be
- retained (in particular wrt extensions) without having to duplicate the
- code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
- [Steve Henson]
-
- *) Enhance the general user interface with mechanisms for inner control
- and with possibilities to have yes/no kind of prompts.
- [Richard Levitte]
-
- *) Change all calls to low level digest routines in the library and
- applications to use EVP. Add missing calls to HMAC_cleanup() and
- don't assume HMAC_CTX can be copied using memcpy().
- [Verdon Walker <VWalker@novell.com>, Steve Henson]
-
- *) Add the possibility to control engines through control names but with
- arbitrary arguments instead of just a string.
- Change the key loaders to take a UI_METHOD instead of a callback
- function pointer. NOTE: this breaks binary compatibility with earlier
- versions of OpenSSL [engine].
- Adapt the nCipher code for these new conditions and add a card insertion
- callback.
- [Richard Levitte]
-
- *) Enhance the general user interface with mechanisms to better support
- dialog box interfaces, application-defined prompts, the possibility
- to use defaults (for example default passwords from somewhere else)
- and interrupts/cancellations.
- [Richard Levitte]
-
- *) Tidy up PKCS#12 attribute handling. Add support for the CSP name
- attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
- [Steve Henson]
-
- *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also
- tidy up some unnecessarily weird code in 'sk_new()').
- [Geoff, reported by Diego Tartara <dtartara@novamens.com>]
-
- *) Change the key loading routines for ENGINEs to use the same kind
- callback (pem_password_cb) as all other routines that need this
- kind of callback.
- [Richard Levitte]
-
- *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
- 256 bit (=32 byte) keys. Of course seeding with more entropy bytes
- than this minimum value is recommended.
- [Lutz Jaenicke]
-
- *) New random seeder for OpenVMS, using the system process statistics
- that are easily reachable.
- [Richard Levitte]
-
- *) Windows apparently can't transparently handle global
- variables defined in DLLs. Initialisations such as:
-
- const ASN1_ITEM *it = &ASN1_INTEGER_it;
-
- wont compile. This is used by the any applications that need to
- declare their own ASN1 modules. This was fixed by adding the option
- EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
- needed for static libraries under Win32.
- [Steve Henson]
-
- *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
- setting of purpose and trust fields. New X509_STORE trust and
- purpose functions and tidy up setting in other SSL functions.
- [Steve Henson]
-
- *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
- structure. These are inherited by X509_STORE_CTX when it is
- initialised. This allows various defaults to be set in the
- X509_STORE structure (such as flags for CRL checking and custom
- purpose or trust settings) for functions which only use X509_STORE_CTX
- internally such as S/MIME.
-
- Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
- trust settings if they are not set in X509_STORE. This allows X509_STORE
- purposes and trust (in S/MIME for example) to override any set by default.
-
- Add command line options for CRL checking to smime, s_client and s_server
- applications.
- [Steve Henson]
-
- *) Initial CRL based revocation checking. If the CRL checking flag(s)
- are set then the CRL is looked up in the X509_STORE structure and
- its validity and signature checked, then if the certificate is found
- in the CRL the verify fails with a revoked error.
-
- Various new CRL related callbacks added to X509_STORE_CTX structure.
-
- Command line options added to 'verify' application to support this.
-
- This needs some additional work, such as being able to handle multiple
- CRLs with different times, extension based lookup (rather than just
- by subject name) and ultimately more complete V2 CRL extension
- handling.
- [Steve Henson]
-
- *) Add a general user interface API (crypto/ui/). This is designed
- to replace things like des_read_password and friends (backward
- compatibility functions using this new API are provided).
- The purpose is to remove prompting functions from the DES code
- section as well as provide for prompting through dialog boxes in
- a window system and the like.
- [Richard Levitte]
-
- *) Add "ex_data" support to ENGINE so implementations can add state at a
- per-structure level rather than having to store it globally.
- [Geoff]
-
- *) Make it possible for ENGINE structures to be copied when retrieved by
- ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.
- This causes the "original" ENGINE structure to act like a template,
- analogous to the RSA vs. RSA_METHOD type of separation. Because of this
- operational state can be localised to each ENGINE structure, despite the
- fact they all share the same "methods". New ENGINE structures returned in
- this case have no functional references and the return value is the single
- structural reference. This matches the single structural reference returned
- by ENGINE_by_id() normally, when it is incremented on the pre-existing
- ENGINE structure.
- [Geoff]
-
- *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
- needs to match any other type at all we need to manually clear the
- tag cache.
- [Steve Henson]
-
- *) Changes to the "openssl engine" utility to include;
- - verbosity levels ('-v', '-vv', and '-vvv') that provide information
- about an ENGINE's available control commands.
- - executing control commands from command line arguments using the
- '-pre' and '-post' switches. '-post' is only used if '-t' is
- specified and the ENGINE is successfully initialised. The syntax for
- the individual commands are colon-separated, for example;
- openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
- [Geoff]
-
- *) New dynamic control command support for ENGINEs. ENGINEs can now
- declare their own commands (numbers), names (strings), descriptions,
- and input types for run-time discovery by calling applications. A
- subset of these commands are implicitly classed as "executable"
- depending on their input type, and only these can be invoked through
- the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
- can be based on user input, config files, etc). The distinction is
- that "executable" commands cannot return anything other than a boolean
- result and can only support numeric or string input, whereas some
- discoverable commands may only be for direct use through
- ENGINE_ctrl(), eg. supporting the exchange of binary data, function
- pointers, or other custom uses. The "executable" commands are to
- support parameterisations of ENGINE behaviour that can be
- unambiguously defined by ENGINEs and used consistently across any
- OpenSSL-based application. Commands have been added to all the
- existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
- control over shared-library paths without source code alterations.
- [Geoff]
-
- *) Changed all ENGINE implementations to dynamically allocate their
- ENGINEs rather than declaring them statically. Apart from this being
- necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
- this also allows the implementations to compile without using the
- internal engine_int.h header.
- [Geoff]
-
- *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
- 'const' value. Any code that should be able to modify a RAND_METHOD
- should already have non-const pointers to it (ie. they should only
- modify their own ones).
- [Geoff]
-
- *) Made a variety of little tweaks to the ENGINE code.
- - "atalla" and "ubsec" string definitions were moved from header files
- to C code. "nuron" string definitions were placed in variables
- rather than hard-coded - allowing parameterisation of these values
- later on via ctrl() commands.
- - Removed unused "#if 0"'d code.
- - Fixed engine list iteration code so it uses ENGINE_free() to release
- structural references.
- - Constified the RAND_METHOD element of ENGINE structures.
- - Constified various get/set functions as appropriate and added
- missing functions (including a catch-all ENGINE_cpy that duplicates
- all ENGINE values onto a new ENGINE except reference counts/state).
- - Removed NULL parameter checks in get/set functions. Setting a method
- or function to NULL is a way of cancelling out a previously set
- value. Passing a NULL ENGINE parameter is just plain stupid anyway
- and doesn't justify the extra error symbols and code.
- - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
- flags from engine_int.h to engine.h.
- - Changed prototypes for ENGINE handler functions (init(), finish(),
- ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
- [Geoff]
-
- *) Implement binary inversion algorithm for BN_mod_inverse in addition
- to the algorithm using long division. The binary algorithm can be
- used only if the modulus is odd. On 32-bit systems, it is faster
- only for relatively small moduli (roughly 20-30% for 128-bit moduli,
- roughly 5-15% for 256-bit moduli), so we use it only for moduli
- up to 450 bits. In 64-bit environments, the binary algorithm
- appears to be advantageous for much longer moduli; here we use it
- for moduli up to 2048 bits.
- [Bodo Moeller]
-
- *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
- could not support the combine flag in choice fields.
- [Steve Henson]
-
- *) Add a 'copy_extensions' option to the 'ca' utility. This copies
- extensions from a certificate request to the certificate.
- [Steve Henson]
-
- *) Allow multiple 'certopt' and 'nameopt' options to be separated
- by commas. Add 'namopt' and 'certopt' options to the 'ca' config
- file: this allows the display of the certificate about to be
- signed to be customised, to allow certain fields to be included
- or excluded and extension details. The old system didn't display
- multicharacter strings properly, omitted fields not in the policy
- and couldn't display additional details such as extensions.
- [Steve Henson]
-
- *) Function EC_POINTs_mul for multiple scalar multiplication
- of an arbitrary number of elliptic curve points
- \sum scalars[i]*points[i],
- optionally including the generator defined for the EC_GROUP:
- scalar*generator + \sum scalars[i]*points[i].
-
- EC_POINT_mul is a simple wrapper function for the typical case
- that the point list has just one item (besides the optional
- generator).
- [Bodo Moeller]
-
- *) First EC_METHODs for curves over GF(p):
-
- EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
- operations and provides various method functions that can also
- operate with faster implementations of modular arithmetic.
-
- EC_GFp_mont_method() reuses most functions that are part of
- EC_GFp_simple_method, but uses Montgomery arithmetic.
-
- [Bodo Moeller; point addition and point doubling
- implementation directly derived from source code provided by
- Lenka Fibikova <fibikova@exp-math.uni-essen.de>]
-
- *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
- crypto/ec/ec_lib.c):
-
- Curves are EC_GROUP objects (with an optional group generator)
- based on EC_METHODs that are built into the library.
-
- Points are EC_POINT objects based on EC_GROUP objects.
-
- Most of the framework would be able to handle curves over arbitrary
- finite fields, but as there are no obvious types for fields other
- than GF(p), some functions are limited to that for now.
- [Bodo Moeller]
-
- *) Add the -HTTP option to s_server. It is similar to -WWW, but requires
- that the file contains a complete HTTP response.
- [Richard Levitte]
-
- *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
- change the def and num file printf format specifier from "%-40sXXX"
- to "%-39s XXX". The latter will always guarantee a space after the
- field while the former will cause them to run together if the field
- is 40 of more characters long.
- [Steve Henson]
-
- *) Constify the cipher and digest 'method' functions and structures
- and modify related functions to take constant EVP_MD and EVP_CIPHER
- pointers.
- [Steve Henson]
-
- *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
- in <openssl/bn.h>. Also further increase BN_CTX_NUM to 32.
- [Bodo Moeller]
-
- *) Modify EVP_Digest*() routines so they now return values. Although the
- internal software routines can never fail additional hardware versions
- might.
- [Steve Henson]
-
- *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
-
- Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
- (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
-
- ASN1 error codes
- ERR_R_NESTED_ASN1_ERROR
- ...
- ERR_R_MISSING_ASN1_EOS
- were 4 .. 9, conflicting with
- ERR_LIB_RSA (= ERR_R_RSA_LIB)
- ...
- ERR_LIB_PEM (= ERR_R_PEM_LIB).
- They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
-
- Add new error code 'ERR_R_INTERNAL_ERROR'.
- [Bodo Moeller]
-
- *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
- suffices.
- [Bodo Moeller]
-
- *) New option '-subj arg' for 'openssl req' and 'openssl ca'. This
- sets the subject name for a new request or supersedes the
- subject name in a given request. Formats that can be parsed are
- 'CN=Some Name, OU=myOU, C=IT'
- and
- 'CN=Some Name/OU=myOU/C=IT'.
-
- Add options '-batch' and '-verbose' to 'openssl req'.
- [Massimiliano Pala <madwolf@hackmasters.net>]
-
- *) Introduce the possibility to access global variables through
- functions on platform were that's the best way to handle exporting
- global variables in shared libraries. To enable this functionality,
- one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
- "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
- is normally done by Configure or something similar).
-
- To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
- in the source file (foo.c) like this:
-
- OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
- OPENSSL_IMPLEMENT_GLOBAL(double,bar);
-
- To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
- and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
-
- OPENSSL_DECLARE_GLOBAL(int,foo);
- #define foo OPENSSL_GLOBAL_REF(foo)
- OPENSSL_DECLARE_GLOBAL(double,bar);
- #define bar OPENSSL_GLOBAL_REF(bar)
-
- The #defines are very important, and therefore so is including the
- header file everywhere where the defined globals are used.
-
- The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
- of ASN.1 items, but that structure is a bit different.
-
- The largest change is in util/mkdef.pl which has been enhanced with
- better and easier to understand logic to choose which symbols should
- go into the Windows .def files as well as a number of fixes and code
- cleanup (among others, algorithm keywords are now sorted
- lexicographically to avoid constant rewrites).
- [Richard Levitte]
-
- *) In BN_div() keep a copy of the sign of 'num' before writing the
- result to 'rm' because if rm==num the value will be overwritten
- and produce the wrong result if 'num' is negative: this caused
- problems with BN_mod() and BN_nnmod().
- [Steve Henson]
-
- *) Function OCSP_request_verify(). This checks the signature on an
- OCSP request and verifies the signer certificate. The signer
- certificate is just checked for a generic purpose and OCSP request
- trust settings.
- [Steve Henson]
-
- *) Add OCSP_check_validity() function to check the validity of OCSP
- responses. OCSP responses are prepared in real time and may only
- be a few seconds old. Simply checking that the current time lies
- between thisUpdate and nextUpdate max reject otherwise valid responses
- caused by either OCSP responder or client clock inaccuracy. Instead
- we allow thisUpdate and nextUpdate to fall within a certain period of
- the current time. The age of the response can also optionally be
- checked. Two new options -validity_period and -status_age added to
- ocsp utility.
- [Steve Henson]
-
- *) If signature or public key algorithm is unrecognized print out its
- OID rather that just UNKNOWN.
- [Steve Henson]
-
- *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
- OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
- ID to be generated from the issuer certificate alone which can then be
- passed to OCSP_id_issuer_cmp().
- [Steve Henson]
-
- *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
- ASN1 modules to export functions returning ASN1_ITEM pointers
- instead of the ASN1_ITEM structures themselves. This adds several
- new macros which allow the underlying ASN1 function/structure to
- be accessed transparently. As a result code should not use ASN1_ITEM
- references directly (such as &X509_it) but instead use the relevant
- macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
- use of the new ASN1 code on platforms where exporting structures
- is problematical (for example in shared libraries) but exporting
- functions returning pointers to structures is not.
- [Steve Henson]
-
- *) Add support for overriding the generation of SSL/TLS session IDs.
- These callbacks can be registered either in an SSL_CTX or per SSL.
- The purpose of this is to allow applications to control, if they wish,
- the arbitrary values chosen for use as session IDs, particularly as it
- can be useful for session caching in multiple-server environments. A
- command-line switch for testing this (and any client code that wishes
- to use such a feature) has been added to "s_server".
- [Geoff Thorpe, Lutz Jaenicke]
-
- *) Modify mkdef.pl to recognise and parse preprocessor conditionals
- of the form '#if defined(...) || defined(...) || ...' and
- '#if !defined(...) && !defined(...) && ...'. This also avoids
- the growing number of special cases it was previously handling.
- [Richard Levitte]
-
- *) Make all configuration macros available for application by making
- sure they are available in opensslconf.h, by giving them names starting
- with "OPENSSL_" to avoid conflicts with other packages and by making
- sure e_os2.h will cover all platform-specific cases together with
- opensslconf.h.
- Additionally, it is now possible to define configuration/platform-
- specific names (called "system identities"). In the C code, these
- are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another
- macro with the name beginning with "OPENSSL_SYS_", which is determined
- from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
- what is available.
- [Richard Levitte]
-
- *) New option -set_serial to 'req' and 'x509' this allows the serial
- number to use to be specified on the command line. Previously self
- signed certificates were hard coded with serial number 0 and the
- CA options of 'x509' had to use a serial number in a file which was
- auto incremented.
- [Steve Henson]
-
- *) New options to 'ca' utility to support V2 CRL entry extensions.
- Currently CRL reason, invalidity date and hold instruction are
- supported. Add new CRL extensions to V3 code and some new objects.
- [Steve Henson]
-
- *) New function EVP_CIPHER_CTX_set_padding() this is used to
- disable standard block padding (aka PKCS#5 padding) in the EVP
- API, which was previously mandatory. This means that the data is
- not padded in any way and so the total length much be a multiple
- of the block size, otherwise an error occurs.
- [Steve Henson]
-
- *) Initial (incomplete) OCSP SSL support.
- [Steve Henson]
-
- *) New function OCSP_parse_url(). This splits up a URL into its host,
- port and path components: primarily to parse OCSP URLs. New -url
- option to ocsp utility.
- [Steve Henson]
-
- *) New nonce behavior. The return value of OCSP_check_nonce() now
- reflects the various checks performed. Applications can decide
- whether to tolerate certain situations such as an absent nonce
- in a response when one was present in a request: the ocsp application
- just prints out a warning. New function OCSP_add1_basic_nonce()
- this is to allow responders to include a nonce in a response even if
- the request is nonce-less.
- [Steve Henson]
-
- *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
- skipped when using openssl x509 multiple times on a single input file,
- e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
- [Bodo Moeller]
-
- *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
- set string type: to handle setting ASN1_TIME structures. Fix ca
- utility to correctly initialize revocation date of CRLs.
- [Steve Henson]
-
- *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
- the clients preferred ciphersuites and rather use its own preferences.
- Should help to work around M$ SGC (Server Gated Cryptography) bug in
- Internet Explorer by ensuring unchanged hash method during stepup.
- (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
- [Lutz Jaenicke]
-
- *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
- to aes and add a new 'exist' option to print out symbols that don't
- appear to exist.
- [Steve Henson]
-
- *) Additional options to ocsp utility to allow flags to be set and
- additional certificates supplied.
- [Steve Henson]
-
- *) Add the option -VAfile to 'openssl ocsp', so the user can give the
- OCSP client a number of certificate to only verify the response
- signature against.
- [Richard Levitte]
-
- *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
- handle the new API. Currently only ECB, CBC modes supported. Add new
- AES OIDs.
-
- Add TLS AES ciphersuites as described in RFC3268, "Advanced
- Encryption Standard (AES) Ciphersuites for Transport Layer
- Security (TLS)". (In beta versions of OpenSSL 0.9.7, these were
- not enabled by default and were not part of the "ALL" ciphersuite
- alias because they were not yet official; they could be
- explicitly requested by specifying the "AESdraft" ciphersuite
- group alias. In the final release of OpenSSL 0.9.7, the group
- alias is called "AES" and is part of "ALL".)
- [Ben Laurie, Steve Henson, Bodo Moeller]
-
- *) New function OCSP_copy_nonce() to copy nonce value (if present) from
- request to response.
- [Steve Henson]
-
- *) Functions for OCSP responders. OCSP_request_onereq_count(),
- OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
- extract information from a certificate request. OCSP_response_create()
- creates a response and optionally adds a basic response structure.
- OCSP_basic_add1_status() adds a complete single response to a basic
- response and returns the OCSP_SINGLERESP structure just added (to allow
- extensions to be included for example). OCSP_basic_add1_cert() adds a
- certificate to a basic response and OCSP_basic_sign() signs a basic
- response with various flags. New helper functions ASN1_TIME_check()
- (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
- (converts ASN1_TIME to GeneralizedTime).
- [Steve Henson]
-
- *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
- in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
- structure from a certificate. X509_pubkey_digest() digests the public_key
- contents: this is used in various key identifiers.
- [Steve Henson]
-
- *) Make sk_sort() tolerate a NULL argument.
- [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>]
-
- *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
- passed by the function are trusted implicitly. If any of them signed the
- response then it is assumed to be valid and is not verified.
- [Steve Henson]
-
- *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
- to data. This was previously part of the PKCS7 ASN1 code. This
- was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
- [Steve Henson, reported by Kenneth R. Robinette
- <support@securenetterm.com>]
-
- *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
- routines: without these tracing memory leaks is very painful.
- Fix leaks in PKCS12 and PKCS7 routines.
- [Steve Henson]
-
- *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
- Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
- effectively meant GeneralizedTime would never be used. Now it
- is initialised to -1 but X509_time_adj() now has to check the value
- and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
- V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
- [Steve Henson, reported by Kenneth R. Robinette
- <support@securenetterm.com>]
-
- *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
- result in a zero length in the ASN1_INTEGER structure which was
- not consistent with the structure when d2i_ASN1_INTEGER() was used
- and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
- to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
- where it did not print out a minus for negative ASN1_INTEGER.
- [Steve Henson]
-
- *) Add summary printout to ocsp utility. The various functions which
- convert status values to strings have been renamed to:
- OCSP_response_status_str(), OCSP_cert_status_str() and
- OCSP_crl_reason_str() and are no longer static. New options
- to verify nonce values and to disable verification. OCSP response
- printout format cleaned up.
- [Steve Henson]
-
- *) Add additional OCSP certificate checks. These are those specified
- in RFC2560. This consists of two separate checks: the CA of the
- certificate being checked must either be the OCSP signer certificate
- or the issuer of the OCSP signer certificate. In the latter case the
- OCSP signer certificate must contain the OCSP signing extended key
- usage. This check is performed by attempting to match the OCSP
- signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
- in the OCSP_CERTID structures of the response.
- [Steve Henson]
-
- *) Initial OCSP certificate verification added to OCSP_basic_verify()
- and related routines. This uses the standard OpenSSL certificate
- verify routines to perform initial checks (just CA validity) and
- to obtain the certificate chain. Then additional checks will be
- performed on the chain. Currently the root CA is checked to see
- if it is explicitly trusted for OCSP signing. This is used to set
- a root CA as a global signing root: that is any certificate that
- chains to that CA is an acceptable OCSP signing certificate.
- [Steve Henson]
-
- *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
- extensions from a separate configuration file.
- As when reading extensions from the main configuration file,
- the '-extensions ...' option may be used for specifying the
- section to use.
- [Massimiliano Pala <madwolf@comune.modena.it>]
-
- *) New OCSP utility. Allows OCSP requests to be generated or
- read. The request can be sent to a responder and the output
- parsed, outputed or printed in text form. Not complete yet:
- still needs to check the OCSP response validity.
- [Steve Henson]
-
- *) New subcommands for 'openssl ca':
- 'openssl ca -status <serial>' prints the status of the cert with
- the given serial number (according to the index file).
- 'openssl ca -updatedb' updates the expiry status of certificates
- in the index file.
- [Massimiliano Pala <madwolf@comune.modena.it>]
-
- *) New '-newreq-nodes' command option to CA.pl. This is like
- '-newreq', but calls 'openssl req' with the '-nodes' option
- so that the resulting key is not encrypted.
- [Damien Miller <djm@mindrot.org>]
-
- *) New configuration for the GNU Hurd.
- [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte]
-
- *) Initial code to implement OCSP basic response verify. This
- is currently incomplete. Currently just finds the signer's
- certificate and verifies the signature on the response.
- [Steve Henson]
-
- *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
- value of OPENSSLDIR. This is available via the new '-d' option
- to 'openssl version', and is also included in 'openssl version -a'.
- [Bodo Moeller]
-
- *) Allowing defining memory allocation callbacks that will be given
- file name and line number information in additional arguments
- (a const char* and an int). The basic functionality remains, as
- well as the original possibility to just replace malloc(),
- realloc() and free() by functions that do not know about these
- additional arguments. To register and find out the current
- settings for extended allocation functions, the following
- functions are provided:
-
- CRYPTO_set_mem_ex_functions
- CRYPTO_set_locked_mem_ex_functions
- CRYPTO_get_mem_ex_functions
- CRYPTO_get_locked_mem_ex_functions
-
- These work the same way as CRYPTO_set_mem_functions and friends.
- CRYPTO_get_[locked_]mem_functions now writes 0 where such an
- extended allocation function is enabled.
- Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where
- a conventional allocation function is enabled.
- [Richard Levitte, Bodo Moeller]
-
- *) Finish off removing the remaining LHASH function pointer casts.
- There should no longer be any prototype-casting required when using
- the LHASH abstraction, and any casts that remain are "bugs". See
- the callback types and macros at the head of lhash.h for details
- (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
- [Geoff Thorpe]
-
- *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
- If /dev/[u]random devices are not available or do not return enough
- entropy, EGD style sockets (served by EGD or PRNGD) will automatically
- be queried.
- The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
- /etc/entropy will be queried once each in this sequence, quering stops
- when enough entropy was collected without querying more sockets.
- [Lutz Jaenicke]
-
- *) Change the Unix RAND_poll() variant to be able to poll several
- random devices, as specified by DEVRANDOM, until a sufficient amount
- of data has been collected. We spend at most 10 ms on each file
- (select timeout) and read in non-blocking mode. DEVRANDOM now
- defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"
- (previously it was just the string "/dev/urandom"), so on typical
- platforms the 10 ms delay will never occur.
- Also separate out the Unix variant to its own file, rand_unix.c.
- For VMS, there's a currently-empty rand_vms.c.
- [Richard Levitte]
-
- *) Move OCSP client related routines to ocsp_cl.c. These
- provide utility functions which an application needing
- to issue a request to an OCSP responder and analyse the
- response will typically need: as opposed to those which an
- OCSP responder itself would need which will be added later.
-
- OCSP_request_sign() signs an OCSP request with an API similar
- to PKCS7_sign(). OCSP_response_status() returns status of OCSP
- response. OCSP_response_get1_basic() extracts basic response
- from response. OCSP_resp_find_status(): finds and extracts status
- information from an OCSP_CERTID structure (which will be created
- when the request structure is built). These are built from lower
- level functions which work on OCSP_SINGLERESP structures but
- wont normally be used unless the application wishes to examine
- extensions in the OCSP response for example.
-
- Replace nonce routines with a pair of functions.
- OCSP_request_add1_nonce() adds a nonce value and optionally
- generates a random value. OCSP_check_nonce() checks the
- validity of the nonce in an OCSP response.
- [Steve Henson]
-
- *) Change function OCSP_request_add() to OCSP_request_add0_id().
- This doesn't copy the supplied OCSP_CERTID and avoids the
- need to free up the newly created id. Change return type
- to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
- This can then be used to add extensions to the request.
- Deleted OCSP_request_new(), since most of its functionality
- is now in OCSP_REQUEST_new() (and the case insensitive name
- clash) apart from the ability to set the request name which
- will be added elsewhere.
- [Steve Henson]
-
- *) Update OCSP API. Remove obsolete extensions argument from
- various functions. Extensions are now handled using the new
- OCSP extension code. New simple OCSP HTTP function which
- can be used to send requests and parse the response.
- [Steve Henson]
-
- *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
- ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
- uses the special reorder version of SET OF to sort the attributes
- and reorder them to match the encoded order. This resolves a long
- standing problem: a verify on a PKCS7 structure just after signing
- it used to fail because the attribute order did not match the
- encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
- it uses the received order. This is necessary to tolerate some broken
- software that does not order SET OF. This is handled by encoding
- as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
- to produce the required SET OF.
- [Steve Henson]
-
- *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
- OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
- files to get correct declarations of the ASN.1 item variables.
- [Richard Levitte]
-
- *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
- PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
- asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
- NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
- New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
- ASN1_ITEM and no wrapper functions.
- [Steve Henson]
-
- *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
- replace the old function pointer based I/O routines. Change most of
- the *_d2i_bio() and *_d2i_fp() functions to use these.
- [Steve Henson]
-
- *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
- lines, recognice more "algorithms" that can be deselected, and make
- it complain about algorithm deselection that isn't recognised.
- [Richard Levitte]
-
- *) New ASN1 functions to handle dup, sign, verify, digest, pack and
- unpack operations in terms of ASN1_ITEM. Modify existing wrappers
- to use new functions. Add NO_ASN1_OLD which can be set to remove
- some old style ASN1 functions: this can be used to determine if old
- code will still work when these eventually go away.
- [Steve Henson]
-
- *) New extension functions for OCSP structures, these follow the
- same conventions as certificates and CRLs.
- [Steve Henson]
-
- *) New function X509V3_add1_i2d(). This automatically encodes and
- adds an extension. Its behaviour can be customised with various
- flags to append, replace or delete. Various wrappers added for
- certifcates and CRLs.
- [Steve Henson]
-
- *) Fix to avoid calling the underlying ASN1 print routine when
- an extension cannot be parsed. Correct a typo in the
- OCSP_SERVICELOC extension. Tidy up print OCSP format.
- [Steve Henson]
-
- *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
- entries for variables.
- [Steve Henson]
-
- *) Add functionality to apps/openssl.c for detecting locking
- problems: As the program is single-threaded, all we have
- to do is register a locking callback using an array for
- storing which locks are currently held by the program.
- [Bodo Moeller]
-
- *) Use a lock around the call to CRYPTO_get_ex_new_index() in
- SSL_get_ex_data_X509_STORE_idx(), which is used in
- ssl_verify_cert_chain() and thus can be called at any time
- during TLS/SSL handshakes so that thread-safety is essential.
- Unfortunately, the ex_data design is not at all suited
- for multi-threaded use, so it probably should be abolished.
- [Bodo Moeller]
-
- *) Added Broadcom "ubsec" ENGINE to OpenSSL.
- [Broadcom, tweaked and integrated by Geoff Thorpe]
-
- *) Move common extension printing code to new function
- X509V3_print_extensions(). Reorganise OCSP print routines and
- implement some needed OCSP ASN1 functions. Add OCSP extensions.
- [Steve Henson]
-
- *) New function X509_signature_print() to remove duplication in some
- print routines.
- [Steve Henson]
-
- *) Add a special meaning when SET OF and SEQUENCE OF flags are both
- set (this was treated exactly the same as SET OF previously). This
- is used to reorder the STACK representing the structure to match the
- encoding. This will be used to get round a problem where a PKCS7
- structure which was signed could not be verified because the STACK
- order did not reflect the encoded order.
- [Steve Henson]
-
- *) Reimplement the OCSP ASN1 module using the new code.
- [Steve Henson]
-
- *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
- for its ASN1 operations. The old style function pointers still exist
- for now but they will eventually go away.
- [Steve Henson]
-
- *) Merge in replacement ASN1 code from the ASN1 branch. This almost
- completely replaces the old ASN1 functionality with a table driven
- encoder and decoder which interprets an ASN1_ITEM structure describing
- the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
- largely maintained. Almost all of the old asn1_mac.h macro based ASN1
- has also been converted to the new form.
- [Steve Henson]
-
- *) Change BN_mod_exp_recp so that negative moduli are tolerated
- (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set
- so that BN_mod_exp_mont and BN_mod_exp_mont_word work
- for negative moduli.
- [Bodo Moeller]
-
- *) Fix BN_uadd and BN_usub: Always return non-negative results instead
- of not touching the result's sign bit.
- [Bodo Moeller]
-
- *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
- set.
- [Bodo Moeller]
-
- *) Changed the LHASH code to use prototypes for callbacks, and created
- macros to declare and implement thin (optionally static) functions
- that provide type-safety and avoid function pointer casting for the
- type-specific callbacks.
- [Geoff Thorpe]
-
- *) Added Kerberos Cipher Suites to be used with TLS, as written in
- RFC 2712.
- [Veers Staats <staatsvr@asc.hpc.mil>,
- Jeffrey Altman <jaltman@columbia.edu>, via Richard Levitte]
-
- *) Reformat the FAQ so the different questions and answers can be divided
- in sections depending on the subject.
- [Richard Levitte]
-
- *) Have the zlib compression code load ZLIB.DLL dynamically under
- Windows.
- [Richard Levitte]
-
- *) New function BN_mod_sqrt for computing square roots modulo a prime
- (using the probabilistic Tonelli-Shanks algorithm unless
- p == 3 (mod 4) or p == 5 (mod 8), which are cases that can
- be handled deterministically).
- [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
-
- *) Make BN_mod_inverse faster by explicitly handling small quotients
- in the Euclid loop. (Speed gain about 20% for small moduli [256 or
- 512 bits], about 30% for larger ones [1024 or 2048 bits].)
- [Bodo Moeller]
-
- *) New function BN_kronecker.
- [Bodo Moeller]
-
- *) Fix BN_gcd so that it works on negative inputs; the result is
- positive unless both parameters are zero.
- Previously something reasonably close to an infinite loop was
- possible because numbers could be growing instead of shrinking
- in the implementation of Euclid's algorithm.
- [Bodo Moeller]
-
- *) Fix BN_is_word() and BN_is_one() macros to take into account the
- sign of the number in question.
-
- Fix BN_is_word(a,w) to work correctly for w == 0.
-
- The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
- because its test if the absolute value of 'a' equals 'w'.
- Note that BN_abs_is_word does *not* handle w == 0 reliably;
- it exists mostly for use in the implementations of BN_is_zero(),
- BN_is_one(), and BN_is_word().
- [Bodo Moeller]
-
- *) New function BN_swap.
- [Bodo Moeller]
-
- *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
- the exponentiation functions are more likely to produce reasonable
- results on negative inputs.
- [Bodo Moeller]
-
- *) Change BN_mod_mul so that the result is always non-negative.
- Previously, it could be negative if one of the factors was negative;
- I don't think anyone really wanted that behaviour.
- [Bodo Moeller]
-
- *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
- (except for exponentiation, which stays in crypto/bn/bn_exp.c,
- and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
- and add new functions:
-
- BN_nnmod
- BN_mod_sqr
- BN_mod_add
- BN_mod_add_quick
- BN_mod_sub
- BN_mod_sub_quick
- BN_mod_lshift1
- BN_mod_lshift1_quick
- BN_mod_lshift
- BN_mod_lshift_quick
-
- These functions always generate non-negative results.
-
- BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r
- such that |m| < r < 0, BN_nnmod will output rem + |m| instead).
-
- BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
- BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b]
- be reduced modulo m.
- [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
-
-#if 0
- The following entry accidentily appeared in the CHANGES file
- distributed with OpenSSL 0.9.7. The modifications described in
- it do *not* apply to OpenSSL 0.9.7.
-
- *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
- was actually never needed) and in BN_mul(). The removal in BN_mul()
- required a small change in bn_mul_part_recursive() and the addition
- of the functions bn_cmp_part_words(), bn_sub_part_words() and
- bn_add_part_words(), which do the same thing as bn_cmp_words(),
- bn_sub_words() and bn_add_words() except they take arrays with
- differing sizes.
- [Richard Levitte]
-#endif
-
- *) In 'openssl passwd', verify passwords read from the terminal
- unless the '-salt' option is used (which usually means that
- verification would just waste user's time since the resulting
- hash is going to be compared with some given password hash)
- or the new '-noverify' option is used.
-
- This is an incompatible change, but it does not affect
- non-interactive use of 'openssl passwd' (passwords on the command
- line, '-stdin' option, '-in ...' option) and thus should not
- cause any problems.
- [Bodo Moeller]
-
- *) Remove all references to RSAref, since there's no more need for it.
- [Richard Levitte]
-
- *) Make DSO load along a path given through an environment variable
- (SHLIB_PATH) with shl_load().
- [Richard Levitte]
-
- *) Constify the ENGINE code as a result of BIGNUM constification.
- Also constify the RSA code and most things related to it. In a
- few places, most notable in the depth of the ASN.1 code, ugly
- casts back to non-const were required (to be solved at a later
- time)
- [Richard Levitte]
-
- *) Make it so the openssl application has all engines loaded by default.
- [Richard Levitte]
-
- *) Constify the BIGNUM routines a little more.
- [Richard Levitte]
-
- *) Add the following functions:
-
- ENGINE_load_cswift()
- ENGINE_load_chil()
- ENGINE_load_atalla()
- ENGINE_load_nuron()
- ENGINE_load_builtin_engines()
-
- That way, an application can itself choose if external engines that
- are built-in in OpenSSL shall ever be used or not. The benefit is
- that applications won't have to be linked with libdl or other dso
- libraries unless it's really needed.
-
- Changed 'openssl engine' to load all engines on demand.
- Changed the engine header files to avoid the duplication of some
- declarations (they differed!).
- [Richard Levitte]
-
- *) 'openssl engine' can now list capabilities.
- [Richard Levitte]
-
- *) Better error reporting in 'openssl engine'.
- [Richard Levitte]
-
- *) Never call load_dh_param(NULL) in s_server.
- [Bodo Moeller]
-
- *) Add engine application. It can currently list engines by name and
- identity, and test if they are actually available.
- [Richard Levitte]
-
- *) Improve RPM specification file by forcing symbolic linking and making
- sure the installed documentation is also owned by root.root.
- [Damien Miller <djm@mindrot.org>]
-
- *) Give the OpenSSL applications more possibilities to make use of
- keys (public as well as private) handled by engines.
- [Richard Levitte]
-
- *) Add OCSP code that comes from CertCo.
- [Richard Levitte]
-
- *) Add VMS support for the Rijndael code.
- [Richard Levitte]
-
- *) Added untested support for Nuron crypto accelerator.
- [Ben Laurie]
-
- *) Add support for external cryptographic devices. This code was
- previously distributed separately as the "engine" branch.
- [Geoff Thorpe, Richard Levitte]
-
- *) Rework the filename-translation in the DSO code. It is now possible to
- have far greater control over how a "name" is turned into a filename
- depending on the operating environment and any oddities about the
- different shared library filenames on each system.
- [Geoff Thorpe]
-
- *) Support threads on FreeBSD-elf in Configure.
- [Richard Levitte]
-
- *) Fix for SHA1 assembly problem with MASM: it produces
- warnings about corrupt line number information when assembling
- with debugging information. This is caused by the overlapping
- of two sections.
- [Bernd Matthes <mainbug@celocom.de>, Steve Henson]
-
- *) NCONF changes.
- NCONF_get_number() has no error checking at all. As a replacement,
- NCONF_get_number_e() is defined (_e for "error checking") and is
- promoted strongly. The old NCONF_get_number is kept around for
- binary backward compatibility.
- Make it possible for methods to load from something other than a BIO,
- by providing a function pointer that is given a name instead of a BIO.
- For example, this could be used to load configuration data from an
- LDAP server.
- [Richard Levitte]
-
- *) Fix for non blocking accept BIOs. Added new I/O special reason
- BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
- with non blocking I/O was not possible because no retry code was
- implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
- this case.
- [Steve Henson]
-
- *) Added the beginnings of Rijndael support.
- [Ben Laurie]
-
- *) Fix for bug in DirectoryString mask setting. Add support for
- X509_NAME_print_ex() in 'req' and X509_print_ex() function
- to allow certificate printing to more controllable, additional
- 'certopt' option to 'x509' to allow new printing options to be
- set.
- [Steve Henson]
-
- *) Clean old EAY MD5 hack from e_os.h.
- [Richard Levitte]
-
- Changes between 0.9.6l and 0.9.6m [17 Mar 2004]
-
- *) Fix null-pointer assignment in do_change_cipher_spec() revealed
- by using the Codenomicon TLS Test Tool (CVE-2004-0079)
- [Joe Orton, Steve Henson]
-
- Changes between 0.9.6k and 0.9.6l [04 Nov 2003]
-
- *) Fix additional bug revealed by the NISCC test suite:
-
- Stop bug triggering large recursion when presented with
- certain ASN.1 tags (CVE-2003-0851)
- [Steve Henson]
-
- Changes between 0.9.6j and 0.9.6k [30 Sep 2003]
-
- *) Fix various bugs revealed by running the NISCC test suite:
-
- Stop out of bounds reads in the ASN1 code when presented with
- invalid tags (CVE-2003-0543 and CVE-2003-0544).
-
- If verify callback ignores invalid public key errors don't try to check
- certificate signature with the NULL public key.
-
- [Steve Henson]
-
- *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
- if the server requested one: as stated in TLS 1.0 and SSL 3.0
- specifications.
- [Steve Henson]
-
- *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
- extra data after the compression methods not only for TLS 1.0
- but also for SSL 3.0 (as required by the specification).
- [Bodo Moeller; problem pointed out by Matthias Loepfe]
-
- *) Change X509_certificate_type() to mark the key as exported/exportable
- when it's 512 *bits* long, not 512 bytes.
- [Richard Levitte]
-
- Changes between 0.9.6i and 0.9.6j [10 Apr 2003]
-
- *) Countermeasure against the Klima-Pokorny-Rosa extension of
- Bleichbacher's attack on PKCS #1 v1.5 padding: treat
- a protocol version number mismatch like a decryption error
- in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
- [Bodo Moeller]
-
- *) Turn on RSA blinding by default in the default implementation
- to avoid a timing attack. Applications that don't want it can call
- RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
- They would be ill-advised to do so in most cases.
- [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
-
- *) Change RSA blinding code so that it works when the PRNG is not
- seeded (in this case, the secret RSA exponent is abused as
- an unpredictable seed -- if it is not unpredictable, there
- is no point in blinding anyway). Make RSA blinding thread-safe
- by remembering the creator's thread ID in rsa->blinding and
- having all other threads use local one-time blinding factors
- (this requires more computation than sharing rsa->blinding, but
- avoids excessive locking; and if an RSA object is not shared
- between threads, blinding will still be very fast).
- [Bodo Moeller]
-
- Changes between 0.9.6h and 0.9.6i [19 Feb 2003]
-
- *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
- via timing by performing a MAC computation even if incorrrect
- block cipher padding has been found. This is a countermeasure
- against active attacks where the attacker has to distinguish
- between bad padding and a MAC verification error. (CVE-2003-0078)
-
- [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
- Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
- Martin Vuagnoux (EPFL, Ilion)]
-
- Changes between 0.9.6g and 0.9.6h [5 Dec 2002]
-
- *) New function OPENSSL_cleanse(), which is used to cleanse a section of
- memory from it's contents. This is done with a counter that will
- place alternating values in each byte. This can be used to solve
- two issues: 1) the removal of calls to memset() by highly optimizing
- compilers, and 2) cleansing with other values than 0, since those can
- be read through on certain media, for example a swap space on disk.
- [Geoff Thorpe]
-
- *) Bugfix: client side session caching did not work with external caching,
- because the session->cipher setting was not restored when reloading
- from the external cache. This problem was masked, when
- SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
- (Found by Steve Haslam <steve@araqnid.ddts.net>.)
- [Lutz Jaenicke]
-
- *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
- length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
- [Zeev Lieber <zeev-l@yahoo.com>]
-
- *) Undo an undocumented change introduced in 0.9.6e which caused
- repeated calls to OpenSSL_add_all_ciphers() and
- OpenSSL_add_all_digests() to be ignored, even after calling
- EVP_cleanup().
- [Richard Levitte]
-
- *) Change the default configuration reader to deal with last line not
- being properly terminated.
- [Richard Levitte]
-
- *) Change X509_NAME_cmp() so it applies the special rules on handling
- DN values that are of type PrintableString, as well as RDNs of type
- emailAddress where the value has the type ia5String.
- [stefank@valicert.com via Richard Levitte]
-
- *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
- the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
- doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
- the bitwise-OR of the two for use by the majority of applications
- wanting this behaviour, and update the docs. The documented
- behaviour and actual behaviour were inconsistent and had been
- changing anyway, so this is more a bug-fix than a behavioural
- change.
- [Geoff Thorpe, diagnosed by Nadav Har'El]
-
- *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
- (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
- [Bodo Moeller]
-
- *) Fix initialization code race conditions in
- SSLv23_method(), SSLv23_client_method(), SSLv23_server_method(),
- SSLv2_method(), SSLv2_client_method(), SSLv2_server_method(),
- SSLv3_method(), SSLv3_client_method(), SSLv3_server_method(),
- TLSv1_method(), TLSv1_client_method(), TLSv1_server_method(),
- ssl2_get_cipher_by_char(),
- ssl3_get_cipher_by_char().
- [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
-
- *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
- the cached sessions are flushed, as the remove_cb() might use ex_data
- contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
- (see [openssl.org #212]).
- [Geoff Thorpe, Lutz Jaenicke]
-
- *) Fix typo in OBJ_txt2obj which incorrectly passed the content
- length, instead of the encoding length to d2i_ASN1_OBJECT.
- [Steve Henson]
-
- Changes between 0.9.6f and 0.9.6g [9 Aug 2002]
-
- *) [In 0.9.6g-engine release:]
- Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
- [Lynn Gazis <lgazis@rainbow.com>]
-
- Changes between 0.9.6e and 0.9.6f [8 Aug 2002]
-
- *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
- and get fix the header length calculation.
- [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
- Alon Kantor <alonk@checkpoint.com> (and others),
- Steve Henson]
-
- *) Use proper error handling instead of 'assertions' in buffer
- overflow checks added in 0.9.6e. This prevents DoS (the
- assertions could call abort()).
- [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
-
- Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
-
- *) Add various sanity checks to asn1_get_length() to reject
- the ASN1 length bytes if they exceed sizeof(long), will appear
- negative or the content length exceeds the length of the
- supplied buffer.
- [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
-
- *) Fix cipher selection routines: ciphers without encryption had no flags
- for the cipher strength set and where therefore not handled correctly
- by the selection routines (PR #130).
- [Lutz Jaenicke]
-
- *) Fix EVP_dsa_sha macro.
- [Nils Larsch]
-
- *) New option
- SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
- for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
- that was added in OpenSSL 0.9.6d.
-
- As the countermeasure turned out to be incompatible with some
- broken SSL implementations, the new option is part of SSL_OP_ALL.
- SSL_OP_ALL is usually employed when compatibility with weird SSL
- implementations is desired (e.g. '-bugs' option to 's_client' and
- 's_server'), so the new option is automatically set in many
- applications.
- [Bodo Moeller]
-
- *) Changes in security patch:
-
- Changes marked "(CHATS)" were sponsored by the Defense Advanced
- Research Projects Agency (DARPA) and Air Force Research Laboratory,
- Air Force Materiel Command, USAF, under agreement number
- F30602-01-2-0537.
-
- *) Add various sanity checks to asn1_get_length() to reject
- the ASN1 length bytes if they exceed sizeof(long), will appear
- negative or the content length exceeds the length of the
- supplied buffer. (CVE-2002-0659)
- [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
-
- *) Assertions for various potential buffer overflows, not known to
- happen in practice.
- [Ben Laurie (CHATS)]
-
- *) Various temporary buffers to hold ASCII versions of integers were
- too small for 64 bit platforms. (CVE-2002-0655)
- [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
-
- *) Remote buffer overflow in SSL3 protocol - an attacker could
- supply an oversized session ID to a client. (CVE-2002-0656)
- [Ben Laurie (CHATS)]
-
- *) Remote buffer overflow in SSL2 protocol - an attacker could
- supply an oversized client master key. (CVE-2002-0656)
- [Ben Laurie (CHATS)]
-
- Changes between 0.9.6c and 0.9.6d [9 May 2002]
-
- *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
- encoded as NULL) with id-dsa-with-sha1.
- [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
-
- *) Check various X509_...() return values in apps/req.c.
- [Nils Larsch <nla@trustcenter.de>]
-
- *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
- an end-of-file condition would erronously be flagged, when the CRLF
- was just at the end of a processed block. The bug was discovered when
- processing data through a buffering memory BIO handing the data to a
- BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
- <ptsekov@syntrex.com> and Nedelcho Stanev.
- [Lutz Jaenicke]
-
- *) Implement a countermeasure against a vulnerability recently found
- in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
- before application data chunks to avoid the use of known IVs
- with data potentially chosen by the attacker.
- [Bodo Moeller]
-
- *) Fix length checks in ssl3_get_client_hello().
- [Bodo Moeller]
-
- *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
- to prevent ssl3_read_internal() from incorrectly assuming that
- ssl3_read_bytes() found application data while handshake
- processing was enabled when in fact s->s3->in_read_app_data was
- merely automatically cleared during the initial handshake.
- [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>]
-
- *) Fix object definitions for Private and Enterprise: they were not
- recognized in their shortname (=lowercase) representation. Extend
- obj_dat.pl to issue an error when using undefined keywords instead
- of silently ignoring the problem (Svenning Sorensen
- <sss@sss.dnsalias.net>).
- [Lutz Jaenicke]
-
- *) Fix DH_generate_parameters() so that it works for 'non-standard'
- generators, i.e. generators other than 2 and 5. (Previously, the
- code did not properly initialise the 'add' and 'rem' values to
- BN_generate_prime().)
-
- In the new general case, we do not insist that 'generator' is
- actually a primitive root: This requirement is rather pointless;
- a generator of the order-q subgroup is just as good, if not
- better.
- [Bodo Moeller]
-
- *) Map new X509 verification errors to alerts. Discovered and submitted by
- Tom Wu <tom@arcot.com>.
- [Lutz Jaenicke]
-
- *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
- returning non-zero before the data has been completely received
- when using non-blocking I/O.
- [Bodo Moeller; problem pointed out by John Hughes]
-
- *) Some of the ciphers missed the strength entry (SSL_LOW etc).
- [Ben Laurie, Lutz Jaenicke]
-
- *) Fix bug in SSL_clear(): bad sessions were not removed (found by
- Yoram Zahavi <YoramZ@gilian.com>).
- [Lutz Jaenicke]
-
- *) Add information about CygWin 1.3 and on, and preserve proper
- configuration for the versions before that.
- [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
-
- *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
- check whether we deal with a copy of a session and do not delete from
- the cache in this case. Problem reported by "Izhar Shoshani Levi"
- <izhar@checkpoint.com>.
- [Lutz Jaenicke]
-
- *) Do not store session data into the internal session cache, if it
- is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
- flag is set). Proposed by Aslam <aslam@funk.com>.
- [Lutz Jaenicke]
-
- *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
- value is 0.
- [Richard Levitte]
-
- *) [In 0.9.6d-engine release:]
- Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
- [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
-
- *) Add the configuration target linux-s390x.
- [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
-
- *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
- ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
- variable as an indication that a ClientHello message has been
- received. As the flag value will be lost between multiple
- invocations of ssl3_accept when using non-blocking I/O, the
- function may not be aware that a handshake has actually taken
- place, thus preventing a new session from being added to the
- session cache.
-
- To avoid this problem, we now set s->new_session to 2 instead of
- using a local variable.
- [Lutz Jaenicke, Bodo Moeller]
-
- *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
- if the SSL_R_LENGTH_MISMATCH error is detected.
- [Geoff Thorpe, Bodo Moeller]
-
- *) New 'shared_ldflag' column in Configure platform table.
- [Richard Levitte]
-
- *) Fix EVP_CIPHER_mode macro.
- ["Dan S. Camper" <dan@bti.net>]
-
- *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
- type, we must throw them away by setting rr->length to 0.
- [D P Chang <dpc@qualys.com>]
-
- Changes between 0.9.6b and 0.9.6c [21 dec 2001]
-
- *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
- <Dominikus.Scherkl@biodata.com>. (The previous implementation
- worked incorrectly for those cases where range = 10..._2 and
- 3*range is two bits longer than range.)
- [Bodo Moeller]
-
- *) Only add signing time to PKCS7 structures if it is not already
- present.
- [Steve Henson]
-
- *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",
- OBJ_ld_ce should be OBJ_id_ce.
- Also some ip-pda OIDs in crypto/objects/objects.txt were
- incorrect (cf. RFC 3039).
- [Matt Cooper, Frederic Giudicelli, Bodo Moeller]
-
- *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
- returns early because it has nothing to do.
- [Andy Schneider <andy.schneider@bjss.co.uk>]
-
- *) [In 0.9.6c-engine release:]
- Fix mutex callback return values in crypto/engine/hw_ncipher.c.
- [Andy Schneider <andy.schneider@bjss.co.uk>]
-
- *) [In 0.9.6c-engine release:]
- Add support for Cryptographic Appliance's keyserver technology.
- (Use engine 'keyclient')
- [Cryptographic Appliances and Geoff Thorpe]
-
- *) Add a configuration entry for OS/390 Unix. The C compiler 'c89'
- is called via tools/c89.sh because arguments have to be
- rearranged (all '-L' options must appear before the first object
- modules).
- [Richard Shapiro <rshapiro@abinitio.com>]
-
- *) [In 0.9.6c-engine release:]
- Add support for Broadcom crypto accelerator cards, backported
- from 0.9.7.
- [Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox]
-
- *) [In 0.9.6c-engine release:]
- Add support for SureWare crypto accelerator cards from
- Baltimore Technologies. (Use engine 'sureware')
- [Baltimore Technologies and Mark Cox]
-
- *) [In 0.9.6c-engine release:]
- Add support for crypto accelerator cards from Accelerated
- Encryption Processing, www.aep.ie. (Use engine 'aep')
- [AEP Inc. and Mark Cox]
-
- *) Add a configuration entry for gcc on UnixWare.
- [Gary Benson <gbenson@redhat.com>]
-
- *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
- messages are stored in a single piece (fixed-length part and
- variable-length part combined) and fix various bugs found on the way.
- [Bodo Moeller]
-
- *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
- instead. BIO_gethostbyname() does not know what timeouts are
- appropriate, so entries would stay in cache even when they have
- become invalid.
- [Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com>
-
- *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
- faced with a pathologically small ClientHello fragment that does
- not contain client_version: Instead of aborting with an error,
- simply choose the highest available protocol version (i.e.,
- TLS 1.0 unless it is disabled). In practice, ClientHello
- messages are never sent like this, but this change gives us
- strictly correct behaviour at least for TLS.
- [Bodo Moeller]
-
- *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
- never resets s->method to s->ctx->method when called from within
- one of the SSL handshake functions.
- [Bodo Moeller; problem pointed out by Niko Baric]
-
- *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
- (sent using the client's version number) if client_version is
- smaller than the protocol version in use. Also change
- ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
- the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
- the client will at least see that alert.
- [Bodo Moeller]
-
- *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
- correctly.
- [Bodo Moeller]
-
- *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
- client receives HelloRequest while in a handshake.
- [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>]
-
- *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
- should end in 'break', not 'goto end' which circuments various
- cleanups done in state SSL_ST_OK. But session related stuff
- must be disabled for SSL_ST_OK in the case that we just sent a
- HelloRequest.
-
- Also avoid some overhead by not calling ssl_init_wbio_buffer()
- before just sending a HelloRequest.
- [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>]
-
- *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
- reveal whether illegal block cipher padding was found or a MAC
- verification error occured. (Neither SSLerr() codes nor alerts
- are directly visible to potential attackers, but the information
- may leak via logfiles.)
-
- Similar changes are not required for the SSL 2.0 implementation
- because the number of padding bytes is sent in clear for SSL 2.0,
- and the extra bytes are just ignored. However ssl/s2_pkt.c
- failed to verify that the purported number of padding bytes is in
- the legal range.
- [Bodo Moeller]
-
- *) Add OpenUNIX-8 support including shared libraries
- (Boyd Lynn Gerber <gerberb@zenez.com>).
- [Lutz Jaenicke]
-
- *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
- 'wristwatch attack' using huge encoding parameters (cf.
- James H. Manger's CRYPTO 2001 paper). Note that the
- RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
- encoding parameters and hence was not vulnerable.
- [Bodo Moeller]
-
- *) BN_sqr() bug fix.
- [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
-
- *) Rabin-Miller test analyses assume uniformly distributed witnesses,
- so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
- followed by modular reduction.
- [Bodo Moeller; pointed out by Adam Young <AYoung1@NCSUS.JNJ.COM>]
-
- *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
- equivalent based on BN_pseudo_rand() instead of BN_rand().
- [Bodo Moeller]
-
- *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
- This function was broken, as the check for a new client hello message
- to handle SGC did not allow these large messages.
- (Tracked down by "Douglas E. Engert" <deengert@anl.gov>.)
- [Lutz Jaenicke]
-
- *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
- [Lutz Jaenicke]
-
- *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
- for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
- [Lutz Jaenicke]
-
- *) Rework the configuration and shared library support for Tru64 Unix.
- The configuration part makes use of modern compiler features and
- still retains old compiler behavior for those that run older versions
- of the OS. The shared library support part includes a variant that
- uses the RPATH feature, and is available through the special
- configuration target "alpha-cc-rpath", which will never be selected
- automatically.
- [Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
-
- *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
- with the same message size as in ssl3_get_certificate_request().
- Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
- messages might inadvertently be reject as too long.
- [Petr Lampa <lampa@fee.vutbr.cz>]
-
- *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
- [Andy Polyakov]
-
- *) Modified SSL library such that the verify_callback that has been set
- specificly for an SSL object with SSL_set_verify() is actually being
- used. Before the change, a verify_callback set with this function was
- ignored and the verify_callback() set in the SSL_CTX at the time of
- the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
- to allow the necessary settings.
- [Lutz Jaenicke]
-
- *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
- explicitly to NULL, as at least on Solaris 8 this seems not always to be
- done automatically (in contradiction to the requirements of the C
- standard). This made problems when used from OpenSSH.
- [Lutz Jaenicke]
-
- *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
- dh->length and always used
-
- BN_rand_range(priv_key, dh->p).
-
- BN_rand_range() is not necessary for Diffie-Hellman, and this
- specific range makes Diffie-Hellman unnecessarily inefficient if
- dh->length (recommended exponent length) is much smaller than the
- length of dh->p. We could use BN_rand_range() if the order of
- the subgroup was stored in the DH structure, but we only have
- dh->length.
-
- So switch back to
-
- BN_rand(priv_key, l, ...)
-
- where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
- otherwise.
- [Bodo Moeller]
-
- *) In
-
- RSA_eay_public_encrypt
- RSA_eay_private_decrypt
- RSA_eay_private_encrypt (signing)
- RSA_eay_public_decrypt (signature verification)
-
- (default implementations for RSA_public_encrypt,
- RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
- always reject numbers >= n.
- [Bodo Moeller]
-
- *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
- to synchronize access to 'locking_thread'. This is necessary on
- systems where access to 'locking_thread' (an 'unsigned long'
- variable) is not atomic.
- [Bodo Moeller]
-
- *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
- *before* setting the 'crypto_lock_rand' flag. The previous code had
- a race condition if 0 is a valid thread ID.
- [Travis Vitek <vitek@roguewave.com>]
-
- *) Add support for shared libraries under Irix.
- [Albert Chin-A-Young <china@thewrittenword.com>]
-
- *) Add configuration option to build on Linux on both big-endian and
- little-endian MIPS.
- [Ralf Baechle <ralf@uni-koblenz.de>]
-
- *) Add the possibility to create shared libraries on HP-UX.
- [Richard Levitte]
-
- Changes between 0.9.6a and 0.9.6b [9 Jul 2001]
-
- *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
- to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
- Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>:
- PRNG state recovery was possible based on the output of
- one PRNG request appropriately sized to gain knowledge on
- 'md' followed by enough consecutive 1-byte PRNG requests
- to traverse all of 'state'.
-
- 1. When updating 'md_local' (the current thread's copy of 'md')
- during PRNG output generation, hash all of the previous
- 'md_local' value, not just the half used for PRNG output.
-
- 2. Make the number of bytes from 'state' included into the hash
- independent from the number of PRNG bytes requested.
-
- The first measure alone would be sufficient to avoid
- Markku-Juhani's attack. (Actually it had never occurred
- to me that the half of 'md_local' used for chaining was the
- half from which PRNG output bytes were taken -- I had always
- assumed that the secret half would be used.) The second
- measure makes sure that additional data from 'state' is never
- mixed into 'md_local' in small portions; this heuristically
- further strengthens the PRNG.
- [Bodo Moeller]
-
- *) Fix crypto/bn/asm/mips3.s.
- [Andy Polyakov]
-
- *) When only the key is given to "enc", the IV is undefined. Print out
- an error message in this case.
- [Lutz Jaenicke]
-
- *) Handle special case when X509_NAME is empty in X509 printing routines.
- [Steve Henson]
-
- *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
- positive and less than q.
- [Bodo Moeller]
-
- *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
- used: it isn't thread safe and the add_lock_callback should handle
- that itself.
- [Paul Rose <Paul.Rose@bridge.com>]
-
- *) Verify that incoming data obeys the block size in
- ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
- [Bodo Moeller]
-
- *) Fix OAEP check.
- [Ulf Möller, Bodo Möller]
-
- *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
- RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
- when fixing the server behaviour for backwards-compatible 'client
- hello' messages. (Note that the attack is impractical against
- SSL 3.0 and TLS 1.0 anyway because length and version checking
- means that the probability of guessing a valid ciphertext is
- around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
- paper.)
-
- Before 0.9.5, the countermeasure (hide the error by generating a
- random 'decryption result') did not work properly because
- ERR_clear_error() was missing, meaning that SSL_get_error() would
- detect the supposedly ignored error.
-
- Both problems are now fixed.
- [Bodo Moeller]
-
- *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
- (previously it was 1024).
- [Bodo Moeller]
-
- *) Fix for compatibility mode trust settings: ignore trust settings
- unless some valid trust or reject settings are present.
- [Steve Henson]
-
- *) Fix for blowfish EVP: its a variable length cipher.
- [Steve Henson]
-
- *) Fix various bugs related to DSA S/MIME verification. Handle missing
- parameters in DSA public key structures and return an error in the
- DSA routines if parameters are absent.
- [Steve Henson]
-
- *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
- in the current directory if neither $RANDFILE nor $HOME was set.
- RAND_file_name() in 0.9.6a returned NULL in this case. This has
- caused some confusion to Windows users who haven't defined $HOME.
- Thus RAND_file_name() is changed again: e_os.h can define a
- DEFAULT_HOME, which will be used if $HOME is not set.
- For Windows, we use "C:"; on other platforms, we still require
- environment variables.
-
- *) Move 'if (!initialized) RAND_poll()' into regions protected by
- CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids
- having multiple threads call RAND_poll() concurrently.
- [Bodo Moeller]
-
- *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
- combination of a flag and a thread ID variable.
- Otherwise while one thread is in ssleay_rand_bytes (which sets the
- flag), *other* threads can enter ssleay_add_bytes without obeying
- the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
- that they do not hold after the first thread unsets add_do_not_lock).
- [Bodo Moeller]
-
- *) Change bctest again: '-x' expressions are not available in all
- versions of 'test'.
- [Bodo Moeller]
-
- Changes between 0.9.6 and 0.9.6a [5 Apr 2001]
-
- *) Fix a couple of memory leaks in PKCS7_dataDecode()
- [Steve Henson, reported by Heyun Zheng <hzheng@atdsprint.com>]
-
- *) Change Configure and Makefiles to provide EXE_EXT, which will contain
- the default extension for executables, if any. Also, make the perl
- scripts that use symlink() to test if it really exists and use "cp"
- if it doesn't. All this made OpenSSL compilable and installable in
- CygWin.
- [Richard Levitte]
-
- *) Fix for asn1_GetSequence() for indefinite length constructed data.
- If SEQUENCE is length is indefinite just set c->slen to the total
- amount of data available.
- [Steve Henson, reported by shige@FreeBSD.org]
- [This change does not apply to 0.9.7.]
-
- *) Change bctest to avoid here-documents inside command substitution
- (workaround for FreeBSD /bin/sh bug).
- For compatibility with Ultrix, avoid shell functions (introduced
- in the bctest version that searches along $PATH).
- [Bodo Moeller]
-
- *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes
- with des_encrypt() defined on some operating systems, like Solaris
- and UnixWare.
- [Richard Levitte]
-
- *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
- On the Importance of Eliminating Errors in Cryptographic
- Computations, J. Cryptology 14 (2001) 2, 101-119,
- http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
- [Ulf Moeller]
-
- *) MIPS assembler BIGNUM division bug fix.
- [Andy Polyakov]
-
- *) Disabled incorrect Alpha assembler code.
- [Richard Levitte]
-
- *) Fix PKCS#7 decode routines so they correctly update the length
- after reading an EOC for the EXPLICIT tag.
- [Steve Henson]
- [This change does not apply to 0.9.7.]
-
- *) Fix bug in PKCS#12 key generation routines. This was triggered
- if a 3DES key was generated with a 0 initial byte. Include
- PKCS12_BROKEN_KEYGEN compilation option to retain the old
- (but broken) behaviour.
- [Steve Henson]
-
- *) Enhance bctest to search for a working bc along $PATH and print
- it when found.
- [Tim Rice <tim@multitalents.net> via Richard Levitte]
-
- *) Fix memory leaks in err.c: free err_data string if necessary;
- don't write to the wrong index in ERR_set_error_data.
- [Bodo Moeller]
-
- *) Implement ssl23_peek (analogous to ssl23_read), which previously
- did not exist.
- [Bodo Moeller]
-
- *) Replace rdtsc with _emit statements for VC++ version 5.
- [Jeremy Cooper <jeremy@baymoo.org>]
-
- *) Make it possible to reuse SSLv2 sessions.
- [Richard Levitte]
-
- *) In copy_email() check for >= 0 as a return value for
- X509_NAME_get_index_by_NID() since 0 is a valid index.
- [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
-
- *) Avoid coredump with unsupported or invalid public keys by checking if
- X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
- PKCS7_verify() fails with non detached data.
- [Steve Henson]
-
- *) Don't use getenv in library functions when run as setuid/setgid.
- New function OPENSSL_issetugid().
- [Ulf Moeller]
-
- *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
- due to incorrect handling of multi-threading:
-
- 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
-
- 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
-
- 3. Count how many times MemCheck_off() has been called so that
- nested use can be treated correctly. This also avoids
- inband-signalling in the previous code (which relied on the
- assumption that thread ID 0 is impossible).
- [Bodo Moeller]
-
- *) Add "-rand" option also to s_client and s_server.
- [Lutz Jaenicke]
-
- *) Fix CPU detection on Irix 6.x.
- [Kurt Hockenbury <khockenb@stevens-tech.edu> and
- "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
-
- *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
- was empty.
- [Steve Henson]
- [This change does not apply to 0.9.7.]
-
- *) Use the cached encoding of an X509_NAME structure rather than
- copying it. This is apparently the reason for the libsafe "errors"
- but the code is actually correct.
- [Steve Henson]
-
- *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
- Bleichenbacher's DSA attack.
- Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
- to be set and top=0 forces the highest bit to be set; top=-1 is new
- and leaves the highest bit random.
- [Ulf Moeller, Bodo Moeller]
-
- *) In the NCONF_...-based implementations for CONF_... queries
- (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
- a temporary CONF structure with the data component set to NULL
- (which gives segmentation faults in lh_retrieve).
- Instead, use NULL for the CONF pointer in CONF_get_string and
- CONF_get_number (which may use environment variables) and directly
- return NULL from CONF_get_section.
- [Bodo Moeller]
-
- *) Fix potential buffer overrun for EBCDIC.
- [Ulf Moeller]
-
- *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
- keyUsage if basicConstraints absent for a CA.
- [Steve Henson]
-
- *) Make SMIME_write_PKCS7() write mail header values with a format that
- is more generally accepted (no spaces before the semicolon), since
- some programs can't parse those values properly otherwise. Also make
- sure BIO's that break lines after each write do not create invalid
- headers.
- [Richard Levitte]
-
- *) Make the CRL encoding routines work with empty SEQUENCE OF. The
- macros previously used would not encode an empty SEQUENCE OF
- and break the signature.
- [Steve Henson]
- [This change does not apply to 0.9.7.]
-
- *) Zero the premaster secret after deriving the master secret in
- DH ciphersuites.
- [Steve Henson]
-
- *) Add some EVP_add_digest_alias registrations (as found in
- OpenSSL_add_all_digests()) to SSL_library_init()
- aka OpenSSL_add_ssl_algorithms(). This provides improved
- compatibility with peers using X.509 certificates
- with unconventional AlgorithmIdentifier OIDs.
- [Bodo Moeller]
-
- *) Fix for Irix with NO_ASM.
- ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
-
- *) ./config script fixes.
- [Ulf Moeller, Richard Levitte]
-
- *) Fix 'openssl passwd -1'.
- [Bodo Moeller]
-
- *) Change PKCS12_key_gen_asc() so it can cope with non null
- terminated strings whose length is passed in the passlen
- parameter, for example from PEM callbacks. This was done
- by adding an extra length parameter to asc2uni().
- [Steve Henson, reported by <oddissey@samsung.co.kr>]
-
- *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
- call failed, free the DSA structure.
- [Bodo Moeller]
-
- *) Fix to uni2asc() to cope with zero length Unicode strings.
- These are present in some PKCS#12 files.
- [Steve Henson]
-
- *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
- Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
- when writing a 32767 byte record.
- [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
-
- *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
- obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
-
- (RSA objects have a reference count access to which is protected
- by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
- so they are meant to be shared between threads.)
- [Bodo Moeller, Geoff Thorpe; original patch submitted by
- "Reddie, Steven" <Steven.Reddie@ca.com>]
-
- *) Fix a deadlock in CRYPTO_mem_leaks().
- [Bodo Moeller]
-
- *) Use better test patterns in bntest.
- [Ulf Möller]
-
- *) rand_win.c fix for Borland C.
- [Ulf Möller]
-
- *) BN_rshift bugfix for n == 0.
- [Bodo Moeller]
-
- *) Add a 'bctest' script that checks for some known 'bc' bugs
- so that 'make test' does not abort just because 'bc' is broken.
- [Bodo Moeller]
-
- *) Store verify_result within SSL_SESSION also for client side to
- avoid potential security hole. (Re-used sessions on the client side
- always resulted in verify_result==X509_V_OK, not using the original
- result of the server certificate verification.)
- [Lutz Jaenicke]
-
- *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
- SSL3_RT_APPLICATION_DATA, return 0.
- Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
- [Bodo Moeller]
-
- *) Fix SSL_peek:
- Both ssl2_peek and ssl3_peek, which were totally broken in earlier
- releases, have been re-implemented by renaming the previous
- implementations of ssl2_read and ssl3_read to ssl2_read_internal
- and ssl3_read_internal, respectively, and adding 'peek' parameters
- to them. The new ssl[23]_{read,peek} functions are calls to
- ssl[23]_read_internal with the 'peek' flag set appropriately.
- A 'peek' parameter has also been added to ssl3_read_bytes, which
- does the actual work for ssl3_read_internal.
- [Bodo Moeller]
-
- *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
- the method-specific "init()" handler. Also clean up ex_data after
- calling the method-specific "finish()" handler. Previously, this was
- happening the other way round.
- [Geoff Thorpe]
-
- *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
- The previous value, 12, was not always sufficient for BN_mod_exp().
- [Bodo Moeller]
-
- *) Make sure that shared libraries get the internal name engine with
- the full version number and not just 0. This should mark the
- shared libraries as not backward compatible. Of course, this should
- be changed again when we can guarantee backward binary compatibility.
- [Richard Levitte]
-
- *) Fix typo in get_cert_by_subject() in by_dir.c
- [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
-
- *) Rework the system to generate shared libraries:
-
- - Make note of the expected extension for the shared libraries and
- if there is a need for symbolic links from for example libcrypto.so.0
- to libcrypto.so.0.9.7. There is extended info in Configure for
- that.
-
- - Make as few rebuilds of the shared libraries as possible.
-
- - Still avoid linking the OpenSSL programs with the shared libraries.
-
- - When installing, install the shared libraries separately from the
- static ones.
- [Richard Levitte]
-
- *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
-
- Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
- and not in SSL_clear because the latter is also used by the
- accept/connect functions; previously, the settings made by
- SSL_set_read_ahead would be lost during the handshake.
- [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]
-
- *) Correct util/mkdef.pl to be selective about disabled algorithms.
- Previously, it would create entries for disableed algorithms no
- matter what.
- [Richard Levitte]
-
- *) Added several new manual pages for SSL_* function.
- [Lutz Jaenicke]
-
- Changes between 0.9.5a and 0.9.6 [24 Sep 2000]
-
- *) In ssl23_get_client_hello, generate an error message when faced
- with an initial SSL 3.0/TLS record that is too small to contain the
- first two bytes of the ClientHello message, i.e. client_version.
- (Note that this is a pathologic case that probably has never happened
- in real life.) The previous approach was to use the version number
- from the record header as a substitute; but our protocol choice
- should not depend on that one because it is not authenticated
- by the Finished messages.
- [Bodo Moeller]
-
- *) More robust randomness gathering functions for Windows.
- [Jeffrey Altman <jaltman@columbia.edu>]
-
- *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
- not set then we don't setup the error code for issuer check errors
- to avoid possibly overwriting other errors which the callback does
- handle. If an application does set the flag then we assume it knows
- what it is doing and can handle the new informational codes
- appropriately.
- [Steve Henson]
-
- *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
- a general "ANY" type, as such it should be able to decode anything
- including tagged types. However it didn't check the class so it would
- wrongly interpret tagged types in the same way as their universal
- counterpart and unknown types were just rejected. Changed so that the
- tagged and unknown types are handled in the same way as a SEQUENCE:
- that is the encoding is stored intact. There is also a new type
- "V_ASN1_OTHER" which is used when the class is not universal, in this
- case we have no idea what the actual type is so we just lump them all
- together.
- [Steve Henson]
-
- *) On VMS, stdout may very well lead to a file that is written to
- in a record-oriented fashion. That means that every write() will
- write a separate record, which will be read separately by the
- programs trying to read from it. This can be very confusing.
-
- The solution is to put a BIO filter in the way that will buffer
- text until a linefeed is reached, and then write everything a
- line at a time, so every record written will be an actual line,
- not chunks of lines and not (usually doesn't happen, but I've
- seen it once) several lines in one record. BIO_f_linebuffer() is
- the answer.
-
- Currently, it's a VMS-only method, because that's where it has
- been tested well enough.
- [Richard Levitte]
-
- *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
- it can return incorrect results.
- (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
- but it was in 0.9.6-beta[12].)
- [Bodo Moeller]
-
- *) Disable the check for content being present when verifying detached
- signatures in pk7_smime.c. Some versions of Netscape (wrongly)
- include zero length content when signing messages.
- [Steve Henson]
-
- *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
- BIO_ctrl (for BIO pairs).
- [Bodo Möller]
-
- *) Add DSO method for VMS.
- [Richard Levitte]
-
- *) Bug fix: Montgomery multiplication could produce results with the
- wrong sign.
- [Ulf Möller]
-
- *) Add RPM specification openssl.spec and modify it to build three
- packages. The default package contains applications, application
- documentation and run-time libraries. The devel package contains
- include files, static libraries and function documentation. The
- doc package contains the contents of the doc directory. The original
- openssl.spec was provided by Damien Miller <djm@mindrot.org>.
- [Richard Levitte]
-
- *) Add a large number of documentation files for many SSL routines.
- [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
-
- *) Add a configuration entry for Sony News 4.
- [NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>]
-
- *) Don't set the two most significant bits to one when generating a
- random number < q in the DSA library.
- [Ulf Möller]
-
- *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default
- behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
- the underlying transport is blocking) if a handshake took place.
- (The default behaviour is needed by applications such as s_client
- and s_server that use select() to determine when to use SSL_read;
- but for applications that know in advance when to expect data, it
- just makes things more complicated.)
- [Bodo Moeller]
-
- *) Add RAND_egd_bytes(), which gives control over the number of bytes read
- from EGD.
- [Ben Laurie]
-
- *) Add a few more EBCDIC conditionals that make `req' and `x509'
- work better on such systems.
- [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
-
- *) Add two demo programs for PKCS12_parse() and PKCS12_create().
- Update PKCS12_parse() so it copies the friendlyName and the
- keyid to the certificates aux info.
- [Steve Henson]
-
- *) Fix bug in PKCS7_verify() which caused an infinite loop
- if there was more than one signature.
- [Sven Uszpelkat <su@celocom.de>]
-
- *) Major change in util/mkdef.pl to include extra information
- about each symbol, as well as presentig variables as well
- as functions. This change means that there's n more need
- to rebuild the .num files when some algorithms are excluded.
- [Richard Levitte]
-
- *) Allow the verify time to be set by an application,
- rather than always using the current time.
- [Steve Henson]
-
- *) Phase 2 verify code reorganisation. The certificate
- verify code now looks up an issuer certificate by a
- number of criteria: subject name, authority key id
- and key usage. It also verifies self signed certificates
- by the same criteria. The main comparison function is
- X509_check_issued() which performs these checks.
-
- Lot of changes were necessary in order to support this
- without completely rewriting the lookup code.
-
- Authority and subject key identifier are now cached.
-
- The LHASH 'certs' is X509_STORE has now been replaced
- by a STACK_OF(X509_OBJECT). This is mainly because an
- LHASH can't store or retrieve multiple objects with
- the same hash value.
-
- As a result various functions (which were all internal
- use only) have changed to handle the new X509_STORE
- structure. This will break anything that messed round
- with X509_STORE internally.
-
- The functions X509_STORE_add_cert() now checks for an
- exact match, rather than just subject name.
-
- The X509_STORE API doesn't directly support the retrieval
- of multiple certificates matching a given criteria, however
- this can be worked round by performing a lookup first
- (which will fill the cache with candidate certificates)
- and then examining the cache for matches. This is probably
- the best we can do without throwing out X509_LOOKUP
- entirely (maybe later...).
-
- The X509_VERIFY_CTX structure has been enhanced considerably.
-
- All certificate lookup operations now go via a get_issuer()
- callback. Although this currently uses an X509_STORE it
- can be replaced by custom lookups. This is a simple way
- to bypass the X509_STORE hackery necessary to make this
- work and makes it possible to use more efficient techniques
- in future. A very simple version which uses a simple
- STACK for its trusted certificate store is also provided
- using X509_STORE_CTX_trusted_stack().
-
- The verify_cb() and verify() callbacks now have equivalents
- in the X509_STORE_CTX structure.
-
- X509_STORE_CTX also has a 'flags' field which can be used
- to customise the verify behaviour.
- [Steve Henson]
-
- *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which
- excludes S/MIME capabilities.
- [Steve Henson]
-
- *) When a certificate request is read in keep a copy of the
- original encoding of the signed data and use it when outputing
- again. Signatures then use the original encoding rather than
- a decoded, encoded version which may cause problems if the
- request is improperly encoded.
- [Steve Henson]
-
- *) For consistency with other BIO_puts implementations, call
- buffer_write(b, ...) directly in buffer_puts instead of calling
- BIO_write(b, ...).
-
- In BIO_puts, increment b->num_write as in BIO_write.
- [Peter.Sylvester@EdelWeb.fr]
-
- *) Fix BN_mul_word for the case where the word is 0. (We have to use
- BN_zero, we may not return a BIGNUM with an array consisting of
- words set to zero.)
- [Bodo Moeller]
-
- *) Avoid calling abort() from within the library when problems are
- detected, except if preprocessor symbols have been defined
- (such as REF_CHECK, BN_DEBUG etc.).
- [Bodo Moeller]
-
- *) New openssl application 'rsautl'. This utility can be
- used for low level RSA operations. DER public key
- BIO/fp routines also added.
- [Steve Henson]
-
- *) New Configure entry and patches for compiling on QNX 4.
- [Andreas Schneider <andreas@ds3.etech.fh-hamburg.de>]
-
- *) A demo state-machine implementation was sponsored by
- Nuron (http://www.nuron.com/) and is now available in
- demos/state_machine.
- [Ben Laurie]
-
- *) New options added to the 'dgst' utility for signature
- generation and verification.
- [Steve Henson]
-
- *) Unrecognized PKCS#7 content types are now handled via a
- catch all ASN1_TYPE structure. This allows unsupported
- types to be stored as a "blob" and an application can
- encode and decode it manually.
- [Steve Henson]
-
- *) Fix various signed/unsigned issues to make a_strex.c
- compile under VC++.
- [Oscar Jacobsson <oscar.jacobsson@celocom.com>]
-
- *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
- length if passed a buffer. ASN1_INTEGER_to_BN failed
- if passed a NULL BN and its argument was negative.
- [Steve Henson, pointed out by Sven Heiberg <sven@tartu.cyber.ee>]
-
- *) Modification to PKCS#7 encoding routines to output definite
- length encoding. Since currently the whole structures are in
- memory there's not real point in using indefinite length
- constructed encoding. However if OpenSSL is compiled with
- the flag PKCS7_INDEFINITE_ENCODING the old form is used.
- [Steve Henson]
-
- *) Added BIO_vprintf() and BIO_vsnprintf().
- [Richard Levitte]
-
- *) Added more prefixes to parse for in the the strings written
- through a logging bio, to cover all the levels that are available
- through syslog. The prefixes are now:
-
- PANIC, EMERG, EMR => LOG_EMERG
- ALERT, ALR => LOG_ALERT
- CRIT, CRI => LOG_CRIT
- ERROR, ERR => LOG_ERR
- WARNING, WARN, WAR => LOG_WARNING
- NOTICE, NOTE, NOT => LOG_NOTICE
- INFO, INF => LOG_INFO
- DEBUG, DBG => LOG_DEBUG
-
- and as before, if none of those prefixes are present at the
- beginning of the string, LOG_ERR is chosen.
-
- On Win32, the LOG_* levels are mapped according to this:
-
- LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE
- LOG_WARNING => EVENTLOG_WARNING_TYPE
- LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE
-
- [Richard Levitte]
-
- *) Made it possible to reconfigure with just the configuration
- argument "reconf" or "reconfigure". The command line arguments
- are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
- and are retrieved from there when reconfiguring.
- [Richard Levitte]
-
- *) MD4 implemented.
- [Assar Westerlund <assar@sics.se>, Richard Levitte]
-
- *) Add the arguments -CAfile and -CApath to the pkcs12 utility.
- [Richard Levitte]
-
- *) The obj_dat.pl script was messing up the sorting of object
- names. The reason was that it compared the quoted version
- of strings as a result "OCSP" > "OCSP Signing" because
- " > SPACE. Changed script to store unquoted versions of
- names and add quotes on output. It was also omitting some
- names from the lookup table if they were given a default
- value (that is if SN is missing it is given the same
- value as LN and vice versa), these are now added on the
- grounds that if an object has a name we should be able to
- look it up. Finally added warning output when duplicate
- short or long names are found.
- [Steve Henson]
-
- *) Changes needed for Tandem NSK.
- [Scott Uroff <scott@xypro.com>]
-
- *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
- RSA_padding_check_SSLv23(), special padding was never detected
- and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
- version rollback attacks was not effective.
-
- In s23_clnt.c, don't use special rollback-attack detection padding
- (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
- client; similarly, in s23_srvr.c, don't do the rollback check if
- SSL 2.0 is the only protocol enabled in the server.
- [Bodo Moeller]
-
- *) Make it possible to get hexdumps of unprintable data with 'openssl
- asn1parse'. By implication, the functions ASN1_parse_dump() and
- BIO_dump_indent() are added.
- [Richard Levitte]
-
- *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
- these print out strings and name structures based on various
- flags including RFC2253 support and proper handling of
- multibyte characters. Added options to the 'x509' utility
- to allow the various flags to be set.
- [Steve Henson]
-
- *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
- Also change the functions X509_cmp_current_time() and
- X509_gmtime_adj() work with an ASN1_TIME structure,
- this will enable certificates using GeneralizedTime in validity
- dates to be checked.
- [Steve Henson]
-
- *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
- negative public key encodings) on by default,
- NO_NEG_PUBKEY_BUG can be set to disable it.
- [Steve Henson]
-
- *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
- content octets. An i2c_ASN1_OBJECT is unnecessary because
- the encoding can be trivially obtained from the structure.
- [Steve Henson]
-
- *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
- not read locks (CRYPTO_r_[un]lock).
- [Bodo Moeller]
-
- *) A first attempt at creating official support for shared
- libraries through configuration. I've kept it so the
- default is static libraries only, and the OpenSSL programs
- are always statically linked for now, but there are
- preparations for dynamic linking in place.
- This has been tested on Linux and Tru64.
- [Richard Levitte]
-
- *) Randomness polling function for Win9x, as described in:
- Peter Gutmann, Software Generation of Practically Strong
- Random Numbers.
- [Ulf Möller]
-
- *) Fix so PRNG is seeded in req if using an already existing
- DSA key.
- [Steve Henson]
-
- *) New options to smime application. -inform and -outform
- allow alternative formats for the S/MIME message including
- PEM and DER. The -content option allows the content to be
- specified separately. This should allow things like Netscape
- form signing output easier to verify.
- [Steve Henson]
-
- *) Fix the ASN1 encoding of tags using the 'long form'.
- [Steve Henson]
-
- *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT
- STRING types. These convert content octets to and from the
- underlying type. The actual tag and length octets are
- already assumed to have been read in and checked. These
- are needed because all other string types have virtually
- identical handling apart from the tag. By having versions
- of the ASN1 functions that just operate on content octets
- IMPLICIT tagging can be handled properly. It also allows
- the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED
- and ASN1_INTEGER are identical apart from the tag.
- [Steve Henson]
-
- *) Change the handling of OID objects as follows:
-
- - New object identifiers are inserted in objects.txt, following
- the syntax given in objects.README.
- - objects.pl is used to process obj_mac.num and create a new
- obj_mac.h.
- - obj_dat.pl is used to create a new obj_dat.h, using the data in
- obj_mac.h.
-
- This is currently kind of a hack, and the perl code in objects.pl
- isn't very elegant, but it works as I intended. The simplest way
- to check that it worked correctly is to look in obj_dat.h and
- check the array nid_objs and make sure the objects haven't moved
- around (this is important!). Additions are OK, as well as
- consistent name changes.
- [Richard Levitte]
-
- *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
- [Bodo Moeller]
-
- *) Addition of the command line parameter '-rand file' to 'openssl req'.
- The given file adds to whatever has already been seeded into the
- random pool through the RANDFILE configuration file option or
- environment variable, or the default random state file.
- [Richard Levitte]
-
- *) mkstack.pl now sorts each macro group into lexical order.
- Previously the output order depended on the order the files
- appeared in the directory, resulting in needless rewriting
- of safestack.h .
- [Steve Henson]
-
- *) Patches to make OpenSSL compile under Win32 again. Mostly
- work arounds for the VC++ problem that it treats func() as
- func(void). Also stripped out the parts of mkdef.pl that
- added extra typesafe functions: these no longer exist.
- [Steve Henson]
-
- *) Reorganisation of the stack code. The macros are now all
- collected in safestack.h . Each macro is defined in terms of
- a "stack macro" of the form SKM_<name>(type, a, b). The
- DEBUG_SAFESTACK is now handled in terms of function casts,
- this has the advantage of retaining type safety without the
- use of additional functions. If DEBUG_SAFESTACK is not defined
- then the non typesafe macros are used instead. Also modified the
- mkstack.pl script to handle the new form. Needs testing to see
- if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK
- the default if no major problems. Similar behaviour for ASN1_SET_OF
- and PKCS12_STACK_OF.
- [Steve Henson]
-
- *) When some versions of IIS use the 'NET' form of private key the
- key derivation algorithm is different. Normally MD5(password) is
- used as a 128 bit RC4 key. In the modified case
- MD5(MD5(password) + "SGCKEYSALT") is used insted. Added some
- new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same
- as the old Netscape_RSA functions except they have an additional
- 'sgckey' parameter which uses the modified algorithm. Also added
- an -sgckey command line option to the rsa utility. Thanks to
- Adrian Peck <bertie@ncipher.com> for posting details of the modified
- algorithm to openssl-dev.
- [Steve Henson]
-
- *) The evp_local.h macros were using 'c.##kname' which resulted in
- invalid expansion on some systems (SCO 5.0.5 for example).
- Corrected to 'c.kname'.
- [Phillip Porch <root@theporch.com>]
-
- *) New X509_get1_email() and X509_REQ_get1_email() functions that return
- a STACK of email addresses from a certificate or request, these look
- in the subject name and the subject alternative name extensions and
- omit any duplicate addresses.
- [Steve Henson]
-
- *) Re-implement BN_mod_exp2_mont using independent (and larger) windows.
- This makes DSA verification about 2 % faster.
- [Bodo Moeller]
-
- *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5
- (meaning that now 2^5 values will be precomputed, which is only 4 KB
- plus overhead for 1024 bit moduli).
- This makes exponentiations about 0.5 % faster for 1024 bit
- exponents (as measured by "openssl speed rsa2048").
- [Bodo Moeller]
-
- *) Rename memory handling macros to avoid conflicts with other
- software:
- Malloc => OPENSSL_malloc
- Malloc_locked => OPENSSL_malloc_locked
- Realloc => OPENSSL_realloc
- Free => OPENSSL_free
- [Richard Levitte]
-
- *) New function BN_mod_exp_mont_word for small bases (roughly 15%
- faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange).
- [Bodo Moeller]
-
- *) CygWin32 support.
- [John Jarvie <jjarvie@newsguy.com>]
-
- *) The type-safe stack code has been rejigged. It is now only compiled
- in when OpenSSL is configured with the DEBUG_SAFESTACK option and
- by default all type-specific stack functions are "#define"d back to
- standard stack functions. This results in more streamlined output
- but retains the type-safety checking possibilities of the original
- approach.
- [Geoff Thorpe]
-
- *) The STACK code has been cleaned up, and certain type declarations
- that didn't make a lot of sense have been brought in line. This has
- also involved a cleanup of sorts in safestack.h to more correctly
- map type-safe stack functions onto their plain stack counterparts.
- This work has also resulted in a variety of "const"ifications of
- lots of the code, especially "_cmp" operations which should normally
- be prototyped with "const" parameters anyway.
- [Geoff Thorpe]
-
- *) When generating bytes for the first time in md_rand.c, 'stir the pool'
- by seeding with STATE_SIZE dummy bytes (with zero entropy count).
- (The PRNG state consists of two parts, the large pool 'state' and 'md',
- where all of 'md' is used each time the PRNG is used, but 'state'
- is used only indexed by a cyclic counter. As entropy may not be
- well distributed from the beginning, 'md' is important as a
- chaining variable. However, the output function chains only half
- of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains
- all of 'md', and seeding with STATE_SIZE dummy bytes will result
- in all of 'state' being rewritten, with the new values depending
- on virtually all of 'md'. This overcomes the 80 bit limitation.)
- [Bodo Moeller]
-
- *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
- the handshake is continued after ssl_verify_cert_chain();
- otherwise, if SSL_VERIFY_NONE is set, remaining error codes
- can lead to 'unexplainable' connection aborts later.
- [Bodo Moeller; problem tracked down by Lutz Jaenicke]
-
- *) Major EVP API cipher revision.
- Add hooks for extra EVP features. This allows various cipher
- parameters to be set in the EVP interface. Support added for variable
- key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
- setting of RC2 and RC5 parameters.
-
- Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
- ciphers.
-
- Remove lots of duplicated code from the EVP library. For example *every*
- cipher init() function handles the 'iv' in the same way according to the
- cipher mode. They also all do nothing if the 'key' parameter is NULL and
- for CFB and OFB modes they zero ctx->num.
-
- New functionality allows removal of S/MIME code RC2 hack.
-
- Most of the routines have the same form and so can be declared in terms
- of macros.
-
- By shifting this to the top level EVP_CipherInit() it can be removed from
- all individual ciphers. If the cipher wants to handle IVs or keys
- differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
- flags.
-
- Change lots of functions like EVP_EncryptUpdate() to now return a
- value: although software versions of the algorithms cannot fail
- any installed hardware versions can.
- [Steve Henson]
-
- *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
- this option is set, tolerate broken clients that send the negotiated
- protocol version number instead of the requested protocol version
- number.
- [Bodo Moeller]
-
- *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
- i.e. non-zero for export ciphersuites, zero otherwise.
- Previous versions had this flag inverted, inconsistent with
- rsa_tmp_cb (..._TMP_RSA_CB).
- [Bodo Moeller; problem reported by Amit Chopra]
-
- *) Add missing DSA library text string. Work around for some IIS
- key files with invalid SEQUENCE encoding.
- [Steve Henson]
-
- *) Add a document (doc/standards.txt) that list all kinds of standards
- and so on that are implemented in OpenSSL.
- [Richard Levitte]
-
- *) Enhance c_rehash script. Old version would mishandle certificates
- with the same subject name hash and wouldn't handle CRLs at all.
- Added -fingerprint option to crl utility, to support new c_rehash
- features.
- [Steve Henson]
-
- *) Eliminate non-ANSI declarations in crypto.h and stack.h.
- [Ulf Möller]
-
- *) Fix for SSL server purpose checking. Server checking was
- rejecting certificates which had extended key usage present
- but no ssl client purpose.
- [Steve Henson, reported by Rene Grosser <grosser@hisolutions.com>]
-
- *) Make PKCS#12 code work with no password. The PKCS#12 spec
- is a little unclear about how a blank password is handled.
- Since the password in encoded as a BMPString with terminating
- double NULL a zero length password would end up as just the
- double NULL. However no password at all is different and is
- handled differently in the PKCS#12 key generation code. NS
- treats a blank password as zero length. MSIE treats it as no
- password on export: but it will try both on import. We now do
- the same: PKCS12_parse() tries zero length and no password if
- the password is set to "" or NULL (NULL is now a valid password:
- it wasn't before) as does the pkcs12 application.
- [Steve Henson]
-
- *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
- perror when PEM_read_bio_X509_REQ fails, the error message must
- be obtained from the error queue.
- [Bodo Moeller]
-
- *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
- it in ERR_remove_state if appropriate, and change ERR_get_state
- accordingly to avoid race conditions (this is necessary because
- thread_hash is no longer constant once set).
- [Bodo Moeller]
-
- *) Bugfix for linux-elf makefile.one.
- [Ulf Möller]
-
- *) RSA_get_default_method() will now cause a default
- RSA_METHOD to be chosen if one doesn't exist already.
- Previously this was only set during a call to RSA_new()
- or RSA_new_method(NULL) meaning it was possible for
- RSA_get_default_method() to return NULL.
- [Geoff Thorpe]
-
- *) Added native name translation to the existing DSO code
- that will convert (if the flag to do so is set) filenames
- that are sufficiently small and have no path information
- into a canonical native form. Eg. "blah" converted to
- "libblah.so" or "blah.dll" etc.
- [Geoff Thorpe]
-
- *) New function ERR_error_string_n(e, buf, len) which is like
- ERR_error_string(e, buf), but writes at most 'len' bytes
- including the 0 terminator. For ERR_error_string_n, 'buf'
- may not be NULL.
- [Damien Miller <djm@mindrot.org>, Bodo Moeller]
-
- *) CONF library reworked to become more general. A new CONF
- configuration file reader "class" is implemented as well as a
- new functions (NCONF_*, for "New CONF") to handle it. The now
- old CONF_* functions are still there, but are reimplemented to
- work in terms of the new functions. Also, a set of functions
- to handle the internal storage of the configuration data is
- provided to make it easier to write new configuration file
- reader "classes" (I can definitely see something reading a
- configuration file in XML format, for example), called _CONF_*,
- or "the configuration storage API"...
-
- The new configuration file reading functions are:
-
- NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
- NCONF_get_section, NCONF_get_string, NCONF_get_numbre
-
- NCONF_default, NCONF_WIN32
-
- NCONF_dump_fp, NCONF_dump_bio
-
- NCONF_default and NCONF_WIN32 are method (or "class") choosers,
- NCONF_new creates a new CONF object. This works in the same way
- as other interfaces in OpenSSL, like the BIO interface.
- NCONF_dump_* dump the internal storage of the configuration file,
- which is useful for debugging. All other functions take the same
- arguments as the old CONF_* functions wth the exception of the
- first that must be a `CONF *' instead of a `LHASH *'.
-
- To make it easer to use the new classes with the old CONF_* functions,
- the function CONF_set_default_method is provided.
- [Richard Levitte]
-
- *) Add '-tls1' option to 'openssl ciphers', which was already
- mentioned in the documentation but had not been implemented.
- (This option is not yet really useful because even the additional
- experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
- [Bodo Moeller]
-
- *) Initial DSO code added into libcrypto for letting OpenSSL (and
- OpenSSL-based applications) load shared libraries and bind to
- them in a portable way.
- [Geoff Thorpe, with contributions from Richard Levitte]
-
- Changes between 0.9.5 and 0.9.5a [1 Apr 2000]
-
- *) Make sure _lrotl and _lrotr are only used with MSVC.
-
- *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status
- (the default implementation of RAND_status).
-
- *) Rename openssl x509 option '-crlext', which was added in 0.9.5,
- to '-clrext' (= clear extensions), as intended and documented.
- [Bodo Moeller; inconsistency pointed out by Michael Attili
- <attili@amaxo.com>]
-
- *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
- was larger than the MD block size.
- [Steve Henson, pointed out by Yost William <YostW@tce.com>]
-
- *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
- fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
- using the passed key: if the passed key was a private key the result
- of X509_print(), for example, would be to print out all the private key
- components.
- [Steve Henson]
-
- *) des_quad_cksum() byte order bug fix.
- [Ulf Möller, using the problem description in krb4-0.9.7, where
- the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>]
-
- *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
- discouraged.
- [Steve Henson, pointed out by Brian Korver <briank@cs.stanford.edu>]
-
- *) For easily testing in shell scripts whether some command
- 'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
- returns with exit code 0 iff no command of the given name is available.
- 'no-XXX' is printed in this case, 'XXX' otherwise. In both cases,
- the output goes to stdout and nothing is printed to stderr.
- Additional arguments are always ignored.
-
- Since for each cipher there is a command of the same name,
- the 'no-cipher' compilation switches can be tested this way.
-
- ('openssl no-XXX' is not able to detect pseudo-commands such
- as 'quit', 'list-XXX-commands', or 'no-XXX' itself.)
- [Bodo Moeller]
-
- *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
- [Bodo Moeller]
-
- *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
- is set; it will be thrown away anyway because each handshake creates
- its own key.
- ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
- to parameters -- in previous versions (since OpenSSL 0.9.3) the
- 'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining
- you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.
- [Bodo Moeller]
-
- *) New s_client option -ign_eof: EOF at stdin is ignored, and
- 'Q' and 'R' lose their special meanings (quit/renegotiate).
- This is part of what -quiet does; unlike -quiet, -ign_eof
- does not suppress any output.
- [Richard Levitte]
-
- *) Add compatibility options to the purpose and trust code. The
- purpose X509_PURPOSE_ANY is "any purpose" which automatically
- accepts a certificate or CA, this was the previous behaviour,
- with all the associated security issues.
-
- X509_TRUST_COMPAT is the old trust behaviour: only and
- automatically trust self signed roots in certificate store. A
- new trust setting X509_TRUST_DEFAULT is used to specify that
- a purpose has no associated trust setting and it should instead
- use the value in the default purpose.
- [Steve Henson]
-
- *) Fix the PKCS#8 DSA private key code so it decodes keys again
- and fix a memory leak.
- [Steve Henson]
-
- *) In util/mkerr.pl (which implements 'make errors'), preserve
- reason strings from the previous version of the .c file, as
- the default to have only downcase letters (and digits) in
- automatically generated reasons codes is not always appropriate.
- [Bodo Moeller]
-
- *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
- using strerror. Previously, ERR_reason_error_string() returned
- library names as reason strings for SYSerr; but SYSerr is a special
- case where small numbers are errno values, not library numbers.
- [Bodo Moeller]
-
- *) Add '-dsaparam' option to 'openssl dhparam' application. This
- converts DSA parameters into DH parameters. (When creating parameters,
- DSA_generate_parameters is used.)
- [Bodo Moeller]
-
- *) Include 'length' (recommended exponent length) in C code generated
- by 'openssl dhparam -C'.
- [Bodo Moeller]
-
- *) The second argument to set_label in perlasm was already being used
- so couldn't be used as a "file scope" flag. Moved to third argument
- which was free.
- [Steve Henson]
-
- *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
- instead of RAND_bytes for encryption IVs and salts.
- [Bodo Moeller]
-
- *) Include RAND_status() into RAND_METHOD instead of implementing
- it only for md_rand.c Otherwise replacing the PRNG by calling
- RAND_set_rand_method would be impossible.
- [Bodo Moeller]
-
- *) Don't let DSA_generate_key() enter an infinite loop if the random
- number generation fails.
- [Bodo Moeller]
-
- *) New 'rand' application for creating pseudo-random output.
- [Bodo Moeller]
-
- *) Added configuration support for Linux/IA64
- [Rolf Haberrecker <rolf@suse.de>]
-
- *) Assembler module support for Mingw32.
- [Ulf Möller]
-
- *) Shared library support for HPUX (in shlib/).
- [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Anonymous]
-
- *) Shared library support for Solaris gcc.
- [Lutz Behnke <behnke@trustcenter.de>]
-
- Changes between 0.9.4 and 0.9.5 [28 Feb 2000]
-
- *) PKCS7_encrypt() was adding text MIME headers twice because they
- were added manually and by SMIME_crlf_copy().
- [Steve Henson]
-
- *) In bntest.c don't call BN_rand with zero bits argument.
- [Steve Henson, pointed out by Andrew W. Gray <agray@iconsinc.com>]
-
- *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
- case was implemented. This caused BN_div_recp() to fail occasionally.
- [Ulf Möller]
-
- *) Add an optional second argument to the set_label() in the perl
- assembly language builder. If this argument exists and is set
- to 1 it signals that the assembler should use a symbol whose
- scope is the entire file, not just the current function. This
- is needed with MASM which uses the format label:: for this scope.
- [Steve Henson, pointed out by Peter Runestig <peter@runestig.com>]
-
- *) Change the ASN1 types so they are typedefs by default. Before
- almost all types were #define'd to ASN1_STRING which was causing
- STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING)
- for example.
- [Steve Henson]
-
- *) Change names of new functions to the new get1/get0 naming
- convention: After 'get1', the caller owns a reference count
- and has to call ..._free; 'get0' returns a pointer to some
- data structure without incrementing reference counters.
- (Some of the existing 'get' functions increment a reference
- counter, some don't.)
- Similarly, 'set1' and 'add1' functions increase reference
- counters or duplicate objects.
- [Steve Henson]
-
- *) Allow for the possibility of temp RSA key generation failure:
- the code used to assume it always worked and crashed on failure.
- [Steve Henson]
-
- *) Fix potential buffer overrun problem in BIO_printf().
- [Ulf Möller, using public domain code by Patrick Powell; problem
- pointed out by David Sacerdote <das33@cornell.edu>]
-
- *) Support EGD <http://www.lothar.com/tech/crypto/>. New functions
- RAND_egd() and RAND_status(). In the command line application,
- the EGD socket can be specified like a seed file using RANDFILE
- or -rand.
- [Ulf Möller]
-
- *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
- Some CAs (e.g. Verisign) distribute certificates in this form.
- [Steve Henson]
-
- *) Remove the SSL_ALLOW_ADH compile option and set the default cipher
- list to exclude them. This means that no special compilation option
- is needed to use anonymous DH: it just needs to be included in the
- cipher list.
- [Steve Henson]
-
- *) Change the EVP_MD_CTX_type macro so its meaning consistent with
- EVP_MD_type. The old functionality is available in a new macro called
- EVP_MD_md(). Change code that uses it and update docs.
- [Steve Henson]
-
- *) ..._ctrl functions now have corresponding ..._callback_ctrl functions
- where the 'void *' argument is replaced by a function pointer argument.
- Previously 'void *' was abused to point to functions, which works on
- many platforms, but is not correct. As these functions are usually
- called by macros defined in OpenSSL header files, most source code
- should work without changes.
- [Richard Levitte]
-
- *) <openssl/opensslconf.h> (which is created by Configure) now contains
- sections with information on -D... compiler switches used for
- compiling the library so that applications can see them. To enable
- one of these sections, a pre-processor symbol OPENSSL_..._DEFINES
- must be defined. E.g.,
- #define OPENSSL_ALGORITHM_DEFINES
- #include <openssl/opensslconf.h>
- defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
- [Richard Levitte, Ulf and Bodo Möller]
-
- *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
- record layer.
- [Bodo Moeller]
-
- *) Change the 'other' type in certificate aux info to a STACK_OF
- X509_ALGOR. Although not an AlgorithmIdentifier as such it has
- the required ASN1 format: arbitrary types determined by an OID.
- [Steve Henson]
-
- *) Add some PEM_write_X509_REQ_NEW() functions and a command line
- argument to 'req'. This is not because the function is newer or
- better than others it just uses the work 'NEW' in the certificate
- request header lines. Some software needs this.
- [Steve Henson]
-
- *) Reorganise password command line arguments: now passwords can be
- obtained from various sources. Delete the PEM_cb function and make
- it the default behaviour: i.e. if the callback is NULL and the
- usrdata argument is not NULL interpret it as a null terminated pass
- phrase. If usrdata and the callback are NULL then the pass phrase
- is prompted for as usual.
- [Steve Henson]
-
- *) Add support for the Compaq Atalla crypto accelerator. If it is installed,
- the support is automatically enabled. The resulting binaries will
- autodetect the card and use it if present.
- [Ben Laurie and Compaq Inc.]
-
- *) Work around for Netscape hang bug. This sends certificate request
- and server done in one record. Since this is perfectly legal in the
- SSL/TLS protocol it isn't a "bug" option and is on by default. See
- the bugs/SSLv3 entry for more info.
- [Steve Henson]
-
- *) HP-UX tune-up: new unified configs, HP C compiler bug workaround.
- [Andy Polyakov]
-
- *) Add -rand argument to smime and pkcs12 applications and read/write
- of seed file.
- [Steve Henson]
-
- *) New 'passwd' tool for crypt(3) and apr1 password hashes.
- [Bodo Moeller]
-
- *) Add command line password options to the remaining applications.
- [Steve Henson]
-
- *) Bug fix for BN_div_recp() for numerators with an even number of
- bits.
- [Ulf Möller]
-
- *) More tests in bntest.c, and changed test_bn output.
- [Ulf Möller]
-
- *) ./config recognizes MacOS X now.
- [Andy Polyakov]
-
- *) Bug fix for BN_div() when the first words of num and divsor are
- equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
- [Ulf Möller]
-
- *) Add support for various broken PKCS#8 formats, and command line
- options to produce them.
- [Steve Henson]
-
- *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
- get temporary BIGNUMs from a BN_CTX.
- [Ulf Möller]
-
- *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
- for p == 0.
- [Ulf Möller]
-
- *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
- include a #define from the old name to the new. The original intent
- was that statically linked binaries could for example just call
- SSLeay_add_all_ciphers() to just add ciphers to the table and not
- link with digests. This never worked becayse SSLeay_add_all_digests()
- and SSLeay_add_all_ciphers() were in the same source file so calling
- one would link with the other. They are now in separate source files.
- [Steve Henson]
-
- *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
- [Steve Henson]
-
- *) Use a less unusual form of the Miller-Rabin primality test (it used
- a binary algorithm for exponentiation integrated into the Miller-Rabin
- loop, our standard modexp algorithms are faster).
- [Bodo Moeller]
-
- *) Support for the EBCDIC character set completed.
- [Martin Kraemer <Martin.Kraemer@Mch.SNI.De>]
-
- *) Source code cleanups: use const where appropriate, eliminate casts,
- use void * instead of char * in lhash.
- [Ulf Möller]
-
- *) Bugfix: ssl3_send_server_key_exchange was not restartable
- (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
- this the server could overwrite ephemeral keys that the client
- has already seen).
- [Bodo Moeller]
-
- *) Turn DSA_is_prime into a macro that calls BN_is_prime,
- using 50 iterations of the Rabin-Miller test.
-
- DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
- iterations of the Rabin-Miller test as required by the appendix
- to FIPS PUB 186[-1]) instead of DSA_is_prime.
- As BN_is_prime_fasttest includes trial division, DSA parameter
- generation becomes much faster.
-
- This implies a change for the callback functions in DSA_is_prime
- and DSA_generate_parameters: The callback function is called once
- for each positive witness in the Rabin-Miller test, not just
- occasionally in the inner loop; and the parameters to the
- callback function now provide an iteration count for the outer
- loop rather than for the current invocation of the inner loop.
- DSA_generate_parameters additionally can call the callback
- function with an 'iteration count' of -1, meaning that a
- candidate has passed the trial division test (when q is generated
- from an application-provided seed, trial division is skipped).
- [Bodo Moeller]
-
- *) New function BN_is_prime_fasttest that optionally does trial
- division before starting the Rabin-Miller test and has
- an additional BN_CTX * argument (whereas BN_is_prime always
- has to allocate at least one BN_CTX).
- 'callback(1, -1, cb_arg)' is called when a number has passed the
- trial division stage.
- [Bodo Moeller]
-
- *) Fix for bug in CRL encoding. The validity dates weren't being handled
- as ASN1_TIME.
- [Steve Henson]
-
- *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
- [Steve Henson]
-
- *) New function BN_pseudo_rand().
- [Ulf Möller]
-
- *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
- bignum version of BN_from_montgomery() with the working code from
- SSLeay 0.9.0 (the word based version is faster anyway), and clean up
- the comments.
- [Ulf Möller]
-
- *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
- made it impossible to use the same SSL_SESSION data structure in
- SSL2 clients in multiple threads.
- [Bodo Moeller]
-
- *) The return value of RAND_load_file() no longer counts bytes obtained
- by stat(). RAND_load_file(..., -1) is new and uses the complete file
- to seed the PRNG (previously an explicit byte count was required).
- [Ulf Möller, Bodo Möller]
-
- *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
- used (char *) instead of (void *) and had casts all over the place.
- [Steve Henson]
-
- *) Make BN_generate_prime() return NULL on error if ret!=NULL.
- [Ulf Möller]
-
- *) Retain source code compatibility for BN_prime_checks macro:
- BN_is_prime(..., BN_prime_checks, ...) now uses
- BN_prime_checks_for_size to determine the appropriate number of
- Rabin-Miller iterations.
- [Ulf Möller]
-
- *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
- DH_CHECK_P_NOT_SAFE_PRIME.
- (Check if this is true? OpenPGP calls them "strong".)
- [Ulf Möller]
-
- *) Merge the functionality of "dh" and "gendh" programs into a new program
- "dhparam". The old programs are retained for now but will handle DH keys
- (instead of parameters) in future.
- [Steve Henson]
-
- *) Make the ciphers, s_server and s_client programs check the return values
- when a new cipher list is set.
- [Steve Henson]
-
- *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit
- ciphers. Before when the 56bit ciphers were enabled the sorting was
- wrong.
-
- The syntax for the cipher sorting has been extended to support sorting by
- cipher-strength (using the strength_bits hard coded in the tables).
- The new command is "@STRENGTH" (see also doc/apps/ciphers.pod).
-
- Fix a bug in the cipher-command parser: when supplying a cipher command
- string with an "undefined" symbol (neither command nor alphanumeric
- [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now
- an error is flagged.
-
- Due to the strength-sorting extension, the code of the
- ssl_create_cipher_list() function was completely rearranged. I hope that
- the readability was also increased :-)
- [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
-
- *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
- for the first serial number and places 2 in the serial number file. This
- avoids problems when the root CA is created with serial number zero and
- the first user certificate has the same issuer name and serial number
- as the root CA.
- [Steve Henson]
-
- *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
- the new code. Add documentation for this stuff.
- [Steve Henson]
-
- *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
- X509_*() to X509at_*() on the grounds that they don't handle X509
- structures and behave in an analagous way to the X509v3 functions:
- they shouldn't be called directly but wrapper functions should be used
- instead.
-
- So we also now have some wrapper functions that call the X509at functions
- when passed certificate requests. (TO DO: similar things can be done with
- PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
- things. Some of these need some d2i or i2d and print functionality
- because they handle more complex structures.)
- [Steve Henson]
-
- *) Add missing #ifndefs that caused missing symbols when building libssl
- as a shared library without RSA. Use #ifndef NO_SSL2 instead of
- NO_RSA in ssl/s2*.c.
- [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
-
- *) Precautions against using the PRNG uninitialized: RAND_bytes() now
- has a return value which indicates the quality of the random data
- (1 = ok, 0 = not seeded). Also an error is recorded on the thread's
- error queue. New function RAND_pseudo_bytes() generates output that is
- guaranteed to be unique but not unpredictable. RAND_add is like
- RAND_seed, but takes an extra argument for an entropy estimate
- (RAND_seed always assumes full entropy).
- [Ulf Möller]
-
- *) Do more iterations of Rabin-Miller probable prime test (specifically,
- 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
- instead of only 2 for all lengths; see BN_prime_checks_for_size definition
- in crypto/bn/bn_prime.c for the complete table). This guarantees a
- false-positive rate of at most 2^-80 for random input.
- [Bodo Moeller]
-
- *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.
- [Bodo Moeller]
-
- *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain
- in the 0.9.5 release), this returns the chain
- from an X509_CTX structure with a dup of the stack and all
- the X509 reference counts upped: so the stack will exist
- after X509_CTX_cleanup() has been called. Modify pkcs12.c
- to use this.
-
- Also make SSL_SESSION_print() print out the verify return
- code.
- [Steve Henson]
-
- *) Add manpage for the pkcs12 command. Also change the default
- behaviour so MAC iteration counts are used unless the new
- -nomaciter option is used. This improves file security and
- only older versions of MSIE (4.0 for example) need it.
- [Steve Henson]
-
- *) Honor the no-xxx Configure options when creating .DEF files.
- [Ulf Möller]
-
- *) Add PKCS#10 attributes to field table: challengePassword,
- unstructuredName and unstructuredAddress. These are taken from
- draft PKCS#9 v2.0 but are compatible with v1.2 provided no
- international characters are used.
-
- More changes to X509_ATTRIBUTE code: allow the setting of types
- based on strings. Remove the 'loc' parameter when adding
- attributes because these will be a SET OF encoding which is sorted
- in ASN1 order.
- [Steve Henson]
-
- *) Initial changes to the 'req' utility to allow request generation
- automation. This will allow an application to just generate a template
- file containing all the field values and have req construct the
- request.
-
- Initial support for X509_ATTRIBUTE handling. Stacks of these are
- used all over the place including certificate requests and PKCS#7
- structures. They are currently handled manually where necessary with
- some primitive wrappers for PKCS#7. The new functions behave in a
- manner analogous to the X509 extension functions: they allow
- attributes to be looked up by NID and added.
-
- Later something similar to the X509V3 code would be desirable to
- automatically handle the encoding, decoding and printing of the
- more complex types. The string types like challengePassword can
- be handled by the string table functions.
-
- Also modified the multi byte string table handling. Now there is
- a 'global mask' which masks out certain types. The table itself
- can use the flag STABLE_NO_MASK to ignore the mask setting: this
- is useful when for example there is only one permissible type
- (as in countryName) and using the mask might result in no valid
- types at all.
- [Steve Henson]
-
- *) Clean up 'Finished' handling, and add functions SSL_get_finished and
- SSL_get_peer_finished to allow applications to obtain the latest
- Finished messages sent to the peer or expected from the peer,
- respectively. (SSL_get_peer_finished is usually the Finished message
- actually received from the peer, otherwise the protocol will be aborted.)
-
- As the Finished message are message digests of the complete handshake
- (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can
- be used for external authentication procedures when the authentication
- provided by SSL/TLS is not desired or is not enough.
- [Bodo Moeller]
-
- *) Enhanced support for Alpha Linux is added. Now ./config checks if
- the host supports BWX extension and if Compaq C is present on the
- $PATH. Just exploiting of the BWX extension results in 20-30%
- performance kick for some algorithms, e.g. DES and RC4 to mention
- a couple. Compaq C in turn generates ~20% faster code for MD5 and
- SHA1.
- [Andy Polyakov]
-
- *) Add support for MS "fast SGC". This is arguably a violation of the
- SSL3/TLS protocol. Netscape SGC does two handshakes: the first with
- weak crypto and after checking the certificate is SGC a second one
- with strong crypto. MS SGC stops the first handshake after receiving
- the server certificate message and sends a second client hello. Since
- a server will typically do all the time consuming operations before
- expecting any further messages from the client (server key exchange
- is the most expensive) there is little difference between the two.
-
- To get OpenSSL to support MS SGC we have to permit a second client
- hello message after we have sent server done. In addition we have to
- reset the MAC if we do get this second client hello.
- [Steve Henson]
-
- *) Add a function 'd2i_AutoPrivateKey()' this will automatically decide
- if a DER encoded private key is RSA or DSA traditional format. Changed
- d2i_PrivateKey_bio() to use it. This is only needed for the "traditional"
- format DER encoded private key. Newer code should use PKCS#8 format which
- has the key type encoded in the ASN1 structure. Added DER private key
- support to pkcs8 application.
- [Steve Henson]
-
- *) SSL 3/TLS 1 servers now don't request certificates when an anonymous
- ciphersuites has been selected (as required by the SSL 3/TLS 1
- specifications). Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT
- is set, we interpret this as a request to violate the specification
- (the worst that can happen is a handshake failure, and 'correct'
- behaviour would result in a handshake failure anyway).
- [Bodo Moeller]
-
- *) In SSL_CTX_add_session, take into account that there might be multiple
- SSL_SESSION structures with the same session ID (e.g. when two threads
- concurrently obtain them from an external cache).
- The internal cache can handle only one SSL_SESSION with a given ID,
- so if there's a conflict, we now throw out the old one to achieve
- consistency.
- [Bodo Moeller]
-
- *) Add OIDs for idea and blowfish in CBC mode. This will allow both
- to be used in PKCS#5 v2.0 and S/MIME. Also add checking to
- some routines that use cipher OIDs: some ciphers do not have OIDs
- defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for
- example.
- [Steve Henson]
-
- *) Simplify the trust setting structure and code. Now we just have
- two sequences of OIDs for trusted and rejected settings. These will
- typically have values the same as the extended key usage extension
- and any application specific purposes.
-
- The trust checking code now has a default behaviour: it will just
- check for an object with the same NID as the passed id. Functions can
- be provided to override either the default behaviour or the behaviour
- for a given id. SSL client, server and email already have functions
- in place for compatibility: they check the NID and also return "trusted"
- if the certificate is self signed.
- [Steve Henson]
-
- *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the
- traditional format into an EVP_PKEY structure.
- [Steve Henson]
-
- *) Add a password callback function PEM_cb() which either prompts for
- a password if usr_data is NULL or otherwise assumes it is a null
- terminated password. Allow passwords to be passed on command line
- environment or config files in a few more utilities.
- [Steve Henson]
-
- *) Add a bunch of DER and PEM functions to handle PKCS#8 format private
- keys. Add some short names for PKCS#8 PBE algorithms and allow them
- to be specified on the command line for the pkcs8 and pkcs12 utilities.
- Update documentation.
- [Steve Henson]
-
- *) Support for ASN1 "NULL" type. This could be handled before by using
- ASN1_TYPE but there wasn't any function that would try to read a NULL
- and produce an error if it couldn't. For compatibility we also have
- ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and
- don't allocate anything because they don't need to.
- [Steve Henson]
-
- *) Initial support for MacOS is now provided. Examine INSTALL.MacOS
- for details.
- [Andy Polyakov, Roy Woods <roy@centicsystems.ca>]
-
- *) Rebuild of the memory allocation routines used by OpenSSL code and
- possibly others as well. The purpose is to make an interface that
- provide hooks so anyone can build a separate set of allocation and
- deallocation routines to be used by OpenSSL, for example memory
- pool implementations, or something else, which was previously hard
- since Malloc(), Realloc() and Free() were defined as macros having
- the values malloc, realloc and free, respectively (except for Win32
- compilations). The same is provided for memory debugging code.
- OpenSSL already comes with functionality to find memory leaks, but
- this gives people a chance to debug other memory problems.
-
- With these changes, a new set of functions and macros have appeared:
-
- CRYPTO_set_mem_debug_functions() [F]
- CRYPTO_get_mem_debug_functions() [F]
- CRYPTO_dbg_set_options() [F]
- CRYPTO_dbg_get_options() [F]
- CRYPTO_malloc_debug_init() [M]
-
- The memory debug functions are NULL by default, unless the library
- is compiled with CRYPTO_MDEBUG or friends is defined. If someone
- wants to debug memory anyway, CRYPTO_malloc_debug_init() (which
- gives the standard debugging functions that come with OpenSSL) or
- CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions
- provided by the library user) must be used. When the standard
- debugging functions are used, CRYPTO_dbg_set_options can be used to
- request additional information:
- CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting
- the CRYPTO_MDEBUG_xxx macro when compiling the library.
-
- Also, things like CRYPTO_set_mem_functions will always give the
- expected result (the new set of functions is used for allocation
- and deallocation) at all times, regardless of platform and compiler
- options.
-
- To finish it up, some functions that were never use in any other
- way than through macros have a new API and new semantic:
-
- CRYPTO_dbg_malloc()
- CRYPTO_dbg_realloc()
- CRYPTO_dbg_free()
-
- All macros of value have retained their old syntax.
- [Richard Levitte and Bodo Moeller]
-
- *) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the
- ordering of SMIMECapabilities wasn't in "strength order" and there
- was a missing NULL in the AlgorithmIdentifier for the SHA1 signature
- algorithm.
- [Steve Henson]
-
- *) Some ASN1 types with illegal zero length encoding (INTEGER,
- ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines.
- [Frans Heymans <fheymans@isaserver.be>, modified by Steve Henson]
-
- *) Merge in my S/MIME library for OpenSSL. This provides a simple
- S/MIME API on top of the PKCS#7 code, a MIME parser (with enough
- functionality to handle multipart/signed properly) and a utility
- called 'smime' to call all this stuff. This is based on code I
- originally wrote for Celo who have kindly allowed it to be
- included in OpenSSL.
- [Steve Henson]
-
- *) Add variants des_set_key_checked and des_set_key_unchecked of
- des_set_key (aka des_key_sched). Global variable des_check_key
- decides which of these is called by des_set_key; this way
- des_check_key behaves as it always did, but applications and
- the library itself, which was buggy for des_check_key == 1,
- have a cleaner way to pick the version they need.
- [Bodo Moeller]
-
- *) New function PKCS12_newpass() which changes the password of a
- PKCS12 structure.
- [Steve Henson]
-
- *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and
- dynamic mix. In both cases the ids can be used as an index into the
- table. Also modified the X509_TRUST_add() and X509_PURPOSE_add()
- functions so they accept a list of the field values and the
- application doesn't need to directly manipulate the X509_TRUST
- structure.
- [Steve Henson]
-
- *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't
- need initialising.
- [Steve Henson]
-
- *) Modify the way the V3 extension code looks up extensions. This now
- works in a similar way to the object code: we have some "standard"
- extensions in a static table which is searched with OBJ_bsearch()
- and the application can add dynamic ones if needed. The file
- crypto/x509v3/ext_dat.h now has the info: this file needs to be
- updated whenever a new extension is added to the core code and kept
- in ext_nid order. There is a simple program 'tabtest.c' which checks
- this. New extensions are not added too often so this file can readily
- be maintained manually.
-
- There are two big advantages in doing things this way. The extensions
- can be looked up immediately and no longer need to be "added" using
- X509V3_add_standard_extensions(): this function now does nothing.
- [Side note: I get *lots* of email saying the extension code doesn't
- work because people forget to call this function]
- Also no dynamic allocation is done unless new extensions are added:
- so if we don't add custom extensions there is no need to call
- X509V3_EXT_cleanup().
- [Steve Henson]
-
- *) Modify enc utility's salting as follows: make salting the default. Add a
- magic header, so unsalted files fail gracefully instead of just decrypting
- to garbage. This is because not salting is a big security hole, so people
- should be discouraged from doing it.
- [Ben Laurie]
-
- *) Fixes and enhancements to the 'x509' utility. It allowed a message
- digest to be passed on the command line but it only used this
- parameter when signing a certificate. Modified so all relevant
- operations are affected by the digest parameter including the
- -fingerprint and -x509toreq options. Also -x509toreq choked if a
- DSA key was used because it didn't fix the digest.
- [Steve Henson]
-
- *) Initial certificate chain verify code. Currently tests the untrusted
- certificates for consistency with the verify purpose (which is set
- when the X509_STORE_CTX structure is set up) and checks the pathlength.
-
- There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour:
- this is because it will reject chains with invalid extensions whereas
- every previous version of OpenSSL and SSLeay made no checks at all.
-
- Trust code: checks the root CA for the relevant trust settings. Trust
- settings have an initial value consistent with the verify purpose: e.g.
- if the verify purpose is for SSL client use it expects the CA to be
- trusted for SSL client use. However the default value can be changed to
- permit custom trust settings: one example of this would be to only trust
- certificates from a specific "secure" set of CAs.
-
- Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions
- which should be used for version portability: especially since the
- verify structure is likely to change more often now.
-
- SSL integration. Add purpose and trust to SSL_CTX and SSL and functions
- to set them. If not set then assume SSL clients will verify SSL servers
- and vice versa.
-
- Two new options to the verify program: -untrusted allows a set of
- untrusted certificates to be passed in and -purpose which sets the
- intended purpose of the certificate. If a purpose is set then the
- new chain verify code is used to check extension consistency.
- [Steve Henson]
-
- *) Support for the authority information access extension.
- [Steve Henson]
-
- *) Modify RSA and DSA PEM read routines to transparently handle
- PKCS#8 format private keys. New *_PUBKEY_* functions that handle
- public keys in a format compatible with certificate
- SubjectPublicKeyInfo structures. Unfortunately there were already
- functions called *_PublicKey_* which used various odd formats so
- these are retained for compatibility: however the DSA variants were
- never in a public release so they have been deleted. Changed dsa/rsa
- utilities to handle the new format: note no releases ever handled public
- keys so we should be OK.
-
- The primary motivation for this change is to avoid the same fiasco
- that dogs private keys: there are several incompatible private key
- formats some of which are standard and some OpenSSL specific and
- require various evil hacks to allow partial transparent handling and
- even then it doesn't work with DER formats. Given the option anything
- other than PKCS#8 should be dumped: but the other formats have to
- stay in the name of compatibility.
-
- With public keys and the benefit of hindsight one standard format
- is used which works with EVP_PKEY, RSA or DSA structures: though
- it clearly returns an error if you try to read the wrong kind of key.
-
- Added a -pubkey option to the 'x509' utility to output the public key.
- Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*()
- (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add
- EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*())
- that do the same as the EVP_PKEY_assign_*() except they up the
- reference count of the added key (they don't "swallow" the
- supplied key).
- [Steve Henson]
-
- *) Fixes to crypto/x509/by_file.c the code to read in certificates and
- CRLs would fail if the file contained no certificates or no CRLs:
- added a new function to read in both types and return the number
- read: this means that if none are read it will be an error. The
- DER versions of the certificate and CRL reader would always fail
- because it isn't possible to mix certificates and CRLs in DER format
- without choking one or the other routine. Changed this to just read
- a certificate: this is the best we can do. Also modified the code
- in apps/verify.c to take notice of return codes: it was previously
- attempting to read in certificates from NULL pointers and ignoring
- any errors: this is one reason why the cert and CRL reader seemed
- to work. It doesn't check return codes from the default certificate
- routines: these may well fail if the certificates aren't installed.
- [Steve Henson]
-
- *) Code to support otherName option in GeneralName.
- [Steve Henson]
-
- *) First update to verify code. Change the verify utility
- so it warns if it is passed a self signed certificate:
- for consistency with the normal behaviour. X509_verify
- has been modified to it will now verify a self signed
- certificate if *exactly* the same certificate appears
- in the store: it was previously impossible to trust a
- single self signed certificate. This means that:
- openssl verify ss.pem
- now gives a warning about a self signed certificate but
- openssl verify -CAfile ss.pem ss.pem
- is OK.
- [Steve Henson]
-
- *) For servers, store verify_result in SSL_SESSION data structure
- (and add it to external session representation).
- This is needed when client certificate verifications fails,
- but an application-provided verification callback (set by
- SSL_CTX_set_cert_verify_callback) allows accepting the session
- anyway (i.e. leaves x509_store_ctx->error != X509_V_OK
- but returns 1): When the session is reused, we have to set
- ssl->verify_result to the appropriate error code to avoid
- security holes.
- [Bodo Moeller, problem pointed out by Lutz Jaenicke]
-
- *) Fix a bug in the new PKCS#7 code: it didn't consider the
- case in PKCS7_dataInit() where the signed PKCS7 structure
- didn't contain any existing data because it was being created.
- [Po-Cheng Chen <pocheng@nst.com.tw>, slightly modified by Steve Henson]
-
- *) Add a salt to the key derivation routines in enc.c. This
- forms the first 8 bytes of the encrypted file. Also add a
- -S option to allow a salt to be input on the command line.
- [Steve Henson]
-
- *) New function X509_cmp(). Oddly enough there wasn't a function
- to compare two certificates. We do this by working out the SHA1
- hash and comparing that. X509_cmp() will be needed by the trust
- code.
- [Steve Henson]
-
- *) SSL_get1_session() is like SSL_get_session(), but increments
- the reference count in the SSL_SESSION returned.
- [Geoff Thorpe <geoff@eu.c2.net>]
-
- *) Fix for 'req': it was adding a null to request attributes.
- Also change the X509_LOOKUP and X509_INFO code to handle
- certificate auxiliary information.
- [Steve Henson]
-
- *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document
- the 'enc' command.
- [Steve Henson]
-
- *) Add the possibility to add extra information to the memory leak
- detecting output, to form tracebacks, showing from where each
- allocation was originated: CRYPTO_push_info("constant string") adds
- the string plus current file name and line number to a per-thread
- stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info()
- is like calling CYRPTO_pop_info() until the stack is empty.
- Also updated memory leak detection code to be multi-thread-safe.
- [Richard Levitte]
-
- *) Add options -text and -noout to pkcs7 utility and delete the
- encryption options which never did anything. Update docs.
- [Steve Henson]
-
- *) Add options to some of the utilities to allow the pass phrase
- to be included on either the command line (not recommended on
- OSes like Unix) or read from the environment. Update the
- manpages and fix a few bugs.
- [Steve Henson]
-
- *) Add a few manpages for some of the openssl commands.
- [Steve Henson]
-
- *) Fix the -revoke option in ca. It was freeing up memory twice,
- leaking and not finding already revoked certificates.
- [Steve Henson]
-
- *) Extensive changes to support certificate auxiliary information.
- This involves the use of X509_CERT_AUX structure and X509_AUX
- functions. An X509_AUX function such as PEM_read_X509_AUX()
- can still read in a certificate file in the usual way but it
- will also read in any additional "auxiliary information". By
- doing things this way a fair degree of compatibility can be
- retained: existing certificates can have this information added
- using the new 'x509' options.
-
- Current auxiliary information includes an "alias" and some trust
- settings. The trust settings will ultimately be used in enhanced
- certificate chain verification routines: currently a certificate
- can only be trusted if it is self signed and then it is trusted
- for all purposes.
- [Steve Henson]
-
- *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).
- The problem was that one of the replacement routines had not been working
- since SSLeay releases. For now the offending routine has been replaced
- with non-optimised assembler. Even so, this now gives around 95%
- performance improvement for 1024 bit RSA signs.
- [Mark Cox]
-
- *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2
- handling. Most clients have the effective key size in bits equal to
- the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key.
- A few however don't do this and instead use the size of the decrypted key
- to determine the RC2 key length and the AlgorithmIdentifier to determine
- the effective key length. In this case the effective key length can still
- be 40 bits but the key length can be 168 bits for example. This is fixed
- by manually forcing an RC2 key into the EVP_PKEY structure because the
- EVP code can't currently handle unusual RC2 key sizes: it always assumes
- the key length and effective key length are equal.
- [Steve Henson]
-
- *) Add a bunch of functions that should simplify the creation of
- X509_NAME structures. Now you should be able to do:
- X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0);
- and have it automatically work out the correct field type and fill in
- the structures. The more adventurous can try:
- X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0);
- and it will (hopefully) work out the correct multibyte encoding.
- [Steve Henson]
-
- *) Change the 'req' utility to use the new field handling and multibyte
- copy routines. Before the DN field creation was handled in an ad hoc
- way in req, ca, and x509 which was rather broken and didn't support
- BMPStrings or UTF8Strings. Since some software doesn't implement
- BMPStrings or UTF8Strings yet, they can be enabled using the config file
- using the dirstring_type option. See the new comment in the default
- openssl.cnf for more info.
- [Steve Henson]
-
- *) Make crypto/rand/md_rand.c more robust:
- - Assure unique random numbers after fork().
- - Make sure that concurrent threads access the global counter and
- md serializably so that we never lose entropy in them
- or use exactly the same state in multiple threads.
- Access to the large state is not always serializable because
- the additional locking could be a performance killer, and
- md should be large enough anyway.
- [Bodo Moeller]
-
- *) New file apps/app_rand.c with commonly needed functionality
- for handling the random seed file.
-
- Use the random seed file in some applications that previously did not:
- ca,
- dsaparam -genkey (which also ignored its '-rand' option),
- s_client,
- s_server,
- x509 (when signing).
- Except on systems with /dev/urandom, it is crucial to have a random
- seed file at least for key creation, DSA signing, and for DH exchanges;
- for RSA signatures we could do without one.
-
- gendh and gendsa (unlike genrsa) used to read only the first byte
- of each file listed in the '-rand' option. The function as previously
- found in genrsa is now in app_rand.c and is used by all programs
- that support '-rand'.
- [Bodo Moeller]
-
- *) In RAND_write_file, use mode 0600 for creating files;
- don't just chmod when it may be too late.
- [Bodo Moeller]
-
- *) Report an error from X509_STORE_load_locations
- when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
- [Bill Perry]
-
- *) New function ASN1_mbstring_copy() this copies a string in either
- ASCII, Unicode, Universal (4 bytes per character) or UTF8 format
- into an ASN1_STRING type. A mask of permissible types is passed
- and it chooses the "minimal" type to use or an error if not type
- is suitable.
- [Steve Henson]
-
- *) Add function equivalents to the various macros in asn1.h. The old
- macros are retained with an M_ prefix. Code inside the library can
- use the M_ macros. External code (including the openssl utility)
- should *NOT* in order to be "shared library friendly".
- [Steve Henson]
-
- *) Add various functions that can check a certificate's extensions
- to see if it usable for various purposes such as SSL client,
- server or S/MIME and CAs of these types. This is currently
- VERY EXPERIMENTAL but will ultimately be used for certificate chain
- verification. Also added a -purpose flag to x509 utility to
- print out all the purposes.
- [Steve Henson]
-
- *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated
- functions.
- [Steve Henson]
-
- *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search
- for, obtain and decode and extension and obtain its critical flag.
- This allows all the necessary extension code to be handled in a
- single function call.
- [Steve Henson]
-
- *) RC4 tune-up featuring 30-40% performance improvement on most RISC
- platforms. See crypto/rc4/rc4_enc.c for further details.
- [Andy Polyakov]
-
- *) New -noout option to asn1parse. This causes no output to be produced
- its main use is when combined with -strparse and -out to extract data
- from a file (which may not be in ASN.1 format).
- [Steve Henson]
-
- *) Fix for pkcs12 program. It was hashing an invalid certificate pointer
- when producing the local key id.
- [Richard Levitte <levitte@stacken.kth.se>]
-
- *) New option -dhparam in s_server. This allows a DH parameter file to be
- stated explicitly. If it is not stated then it tries the first server
- certificate file. The previous behaviour hard coded the filename
- "server.pem".
- [Steve Henson]
-
- *) Add -pubin and -pubout options to the rsa and dsa commands. These allow
- a public key to be input or output. For example:
- openssl rsa -in key.pem -pubout -out pubkey.pem
- Also added necessary DSA public key functions to handle this.
- [Steve Henson]
-
- *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained
- in the message. This was handled by allowing
- X509_find_by_issuer_and_serial() to tolerate a NULL passed to it.
- [Steve Henson, reported by Sampo Kellomaki <sampo@mail.neuronio.pt>]
-
- *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null
- to the end of the strings whereas this didn't. This would cause problems
- if strings read with d2i_ASN1_bytes() were later modified.
- [Steve Henson, reported by Arne Ansper <arne@ats.cyber.ee>]
-
- *) Fix for base64 decode bug. When a base64 bio reads only one line of
- data and it contains EOF it will end up returning an error. This is
- caused by input 46 bytes long. The cause is due to the way base64
- BIOs find the start of base64 encoded data. They do this by trying a
- trial decode on each line until they find one that works. When they
- do a flag is set and it starts again knowing it can pass all the
- data directly through the decoder. Unfortunately it doesn't reset
- the context it uses. This means that if EOF is reached an attempt
- is made to pass two EOFs through the context and this causes the
- resulting error. This can also cause other problems as well. As is
- usual with these problems it takes *ages* to find and the fix is
- trivial: move one line.
- [Steve Henson, reported by ian@uns.ns.ac.yu (Ivan Nejgebauer) ]
-
- *) Ugly workaround to get s_client and s_server working under Windows. The
- old code wouldn't work because it needed to select() on sockets and the
- tty (for keypresses and to see if data could be written). Win32 only
- supports select() on sockets so we select() with a 1s timeout on the
- sockets and then see if any characters are waiting to be read, if none
- are present then we retry, we also assume we can always write data to
- the tty. This isn't nice because the code then blocks until we've
- received a complete line of data and it is effectively polling the
- keyboard at 1s intervals: however it's quite a bit better than not
- working at all :-) A dedicated Windows application might handle this
- with an event loop for example.
- [Steve Henson]
-
- *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign
- and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions
- will be called when RSA_sign() and RSA_verify() are used. This is useful
- if rsa_pub_dec() and rsa_priv_enc() equivalents are not available.
- For this to work properly RSA_public_decrypt() and RSA_private_encrypt()
- should *not* be used: RSA_sign() and RSA_verify() must be used instead.
- This necessitated the support of an extra signature type NID_md5_sha1
- for SSL signatures and modifications to the SSL library to use it instead
- of calling RSA_public_decrypt() and RSA_private_encrypt().
- [Steve Henson]
-
- *) Add new -verify -CAfile and -CApath options to the crl program, these
- will lookup a CRL issuers certificate and verify the signature in a
- similar way to the verify program. Tidy up the crl program so it
- no longer accesses structures directly. Make the ASN1 CRL parsing a bit
- less strict. It will now permit CRL extensions even if it is not
- a V2 CRL: this will allow it to tolerate some broken CRLs.
- [Steve Henson]
-
- *) Initialize all non-automatic variables each time one of the openssl
- sub-programs is started (this is necessary as they may be started
- multiple times from the "OpenSSL>" prompt).
- [Lennart Bang, Bodo Moeller]
-
- *) Preliminary compilation option RSA_NULL which disables RSA crypto without
- removing all other RSA functionality (this is what NO_RSA does). This
- is so (for example) those in the US can disable those operations covered
- by the RSA patent while allowing storage and parsing of RSA keys and RSA
- key generation.
- [Steve Henson]
-
- *) Non-copying interface to BIO pairs.
- (still largely untested)
- [Bodo Moeller]
-
- *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive
- ASCII string. This was handled independently in various places before.
- [Steve Henson]
-
- *) New functions UTF8_getc() and UTF8_putc() that parse and generate
- UTF8 strings a character at a time.
- [Steve Henson]
-
- *) Use client_version from client hello to select the protocol
- (s23_srvr.c) and for RSA client key exchange verification
- (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications.
- [Bodo Moeller]
-
- *) Add various utility functions to handle SPKACs, these were previously
- handled by poking round in the structure internals. Added new function
- NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to
- print, verify and generate SPKACs. Based on an original idea from
- Massimiliano Pala <madwolf@comune.modena.it> but extensively modified.
- [Steve Henson]
-
- *) RIPEMD160 is operational on all platforms and is back in 'make test'.
- [Andy Polyakov]
-
- *) Allow the config file extension section to be overwritten on the
- command line. Based on an original idea from Massimiliano Pala
- <madwolf@comune.modena.it>. The new option is called -extensions
- and can be applied to ca, req and x509. Also -reqexts to override
- the request extensions in req and -crlexts to override the crl extensions
- in ca.
- [Steve Henson]
-
- *) Add new feature to the SPKAC handling in ca. Now you can include
- the same field multiple times by preceding it by "XXXX." for example:
- 1.OU="Unit name 1"
- 2.OU="Unit name 2"
- this is the same syntax as used in the req config file.
- [Steve Henson]
-
- *) Allow certificate extensions to be added to certificate requests. These
- are specified in a 'req_extensions' option of the req section of the
- config file. They can be printed out with the -text option to req but
- are otherwise ignored at present.
- [Steve Henson]
-
- *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first
- data read consists of only the final block it would not decrypted because
- EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
- A misplaced 'break' also meant the decrypted final block might not be
- copied until the next read.
- [Steve Henson]
-
- *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
- a few extra parameters to the DH structure: these will be useful if
- for example we want the value of 'q' or implement X9.42 DH.
- [Steve Henson]
-
- *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
- provides hooks that allow the default DSA functions or functions on a
- "per key" basis to be replaced. This allows hardware acceleration and
- hardware key storage to be handled without major modification to the
- library. Also added low level modexp hooks and CRYPTO_EX structure and
- associated functions.
- [Steve Henson]
-
- *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO
- as "read only": it can't be written to and the buffer it points to will
- not be freed. Reading from a read only BIO is much more efficient than
- a normal memory BIO. This was added because there are several times when
- an area of memory needs to be read from a BIO. The previous method was
- to create a memory BIO and write the data to it, this results in two
- copies of the data and an O(n^2) reading algorithm. There is a new
- function BIO_new_mem_buf() which creates a read only memory BIO from
- an area of memory. Also modified the PKCS#7 routines to use read only
- memory BIOs.
- [Steve Henson]
-
- *) Bugfix: ssl23_get_client_hello did not work properly when called in
- state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
- a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
- but a retry condition occured while trying to read the rest.
- [Bodo Moeller]
-
- *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
- NID_pkcs7_encrypted by default: this was wrong since this should almost
- always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
- the encrypted data type: this is a more sensible place to put it and it
- allows the PKCS#12 code to be tidied up that duplicated this
- functionality.
- [Steve Henson]
-
- *) Changed obj_dat.pl script so it takes its input and output files on
- the command line. This should avoid shell escape redirection problems
- under Win32.
- [Steve Henson]
-
- *) Initial support for certificate extension requests, these are included
- in things like Xenroll certificate requests. Included functions to allow
- extensions to be obtained and added.
- [Steve Henson]
-
- *) -crlf option to s_client and s_server for sending newlines as
- CRLF (as required by many protocols).
- [Bodo Moeller]
-
- Changes between 0.9.3a and 0.9.4 [09 Aug 1999]
-
- *) Install libRSAglue.a when OpenSSL is built with RSAref.
- [Ralf S. Engelschall]
-
- *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
- [Andrija Antonijevic <TheAntony2@bigfoot.com>]
-
- *) Fix -startdate and -enddate (which was missing) arguments to 'ca'
- program.
- [Steve Henson]
-
- *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
- DH parameters/keys (q is lost during that conversion, but the resulting
- DH parameters contain its length).
-
- For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
- much faster than DH_generate_parameters (which creates parameters
- where p = 2*q + 1), and also the smaller q makes DH computations
- much more efficient (160-bit exponentiation instead of 1024-bit
- exponentiation); so this provides a convenient way to support DHE
- ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of
- utter importance to use
- SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
- or
- SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
- when such DH parameters are used, because otherwise small subgroup
- attacks may become possible!
- [Bodo Moeller]
-
- *) Avoid memory leak in i2d_DHparams.
- [Bodo Moeller]
-
- *) Allow the -k option to be used more than once in the enc program:
- this allows the same encrypted message to be read by multiple recipients.
- [Steve Henson]
-
- *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
- an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
- it will always use the numerical form of the OID, even if it has a short
- or long name.
- [Steve Henson]
-
- *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
- method only got called if p,q,dmp1,dmq1,iqmp components were present,
- otherwise bn_mod_exp was called. In the case of hardware keys for example
- no private key components need be present and it might store extra data
- in the RSA structure, which cannot be accessed from bn_mod_exp.
- By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for
- private key operations.
- [Steve Henson]
-
- *) Added support for SPARC Linux.
- [Andy Polyakov]
-
- *) pem_password_cb function type incompatibly changed from
- typedef int pem_password_cb(char *buf, int size, int rwflag);
- to
- ....(char *buf, int size, int rwflag, void *userdata);
- so that applications can pass data to their callbacks:
- The PEM[_ASN1]_{read,write}... functions and macros now take an
- additional void * argument, which is just handed through whenever
- the password callback is called.
- [Damien Miller <dmiller@ilogic.com.au>; tiny changes by Bodo Moeller]
-
- New function SSL_CTX_set_default_passwd_cb_userdata.
-
- Compatibility note: As many C implementations push function arguments
- onto the stack in reverse order, the new library version is likely to
- interoperate with programs that have been compiled with the old
- pem_password_cb definition (PEM_whatever takes some data that
- happens to be on the stack as its last argument, and the callback
- just ignores this garbage); but there is no guarantee whatsoever that
- this will work.
-
- *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
- (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
- problems not only on Windows, but also on some Unix platforms.
- To avoid problematic command lines, these definitions are now in an
- auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
- for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
- [Bodo Moeller]
-
- *) MIPS III/IV assembler module is reimplemented.
- [Andy Polyakov]
-
- *) More DES library cleanups: remove references to srand/rand and
- delete an unused file.
- [Ulf Möller]
-
- *) Add support for the the free Netwide assembler (NASM) under Win32,
- since not many people have MASM (ml) and it can be hard to obtain.
- This is currently experimental but it seems to work OK and pass all
- the tests. Check out INSTALL.W32 for info.
- [Steve Henson]
-
- *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
- without temporary keys kept an extra copy of the server key,
- and connections with temporary keys did not free everything in case
- of an error.
- [Bodo Moeller]
-
- *) New function RSA_check_key and new openssl rsa option -check
- for verifying the consistency of RSA keys.
- [Ulf Moeller, Bodo Moeller]
-
- *) Various changes to make Win32 compile work:
- 1. Casts to avoid "loss of data" warnings in p5_crpt2.c
- 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned
- comparison" warnings.
- 3. Add sk_<TYPE>_sort to DEF file generator and do make update.
- [Steve Henson]
-
- *) Add a debugging option to PKCS#5 v2 key generation function: when
- you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
- derived keys are printed to stderr.
- [Steve Henson]
-
- *) Copy the flags in ASN1_STRING_dup().
- [Roman E. Pavlov <pre@mo.msk.ru>]
-
- *) The x509 application mishandled signing requests containing DSA
- keys when the signing key was also DSA and the parameters didn't match.
-
- It was supposed to omit the parameters when they matched the signing key:
- the verifying software was then supposed to automatically use the CA's
- parameters if they were absent from the end user certificate.
-
- Omitting parameters is no longer recommended. The test was also
- the wrong way round! This was probably due to unusual behaviour in
- EVP_cmp_parameters() which returns 1 if the parameters match.
- This meant that parameters were omitted when they *didn't* match and
- the certificate was useless. Certificates signed with 'ca' didn't have
- this bug.
- [Steve Henson, reported by Doug Erickson <Doug.Erickson@Part.NET>]
-
- *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems.
- The interface is as follows:
- Applications can use
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(),
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop();
- "off" is now the default.
- The library internally uses
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(),
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on()
- to disable memory-checking temporarily.
-
- Some inconsistent states that previously were possible (and were
- even the default) are now avoided.
-
- -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time
- with each memory chunk allocated; this is occasionally more helpful
- than just having a counter.
-
- -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID.
-
- -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future
- extensions.
- [Bodo Moeller]
-
- *) Introduce "mode" for SSL structures (with defaults in SSL_CTX),
- which largely parallels "options", but is for changing API behaviour,
- whereas "options" are about protocol behaviour.
- Initial "mode" flags are:
-
- SSL_MODE_ENABLE_PARTIAL_WRITE Allow SSL_write to report success when
- a single record has been written.
- SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER Don't insist that SSL_write
- retries use the same buffer location.
- (But all of the contents must be
- copied!)
- [Bodo Moeller]
-
- *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
- worked.
-
- *) Fix problems with no-hmac etc.
- [Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>]
-
- *) New functions RSA_get_default_method(), RSA_set_method() and
- RSA_get_method(). These allows replacement of RSA_METHODs without having
- to mess around with the internals of an RSA structure.
- [Steve Henson]
-
- *) Fix memory leaks in DSA_do_sign and DSA_is_prime.
- Also really enable memory leak checks in openssl.c and in some
- test programs.
- [Chad C. Mulligan, Bodo Moeller]
-
- *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess
- up the length of negative integers. This has now been simplified to just
- store the length when it is first determined and use it later, rather
- than trying to keep track of where data is copied and updating it to
- point to the end.
- [Steve Henson, reported by Brien Wheeler
- <bwheeler@authentica-security.com>]
-
- *) Add a new function PKCS7_signatureVerify. This allows the verification
- of a PKCS#7 signature but with the signing certificate passed to the
- function itself. This contrasts with PKCS7_dataVerify which assumes the
- certificate is present in the PKCS#7 structure. This isn't always the
- case: certificates can be omitted from a PKCS#7 structure and be
- distributed by "out of band" means (such as a certificate database).
- [Steve Henson]
-
- *) Complete the PEM_* macros with DECLARE_PEM versions to replace the
- function prototypes in pem.h, also change util/mkdef.pl to add the
- necessary function names.
- [Steve Henson]
-
- *) mk1mf.pl (used by Windows builds) did not properly read the
- options set by Configure in the top level Makefile, and Configure
- was not even able to write more than one option correctly.
- Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
- [Bodo Moeller]
-
- *) New functions CONF_load_bio() and CONF_load_fp() to allow a config
- file to be loaded from a BIO or FILE pointer. The BIO version will
- for example allow memory BIOs to contain config info.
- [Steve Henson]
-
- *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.
- Whoever hopes to achieve shared-library compatibility across versions
- must use this, not the compile-time macro.
- (Exercise 0.9.4: Which is the minimum library version required by
- such programs?)
- Note: All this applies only to multi-threaded programs, others don't
- need locks.
- [Bodo Moeller]
-
- *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests
- through a BIO pair triggered the default case, i.e.
- SSLerr(...,SSL_R_UNKNOWN_STATE).
- [Bodo Moeller]
-
- *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications
- can use the SSL library even if none of the specific BIOs is
- appropriate.
- [Bodo Moeller]
-
- *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
- for the encoded length.
- [Jeon KyoungHo <khjeon@sds.samsung.co.kr>]
-
- *) Add initial documentation of the X509V3 functions.
- [Steve Henson]
-
- *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and
- PEM_write_bio_PKCS8PrivateKey() that are equivalent to
- PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
- secure PKCS#8 private key format with a high iteration count.
- [Steve Henson]
-
- *) Fix determination of Perl interpreter: A perl or perl5
- _directory_ in $PATH was also accepted as the interpreter.
- [Ralf S. Engelschall]
-
- *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
- wrong with it but it was very old and did things like calling
- PEM_ASN1_read() directly and used MD5 for the hash not to mention some
- unusual formatting.
- [Steve Henson]
-
- *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
- to use the new extension code.
- [Steve Henson]
-
- *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
- with macros. This should make it easier to change their form, add extra
- arguments etc. Fix a few PEM prototypes which didn't have cipher as a
- constant.
- [Steve Henson]
-
- *) Add to configuration table a new entry that can specify an alternative
- name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
- according to Mark Crispin <MRC@Panda.COM>.
- [Bodo Moeller]
-
-#if 0
- *) DES CBC did not update the IV. Weird.
- [Ben Laurie]
-#else
- des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
- Changing the behaviour of the former might break existing programs --
- where IV updating is needed, des_ncbc_encrypt can be used.
-#endif
-
- *) When bntest is run from "make test" it drives bc to check its
- calculations, as well as internally checking them. If an internal check
- fails, it needs to cause bc to give a non-zero result or make test carries
- on without noticing the failure. Fixed.
- [Ben Laurie]
-
- *) DES library cleanups.
- [Ulf Möller]
-
- *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
- used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
- ciphers. NOTE: although the key derivation function has been verified
- against some published test vectors it has not been extensively tested
- yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
- of v2.0.
- [Steve Henson]
-
- *) Instead of "mkdir -p", which is not fully portable, use new
- Perl script "util/mkdir-p.pl".
- [Bodo Moeller]
-
- *) Rewrite the way password based encryption (PBE) is handled. It used to
- assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
- structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
- but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
- the 'parameter' field of the AlgorithmIdentifier is passed to the
- underlying key generation function so it must do its own ASN1 parsing.
- This has also changed the EVP_PBE_CipherInit() function which now has a
- 'parameter' argument instead of literal salt and iteration count values
- and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
- [Steve Henson]
-
- *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
- and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
- Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
- KEY" because this clashed with PKCS#8 unencrypted string. Since this
- value was just used as a "magic string" and not used directly its
- value doesn't matter.
- [Steve Henson]
-
- *) Introduce some semblance of const correctness to BN. Shame C doesn't
- support mutable.
- [Ben Laurie]
-
- *) "linux-sparc64" configuration (ultrapenguin).
- [Ray Miller <ray.miller@oucs.ox.ac.uk>]
- "linux-sparc" configuration.
- [Christian Forster <fo@hawo.stw.uni-erlangen.de>]
-
- *) config now generates no-xxx options for missing ciphers.
- [Ulf Möller]
-
- *) Support the EBCDIC character set (work in progress).
- File ebcdic.c not yet included because it has a different license.
- [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
-
- *) Support BS2000/OSD-POSIX.
- [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
-
- *) Make callbacks for key generation use void * instead of char *.
- [Ben Laurie]
-
- *) Make S/MIME samples compile (not yet tested).
- [Ben Laurie]
-
- *) Additional typesafe stacks.
- [Ben Laurie]
-
- *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x).
- [Bodo Moeller]
-
-
- Changes between 0.9.3 and 0.9.3a [29 May 1999]
-
- *) New configuration variant "sco5-gcc".
-
- *) Updated some demos.
- [Sean O Riordain, Wade Scholine]
-
- *) Add missing BIO_free at exit of pkcs12 application.
- [Wu Zhigang]
-
- *) Fix memory leak in conf.c.
- [Steve Henson]
-
- *) Updates for Win32 to assembler version of MD5.
- [Steve Henson]
-
- *) Set #! path to perl in apps/der_chop to where we found it
- instead of using a fixed path.
- [Bodo Moeller]
-
- *) SHA library changes for irix64-mips4-cc.
- [Andy Polyakov]
-
- *) Improvements for VMS support.
- [Richard Levitte]
-
-
- Changes between 0.9.2b and 0.9.3 [24 May 1999]
-
- *) Bignum library bug fix. IRIX 6 passes "make test" now!
- This also avoids the problems with SC4.2 and unpatched SC5.
- [Andy Polyakov <appro@fy.chalmers.se>]
-
- *) New functions sk_num, sk_value and sk_set to replace the previous macros.
- These are required because of the typesafe stack would otherwise break
- existing code. If old code used a structure member which used to be STACK
- and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
- sk_num or sk_value it would produce an error because the num, data members
- are not present in STACK_OF. Now it just produces a warning. sk_set
- replaces the old method of assigning a value to sk_value
- (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code
- that does this will no longer work (and should use sk_set instead) but
- this could be regarded as a "questionable" behaviour anyway.
- [Steve Henson]
-
- *) Fix most of the other PKCS#7 bugs. The "experimental" code can now
- correctly handle encrypted S/MIME data.
- [Steve Henson]
-
- *) Change type of various DES function arguments from des_cblock
- (which means, in function argument declarations, pointer to char)
- to des_cblock * (meaning pointer to array with 8 char elements),
- which allows the compiler to do more typechecking; it was like
- that back in SSLeay, but with lots of ugly casts.
-
- Introduce new type const_des_cblock.
- [Bodo Moeller]
-
- *) Reorganise the PKCS#7 library and get rid of some of the more obvious
- problems: find RecipientInfo structure that matches recipient certificate
- and initialise the ASN1 structures properly based on passed cipher.
- [Steve Henson]
-
- *) Belatedly make the BN tests actually check the results.
- [Ben Laurie]
-
- *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion
- to and from BNs: it was completely broken. New compilation option
- NEG_PUBKEY_BUG to allow for some broken certificates that encode public
- key elements as negative integers.
- [Steve Henson]
-
- *) Reorganize and speed up MD5.
- [Andy Polyakov <appro@fy.chalmers.se>]
-
- *) VMS support.
- [Richard Levitte <richard@levitte.org>]
-
- *) New option -out to asn1parse to allow the parsed structure to be
- output to a file. This is most useful when combined with the -strparse
- option to examine the output of things like OCTET STRINGS.
- [Steve Henson]
-
- *) Make SSL library a little more fool-proof by not requiring any longer
- that SSL_set_{accept,connect}_state be called before
- SSL_{accept,connect} may be used (SSL_set_..._state is omitted
- in many applications because usually everything *appeared* to work as
- intended anyway -- now it really works as intended).
- [Bodo Moeller]
-
- *) Move openssl.cnf out of lib/.
- [Ulf Möller]
-
- *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
- -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
- -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+
- [Ralf S. Engelschall]
-
- *) Various fixes to the EVP and PKCS#7 code. It may now be able to
- handle PKCS#7 enveloped data properly.
- [Sebastian Akerman <sak@parallelconsulting.com>, modified by Steve]
-
- *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of
- copying pointers. The cert_st handling is changed by this in
- various ways (and thus what used to be known as ctx->default_cert
- is now called ctx->cert, since we don't resort to s->ctx->[default_]cert
- any longer when s->cert does not give us what we need).
- ssl_cert_instantiate becomes obsolete by this change.
- As soon as we've got the new code right (possibly it already is?),
- we have solved a couple of bugs of the earlier code where s->cert
- was used as if it could not have been shared with other SSL structures.
-
- Note that using the SSL API in certain dirty ways now will result
- in different behaviour than observed with earlier library versions:
- Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx)
- does not influence s as it used to.
-
- In order to clean up things more thoroughly, inside SSL_SESSION
- we don't use CERT any longer, but a new structure SESS_CERT
- that holds per-session data (if available); currently, this is
- the peer's certificate chain and, for clients, the server's certificate
- and temporary key. CERT holds only those values that can have
- meaningful defaults in an SSL_CTX.
- [Bodo Moeller]
-
- *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
- from the internal representation. Various PKCS#7 fixes: remove some
- evil casts and set the enc_dig_alg field properly based on the signing
- key type.
- [Steve Henson]
-
- *) Allow PKCS#12 password to be set from the command line or the
- environment. Let 'ca' get its config file name from the environment
- variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'
- and 'x509').
- [Steve Henson]
-
- *) Allow certificate policies extension to use an IA5STRING for the
- organization field. This is contrary to the PKIX definition but
- VeriSign uses it and IE5 only recognises this form. Document 'x509'
- extension option.
- [Steve Henson]
-
- *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic,
- without disallowing inline assembler and the like for non-pedantic builds.
- [Ben Laurie]
-
- *) Support Borland C++ builder.
- [Janez Jere <jj@void.si>, modified by Ulf Möller]
-
- *) Support Mingw32.
- [Ulf Möller]
-
- *) SHA-1 cleanups and performance enhancements.
- [Andy Polyakov <appro@fy.chalmers.se>]
-
- *) Sparc v8plus assembler for the bignum library.
- [Andy Polyakov <appro@fy.chalmers.se>]
-
- *) Accept any -xxx and +xxx compiler options in Configure.
- [Ulf Möller]
-
- *) Update HPUX configuration.
- [Anonymous]
-
- *) Add missing sk_<type>_unshift() function to safestack.h
- [Ralf S. Engelschall]
-
- *) New function SSL_CTX_use_certificate_chain_file that sets the
- "extra_cert"s in addition to the certificate. (This makes sense
- only for "PEM" format files, as chains as a whole are not
- DER-encoded.)
- [Bodo Moeller]
-
- *) Support verify_depth from the SSL API.
- x509_vfy.c had what can be considered an off-by-one-error:
- Its depth (which was not part of the external interface)
- was actually counting the number of certificates in a chain;
- now it really counts the depth.
- [Bodo Moeller]
-
- *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used
- instead of X509err, which often resulted in confusing error
- messages since the error codes are not globally unique
- (e.g. an alleged error in ssl3_accept when a certificate
- didn't match the private key).
-
- *) New function SSL_CTX_set_session_id_context that allows to set a default
- value (so that you don't need SSL_set_session_id_context for each
- connection using the SSL_CTX).
- [Bodo Moeller]
-
- *) OAEP decoding bug fix.
- [Ulf Möller]
-
- *) Support INSTALL_PREFIX for package builders, as proposed by
- David Harris.
- [Bodo Moeller]
-
- *) New Configure options "threads" and "no-threads". For systems
- where the proper compiler options are known (currently Solaris
- and Linux), "threads" is the default.
- [Bodo Moeller]
-
- *) New script util/mklink.pl as a faster substitute for util/mklink.sh.
- [Bodo Moeller]
-
- *) Install various scripts to $(OPENSSLDIR)/misc, not to
- $(INSTALLTOP)/bin -- they shouldn't clutter directories
- such as /usr/local/bin.
- [Bodo Moeller]
-
- *) "make linux-shared" to build shared libraries.
- [Niels Poppe <niels@netbox.org>]
-
- *) New Configure option no-<cipher> (rsa, idea, rc5, ...).
- [Ulf Möller]
-
- *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
- extension adding in x509 utility.
- [Steve Henson]
-
- *) Remove NOPROTO sections and error code comments.
- [Ulf Möller]
-
- *) Partial rewrite of the DEF file generator to now parse the ANSI
- prototypes.
- [Steve Henson]
-
- *) New Configure options --prefix=DIR and --openssldir=DIR.
- [Ulf Möller]
-
- *) Complete rewrite of the error code script(s). It is all now handled
- by one script at the top level which handles error code gathering,
- header rewriting and C source file generation. It should be much better
- than the old method: it now uses a modified version of Ulf's parser to
- read the ANSI prototypes in all header files (thus the old K&R definitions
- aren't needed for error creation any more) and do a better job of
- translating function codes into names. The old 'ASN1 error code imbedded
- in a comment' is no longer necessary and it doesn't use .err files which
- have now been deleted. Also the error code call doesn't have to appear all
- on one line (which resulted in some large lines...).
- [Steve Henson]
-
- *) Change #include filenames from <foo.h> to <openssl/foo.h>.
- [Bodo Moeller]
-
- *) Change behaviour of ssl2_read when facing length-0 packets: Don't return
- 0 (which usually indicates a closed connection), but continue reading.
- [Bodo Moeller]
-
- *) Fix some race conditions.
- [Bodo Moeller]
-
- *) Add support for CRL distribution points extension. Add Certificate
- Policies and CRL distribution points documentation.
- [Steve Henson]
-
- *) Move the autogenerated header file parts to crypto/opensslconf.h.
- [Ulf Möller]
-
- *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
- 8 of keying material. Merlin has also confirmed interop with this fix
- between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.
- [Merlin Hughes <merlin@baltimore.ie>]
-
- *) Fix lots of warnings.
- [Richard Levitte <levitte@stacken.kth.se>]
-
- *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if
- the directory spec didn't end with a LIST_SEPARATOR_CHAR.
- [Richard Levitte <levitte@stacken.kth.se>]
-
- *) Fix problems with sizeof(long) == 8.
- [Andy Polyakov <appro@fy.chalmers.se>]
-
- *) Change functions to ANSI C.
- [Ulf Möller]
-
- *) Fix typos in error codes.
- [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller]
-
- *) Remove defunct assembler files from Configure.
- [Ulf Möller]
-
- *) SPARC v8 assembler BIGNUM implementation.
- [Andy Polyakov <appro@fy.chalmers.se>]
-
- *) Support for Certificate Policies extension: both print and set.
- Various additions to support the r2i method this uses.
- [Steve Henson]
-
- *) A lot of constification, and fix a bug in X509_NAME_oneline() that could
- return a const string when you are expecting an allocated buffer.
- [Ben Laurie]
-
- *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE
- types DirectoryString and DisplayText.
- [Steve Henson]
-
- *) Add code to allow r2i extensions to access the configuration database,
- add an LHASH database driver and add several ctx helper functions.
- [Steve Henson]
-
- *) Fix an evil bug in bn_expand2() which caused various BN functions to
- fail when they extended the size of a BIGNUM.
- [Steve Henson]
-
- *) Various utility functions to handle SXNet extension. Modify mkdef.pl to
- support typesafe stack.
- [Steve Henson]
-
- *) Fix typo in SSL_[gs]et_options().
- [Nils Frostberg <nils@medcom.se>]
-
- *) Delete various functions and files that belonged to the (now obsolete)
- old X509V3 handling code.
- [Steve Henson]
-
- *) New Configure option "rsaref".
- [Ulf Möller]
-
- *) Don't auto-generate pem.h.
- [Bodo Moeller]
-
- *) Introduce type-safe ASN.1 SETs.
- [Ben Laurie]
-
- *) Convert various additional casted stacks to type-safe STACK_OF() variants.
- [Ben Laurie, Ralf S. Engelschall, Steve Henson]
-
- *) Introduce type-safe STACKs. This will almost certainly break lots of code
- that links with OpenSSL (well at least cause lots of warnings), but fear
- not: the conversion is trivial, and it eliminates loads of evil casts. A
- few STACKed things have been converted already. Feel free to convert more.
- In the fullness of time, I'll do away with the STACK type altogether.
- [Ben Laurie]
-
- *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
- specified in <certfile> by updating the entry in the index.txt file.
- This way one no longer has to edit the index.txt file manually for
- revoking a certificate. The -revoke option does the gory details now.
- [Massimiliano Pala <madwolf@openca.org>, Ralf S. Engelschall]
-
- *) Fix `openssl crl -noout -text' combination where `-noout' killed the
- `-text' option at all and this way the `-noout -text' combination was
- inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
- [Ralf S. Engelschall]
-
- *) Make sure a corresponding plain text error message exists for the
- X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
- verify callback function determined that a certificate was revoked.
- [Ralf S. Engelschall]
-
- *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
- ciphers that were excluded, e.g. by -DNO_IDEA. Also, test
- all available cipers including rc5, which was forgotten until now.
- In order to let the testing shell script know which algorithms
- are available, a new (up to now undocumented) command
- "openssl list-cipher-commands" is used.
- [Bodo Moeller]
-
- *) Bugfix: s_client occasionally would sleep in select() when
- it should have checked SSL_pending() first.
- [Bodo Moeller]
-
- *) New functions DSA_do_sign and DSA_do_verify to provide access to
- the raw DSA values prior to ASN.1 encoding.
- [Ulf Möller]
-
- *) Tweaks to Configure
- [Niels Poppe <niels@netbox.org>]
-
- *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
- yet...
- [Steve Henson]
-
- *) New variables $(RANLIB) and $(PERL) in the Makefiles.
- [Ulf Möller]
-
- *) New config option to avoid instructions that are illegal on the 80386.
- The default code is faster, but requires at least a 486.
- [Ulf Möller]
-
- *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
- SSL2_SERVER_VERSION (not used at all) macros, which are now the
- same as SSL2_VERSION anyway.
- [Bodo Moeller]
-
- *) New "-showcerts" option for s_client.
- [Bodo Moeller]
-
- *) Still more PKCS#12 integration. Add pkcs12 application to openssl
- application. Various cleanups and fixes.
- [Steve Henson]
-
- *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and
- modify error routines to work internally. Add error codes and PBE init
- to library startup routines.
- [Steve Henson]
-
- *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
- packing functions to asn1 and evp. Changed function names and error
- codes along the way.
- [Steve Henson]
-
- *) PKCS12 integration: and so it begins... First of several patches to
- slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
- objects to objects.h
- [Steve Henson]
-
- *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
- and display support for Thawte strong extranet extension.
- [Steve Henson]
-
- *) Add LinuxPPC support.
- [Jeff Dubrule <igor@pobox.org>]
-
- *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to
- bn_div_words in alpha.s.
- [Hannes Reinecke <H.Reinecke@hw.ac.uk> and Ben Laurie]
-
- *) Make sure the RSA OAEP test is skipped under -DRSAref because
- OAEP isn't supported when OpenSSL is built with RSAref.
- [Ulf Moeller <ulf@fitug.de>]
-
- *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h
- so they no longer are missing under -DNOPROTO.
- [Soren S. Jorvang <soren@t.dk>]
-
-
- Changes between 0.9.1c and 0.9.2b [22 Mar 1999]
-
- *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
- doesn't work when the session is reused. Coming soon!
- [Ben Laurie]
-
- *) Fix a security hole, that allows sessions to be reused in the wrong
- context thus bypassing client cert protection! All software that uses
- client certs and session caches in multiple contexts NEEDS PATCHING to
- allow session reuse! A fuller solution is in the works.
- [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
-
- *) Some more source tree cleanups (removed obsolete files
- crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
- permission on "config" script to be executable) and a fix for the INSTALL
- document.
- [Ulf Moeller <ulf@fitug.de>]
-
- *) Remove some legacy and erroneous uses of malloc, free instead of
- Malloc, Free.
- [Lennart Bang <lob@netstream.se>, with minor changes by Steve]
-
- *) Make rsa_oaep_test return non-zero on error.
- [Ulf Moeller <ulf@fitug.de>]
-
- *) Add support for native Solaris shared libraries. Configure
- solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
- if someone would make that last step automatic.
- [Matthias Loepfe <Matthias.Loepfe@AdNovum.CH>]
-
- *) ctx_size was not built with the right compiler during "make links". Fixed.
- [Ben Laurie]
-
- *) Change the meaning of 'ALL' in the cipher list. It now means "everything
- except NULL ciphers". This means the default cipher list will no longer
- enable NULL ciphers. They need to be specifically enabled e.g. with
- the string "DEFAULT:eNULL".
- [Steve Henson]
-
- *) Fix to RSA private encryption routines: if p < q then it would
- occasionally produce an invalid result. This will only happen with
- externally generated keys because OpenSSL (and SSLeay) ensure p > q.
- [Steve Henson]
-
- *) Be less restrictive and allow also `perl util/perlpath.pl
- /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
- because this way one can also use an interpreter named `perl5' (which is
- usually the name of Perl 5.xxx on platforms where an Perl 4.x is still
- installed as `perl').
- [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
-
- *) Let util/clean-depend.pl work also with older Perl 5.00x versions.
- [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
-
- *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add
- advapi32.lib to Win32 build and change the pem test comparision
- to fc.exe (thanks to Ulrich Kroener <kroneru@yahoo.com> for the
- suggestion). Fix misplaced ASNI prototypes and declarations in evp.h
- and crypto/des/ede_cbcm_enc.c.
- [Steve Henson]
-
- *) DES quad checksum was broken on big-endian architectures. Fixed.
- [Ben Laurie]
-
- *) Comment out two functions in bio.h that aren't implemented. Fix up the
- Win32 test batch file so it (might) work again. The Win32 test batch file
- is horrible: I feel ill....
- [Steve Henson]
-
- *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
- in e_os.h. Audit of header files to check ANSI and non ANSI
- sections: 10 functions were absent from non ANSI section and not exported
- from Windows DLLs. Fixed up libeay.num for new functions.
- [Steve Henson]
-
- *) Make `openssl version' output lines consistent.
- [Ralf S. Engelschall]
-
- *) Fix Win32 symbol export lists for BIO functions: Added
- BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data
- to ms/libeay{16,32}.def.
- [Ralf S. Engelschall]
-
- *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
- fine under Unix and passes some trivial tests I've now added. But the
- whole stuff is horribly incomplete, so a README.1ST with a disclaimer was
- added to make sure no one expects that this stuff really works in the
- OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources
- up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and
- openssl_bio.xs.
- [Ralf S. Engelschall]
-
- *) Fix the generation of two part addresses in perl.
- [Kenji Miyake <kenji@miyake.org>, integrated by Ben Laurie]
-
- *) Add config entry for Linux on MIPS.
- [John Tobey <jtobey@channel1.com>]
-
- *) Make links whenever Configure is run, unless we are on Windoze.
- [Ben Laurie]
-
- *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.
- Currently only issuerAltName and AuthorityKeyIdentifier make any sense
- in CRLs.
- [Steve Henson]
-
- *) Add a useful kludge to allow package maintainers to specify compiler and
- other platforms details on the command line without having to patch the
- Configure script everytime: One now can use ``perl Configure
- <id>:<details>'', i.e. platform ids are allowed to have details appended
- to them (seperated by colons). This is treated as there would be a static
- pre-configured entry in Configure's %table under key <id> with value
- <details> and ``perl Configure <id>'' is called. So, when you want to
- perform a quick test-compile under FreeBSD 3.1 with pgcc and without
- assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''
- now, which overrides the FreeBSD-elf entry on-the-fly.
- [Ralf S. Engelschall]
-
- *) Disable new TLS1 ciphersuites by default: they aren't official yet.
- [Ben Laurie]
-
- *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
- on the `perl Configure ...' command line. This way one can compile
- OpenSSL libraries with Position Independent Code (PIC) which is needed
- for linking it into DSOs.
- [Ralf S. Engelschall]
-
- *) Remarkably, export ciphers were totally broken and no-one had noticed!
- Fixed.
- [Ben Laurie]
-
- *) Cleaned up the LICENSE document: The official contact for any license
- questions now is the OpenSSL core team under openssl-core@openssl.org.
- And add a paragraph about the dual-license situation to make sure people
- recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply
- to the OpenSSL toolkit.
- [Ralf S. Engelschall]
-
- *) General source tree makefile cleanups: Made `making xxx in yyy...'
- display consistent in the source tree and replaced `/bin/rm' by `rm'.
- Additonally cleaned up the `make links' target: Remove unnecessary
- semicolons, subsequent redundant removes, inline point.sh into mklink.sh
- to speed processing and no longer clutter the display with confusing
- stuff. Instead only the actually done links are displayed.
- [Ralf S. Engelschall]
-
- *) Permit null encryption ciphersuites, used for authentication only. It used
- to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this.
- It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
- encryption.
- [Ben Laurie]
-
- *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder
- signed attributes when verifying signatures (this would break them),
- the detached data encoding was wrong and public keys obtained using
- X509_get_pubkey() weren't freed.
- [Steve Henson]
-
- *) Add text documentation for the BUFFER functions. Also added a work around
- to a Win95 console bug. This was triggered by the password read stuff: the
- last character typed gets carried over to the next fread(). If you were
- generating a new cert request using 'req' for example then the last
- character of the passphrase would be CR which would then enter the first
- field as blank.
- [Steve Henson]
-
- *) Added the new `Includes OpenSSL Cryptography Software' button as
- doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
- button and can be used by applications based on OpenSSL to show the
- relationship to the OpenSSL project.
- [Ralf S. Engelschall]
-
- *) Remove confusing variables in function signatures in files
- ssl/ssl_lib.c and ssl/ssl.h.
- [Lennart Bong <lob@kulthea.stacken.kth.se>]
-
- *) Don't install bss_file.c under PREFIX/include/
- [Lennart Bong <lob@kulthea.stacken.kth.se>]
-
- *) Get the Win32 compile working again. Modify mkdef.pl so it can handle
- functions that return function pointers and has support for NT specific
- stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various
- #ifdef WIN32 and WINNTs sprinkled about the place and some changes from
- unsigned to signed types: this was killing the Win32 compile.
- [Steve Henson]
-
- *) Add new certificate file to stack functions,
- SSL_add_dir_cert_subjects_to_stack() and
- SSL_add_file_cert_subjects_to_stack(). These largely supplant
- SSL_load_client_CA_file(), and can be used to add multiple certs easily
- to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
- This means that Apache-SSL and similar packages don't have to mess around
- to add as many CAs as they want to the preferred list.
- [Ben Laurie]
-
- *) Experiment with doxygen documentation. Currently only partially applied to
- ssl/ssl_lib.c.
- See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with
- openssl.doxy as the configuration file.
- [Ben Laurie]
-
- *) Get rid of remaining C++-style comments which strict C compilers hate.
- [Ralf S. Engelschall, pointed out by Carlos Amengual]
-
- *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
- compiled in by default: it has problems with large keys.
- [Steve Henson]
-
- *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
- DH private keys and/or callback functions which directly correspond to
- their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
- is needed for applications which have to configure certificates on a
- per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis
- (e.g. s_server).
- For the RSA certificate situation is makes no difference, but
- for the DSA certificate situation this fixes the "no shared cipher"
- problem where the OpenSSL cipher selection procedure failed because the
- temporary keys were not overtaken from the context and the API provided
- no way to reconfigure them.
- The new functions now let applications reconfigure the stuff and they
- are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
- SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new
- non-public-API function ssl_cert_instantiate() is used as a helper
- function and also to reduce code redundancy inside ssl_rsa.c.
- [Ralf S. Engelschall]
-
- *) Move s_server -dcert and -dkey options out of the undocumented feature
- area because they are useful for the DSA situation and should be
- recognized by the users.
- [Ralf S. Engelschall]
-
- *) Fix the cipher decision scheme for export ciphers: the export bits are
- *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within
- SSL_EXP_MASK. So, the original variable has to be used instead of the
- already masked variable.
- [Richard Levitte <levitte@stacken.kth.se>]
-
- *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
- [Richard Levitte <levitte@stacken.kth.se>]
-
- *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
- from `int' to `unsigned int' because it's a length and initialized by
- EVP_DigestFinal() which expects an `unsigned int *'.
- [Richard Levitte <levitte@stacken.kth.se>]
-
- *) Don't hard-code path to Perl interpreter on shebang line of Configure
- script. Instead use the usual Shell->Perl transition trick.
- [Ralf S. Engelschall]
-
- *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
- (in addition to RSA certificates) to match the behaviour of `openssl dsa
- -noout -modulus' as it's already the case for `openssl rsa -noout
- -modulus'. For RSA the -modulus is the real "modulus" while for DSA
- currently the public key is printed (a decision which was already done by
- `openssl dsa -modulus' in the past) which serves a similar purpose.
- Additionally the NO_RSA no longer completely removes the whole -modulus
- option; it now only avoids using the RSA stuff. Same applies to NO_DSA
- now, too.
- [Ralf S. Engelschall]
-
- *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
- BIO. See the source (crypto/evp/bio_ok.c) for more info.
- [Arne Ansper <arne@ats.cyber.ee>]
-
- *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
- to be added. Now both 'req' and 'ca' can use new objects defined in the
- config file.
- [Steve Henson]
-
- *) Add cool BIO that does syslog (or event log on NT).
- [Arne Ansper <arne@ats.cyber.ee>, integrated by Ben Laurie]
-
- *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
- TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
- TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
- Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
- [Ben Laurie]
-
- *) Add preliminary config info for new extension code.
- [Steve Henson]
-
- *) Make RSA_NO_PADDING really use no padding.
- [Ulf Moeller <ulf@fitug.de>]
-
- *) Generate errors when private/public key check is done.
- [Ben Laurie]
-
- *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
- for some CRL extensions and new objects added.
- [Steve Henson]
-
- *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
- key usage extension and fuller support for authority key id.
- [Steve Henson]
-
- *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
- padding method for RSA, which is recommended for new applications in PKCS
- #1 v2.0 (RFC 2437, October 1998).
- OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
- foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
- against Bleichbacher's attack on RSA.
- [Ulf Moeller <ulf@fitug.de>, reformatted, corrected and integrated by
- Ben Laurie]
-
- *) Updates to the new SSL compression code
- [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
-
- *) Fix so that the version number in the master secret, when passed
- via RSA, checks that if TLS was proposed, but we roll back to SSLv3
- (because the server will not accept higher), that the version number
- is 0x03,0x01, not 0x03,0x00
- [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
-
- *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
- leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
- in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c
- [Steve Henson]
-
- *) Support for RAW extensions where an arbitrary extension can be
- created by including its DER encoding. See apps/openssl.cnf for
- an example.
- [Steve Henson]
-
- *) Make sure latest Perl versions don't interpret some generated C array
- code as Perl array code in the crypto/err/err_genc.pl script.
- [Lars Weber <3weber@informatik.uni-hamburg.de>]
-
- *) Modify ms/do_ms.bat to not generate assembly language makefiles since
- not many people have the assembler. Various Win32 compilation fixes and
- update to the INSTALL.W32 file with (hopefully) more accurate Win32
- build instructions.
- [Steve Henson]
-
- *) Modify configure script 'Configure' to automatically create crypto/date.h
- file under Win32 and also build pem.h from pem.org. New script
- util/mkfiles.pl to create the MINFO file on environments that can't do a
- 'make files': perl util/mkfiles.pl >MINFO should work.
- [Steve Henson]
-
- *) Major rework of DES function declarations, in the pursuit of correctness
- and purity. As a result, many evil casts evaporated, and some weirdness,
- too. You may find this causes warnings in your code. Zapping your evil
- casts will probably fix them. Mostly.
- [Ben Laurie]
-
- *) Fix for a typo in asn1.h. Bug fix to object creation script
- obj_dat.pl. It considered a zero in an object definition to mean
- "end of object": none of the objects in objects.h have any zeros
- so it wasn't spotted.
- [Steve Henson, reported by Erwann ABALEA <eabalea@certplus.com>]
-
- *) Add support for Triple DES Cipher Block Chaining with Output Feedback
- Masking (CBCM). In the absence of test vectors, the best I have been able
- to do is check that the decrypt undoes the encrypt, so far. Send me test
- vectors if you have them.
- [Ben Laurie]
-
- *) Correct calculation of key length for export ciphers (too much space was
- allocated for null ciphers). This has not been tested!
- [Ben Laurie]
-
- *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
- message is now correct (it understands "crypto" and "ssl" on its
- command line). There is also now an "update" option. This will update
- the util/ssleay.num and util/libeay.num files with any new functions.
- If you do a:
- perl util/mkdef.pl crypto ssl update
- it will update them.
- [Steve Henson]
-
- *) Overhauled the Perl interface (perl/*):
- - ported BN stuff to OpenSSL's different BN library
- - made the perl/ source tree CVS-aware
- - renamed the package from SSLeay to OpenSSL (the files still contain
- their history because I've copied them in the repository)
- - removed obsolete files (the test scripts will be replaced
- by better Test::Harness variants in the future)
- [Ralf S. Engelschall]
-
- *) First cut for a very conservative source tree cleanup:
- 1. merge various obsolete readme texts into doc/ssleay.txt
- where we collect the old documents and readme texts.
- 2. remove the first part of files where I'm already sure that we no
- longer need them because of three reasons: either they are just temporary
- files which were left by Eric or they are preserved original files where
- I've verified that the diff is also available in the CVS via "cvs diff
- -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
- the crypto/md/ stuff).
- [Ralf S. Engelschall]
-
- *) More extension code. Incomplete support for subject and issuer alt
- name, issuer and authority key id. Change the i2v function parameters
- and add an extra 'crl' parameter in the X509V3_CTX structure: guess
- what that's for :-) Fix to ASN1 macro which messed up
- IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
- [Steve Henson]
-
- *) Preliminary support for ENUMERATED type. This is largely copied from the
- INTEGER code.
- [Steve Henson]
-
- *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
- [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
-
- *) Make sure `make rehash' target really finds the `openssl' program.
- [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
-
- *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
- like to hear about it if this slows down other processors.
- [Ben Laurie]
-
- *) Add CygWin32 platform information to Configure script.
- [Alan Batie <batie@aahz.jf.intel.com>]
-
- *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
- [Rainer W. Gerling <gerling@mpg-gv.mpg.de>]
-
- *) New program nseq to manipulate netscape certificate sequences
- [Steve Henson]
-
- *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
- few typos.
- [Steve Henson]
-
- *) Fixes to BN code. Previously the default was to define BN_RECURSION
- but the BN code had some problems that would cause failures when
- doing certificate verification and some other functions.
- [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
-
- *) Add ASN1 and PEM code to support netscape certificate sequences.
- [Steve Henson]
-
- *) Add ASN1 and PEM code to support netscape certificate sequences.
- [Steve Henson]
-
- *) Add several PKIX and private extended key usage OIDs.
- [Steve Henson]
-
- *) Modify the 'ca' program to handle the new extension code. Modify
- openssl.cnf for new extension format, add comments.
- [Steve Henson]
-
- *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
- and add a sample to openssl.cnf so req -x509 now adds appropriate
- CA extensions.
- [Steve Henson]
-
- *) Continued X509 V3 changes. Add to other makefiles, integrate with the
- error code, add initial support to X509_print() and x509 application.
- [Steve Henson]
-
- *) Takes a deep breath and start addding X509 V3 extension support code. Add
- files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
- stuff is currently isolated and isn't even compiled yet.
- [Steve Henson]
-
- *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
- ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
- Removed the versions check from X509 routines when loading extensions:
- this allows certain broken certificates that don't set the version
- properly to be processed.
- [Steve Henson]
-
- *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
- Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
- can still be regenerated with "make depend".
- [Ben Laurie]
-
- *) Spelling mistake in C version of CAST-128.
- [Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>]
-
- *) Changes to the error generation code. The perl script err-code.pl
- now reads in the old error codes and retains the old numbers, only
- adding new ones if necessary. It also only changes the .err files if new
- codes are added. The makefiles have been modified to only insert errors
- when needed (to avoid needlessly modifying header files). This is done
- by only inserting errors if the .err file is newer than the auto generated
- C file. To rebuild all the error codes from scratch (the old behaviour)
- either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
- or delete all the .err files.
- [Steve Henson]
-
- *) CAST-128 was incorrectly implemented for short keys. The C version has
- been fixed, but is untested. The assembler versions are also fixed, but
- new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
- to regenerate it if needed.
- [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
- Hagino <itojun@kame.net>]
-
- *) File was opened incorrectly in randfile.c.
- [Ulf Möller <ulf@fitug.de>]
-
- *) Beginning of support for GeneralizedTime. d2i, i2d, check and print
- functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
- GeneralizedTime. ASN1_TIME is the proper type used in certificates et
- al: it's just almost always a UTCTime. Note this patch adds new error
- codes so do a "make errors" if there are problems.
- [Steve Henson]
-
- *) Correct Linux 1 recognition in config.
- [Ulf Möller <ulf@fitug.de>]
-
- *) Remove pointless MD5 hash when using DSA keys in ca.
- [Anonymous <nobody@replay.com>]
-
- *) Generate an error if given an empty string as a cert directory. Also
- generate an error if handed NULL (previously returned 0 to indicate an
- error, but didn't set one).
- [Ben Laurie, reported by Anonymous <nobody@replay.com>]
-
- *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
- [Ben Laurie]
-
- *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct
- parameters. This was causing a warning which killed off the Win32 compile.
- [Steve Henson]
-
- *) Remove C++ style comments from crypto/bn/bn_local.h.
- [Neil Costigan <neil.costigan@celocom.com>]
-
- *) The function OBJ_txt2nid was broken. It was supposed to return a nid
- based on a text string, looking up short and long names and finally
- "dot" format. The "dot" format stuff didn't work. Added new function
- OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote
- OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
- OID is not part of the table.
- [Steve Henson]
-
- *) Add prototypes to X509 lookup/verify methods, fixing a bug in
- X509_LOOKUP_by_alias().
- [Ben Laurie]
-
- *) Sort openssl functions by name.
- [Ben Laurie]
-
- *) Get the gendsa program working (hopefully) and add it to app list. Remove
- encryption from sample DSA keys (in case anyone is interested the password
- was "1234").
- [Steve Henson]
-
- *) Make _all_ *_free functions accept a NULL pointer.
- [Frans Heymans <fheymans@isaserver.be>]
-
- *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
- NULL pointers.
- [Anonymous <nobody@replay.com>]
-
- *) s_server should send the CAfile as acceptable CAs, not its own cert.
- [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
-
- *) Don't blow it for numeric -newkey arguments to apps/req.
- [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
-
- *) Temp key "for export" tests were wrong in s3_srvr.c.
- [Anonymous <nobody@replay.com>]
-
- *) Add prototype for temp key callback functions
- SSL_CTX_set_tmp_{rsa,dh}_callback().
- [Ben Laurie]
-
- *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
- DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
- [Steve Henson]
-
- *) X509_name_add_entry() freed the wrong thing after an error.
- [Arne Ansper <arne@ats.cyber.ee>]
-
- *) rsa_eay.c would attempt to free a NULL context.
- [Arne Ansper <arne@ats.cyber.ee>]
-
- *) BIO_s_socket() had a broken should_retry() on Windoze.
- [Arne Ansper <arne@ats.cyber.ee>]
-
- *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
- [Arne Ansper <arne@ats.cyber.ee>]
-
- *) Make sure the already existing X509_STORE->depth variable is initialized
- in X509_STORE_new(), but document the fact that this variable is still
- unused in the certificate verification process.
- [Ralf S. Engelschall]
-
- *) Fix the various library and apps files to free up pkeys obtained from
- X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
- [Steve Henson]
-
- *) Fix reference counting in X509_PUBKEY_get(). This makes
- demos/maurice/example2.c work, amongst others, probably.
- [Steve Henson and Ben Laurie]
-
- *) First cut of a cleanup for apps/. First the `ssleay' program is now named
- `openssl' and second, the shortcut symlinks for the `openssl <command>'
- are no longer created. This way we have a single and consistent command
- line interface `openssl <command>', similar to `cvs <command>'.
- [Ralf S. Engelschall, Paul Sutton and Ben Laurie]
-
- *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
- BIT STRING wrapper always have zero unused bits.
- [Steve Henson]
-
- *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
- [Steve Henson]
-
- *) Make the top-level INSTALL documentation easier to understand.
- [Paul Sutton]
-
- *) Makefiles updated to exit if an error occurs in a sub-directory
- make (including if user presses ^C) [Paul Sutton]
-
- *) Make Montgomery context stuff explicit in RSA data structure.
- [Ben Laurie]
-
- *) Fix build order of pem and err to allow for generated pem.h.
- [Ben Laurie]
-
- *) Fix renumbering bug in X509_NAME_delete_entry().
- [Ben Laurie]
-
- *) Enhanced the err-ins.pl script so it makes the error library number
- global and can add a library name. This is needed for external ASN1 and
- other error libraries.
- [Steve Henson]
-
- *) Fixed sk_insert which never worked properly.
- [Steve Henson]
-
- *) Fix ASN1 macros so they can handle indefinite length construted
- EXPLICIT tags. Some non standard certificates use these: they can now
- be read in.
- [Steve Henson]
-
- *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
- into a single doc/ssleay.txt bundle. This way the information is still
- preserved but no longer messes up this directory. Now it's new room for
- the new set of documenation files.
- [Ralf S. Engelschall]
-
- *) SETs were incorrectly DER encoded. This was a major pain, because they
- shared code with SEQUENCEs, which aren't coded the same. This means that
- almost everything to do with SETs or SEQUENCEs has either changed name or
- number of arguments.
- [Ben Laurie, based on a partial fix by GP Jayan <gp@nsj.co.jp>]
-
- *) Fix test data to work with the above.
- [Ben Laurie]
-
- *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
- was already fixed by Eric for 0.9.1 it seems.
- [Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>]
-
- *) Autodetect FreeBSD3.
- [Ben Laurie]
-
- *) Fix various bugs in Configure. This affects the following platforms:
- nextstep
- ncr-scde
- unixware-2.0
- unixware-2.0-pentium
- sco5-cc.
- [Ben Laurie]
-
- *) Eliminate generated files from CVS. Reorder tests to regenerate files
- before they are needed.
- [Ben Laurie]
-
- *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
- [Ben Laurie]
-
-
- Changes between 0.9.1b and 0.9.1c [23-Dec-1998]
-
- *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and
- changed SSLeay to OpenSSL in version strings.
- [Ralf S. Engelschall]
-
- *) Some fixups to the top-level documents.
- [Paul Sutton]
-
- *) Fixed the nasty bug where rsaref.h was not found under compile-time
- because the symlink to include/ was missing.
- [Ralf S. Engelschall]
-
- *) Incorporated the popular no-RSA/DSA-only patches
- which allow to compile a RSA-free SSLeay.
- [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]
-
- *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
- when "ssleay" is still not found.
- [Ralf S. Engelschall]
-
- *) Added more platforms to Configure: Cray T3E, HPUX 11,
- [Ralf S. Engelschall, Beckmann <beckman@acl.lanl.gov>]
-
- *) Updated the README file.
- [Ralf S. Engelschall]
-
- *) Added various .cvsignore files in the CVS repository subdirs
- to make a "cvs update" really silent.
- [Ralf S. Engelschall]
-
- *) Recompiled the error-definition header files and added
- missing symbols to the Win32 linker tables.
- [Ralf S. Engelschall]
-
- *) Cleaned up the top-level documents;
- o new files: CHANGES and LICENSE
- o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay
- o merged COPYRIGHT into LICENSE
- o removed obsolete TODO file
- o renamed MICROSOFT to INSTALL.W32
- [Ralf S. Engelschall]
-
- *) Removed dummy files from the 0.9.1b source tree:
- crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
- crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
- crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
- crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
- util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
- [Ralf S. Engelschall]
-
- *) Added various platform portability fixes.
- [Mark J. Cox]
-
- *) The Genesis of the OpenSSL rpject:
- We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
- Young and Tim J. Hudson created while they were working for C2Net until
- summer 1998.
- [The OpenSSL Project]
-
-
- Changes between 0.9.0b and 0.9.1b [not released]
-
- *) Updated a few CA certificates under certs/
- [Eric A. Young]
-
- *) Changed some BIGNUM api stuff.
- [Eric A. Young]
-
- *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD,
- DGUX x86, Linux Alpha, etc.
- [Eric A. Young]
-
- *) New COMP library [crypto/comp/] for SSL Record Layer Compression:
- RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
- available).
- [Eric A. Young]
-
- *) Add -strparse option to asn1pars program which parses nested
- binary structures
- [Dr Stephen Henson <shenson@bigfoot.com>]
-
- *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
- [Eric A. Young]
-
- *) DSA fix for "ca" program.
- [Eric A. Young]
-
- *) Added "-genkey" option to "dsaparam" program.
- [Eric A. Young]
-
- *) Added RIPE MD160 (rmd160) message digest.
- [Eric A. Young]
-
- *) Added -a (all) option to "ssleay version" command.
- [Eric A. Young]
-
- *) Added PLATFORM define which is the id given to Configure.
- [Eric A. Young]
-
- *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
- [Eric A. Young]
-
- *) Extended the ASN.1 parser routines.
- [Eric A. Young]
-
- *) Extended BIO routines to support REUSEADDR, seek, tell, etc.
- [Eric A. Young]
-
- *) Added a BN_CTX to the BN library.
- [Eric A. Young]
-
- *) Fixed the weak key values in DES library
- [Eric A. Young]
-
- *) Changed API in EVP library for cipher aliases.
- [Eric A. Young]
-
- *) Added support for RC2/64bit cipher.
- [Eric A. Young]
-
- *) Converted the lhash library to the crypto/mem.c functions.
- [Eric A. Young]
-
- *) Added more recognized ASN.1 object ids.
- [Eric A. Young]
-
- *) Added more RSA padding checks for SSL/TLS.
- [Eric A. Young]
-
- *) Added BIO proxy/filter functionality.
- [Eric A. Young]
-
- *) Added extra_certs to SSL_CTX which can be used
- send extra CA certificates to the client in the CA cert chain sending
- process. It can be configured with SSL_CTX_add_extra_chain_cert().
- [Eric A. Young]
-
- *) Now Fortezza is denied in the authentication phase because
- this is key exchange mechanism is not supported by SSLeay at all.
- [Eric A. Young]
-
- *) Additional PKCS1 checks.
- [Eric A. Young]
-
- *) Support the string "TLSv1" for all TLS v1 ciphers.
- [Eric A. Young]
-
- *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
- ex_data index of the SSL context in the X509_STORE_CTX ex_data.
- [Eric A. Young]
-
- *) Fixed a few memory leaks.
- [Eric A. Young]
-
- *) Fixed various code and comment typos.
- [Eric A. Young]
-
- *) A minor bug in ssl/s3_clnt.c where there would always be 4 0
- bytes sent in the client random.
- [Edward Bishop <ebishop@spyglass.com>]
-
diff --git a/crypto/openssl/CHANGES.SSLeay b/crypto/openssl/CHANGES.SSLeay
deleted file mode 100644
index dbb80b0..0000000
--- a/crypto/openssl/CHANGES.SSLeay
+++ /dev/null
@@ -1,968 +0,0 @@
-This file contains the changes for the SSLeay library up to version
-0.9.0b. For later changes, see the file "CHANGES".
-
- SSLeay CHANGES
- ______________
-
-Changes between 0.8.x and 0.9.0b
-
-10-Apr-1998
-
-I said the next version would go out at easter, and so it shall.
-I expect a 0.9.1 will follow with portability fixes in the next few weeks.
-
-This is a quick, meet the deadline. Look to ssl-users for comments on what
-is new etc.
-
-eric (about to go bushwalking for the 4 day easter break :-)
-
-16-Mar-98
- - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
- - Lots and lots of changes
-
-29-Jan-98
- - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
- Goetz Babin-Ebell <babinebell@trustcenter.de>.
- - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
- TLS1_VERSION.
-
-7-Jan-98
- - Finally reworked the cipher string to ciphers again, so it
- works correctly
- - All the app_data stuff is now ex_data with funcion calls to access.
- The index is supplied by a function and 'methods' can be setup
- for the types that are called on XXX_new/XXX_free. This lets
- applications get notified on creation and destruction. Some of
- the RSA methods could be implemented this way and I may do so.
- - Oh yes, SSL under perl5 is working at the basic level.
-
-15-Dec-97
- - Warning - the gethostbyname cache is not fully thread safe,
- but it should work well enough.
- - Major internal reworking of the app_data stuff. More functions
- but if you were accessing ->app_data directly, things will
- stop working.
- - The perlv5 stuff is working. Currently on message digests,
- ciphers and the bignum library.
-
-9-Dec-97
- - Modified re-negotiation so that server initated re-neg
- will cause a SSL_read() to return -1 should retry.
- The danger otherwise was that the server and the
- client could end up both trying to read when using non-blocking
- sockets.
-
-4-Dec-97
- - Lots of small changes
- - Fix for binaray mode in Windows for the FILE BIO, thanks to
- Bob Denny <rdenny@dc3.com>
-
-17-Nov-97
- - Quite a few internal cleanups, (removal of errno, and using macros
- defined in e_os.h).
- - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
- the automactic naming out output files was being stuffed up.
-
-29-Oct-97
- - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember
- for x86.
-
-21-Oct-97
- - Fixed a bug in the BIO_gethostbyname() cache.
-
-15-Oct-97
- - cbc mode for blowfish/des/3des is now in assember. Blowfish asm
- has also been improved. At this point in time, on the pentium,
- md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
- des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
- is %62 faster.
-
-12-Oct-97
- - MEM_BUF_grow() has been fixed so that it always sets the buf->length
- to the value we are 'growing' to. Think of MEM_BUF_grow() as the
- way to set the length value correctly.
-
-10-Oct-97
- - I now hash for certificate lookup on the raw DER encoded RDN (md5).
- This breaks things again :-(. This is efficent since I cache
- the DER encoding of the RDN.
- - The text DN now puts in the numeric OID instead of UNKNOWN.
- - req can now process arbitary OIDs in the config file.
- - I've been implementing md5 in x86 asm, much faster :-).
- - Started sha1 in x86 asm, needs more work.
- - Quite a few speedups in the BN stuff. RSA public operation
- has been made faster by caching the BN_MONT_CTX structure.
- The calulating of the Ai where A*Ai === 1 mod m was rather
- expensive. Basically a 40-50% speedup on public operations.
- The RSA speedup is now 15% on pentiums and %20 on pentium
- pro.
-
-30-Sep-97
- - After doing some profiling, I added x86 adm for bn_add_words(),
- which just adds 2 arrays of longs together. A %10 speedup
- for 512 and 1024 bit RSA on the pentium pro.
-
-29-Sep-97
- - Converted the x86 bignum assembler to us the perl scripts
- for generation.
-
-23-Sep-97
- - If SSL_set_session() is passed a NULL session, it now clears the
- current session-id.
-
-22-Sep-97
- - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned
- certificates.
- - Bug in crypto/evp/encode.c where by decoding of 65 base64
- encoded lines, one line at a time (via a memory BIO) would report
- EOF after the first line was decoded.
- - Fix in X509_find_by_issuer_and_serial() from
- Dr Stephen Henson <shenson@bigfoot.com>
-
-19-Sep-97
- - NO_FP_API and NO_STDIO added.
- - Put in sh config command. It auto runs Configure with the correct
- parameters.
-
-18-Sep-97
- - Fix x509.c so if a DSA cert has different parameters to its parent,
- they are left in place. Not tested yet.
-
-16-Sep-97
- - ssl_create_cipher_list() had some bugs, fixes from
- Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
- - Fixed a bug in the Base64 BIO, where it would return 1 instead
- of -1 when end of input was encountered but should retry.
- Basically a Base64/Memory BIO interaction problem.
- - Added a HMAC set of functions in preporarion for TLS work.
-
-15-Sep-97
- - Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
- - Prime generation spead up %25 (512 bit prime, pentium pro linux)
- by using montgomery multiplication in the prime number test.
-
-11-Sep-97
- - Ugly bug in ssl3_write_bytes(). Basically if application land
- does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
- did not check the size and tried to copy the entire buffer.
- This would tend to cause memory overwrites since SSLv3 has
- a maximum packet size of 16k. If your program uses
- buffers <= 16k, you would probably never see this problem.
- - Fixed a new errors that were cause by malloc() not returning
- 0 initialised memory..
- - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
- SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
- since this flags stops SSLeay being able to handle client
- cert requests correctly.
-
-08-Sep-97
- - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched
- on, the SSL server routines will not use a SSL_SESSION that is
- held in it's cache. This in intended to be used with the session-id
- callbacks so that while the session-ids are still stored in the
- cache, the decision to use them and how to look them up can be
- done by the callbacks. The are the 'new', 'get' and 'remove'
- callbacks. This can be used to determine the session-id
- to use depending on information like which port/host the connection
- is coming from. Since the are also SSL_SESSION_set_app_data() and
- SSL_SESSION_get_app_data() functions, the application can hold
- information against the session-id as well.
-
-03-Sep-97
- - Added lookup of CRLs to the by_dir method,
- X509_load_crl_file() also added. Basically it means you can
- lookup CRLs via the same system used to lookup certificates.
- - Changed things so that the X509_NAME structure can contain
- ASN.1 BIT_STRINGS which is required for the unique
- identifier OID.
- - Fixed some problems with the auto flushing of the session-id
- cache. It was not occuring on the server side.
-
-02-Sep-97
- - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
- which is the maximum number of entries allowed in the
- session-id cache. This is enforced with a simple FIFO list.
- The default size is 20*1024 entries which is rather large :-).
- The Timeout code is still always operating.
-
-01-Sep-97
- - Added an argument to all the 'generate private key/prime`
- callbacks. It is the last parameter so this should not
- break existing code but it is needed for C++.
- - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
- BIO. This lets the BIO read and write base64 encoded data
- without inserting or looking for '\n' characters. The '-A'
- flag turns this on when using apps/enc.c.
- - RSA_NO_PADDING added to help BSAFE functionality. This is a
- very dangerous thing to use, since RSA private key
- operations without random padding bytes (as PKCS#1 adds) can
- be attacked such that the private key can be revealed.
- - ASN.1 bug and rc2-40-cbc and rc4-40 added by
- Dr Stephen Henson <shenson@bigfoot.com>
-
-31-Aug-97 (stuff added while I was away)
- - Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
- - RSA_flags() added allowing bypass of pub/priv match check
- in ssl/ssl_rsa.c - Tim Hudson.
- - A few minor bugs.
-
-SSLeay 0.8.1 released.
-
-19-Jul-97
- - Server side initated dynamic renegotiation is broken. I will fix
- it when I get back from holidays.
-
-15-Jul-97
- - Quite a few small changes.
- - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
-
-09-Jul-97
- - Added 2 new values to the SSL info callback.
- SSL_CB_START which is passed when the SSL protocol is started
- and SSL_CB_DONE when it has finished sucsessfully.
-
-08-Jul-97
- - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
- that related to DSA public/private keys.
- - Added all the relevent PEM and normal IO functions to support
- reading and writing RSAPublic keys.
- - Changed makefiles to use ${AR} instead of 'ar r'
-
-07-Jul-97
- - Error in ERR_remove_state() that would leave a dangling reference
- to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
- - s_client now prints the X509_NAMEs passed from the server
- when requesting a client cert.
- - Added a ssl->type, which is one of SSL_ST_CONNECT or
- SSL_ST_ACCEPT. I had to add it so I could tell if I was
- a connect or an accept after the handshake had finished.
- - SSL_get_client_CA_list(SSL *s) now returns the CA names
- passed by the server if called by a client side SSL.
-
-05-Jul-97
- - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
- 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com).
-
-04-Jul-97
- - Fixed some things in X509_NAME_add_entry(), thanks to
- Matthew Donald <matthew@world.net>.
- - I had a look at the cipher section and though that it was a
- bit confused, so I've changed it.
- - I was not setting up the RC4-64-MD5 cipher correctly. It is
- a MS special that appears in exported MS Money.
- - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3
- spec. I was missing the two byte length header for the
- ClientDiffieHellmanPublic value. This is a packet sent from
- the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
- option will enable SSLeay server side SSLv3 accept either
- the correct or my 080 packet format.
- - Fixed a few typos in crypto/pem.org.
-
-02-Jul-97
- - Alias mapping for EVP_get_(digest|cipher)byname is now
- performed before a lookup for actual cipher. This means
- that an alias can be used to 're-direct' a cipher or a
- digest.
- - ASN1_read_bio() had a bug that only showed up when using a
- memory BIO. When EOF is reached in the memory BIO, it is
- reported as a -1 with BIO_should_retry() set to true.
-
-01-Jul-97
- - Fixed an error in X509_verify_cert() caused by my
- miss-understanding how 'do { contine } while(0);' works.
- Thanks to Emil Sit <sit@mit.edu> for educating me :-)
-
-30-Jun-97
- - Base64 decoding error. If the last data line did not end with
- a '=', sometimes extra data would be returned.
- - Another 'cut and paste' bug in x509.c related to setting up the
- STDout BIO.
-
-27-Jun-97
- - apps/ciphers.c was not printing due to an editing error.
- - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
- a library build error in util/mk1mf.pl
-
-26-Jun-97
- - Still did not have the auto 'experimental' code removal
- script correct.
- - A few header tweaks for Watcom 11.0 under Win32 from
- Rolf Lindemann <Lindemann@maz-hh.de>
- - 0 length OCTET_STRING bug in asn1_parse
- - A minor fix with an non-existent function in the MS .def files.
- - A few changes to the PKCS7 stuff.
-
-25-Jun-97
- SSLeay 0.8.0 finally it gets released.
-
-24-Jun-97
- Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
- use a temporary RSA key. This is experimental and needs some more work.
- Fixed a few Win16 build problems.
-
-23-Jun-97
- SSLv3 bug. I was not doing the 'lookup' of the CERT structure
- correctly. I was taking the SSL->ctx->default_cert when I should
- have been using SSL->cert. The bug was in ssl/s3_srvr.c
-
-20-Jun-97
- X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
- rest of the library. Even though I had the code required to do
- it correctly, apps/req.c was doing the wrong thing. I have fixed
- and tested everything.
-
- Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
-
-19-Jun-97
- Fixed a bug in the SSLv2 server side first packet handling. When
- using the non-blocking test BIO, the ssl->s2->first_packet flag
- was being reset when a would-block failure occurred when reading
- the first 5 bytes of the first packet. This caused the checking
- logic to run at the wrong time and cause an error.
-
- Fixed a problem with specifying cipher. If RC4-MD5 were used,
- only the SSLv3 version would be picked up. Now this will pick
- up both SSLv2 and SSLv3 versions. This required changing the
- SSL_CIPHER->mask values so that they only mask the ciphers,
- digests, authentication, export type and key-exchange algorithms.
-
- I found that when a SSLv23 session is established, a reused
- session, of type SSLv3 was attempting to write the SSLv2
- ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char
- method has been modified so it will only write out cipher which
- that method knows about.
-
-
- Changes between 0.8.0 and 0.8.1
-
- *) Mostly bug fixes.
- There is an Ephemeral DH cipher problem which is fixed.
-
- SSLeay 0.8.0
-
-This version of SSLeay has quite a lot of things different from the
-previous version.
-
-Basically check all callback parameters, I will be producing documentation
-about how to use things in th future. Currently I'm just getting 080 out
-the door. Please not that there are several ways to do everything, and
-most of the applications in the apps directory are hybrids, some using old
-methods and some using new methods.
-
-Have a look in demos/bio for some very simple programs and
-apps/s_client.c and apps/s_server.c for some more advanced versions.
-Notes are definitly needed but they are a week or so away.
-
-Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
----
-Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
-get those people that want to move to using the new code base off to
-a quick start.
-
-Note that Eric has tidied up a lot of the areas of the API that were
-less than desirable and renamed quite a few things (as he had to break
-the API in lots of places anyrate). There are a whole pile of additional
-functions for making dealing with (and creating) certificates a lot
-cleaner.
-
-01-Jul-97
-Tim Hudson
-tjh@cryptsoft.com
-
----8<---
-
-To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
-use something like the following (assuming you #include "crypto.h" which
-is something that you really should be doing).
-
-#if SSLEAY_VERSION_NUMBER >= 0x0800
-#define SSLEAY8
-#endif
-
-buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
- too if you are working with BIO internal stuff (as distinct
- from simply using the interface in an opaque manner)
-
-#include "bio.h" - required along with "buffer.h" if you write
- your own BIO routines as the buffer and bio
- stuff that was intermixed has been separated
- out
-
-envelope.h -> evp.h (which should have been done ages ago)
-
-Initialisation ... don't forget these or you end up with code that
-is missing the bits required to do useful things (like ciphers):
-
-SSLeay_add_ssl_algorithms()
-(probably also want SSL_load_error_strings() too but you should have
- already had that call in place)
-
-SSL_CTX_new() - requires an extra method parameter
- SSL_CTX_new(SSLv23_method())
- SSL_CTX_new(SSLv2_method())
- SSL_CTX_new(SSLv3_method())
-
- OR to only have the server or the client code
- SSL_CTX_new(SSLv23_server_method())
- SSL_CTX_new(SSLv2_server_method())
- SSL_CTX_new(SSLv3_server_method())
- or
- SSL_CTX_new(SSLv23_client_method())
- SSL_CTX_new(SSLv2_client_method())
- SSL_CTX_new(SSLv3_client_method())
-
-SSL_set_default_verify_paths() ... renamed to the more appropriate
-SSL_CTX_set_default_verify_paths()
-
-If you want to use client certificates then you have to add in a bit
-of extra stuff in that a SSLv3 server sends a list of those CAs that
-it will accept certificates from ... so you have to provide a list to
-SSLeay otherwise certain browsers will not send client certs.
-
-SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
-
-
-X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0)
- or provide a buffer and size to copy the
- result into
-
-X509_add_cert -> X509_STORE_add_cert (and you might want to read the
- notes on X509_NAME structure changes too)
-
-
-VERIFICATION CODE
-=================
-
-The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
-more accurately reflect things.
-
-The verification callback args are now packaged differently so that
-extra fields for verification can be added easily in future without
-having to break things by adding extra parameters each release :-)
-
-X509_cert_verify_error_string -> X509_verify_cert_error_string
-
-
-BIO INTERNALS
-=============
-
-Eric has fixed things so that extra flags can be introduced in
-the BIO layer in future without having to play with all the BIO
-modules by adding in some macros.
-
-The ugly stuff using
- b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
-becomes
- BIO_clear_retry_flags(b)
-
- b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
-becomes
- BIO_set_retry_read(b)
-
-Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
-
-
-
-OTHER THINGS
-============
-
-X509_NAME has been altered so that it isn't just a STACK ... the STACK
-is now in the "entries" field ... and there are a pile of nice functions
-for getting at the details in a much cleaner manner.
-
-SSL_CTX has been altered ... "cert" is no longer a direct member of this
-structure ... things are now down under "cert_store" (see x509_vfy.h) and
-things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
-If your code "knows" about this level of detail then it will need some
-surgery.
-
-If you depending on the incorrect spelling of a number of the error codes
-then you will have to change your code as these have been fixed.
-
-ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
-has been all along so this makes things clearer.
-ify_cert_error_string(ctx->error));
-
-SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
- and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
-
-
-
- Changes between 0.7.x and 0.8.0
-
- *) There have been lots of changes, mostly the addition of SSLv3.
- There have been many additions from people and amongst
- others, C2Net has assisted greatly.
-
- Changes between 0.7.x and 0.7.x
-
- *) Internal development version only
-
-SSLeay 0.6.6 13-Jan-1997
-
-The main additions are
-
-- assember for x86 DES improvments.
- From 191,000 per second on a pentium 100, I now get 281,000. The inner
- loop and the IP/FP modifications are from
- Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. Many thanks for his
- contribution.
-- The 'DES macros' introduced in 0.6.5 now have 3 types.
- DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which
- is best and there is a summery of mine in crypto/des/options.txt
-- A few bug fixes.
-- Added blowfish. It is not used by SSL but all the other stuff that
- deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
- There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'.
- BF_PTR2 is pentium/x86 specific. The correct option is setup in
- the 'Configure' script.
-- There is now a 'get client certificate' callback which can be
- 'non-blocking'. If more details are required, let me know. It will
- documented more in SSLv3 when I finish it.
-- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test'
- now tests the ca program.
-- Lots of little things modified and tweaked.
-
- SSLeay 0.6.5
-
-After quite some time (3 months), the new release. I have been very busy
-for the last few months and so this is mostly bug fixes and improvments.
-
-The main additions are
-
-- assember for x86 DES. For all those gcc based systems, this is a big
- improvement. From 117,000 DES operation a second on a pentium 100,
- I now get 191,000. I have also reworked the C version so it
- now gives 148,000 DESs per second.
-- As mentioned above, the inner DES macros now have some more variant that
- sometimes help, sometimes hinder performance. There are now 3 options
- DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)
- and DES_RISC (a more register intensive version of the inner macro).
- The crypto/des/des_opts.c program, when compiled and run, will give
- an indication of the correct options to use.
-- The BIO stuff has been improved. Read doc/bio.doc. There are now
- modules for encryption and base64 encoding and a BIO_printf() function.
-- The CA program will accept simple one line X509v3 extensions in the
- ssleay.cnf file. Have a look at the example. Currently this just
- puts the text into the certificate as an OCTET_STRING so currently
- the more advanced X509v3 data types are not handled but this is enough
- for the netscape extensions.
-- There is the start of a nicer higher level interface to the X509
- strucutre.
-- Quite a lot of bug fixes.
-- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used
- to define the malloc(), free() and realloc() routines to use
- (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when
- using DLLs and mixing CRT libraries.
-
-In general, read the 'VERSION' file for changes and be aware that some of
-the new stuff may not have been tested quite enough yet, so don't just plonk
-in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break.
-
-SSLeay 0.6.4 30/08/96 eay
-
-I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3,
-Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-).
-
-The main changes in this release
-
-- Thread safe. have a read of doc/threads.doc and play in the mt directory.
- For anyone using 0.6.3 with threads, I found 2 major errors so consider
- moving to 0.6.4. I have a test program that builds under NT and
- solaris.
-- The get session-id callback has changed. Have a read of doc/callback.doc.
-- The X509_cert_verify callback (the SSL_verify callback) now
- has another argument. Have a read of doc/callback.doc
-- 'ca -preserve', sign without re-ordering the DN. Not tested much.
-- VMS support.
-- Compile time memory leak detection can now be built into SSLeay.
- Read doc/memory.doc
-- CONF routines now understand '\', '\n', '\r' etc. What this means is that
- the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines.
-- 'ssleay ciphers' added, lists the default cipher list for SSLeay.
-- RC2 key setup is now compatable with Netscape.
-- Modifed server side of SSL implementation, big performance difference when
- using session-id reuse.
-
-0.6.3
-
-Bug fixes and the addition of some nice stuff to the 'ca' program.
-Have a read of doc/ns-ca.doc for how hit has been modified so
-it can be driven from a CGI script. The CGI script is not provided,
-but that is just being left as an excersize for the reader :-).
-
-0.6.2
-
-This is most bug fixes and functionality improvements.
-
-Additions are
-- More thread debugging patches, the thread stuff is still being
- tested, but for those keep to play with stuff, have a look in
- crypto/cryptlib.c. The application needs to define 1 (or optionaly
- a second) callback that is used to implement locking. Compiling
- with LOCK_DEBUG spits out lots of locking crud :-).
- This is what I'm currently working on.
-- SSL_CTX_set_default_passwd_cb() can be used to define the callback
- function used in the SSL*_file() functions used to load keys. I was
- always of the opinion that people should call
- PEM_read_RSAPrivateKey() and pass the callback they want to use, but
- it appears they just want to use the SSL_*_file() function() :-(.
-- 'enc' now has a -kfile so a key can be read from a file. This is
- mostly used so that the passwd does not appear when using 'ps',
- which appears imposible to stop under solaris.
-- X509v3 certificates now work correctly. I even have more examples
- in my tests :-). There is now a X509_EXTENSION type that is used in
- X509v3 certificates and CRLv2.
-- Fixed that signature type error :-(
-- Fixed quite a few potential memory leaks and problems when reusing
- X509, CRL and REQ structures.
-- EVP_set_pw_prompt() now sets the library wide default password
- prompt.
-- The 'pkcs7' command will now, given the -print_certs flag, output in
- pem format, all certificates and CRL contained within. This is more
- of a pre-emtive thing for the new verisign distribution method. I
- should also note, that this also gives and example in code, of how
- to do this :-), or for that matter, what is involved in going the
- other way (list of certs and crl -> pkcs7).
-- Added RSA's DESX to the DES library. It is also available via the
- EVP_desx_cbc() method and via 'enc desx'.
-
-SSLeay 0.6.1
-
-The main functional changes since 0.6.0 are as follows
-- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is
- that from now on, I'll keep the .def numbers the same so they will be.
-- RSA private key operations are about 2 times faster that 0.6.0
-- The SSL_CTX now has more fields so default values can be put against
- it. When an SSL structure is created, these default values are used
- but can be overwritten. There are defaults for cipher, certificate,
- private key, verify mode and callback. This means SSL session
- creation can now be
- ssl=SSL_new()
- SSL_set_fd(ssl,sock);
- SSL_accept(ssl)
- ....
- All the other uglyness with having to keep a global copy of the
- private key and certificate/verify mode in the server is now gone.
-- ssl/ssltest.c - one process talking SSL to its self for testing.
-- Storage of Session-id's can be controled via a session_cache_mode
- flag. There is also now an automatic default flushing of
- old session-id's.
-- The X509_cert_verify() function now has another parameter, this
- should not effect most people but it now means that the reason for
- the failure to verify is now available via SSL_get_verify_result(ssl).
- You don't have to use a global variable.
-- SSL_get_app_data() and SSL_set_app_data() can be used to keep some
- application data against the SSL structure. It is upto the application
- to free the data. I don't use it, but it is available.
-- SSL_CTX_set_cert_verify_callback() can be used to specify a
- verify callback function that completly replaces my certificate
- verification code. Xcert should be able to use this :-).
- The callback is of the form int app_verify_callback(arg,ssl,cert).
- This needs to be documented more.
-- I have started playing with shared library builds, have a look in
- the shlib directory. It is very simple. If you need a numbered
- list of functions, have a look at misc/crypto.num and misc/ssl.num.
-- There is some stuff to do locking to make the library thread safe.
- I have only started this stuff and have not finished. If anyone is
- keen to do so, please send me the patches when finished.
-
-So I have finally made most of the additions to the SSL interface that
-I thought were needed.
-
-There will probably be a pause before I make any non-bug/documentation
-related changes to SSLeay since I'm feeling like a bit of a break.
-
-eric - 12 Jul 1996
-I saw recently a comment by some-one that we now seem to be entering
-the age of perpetual Beta software.
-Pioneered by packages like linux but refined to an art form by
-netscape.
-
-I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-).
-
-There are quite a large number of sections that are 'works in
-progress' in this package. I will also list the major changes and
-what files you should read.
-
-BIO - this is the new IO structure being used everywhere in SSLeay. I
-started out developing this because of microsoft, I wanted a mechanism
-to callback to the application for all IO, so Windows 3.1 DLL
-perversion could be hidden from me and the 15 different ways to write
-to a file under NT would also not be dictated by me at library build
-time. What the 'package' is is an API for a data structure containing
-functions. IO interfaces can be written to conform to the
-specification. This in not intended to hide the underlying data type
-from the application, but to hide it from SSLeay :-).
-I have only really finished testing the FILE * and socket/fd modules.
-There are also 'filter' BIO's. Currently I have only implemented
-message digests, and it is in use in the dgst application. This
-functionality will allow base64/encrypto/buffering modules to be
-'push' into a BIO without it affecting the semantics. I'm also
-working on an SSL BIO which will hide the SSL_accept()/SLL_connet()
-from an event loop which uses the interface.
-It is also possible to 'attach' callbacks to a BIO so they get called
-before and after each operation, alowing extensive debug output
-to be generated (try running dgst with -d).
-
-Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few
-functions that used to take FILE *, now take BIO *.
-The wrappers are easy to write
-
-function_fp(fp,x)
-FILE *fp;
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file())) == NULL) error.....
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=function_bio(b,x);
- BIO_free(b);
- return(ret);
- }
-Remember, there are no functions that take FILE * in SSLeay when
-compiled for Windows 3.1 DLL's.
-
---
-I have added a general EVP_PKEY type that can hold a public/private
-key. This is now what is used by the EVP_ functions and is passed
-around internally. I still have not done the PKCS#8 stuff, but
-X509_PKEY is defined and waiting :-)
-
---
-For a full function name listings, have a look at ms/crypt32.def and
-ms/ssl32.def. These are auto-generated but are complete.
-Things like ASN1_INTEGER_get() have been added and are in here if you
-look. I have renamed a few things, again, have a look through the
-function list and you will probably find what you are after. I intend
-to at least put a one line descrition for each one.....
-
---
-Microsoft - thats what this release is about, read the MICROSOFT file.
-
---
-Multi-threading support. I have started hunting through the code and
-flaging where things need to be done. In a state of work but high on
-the list.
-
---
-For random numbers, edit e_os.h and set DEVRANDOM (it's near the top)
-be be you random data device, otherwise 'RFILE' in e_os.h
-will be used, in your home directory. It will be updated
-periodically. The environment variable RANDFILE will override this
-choice and read/write to that file instead. DEVRANDOM is used in
-conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random
-number generator, pick on one of these files.
-
---
-
-The list of things to read and do
-
-dgst -d
-s_client -state (this uses a callback placed in the SSL state loop and
- will be used else-where to help debug/monitor what
- is happening.)
-
-doc/why.doc
-doc/bio.doc <- hmmm, needs lots of work.
-doc/bss_file.doc <- one that is working :-)
-doc/session.doc <- it has changed
-doc/speed.doc
- also play with ssleay version -a. I have now added a SSLeay()
- function that returns a version number, eg 0600 for this release
- which is primarily to be used to check DLL version against the
- application.
-util/* Quite a few will not interest people, but some may, like
- mk1mf.pl, mkdef.pl,
-util/do_ms.sh
-
-try
-cc -Iinclude -Icrypto -c crypto/crypto.c
-cc -Iinclude -Issl -c ssl/ssl.c
-You have just built the SSLeay libraries as 2 object files :-)
-
-Have a general rummage around in the bin stall directory and look at
-what is in there, like CA.sh and c_rehash
-
-There are lots more things but it is 12:30am on a Friday night and I'm
-heading home :-).
-
-eric 22-Jun-1996
-This version has quite a few major bug fixes and improvements. It DOES NOT
-do SSLv3 yet.
-
-The main things changed
-- A Few days ago I added the s_mult application to ssleay which is
- a demo of an SSL server running in an event loop type thing.
- It supports non-blocking IO, I have finally gotten it right, SSL_accept()
- can operate in non-blocking IO mode, look at the code to see how :-).
- Have a read of doc/s_mult as well. This program leaks memory and
- file descriptors everywhere but I have not cleaned it up yet.
- This is a demo of how to do non-blocking IO.
-- The SSL session management has been 'worked over' and there is now
- quite an expansive set of functions to manipulate them. Have a read of
- doc/session.doc for some-things I quickly whipped up about how it now works.
- This assume you know the SSLv2 protocol :-)
-- I can now read/write the netscape certificate format, use the
- -inform/-outform 'net' options to the x509 command. I have not put support
- for this type in the other demo programs, but it would be easy to add.
-- asn1parse and 'enc' have been modified so that when reading base64
- encoded files (pem format), they do not require '-----BEGIN' header lines.
- The 'enc' program had a buffering bug fixed, it can be used as a general
- base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d'
- respecivly. Leaving out the '-a' flag in this case makes the 'enc' command
- into a form of 'cat'.
-- The 'x509' and 'req' programs have been fixed and modified a little so
- that they generate self-signed certificates correctly. The test
- script actually generates a 'CA' certificate and then 'signs' a
- 'user' certificate. Have a look at this shell script (test/sstest)
- to see how things work, it tests most possible combinations of what can
- be done.
-- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name
- of SSL_set_cipher_list() is now the correct API (stops confusion :-).
- If this function is used in the client, only the specified ciphers can
- be used, with preference given to the order the ciphers were listed.
- For the server, if this is used, only the specified ciphers will be used
- to accept connections. If this 'option' is not used, a default set of
- ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this
- list for all ciphers started against the SSL_CTX. So the order is
- SSL cipher_list, if not present, SSL_CTX cipher list, if not
- present, then the library default.
- What this means is that normally ciphers like
- NULL-MD5 will never be used. The only way this cipher can be used
- for both ends to specify to use it.
- To enable or disable ciphers in the library at build time, modify the
- first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c.
- This file also contains the 'pref_cipher' list which is the default
- cipher preference order.
-- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net'
- options work. They should, and they enable loading and writing the
- netscape rsa private key format. I will be re-working this section of
- SSLeay for the next version. What is currently in place is a quick and
- dirty hack.
-- I've re-written parts of the bignum library. This gives speedups
- for all platforms. I now provide assembler for use under Windows NT.
- I have not tested the Windows 3.1 assembler but it is quite simple code.
- This gives RSAprivate_key operation encryption times of 0.047s (512bit key)
- and 0.230s (1024bit key) on a pentium 100 which I consider reasonable.
- Basically the times available under linux/solaris x86 can be achieve under
- Windows NT. I still don't know how these times compare to RSA's BSAFE
- library but I have been emailing with people and with their help, I should
- be able to get my library's quite a bit faster still (more algorithm changes).
- The object file crypto/bn/asm/x86-32.obj should be used when linking
- under NT.
-- 'make makefile.one' in the top directory will generate a single makefile
- called 'makefile.one' This makefile contains no perl references and
- will build the SSLeay library into the 'tmp' and 'out' directories.
- util/mk1mf.pl >makefile.one is how this makefile is
- generated. The mk1mf.pl command take several option to generate the
- makefile for use with cc, gcc, Visual C++ and Borland C++. This is
- still under development. I have only build .lib's for NT and MSDOS
- I will be working on this more. I still need to play with the
- correct compiler setups for these compilers and add some more stuff but
- basically if you just want to compile the library
- on a 'non-unix' platform, this is a very very good file to start with :-).
- Have a look in the 'microsoft' directory for my current makefiles.
- I have not yet modified things to link with sockets under Windows NT.
- You guys should be able to do this since this is actually outside of the
- SSLeay scope :-). I will be doing it for myself soon.
- util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock
- to build without RC2/RC4, to require RSAref for linking, and to
- build with no socket code.
-
-- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher
- that was posted to sci.crypt has been added to the library and SSL.
- I take the view that if RC2 is going to be included in a standard,
- I'll include the cipher to make my package complete.
- There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers
- at compile time. I have not tested this recently but it should all work
- and if you are in the USA and don't want RSA threatening to sue you,
- you could probably remove the RC4/RC2 code inside these sections.
- I may in the future include a perl script that does this code
- removal automatically for those in the USA :-).
-- I have removed all references to sed in the makefiles. So basically,
- the development environment requires perl and sh. The build environment
- does not (use the makefile.one makefile).
- The Configure script still requires perl, this will probably stay that way
- since I have perl for Windows NT :-).
-
-eric (03-May-1996)
-
-PS Have a look in the VERSION file for more details on the changes and
- bug fixes.
-I have fixed a few bugs, added alpha and x86 assembler and generally cleaned
-things up. This version will be quite stable, mostly because I'm on
-holidays until 10-March-1996. For any problems in the interum, send email
-to Tim Hudson <tjh@mincom.oz.au>.
-
-SSLeay 0.5.0
-
-12-12-95
-This is going out before it should really be released.
-
-I leave for 11 weeks holidays on the 22-12-95 and so I either sit on
-this for 11 weeks or get things out. It is still going to change a
-lot in the next week so if you do grab this version, please test and
-give me feed back ASAP, inculuding questions on how to do things with
-the library. This will prompt me to write documentation so I don't
-have to answer the same question again :-).
-
-This 'pre' release version is for people who are interested in the
-library. The applications will have to be changed to use
-the new version of the SSL interface. I intend to finish more
-documentation before I leave but until then, look at the programs in
-the apps directory. As far as code goes, it is much much nicer than
-the old version.
-
-The current library works, has no memory leaks (as far as I can tell)
-and is far more bug free that 0.4.5d. There are no global variable of
-consequence (I believe) and I will produce some documentation that
-tell where to look for those people that do want to do multi-threaded
-stuff.
-
-There should be more documentation. Have a look in the
-doc directory. I'll be adding more before I leave, it is a start
-by mostly documents the crypto library. Tim Hudson will update
-the web page ASAP. The spelling and grammar are crap but
-it is better than nothing :-)
-
-Reasons to start playing with version 0.5.0
-- All the programs in the apps directory build into one ssleay binary.
-- There is a new version of the 'req' program that generates certificate
- requests, there is even documentation for this one :-)
-- There is a demo certification authorithy program. Currently it will
- look at the simple database and update it. It will generate CRL from
- the data base. You need to edit the database by hand to revoke a
- certificate, it is my aim to use perl5/Tk but I don't have time to do
- this right now. It will generate the certificates but the management
- scripts still need to be written. This is not a hard task.
-- Things have been cleaned up alot.
-- Have a look at the enc and dgst programs in the apps directory.
-- It supports v3 of x509 certiticates.
-
-
-Major things missing.
-- I have been working on (and thinging about) the distributed x509
- hierachy problem. I have not had time to put my solution in place.
- It will have to wait until I come back.
-- I have not put in CRL checking in the certificate verification but
- it would not be hard to do. I was waiting until I could generate my
- own CRL (which has only been in the last week) and I don't have time
- to put it in correctly.
-- Montgomery multiplication need to be implemented. I know the
- algorithm, just ran out of time.
-- PKCS#7. I can load and write the DER version. I need to re-work
- things to support BER (if that means nothing, read the ASN1 spec :-).
-- Testing of the higher level digital envelope routines. I have not
- played with the *_seal() and *_open() type functions. They are
- written but need testing. The *_sign() and *_verify() functions are
- rock solid.
-- PEM. Doing this and PKCS#7 have been dependant on the distributed
- x509 heirachy problem. I started implementing my ideas, got
- distracted writing a CA program and then ran out of time. I provide
- the functionality of RSAref at least.
-- Re work the asm. code for the x86. I've changed by low level bignum
- interface again, so I really need to tweak the x86 stuff. gcc is
- good enough for the other boxes.
-
diff --git a/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head b/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head
deleted file mode 100644
index 1203a22..0000000
--- a/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head
+++ /dev/null
@@ -1,163 +0,0 @@
-This file, together with ChangeLog.0_9_7-stable_not-in-head_FIPS,
-provides a collection of those CVS change log entries for the
-0.9.7 branch (OpenSSL_0_9_7-stable) that do not appear similarly in
-0.9.8-dev (CVS head).
-
-ChangeLog.0_9_7-stable_not-in-head_FIPS - "FIPS" related changes
-ChangeLog.0_9_7-stable_not-in-head - everything else
-
-Some obvious false positives have been eliminated: e.g., we do not
-care about a simple "make update"; and we don't care about changes
-identified to the 0.9.7 branch that were explicitly identified as
-backports from head.
-
-Eliminating all other entries (and finally this file and its
-compantion), either as false positives or as things that should go
-into 0.9.8, remains to be done. Any additional changes to 0.9.7 that
-are not immediately put into 0.9.8, but belong there as well, should
-be added to the end of this file.
-
-
-2002-11-04 17:33 levitte
-
- Changed:
- Configure (1.314.2.38), "Exp", lines: +4 -2
-
- Return my normal debug targets to something not so extreme, and
- make the extreme ones special (or 'extreme', if you will :-)).
-
-2002-12-16 19:17 appro
-
- Changed:
- crypto/bn/bn_lcl.h (1.23.2.3), "Exp", lines: +3 -0
- crypto/bn/bn_mul.c (1.28.2.4), "Exp", lines: +84 -445
-
- This is rollback to 0.9.6h bn_mul.c to address problem reported in
- RT#272.
-
-2003-07-27 15:46 ben
-
- Changed:
- crypto/aes/aes.h (1.1.2.5), "Exp", lines: +3 -0
- crypto/aes/aes_cfb.c (1.1.2.4), "Exp", lines: +57 -0
-
- Add untested CFB-r mode. Will be tested soon.
-
-2003-07-28 17:07 ben
-
- Changed:
- Makefile.org (1.154.2.69), "Exp", lines: +5 -1
- crypto/aes/aes.h (1.1.2.6), "Exp", lines: +3 -0
- crypto/aes/aes_cfb.c (1.1.2.5), "Exp", lines: +19 -0
- crypto/dsa/Makefile.ssl (1.49.2.6), "Exp", lines: +3 -2
- crypto/err/Makefile.ssl (1.48.2.4), "Exp", lines: +17 -16
- crypto/evp/e_aes.c (1.6.2.5), "Exp", lines: +8 -0
- crypto/evp/e_des.c (1.5.2.2), "Exp", lines: +1 -1
- crypto/evp/e_des3.c (1.8.2.3), "Exp", lines: +2 -2
- crypto/evp/evp.h (1.86.2.11), "Exp", lines: +28 -11
- crypto/evp/evp_locl.h (1.7.2.3), "Exp", lines: +2 -2
- crypto/objects/obj_dat.h (1.49.2.13), "Exp", lines: +10 -5
- crypto/objects/obj_mac.h (1.19.2.13), "Exp", lines: +5 -0
- crypto/objects/obj_mac.num (1.15.2.9), "Exp", lines: +1 -0
- crypto/objects/objects.txt (1.20.2.14), "Exp", lines: +4 -0
- fips/Makefile.ssl (1.1.2.3), "Exp", lines: +7 -0
- fips/aes/Makefile.ssl (1.1.2.2), "Exp", lines: +23 -1
- fips/aes/fips_aesavs.c (1.1.2.3), "Exp", lines: +9 -1
- test/Makefile.ssl (1.84.2.30), "Exp", lines: +101 -43
-
- Add support for partial CFB modes, make tests work, update
- dependencies.
-
-2003-07-29 12:56 ben
-
- Changed:
- crypto/aes/aes_cfb.c (1.1.2.6), "Exp", lines: +9 -6
- crypto/evp/c_allc.c (1.8.2.3), "Exp", lines: +1 -0
- crypto/evp/evp_test.c (1.14.2.11), "Exp", lines: +17 -8
- crypto/evp/evptests.txt (1.9.2.2), "Exp", lines: +48 -1
-
- Working CFB1 and test vectors.
-
-2003-07-29 15:24 ben
-
- Changed:
- crypto/evp/e_aes.c (1.6.2.6), "Exp", lines: +14 -0
- crypto/objects/obj_dat.h (1.49.2.14), "Exp", lines: +15 -5
- crypto/objects/obj_mac.h (1.19.2.14), "Exp", lines: +10 -0
- crypto/objects/obj_mac.num (1.15.2.10), "Exp", lines: +2 -0
- crypto/objects/objects.txt (1.20.2.15), "Exp", lines: +2 -0
- fips/aes/Makefile.ssl (1.1.2.3), "Exp", lines: +1 -1
- fips/aes/fips_aesavs.c (1.1.2.4), "Exp", lines: +34 -19
-
- The rest of the keysizes for CFB1, working AES AVS test for CFB1.
-
-2003-07-29 19:05 ben
-
- Changed:
- crypto/aes/aes.h (1.1.2.7), "Exp", lines: +3 -0
- crypto/aes/aes_cfb.c (1.1.2.7), "Exp", lines: +14 -0
- crypto/evp/c_allc.c (1.8.2.4), "Exp", lines: +1 -0
- crypto/evp/e_aes.c (1.6.2.7), "Exp", lines: +4 -9
- crypto/evp/evptests.txt (1.9.2.3), "Exp", lines: +48 -0
- crypto/objects/obj_dat.h (1.49.2.15), "Exp", lines: +20 -5
- crypto/objects/obj_mac.h (1.19.2.15), "Exp", lines: +15 -0
- crypto/objects/obj_mac.num (1.15.2.11), "Exp", lines: +3 -0
- crypto/objects/objects.txt (1.20.2.16), "Exp", lines: +3 -0
- fips/aes/fips_aesavs.c (1.1.2.7), "Exp", lines: +11 -0
-
- AES CFB8.
-
-2003-07-30 20:30 ben
-
- Changed:
- Makefile.org (1.154.2.70), "Exp", lines: +16 -5
- crypto/des/cfb_enc.c (1.7.2.1), "Exp", lines: +2 -1
- crypto/des/des_enc.c (1.11.2.2), "Exp", lines: +4 -0
- crypto/evp/e_aes.c (1.6.2.8), "Exp", lines: +7 -14
- crypto/evp/e_des.c (1.5.2.3), "Exp", lines: +37 -1
- crypto/evp/evp.h (1.86.2.12), "Exp", lines: +6 -0
- crypto/evp/evp_locl.h (1.7.2.4), "Exp", lines: +9 -0
- crypto/objects/obj_dat.h (1.49.2.16), "Exp", lines: +48 -23
- crypto/objects/obj_mac.h (1.19.2.16), "Exp", lines: +31 -6
- crypto/objects/obj_mac.num (1.15.2.12), "Exp", lines: +5 -0
- crypto/objects/objects.txt (1.20.2.17), "Exp", lines: +12 -6
- fips/Makefile.ssl (1.1.2.4), "Exp", lines: +8 -1
- fips/fips_make_sha1 (1.1.2.3), "Exp", lines: +3 -0
- fips/aes/Makefile.ssl (1.1.2.4), "Exp", lines: +1 -1
- fips/des/.cvsignore (1.1.2.1), "Exp", lines: +3 -0
- fips/des/Makefile.ssl (1.1.2.1), "Exp", lines: +96 -0
- fips/des/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0
- fips/des/fips_des_enc.c (1.1.2.1), "Exp", lines: +288 -0
- fips/des/fips_des_locl.h (1.1.2.1), "Exp", lines: +428 -0
- fips/des/fips_desmovs.c (1.1.2.1), "Exp", lines: +659 -0
-
- Whoops, forgot FIPS DES, also add EVPs for DES CFB1 and 8.
-
-2003-08-01 12:25 ben
-
- Changed:
- crypto/des/cfb_enc.c (1.7.2.2), "Exp", lines: +45 -36
- crypto/evp/c_allc.c (1.8.2.5), "Exp", lines: +2 -0
- crypto/evp/e_des.c (1.5.2.4), "Exp", lines: +8 -3
- crypto/evp/evptests.txt (1.9.2.4), "Exp", lines: +6 -0
-
- Fix DES CFB-r.
-
-2003-08-01 12:31 ben
-
- Changed:
- crypto/evp/evptests.txt (1.9.2.5), "Exp", lines: +4 -0
-
- DES CFB8 test.
-
-2005-04-19 16:21 appro
-
- Changed:
- Configure (1.314.2.117), "Exp", lines: +24 -21
- Makefile.org (1.154.2.100), "Exp", lines: +1 -11
- TABLE (1.99.2.52), "Exp", lines: +20 -20
- apps/Makefile (1.1.4.15), "Exp", lines: +1 -1
- test/Makefile (1.1.4.12), "Exp", lines: +1 -1
-
- Enable shared link on HP-UX.
-
diff --git a/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS b/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS
deleted file mode 100644
index 1e6c88f..0000000
--- a/crypto/openssl/ChangeLog.0_9_7-stable_not-in-head_FIPS
+++ /dev/null
@@ -1,1494 +0,0 @@
-See file ChangeLog.0_9_7-stable_not-in-head for explanations.
-This is the "FIPS"-related part.
-
-
-
-2003-07-27 19:00 ben
-
- Changed:
- Configure (1.314.2.85), "Exp", lines: +2 -0
- Makefile.org (1.154.2.67), "Exp", lines: +12 -3
- crypto/cryptlib.c (1.32.2.9), "Exp", lines: +5 -0
- crypto/md32_common.h (1.22.2.4), "Exp", lines: +11 -0
- crypto/aes/Makefile.ssl (1.4.2.6), "Exp", lines: +2 -1
- crypto/aes/aes_core.c (1.1.2.4), "Exp", lines: +4 -0
- crypto/des/des.h (1.40.2.4), "Exp", lines: +1 -1
- crypto/des/des_old.c (1.11.2.4), "Exp", lines: +1 -1
- crypto/des/destest.c (1.30.2.6), "Exp", lines: +2 -2
- crypto/des/ecb3_enc.c (1.8.2.1), "Exp", lines: +1 -3
- crypto/dsa/Makefile.ssl (1.49.2.5), "Exp", lines: +7 -4
- crypto/dsa/dsa_ossl.c (1.12.2.4), "Exp", lines: +2 -0
- crypto/dsa/dsa_sign.c (1.10.2.3), "Exp", lines: +12 -0
- crypto/dsa/dsa_vrf.c (1.10.2.3), "Exp", lines: +8 -0
- crypto/engine/engine.h (1.36.2.6), "Exp", lines: +4 -0
- crypto/err/err.h (1.35.2.3), "Exp", lines: +2 -0
- crypto/err/err_all.c (1.17.2.2), "Exp", lines: +4 -0
- crypto/err/openssl.ec (1.11.2.1), "Exp", lines: +1 -0
- crypto/evp/Makefile.ssl (1.64.2.8), "Exp", lines: +8 -7
- crypto/evp/c_all.c (1.7.8.7), "Exp", lines: +1 -0
- crypto/evp/e_aes.c (1.6.2.4), "Exp", lines: +12 -4
- crypto/evp/e_des3.c (1.8.2.2), "Exp", lines: +1 -1
- crypto/evp/evp.h (1.86.2.10), "Exp", lines: +2 -0
- crypto/evp/evp_err.c (1.23.2.1), "Exp", lines: +3 -1
- crypto/md4/Makefile.ssl (1.6.2.4), "Exp", lines: +7 -4
- crypto/md5/Makefile.ssl (1.33.2.7), "Exp", lines: +7 -4
- crypto/rand/Makefile.ssl (1.56.2.4), "Exp", lines: +17 -15
- crypto/rand/md_rand.c (1.69.2.2), "Exp", lines: +9 -0
- crypto/rand/rand.h (1.26.2.5), "Exp", lines: +2 -0
- crypto/rand/rand_err.c (1.6.2.1), "Exp", lines: +3 -1
- crypto/rand/rand_lib.c (1.15.2.2), "Exp", lines: +11 -0
- crypto/ripemd/Makefile.ssl (1.25.2.5), "Exp", lines: +7 -2
- crypto/sha/Makefile.ssl (1.26.2.5), "Exp", lines: +16 -6
- fips/.cvsignore (1.1.2.1), "Exp", lines: +1 -0
- fips/Makefile.ssl (1.1.2.1), "Exp", lines: +155 -0
- fips/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0
- fips/fips.c (1.1.2.1), "Exp", lines: +74 -0
- fips/fips.h (1.1.2.1), "Exp", lines: +85 -0
- fips/fips_check_sha1 (1.1.2.1), "Exp", lines: +7 -0
- fips/fips_err.c (1.1.2.1), "Exp", lines: +96 -0
- fips/fips_make_sha1 (1.1.2.1), "Exp", lines: +21 -0
- fips/lib (1.1.2.1), "Exp", lines: +0 -0
- fips/aes/.cvsignore (1.1.2.1), "Exp", lines: +4 -0
- fips/aes/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0
- fips/aes/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0
- fips/aes/fips_aes_core.c (1.1.2.1), "Exp", lines: +1260 -0
- fips/aes/fips_aes_locl.h (1.1.2.1), "Exp", lines: +85 -0
- fips/aes/fips_aesavs.c (1.1.2.1), "Exp", lines: +896 -0
- fips/dsa/.cvsignore (1.1.2.1), "Exp", lines: +2 -0
- fips/dsa/Makefile.ssl (1.1.2.1), "Exp", lines: +95 -0
- fips/dsa/fingerprint.sha1 (1.1.2.1), "Exp", lines: +1 -0
- fips/dsa/fips_dsa_ossl.c (1.1.2.1), "Exp", lines: +366 -0
- fips/dsa/fips_dsatest.c (1.1.2.1), "Exp", lines: +252 -0
- fips/rand/.cvsignore (1.1.2.1), "Exp", lines: +2 -0
- fips/rand/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0
- fips/rand/fingerprint.sha1 (1.1.2.1), "Exp", lines: +2 -0
- fips/rand/fips_rand.c (1.1.2.1), "Exp", lines: +236 -0
- fips/rand/fips_rand.h (1.1.2.1), "Exp", lines: +55 -0
- fips/rand/fips_randtest.c (1.1.2.1), "Exp", lines: +348 -0
- fips/sha1/.cvsignore (1.1.2.1), "Exp", lines: +3 -0
- fips/sha1/Makefile.ssl (1.1.2.1), "Exp", lines: +94 -0
- fips/sha1/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0
- fips/sha1/fips_md32_common.h (1.1.2.1), "Exp", lines: +637 -0
- fips/sha1/fips_sha1dgst.c (1.1.2.1), "Exp", lines: +76 -0
- fips/sha1/fips_sha1test.c (1.1.2.1), "Exp", lines: +128 -0
- fips/sha1/fips_sha_locl.h (1.1.2.1), "Exp", lines: +472 -0
- fips/sha1/fips_standalone_sha1.c (1.1.2.1), "Exp", lines: +101 -0
- fips/sha1/standalone.sha1 (1.1.2.1), "Exp", lines: +4 -0
- test/Makefile.ssl (1.84.2.29), "Exp", lines: +81 -13
- util/mkerr.pl (1.18.2.4), "Exp", lines: +2 -1
-
- Unfinished FIPS stuff for review/improvement.
-
-2003-07-27 19:19 ben
-
- Changed:
- fips/fips_check_sha1 (1.1.2.2), "Exp", lines: +1 -1
-
- Use unified diff.
-
-2003-07-27 19:23 ben
-
- Changed:
- fips/Makefile.ssl (1.1.2.2), "Exp", lines: +3 -3
- fips/fingerprint.sha1 (1.1.2.2), "Exp", lines: +2 -1
- fips/fips_make_sha1 (1.1.2.2), "Exp", lines: +1 -1
-
- Build in non-FIPS mode.
-
-2003-07-27 23:13 ben
-
- Changed:
- Makefile.org (1.154.2.68), "Exp", lines: +1 -1
- fips/fips_check_sha1 (1.1.2.3), "Exp", lines: +2 -1
- fips/aes/fips_aesavs.c (1.1.2.2), "Exp", lines: +2 -0
- fips/dsa/fips_dsa_ossl.c (1.1.2.2), "Exp", lines: +8 -0
- fips/dsa/fips_dsatest.c (1.1.2.2), "Exp", lines: +2 -1
- fips/sha1/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1
- fips/sha1/fips_sha1dgst.c (1.1.2.2), "Exp", lines: +5 -1
- fips/sha1/fips_standalone_sha1.c (1.1.2.2), "Exp", lines: +2 -0
- fips/sha1/standalone.sha1 (1.1.2.2), "Exp", lines: +1 -1
-
- Build when not FIPS.
-
-2003-07-28 11:56 ben
-
- Changed:
- fips/dsa/fingerprint.sha1 (1.1.2.2), "Exp", lines: +1 -1
- fips/sha1/standalone.sha1 (1.1.2.3), "Exp", lines: +1 -1
-
- New fingerprints.
-
-2003-07-29 16:06 ben
-
- Changed:
- fips/aes/fips_aesavs.c (1.1.2.5), "Exp", lines: +295 -303
-
- Reformat.
-
-2003-07-29 16:34 ben
-
- Changed:
- fips/aes/fips_aesavs.c (1.1.2.6), "Exp", lines: +43 -17
-
- MMT for CFB1
-
-2003-07-29 17:17 ben
-
- Changed:
- fips/fips_err_wrapper.c (1.1.2.1), "Exp", lines: +5 -0
- fips/sha1/sha1hashes.txt (1.1.2.1), "Exp", lines: +342 -0
- fips/sha1/sha1vectors.txt (1.1.2.1), "Exp", lines: +2293 -0
-
- Missing files.
-
-2003-07-31 23:30 levitte
-
- Changed:
- Makefile.org (1.154.2.71), "Exp", lines: +2 -0
-
- If FDIRS is to be treated like SDIRS, let's not forget to
- initialize it in Makefile.org.
-
-2003-07-31 23:41 levitte
-
- Changed:
- fips/sha1/fips_sha1test.c (1.1.2.2), "Exp", lines: +3 -3
-
- No C++ comments in C programs!
-
-2003-08-01 15:07 steve
-
- Changed:
- fips/aes/fips_aesavs.c (1.1.2.8), "Exp", lines: +3 -3
-
- Replace C++ style comments.
-
-2003-08-03 14:22 ben
-
- Changed:
- fips/des/fips_desmovs.c (1.1.2.2), "Exp", lines: +55 -37
-
- Make tests work (CFB1 still doesn't produce the right answers,
- strangely).
-
-2003-08-08 12:08 levitte
-
- Changed:
- fips/des/fips_des_enc.c (1.1.2.2), "Exp", lines: +9 -0
-
- Avoid clashing with the regular DES functions when not compiling
- with -DFIPS. This is basically only visible when building with
- shared library supoort...
-
-2003-08-11 11:36 levitte
-
- Deleted:
- fips/sha1/.cvsignore (1.1.2.2)
- fips/sha1/Makefile.ssl (1.1.2.3)
- fips/sha1/fingerprint.sha1 (1.1.2.3)
- fips/sha1/fips_md32_common.h (1.1.2.2)
- fips/sha1/fips_sha1dgst.c (1.1.2.3)
- fips/sha1/fips_sha1test.c (1.1.2.3)
- fips/sha1/fips_sha_locl.h (1.1.2.2)
- fips/sha1/fips_standalone_sha1.c (1.1.2.3)
- fips/sha1/sha1hashes.txt (1.1.2.2)
- fips/sha1/sha1vectors.txt (1.1.2.2)
- fips/sha1/standalone.sha1 (1.1.2.4)
- fips/dsa/.cvsignore (1.1.2.2)
- fips/dsa/Makefile.ssl (1.1.2.2)
- fips/dsa/fingerprint.sha1 (1.1.2.3)
- fips/dsa/fips_dsa_ossl.c (1.1.2.3)
- fips/dsa/fips_dsatest.c (1.1.2.3)
- fips/rand/.cvsignore (1.1.2.2)
- fips/rand/Makefile.ssl (1.1.2.2)
- fips/rand/fingerprint.sha1 (1.1.2.2)
- fips/rand/fips_rand.c (1.1.2.2)
- fips/rand/fips_rand.h (1.1.2.2)
- fips/rand/fips_randtest.c (1.1.2.2)
- fips/des/.cvsignore (1.1.2.2)
- fips/des/Makefile.ssl (1.1.2.3)
- fips/des/fingerprint.sha1 (1.1.2.2)
- fips/des/fips_des_enc.c (1.1.2.3)
- fips/des/fips_des_locl.h (1.1.2.2)
- fips/des/fips_desmovs.c (1.1.2.3)
- fips/aes/.cvsignore (1.1.2.2)
- fips/aes/Makefile.ssl (1.1.2.5)
- fips/aes/fingerprint.sha1 (1.1.2.2)
- fips/aes/fips_aes_core.c (1.1.2.2)
- fips/aes/fips_aes_locl.h (1.1.2.2)
- fips/aes/fips_aesavs.c (1.1.2.9)
- fips/.cvsignore (1.1.2.2)
- fips/Makefile.ssl (1.1.2.6)
- fips/fingerprint.sha1 (1.1.2.3)
- fips/fips.c (1.1.2.2)
- fips/fips.h (1.1.2.2)
- fips/fips_check_sha1 (1.1.2.4)
- fips/fips_err.c (1.1.2.2)
- fips/fips_err_wrapper.c (1.1.2.2)
- fips/fips_make_sha1 (1.1.2.4)
- fips/lib (1.1.2.2)
- Changed:
- util/libeay.num (1.173.2.16), "Exp", lines: +11 -38
- util/mkerr.pl (1.18.2.5), "Exp", lines: +1 -2
- test/Makefile.ssl (1.84.2.31), "Exp", lines: +54 -180
- crypto/ripemd/Makefile.ssl (1.25.2.6), "Exp", lines: +2 -7
- crypto/sha/Makefile.ssl (1.26.2.6), "Exp", lines: +6 -16
- crypto/rand/Makefile.ssl (1.56.2.5), "Exp", lines: +15 -17
- crypto/rand/md_rand.c (1.69.2.3), "Exp", lines: +0 -9
- crypto/rand/rand.h (1.26.2.6), "Exp", lines: +0 -2
- crypto/rand/rand_err.c (1.6.2.2), "Exp", lines: +1 -3
- crypto/rand/rand_lib.c (1.15.2.3), "Exp", lines: +0 -11
- crypto/objects/obj_dat.h (1.49.2.18), "Exp", lines: +3 -27
- crypto/objects/obj_mac.h (1.19.2.18), "Exp", lines: +0 -32
- crypto/objects/obj_mac.num (1.15.2.14), "Exp", lines: +0 -8
- crypto/objects/objects.txt (1.20.2.19), "Exp", lines: +0 -11
- crypto/md4/Makefile.ssl (1.6.2.5), "Exp", lines: +4 -7
- crypto/md5/Makefile.ssl (1.33.2.8), "Exp", lines: +4 -7
- crypto/evp/Makefile.ssl (1.64.2.9), "Exp", lines: +7 -8
- crypto/evp/c_allc.c (1.8.2.6), "Exp", lines: +0 -4
- crypto/evp/e_aes.c (1.6.2.9), "Exp", lines: +4 -22
- crypto/evp/e_des.c (1.5.2.5), "Exp", lines: +2 -43
- crypto/evp/e_des3.c (1.8.2.4), "Exp", lines: +3 -3
- crypto/evp/evp.h (1.86.2.13), "Exp", lines: +11 -36
- crypto/evp/evp_err.c (1.23.2.2), "Exp", lines: +1 -3
- crypto/evp/evp_lib.c (1.6.8.3), "Exp", lines: +0 -24
- crypto/evp/evp_locl.h (1.7.2.5), "Exp", lines: +2 -11
- crypto/evp/evp_test.c (1.14.2.12), "Exp", lines: +8 -17
- crypto/evp/evptests.txt (1.9.2.6), "Exp", lines: +1 -106
- crypto/dsa/Makefile.ssl (1.49.2.7), "Exp", lines: +6 -10
- crypto/dsa/dsa_ossl.c (1.12.2.5), "Exp", lines: +0 -2
- crypto/dsa/dsa_sign.c (1.10.2.4), "Exp", lines: +0 -12
- crypto/dsa/dsa_vrf.c (1.10.2.4), "Exp", lines: +0 -8
- crypto/err/Makefile.ssl (1.48.2.5), "Exp", lines: +16 -17
- crypto/err/err.h (1.35.2.4), "Exp", lines: +0 -2
- crypto/err/err_all.c (1.17.2.3), "Exp", lines: +0 -4
- crypto/err/openssl.ec (1.11.2.2), "Exp", lines: +0 -1
- crypto/des/des.h (1.40.2.5), "Exp", lines: +1 -1
- crypto/des/des_enc.c (1.11.2.3), "Exp", lines: +0 -4
- crypto/des/des_old.c (1.11.2.5), "Exp", lines: +1 -1
- crypto/des/destest.c (1.30.2.7), "Exp", lines: +2 -2
- crypto/des/ecb3_enc.c (1.8.2.2), "Exp", lines: +3 -1
- crypto/aes/Makefile.ssl (1.4.2.7), "Exp", lines: +1 -2
- crypto/aes/aes.h (1.1.2.8), "Exp", lines: +0 -9
- crypto/aes/aes_cfb.c (1.1.2.8), "Exp", lines: +0 -93
- crypto/aes/aes_core.c (1.1.2.5), "Exp", lines: +0 -4
- crypto/cryptlib.c (1.32.2.10), "Exp", lines: +0 -5
- crypto/md32_common.h (1.22.2.5), "Exp", lines: +0 -11
- Configure (1.314.2.86), "Exp", lines: +0 -2
- Makefile.org (1.154.2.72), "Exp", lines: +8 -34
- TABLE (1.99.2.30), "Exp", lines: +0 -50
-
- A new branch for FIPS-related changes has been created with the
- name OpenSSL-fips-0_9_7-stable.
-
- Since the 0.9.7-stable branch is supposed to be in freeze
- and should only contain bug corrections, this change removes the
- FIPS changes from that branch.
-
-2004-05-11 14:44 ben
-
- Deleted:
- apps/Makefile.ssl (1.100.2.27)
- crypto/Makefile.ssl (1.84.2.12)
- crypto/aes/Makefile.ssl (1.4.2.9)
- crypto/asn1/Makefile.ssl (1.77.2.7)
- crypto/bf/Makefile.ssl (1.25.2.6)
- crypto/bio/Makefile.ssl (1.52.2.4)
- crypto/bn/Makefile.ssl (1.65.2.9)
- crypto/buffer/Makefile.ssl (1.32.2.4)
- crypto/cast/Makefile.ssl (1.31.2.6)
- crypto/comp/Makefile.ssl (1.32.2.4)
- crypto/conf/Makefile.ssl (1.38.2.8)
- crypto/des/Makefile.ssl (1.61.2.13)
- crypto/dh/Makefile.ssl (1.43.2.5)
- crypto/dsa/Makefile.ssl (1.49.2.9)
- crypto/dso/Makefile.ssl (1.11.2.4)
- crypto/ec/Makefile.ssl (1.7.2.4)
- crypto/engine/Makefile.ssl (1.30.2.13)
- crypto/err/Makefile.ssl (1.48.2.7)
- crypto/evp/Makefile.ssl (1.64.2.12)
- crypto/hmac/Makefile.ssl (1.33.2.6)
- crypto/idea/Makefile.ssl (1.20.2.4)
- crypto/krb5/Makefile.ssl (1.5.2.6)
- crypto/lhash/Makefile.ssl (1.28.2.4)
- crypto/md2/Makefile.ssl (1.29.2.5)
- crypto/md4/Makefile.ssl (1.6.2.7)
- crypto/md5/Makefile.ssl (1.33.2.10)
- crypto/mdc2/Makefile.ssl (1.30.2.4)
- crypto/objects/Makefile.ssl (1.46.2.6)
- crypto/ocsp/Makefile.ssl (1.19.2.7)
- crypto/pem/Makefile.ssl (1.51.2.5)
- crypto/pkcs12/Makefile.ssl (1.37.2.5)
- crypto/pkcs7/Makefile.ssl (1.47.2.5)
- crypto/rand/Makefile.ssl (1.56.2.8)
- crypto/rc2/Makefile.ssl (1.20.2.4)
- crypto/rc4/Makefile.ssl (1.25.2.6)
- crypto/rc5/Makefile.ssl (1.22.2.6)
- crypto/ripemd/Makefile.ssl (1.25.2.9)
- crypto/rsa/Makefile.ssl (1.53.2.6)
- crypto/sha/Makefile.ssl (1.26.2.9)
- crypto/stack/Makefile.ssl (1.28.2.4)
- crypto/txt_db/Makefile.ssl (1.26.2.4)
- crypto/ui/Makefile.ssl (1.10.2.6)
- crypto/x509/Makefile.ssl (1.56.2.5)
- crypto/x509v3/Makefile.ssl (1.62.2.5)
- ssl/Makefile.ssl (1.53.2.11)
- test/Makefile.ssl (1.84.2.36)
- tools/Makefile.ssl (1.9.2.4)
- Changed:
- .cvsignore (1.7.6.2), "Exp", lines: +2 -1
- Configure (1.314.2.92), "Exp", lines: +38 -8
- FAQ (1.61.2.31), "Exp", lines: +1 -1
- INSTALL (1.45.2.9), "Exp", lines: +2 -2
- INSTALL.W32 (1.30.2.14), "Exp", lines: +9 -4
- Makefile.org (1.154.2.78), "Exp", lines: +51 -19
- PROBLEMS (1.4.2.10), "Exp", lines: +2 -2
- e_os.h (1.56.2.17), "Exp", lines: +20 -1
- apps/.cvsignore (1.5.8.1), "Exp", lines: +1 -0
- apps/Makefile (1.1.4.1), "Exp", lines: +1147 -0
- apps/apps.c (1.49.2.27), "Exp", lines: +0 -10
- apps/ca.c (1.102.2.31), "Exp", lines: +0 -10
- apps/dgst.c (1.23.2.10), "Exp", lines: +39 -11
- apps/openssl.c (1.48.2.9), "Exp", lines: +19 -0
- crypto/Makefile (1.1.4.1), "Exp", lines: +217 -0
- crypto/cryptlib.c (1.32.2.11), "Exp", lines: +5 -0
- crypto/crypto-lib.com (1.53.2.12), "Exp", lines: +1 -1
- crypto/md32_common.h (1.22.2.6), "Exp", lines: +12 -0
- crypto/aes/Makefile (1.1.4.1), "Exp", lines: +102 -0
- crypto/aes/aes.h (1.1.2.9), "Exp", lines: +9 -0
- crypto/aes/aes_cfb.c (1.1.2.9), "Exp", lines: +93 -0
- crypto/aes/aes_core.c (1.1.2.6), "Exp", lines: +4 -0
- crypto/asn1/Makefile (1.1.4.1), "Exp", lines: +1150 -0
- crypto/bf/Makefile (1.1.4.1), "Exp", lines: +113 -0
- crypto/bio/Makefile (1.1.4.1), "Exp", lines: +214 -0
- crypto/bio/bio.h (1.56.2.6), "Exp", lines: +1 -0
- crypto/bn/Makefile (1.1.4.1), "Exp", lines: +324 -0
- crypto/bn/bntest.c (1.55.2.4), "Exp", lines: +1 -1
- crypto/buffer/Makefile (1.1.4.1), "Exp", lines: +92 -0
- crypto/cast/Makefile (1.1.4.1), "Exp", lines: +118 -0
- crypto/cast/asm/.cvsignore (1.2.8.1), "Exp", lines: +1 -0
- crypto/comp/Makefile (1.1.4.1), "Exp", lines: +112 -0
- crypto/conf/Makefile (1.1.4.1), "Exp", lines: +181 -0
- crypto/des/Makefile (1.1.4.1), "Exp", lines: +314 -0
- crypto/des/cfb64ede.c (1.6.2.4), "Exp", lines: +111 -0
- crypto/des/des.h (1.40.2.6), "Exp", lines: +5 -1
- crypto/des/des_enc.c (1.11.2.4), "Exp", lines: +8 -0
- crypto/des/des_old.c (1.11.2.6), "Exp", lines: +1 -1
- crypto/des/destest.c (1.30.2.8), "Exp", lines: +2 -2
- crypto/des/ecb3_enc.c (1.8.2.3), "Exp", lines: +1 -3
- crypto/des/set_key.c (1.18.2.2), "Exp", lines: +4 -0
- crypto/dh/Makefile (1.1.4.1), "Exp", lines: +131 -0
- crypto/dsa/Makefile (1.1.4.1), "Exp", lines: +173 -0
- crypto/dsa/dsa_gen.c (1.19.2.1), "Exp", lines: +4 -1
- crypto/dsa/dsa_key.c (1.9.2.1), "Exp", lines: +2 -0
- crypto/dsa/dsa_ossl.c (1.12.2.6), "Exp", lines: +2 -0
- crypto/dsa/dsa_sign.c (1.10.2.5), "Exp", lines: +12 -0
- crypto/dsa/dsa_vrf.c (1.10.2.5), "Exp", lines: +8 -0
- crypto/dso/Makefile (1.1.4.1), "Exp", lines: +140 -0
- crypto/ec/Makefile (1.1.4.1), "Exp", lines: +126 -0
- crypto/engine/Makefile (1.1.4.1), "Exp", lines: +536 -0
- crypto/engine/hw_cryptodev.c (1.1.2.6), "Exp", lines: +6 -2
- crypto/err/Makefile (1.1.4.1), "Exp", lines: +118 -0
- crypto/err/err.h (1.35.2.6), "Exp", lines: +2 -0
- crypto/err/err_all.c (1.17.2.4), "Exp", lines: +4 -0
- crypto/err/openssl.ec (1.11.2.3), "Exp", lines: +1 -0
- crypto/evp/Makefile (1.1.4.1), "Exp", lines: +1057 -0
- crypto/evp/bio_md.c (1.11.2.1), "Exp", lines: +6 -0
- crypto/evp/c_allc.c (1.8.2.7), "Exp", lines: +8 -0
- crypto/evp/e_aes.c (1.6.2.10), "Exp", lines: +22 -4
- crypto/evp/e_des.c (1.5.2.8), "Exp", lines: +36 -3
- crypto/evp/e_des3.c (1.8.2.7), "Exp", lines: +43 -4
- crypto/evp/evp.h (1.86.2.15), "Exp", lines: +39 -11
- crypto/evp/evp_err.c (1.23.2.3), "Exp", lines: +3 -1
- crypto/evp/evp_lib.c (1.6.8.4), "Exp", lines: +24 -0
- crypto/evp/evp_locl.h (1.7.2.6), "Exp", lines: +11 -2
- crypto/evp/evp_test.c (1.14.2.13), "Exp", lines: +17 -8
- crypto/evp/evptests.txt (1.9.2.7), "Exp", lines: +106 -1
- crypto/hmac/Makefile (1.1.4.1), "Exp", lines: +99 -0
- crypto/idea/Makefile (1.1.4.1), "Exp", lines: +89 -0
- crypto/krb5/Makefile (1.1.4.1), "Exp", lines: +88 -0
- crypto/lhash/Makefile (1.1.4.1), "Exp", lines: +91 -0
- crypto/md2/Makefile (1.1.4.1), "Exp", lines: +91 -0
- crypto/md4/Makefile (1.1.4.1), "Exp", lines: +93 -0
- crypto/md5/Makefile (1.1.4.1), "Exp", lines: +129 -0
- crypto/mdc2/Makefile (1.1.4.1), "Exp", lines: +96 -0
- crypto/objects/Makefile (1.1.4.1), "Exp", lines: +121 -0
- crypto/objects/obj_dat.h (1.49.2.19), "Exp", lines: +33 -3
- crypto/objects/obj_mac.h (1.19.2.19), "Exp", lines: +40 -0
- crypto/objects/obj_mac.num (1.15.2.15), "Exp", lines: +10 -0
- crypto/objects/objects.txt (1.20.2.20), "Exp", lines: +13 -0
- crypto/ocsp/Makefile (1.1.4.1), "Exp", lines: +291 -0
- crypto/pem/Makefile (1.1.4.1), "Exp", lines: +334 -0
- crypto/pkcs12/Makefile (1.1.4.1), "Exp", lines: +415 -0
- crypto/pkcs7/Makefile (1.1.4.1), "Exp", lines: +241 -0
- crypto/rand/Makefile (1.1.4.1), "Exp", lines: +196 -0
- crypto/rand/md_rand.c (1.69.2.4), "Exp", lines: +9 -0
- crypto/rand/rand.h (1.26.2.7), "Exp", lines: +3 -0
- crypto/rand/rand_err.c (1.6.2.3), "Exp", lines: +4 -1
- crypto/rand/rand_lib.c (1.15.2.4), "Exp", lines: +11 -0
- crypto/rc2/Makefile (1.1.4.1), "Exp", lines: +89 -0
- crypto/rc4/Makefile (1.1.4.1), "Exp", lines: +108 -0
- crypto/rc5/Makefile (1.1.4.1), "Exp", lines: +106 -0
- crypto/ripemd/Makefile (1.1.4.1), "Exp", lines: +111 -0
- crypto/rsa/Makefile (1.1.4.1), "Exp", lines: +239 -0
- crypto/rsa/rsa_eay.c (1.28.2.9), "Exp", lines: +1 -1
- crypto/rsa/rsa_gen.c (1.8.6.1), "Exp", lines: +3 -0
- crypto/sha/Makefile (1.1.4.1), "Exp", lines: +118 -0
- crypto/sha/sha1dgst.c (1.21.2.1), "Exp", lines: +8 -0
- crypto/stack/Makefile (1.1.4.1), "Exp", lines: +86 -0
- crypto/txt_db/Makefile (1.1.4.1), "Exp", lines: +86 -0
- crypto/ui/Makefile (1.1.4.1), "Exp", lines: +115 -0
- crypto/x509/Makefile (1.1.4.1), "Exp", lines: +592 -0
- crypto/x509v3/Makefile (1.1.4.1), "Exp", lines: +601 -0
- fips/Makefile (1.1.4.1), "Exp", lines: +202 -0
- fips/fingerprint.sha1 (1.1.2.4), "Exp", lines: +4 -4
- fips/fips.c (1.1.2.3), "Exp", lines: +120 -5
- fips/fips.h (1.1.2.3), "Exp", lines: +42 -2
- fips/fips_check_sha1 (1.1.2.5), "Exp", lines: +2 -2
- fips/fips_err.h (1.1.4.1), "Exp", lines: +117 -0
- fips/fips_err_wrapper.c (1.1.2.3), "Exp", lines: +4 -2
- fips/fips_locl.h (1.1.4.1), "Exp", lines: +62 -0
- fips/fips_make_sha1 (1.1.2.5), "Exp", lines: +9 -6
- fips/fips_test_suite.c (1.1.4.1), "Exp", lines: +302 -0
- fips/openssl_fips_fingerprint (1.1.4.1), "Exp", lines: +25 -0
- fips/aes/Makefile (1.1.4.1), "Exp", lines: +131 -0
- fips/aes/fingerprint.sha1 (1.1.2.3), "Exp", lines: +3 -2
- fips/aes/fips_aes_core.c (1.1.2.3), "Exp", lines: +5 -2
- fips/aes/fips_aes_locl.h (1.1.2.3), "Exp", lines: +0 -0
- fips/aes/fips_aes_selftest.c (1.1.4.1), "Exp", lines: +112 -0
- fips/aes/fips_aesavs.c (1.1.2.10), "Exp", lines: +12 -6
- fips/des/Makefile (1.1.4.1), "Exp", lines: +155 -0
- fips/des/fingerprint.sha1 (1.1.2.3), "Exp", lines: +5 -2
- fips/des/fips_des_enc.c (1.1.2.4), "Exp", lines: +16 -3
- fips/des/fips_des_locl.h (1.1.2.3), "Exp", lines: +1 -1
- fips/des/fips_des_selftest.c (1.1.4.1), "Exp", lines: +200 -0
- fips/des/fips_desmovs.c (1.1.2.4), "Exp", lines: +186 -79
- fips/des/fips_set_key.c (1.1.4.1), "Exp", lines: +415 -0
- fips/des/asm/fips-dx86-elf.s (1.1.4.1), "Exp", lines: +2697 -0
- fips/dsa/Makefile (1.1.4.1), "Exp", lines: +159 -0
- fips/dsa/fingerprint.sha1 (1.1.2.4), "Exp", lines: +3 -1
- fips/dsa/fips_dsa_gen.c (1.1.4.1), "Exp", lines: +373 -0
- fips/dsa/fips_dsa_ossl.c (1.1.2.4), "Exp", lines: +16 -3
- fips/dsa/fips_dsa_selftest.c (1.1.4.1), "Exp", lines: +168 -0
- fips/dsa/fips_dsatest.c (1.1.2.4), "Exp", lines: +10 -6
- fips/dsa/fips_dssvs.c (1.1.4.1), "Exp", lines: +306 -0
- fips/rand/Makefile (1.1.4.1), "Exp", lines: +104 -0
- fips/rand/fingerprint.sha1 (1.1.2.3), "Exp", lines: +2 -2
- fips/rand/fips_rand.c (1.1.2.3), "Exp", lines: +60 -10
- fips/rand/fips_rand.h (1.1.2.3), "Exp", lines: +19 -1
- fips/rand/fips_randtest.c (1.1.2.3), "Exp", lines: +31 -10
- fips/rsa/Makefile (1.1.4.1), "Exp", lines: +112 -0
- fips/rsa/fingerprint.sha1 (1.1.4.1), "Exp", lines: +3 -0
- fips/rsa/fips_rsa_eay.c (1.1.4.1), "Exp", lines: +735 -0
- fips/rsa/fips_rsa_gen.c (1.1.4.1), "Exp", lines: +249 -0
- fips/rsa/fips_rsa_selftest.c (1.1.4.1), "Exp", lines: +207 -0
- fips/sha1/.cvsignore (1.1.2.3), "Exp", lines: +1 -2
- fips/sha1/Makefile (1.1.4.1), "Exp", lines: +158 -0
- fips/sha1/fingerprint.sha1 (1.1.2.4), "Exp", lines: +5 -3
- fips/sha1/fips_md32_common.h (1.1.2.3), "Exp", lines: +0 -0
- fips/sha1/fips_sha1_selftest.c (1.1.4.1), "Exp", lines: +97 -0
- fips/sha1/fips_sha1dgst.c (1.1.2.4), "Exp", lines: +4 -4
- fips/sha1/fips_sha1test.c (1.1.2.4), "Exp", lines: +17 -0
- fips/sha1/fips_sha_locl.h (1.1.2.3), "Exp", lines: +7 -0
- fips/sha1/fips_standalone_sha1.c (1.1.2.4), "Exp", lines: +60 -7
- fips/sha1/sha1hashes.txt (1.1.2.3), "Exp", lines: +0 -0
- fips/sha1/sha1vectors.txt (1.1.2.3), "Exp", lines: +0 -0
- fips/sha1/standalone.sha1 (1.1.2.5), "Exp", lines: +6 -4
- fips/sha1/asm/sx86-elf.s (1.1.4.1), "Exp", lines: +1568 -0
- ms/do_masm.bat (1.1.8.2), "Exp", lines: +12 -10
- ms/do_ms.bat (1.4.8.2), "Exp", lines: +11 -11
- ms/do_nasm.bat (1.1.8.2), "Exp", lines: +12 -11
- ms/do_nt.bat (1.2.8.1), "Exp", lines: +4 -4
- shlib/hpux10-cc.sh (1.3.2.2), "Exp", lines: +3 -3
- ssl/Makefile (1.1.4.1), "Exp", lines: +1019 -0
- ssl/s3_clnt.c (1.53.2.16), "Exp", lines: +10 -0
- ssl/s3_srvr.c (1.85.2.21), "Exp", lines: +9 -0
- ssl/ssl_cert.c (1.48.2.7), "Exp", lines: +9 -0
- ssl/ssl_lib.c (1.110.2.12), "Exp", lines: +13 -1
- ssl/ssltest.c (1.53.2.23), "Exp", lines: +33 -1
- ssl/t1_enc.c (1.27.2.8), "Exp", lines: +19 -1
- test/.cvsignore (1.4.8.1), "Exp", lines: +4 -0
- test/Makefile (1.1.4.1), "Exp", lines: +941 -0
- test/bctest (1.14.2.1), "Exp", lines: +1 -1
- test/testenc (1.3.8.1), "Exp", lines: +1 -1
- test/testfipsssl (1.1.4.1), "Exp", lines: +113 -0
- tools/Makefile (1.1.4.1), "Exp", lines: +61 -0
- util/cygwin.sh (1.1.2.5), "Exp", lines: +3 -3
- util/domd (1.6.2.3), "Exp", lines: +5 -5
- util/fixNT.sh (1.1.1.2.8.1), "Exp", lines: +3 -3
- util/libeay.num (1.173.2.19), "Exp", lines: +55 -11
- util/mk1mf.pl (1.41.2.10), "Exp", lines: +6 -4
- util/mkdef.pl (1.67.2.7), "Exp", lines: +11 -4
- util/mkerr.pl (1.18.2.6), "Exp", lines: +2 -1
- util/mkfiles.pl (1.12.2.1), "Exp", lines: +8 -1
- util/pod2mantest (1.1.2.7), "Exp", lines: +1 -1
- util/selftest.pl (1.18.2.1), "Exp", lines: +2 -2
- util/pl/BC-16.pl (1.2.2.1), "Exp", lines: +1 -1
- util/pl/BC-32.pl (1.11.2.4), "Exp", lines: +1 -1
- util/pl/Mingw32.pl (1.12.6.5), "Exp", lines: +1 -1
- util/pl/OS2-EMX.pl (1.1.2.3), "Exp", lines: +1 -1
- util/pl/VC-16.pl (1.3.2.1), "Exp", lines: +2 -2
- util/pl/VC-32.pl (1.11.2.3), "Exp", lines: +2 -2
- util/pl/VC-CE.pl (1.1.2.5), "Exp", lines: +1 -1
- util/pl/ultrix.pl (1.2.8.1), "Exp", lines: +1 -1
-
- Pull FIPS back into stable.
-
-2004-05-12 10:27 levitte
-
- Changed:
- apps/Makefile (1.1.4.2), "Exp", lines: +3 -1
-
- Only check for FIPS signatures when FIPS is enabled.
-
-2004-05-12 10:28 levitte
-
- Changed:
- crypto/des/FILES0 (1.1.4.2), "Exp", lines: +1 -1
-
- Makefile.ssl changed name to Makefile.
-
-2004-05-12 10:28 levitte
-
- Changed:
- fips/rand/fips_rand.c (1.1.2.4), "Exp", lines: +5 -1
-
- Only really build this file when OPENSSL_FIPS is defined. And oh,
- let's keep internal variables static.
-
-2004-05-12 10:42 levitte
-
- Changed:
- fips/rand/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1
-
- I forgot to modify the signature for fips_rand.c...
-
-2004-05-12 10:46 levitte
-
- Changed:
- fips/rsa/.cvsignore (1.1.4.1), "Exp", lines: +1 -0
- fips/.cvsignore (1.1.2.3), "Exp", lines: +1 -1
- fips/aes/.cvsignore (1.1.2.3), "Exp", lines: +0 -3
- fips/des/.cvsignore (1.1.2.3), "Exp", lines: +0 -2
- fips/dsa/.cvsignore (1.1.2.3), "Exp", lines: +0 -1
- fips/rand/.cvsignore (1.1.2.3), "Exp", lines: +0 -1
-
- Ignore the 'lib' timestamp file.
-
-2004-05-12 12:07 levitte
-
- Changed:
- fips/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
- fips/aes/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
- fips/des/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
- fips/dsa/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
- fips/rand/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
- fips/rsa/.cvsignore (1.1.4.2), "Exp", lines: +1 -0
- fips/sha1/.cvsignore (1.1.2.4), "Exp", lines: +1 -0
-
- Ignore 'Makefile.save'
-
-2004-05-12 16:11 ben
-
- Changed:
- crypto/rand/rand.h (1.26.2.8), "Exp", lines: +2 -0
- crypto/rand/rand_err.c (1.6.2.4), "Exp", lines: +2 -0
- fips/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
- fips/fips.c (1.1.2.4), "Exp", lines: +5 -1
- fips/rand/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
- fips/rand/fips_rand.c (1.1.2.5), "Exp", lines: +29 -0
-
- Blow up in people's faces if they don't reseed.
-
-2004-05-15 19:51 ben
-
- Changed:
- crypto/dh/dh.h (1.23.2.6), "Exp", lines: +1 -0
- crypto/dh/dh_err.c (1.6.2.3), "Exp", lines: +2 -1
- crypto/dh/dh_gen.c (1.8.8.2), "Exp", lines: +9 -0
- fips/fips_test_suite.c (1.1.4.2), "Exp", lines: +4 -3
- fips/aes/fips_aesavs.c (1.1.2.11), "Exp", lines: +49 -1
- fips/des/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1
- fips/des/fips_desmovs.c (1.1.2.5), "Exp", lines: +49 -1
- fips/des/fips_set_key.c (1.1.4.2), "Exp", lines: +2 -0
- fips/sha1/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
- fips/sha1/fips_md32_common.h (1.1.2.4), "Exp", lines: +3 -0
- fips/sha1/standalone.sha1 (1.1.2.6), "Exp", lines: +1 -1
-
- Fix self-tests, ban some things in FIPS mode, fix copyrights.
-
-2004-05-17 06:28 levitte
-
- Changed:
- util/mk1mf.pl (1.41.2.11), "Exp", lines: +8 -2
- util/pl/BC-16.pl (1.2.2.2), "Exp", lines: +9 -4
- util/pl/BC-32.pl (1.11.2.5), "Exp", lines: +8 -3
- util/pl/Mingw32.pl (1.12.6.6), "Exp", lines: +7 -2
- util/pl/OS2-EMX.pl (1.1.2.4), "Exp", lines: +7 -2
- util/pl/VC-16.pl (1.3.2.2), "Exp", lines: +7 -2
- util/pl/VC-32.pl (1.11.2.4), "Exp", lines: +7 -2
- util/pl/VC-CE.pl (1.1.2.6), "Exp", lines: +7 -2
- util/pl/linux.pl (1.3.6.1), "Exp", lines: +7 -2
- util/pl/ultrix.pl (1.2.8.2), "Exp", lines: +7 -2
- util/pl/unix.pl (1.2.8.1), "Exp", lines: +7 -2
-
- Generate SHA1 files on Windows and other platforms supported by
- mk1mf.pl, when building in FIPS mode.
-
- Note: UNTESTED!
-
-2004-05-17 06:30 levitte
-
- Changed:
- apps/apps.h (1.44.2.14), "Exp", lines: +3 -0
- apps/openssl.c (1.48.2.10), "Exp", lines: +9 -5
-
- Make sure the applications know when we are running in FIPS mode.
- We can't use the variable in libcrypto, since it's supposedly
- unknown.
-
- Note: currently only supported in MONOLITH mode.
-
-2004-05-17 06:31 levitte
-
- Changed:
- apps/enc.c (1.35.2.9), "Exp", lines: +10 -1
-
- When in FIPS mode, use SHA1 to digest the key, rather than MD5, as
- MD5 isn't a FIPS-approved algorithm.
-
- Note: this means the user needs to keep track of this, and
- we need to add support for that...
-
-2004-05-19 16:16 levitte
-
- Changed:
- fips/rsa/fingerprint.sha1 (1.1.4.2), "Exp", lines: +2 -2
- fips/rsa/fips_rsa_eay.c (1.1.4.2), "Exp", lines: +8 -8
- fips/rsa/fips_rsa_gen.c (1.1.4.2), "Exp", lines: +1 -1
- fips/dsa/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2
- fips/dsa/fips_dsa_gen.c (1.1.4.2), "Exp", lines: +2 -2
- fips/dsa/fips_dsa_ossl.c (1.1.2.5), "Exp", lines: +4 -4
- fips/aes/fingerprint.sha1 (1.1.2.4), "Exp", lines: +1 -1
- fips/aes/fips_aes_core.c (1.1.2.4), "Exp", lines: +5 -5
- crypto/rsa/rsa.h (1.36.2.11), "Exp", lines: +4 -0
- crypto/aes/aes.h (1.1.2.10), "Exp", lines: +6 -0
- crypto/dsa/dsa.h (1.26.2.5), "Exp", lines: +4 -0
-
- Define FIPS_*_SIZE_T for AES, DSA and RSA as well, in preparation
- for size_t-ification of those algorithms in future version of
- OpenSSL...
-
-2004-05-27 11:33 levitte
-
- Changed:
- makevms.com (1.35.2.3), "Exp", lines: +27 -0
-
- Copy the FIPS files to the temporary openssl include directory.
-
-2004-05-27 12:04 levitte
-
- Changed:
- fips/fips-lib.com (1.1.2.1), "Exp", lines: +1179 -0
- makevms.com (1.35.2.4), "Exp", lines: +8 -0
-
- Compile the FIPS directory on VMS as well. fips-lib.com is
- essentially a copy of crypto-lib.com, with just a few edits.
-
-2004-05-27 12:07 levitte
-
- Changed:
- fips/install.com (1.1.2.1), "Exp", lines: +55 -0
- install.com (1.4.2.2), "Exp", lines: +6 -6
-
- Run an installation of FIPS stuff as well.
-
-2004-05-27 12:19 levitte
-
- Changed:
- test/maketests.com (1.13.2.5), "Exp", lines: +3 -3
- apps/makeapps.com (1.18.2.5), "Exp", lines: +3 -3
-
- Make sure o_str.h is reachable.
-
-2004-06-19 15:15 ben
-
- Changed:
- Makefile.org (1.154.2.80), "Exp", lines: +1 -1
- crypto/dh/dh.h (1.23.2.7), "Exp", lines: +0 -1
- crypto/dh/dh_check.c (1.6.2.1), "Exp", lines: +4 -0
- crypto/dh/dh_err.c (1.6.2.4), "Exp", lines: +0 -1
- crypto/dh/dh_gen.c (1.8.8.3), "Exp", lines: +5 -9
- crypto/dh/dh_key.c (1.16.2.3), "Exp", lines: +4 -0
- fips/Makefile (1.1.4.2), "Exp", lines: +13 -14
- fips/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2
- fips/fips.h (1.1.2.4), "Exp", lines: +1 -0
- fips/fips_err.h (1.1.4.2), "Exp", lines: +1 -0
- fips/fips_make_sha1 (1.1.2.6), "Exp", lines: +3 -0
- fips/fips_test_suite.c (1.1.4.3), "Exp", lines: +13 -9
- fips/openssl_fips_fingerprint (1.1.4.2), "Exp", lines: +1 -2
-
- The version that was actually submitted for FIPS testing.
-
-2004-06-19 15:16 ben
-
- Changed:
- fips/dh/Makefile (1.1.2.1), "Exp", lines: +92 -0
- fips/dh/fingerprint.sha1 (1.1.2.1), "Exp", lines: +3 -0
- fips/dh/fips_dh_check.c (1.1.2.1), "Exp", lines: +119 -0
- fips/dh/fips_dh_gen.c (1.1.2.1), "Exp", lines: +182 -0
- fips/dh/fips_dh_key.c (1.1.2.1), "Exp", lines: +222 -0
-
- Add Diffie-Hellman to FIPS.
-
-2004-06-19 15:18 ben
-
- Changed:
- fips/.cvsignore (1.1.2.5), "Exp", lines: +2 -0
- fips/dh/.cvsignore (1.1.2.1), "Exp", lines: +1 -0
-
- Update ignores.
-
-2004-06-21 11:07 levitte
-
- Changed:
- fips/aes/Makefile (1.1.4.2), "Exp", lines: +7 -5
- fips/des/Makefile (1.1.4.2), "Exp", lines: +7 -5
- fips/dh/Makefile (1.1.2.2), "Exp", lines: +7 -6
- fips/dsa/Makefile (1.1.4.2), "Exp", lines: +7 -6
- fips/rsa/Makefile (1.1.4.2), "Exp", lines: +7 -6
- fips/sha1/Makefile (1.1.4.2), "Exp", lines: +7 -5
-
- Make sure we don't try to loop over an empty EXHEADER. In the
- Makefiles where this was fixed by commenting away code, change it
- to check for an empty EXHEADER instead, so we have less hassle in a
- future where EXHEADER changes.
-
- PR: 900
-
-2004-06-21 20:05 levitte
-
- Changed:
- Makefile.org (1.154.2.82), "Exp", lines: +3 -1
-
- Standard sh doesn't tolerate ! as part of the conditional command.
-
- PR: 900
-
-2004-06-28 22:33 levitte
-
- Changed:
- fips/dh/fips_dh_check.c (1.1.2.2), "Exp", lines: +6 -0
- fips/dh/fips_dh_gen.c (1.1.2.2), "Exp", lines: +6 -2
- fips/dh/fips_dh_key.c (1.1.2.2), "Exp", lines: +8 -0
-
- Make sure the FIPS stuff is only really compiled when in FIPS mode.
-
-2004-07-12 19:59 ben
-
- Changed:
- fips/fips_test_suite.c (1.1.4.4), "Exp", lines: +39 -6
- fips/dh/fingerprint.sha1 (1.1.2.2), "Exp", lines: +3 -3
-
- Corrected test program.
-
-2004-07-17 14:48 appro
-
- Changed:
- fips/des/Makefile (1.1.4.3), "Exp", lines: +1 -1
-
- Eliminate enforced -g from CFLAGS. It switches off optimization
- with some compilers, e.g. DEC C.
-
-2004-07-21 19:41 steve
-
- Changed:
- crypto/pem/pem_all.c (1.20.2.1), "Exp", lines: +119 -0
-
- When in FIPS mode write private keys in PKCS#8 and PBES2 format to
- avoid use of prohibited MD5 algorithm.
-
-2004-07-23 15:20 ben
-
- Changed:
- fips/rand/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1
- fips/rand/fips_rand.c (1.1.2.7), "Exp", lines: +22 -7
- fips/rand/fips_randtest.c (1.1.2.5), "Exp", lines: +2 -2
-
- Convert to X9.31.
-
-2004-07-21 19:35 steve
-
- Changed:
- fips/fingerprint.sha1 (1.1.2.7), "Exp", lines: +1 -1
- fips/fips.c (1.1.2.5), "Exp", lines: +3 -3
- fips/rsa/fingerprint.sha1 (1.1.4.3), "Exp", lines: +1 -1
- fips/rsa/fips_rsa_selftest.c (1.1.4.2), "Exp", lines: +8 -8
-
- Avoid compiler warnings.
-
-2004-07-27 02:17 steve
-
- Changed:
- fips/fips_test_suite.c (1.1.4.5), "Exp", lines: +9 -8
-
- Stop compiler warnings.
-
-2004-07-27 02:20 steve
-
- Changed:
- crypto/err/err.c (1.51.2.6), "Exp", lines: +1 -0
-
- Add FIPS name to error library.
-
-2004-07-27 14:22 steve
-
- Changed:
- Makefile.org (1.154.2.84), "Exp", lines: +3 -3
- fips/fips_check_sha1 (1.1.2.6), "Exp", lines: +1 -1
- fips/openssl_fips_fingerprint (1.1.4.3), "Exp", lines: +1 -1
-
- Rename libcrypto.sha1 to libcrypto.a.sha1
-
-2004-07-27 20:28 steve
-
- Changed:
- ssl/s3_lib.c (1.57.2.11), "Exp", lines: +33 -33
- ssl/ssl.h (1.126.2.20), "Exp", lines: +1 -0
- ssl/ssl_ciph.c (1.33.2.9), "Exp", lines: +11 -0
- ssl/ssl_locl.h (1.47.2.3), "Exp", lines: +2 -1
-
- New cipher "strength" FIPS which specifies that a cipher suite is
- FIPS compatible.
-
- New cipherstring "FIPS" is all FIPS compatible ciphersuites
- except eNULL.
-
- Only allow FIPS ciphersuites in FIPS mode.
-
-2004-07-28 04:24 levitte
-
- Changed:
- makevms.com (1.35.2.6), "Exp", lines: +2 -2
-
- From the FIPS directory, darnit!
-
-2004-07-28 15:47 levitte
-
- Changed:
- makevms.com (1.35.2.7), "Exp", lines: +5 -1
-
- Define OPENSSL_FIPS in opensslconf.h if a logical name with the
- same name is defined.
-
- Go up one directory level before dealing with FIPS stuff.
-
-2004-07-30 00:26 levitte
-
- Changed:
- fips/fips-lib.com (1.1.2.2), "Exp", lines: +3 -3
-
- We're building crypto stuff, not ssl stuff. Additionally, we're in
- the fips subdirectory, not the crypto one...
-
-2004-07-30 16:37 levitte
-
- Changed:
- fips/sha1/fingerprint.sha1 (1.1.2.7), "Exp", lines: +2 -2
- fips/sha1/fips_md32_common.h (1.1.2.6), "Exp", lines: +1 -1
- fips/sha1/fips_sha_locl.h (1.1.2.5), "Exp", lines: +2 -2
- fips/sha1/fips_standalone_sha1.c (1.1.2.5), "Exp", lines: +1 -1
- fips/sha1/standalone.sha1 (1.1.2.8), "Exp", lines: +3 -3
- ssl/ssl_ciph.c (1.33.2.10), "Exp", lines: +2 -2
- fips/rsa/fingerprint.sha1 (1.1.4.4), "Exp", lines: +2 -2
- fips/rsa/fips_rsa_eay.c (1.1.4.3), "Exp", lines: +1 -1
- fips/rsa/fips_rsa_gen.c (1.1.4.3), "Exp", lines: +1 -1
- fips/dh/fingerprint.sha1 (1.1.2.3), "Exp", lines: +1 -1
- fips/dh/fips_dh_gen.c (1.1.2.3), "Exp", lines: +1 -1
- fips/dsa/fingerprint.sha1 (1.1.2.6), "Exp", lines: +2 -2
- fips/dsa/fips_dsa_gen.c (1.1.4.3), "Exp", lines: +4 -3
- fips/dsa/fips_dsa_ossl.c (1.1.2.6), "Exp", lines: +2 -2
- fips/des/fingerprint.sha1 (1.1.2.5), "Exp", lines: +2 -2
- fips/des/fips_des_enc.c (1.1.2.5), "Exp", lines: +2 -2
- fips/des/fips_set_key.c (1.1.4.3), "Exp", lines: +3 -3
- fips/fingerprint.sha1 (1.1.2.8), "Exp", lines: +2 -2
- fips/fips.c (1.1.2.6), "Exp", lines: +76 -23
- fips/fips.h (1.1.2.5), "Exp", lines: +2 -3
- fips/fips_locl.h (1.1.4.2), "Exp", lines: +7 -2
- fips/aes/fingerprint.sha1 (1.1.2.5), "Exp", lines: +1 -1
- fips/aes/fips_aes_core.c (1.1.2.5), "Exp", lines: +1 -1
- crypto/rand/md_rand.c (1.69.2.5), "Exp", lines: +1 -1
- crypto/rand/rand_lib.c (1.15.2.5), "Exp", lines: +2 -1
- crypto/dsa/dsa_sign.c (1.10.2.6), "Exp", lines: +2 -2
- crypto/dsa/dsa_vrf.c (1.10.2.6), "Exp", lines: +1 -1
- crypto/pem/pem_all.c (1.20.2.2), "Exp", lines: +2 -2
- crypto/cryptlib.c (1.32.2.12), "Exp", lines: +122 -6
- crypto/crypto.h (1.62.2.8), "Exp", lines: +8 -1
- crypto/md32_common.h (1.22.2.7), "Exp", lines: +2 -2
-
- To protect FIPS-related global variables, add locking mechanisms
- around them.
-
- NOTE: because two new locks are added, this adds potential
- binary incompatibility with earlier versions in the 0.9.7 series.
- However, those locks will only ever be touched when FIPS_mode_set()
- is called and after, thanks to a variable that's only changed from
- 0 to 1 once (when FIPS_mode_set() is called). So basically, as
- long as FIPS mode hasn't been engaged explicitely by the calling
- application, the new locks are treated as if they didn't exist at
- all, thus not becoming a problem. Applications that are built or
- rebuilt to use FIPS functionality will need to be recompiled in any
- case, thus not being a problem either.
-
-2004-08-02 16:15 levitte
-
- Changed:
- crypto/cryptlib.c (1.32.2.13), "Exp", lines: +4 -4
-
- Let's lock a write lock when changing values, shall we?
-
- Thanks to Dr Stephen Henson <shenson@drh-consultancy.co.uk>
- for making me aware of this error.
-
-2004-08-05 20:11 steve
-
- Changed:
- fips/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1
- fips/fips.c (1.1.2.7), "Exp", lines: +1 -1
-
- Stop compiler giving bogus shadow warning.
-
-2004-08-09 14:13 levitte
-
- Changed:
- makevms.com (1.35.2.8), "Exp", lines: +1 -1
-
- In the fips directory, we use FIPS-LIB.COM, not CRYPTO-LIB.COM...
-
-2004-08-09 14:14 levitte
-
- Changed:
- fips/fips-lib.com (1.1.2.3), "Exp", lines: +4 -4
-
- Correct typos and include directory specifications.
-
-2004-08-10 11:11 levitte
-
- Changed:
- fips/fips-lib.com (1.1.2.4), "Exp", lines: +2 -1
-
- Update the VMS fips library builder with the DH library.
-
-2004-08-10 12:04 levitte
-
- Changed:
- fips/rand/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1
- fips/rand/fips_rand.c (1.1.2.8), "Exp", lines: +7 -1
-
- With DEC C in ANSI C mode, we need to define _XOPEN_SOURCE_EXTENDED
- to get struct timeval and gettimeofday().
-
-2004-09-06 16:19 levitte
-
- Changed:
- fips/fips.c (1.1.2.8), "Exp", lines: +5 -4
-
- Replace the bogus checks of n with proper uses of feof(), ferror()
- and clearerr().
-
-2004-09-06 16:21 levitte
-
- Changed:
- fips/sha1/fips_sha_locl.h (1.1.2.6), "Exp", lines: +2 -2
-
- num is an unsigned long, but since it was transfered from
- crypto/sha/sha_locl.h, where it is in fact an int, we need to check
- for less-than-zero as if it was an int...
-
-2004-10-08 12:03 ben
-
- Changed:
- fips/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1
- fips/sha1/fingerprint.sha1 (1.1.2.8), "Exp", lines: +1 -1
- fips/sha1/standalone.sha1 (1.1.2.9), "Exp", lines: +1 -1
-
- Update fingerprints.
-
-2004-10-14 07:51 levitte
-
- Changed:
- VMS/mkshared.com (1.3.2.1), "Exp", lines: +8 -0
-
- We need to check for OPENSSL_FIPS when building shared libraries,
- so we get correct transfer vectors for those functions when
- required.
-
-2004-10-26 13:47 steve
-
- Changed:
- util/mkfiles.pl (1.12.2.2), "Exp", lines: +1 -0
-
- Add fips/dh directory to mkfiles.pl
-
-2004-10-26 14:17 levitte
-
- Changed:
- fips/sha1/Makefile (1.1.4.4), "Exp", lines: +3 -1
- util/mkfiles.pl (1.12.2.3), "Exp", lines: +1 -0
- fips/Makefile (1.1.4.5), "Exp", lines: +7 -1
- crypto/sha/Makefile (1.1.4.4), "Exp", lines: +1 -7
-
- fips/dh was missing in mkfiles.pl. make update
-
-2004-10-26 15:01 steve
-
- Changed:
- util/mkfiles.pl (1.12.2.4), "Exp", lines: +0 -1
-
- Only add fips/dh once...
-
-2004-11-01 09:20 levitte
-
- Changed:
- fips/rand/fingerprint.sha1 (1.1.2.9), "Exp", lines: +1 -1
- fips/rand/fips_rand.c (1.1.2.9), "Exp", lines: +3 -1
-
- Make sure _XOPEN_SOURCE_EXTENDED is correctly defined, and only if
- not already defined.
-
-2004-12-09 19:03 appro
-
- vChanged:
- crypto/Makefile (1.1.4.4), "Exp", lines: +2 -0
-
- Postpone linking of shared libcrypto in FIPS build.
-
-2004-12-09 19:13 appro
-
- Changed:
- fips/fingerprint.sha1 (1.1.2.11), "Exp", lines: +1 -1
- fips/fips.c (1.1.2.9), "Exp", lines: +13 -1
- fips/openssl_fips_fingerprint (1.1.4.4), "Exp", lines: +4 -2
-
- Cygwin specific FIPS fix-ups.
-
-2004-12-09 23:43 appro
-
- Changed:
- Configure (1.314.2.100), "Exp", lines: +2 -3
- crypto/des/des_enc.c (1.11.2.5), "Exp", lines: +2 -2
-
- Eliminate false dependency on 386 config option is FIPS context.
- At the same time limit assembler support to ELF platforms [that's
- what is there, ELF modules].
-
-2004-12-10 12:37 appro
-
- Changed:
- Configure (1.314.2.101), "Exp", lines: +10 -3
- crypto/des/des_enc.c (1.11.2.6), "Exp", lines: +2 -2
-
- Respect no-asm with fips option and disable FIPS DES assembler in
- shared context [because it's not PIC].
-
-2004-12-10 14:15 appro
-
- Changed:
- fips/sha1/fingerprint.sha1 (1.1.2.10), "Exp", lines: +1 -1
- fips/sha1/standalone.sha1 (1.1.2.11), "Exp", lines: +1 -1
- fips/sha1/asm/sx86-elf.s (1.1.4.3), "Exp", lines: +32 -32
-
- Solaris x86 assembler update.
-
-2004-12-10 17:30 appro
-
- Changed:
- fips/fips_check_sha1 (1.1.2.7), "Exp", lines: +1 -1
- fips/openssl_fips_fingerprint (1.1.4.5), "Exp", lines: +1 -1
- fips/sha1/Makefile (1.1.4.6), "Exp", lines: +1 -1
-
- Adapt FIPS sub-tree for mingw.
-
-2005-01-03 18:46 steve
-
- Changed:
- fips/rsa/fingerprint.sha1 (1.1.4.5), "Exp", lines: +1 -1
- fips/rsa/fips_rsa_selftest.c (1.1.4.3), "Exp", lines: +55 -11
-
- RSA KAT.
-
-2005-01-11 17:54 levitte
-
- Changed:
- fips/rsa/fingerprint.sha1 (1.1.4.6), "Exp", lines: +1 -1
- fips/rsa/fips_rsa_selftest.c (1.1.4.4), "Exp", lines: +2 -2
-
- Clear signed vs. unsigned conflicts. Change the fingerprint
- accordingly.
-
-2005-01-11 19:25 levitte
-
- Changed:
- ssl/ssltest.c (1.53.2.24), "Exp", lines: +2 -2
- fips/rand/fips_randtest.c (1.1.2.6), "Exp", lines: +3 -3
- fips/sha1/fips_sha1test.c (1.1.2.5), "Exp", lines: +10 -4
- fips/des/fips_desmovs.c (1.1.2.6), "Exp", lines: +8 -7
- fips/dsa/fips_dsatest.c (1.1.2.5), "Exp", lines: +2 -2
- apps/openssl.c (1.48.2.12), "Exp", lines: +1 -1
- fips/aes/fips_aesavs.c (1.1.2.12), "Exp", lines: +8 -7
-
- Use EXIT() instead of exit().
-
-2005-01-26 21:00 steve
-
- Changed:
- apps/dgst.c (1.23.2.13), "Exp", lines: +10 -0
- apps/pkcs12.c (1.60.2.13), "Exp", lines: +8 -1
- crypto/crypto.h (1.62.2.9), "Exp", lines: +49 -0
- crypto/md32_common.h (1.22.2.9), "Exp", lines: +1 -1
- crypto/bf/bf_skey.c (1.6.2.1), "Exp", lines: +2 -1
- crypto/bf/blowfish.h (1.9.2.1), "Exp", lines: +4 -1
- crypto/cast/c_skey.c (1.5.6.1), "Exp", lines: +3 -1
- crypto/cast/cast.h (1.7.2.1), "Exp", lines: +4 -1
- crypto/evp/bio_md.c (1.11.2.3), "Exp", lines: +2 -7
- crypto/evp/digest.c (1.21.2.7), "Exp", lines: +11 -0
- crypto/evp/e_aes.c (1.6.2.11), "Exp", lines: +11 -11
- crypto/evp/e_des.c (1.5.2.9), "Exp", lines: +5 -3
- crypto/evp/e_des3.c (1.8.2.8), "Exp", lines: +6 -6
- crypto/evp/evp.h (1.86.2.16), "Exp", lines: +17 -0
- crypto/evp/evp_enc.c (1.28.2.11), "Exp", lines: +15 -1
- crypto/evp/evp_err.c (1.23.2.4), "Exp", lines: +6 -1
- crypto/evp/evp_locl.h (1.7.2.7), "Exp", lines: +17 -2
- crypto/evp/m_dss.c (1.8.2.1), "Exp", lines: +1 -1
- crypto/evp/m_md2.c (1.9.2.1), "Exp", lines: +1 -0
- crypto/evp/m_md4.c (1.8.2.1), "Exp", lines: +1 -0
- crypto/evp/m_md5.c (1.9.2.1), "Exp", lines: +1 -0
- crypto/evp/m_mdc2.c (1.9.2.1), "Exp", lines: +1 -0
- crypto/evp/m_sha.c (1.8.2.2), "Exp", lines: +1 -0
- crypto/evp/m_sha1.c (1.8.2.1), "Exp", lines: +1 -1
- crypto/evp/names.c (1.7.2.1), "Exp", lines: +3 -0
- crypto/hmac/hmac.c (1.12.2.3), "Exp", lines: +7 -0
- crypto/hmac/hmac.h (1.14.2.2), "Exp", lines: +1 -0
- crypto/idea/i_skey.c (1.5.6.1), "Exp", lines: +13 -0
- crypto/idea/idea.h (1.10.2.1), "Exp", lines: +4 -0
- crypto/md2/md2.h (1.11.2.1), "Exp", lines: +3 -0
- crypto/md2/md2_dgst.c (1.13.2.4), "Exp", lines: +3 -1
- crypto/md4/md4.h (1.3.2.1), "Exp", lines: +3 -0
- crypto/md4/md4_dgst.c (1.2.2.2), "Exp", lines: +1 -1
- crypto/md5/md5.h (1.10.2.3), "Exp", lines: +3 -0
- crypto/md5/md5_dgst.c (1.16.2.2), "Exp", lines: +1 -1
- crypto/mdc2/mdc2.h (1.9.2.1), "Exp", lines: +3 -1
- crypto/mdc2/mdc2dgst.c (1.13.2.1), "Exp", lines: +3 -1
- crypto/rc2/rc2.h (1.10.2.1), "Exp", lines: +4 -1
- crypto/rc2/rc2_skey.c (1.4.6.1), "Exp", lines: +13 -0
- crypto/rc4/rc4.h (1.10.2.2), "Exp", lines: +3 -0
- crypto/rc4/rc4_skey.c (1.10.8.2), "Exp", lines: +2 -1
- crypto/rc5/rc5.h (1.5.2.1), "Exp", lines: +4 -1
- crypto/rc5/rc5_skey.c (1.4.6.1), "Exp", lines: +14 -0
- crypto/ripemd/ripemd.h (1.8.2.1), "Exp", lines: +3 -0
- crypto/ripemd/rmd_dgst.c (1.13.2.2), "Exp", lines: +2 -1
- crypto/sha/sha.h (1.11.2.2), "Exp", lines: +3 -0
- crypto/sha/sha_locl.h (1.16.2.3), "Exp", lines: +4 -0
- crypto/x509/x509_cmp.c (1.22.2.4), "Exp", lines: +7 -1
- crypto/x509/x509_vfy.c (1.56.2.13), "Exp", lines: +1 -1
- ssl/s3_clnt.c (1.53.2.18), "Exp", lines: +2 -0
- ssl/s3_enc.c (1.31.2.9), "Exp", lines: +3 -0
- ssl/s3_srvr.c (1.85.2.23), "Exp", lines: +2 -0
- ssl/t1_enc.c (1.27.2.9), "Exp", lines: +2 -0
-
- FIPS algorithm blocking.
-
- Non FIPS algorithms are not normally allowed in FIPS mode.
-
- Any attempt to use them via high level functions will
- return an error.
-
- The low level non-FIPS algorithm functions cannot return
- errors so they produce assertion failures. HMAC also has to give an
- assertion error because it (erroneously) can't return an error
- either.
-
- There are exceptions (such as MD5 in TLS and non
- cryptographic use of algorithms) and applications can override the
- blocking and use non FIPS algorithms anyway.
-
- For low level functions the override is perfomed by
- prefixing the algorithm initalization function with "private_" for
- example private_MD5_Init().
-
- For high level functions an override is performed by
- setting a flag in the context.
-
-2005-01-27 02:49 steve
-
- Changed:
- apps/dgst.c (1.23.2.14), "Exp", lines: +9 -5
- crypto/crypto.h (1.62.2.10), "Exp", lines: +3 -0
- crypto/evp/digest.c (1.21.2.8), "Exp", lines: +34 -0
- crypto/hmac/hmac.c (1.12.2.4), "Exp", lines: +9 -0
-
- More FIPS algorithm blocking.
-
- Catch attempted use of non FIPS algorithms with HMAC.
-
- Give an assertion error for applications that ignore FIPS
- digest errors.
-
- Make -non-fips-allow work with dgst and HMAC.
-
-2005-01-28 15:03 steve
-
- Changed:
- apps/dgst.c (1.23.2.15), "Exp", lines: +2 -1
- apps/enc.c (1.35.2.13), "Exp", lines: +38 -4
- crypto/evp/e_rc4.c (1.11.2.2), "Exp", lines: +1 -0
- crypto/evp/evp.h (1.86.2.17), "Exp", lines: +3 -0
- crypto/evp/evp_enc.c (1.28.2.12), "Exp", lines: +60 -15
- crypto/evp/evp_locl.h (1.7.2.8), "Exp", lines: +1 -0
- test/testenc (1.3.8.2), "Exp", lines: +8 -8
-
- Further FIPS algorithm blocking.
-
- Fixes to cipher blocking and enabling code.
-
- Add option -non-fips-allow to 'enc' and update testenc.
-
-2005-01-31 02:33 steve
-
- Changed:
- ssl/s23_clnt.c (1.20.2.7), "Exp", lines: +16 -0
- ssl/s23_srvr.c (1.41.2.6), "Exp", lines: +9 -0
- ssl/s3_clnt.c (1.53.2.19), "Exp", lines: +0 -8
- ssl/s3_enc.c (1.31.2.10), "Exp", lines: +1 -0
- ssl/s3_srvr.c (1.85.2.24), "Exp", lines: +0 -8
- ssl/ssl.h (1.126.2.21), "Exp", lines: +1 -0
- ssl/ssl_cert.c (1.48.2.10), "Exp", lines: +0 -8
- ssl/ssl_err.c (1.41.2.4), "Exp", lines: +2 -1
- ssl/ssl_lib.c (1.110.2.13), "Exp", lines: +8 -9
- ssl/t1_enc.c (1.27.2.10), "Exp", lines: +0 -18
-
- Only allow TLS is FIPS mode.
-
- Remove old FIPS_allow_md5() calls.
-
-2005-02-05 19:24 steve
-
- Changed:
- apps/req.c (1.88.2.18), "Exp", lines: +8 -1
- apps/x509.c (1.67.2.20), "Exp", lines: +8 -1
-
- In FIPS mode use SHA1 as default digest in x509 and req utilities.
-
-2005-03-15 10:46 appro
-
- Changed:
- Makefile.org (1.154.2.96), "Exp", lines: +1 -1
- crypto/Makefile (1.1.4.6), "Exp", lines: +2 -3
- fips/Makefile (1.1.4.8), "Exp", lines: +4 -1
-
- Real Bourne shell doesn't accept ! as in "if ! grep ..." Fix this
- in crypto/Makefile and make Makefile.org and fips/Makefile more
- discreet.
-
-2005-03-22 18:29 steve
-
- Changed:
- fips/fingerprint.sha1 (1.1.2.12), "Exp", lines: +1 -1
- fips/fips.c (1.1.2.10), "Exp", lines: +1 -0
-
- Fix memory leak.
-
-2005-03-27 05:36 steve
-
- Changed:
- crypto/evp/e_null.c (1.9.2.1), "Exp", lines: +1 -1
- ssl/s3_lib.c (1.57.2.13), "Exp", lines: +3 -3
-
- Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS
- mode.
-
-2005-04-14 14:44 steve
-
- Changed:
- fips/fipshashes.sha1 (1.1.2.1), "Exp", lines: +29 -0
- util/checkhash.pl (1.1.2.1), "Exp", lines: +181 -0
-
- Perl script that checks or rebuilds FIPS hash files. This works on
- both Unix and Windows.
-
- Merge all FIPS hash files into a single hash file
- fips/fips.sha1
-
-2005-04-15 05:27 steve
-
- Changed:
- fips/Makefile (1.1.4.9), "Exp", lines: +1 -1
- fips/aes/Makefile (1.1.4.4), "Exp", lines: +1 -4
- fips/des/Makefile (1.1.4.6), "Exp", lines: +1 -4
- fips/dh/Makefile (1.1.2.5), "Exp", lines: +1 -4
- fips/dsa/Makefile (1.1.4.4), "Exp", lines: +1 -4
- fips/rand/Makefile (1.1.4.3), "Exp", lines: +1 -4
- fips/rsa/Makefile (1.1.4.5), "Exp", lines: +1 -4
- fips/sha1/Makefile (1.1.4.9), "Exp", lines: +1 -7
-
- Update hash checking in makefiles to use new perl script.
-
-2005-04-17 06:37 steve
-
- Changed:
- util/checkhash.pl (1.1.2.2), "Exp", lines: +163 -127
-
- Modify checkhash.pl so it can be run standalone or included as a
- funtion in another perl script.
-
-2005-04-17 16:00 appro
-
- Changed:
- fips/sha1/Makefile (1.1.4.10), "Exp", lines: +9 -5
-
- Bring back fips_standalone_sha1.
-
-2005-04-17 16:17 appro
-
- Deleted:
- fips/sha1/asm/sx86-elf.s (1.1.4.4)
- Changed:
- Configure (1.314.2.114), "Exp", lines: +1 -1
- fips/fipshashes.sha1 (1.1.2.2), "Exp", lines: +1 -1
- fips/sha1/Makefile (1.1.4.11), "Exp", lines: +1 -1
- fips/sha1/standalone.sha1 (1.1.2.13), "Exp", lines: +1 -1
- fips/sha1/asm/fips-sx86-elf.s (1.1.2.1), "Exp", lines: +1568 -0
-
- Rename fips/sha1/sx86-elf.s to fips/sha1/fips-sx86-elf.s.
-
-2005-04-17 16:21 steve
-
- Changed:
- util/checkhash.pl (1.1.2.3), "Exp", lines: +2 -0
-
- Return 0 for successful hash check.
-
-2005-04-17 16:54 appro
-
- Changed:
- Configure (1.314.2.116), "Exp", lines: +8 -1
- Makefile.org (1.154.2.99), "Exp", lines: +3 -2
- crypto/aes/aes_cbc.c (1.1.2.11), "Exp", lines: +2 -0
- fips/fipshashes.sha1 (1.1.2.4), "Exp", lines: +1 -0
- fips/aes/Makefile (1.1.4.5), "Exp", lines: +4 -2
- fips/aes/asm/fips-ax86-elf.s (1.1.2.1), "Exp", lines: +1822 -0
-
- Throw in fips/aes/asm/fips-ax86-elf.s.
-
-2005-04-17 16:35 appro
-
- Changed:
- Configure (1.314.2.115), "Exp", lines: +1 -1
- fips/fipshashes.sha1 (1.1.2.3), "Exp", lines: +1 -1
- fips/des/asm/fips-dx86-elf.s (1.1.4.2), "Exp", lines: +108 -98
-
- Regenerate fips/des/asm/fips-dx86-elf.s with -fPIC flag.
-
-2005-04-17 17:26 appro
-
- Changed:
- crypto/cryptlib.c (1.32.2.18), "Exp", lines: +6 -55
- crypto/crypto.h (1.62.2.11), "Exp", lines: +0 -3
- fips/fips.c (1.1.2.11), "Exp", lines: +62 -8
- fips/fips.h (1.1.2.7), "Exp", lines: +2 -3
- fips/fips_locl.h (1.1.4.3), "Exp", lines: +6 -3
- fips/fipshashes.sha1 (1.1.2.5), "Exp", lines: +4 -4
- fips/rand/fips_rand.c (1.1.2.10), "Exp", lines: +3 -1
- fips/rsa/fips_rsa_gen.c (1.1.4.4), "Exp", lines: +4 -2
-
- Resolve minor binary compatibility issues in fips.
-
-2005-04-17 18:22 appro
-
- Changed:
- fips/fipshashes.sha1 (1.1.2.6), "Exp", lines: +12 -12
- fips/des/fips_des_locl.h (1.1.2.4), "Exp", lines: +1 -1
- fips/des/fips_set_key.c (1.1.4.4), "Exp", lines: +2 -2
- fips/dh/fips_dh_key.c (1.1.2.3), "Exp", lines: +1 -1
- fips/dsa/fips_dsa_ossl.c (1.1.2.7), "Exp", lines: +1 -1
- fips/dsa/fips_dsa_selftest.c (1.1.4.2), "Exp", lines: +3 -3
- fips/rand/fips_rand.c (1.1.2.11), "Exp", lines: +2 -2
- fips/rand/fips_rand.h (1.1.2.5), "Exp", lines: +1 -1
- fips/rsa/fips_rsa_eay.c (1.1.4.4), "Exp", lines: +1 -1
- fips/rsa/fips_rsa_gen.c (1.1.4.5), "Exp", lines: +1 -1
- fips/rsa/fips_rsa_selftest.c (1.1.4.5), "Exp", lines: +11 -11
- fips/sha1/fips_sha1_selftest.c (1.1.4.2), "Exp", lines: +1 -1
- fips/sha1/fips_sha1dgst.c (1.1.2.5), "Exp", lines: +1 -1
- fips/sha1/standalone.sha1 (1.1.2.14), "Exp", lines: +2 -2
-
- Minor fips const-ification.
-
-2005-04-18 07:02 steve
-
- Changed:
- crypto/bf/bf_skey.c (1.6.2.2), "Exp", lines: +1 -0
- crypto/cast/c_skey.c (1.5.6.2), "Exp", lines: +1 -0
- crypto/idea/i_skey.c (1.5.6.2), "Exp", lines: +1 -0
- crypto/rc2/rc2_skey.c (1.4.6.2), "Exp", lines: +1 -0
- crypto/rc4/rc4_skey.c (1.10.8.3), "Exp", lines: +1 -0
- crypto/rc5/rc5_skey.c (1.4.6.2), "Exp", lines: +1 -0
-
- Pick up definition of FIPS_mode() in fips.h to avoid warnings.
-
-2005-04-18 10:34 steve
-
- Deleted:
- fips/fingerprint.sha1 (1.1.2.14)
- fips/fips_check_sha1 (1.1.2.8)
- fips/fips_make_sha1 (1.1.2.7)
- fips/aes/fingerprint.sha1 (1.1.2.7)
- fips/des/fingerprint.sha1 (1.1.2.6)
- fips/dh/fingerprint.sha1 (1.1.2.4)
- fips/dsa/fingerprint.sha1 (1.1.2.7)
- fips/rand/fingerprint.sha1 (1.1.2.10)
- fips/rsa/fingerprint.sha1 (1.1.4.7)
- fips/sha1/fingerprint.sha1 (1.1.2.12)
- Changed:
- fips/sha1/Makefile (1.1.4.12), "Exp", lines: +1 -4
-
- Remove obsolete fingerprint.sha1 files and associated scripts.
- Delete test in fips/sha1/Makefile: the top level test checks the
- same files.
-
-2005-04-19 09:11 appro
-
- Deleted:
- fips/fipshashes.sha1 (1.1.2.7)
- fips/sha1/standalone.sha1 (1.1.2.15)
- Changed:
- fips/fipshashes.c (1.1.2.1), "Exp", lines: +32 -0
- util/checkhash.pl (1.1.2.4), "Exp", lines: +7 -4
-
- Maintain fingerprint hashes as C source.
-
-2005-04-19 09:17 appro
-
- Changed:
- util/checkhash.pl (1.1.2.5), "Exp", lines: +1 -1
-
- Complete the transition C-code hashes.
-
-2005-04-21 19:06 steve
-
- Changed:
- apps/openssl.c (1.48.2.13), "Exp", lines: +0 -2
- fips/fips.c (1.1.2.12), "Exp", lines: +0 -27
- fips/fips.h (1.1.2.8), "Exp", lines: +0 -2
- fips/fipshashes.c (1.1.2.2), "Exp", lines: +2 -2
-
- Remove defunct FIPS_allow_md5() and related functions.
-
-2005-04-22 06:15 appro
-
- Changed:
- fips/fips.c (1.1.2.13), "Exp", lines: +3 -3
- fips/fips_err.h (1.1.4.4), "Exp", lines: +3 -3
- fips/fipshashes.c (1.1.2.4), "Exp", lines: +2 -2
-
- Move some variables to .bss.
-
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
deleted file mode 100755
index 820be60..0000000
--- a/crypto/openssl/Configure
+++ /dev/null
@@ -1,1819 +0,0 @@
-:
-eval 'exec perl -S $0 ${1+"$@"}'
- if $running_under_some_shell;
-##
-## Configure -- OpenSSL source tree configuration script
-##
-
-require 5.000;
-use strict;
-
-# see INSTALL for instructions.
-
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
-
-# Options:
-#
-# --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
-# --prefix option is given; /usr/local/ssl otherwise)
-# --prefix prefix for the OpenSSL include, lib and bin directories
-# (Default: the OPENSSLDIR directory)
-#
-# --install_prefix Additional prefix for package builders (empty by
-# default). This needn't be set in advance, you can
-# just as well use "make INSTALL_PREFIX=/whatever install".
-#
-# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
-# to live in the subdirectory lib/ and the header files in
-# include/. A value is required.
-# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is
-# required.
-# (Default: KRB5_DIR/lib)
-# --with-krb5-include Declare where the Kerberos 5 header files live. A
-# value is required.
-# (Default: KRB5_DIR/include)
-# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
-# supported values are "MIT" and "Heimdal". A value is required.
-#
-# --test-sanity Make a number of sanity checks on the data in this file.
-# This is a debugging tool for OpenSSL developers.
-#
-# no-hw-xxx do not compile support for specific crypto hardware.
-# Generic OpenSSL-style methods relating to this support
-# are always compiled but return NULL if the hardware
-# support isn't compiled.
-# no-hw do not compile support for any crypto hardware.
-# [no-]threads [don't] try to create a library that is suitable for
-# multithreaded applications (default is "threads" if we
-# know how to do it)
-# [no-]shared [don't] try to create shared libraries when supported.
-# no-asm do not use assembler
-# no-dso do not compile in any native shared-library methods. This
-# will ensure that all methods just return NULL.
-# no-krb5 do not compile in any KRB5 library or code.
-# [no-]zlib [don't] compile support for zlib compression.
-# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
-# library and will be loaded in run-time by the OpenSSL library.
-# 386 generate 80386 code
-# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
-# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
-# -<xxx> +<xxx> compiler options are passed through
-#
-# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
-# provided to stack calls. Generates unique stack functions for
-# each possible stack type.
-# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
-# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register
-# dependancies but needs to more registers, good for RISC CPU's
-# DES_RISC2 A different RISC variant.
-# DES_UNROLL unroll the inner DES loop, sometimes helps, somtimes hinders.
-# DES_INT use 'int' instead of 'long' for DES_LONG in crypto/des/des.h
-# This is used on the DEC Alpha where long is 8 bytes
-# and int is 4
-# BN_LLONG use the type 'long long' in crypto/bn/bn.h
-# MD2_CHAR use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
-# MD2_LONG use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
-# IDEA_SHORT use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
-# IDEA_LONG use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
-# RC2_SHORT use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
-# RC2_LONG use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
-# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
-# RC4_LONG use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
-# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on
-# array lookups instead of pointer use.
-# RC4_CHUNK enables code that handles data aligned at long (natural CPU
-# word) boundary.
-# RC4_CHUNK_LL enables code that handles data aligned at long long boundary
-# (intended for 64-bit CPUs running 32-bit OS).
-# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
-# BF_PTR2 intel specific version (generic version is more efficient).
-#
-# Following are set automatically by this script
-#
-# MD5_ASM use some extra md5 assember,
-# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86
-# RMD160_ASM use some extra ripemd160 assember,
-# SHA256_ASM sha256_block is implemented in assembler
-# SHA512_ASM sha512_block is implemented in assembler
-# AES_ASM ASE_[en|de]crypt is implemented in assembler
-
-my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-
-# MD2_CHAR slags pentium pros
-my $x86_gcc_opts="RC4_INDEX MD2_INT";
-
-# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
-# Don't worry about these normally
-
-my $tcc="cc";
-my $tflags="-fast -Xa";
-my $tbn_mul="";
-my $tlib="-lnsl -lsocket";
-#$bits1="SIXTEEN_BIT ";
-#$bits2="THIRTY_TWO_BIT ";
-my $bits1="THIRTY_TWO_BIT ";
-my $bits2="SIXTY_FOUR_BIT ";
-
-my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o:rm86-elf.o:r586-elf.o";
-my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o:rm86-cof.o:r586-cof.o";
-my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o:rm86-out.o:r586-out.o";
-
-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o::::md5-x86_64.o:::rc4-x86_64.o::";
-my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o::";
-
-my $no_asm="::::::::::";
-
-# As for $BSDthreads. Idea is to maintain "collective" set of flags,
-# which would cover all BSD flavors. -pthread applies to them all,
-# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
-# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
-# which has to be accompanied by explicit -D_THREAD_SAFE and
-# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
-# seems to be sufficient?
-my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
-
-#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags
-
-my %table=(
-# File 'TABLE' (created by 'make TABLE') contains the data from this list,
-# formatted for better readability.
-
-
-#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
-#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
-#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
-#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
-
-# Our development configs
-"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
-"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
-"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
-"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
-"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
-"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
-"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -march=i486 -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
-"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"dist", "cc:-O::(unknown)::::::",
-
-# Basic configs that should work on any (32 and less bit) box
-"gcc", "gcc:-O3::(unknown):::BN_LLONG:::",
-"cc", "cc:-O::(unknown)::::::",
-
-####VOS Configurations
-"vos-gcc","gcc:-O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
-"debug-vos-gcc","gcc:-O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
-
-#### Solaris x86 with GNU C setups
-# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
-# here because whenever GNU C instantiates an assembler template it
-# surrounds it with #APP #NO_APP comment pair which (at least Solaris
-# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
-# error message.
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -shared -static-libgcc might appear controversial, but modules taken
-# from static libgcc do not have relocations and linking them into our
-# shared objects doesn't have any negative side-effects. On the contrary,
-# doing so makes it possible to use gcc shared build with Sun C. Given
-# that gcc generates faster code [thanks to inline assembler], I would
-# actually recommend to consider using gcc shared build even with vendor
-# compiler:-)
-# <appro@fy.chalmers.se>
-"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### Solaris x86 with Sun C setups
-"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### SPARC Solaris with GNU C setups
-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
-"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### SPARC Solaris with Sun C setups
-# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
-# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
-# SC5.0 note: Compiler common patch 107357-01 or later is required!
-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
-####
-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### SunOS configs, assuming sparc for the gcc one.
-#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
-"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
-
-#### IRIX 5.x configs
-# -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-#### IRIX 6.x configs
-# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
-# './Configure irix-cc -o32' manually.
-"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### Unified HP-UX ANSI C configs.
-# Special notes:
-# - Originally we were optimizing at +O4 level. It should be noted
-# that the only difference between +O3 and +O4 is global inter-
-# procedural analysis. As it has to be performed during the link
-# stage the compiler leaves behind certain pseudo-code in lib*.a
-# which might be release or even patch level specific. Generating
-# the machine code for and analyzing the *whole* program appears
-# to be *extremely* memory demanding while the performance gain is
-# actually questionable. The situation is intensified by the default
-# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB
-# which is way too low for +O4. In other words, doesn't +O3 make
-# more sense?
-# - Keep in mind that the HP compiler by default generates code
-# suitable for execution on the host you're currently compiling at.
-# If the toolkit is ment to be used on various PA-RISC processors
-# consider './config +DAportable'.
-# - +DD64 is chosen in favour of +DA2.0W because it's meant to be
-# compatible with *future* releases.
-# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to
-# pass -D_REENTRANT on HP-UX 10 and later.
-# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in
-# 32-bit message digests. (For the moment of this writing) HP C
-# doesn't seem to "digest" too many local variables (they make "him"
-# chew forever:-). For more details look-up MD32_XARRAY comment in
-# crypto/sha/sha_lcl.h.
-# <appro@fy.chalmers.se>
-#
-# Since there is mention of this in shlib/hpux10-cc.sh
-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-# More attempts at unified 10.X and 11.X targets for HP C compiler.
-#
-# Chris Ruemmler <ruemmler@cup.hp.com>
-# Kevin Steves <ks@hp.se>
-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_0-cc","cc:+DAportable +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-# HP/UX IA-64 targets
-"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
-# with debugging of the following config.
-"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# GCC builds...
-"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-# Legacy HPUX 9.X configs...
-"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
-"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
-
-# DEC Alpha OSF/1/Tru64 targets.
-#
-# "What's in a name? That which we call a rose
-# By any other word would smell as sweet."
-#
-# - William Shakespeare, "Romeo & Juliet", Act II, scene II.
-#
-# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-#
-"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
-"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
-"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
-
-####
-#### Variety of LINUX:-)
-####
-# *-generic* is endian-neutral target, but ./config is free to
-# throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-#### IA-32 targets...
-"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
-####
-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -bpowerpc64-linux is transient option, -m64 should be the one to use...
-"linux-ppc64", "gcc:-bpowerpc64-linux -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-bpowerpc64-linux:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-#### SPARC Linux setups
-# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
-# assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# it's a real mess with -mcpu=ultrasparc option under Linux, but
-# -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-#### Alpha Linux with GNU C and Compaq C setups
-# Special notes:
-# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
-# ought to run './Configure linux-alpha+bwx-gcc' manually, do
-# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever
-# which is appropriate.
-# - If you use ccc keep in mind that -fast implies -arch host and the
-# compiler is free to issue instructions which gonna make elder CPU
-# choke. If you wish to build "blended" toolkit, add -arch generic
-# *after* -fast and invoke './Configure linux-alpha-ccc' manually.
-#
-# <appro@fy.chalmers.se>
-#
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
-
-#### *BSD [do see comment about ${BSDthreads} above!]
-"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
-# simply *happens* to work around a compiler bug in gcc 3.3.3,
-# triggered by RIPEMD160 code.
-"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::md5-sparcv9.o::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-"nextstep", "cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
-
-# NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::",
-
-# QNX
-"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
-"qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
-
-#### SCO/Caldera targets.
-#
-# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
-# Now we only have blended unixware-* as it's the only one used by ./config.
-# If you want to optimize for particular microarchitecture, bypass ./config
-# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate.
-# Note that not all targets include assembler support. Mostly because of
-# lack of motivation to support out-of-date platforms with out-of-date
-# compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has
-# patiently assisted to debug most of it.
-#
-# UnixWare 2.0x fails destest with -O.
-"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
-"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
-#### IBM's AIX.
-"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
-"aix-gcc", "gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:",
-"aix64-gcc","gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn::::::-X64",
-# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
-# at build time. $OBJECT_MODE is respected at ./config stage!
-"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
-
-#
-# Cray T90 and similar (SDSC)
-# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
-# defined. The T90 ints and longs are 8 bytes long, and apparently the
-# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and
-# non L_ENDIAN code aligns the bytes in each word correctly.
-#
-# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors:
-#'Taking the address of a bit field is not allowed. '
-#'An expression with bit field exists as the operand of "sizeof" '
-# (written by Wayne Schroeder <schroede@SDSC.EDU>)
-#
-# j90 is considered the base machine type for unicos machines,
-# so this configuration is now called "cray-j90" ...
-"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::",
-
-#
-# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
-#
-# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added
-# another use. Basically, the problem is that the T3E uses some bit fields
-# for some st_addr stuff, and then sizeof and address-of fails
-# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
-# did not like it.
-"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
-
-# DGUX, 88100.
-"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::",
-"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-
-# Sinix/ReliantUNIX RM400
-# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */
-"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
-"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
-
-# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
-"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
-
-# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
-# You need to compile using the c89.sh wrapper in the tools directory, because the
-# IBM compiler does not like the -L switch after any object modules.
-#
-"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
-
-# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
-"VC-WIN64I","cl::::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32",
-"VC-WIN64A","cl::::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32",
-
-# Visual C targets
-"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
-"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
-"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
-
-# Borland C++ 4.5
-"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
-
-# MinGW
-"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin -shared:.dll.a",
-
-# UWIN
-"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
-
-# Cygwin
-"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
-"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
-
-# NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools
-# netware-clib => legacy CLib c-runtime support
-"netware-clib", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
-# netware-libc => LibC/NKS support
-# NetWare defaults socket bio to WinSock sockets. However, the LibC build can be
-# configured to use BSD sockets instead.
-"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
-"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
-"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
-
-# DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:",
-
-# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
-"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
-"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::",
-# K&R C is no longer supported; you need gcc on old Ultrix installations
-##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",
-
-##### MacOS X (a.k.a. Rhapsody or Darwin) setup
-"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
-"darwin-ppc-cc","cc:-O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-
-##### A/UX
-"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
-
-##### Sony NEWS-OS 4.x
-"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
-
-##### GNU Hurd
-"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
-
-##### OS/2 EMX
-"OS2-EMX", "gcc::::::::",
-
-##### VxWorks for various targets
-"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
-"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
-"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
-"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
-"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::${no_asm}::::::ranlibmips:",
-
-##### Compaq Non-Stop Kernel (Tandem)
-"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
-
-);
-
-my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
- VC-NT VC-CE VC-WIN32
- BC-32 OS2-EMX netware-clib netware-libc netware-libc-bsdsock);
-
-my $idx = 0;
-my $idx_cc = $idx++;
-my $idx_cflags = $idx++;
-my $idx_unistd = $idx++;
-my $idx_thread_cflag = $idx++;
-my $idx_sys_id = $idx++;
-my $idx_lflags = $idx++;
-my $idx_bn_ops = $idx++;
-my $idx_cpuid_obj = $idx++;
-my $idx_bn_obj = $idx++;
-my $idx_des_obj = $idx++;
-my $idx_aes_obj = $idx++;
-my $idx_bf_obj = $idx++;
-my $idx_md5_obj = $idx++;
-my $idx_sha1_obj = $idx++;
-my $idx_cast_obj = $idx++;
-my $idx_rc4_obj = $idx++;
-my $idx_rmd160_obj = $idx++;
-my $idx_rc5_obj = $idx++;
-my $idx_dso_scheme = $idx++;
-my $idx_shared_target = $idx++;
-my $idx_shared_cflag = $idx++;
-my $idx_shared_ldflag = $idx++;
-my $idx_shared_extension = $idx++;
-my $idx_ranlib = $idx++;
-my $idx_arflags = $idx++;
-
-my $prefix="";
-my $openssldir="";
-my $exe_ext="";
-my $install_prefix="";
-my $no_threads=0;
-my $threads=0;
-my $no_shared=0; # but "no-shared" is default
-my $zlib=1; # but "no-zlib" is default
-my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used
-my $no_rfc3779=1; # but "no-rfc3779" is default
-my $no_asm=0;
-my $no_dso=0;
-my $no_gmp=0;
-my @skip=();
-my $Makefile="Makefile";
-my $des_locl="crypto/des/des_locl.h";
-my $des ="crypto/des/des.h";
-my $bn ="crypto/bn/bn.h";
-my $md2 ="crypto/md2/md2.h";
-my $rc4 ="crypto/rc4/rc4.h";
-my $rc4_locl="crypto/rc4/rc4_locl.h";
-my $idea ="crypto/idea/idea.h";
-my $rc2 ="crypto/rc2/rc2.h";
-my $bf ="crypto/bf/bf_locl.h";
-my $bn_asm ="bn_asm.o";
-my $des_enc="des_enc.o fcrypt_b.o";
-my $aes_enc="aes_core.o aes_cbc.o";
-my $bf_enc ="bf_enc.o";
-my $cast_enc="c_enc.o";
-my $rc4_enc="rc4_enc.o";
-my $rc5_enc="rc5_enc.o";
-my $md5_obj="";
-my $sha1_obj="";
-my $rmd160_obj="";
-my $processor="";
-my $default_ranlib;
-my $perl;
-
-
-# All of the following is disabled by default (RC5 was enabled before 0.9.8):
-
-my %disabled = ( # "what" => "comment"
- "camellia" => "default",
- "gmp" => "default",
- "mdc2" => "default",
- "rc5" => "default",
- "rfc3779" => "default",
- "shared" => "default",
- "zlib" => "default",
- "zlib-dynamic" => "default"
- );
-
-# Additional "no-..." options will be collected in %disabled.
-# To remove something from %disabled, use e.g. "enable-rc5".
-# For symmetry, "disable-..." is a synonym for "no-...".
-
-# This is what $depflags will look like with the above default:
-my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 ";
-
-
-my $no_sse2=0;
-
-&usage if ($#ARGV < 0);
-
-my $flags;
-my $depflags;
-my $openssl_algorithm_defines;
-my $openssl_thread_defines;
-my $openssl_sys_defines="";
-my $openssl_other_defines;
-my $libs;
-my $libkrb5="";
-my $target;
-my $options;
-my $symlink;
-my $make_depend=0;
-my %withargs=();
-
-my @argvcopy=@ARGV;
-my $argvstring="";
-my $argv_unprocessed=1;
-
-while($argv_unprocessed)
- {
- $flags="";
- $depflags="";
- $openssl_algorithm_defines="";
- $openssl_thread_defines="";
- $openssl_sys_defines="";
- $openssl_other_defines="";
- $libs="";
- $target="";
- $options="";
- $symlink=1;
-
- $argv_unprocessed=0;
- $argvstring=join(' ',@argvcopy);
-
-PROCESS_ARGS:
- foreach (@argvcopy)
- {
- s /^-no-/no-/; # some people just can't read the instructions
-
- # rewrite some options in "enable-..." form
- s /^-?-?shared$/enable-shared/;
- s /^threads$/enable-threads/;
- s /^zlib$/enable-zlib/;
- s /^zlib-dynamic$/enable-zlib-dynamic/;
-
- if (/^no-(.+)$/ || /^disable-(.+)$/)
- {
- if ($1 eq "ssl")
- {
- $disabled{"ssl2"} = "option(ssl)";
- $disabled{"ssl3"} = "option(ssl)";
- }
- elsif ($1 eq "tls")
- {
- $disabled{"tls1"} = "option(tls)"
- }
- else
- {
- $disabled{$1} = "option";
- }
- }
- elsif (/^enable-(.+)$/)
- {
- delete $disabled{$1};
-
- $threads = 1 if ($1 eq "threads");
- }
- elsif (/^--test-sanity$/)
- {
- exit(&test_sanity());
- }
- elsif (/^reconfigure/ || /^reconf/)
- {
- if (open(IN,"<$Makefile"))
- {
- while (<IN>)
- {
- chomp;
- if (/^CONFIGURE_ARGS=(.*)/)
- {
- $argvstring=$1;
- @argvcopy=split(' ',$argvstring);
- die "Incorrect data to reconfigure, please do a normal configuration\n"
- if (grep(/^reconf/,@argvcopy));
- print "Reconfiguring with: $argvstring\n";
- $argv_unprocessed=1;
- close(IN);
- last PROCESS_ARGS;
- }
- }
- close(IN);
- }
- die "Insufficient data to reconfigure, please do a normal configuration\n";
- }
- elsif (/^386$/)
- { $processor=386; }
- elsif (/^rsaref$/)
- {
- # No RSAref support any more since it's not needed.
- # The check for the option is there so scripts aren't
- # broken
- }
- elsif (/^[-+]/)
- {
- if (/^-[lL](.*)$/)
- {
- $libs.=$_." ";
- }
- elsif (/^-[^-]/ or /^\+/)
- {
- $flags.=$_." ";
- }
- elsif (/^--prefix=(.*)$/)
- {
- $prefix=$1;
- }
- elsif (/^--openssldir=(.*)$/)
- {
- $openssldir=$1;
- }
- elsif (/^--install.prefix=(.*)$/)
- {
- $install_prefix=$1;
- }
- elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/)
- {
- $withargs{"krb5-".$1}=$2;
- }
- elsif (/^--with-zlib-lib=(.*)$/)
- {
- $withargs{"zlib-lib"}=$1;
- }
- elsif (/^--with-zlib-include=(.*)$/)
- {
- $withargs{"zlib-include"}="-I$1";
- }
- else
- {
- print STDERR $usage;
- exit(1);
- }
- }
- elsif ($_ =~ /^([^:]+):(.+)$/)
- {
- eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
- $target=$1;
- }
- else
- {
- die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
- $target=$_;
- }
-
- unless ($_ eq $target || /^no-/ || /^disable-/)
- {
- # "no-..." follows later after implied disactivations
- # have been derived. (Don't take this too seroiusly,
- # we really only write OPTIONS to the Makefile out of
- # nostalgia.)
-
- if ($options eq "")
- { $options = $_; }
- else
- { $options .= " ".$_; }
- }
- }
- }
-
-
-
-if ($processor eq "386")
- {
- $disabled{"sse2"} = "forced";
- }
-
-if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "")
- {
- $disabled{"krb5"} = "krb5-flavor not specified";
- }
-
-if (!defined($disabled{"zlib-dynamic"}))
- {
- # "zlib-dynamic" was specifically enabled, so enable "zlib"
- delete $disabled{"zlib"};
- }
-
-if (defined($disabled{"rijndael"}))
- {
- $disabled{"aes"} = "forced";
- }
-if (defined($disabled{"des"}))
- {
- $disabled{"mdc2"} = "forced";
- }
-if (defined($disabled{"ec"}))
- {
- $disabled{"ecdsa"} = "forced";
- $disabled{"ecdh"} = "forced";
- }
-
-# SSL 2.0 requires MD5 and RSA
-if (defined($disabled{"md5"}) || defined($disabled{"rsa"}))
- {
- $disabled{"ssl2"} = "forced";
- }
-
-# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
-if (defined($disabled{"md5"}) || defined($disabled{"sha"})
- || (defined($disabled{"rsa"})
- && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
- {
- $disabled{"ssl3"} = "forced";
- $disabled{"tls1"} = "forced";
- }
-
-
-if ($target eq "TABLE") {
- foreach $target (sort keys %table) {
- print_table_entry($target);
- }
- exit 0;
-}
-
-if ($target eq "LIST") {
- foreach (sort keys %table) {
- print;
- print "\n";
- }
- exit 0;
-}
-
-if ($target =~ m/^CygWin32(-.*)$/) {
- $target = "Cygwin".$1;
-}
-
-print "Configuring for $target\n";
-
-&usage if (!defined($table{$target}));
-
-
-foreach (sort (keys %disabled))
- {
- $options .= " no-$_";
-
- printf " no-%-12s %-10s", $_, "[$disabled{$_}]";
-
- if (/^dso$/)
- { $no_dso = 1; }
- elsif (/^threads$/)
- { $no_threads = 1; }
- elsif (/^shared$/)
- { $no_shared = 1; }
- elsif (/^zlib$/)
- { $zlib = 0; }
- elsif (/^static-engine$/)
- { }
- elsif (/^zlib-dynamic$/)
- { }
- elsif (/^symlinks$/)
- { $symlink = 0; }
- elsif (/^sse2$/)
- { $no_sse2 = 1; }
- else
- {
- my ($ALGO, $algo);
- ($ALGO = $algo = $_) =~ tr/[a-z]/[A-Z]/;
-
- if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/)
- {
- $openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n";
- print " OPENSSL_NO_$ALGO";
-
- if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; }
- elsif (/^asm$/) { $no_asm = 1; }
- }
- else
- {
- $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n";
- print " OPENSSL_NO_$ALGO";
-
- if (/^krb5$/)
- { $no_krb5 = 1; }
- else
- {
- push @skip, $algo;
- print " (skip dir)";
-
- $depflags .="-DOPENSSL_NO_$ALGO ";
- }
- }
- }
-
- print "\n";
- }
-
-
-my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
-
-$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys());
-
-$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
-$exe_ext=".pm" if ($target =~ /vos/);
-$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
-$prefix=$openssldir if $prefix eq "";
-
-$default_ranlib= &which("ranlib") or $default_ranlib="true";
-$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
- or $perl="perl";
-
-chop $openssldir if $openssldir =~ /\/$/;
-chop $prefix if $prefix =~ /\/$/;
-
-$openssldir=$prefix . "/ssl" if $openssldir eq "";
-$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
-
-
-print "IsMK1MF=$IsMK1MF\n";
-
-my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-my $cc = $fields[$idx_cc];
-my $cflags = $fields[$idx_cflags];
-my $unistd = $fields[$idx_unistd];
-my $thread_cflag = $fields[$idx_thread_cflag];
-my $sys_id = $fields[$idx_sys_id];
-my $lflags = $fields[$idx_lflags];
-my $bn_ops = $fields[$idx_bn_ops];
-my $cpuid_obj = $fields[$idx_cpuid_obj];
-my $bn_obj = $fields[$idx_bn_obj];
-my $des_obj = $fields[$idx_des_obj];
-my $aes_obj = $fields[$idx_aes_obj];
-my $bf_obj = $fields[$idx_bf_obj];
-my $md5_obj = $fields[$idx_md5_obj];
-my $sha1_obj = $fields[$idx_sha1_obj];
-my $cast_obj = $fields[$idx_cast_obj];
-my $rc4_obj = $fields[$idx_rc4_obj];
-my $rmd160_obj = $fields[$idx_rmd160_obj];
-my $rc5_obj = $fields[$idx_rc5_obj];
-my $dso_scheme = $fields[$idx_dso_scheme];
-my $shared_target = $fields[$idx_shared_target];
-my $shared_cflag = $fields[$idx_shared_cflag];
-my $shared_ldflag = $fields[$idx_shared_ldflag];
-my $shared_extension = $fields[$idx_shared_extension];
-my $ranlib = $fields[$idx_ranlib];
-my $arflags = $fields[$idx_arflags];
-
-my $no_shared_warn=0;
-my $no_user_cflags=0;
-
-if ($flags ne "") { $cflags="$flags$cflags"; }
-else { $no_user_cflags=1; }
-
-# Kerberos settings. The flavor must be provided from outside, either through
-# the script "config" or manually.
-if (!$no_krb5)
- {
- my ($lresolv, $lpath, $lext);
- if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
- {
- die "Sorry, Heimdal is currently not supported\n";
- }
- ##### HACK to force use of Heimdal.
- ##### WARNING: Since we don't really have adequate support for Heimdal,
- ##### using this will break the build. You'll have to make
- ##### changes to the source, and if you do, please send
- ##### patches to openssl-dev@openssl.org
- if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/)
- {
- warn "Heimdal isn't really supported. Your build WILL break\n";
- warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n";
- $withargs{"krb5-dir"} = "/usr/heimdal"
- if $withargs{"krb5-dir"} eq "";
- $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
- "/lib -lgssapi -lkrb5 -lcom_err"
- if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
- $cflags="-DKRB5_HEIMDAL $cflags";
- }
- if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
- {
- $withargs{"krb5-dir"} = "/usr/kerberos"
- if $withargs{"krb5-dir"} eq "";
- $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
- "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
- if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
- $cflags="-DKRB5_MIT $cflags";
- $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
- if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
- {
- $cflags="-DKRB5_MIT_OLD11 $cflags";
- }
- }
- LRESOLV:
- foreach $lpath ("/lib", "/usr/lib")
- {
- foreach $lext ("a", "so")
- {
- $lresolv = "$lpath/libresolv.$lext";
- last LRESOLV if (-r "$lresolv");
- $lresolv = "";
- }
- }
- $withargs{"krb5-lib"} .= " -lresolv"
- if ("$lresolv" ne "");
- $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
- if $withargs{"krb5-include"} eq "" &&
- $withargs{"krb5-dir"} ne "";
- }
-
-# The DSO code currently always implements all functions so that no
-# applications will have to worry about that from a compilation point
-# of view. However, the "method"s may return zero unless that platform
-# has support compiled in for them. Currently each method is enabled
-# by a define "DSO_<name>" ... we translate the "dso_scheme" config
-# string entry into using the following logic;
-my $dso_cflags;
-if (!$no_dso && $dso_scheme ne "")
- {
- $dso_scheme =~ tr/[a-z]/[A-Z]/;
- if ($dso_scheme eq "DLFCN")
- {
- $dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
- }
- elsif ($dso_scheme eq "DLFCN_NO_H")
- {
- $dso_cflags = "-DDSO_DLFCN";
- }
- else
- {
- $dso_cflags = "-DDSO_$dso_scheme";
- }
- $cflags = "$dso_cflags $cflags";
- }
-
-my $thread_cflags;
-my $thread_defines;
-if ($thread_cflag ne "(unknown)" && !$no_threads)
- {
- # If we know how to do it, support threads by default.
- $threads = 1;
- }
-if ($thread_cflag eq "(unknown)" && $threads)
- {
- # If the user asked for "threads", [s]he is also expected to
- # provide any system-dependent compiler options that are
- # necessary.
- if ($no_user_cflags)
- {
- print "You asked for multi-threading support, but didn't\n";
- print "provide any system-specific compiler options\n";
- exit(1);
- }
- $thread_cflags="-DOPENSSL_THREADS $cflags" ;
- $thread_defines .= "#define OPENSSL_THREADS\n";
- }
-else
- {
- $thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags";
- $thread_defines .= "#define OPENSSL_THREADS\n";
-# my $def;
-# foreach $def (split ' ',$thread_cflag)
-# {
-# if ($def =~ s/^-D// && $def !~ /^_/)
-# {
-# $thread_defines .= "#define $def\n";
-# }
-# }
- }
-
-$lflags="$libs$lflags" if ($libs ne "");
-
-if ($no_asm)
- {
- $cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj="";
- $sha1_obj=$md5_obj=$rmd160_obj="";
- }
-
-if (!$no_shared)
- {
- $cast_obj=""; # CAST assembler is not PIC
- }
-
-if ($threads)
- {
- $cflags=$thread_cflags;
- $openssl_thread_defines .= $thread_defines;
- }
-
-if ($zlib)
- {
- $cflags = "-DZLIB $cflags";
- if (defined($disabled{"zlib-dynamic"}))
- {
- $lflags = "$lflags -lz";
- }
- else
- {
- $cflags = "-DZLIB_SHARED $cflags";
- }
- }
-
-# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
-my $shared_mark = "";
-if ($shared_target eq "")
- {
- $no_shared_warn = 1 if !$no_shared;
- $no_shared = 1;
- }
-if (!$no_shared)
- {
- if ($shared_cflag ne "")
- {
- $cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
- }
- }
-
-if (!$IsMK1MF)
- {
- if ($no_shared)
- {
- $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
- }
- else
- {
- $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
- }
- }
-
-$cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
-# Compiler fix-ups
-if ($target =~ /icc$/)
- {
- my($iccver)=`$cc -V 2>&1`;
- if ($iccver =~ /Version ([0-9]+)\./) { $iccver=$1; }
- else { $iccver=0; }
- if ($iccver>=8)
- {
- # Eliminate unnecessary dependency from libirc.a. This is
- # essential for shared library support, as otherwise
- # apps/openssl can end up in endless loop upon startup...
- $cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset";
- }
- }
-
-if ($sys_id ne "")
- {
- #$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
- $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n";
- }
-
-if ($ranlib eq "")
- {
- $ranlib = $default_ranlib;
- }
-
-#my ($bn1)=split(/\s+/,$bn_obj);
-#$bn1 = "" unless defined $bn1;
-#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
-#$bn_obj="$bn1";
-
-$cpuid_obj="" if ($processor eq "386");
-
-$bn_obj = $bn_asm unless $bn_obj ne "";
-# bn86* is the only one implementing bn_*_part_words
-$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/);
-$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/);
-
-$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
-$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
-$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/);
-$rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/);
-$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/);
-if ($sha1_obj =~ /\.o$/)
- {
-# $sha1_obj=$sha1_enc;
- $cflags.=" -DSHA1_ASM" if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/);
- $cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/);
- $cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/);
- if ($sha1_obj =~ /x86/)
- { if ($no_sse2)
- { $sha1_obj =~ s/\S*sse2\S+//; }
- elsif ($cflags !~ /OPENSSL_IA32_SSE2/)
- { $cflags.=" -DOPENSSL_IA32_SSE2"; }
- }
- }
-if ($md5_obj =~ /\.o$/)
- {
-# $md5_obj=$md5_enc;
- $cflags.=" -DMD5_ASM";
- }
-if ($rmd160_obj =~ /\.o$/)
- {
-# $rmd160_obj=$rmd160_enc;
- $cflags.=" -DRMD160_ASM";
- }
-if ($aes_obj =~ /\.o$/)
- {
- $cflags.=" -DAES_ASM";
- }
-else {
- $aes_obj=$aes_enc;
- }
-
-# "Stringify" the C flags string. This permits it to be made part of a string
-# and works as well on command lines.
-$cflags =~ s/([\\\"])/\\\1/g;
-
-my $version = "unknown";
-my $version_num = "unknown";
-my $major = "unknown";
-my $minor = "unknown";
-my $shlib_version_number = "unknown";
-my $shlib_version_history = "unknown";
-my $shlib_major = "unknown";
-my $shlib_minor = "unknown";
-
-open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
-while (<IN>)
- {
- $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
- $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
- $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
- $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
- }
-close(IN);
-if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }
-
-if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
- {
- $major=$1;
- $minor=$2;
- }
-
-if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
- {
- $shlib_major=$1;
- $shlib_minor=$2;
- }
-
-open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
-unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
-open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
-my $sdirs=0;
-while (<IN>)
- {
- chomp;
- $sdirs = 1 if /^SDIRS=/;
- if ($sdirs) {
- my $dir;
- foreach $dir (@skip) {
- s/([ ])$dir /\1/;
- }
- }
- $sdirs = 0 unless /\\$/;
- s/^VERSION=.*/VERSION=$version/;
- s/^MAJOR=.*/MAJOR=$major/;
- s/^MINOR=.*/MINOR=$minor/;
- s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
- s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
- s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
- s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
- s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
- s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
- s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
- s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
- s/^PLATFORM=.*$/PLATFORM=$target/;
- s/^OPTIONS=.*$/OPTIONS=$options/;
- s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
- s/^CC=.*$/CC= $cc/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
- s/^CFLAG=.*$/CFLAG= $cflags/;
- s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
- s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
- s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
- s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
- s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
- s/^DES_ENC=.*$/DES_ENC= $des_obj/;
- s/^AES_ASM_OBJ=.*$/AES_ASM_OBJ= $aes_obj/;
- s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
- s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
- s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
- s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
- s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
- s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
- s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
- s/^PROCESSOR=.*/PROCESSOR= $processor/;
- s/^RANLIB=.*/RANLIB= $ranlib/;
- s/^ARFLAGS=.*/ARFLAGS= $arflags/;
- s/^PERL=.*/PERL= $perl/;
- s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
- s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
- s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
- s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
- s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
- s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
- s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
- if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
- {
- my $sotmp = $1;
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
- }
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
- {
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
- }
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
- {
- my $sotmp = $1;
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
- }
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
- {
- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
- }
- s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
- print OUT $_."\n";
- }
-close(IN);
-close(OUT);
-rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
-rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
-
-print "CC =$cc\n";
-print "CFLAG =$cflags\n";
-print "EX_LIBS =$lflags\n";
-print "CPUID_OBJ =$cpuid_obj\n";
-print "BN_ASM =$bn_obj\n";
-print "DES_ENC =$des_obj\n";
-print "AES_ASM_OBJ =$aes_obj\n";
-print "BF_ENC =$bf_obj\n";
-print "CAST_ENC =$cast_obj\n";
-print "RC4_ENC =$rc4_obj\n";
-print "RC5_ENC =$rc5_obj\n";
-print "MD5_OBJ_ASM =$md5_obj\n";
-print "SHA1_OBJ_ASM =$sha1_obj\n";
-print "RMD160_OBJ_ASM=$rmd160_obj\n";
-print "PROCESSOR =$processor\n";
-print "RANLIB =$ranlib\n";
-print "ARFLAGS =$arflags\n";
-print "PERL =$perl\n";
-print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
- if $withargs{"krb5-include"} ne "";
-
-my $des_ptr=0;
-my $des_risc1=0;
-my $des_risc2=0;
-my $des_unroll=0;
-my $bn_ll=0;
-my $def_int=2;
-my $rc4_int=$def_int;
-my $md2_int=$def_int;
-my $idea_int=$def_int;
-my $rc2_int=$def_int;
-my $rc4_idx=0;
-my $rc4_chunk=0;
-my $bf_ptr=0;
-my @type=("char","short","int","long");
-my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
-my $export_var_as_fn=0;
-
-my $des_int;
-
-foreach (sort split(/\s+/,$bn_ops))
- {
- $des_ptr=1 if /DES_PTR/;
- $des_risc1=1 if /DES_RISC1/;
- $des_risc2=1 if /DES_RISC2/;
- $des_unroll=1 if /DES_UNROLL/;
- $des_int=1 if /DES_INT/;
- $bn_ll=1 if /BN_LLONG/;
- $rc4_int=0 if /RC4_CHAR/;
- $rc4_int=3 if /RC4_LONG/;
- $rc4_idx=1 if /RC4_INDEX/;
- $rc4_chunk=1 if /RC4_CHUNK/;
- $rc4_chunk=2 if /RC4_CHUNK_LL/;
- $md2_int=0 if /MD2_CHAR/;
- $md2_int=3 if /MD2_LONG/;
- $idea_int=1 if /IDEA_SHORT/;
- $idea_int=3 if /IDEA_LONG/;
- $rc2_int=1 if /RC2_SHORT/;
- $rc2_int=3 if /RC2_LONG/;
- $bf_ptr=1 if $_ eq "BF_PTR";
- $bf_ptr=2 if $_ eq "BF_PTR2";
- ($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/;
- ($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/;
- ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
- ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
- ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
- $export_var_as_fn=1 if /EXPORT_VAR_AS_FN/;
- }
-
-open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
-unlink("crypto/opensslconf.h.new") || die "unable to remove old crypto/opensslconf.h.new:$!\n" if -e "crypto/opensslconf.h.new";
-open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n";
-print OUT "/* opensslconf.h */\n";
-print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";
-
-print OUT "/* OpenSSL was configured with the following options: */\n";
-my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
-$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg;
-$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-$openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq "";
-$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
-print OUT $openssl_sys_defines;
-print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
-print OUT $openssl_algorithm_defines;
-print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n";
-print OUT $openssl_thread_defines;
-print OUT $openssl_other_defines,"\n";
-
-print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n";
-print OUT " asks for it. This is a transient feature that is provided for those\n";
-print OUT " who haven't had the time to do the appropriate changes in their\n";
-print OUT " applications. */\n";
-print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n";
-print OUT $openssl_algorithm_defines_trans;
-print OUT "#endif\n\n";
-
-print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj);
-
-while (<IN>)
- {
- if (/^#define\s+OPENSSLDIR/)
- { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
- elsif (/^#define\s+ENGINESDIR/)
- { print OUT "#define ENGINESDIR \"$prefix/lib/engines\"\n"; }
- elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
- { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
- if $export_var_as_fn;
- printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n",
- ($export_var_as_fn)?"define":"undef"; }
- elsif (/^#define\s+OPENSSL_UNISTD/)
- {
- $unistd = "<unistd.h>" if $unistd eq "";
- print OUT "#define OPENSSL_UNISTD $unistd\n";
- }
- elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
- { printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
- { printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+THIRTY_TWO_BIT/)
- { printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+SIXTEEN_BIT/)
- { printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+EIGHT_BIT/)
- { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
- elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/)
- { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
- elsif (/^\#define\s+DES_LONG\s+.*/)
- { printf OUT "#define DES_LONG unsigned %s\n",
- ($des_int)?'int':'long'; }
- elsif (/^\#(define|undef)\s+DES_PTR/)
- { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
- elsif (/^\#(define|undef)\s+DES_RISC1/)
- { printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
- elsif (/^\#(define|undef)\s+DES_RISC2/)
- { printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
- elsif (/^\#(define|undef)\s+DES_UNROLL/)
- { printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
- elsif (/^#define\s+RC4_INT\s/)
- { printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
- elsif (/^#undef\s+RC4_CHUNK/)
- {
- printf OUT "#undef RC4_CHUNK\n" if $rc4_chunk==0;
- printf OUT "#define RC4_CHUNK unsigned long\n" if $rc4_chunk==1;
- printf OUT "#define RC4_CHUNK unsigned long long\n" if $rc4_chunk==2;
- }
- elsif (/^#((define)|(undef))\s+RC4_INDEX/)
- { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
- elsif (/^#(define|undef)\s+I386_ONLY/)
- { printf OUT "#%s I386_ONLY\n", ($processor eq "386")?
- "define":"undef"; }
- elsif (/^#define\s+MD2_INT\s/)
- { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
- elsif (/^#define\s+IDEA_INT\s/)
- {printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
- elsif (/^#define\s+RC2_INT\s/)
- {printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
- elsif (/^#(define|undef)\s+BF_PTR/)
- {
- printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
- printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
- printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
- }
- else
- { print OUT $_; }
- }
-close(IN);
-close(OUT);
-rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
-rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
-
-
-# Fix the date
-
-print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
-print "SIXTY_FOUR_BIT mode\n" if $b64;
-print "THIRTY_TWO_BIT mode\n" if $b32;
-print "SIXTEEN_BIT mode\n" if $b16;
-print "EIGHT_BIT mode\n" if $b8;
-print "DES_PTR used\n" if $des_ptr;
-print "DES_RISC1 used\n" if $des_risc1;
-print "DES_RISC2 used\n" if $des_risc2;
-print "DES_UNROLL used\n" if $des_unroll;
-print "DES_INT used\n" if $des_int;
-print "BN_LLONG mode\n" if $bn_ll;
-print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int;
-print "RC4_INDEX mode\n" if $rc4_idx;
-print "RC4_CHUNK is undefined\n" if $rc4_chunk==0;
-print "RC4_CHUNK is unsigned long\n" if $rc4_chunk==1;
-print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2;
-print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int;
-print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
-print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
-print "BF_PTR used\n" if $bf_ptr == 1;
-print "BF_PTR2 used\n" if $bf_ptr == 2;
-
-if($IsMK1MF) {
- open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
- printf OUT <<EOF;
-#ifndef MK1MF_BUILD
- /* auto-generated by Configure for crypto/cversion.c:
- * for Unix builds, crypto/Makefile.ssl generates functional definitions;
- * Windows builds (and other mk1mf builds) compile cversion.c with
- * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */
- #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles"
-#endif
-EOF
- close(OUT);
-} else {
- my $make_command = "make PERL=\'$perl\'";
- my $make_targets = "";
- $make_targets .= " links" if $symlink;
- $make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;
- $make_targets .= " gentests" if $symlink;
- (system $make_command.$make_targets) == 0 or exit $?
- if $make_targets ne "";
- if ( $perl =~ m@^/@) {
- &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
- &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
- } else {
- # No path for Perl known ...
- &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
- &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
- }
- if ($depflags ne $default_depflags && !$make_depend) {
- print <<EOF;
-
-Since you've disabled or enabled at least one algorithm, you need to do
-the following before building:
-
- make depend
-EOF
- }
-}
-
-# create the ms/version32.rc file if needed
-if ($IsMK1MF) {
- my ($v1, $v2, $v3, $v4);
- if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
- $v1=hex $1;
- $v2=hex $2;
- $v3=hex $3;
- $v4=hex $4;
- }
- open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc";
- print OUT <<EOF;
-#include <winver.h>
-
-LANGUAGE 0x09,0x01
-
-1 VERSIONINFO
- FILEVERSION $v1,$v2,$v3,$v4
- PRODUCTVERSION $v1,$v2,$v3,$v4
- FILEFLAGSMASK 0x3fL
-#ifdef _DEBUG
- FILEFLAGS 0x01L
-#else
- FILEFLAGS 0x00L
-#endif
- FILEOS VOS__WINDOWS32
- FILETYPE VFT_DLL
- FILESUBTYPE 0x0L
-BEGIN
- BLOCK "StringFileInfo"
- BEGIN
- BLOCK "040904b0"
- BEGIN
- // Required:
- VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
- VALUE "FileDescription", "OpenSSL Shared Library\\0"
- VALUE "FileVersion", "$version\\0"
-#if defined(CRYPTO)
- VALUE "InternalName", "libeay32\\0"
- VALUE "OriginalFilename", "libeay32.dll\\0"
-#elif defined(SSL)
- VALUE "InternalName", "ssleay32\\0"
- VALUE "OriginalFilename", "ssleay32.dll\\0"
-#endif
- VALUE "ProductName", "The OpenSSL Toolkit\\0"
- VALUE "ProductVersion", "$version\\0"
- // Optional:
- //VALUE "Comments", "\\0"
- VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
- //VALUE "LegalTrademarks", "\\0"
- //VALUE "PrivateBuild", "\\0"
- //VALUE "SpecialBuild", "\\0"
- END
- END
- BLOCK "VarFileInfo"
- BEGIN
- VALUE "Translation", 0x409, 0x4b0
- END
-END
-EOF
- close(OUT);
- }
-
-print <<EOF;
-
-Configured for $target.
-EOF
-
-print <<\EOF if (!$no_threads && !$threads);
-
-The library could not be configured for supporting multi-threaded
-applications as the compiler options required on this system are not known.
-See file INSTALL for details if you need multi-threading.
-EOF
-
-print <<\EOF if ($no_shared_warn);
-
-You gave the option 'shared'. Normally, that would give you shared libraries.
-Unfortunately, the OpenSSL configuration doesn't include shared library support
-for this platform yet, so it will pretend you gave the option 'no-shared'. If
-you can inform the developpers (openssl-dev\@openssl.org) how to support shared
-libraries on this platform, they will at least look at it and try their best
-(but please first make sure you have tried with a current version of OpenSSL).
-EOF
-
-exit(0);
-
-sub usage
- {
- print STDERR $usage;
- print STDERR "\npick os/compiler from:\n";
- my $j=0;
- my $i;
- my $k=0;
- foreach $i (sort keys %table)
- {
- next if $i =~ /^debug/;
- $k += length($i) + 1;
- if ($k > 78)
- {
- print STDERR "\n";
- $k=length($i);
- }
- print STDERR $i . " ";
- }
- foreach $i (sort keys %table)
- {
- next if $i !~ /^debug/;
- $k += length($i) + 1;
- if ($k > 78)
- {
- print STDERR "\n";
- $k=length($i);
- }
- print STDERR $i . " ";
- }
- print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n";
- exit(1);
- }
-
-sub which
- {
- my($name)=@_;
- my $path;
- foreach $path (split /:/, $ENV{PATH})
- {
- if (-f "$path/$name$exe_ext" and -x _)
- {
- return "$path/$name$exe_ext" unless ($name eq "perl" and
- system("$path/$name$exe_ext -e " . '\'exit($]<5.0);\''));
- }
- }
- }
-
-sub dofile
- {
- my $f; my $p; my %m; my @a; my $k; my $ff;
- ($f,$p,%m)=@_;
-
- open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n";
- @a=<IN>;
- close(IN);
- foreach $k (keys %m)
- {
- grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
- }
- open(OUT,">$f.new") || die "unable to open $f.new:$!\n";
- print OUT @a;
- close(OUT);
- rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f;
- rename("$f.new",$f) || die "unable to rename $f.new\n";
- }
-
-sub print_table_entry
- {
- my $target = shift;
-
- (my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
- my $bn_ops,my $cpuid_obj,my $bn_obj,my $des_obj,my $aes_obj, my $bf_obj,
- my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
- my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
- my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)=
- split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-
- print <<EOF
-
-*** $target
-\$cc = $cc
-\$cflags = $cflags
-\$unistd = $unistd
-\$thread_cflag = $thread_cflag
-\$sys_id = $sys_id
-\$lflags = $lflags
-\$bn_ops = $bn_ops
-\$cpuid_obj = $cpuid_obj
-\$bn_obj = $bn_obj
-\$des_obj = $des_obj
-\$aes_obj = $aes_obj
-\$bf_obj = $bf_obj
-\$md5_obj = $md5_obj
-\$sha1_obj = $sha1_obj
-\$cast_obj = $cast_obj
-\$rc4_obj = $rc4_obj
-\$rmd160_obj = $rmd160_obj
-\$rc5_obj = $rc5_obj
-\$dso_scheme = $dso_scheme
-\$shared_target= $shared_target
-\$shared_cflag = $shared_cflag
-\$shared_ldflag = $shared_ldflag
-\$shared_extension = $shared_extension
-\$ranlib = $ranlib
-\$arflags = $arflags
-EOF
- }
-
-sub test_sanity
- {
- my $errorcnt = 0;
-
- print STDERR "=" x 70, "\n";
- print STDERR "=== SANITY TESTING!\n";
- print STDERR "=== No configuration will be done, all other arguments will be ignored!\n";
- print STDERR "=" x 70, "\n";
-
- foreach $target (sort keys %table)
- {
- @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
-
- if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/)
- {
- $errorcnt++;
- print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
- print STDERR " in the previous field\n";
- }
- elsif ($fields[$idx_dso_scheme+1] =~ /^(dl|dlfcn|win32|vms)$/)
- {
- $errorcnt++;
- print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
- print STDERR " in the following field\n";
- }
- elsif ($fields[$idx_dso_scheme] !~ /^(dl|dlfcn|win32|vms|)$/)
- {
- $errorcnt++;
- print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n";
- print STDERR " valid values are 'dl', 'dlfcn', 'win32' and 'vms'\n";
- }
- }
- print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
- return $errorcnt;
- }
-
-# Attempt to detect MSYS environment
-
-sub is_msys
- {
- return 1 if (exists $ENV{"TERM"} && $ENV{"TERM"} eq "msys");
- return 0;
- }
diff --git a/crypto/openssl/FAQ b/crypto/openssl/FAQ
deleted file mode 100644
index 74bf952..0000000
--- a/crypto/openssl/FAQ
+++ /dev/null
@@ -1,898 +0,0 @@
-OpenSSL - Frequently Asked Questions
---------------------------------------
-
-[MISC] Miscellaneous questions
-
-* Which is the current version of OpenSSL?
-* Where is the documentation?
-* How can I contact the OpenSSL developers?
-* Where can I get a compiled version of OpenSSL?
-* Why aren't tools like 'autoconf' and 'libtool' used?
-* What is an 'engine' version?
-* How do I check the authenticity of the OpenSSL distribution?
-
-[LEGAL] Legal questions
-
-* Do I need patent licenses to use OpenSSL?
-* Can I use OpenSSL with GPL software?
-
-[USER] Questions on using the OpenSSL applications
-
-* Why do I get a "PRNG not seeded" error message?
-* Why do I get an "unable to write 'random state'" error message?
-* How do I create certificates or certificate requests?
-* Why can't I create certificate requests?
-* Why does <SSL program> fail with a certificate verify error?
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-* How can I create DSA certificates?
-* Why can't I make an SSL connection using a DSA certificate?
-* How can I remove the passphrase on a private key?
-* Why can't I use OpenSSL certificates with SSL client authentication?
-* Why does my browser give a warning about a mismatched hostname?
-* How do I install a CA certificate into a browser?
-* Why is OpenSSL x509 DN output not conformant to RFC2253?
-* What is a "128 bit certificate"? Can I create one with OpenSSL?
-
-[BUILD] Questions about building and testing OpenSSL
-
-* Why does the linker complain about undefined symbols?
-* Why does the OpenSSL test fail with "bc: command not found"?
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-* Why does the OpenSSL test fail with "bc: stack empty"?
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-* What is special about OpenSSL on Redhat?
-* Why does the OpenSSL compilation fail on MacOS X?
-* Why does the OpenSSL test suite fail on MacOS X?
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
-* Why does compiler fail to compile sha512.c?
-* Test suite still fails, what to do?
-
-[PROG] Questions about programming with OpenSSL
-
-* Is OpenSSL thread-safe?
-* I've compiled a program under Windows and it crashes: why?
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-* I've called <some function> and it fails, why?
-* I just get a load of numbers for the error output, what do they mean?
-* Why do I get errors about unknown algorithms?
-* Why can't the OpenSSH configure script detect OpenSSL?
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-* Why doesn't my server application receive a client certificate?
-* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
-* I think I've detected a memory leak, is this a bug?
-
-===============================================================================
-
-[MISC] ========================================================================
-
-* Which is the current version of OpenSSL?
-
-The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.8e was released on February 23rd, 2007.
-
-In addition to the current stable release, you can also access daily
-snapshots of the OpenSSL development version at <URL:
-ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access.
-
-
-* Where is the documentation?
-
-OpenSSL is a library that provides cryptographic functionality to
-applications such as secure web servers. Be sure to read the
-documentation of the application you want to use. The INSTALL file
-explains how to install this library.
-
-OpenSSL includes a command line utility that can be used to perform a
-variety of cryptographic functions. It is described in the openssl(1)
-manpage. Documentation for developers is currently being written. A
-few manual pages already are available; overviews over libcrypto and
-libssl are given in the crypto(3) and ssl(3) manpages.
-
-The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
-different directory if you specified one as described in INSTALL).
-In addition, you can read the most current versions at
-<URL: http://www.openssl.org/docs/>.
-
-For information on parts of libcrypto that are not yet documented, you
-might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
-predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much
-of this still applies to OpenSSL.
-
-There is some documentation about certificate extensions and PKCS#12
-in doc/openssl.txt
-
-The original SSLeay documentation is included in OpenSSL as
-doc/ssleay.txt. It may be useful when none of the other resources
-help, but please note that it reflects the obsolete version SSLeay
-0.6.6.
-
-
-* How can I contact the OpenSSL developers?
-
-The README file describes how to submit bug reports and patches to
-OpenSSL. Information on the OpenSSL mailing lists is available from
-<URL: http://www.openssl.org>.
-
-
-* Where can I get a compiled version of OpenSSL?
-
-You can finder pointers to binary distributions in
-http://www.openssl.org/related/binaries.html .
-
-Some applications that use OpenSSL are distributed in binary form.
-When using such an application, you don't need to install OpenSSL
-yourself; the application will include the required parts (e.g. DLLs).
-
-If you want to build OpenSSL on a Windows system and you don't have
-a C compiler, read the "Mingw32" section of INSTALL.W32 for information
-on how to obtain and install the free GNU C compiler.
-
-A number of Linux and *BSD distributions include OpenSSL.
-
-
-* Why aren't tools like 'autoconf' and 'libtool' used?
-
-autoconf will probably be used in future OpenSSL versions. If it was
-less Unix-centric, it might have been used much earlier.
-
-* What is an 'engine' version?
-
-With version 0.9.6 OpenSSL was extended to interface to external crypto
-hardware. This was realized in a special release '0.9.6-engine'. With
-version 0.9.7 the changes were merged into the main development line,
-so that the special release is no longer necessary.
-
-* How do I check the authenticity of the OpenSSL distribution?
-
-We provide MD5 digests and ASC signatures of each tarball.
-Use MD5 to check that a tarball from a mirror site is identical:
-
- md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
-
-You can check authenticity using pgp or gpg. You need the OpenSSL team
-member public key used to sign it (download it from a key server, see a
-list of keys at <URL: http://www.openssl.org/about/>). Then
-just do:
-
- pgp TARBALL.asc
-
-[LEGAL] =======================================================================
-
-* Do I need patent licenses to use OpenSSL?
-
-The patents section of the README file lists patents that may apply to
-you if you want to use OpenSSL. For information on intellectual
-property rights, please consult a lawyer. The OpenSSL team does not
-offer legal advice.
-
-You can configure OpenSSL so as not to use IDEA, MDC2 and RC5 by using
- ./config no-idea no-mdc2 no-rc5
-
-
-* Can I use OpenSSL with GPL software?
-
-On many systems including the major Linux and BSD distributions, yes (the
-GPL does not place restrictions on using libraries that are part of the
-normal operating system distribution).
-
-On other systems, the situation is less clear. Some GPL software copyright
-holders claim that you infringe on their rights if you use OpenSSL with
-their software on operating systems that don't normally include OpenSSL.
-
-If you develop open source software that uses OpenSSL, you may find it
-useful to choose an other license than the GPL, or state explicitly that
-"This program is released under the GPL with the additional exemption that
-compiling, linking, and/or using OpenSSL is allowed." If you are using
-GPL software developed by others, you may want to ask the copyright holder
-for permission to use their software with OpenSSL.
-
-
-[USER] ========================================================================
-
-* Why do I get a "PRNG not seeded" error message?
-
-Cryptographic software needs a source of unpredictable data to work
-correctly. Many open source operating systems provide a "randomness
-device" (/dev/urandom or /dev/random) that serves this purpose.
-All OpenSSL versions try to use /dev/urandom by default; starting with
-version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
-available.
-
-On other systems, applications have to call the RAND_add() or
-RAND_seed() function with appropriate data before generating keys or
-performing public key encryption. (These functions initialize the
-pseudo-random number generator, PRNG.) Some broken applications do
-not do this. As of version 0.9.5, the OpenSSL functions that need
-randomness report an error if the random number generator has not been
-seeded with at least 128 bits of randomness. If this error occurs and
-is not discussed in the documentation of the application you are
-using, please contact the author of that application; it is likely
-that it never worked correctly. OpenSSL 0.9.5 and later make the
-error visible by refusing to perform potentially insecure encryption.
-
-If you are using Solaris 8, you can add /dev/urandom and /dev/random
-devices by installing patch 112438 (Sparc) or 112439 (x86), which are
-available via the Patchfinder at <URL: http://sunsolve.sun.com>
-(Solaris 9 includes these devices by default). For /dev/random support
-for earlier Solaris versions, see Sun's statement at
-<URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
-(the SUNWski package is available in patch 105710).
-
-On systems without /dev/urandom and /dev/random, it is a good idea to
-use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
-details. Starting with version 0.9.7, OpenSSL will automatically look
-for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
-/etc/entropy.
-
-Most components of the openssl command line utility automatically try
-to seed the random number generator from a file. The name of the
-default seeding file is determined as follows: If environment variable
-RANDFILE is set, then it names the seeding file. Otherwise if
-environment variable HOME is set, then the seeding file is $HOME/.rnd.
-If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
-use file .rnd in the current directory while OpenSSL 0.9.6a uses no
-default seeding file at all. OpenSSL 0.9.6b and later will behave
-similarly to 0.9.6a, but will use a default of "C:\" for HOME on
-Windows systems if the environment variable has not been set.
-
-If the default seeding file does not exist or is too short, the "PRNG
-not seeded" error message may occur.
-
-The openssl command line utility will write back a new state to the
-default seeding file (and create this file if necessary) unless
-there was no sufficient seeding.
-
-Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
-Use the "-rand" option of the OpenSSL command line tools instead.
-The $RANDFILE environment variable and $HOME/.rnd are only used by the
-OpenSSL command line tools. Applications using the OpenSSL library
-provide their own configuration options to specify the entropy source,
-please check out the documentation coming the with application.
-
-
-* Why do I get an "unable to write 'random state'" error message?
-
-
-Sometimes the openssl command line utility does not abort with
-a "PRNG not seeded" error message, but complains that it is
-"unable to write 'random state'". This message refers to the
-default seeding file (see previous answer). A possible reason
-is that no default filename is known because neither RANDFILE
-nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the
-current directory in this case, but this has changed with 0.9.6a.)
-
-
-* How do I create certificates or certificate requests?
-
-Check out the CA.pl(1) manual page. This provides a simple wrapper round
-the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
-out the manual pages for the individual utilities and the certificate
-extensions documentation (currently in doc/openssl.txt).
-
-
-* Why can't I create certificate requests?
-
-You typically get the error:
-
- unable to find 'distinguished_name' in config
- problems making Certificate Request
-
-This is because it can't find the configuration file. Check out the
-DIAGNOSTICS section of req(1) for more information.
-
-
-* Why does <SSL program> fail with a certificate verify error?
-
-This problem is usually indicated by log messages saying something like
-"unable to get local issuer certificate" or "self signed certificate".
-When a certificate is verified its root CA must be "trusted" by OpenSSL
-this typically means that the CA certificate must be placed in a directory
-or file and the relevant program configured to read it. The OpenSSL program
-'verify' behaves in a similar way and issues similar error messages: check
-the verify(1) program manual page for more information.
-
-
-* Why can I only use weak ciphers when I connect to a server using OpenSSL?
-
-This is almost certainly because you are using an old "export grade" browser
-which only supports weak encryption. Upgrade your browser to support 128 bit
-ciphers.
-
-
-* How can I create DSA certificates?
-
-Check the CA.pl(1) manual page for a DSA certificate example.
-
-
-* Why can't I make an SSL connection to a server using a DSA certificate?
-
-Typically you'll see a message saying there are no shared ciphers when
-the same setup works fine with an RSA certificate. There are two possible
-causes. The client may not support connections to DSA servers most web
-browsers (including Netscape and MSIE) only support connections to servers
-supporting RSA cipher suites. The other cause is that a set of DH parameters
-has not been supplied to the server. DH parameters can be created with the
-dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
-check the source to s_server in apps/s_server.c for an example.
-
-
-* How can I remove the passphrase on a private key?
-
-Firstly you should be really *really* sure you want to do this. Leaving
-a private key unencrypted is a major security risk. If you decide that
-you do have to do this check the EXAMPLES sections of the rsa(1) and
-dsa(1) manual pages.
-
-
-* Why can't I use OpenSSL certificates with SSL client authentication?
-
-What will typically happen is that when a server requests authentication
-it will either not include your certificate or tell you that you have
-no client certificates (Netscape) or present you with an empty list box
-(MSIE). The reason for this is that when a server requests a client
-certificate it includes a list of CAs names which it will accept. Browsers
-will only let you select certificates from the list on the grounds that
-there is little point presenting a certificate which the server will
-reject.
-
-The solution is to add the relevant CA certificate to your servers "trusted
-CA list". How you do this depends on the server software in uses. You can
-print out the servers list of acceptable CAs using the OpenSSL s_client tool:
-
-openssl s_client -connect www.some.host:443 -prexit
-
-If your server only requests certificates on certain URLs then you may need
-to manually issue an HTTP GET command to get the list when s_client connects:
-
-GET /some/page/needing/a/certificate.html
-
-If your CA does not appear in the list then this confirms the problem.
-
-
-* Why does my browser give a warning about a mismatched hostname?
-
-Browsers expect the server's hostname to match the value in the commonName
-(CN) field of the certificate. If it does not then you get a warning.
-
-
-* How do I install a CA certificate into a browser?
-
-The usual way is to send the DER encoded certificate to the browser as
-MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
-link. On MSIE certain extensions such as .der or .cacert may also work, or you
-can import the certificate using the certificate import wizard.
-
-You can convert a certificate to DER form using the command:
-
-openssl x509 -in ca.pem -outform DER -out ca.der
-
-Occasionally someone suggests using a command such as:
-
-openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
-
-DO NOT DO THIS! This command will give away your CAs private key and
-reduces its security to zero: allowing anyone to forge certificates in
-whatever name they choose.
-
-* Why is OpenSSL x509 DN output not conformant to RFC2253?
-
-The ways to print out the oneline format of the DN (Distinguished Name) have
-been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
-interface, the "-nameopt" option could be introduded. See the manual
-page of the "openssl x509" commandline tool for details. The old behaviour
-has however been left as default for the sake of compatibility.
-
-* What is a "128 bit certificate"? Can I create one with OpenSSL?
-
-The term "128 bit certificate" is a highly misleading marketing term. It does
-*not* refer to the size of the public key in the certificate! A certificate
-containing a 128 bit RSA key would have negligible security.
-
-There were various other names such as "magic certificates", "SGC
-certificates", "step up certificates" etc.
-
-You can't generally create such a certificate using OpenSSL but there is no
-need to any more. Nowadays web browsers using unrestricted strong encryption
-are generally available.
-
-When there were tight export restrictions on the export of strong encryption
-software from the US only weak encryption algorithms could be freely exported
-(initially 40 bit and then 56 bit). It was widely recognised that this was
-inadequate. A relaxation the rules allowed the use of strong encryption but
-only to an authorised server.
-
-Two slighly different techniques were developed to support this, one used by
-Netscape was called "step up", the other used by MSIE was called "Server Gated
-Cryptography" (SGC). When a browser initially connected to a server it would
-check to see if the certificate contained certain extensions and was issued by
-an authorised authority. If these test succeeded it would reconnect using
-strong encryption.
-
-Only certain (initially one) certificate authorities could issue the
-certificates and they generally cost more than ordinary certificates.
-
-Although OpenSSL can create certificates containing the appropriate extensions
-the certificate would not come from a permitted authority and so would not
-be recognized.
-
-The export laws were later changed to allow almost unrestricted use of strong
-encryption so these certificates are now obsolete.
-
-
-[BUILD] =======================================================================
-
-* Why does the linker complain about undefined symbols?
-
-Maybe the compilation was interrupted, and make doesn't notice that
-something is missing. Run "make clean; make".
-
-If you used ./Configure instead of ./config, make sure that you
-selected the right target. File formats may differ slightly between
-OS versions (for example sparcv8/sparcv9, or a.out/elf).
-
-In case you get errors about the following symbols, use the config
-option "no-asm", as described in INSTALL:
-
- BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
- CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
- RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
- bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
- bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
- des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
- des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
-
-If none of these helps, you may want to try using the current snapshot.
-If the problem persists, please submit a bug report.
-
-
-* Why does the OpenSSL test fail with "bc: command not found"?
-
-You didn't install "bc", the Unix calculator. If you want to run the
-tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
-
-
-* Why does the OpenSSL test fail with "bc: 1 no implemented"?
-
-On some SCO installations or versions, bc has a bug that gets triggered
-when you run the test suite (using "make test"). The message returned is
-"bc: 1 not implemented".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL test fail with "bc: stack empty"?
-
-On some DG/ux versions, bc seems to have a too small stack for calculations
-that the OpenSSL bntest throws at it. This gets triggered when you run the
-test suite (using "make test"). The message returned is "bc: stack empty".
-
-The best way to deal with this is to find another implementation of bc
-and compile/install it. GNU bc (see http://www.gnu.org/software/software.html
-for download instructions) can be safely used, for example.
-
-
-* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
-
-On some Alpha installations running Tru64 Unix and Compaq C, the compilation
-of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual
-memory to continue compilation.' As far as the tests have shown, this may be
-a compiler bug. What happens is that it eats up a lot of resident memory
-to build something, probably a table. The problem is clearly in the
-optimization code, because if one eliminates optimization completely (-O0),
-the compilation goes through (and the compiler consumes about 2MB of resident
-memory instead of 240MB or whatever one's limit is currently).
-
-There are three options to solve this problem:
-
-1. set your current data segment size soft limit higher. Experience shows
-that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do
-this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
-kbytes to set the limit to.
-
-2. If you have a hard limit that is lower than what you need and you can't
-get it changed, you can compile all of OpenSSL with -O0 as optimization
-level. This is however not a very nice thing to do for those who expect to
-get the best result from OpenSSL. A bit more complicated solution is the
-following:
-
------ snip:start -----
- make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
- sed -e 's/ -O[0-9] / -O0 /'`"
- rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
- make
------ snip:end -----
-
-This will only compile sha_dgst.c with -O0, the rest with the optimization
-level chosen by the configuration process. When the above is done, do the
-test and installation and you're set.
-
-3. Reconfigure the toolkit with no-sha0 option to leave out SHA0. It
-should not be used and is not used in SSL/TLS nor any other recognized
-protocol in either case.
-
-
-* Why does the OpenSSL compilation fail with "ar: command not found"?
-
-Getting this message is quite usual on Solaris 2, because Sun has hidden
-away 'ar' and other development commands in directories that aren't in
-$PATH by default. One of those directories is '/usr/ccs/bin'. The
-quickest way to fix this is to do the following (it assumes you use sh
-or any sh-compatible shell):
-
------ snip:start -----
- PATH=${PATH}:/usr/ccs/bin; export PATH
------ snip:end -----
-
-and then redo the compilation. What you should really do is make sure
-'/usr/ccs/bin' is permanently in your $PATH, for example through your
-'.profile' (again, assuming you use a sh-compatible shell).
-
-
-* Why does the OpenSSL compilation fail on Win32 with VC++?
-
-Sometimes, you may get reports from VC++ command line (cl) that it
-can't find standard include files like stdio.h and other weirdnesses.
-One possible cause is that the environment isn't correctly set up.
-To solve that problem for VC++ versions up to 6, one should run
-VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
-installation directory (somewhere under 'Program Files'). For VC++
-version 7 (and up?), which is also called VS.NET, the file is called
-VSVARS32.BAT instead.
-This needs to be done prior to running NMAKE, and the changes are only
-valid for the current DOS session.
-
-
-* What is special about OpenSSL on Redhat?
-
-Red Hat Linux (release 7.0 and later) include a preinstalled limited
-version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
-is disabled in this version. The same may apply to other Linux distributions.
-Users may therefore wish to install more or all of the features left out.
-
-To do this you MUST ensure that you do not overwrite the openssl that is in
-/usr/bin on your Red Hat machine. Several packages depend on this file,
-including sendmail and ssh. /usr/local/bin is a good alternative choice. The
-libraries that come with Red Hat 7.0 onwards have different names and so are
-not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
-/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
-/lib/libcrypto.so.2 respectively).
-
-Please note that we have been advised by Red Hat attempting to recompile the
-openssl rpm with all the cryptography enabled will not work. All other
-packages depend on the original Red Hat supplied openssl package. It is also
-worth noting that due to the way Red Hat supplies its packages, updates to
-openssl on each distribution never change the package version, only the
-build number. For example, on Red Hat 7.1, the latest openssl package has
-version number 0.9.6 and build number 9 even though it contains all the
-relevant updates in packages up to and including 0.9.6b.
-
-A possible way around this is to persuade Red Hat to produce a non-US
-version of Red Hat Linux.
-
-FYI: Patent numbers and expiry dates of US patents:
-MDC-2: 4,908,861 13/03/2007
-IDEA: 5,214,703 25/05/2010
-RC5: 5,724,428 03/03/2015
-
-
-* Why does the OpenSSL compilation fail on MacOS X?
-
-If the failure happens when trying to build the "openssl" binary, with
-a large number of undefined symbols, it's very probable that you have
-OpenSSL 0.9.6b delivered with the operating system (you can find out by
-running '/usr/bin/openssl version') and that you were trying to build
-OpenSSL 0.9.7 or newer. The problem is that the loader ('ld') in
-MacOS X has a misfeature that's quite difficult to go around.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-
-* Why does the OpenSSL test suite fail on MacOS X?
-
-If the failure happens when running 'make test' and the RC4 test fails,
-it's very probable that you have OpenSSL 0.9.6b delivered with the
-operating system (you can find out by running '/usr/bin/openssl version')
-and that you were trying to build OpenSSL 0.9.6d. The problem is that
-the loader ('ld') in MacOS X has a misfeature that's quite difficult to
-go around and has linked the programs "openssl" and the test programs
-with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
-libraries you just built.
-Look in the file PROBLEMS for a more detailed explanation and for possible
-solutions.
-
-* Why does the OpenSSL test suite fail in BN_sqr test [on a 64-bit platform]?
-
-Failure in BN_sqr test is most likely caused by a failure to configure the
-toolkit for current platform or lack of support for the platform in question.
-Run './config -t' and './apps/openssl version -p'. Do these platform
-identifiers match? If they don't, then you most likely failed to run
-./config and you're hereby advised to do so before filing a bug report.
-If ./config itself fails to run, then it's most likely problem with your
-local environment and you should turn to your system administrator (or
-similar). If identifiers match (and/or no alternative identifier is
-suggested by ./config script), then the platform is unsupported. There might
-or might not be a workaround. Most notably on SPARC64 platforms with GNU
-C compiler you should be able to produce a working build by running
-'./config -m32'. I understand that -m32 might not be what you want/need,
-but the build should be operational. For further details turn to
-<openssl-dev@openssl.org>.
-
-* Why does OpenBSD-i386 build fail on des-586.s with "Unimplemented segment type"?
-
-As of 0.9.7 assembler routines were overhauled for position independence
-of the machine code, which is essential for shared library support. For
-some reason OpenBSD is equipped with an out-of-date GNU assembler which
-finds the new code offensive. To work around the problem, configure with
-no-asm (and sacrifice a great deal of performance) or patch your assembler
-according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
-For your convenience a pre-compiled replacement binary is provided at
-<URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
-Reportedly elder *BSD a.out platforms also suffer from this problem and
-remedy should be same. Provided binary is statically linked and should be
-working across wider range of *BSD branches, not just OpenBSD.
-
-* Why does the OpenSSL test suite fail in sha512t on x86 CPU?
-
-If the test program in question fails withs SIGILL, Illegal Instruction
-exception, then you more than likely to run SSE2-capable CPU, such as
-Intel P4, under control of kernel which does not support SSE2
-instruction extentions. See accompanying INSTALL file and
-OPENSSL_ia32cap(3) documentation page for further information.
-
-* Why does compiler fail to compile sha512.c?
-
-OpenSSL SHA-512 implementation depends on compiler support for 64-bit
-integer type. Few elder compilers [ULTRIX cc, SCO compiler to mention a
-couple] lack support for this and therefore are incapable of compiling
-the module in question. The recommendation is to disable SHA-512 by
-adding no-sha512 to ./config [or ./Configure] command line. Another
-possible alternative might be to switch to GCC.
-
-* Test suite still fails, what to do?
-
-Another common reason for failure to complete some particular test is
-simply bad code generated by a buggy component in toolchain or deficiency
-in run-time environment. There are few cases documented in PROBLEMS file,
-consult it for possible workaround before you beat the drum. Even if you
-don't find solution or even mention there, do reserve for possibility of
-a compiler bug. Compiler bugs might appear in rather bizarre ways, they
-never make sense, and tend to emerge when you least expect them. In order
-to identify one, drop optimization level, e.g. by editing CFLAG line in
-top-level Makefile, recompile and re-run the test.
-
-[PROG] ========================================================================
-
-* Is OpenSSL thread-safe?
-
-Yes (with limitations: an SSL connection may not concurrently be used
-by multiple threads). On Windows and many Unix systems, OpenSSL
-automatically uses the multi-threaded versions of the standard
-libraries. If your platform is not one of these, consult the INSTALL
-file.
-
-Multi-threaded applications must provide two callback functions to
-OpenSSL by calling CRYPTO_set_locking_callback() and
-CRYPTO_set_id_callback(). This is described in the threads(3)
-manpage.
-
-* I've compiled a program under Windows and it crashes: why?
-
-This is usually because you've missed the comment in INSTALL.W32.
-Your application must link against the same version of the Win32
-C-Runtime against which your openssl libraries were linked. The
-default version for OpenSSL is /MD - "Multithreaded DLL".
-
-If you are using Microsoft Visual C++'s IDE (Visual Studio), in
-many cases, your new project most likely defaulted to "Debug
-Singlethreaded" - /ML. This is NOT interchangeable with /MD and your
-program will crash, typically on the first BIO related read or write
-operation.
-
-For each of the six possible link stage configurations within Win32,
-your application must link against the same by which OpenSSL was
-built. If you are using MS Visual C++ (Studio) this can be changed
-by:
-
- 1. Select Settings... from the Project Menu.
- 2. Select the C/C++ Tab.
- 3. Select "Code Generation from the "Category" drop down list box
- 4. Select the Appropriate library (see table below) from the "Use
- run-time library" drop down list box. Perform this step for both
- your debug and release versions of your application (look at the
- top left of the settings panel to change between the two)
-
- Single Threaded /ML - MS VC++ often defaults to
- this for the release
- version of a new project.
- Debug Single Threaded /MLd - MS VC++ often defaults to
- this for the debug version
- of a new project.
- Multithreaded /MT
- Debug Multithreaded /MTd
- Multithreaded DLL /MD - OpenSSL defaults to this.
- Debug Multithreaded DLL /MDd
-
-Note that debug and release libraries are NOT interchangeable. If you
-built OpenSSL with /MD your application must use /MD and cannot use /MDd.
-
-As per 0.9.8 the above limitation is eliminated for .DLLs. OpenSSL
-.DLLs compiled with some specific run-time option [we insist on the
-default /MD] can be deployed with application compiled with different
-option or even different compiler. But there is a catch! Instead of
-re-compiling OpenSSL toolkit, as you would have to with prior versions,
-you have to compile small C snippet with compiler and/or options of
-your choice. The snippet gets installed as
-<install-root>/include/openssl/applink.c and should be either added to
-your application project or simply #include-d in one [and only one]
-of your application source files. Failure to link this shim module
-into your application manifests itself as fatal "no OPENSSL_Applink"
-run-time error. An explicit reminder is due that in this situation
-[mixing compiler options] it is as important to add CRYPTO_malloc_init
-prior first call to OpenSSL.
-
-* How do I read or write a DER encoded buffer using the ASN1 functions?
-
-You have two options. You can either use a memory BIO in conjunction
-with the i2d_*_bio() or d2i_*_bio() functions or you can use the
-i2d_*(), d2i_*() functions directly. Since these are often the
-cause of grief here are some code fragments using PKCS7 as an example:
-
- unsigned char *buf, *p;
- int len;
-
- len = i2d_PKCS7(p7, NULL);
- buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
- p = buf;
- i2d_PKCS7(p7, &p);
-
-At this point buf contains the len bytes of the DER encoding of
-p7.
-
-The opposite assumes we already have len bytes in buf:
-
- unsigned char *p;
- p = buf;
- p7 = d2i_PKCS7(NULL, &p, len);
-
-At this point p7 contains a valid PKCS7 structure of NULL if an error
-occurred. If an error occurred ERR_print_errors(bio) should give more
-information.
-
-The reason for the temporary variable 'p' is that the ASN1 functions
-increment the passed pointer so it is ready to read or write the next
-structure. This is often a cause of problems: without the temporary
-variable the buffer pointer is changed to point just after the data
-that has been read or written. This may well be uninitialized data
-and attempts to free the buffer will have unpredictable results
-because it no longer points to the same address.
-
-
-* OpenSSL uses DER but I need BER format: does OpenSSL support BER?
-
-The short answer is yes, because DER is a special case of BER and OpenSSL
-ASN1 decoders can process BER.
-
-The longer answer is that ASN1 structures can be encoded in a number of
-different ways. One set of ways is the Basic Encoding Rules (BER) with various
-permissible encodings. A restriction of BER is the Distinguished Encoding
-Rules (DER): these uniquely specify how a given structure is encoded.
-
-Therefore, because DER is a special case of BER, DER is an acceptable encoding
-for BER.
-
-
-* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
-
-This usually happens when you try compiling something using the PKCS#12
-macros with a C++ compiler. There is hardly ever any need to use the
-PKCS#12 macros in a program, it is much easier to parse and create
-PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
-documented in doc/openssl.txt and with examples in demos/pkcs12. The
-'pkcs12' application has to use the macros because it prints out
-debugging information.
-
-
-* I've called <some function> and it fails, why?
-
-Before submitting a report or asking in one of the mailing lists, you
-should try to determine the cause. In particular, you should call
-ERR_print_errors() or ERR_print_errors_fp() after the failed call
-and see if the message helps. Note that the problem may occur earlier
-than you think -- you should check for errors after every call where
-it is possible, otherwise the actual problem may be hidden because
-some OpenSSL functions clear the error state.
-
-
-* I just get a load of numbers for the error output, what do they mean?
-
-The actual format is described in the ERR_print_errors() manual page.
-You should call the function ERR_load_crypto_strings() before hand and
-the message will be output in text form. If you can't do this (for example
-it is a pre-compiled binary) you can use the errstr utility on the error
-code itself (the hex digits after the second colon).
-
-
-* Why do I get errors about unknown algorithms?
-
-This can happen under several circumstances such as reading in an
-encrypted private key or attempting to decrypt a PKCS#12 file. The cause
-is forgetting to load OpenSSL's table of algorithms with
-OpenSSL_add_all_algorithms(). See the manual page for more information.
-
-
-* Why can't the OpenSSH configure script detect OpenSSL?
-
-Several reasons for problems with the automatic detection exist.
-OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
-Sometimes the distribution has installed an older version in the system
-locations that is detected instead of a new one installed. The OpenSSL
-library might have been compiled for another CPU or another mode (32/64 bits).
-Permissions might be wrong.
-
-The general answer is to check the config.log file generated when running
-the OpenSSH configure script. It should contain the detailed information
-on why the OpenSSL library was not detected or considered incompatible.
-
-
-* Can I use OpenSSL's SSL library with non-blocking I/O?
-
-Yes; make sure to read the SSL_get_error(3) manual page!
-
-A pitfall to avoid: Don't assume that SSL_read() will just read from
-the underlying transport or that SSL_write() will just write to it --
-it is also possible that SSL_write() cannot do any useful work until
-there is data to read, or that SSL_read() cannot do anything until it
-is possible to send data. One reason for this is that the peer may
-request a new TLS/SSL handshake at any time during the protocol,
-requiring a bi-directional message exchange; both SSL_read() and
-SSL_write() will try to continue any pending handshake.
-
-
-* Why doesn't my server application receive a client certificate?
-
-Due to the TLS protocol definition, a client will only send a certificate,
-if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
-SSL_CTX_set_verify() function to enable the use of client certificates.
-
-
-* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
-
-For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
-versions, uniqueIdentifier was incorrectly used for X.509 certificates.
-The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
-Change your code to use the new name when compiling against OpenSSL 0.9.7.
-
-
-* I think I've detected a memory leak, is this a bug?
-
-In most cases the cause of an apparent memory leak is an OpenSSL internal table
-that is allocated when an application starts up. Since such tables do not grow
-in size over time they are harmless.
-
-These internal tables can be freed up when an application closes using various
-functions. Currently these include following:
-
-Thread-local cleanup functions:
-
- ERR_remove_state()
-
-Application-global cleanup functions that are aware of usage (and therefore
-thread-safe):
-
- ENGINE_cleanup() and CONF_modules_unload()
-
-"Brutal" (thread-unsafe) Application-global cleanup functions:
-
- ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
-
-
-===============================================================================
-
diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL
deleted file mode 100644
index 83439f1..0000000
--- a/crypto/openssl/INSTALL
+++ /dev/null
@@ -1,350 +0,0 @@
-
- INSTALLATION ON THE UNIX PLATFORM
- ---------------------------------
-
- [Installation on DOS (with djgpp), Windows, OpenVMS, MacOS (before MacOS X)
- and NetWare is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS,
- INSTALL.MacOS and INSTALL.NW.
-
- This document describes installation on operating systems in the Unix
- family.]
-
- To install OpenSSL, you will need:
-
- * make
- * Perl 5
- * an ANSI C compiler
- * a development environment in form of development libraries and C
- header files
- * a supported Unix operating system
-
- Quick Start
- -----------
-
- If you want to just get on with it, do:
-
- $ ./config
- $ make
- $ make test
- $ make install
-
- [If any of these steps fails, see section Installation in Detail below.]
-
- This will build and install OpenSSL in the default location, which is (for
- historical reasons) /usr/local/ssl. If you want to install it anywhere else,
- run config like this:
-
- $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
-
-
- Configuration Options
- ---------------------
-
- There are several options to ./config (or ./Configure) to customize
- the build:
-
- --prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl.
- Configuration files used by OpenSSL will be in DIR/ssl
- or the directory specified by --openssldir.
-
- --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
- the library files and binaries are also installed there.
-
- no-threads Don't try to build with support for multi-threaded
- applications.
-
- threads Build with support for multi-threaded applications.
- This will usually require additional system-dependent options!
- See "Note on multi-threading" below.
-
- no-zlib Don't try to build with support for zlib compression and
- decompression.
-
- zlib Build with support for zlib compression/decompression.
-
- zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically
- when needed. This is only supported on systems where loading
- of shared libraries is supported. This is the default choice.
-
- no-shared Don't try to create shared libraries.
-
- shared In addition to the usual static libraries, create shared
- libraries on platforms where it's supported. See "Note on
- shared libraries" below.
-
- no-asm Do not use assembler code.
-
- 386 Use the 80386 instruction set only (the default x86 code is
- more efficient, but requires at least a 486). Note: Use
- compiler flags for any other CPU specific configuration,
- e.g. "-m32" to build x86 code on an x64 system.
-
- no-sse2 Exclude SSE2 code pathes. Normally SSE2 extention is
- detected at run-time, but the decision whether or not the
- machine code will be executed is taken solely on CPU
- capability vector. This means that if you happen to run OS
- kernel which does not support SSE2 extension on Intel P4
- processor, then your application might be exposed to
- "illegal instruction" exception. There might be a way
- to enable support in kernel, e.g. FreeBSD kernel can be
- compiled with CPU_ENABLE_SSE, and there is a way to
- disengage SSE2 code pathes upon application start-up,
- but if you aim for wider "audience" running such kernel,
- consider no-sse2. Both 386 and no-asm options above imply
- no-sse2.
-
- no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa,
- hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
- The crypto/<cipher> directory can be removed after running
- "make depend".
-
- -Dxxx, -lxxx, -Lxxx, -fxxx, -mxxx, -Kxxx These system specific options will
- be passed through to the compiler to allow you to
- define preprocessor symbols, specify additional libraries,
- library directories or other compiler options.
-
-
- Installation in Detail
- ----------------------
-
- 1a. Configure OpenSSL for your operation system automatically:
-
- $ ./config [options]
-
- This guesses at your operating system (and compiler, if necessary) and
- configures OpenSSL based on this guess. Run ./config -t to see
- if it guessed correctly. If you want to use a different compiler, you
- are cross-compiling for another platform, or the ./config guess was
- wrong for other reasons, go to step 1b. Otherwise go to step 2.
-
- On some systems, you can include debugging information as follows:
-
- $ ./config -d [options]
-
- 1b. Configure OpenSSL for your operating system manually
-
- OpenSSL knows about a range of different operating system, hardware and
- compiler combinations. To see the ones it knows about, run
-
- $ ./Configure
-
- Pick a suitable name from the list that matches your system. For most
- operating systems there is a choice between using "cc" or "gcc". When
- you have identified your system (and if necessary compiler) use this name
- as the argument to ./Configure. For example, a "linux-elf" user would
- run:
-
- $ ./Configure linux-elf [options]
-
- If your system is not available, you will have to edit the Configure
- program and add the correct configuration for your system. The
- generic configurations "cc" or "gcc" should usually work on 32 bit
- systems.
-
- Configure creates the file Makefile.ssl from Makefile.org and
- defines various macros in crypto/opensslconf.h (generated from
- crypto/opensslconf.h.in).
-
- 2. Build OpenSSL by running:
-
- $ make
-
- This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
- OpenSSL binary ("openssl"). The libraries will be built in the top-level
- directory, and the binary will be in the "apps" directory.
-
- If "make" fails, look at the output. There may be reasons for
- the failure that aren't problems in OpenSSL itself (like missing
- standard headers). If it is a problem with OpenSSL itself, please
- report the problem to <openssl-bugs@openssl.org> (note that your
- message will be recorded in the request tracker publicly readable
- via http://www.openssl.org/support/rt2.html and will be forwarded to a
- public mailing list). Include the output of "make report" in your message.
- Please check out the request tracker. Maybe the bug was already
- reported or has already been fixed.
-
- [If you encounter assembler error messages, try the "no-asm"
- configuration option as an immediate fix.]
-
- Compiling parts of OpenSSL with gcc and others with the system
- compiler will result in unresolved symbols on some systems.
-
- 3. After a successful build, the libraries should be tested. Run:
-
- $ make test
-
- If a test fails, look at the output. There may be reasons for
- the failure that isn't a problem in OpenSSL itself (like a missing
- or malfunctioning bc). If it is a problem with OpenSSL itself,
- try removing any compiler optimization flags from the CFLAG line
- in Makefile.ssl and run "make clean; make". Please send a bug
- report to <openssl-bugs@openssl.org>, including the output of
- "make report" in order to be added to the request tracker at
- http://www.openssl.org/support/rt2.html.
-
- 4. If everything tests ok, install OpenSSL with
-
- $ make install
-
- This will create the installation directory (if it does not exist) and
- then the following subdirectories:
-
- certs Initially empty, this is the default location
- for certificate files.
- man/man1 Manual pages for the 'openssl' command line tool
- man/man3 Manual pages for the libraries (very incomplete)
- misc Various scripts.
- private Initially empty, this is the default location
- for private key files.
-
- If you didn't choose a different installation prefix, the
- following additional subdirectories will be created:
-
- bin Contains the openssl binary and a few other
- utility programs.
- include/openssl Contains the header files needed if you want to
- compile programs with libcrypto or libssl.
- lib Contains the OpenSSL library files themselves.
-
- Package builders who want to configure the library for standard
- locations, but have the package installed somewhere else so that
- it can easily be packaged, can use
-
- $ make INSTALL_PREFIX=/tmp/package-root install
-
- (or specify "--install_prefix=/tmp/package-root" as a configure
- option). The specified prefix will be prepended to all
- installation target filenames.
-
-
- NOTE: The header files used to reside directly in the include
- directory, but have now been moved to include/openssl so that
- OpenSSL can co-exist with other libraries which use some of the
- same filenames. This means that applications that use OpenSSL
- should now use C preprocessor directives of the form
-
- #include <openssl/ssl.h>
-
- instead of "#include <ssl.h>", which was used with library versions
- up to OpenSSL 0.9.2b.
-
- If you install a new version of OpenSSL over an old library version,
- you should delete the old header files in the include directory.
-
- Compatibility issues:
-
- * COMPILING existing applications
-
- To compile an application that uses old filenames -- e.g.
- "#include <ssl.h>" --, it will usually be enough to find
- the CFLAGS definition in the application's Makefile and
- add a C option such as
-
- -I/usr/local/ssl/include/openssl
-
- to it.
-
- But don't delete the existing -I option that points to
- the ..../include directory! Otherwise, OpenSSL header files
- could not #include each other.
-
- * WRITING applications
-
- To write an application that is able to handle both the new
- and the old directory layout, so that it can still be compiled
- with library versions up to OpenSSL 0.9.2b without bothering
- the user, you can proceed as follows:
-
- - Always use the new filename of OpenSSL header files,
- e.g. #include <openssl/ssl.h>.
-
- - Create a directory "incl" that contains only a symbolic
- link named "openssl", which points to the "include" directory
- of OpenSSL.
- For example, your application's Makefile might contain the
- following rule, if OPENSSLDIR is a pathname (absolute or
- relative) of the directory where OpenSSL resides:
-
- incl/openssl:
- -mkdir incl
- cd $(OPENSSLDIR) # Check whether the directory really exists
- -ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
-
- You will have to add "incl/openssl" to the dependencies
- of those C files that include some OpenSSL header file.
-
- - Add "-Iincl" to your CFLAGS.
-
- With these additions, the OpenSSL header files will be available
- under both name variants if an old library version is used:
- Your application can reach them under names like <openssl/foo.h>,
- while the header files still are able to #include each other
- with names of the form <foo.h>.
-
-
- Note on multi-threading
- -----------------------
-
- For some systems, the OpenSSL Configure script knows what compiler options
- are needed to generate a library that is suitable for multi-threaded
- applications. On these systems, support for multi-threading is enabled
- by default; use the "no-threads" option to disable (this should never be
- necessary).
-
- On other systems, to enable support for multi-threading, you will have
- to specify at least two options: "threads", and a system-dependent option.
- (The latter is "-D_REENTRANT" on various systems.) The default in this
- case, obviously, is not to include support for multi-threading (but
- you can still use "no-threads" to suppress an annoying warning message
- from the Configure script.)
-
-
- Note on shared libraries
- ------------------------
-
- Shared libraries have certain caveats. Binary backward compatibility
- can't be guaranteed before OpenSSL version 1.0. The only reason to
- use them would be to conserve memory on systems where several programs
- are using OpenSSL.
-
- For some systems, the OpenSSL Configure script knows what is needed to
- build shared libraries for libcrypto and libssl. On these systems,
- the shared libraries are currently not created by default, but giving
- the option "shared" will get them created. This method supports Makefile
- targets for shared library creation, like linux-shared. Those targets
- can currently be used on their own just as well, but this is expected
- to change in future versions of OpenSSL.
-
- Note on random number generation
- --------------------------------
-
- Availability of cryptographically secure random numbers is required for
- secret key generation. OpenSSL provides several options to seed the
- internal PRNG. If not properly seeded, the internal PRNG will refuse
- to deliver random bytes and a "PRNG not seeded error" will occur.
- On systems without /dev/urandom (or similar) device, it may be necessary
- to install additional support software to obtain random seed.
- Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
- and the FAQ for more information.
-
- Note on support for multiple builds
- -----------------------------------
-
- OpenSSL is usually built in its source tree. Unfortunately, this doesn't
- support building for multiple platforms from the same source tree very well.
- It is however possible to build in a separate tree through the use of lots
- of symbolic links, which should be prepared like this:
-
- mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
- cd objtree/"`uname -s`-`uname -r`-`uname -m`"
- (cd $OPENSSL_SOURCE; find . -type f) | while read F; do
- mkdir -p `dirname $F`
- rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
- echo $F '->' $OPENSSL_SOURCE/$F
- done
- make -f Makefile.org clean
-
- OPENSSL_SOURCE is an environment variable that contains the absolute (this
- is important!) path to the OpenSSL source tree.
-
- Also, operations like 'make update' should still be made in the source tree.
diff --git a/crypto/openssl/LICENSE b/crypto/openssl/LICENSE
deleted file mode 100644
index ff99d97..0000000
--- a/crypto/openssl/LICENSE
+++ /dev/null
@@ -1,127 +0,0 @@
-
- LICENSE ISSUES
- ==============
-
- The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
- the OpenSSL License and the original SSLeay license apply to the toolkit.
- See below for the actual license texts. Actually both licenses are BSD-style
- Open Source licenses. In case of any license issues related to OpenSSL
- please contact openssl-core@openssl.org.
-
- OpenSSL License
- ---------------
-
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
- Original SSLeay License
- -----------------------
-
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
diff --git a/crypto/openssl/Makefile b/crypto/openssl/Makefile
deleted file mode 100644
index e2223b7..0000000
--- a/crypto/openssl/Makefile
+++ /dev/null
@@ -1,590 +0,0 @@
-### Generated automatically from Makefile.org by Configure.
-
-##
-## Makefile for OpenSSL
-##
-
-VERSION=0.9.8e
-MAJOR=0
-MINOR=9.8
-SHLIB_VERSION_NUMBER=0.9.8
-SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=0
-SHLIB_MINOR=9.8
-SHLIB_EXT=
-PLATFORM=dist
-OPTIONS= no-camellia no-gmp no-krb5 no-mdc2 no-rc5 no-rfc3779 no-shared no-zlib no-zlib-dynamic
-CONFIGURE_ARGS=dist
-SHLIB_TARGET=
-
-# HERE indicates where this Makefile lives. This can be used to indicate
-# where sub-Makefiles are expected to be. Currently has very limited usage,
-# and should probably not be bothered with at all.
-HERE=.
-
-# INSTALL_PREFIX is for package builders so that they can configure
-# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
-# Normally it is left empty.
-INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
-
-# Do not edit this manually. Use Configure --openssldir=DIR do change this!
-OPENSSLDIR=/usr/local/ssl
-
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4 - Define to build without the RC4 algorithm
-# NO_RC2 - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-# one. 32 bytes will be read from this when the random
-# number generator is initalised.
-# SSL_FORBID_ENULL - define if you want the server to be not able to use the
-# NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-# call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= cc
-CFLAG= -O
-DEPFLAG= -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779
-PEX_LIBS=
-EX_LIBS=
-EXE_EXT=
-ARFLAGS=
-AR=ar $(ARFLAGS) r
-RANLIB= /usr/bin/ranlib
-PERL= /usr/bin/perl
-TAR= tar
-TARFLAGS= --no-recursion
-MAKEDEPPROG=makedepend
-
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-AS=$(CC) -c
-ASFLAG=$(CFLAG)
-
-# For x86 assembler: Set PROCESSOR to 386 if you want to support
-# the 80386.
-PROCESSOR=
-
-# CPUID module collects small commonly used assembler snippets
-CPUID_OBJ=
-BN_ASM= bn_asm.o
-DES_ENC= des_enc.o fcrypt_b.o
-AES_ASM_OBJ= aes_core.o aes_cbc.o
-BF_ENC= bf_enc.o
-CAST_ENC= c_enc.o
-RC4_ENC= rc4_enc.o
-RC5_ENC= rc5_enc.o
-MD5_ASM_OBJ=
-SHA1_ASM_OBJ=
-RMD160_ASM_OBJ=
-
-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
-# Zlib stuff
-ZLIB_INCLUDE=
-LIBZLIB=
-
-DIRS= crypto ssl engines apps test tools
-SHLIBDIRS= crypto ssl
-
-# dirs in crypto to build
-SDIRS= \
- objects \
- md2 md4 md5 sha hmac ripemd \
- des aes rc2 rc4 idea bf cast \
- bn ec rsa dsa ecdsa dh ecdh dso engine \
- buffer bio stack lhash rand err \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
- store pqueue
-# keep in mind that the above list is adjusted by ./Configure
-# according to no-xxx arguments...
-
-# tests to perform. "alltests" is a special word indicating that all tests
-# should be performed.
-TESTS = alltests
-
-MAKEFILE= Makefile
-
-MANDIR=$(OPENSSLDIR)/man
-MAN1=1
-MAN3=3
-MANSUFFIX=
-SHELL=/bin/sh
-
-TOP= .
-ONEDIRS=out tmp
-EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
-WDIRS= windows
-LIBS= libcrypto.a libssl.a
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
-
-GENERAL= Makefile
-BASENAME= openssl
-NAME= $(BASENAME)-$(VERSION)
-TARFILE= $(NAME).tar
-WTARFILE= $(NAME)-win.tar
-EXHEADER= e_os2.h
-HEADER= e_os.h
-
-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
-
-# as we stick to -e, CLEARENV ensures that local variables in lower
-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-# shell, which [annoyingly enough] terminates unset with error if VAR
-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
-# which terminates unset with error if no variable was present:-(
-CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
- $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
- $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
- $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
- $${EXHEADER+EXHEADER} $${HEADER+HEADER} \
- $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
- $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
- $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
- $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
- $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
-
-BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
- CC='${CC}' CFLAG='${CFLAG}' \
- AS='${CC}' ASFLAG='${CFLAG} -c' \
- AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
- SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \
- INSTALL_PREFIX='${INSTALL_PREFIX}' \
- INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
- MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
- DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
- MAKEDEPPROG='${MAKEDEPPROG}' \
- SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
- KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
- EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
- SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
- PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
- CPUID_OBJ='${CPUID_OBJ}' \
- BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
- AES_ASM_OBJ='${AES_ASM_OBJ}' \
- BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
- RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
- SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
- MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
- RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
- THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
-# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
-# which in turn eliminates ambiguities in variable treatment with -e.
-
-# BUILD_CMD is a generic macro to build a given target in a given
-# subdirectory. The target must be given through the shell variable
-# `target' and the subdirectory to build in must be given through `dir'.
-# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
-# BUILD_ONE_CMD instead.
-#
-# BUILD_ONE_CMD is a macro to build a given target in a given
-# subdirectory if that subdirectory is part of $(DIRS). It requires
-# exactly the same shell variables as BUILD_CMD.
-#
-# RECURSIVE_BUILD_CMD is a macro to build a given target in all
-# subdirectories defined in $(DIRS). It requires that the target
-# is given through the shell variable `target'.
-BUILD_CMD= if [ -d "$$dir" ]; then \
- ( cd $$dir && echo "making $$target in $$dir..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
- ) || exit 1; \
- fi
-RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
-BUILD_ONE_CMD=\
- if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
- $(BUILD_CMD); \
- fi
-
-reflect:
- @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-
-sub_all: build_all
-build_all: build_libs build_apps build_tests build_tools
-
-build_libs: build_crypto build_ssl build_engines
-
-build_crypto:
- @dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl:
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
- @dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
- @dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
- @dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools:
- @dir=tools; target=all; $(BUILD_ONE_CMD)
-
-all_testapps: build_libs build_testapps
-build_testapps:
- @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-
-libcrypto$(SHLIB_EXT): libcrypto.a
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- $(MAKE) SHLIBDIRS=crypto build-shared; \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
- fi
-
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
- fi
-
-clean-shared:
- @set -e; for i in $(SHLIBDIRS); do \
- if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
- tmp="$(SHARED_LIBS_LINK_EXTS)"; \
- for j in $${tmp:-x}; do \
- ( set -x; rm -f lib$$i$$j ); \
- done; \
- fi; \
- ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
- if [ "$(PLATFORM)" = "Cygwin" ]; then \
- ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
- fi; \
- done
-
-link-shared:
- @ set -e; for i in ${SHLIBDIRS}; do \
- $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
- LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
- symlink.$(SHLIB_TARGET); \
- libs="$$libs -l$$i"; \
- done
-
-build-shared: do_$(SHLIB_TARGET) link-shared
-
-do_$(SHLIB_TARGET):
- @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
- LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
- LIBDEPS="$$libs $(EX_LIBS)" \
- link_a.$(SHLIB_TARGET); \
- libs="-l$$i $$libs"; \
- done
-
-libcrypto.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/lib'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL-libcrypto'; \
- echo 'Description: OpenSSL cryptography library'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
-
-libssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/lib'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
-
-openssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/lib'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-
-Makefile: Makefile.org Configure config
- @echo "Makefile is older than Makefile.org, Configure or config."
- @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
- @false
-
-libclean:
- rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
-
-clean: libclean
- rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
- @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
- rm -f $(LIBS)
- rm -f openssl.pc libssl.pc libcrypto.pc
- rm -f speed.* .pure
- rm -f $(TARFILE)
- @set -e; for i in $(ONEDIRS) ;\
- do \
- rm -fr $$i/*; \
- done
-
-makefile.one: files
- $(PERL) util/mk1mf.pl >makefile.one; \
- sh util/do_ms.sh
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
- @set -e; target=files; $(RECURSIVE_BUILD_CMD)
-
-links:
- @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
- @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
- @set -e; target=links; $(RECURSIVE_BUILD_CMD)
-
-gentests:
- @(cd test && echo "generating dummy tests (if needed)..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
-
-dclean:
- rm -f *.bak
- @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
-
-rehash: rehash.time
-rehash.time: certs
- @(OPENSSL="`pwd`/util/opensslwrap.sh"; \
- OPENSSL_DEBUG_MEMORY=on; \
- export OPENSSL OPENSSL_DEBUG_MEMORY; \
- $(PERL) tools/c_rehash certs)
- touch rehash.time
-
-test: tests
-
-tests: rehash
- @(cd test && echo "testing..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
- util/opensslwrap.sh version -a
-
-report:
- @$(PERL) util/selftest.pl
-
-depend:
- @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
-
-lint:
- @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-
-tags:
- rm -f TAGS
- find . -name '[^.]*.[ch]' | xargs etags -a
-
-errors:
- $(PERL) util/mkerr.pl -recurse -write
- (cd engines; $(MAKE) PERL=$(PERL) errors)
- $(PERL) util/ck_errf.pl */*.c */*/*.c
-
-stacks:
- $(PERL) util/mkstack.pl -write
-
-util/libeay.num::
- $(PERL) util/mkdef.pl crypto update
-
-util/ssleay.num::
- $(PERL) util/mkdef.pl ssl update
-
-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
- $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
- $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
-
-apps/openssl-vms.cnf: apps/openssl.cnf
- $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
-
-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
- $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
-
-
-TABLE: Configure
- (echo 'Output of `Configure TABLE'"':"; \
- $(PERL) Configure TABLE) > TABLE
-
-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
-
-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
-tar:
- find . -type d -print | xargs chmod 755
- find . -type f -print | xargs chmod a+r
- find . -type f -perm -0100 -print | xargs chmod a+x
- find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
- $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
- tardy --user_number=0 --user_name=openssl \
- --group_number=0 --group_name=openssl \
- --prefix=openssl-$(VERSION) - |\
- gzip --best >../$(TARFILE).gz; \
- rm -f ../$(TARFILE).list; \
- ls -l ../$(TARFILE).gz
-
-tar-snap:
- @$(TAR) $(TARFLAGS) -cvf - \
- `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
- tardy --user_number=0 --user_name=openssl \
- --group_number=0 --group_name=openssl \
- --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
- ls -l ../$(TARFILE)
-
-dist:
- $(PERL) Configure dist
- @$(MAKE) dist_pem_h
- @$(MAKE) SDIRS='${SDIRS}' clean
- @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
-
-dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-
-install: all install_docs install_sw
-
-install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib \
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
- $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/private
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
- @set -e; for i in $(LIBS) ;\
- do \
- if [ -f "$$i" ]; then \
- ( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
- fi; \
- done;
- @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
- tmp="$(SHARED_LIBS)"; \
- for i in $${tmp:-x}; \
- do \
- if [ -f "$$i" -o -f "$$i.a" ]; then \
- ( echo installing $$i; \
- if [ "$(PLATFORM)" != "Cygwin" ]; then \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
- else \
- c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
- cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
- fi ); \
- fi; \
- done; \
- ( here="`pwd`"; \
- cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
- if [ "$(INSTALLTOP)" != "/usr" ]; then \
- echo 'OpenSSL shared libraries have been installed in:'; \
- echo ' $(INSTALLTOP)'; \
- echo ''; \
- sed -e '1,/^$$/d' doc/openssl-shared.txt; \
- fi; \
- fi
- cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc
- cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc
- cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
-
-install_docs:
- @$(PERL) $(TOP)/util/mkdir-p.pl \
- $(INSTALL_PREFIX)$(MANDIR)/man1 \
- $(INSTALL_PREFIX)$(MANDIR)/man3 \
- $(INSTALL_PREFIX)$(MANDIR)/man5 \
- $(INSTALL_PREFIX)$(MANDIR)/man7
- @pod2man="`cd util; ./pod2mantest $(PERL)`"; \
- here="`pwd`"; \
- filecase=; \
- if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
- filecase=-i; \
- fi; \
- set -e; for i in doc/apps/*.pod; do \
- fn=`basename $$i .pod`; \
- sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
- --section=$$sec --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
- (grep -v $$filecase "^$$fn\$$"; true) | \
- (grep -v "[ ]"; true) | \
- (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
- while read n; do \
- $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
- done); \
- done; \
- set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
- fn=`basename $$i .pod`; \
- sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
- --section=$$sec --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
- (grep -v $$filecase "^$$fn\$$"; true) | \
- (grep -v "[ ]"; true) | \
- (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
- while read n; do \
- $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
- done); \
- done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/Makefile.org b/crypto/openssl/Makefile.org
deleted file mode 100644
index c1334c6..0000000
--- a/crypto/openssl/Makefile.org
+++ /dev/null
@@ -1,588 +0,0 @@
-##
-## Makefile for OpenSSL
-##
-
-VERSION=
-MAJOR=
-MINOR=
-SHLIB_VERSION_NUMBER=
-SHLIB_VERSION_HISTORY=
-SHLIB_MAJOR=
-SHLIB_MINOR=
-SHLIB_EXT=
-PLATFORM=dist
-OPTIONS=
-CONFIGURE_ARGS=
-SHLIB_TARGET=
-
-# HERE indicates where this Makefile lives. This can be used to indicate
-# where sub-Makefiles are expected to be. Currently has very limited usage,
-# and should probably not be bothered with at all.
-HERE=.
-
-# INSTALL_PREFIX is for package builders so that they can configure
-# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
-# Normally it is left empty.
-INSTALL_PREFIX=
-INSTALLTOP=/usr/local/ssl
-
-# Do not edit this manually. Use Configure --openssldir=DIR do change this!
-OPENSSLDIR=/usr/local/ssl
-
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4 - Define to build without the RC4 algorithm
-# NO_RC2 - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-# one. 32 bytes will be read from this when the random
-# number generator is initalised.
-# SSL_FORBID_ENULL - define if you want the server to be not able to use the
-# NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-# call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= cc
-CFLAG= -O
-DEPFLAG=
-PEX_LIBS=
-EX_LIBS=
-EXE_EXT=
-ARFLAGS=
-AR=ar $(ARFLAGS) r
-RANLIB= ranlib
-PERL= perl
-TAR= tar
-TARFLAGS= --no-recursion
-MAKEDEPPROG=makedepend
-
-# We let the C compiler driver to take care of .s files. This is done in
-# order to be excused from maintaining a separate set of architecture
-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
-# gcc, then the driver will automatically translate it to -xarch=v8plus
-# and pass it down to assembler.
-AS=$(CC) -c
-ASFLAG=$(CFLAG)
-
-# For x86 assembler: Set PROCESSOR to 386 if you want to support
-# the 80386.
-PROCESSOR=
-
-# CPUID module collects small commonly used assembler snippets
-CPUID_OBJ=
-BN_ASM= bn_asm.o
-DES_ENC= des_enc.o fcrypt_b.o
-AES_ASM_OBJ=aes_core.o aes_cbc.o
-BF_ENC= bf_enc.o
-CAST_ENC= c_enc.o
-RC4_ENC= rc4_enc.o
-RC5_ENC= rc5_enc.o
-MD5_ASM_OBJ=
-SHA1_ASM_OBJ=
-RMD160_ASM_OBJ=
-
-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
-# Zlib stuff
-ZLIB_INCLUDE=
-LIBZLIB=
-
-DIRS= crypto ssl engines apps test tools
-SHLIBDIRS= crypto ssl
-
-# dirs in crypto to build
-SDIRS= \
- objects \
- md2 md4 md5 sha mdc2 hmac ripemd \
- des aes rc2 rc4 rc5 idea bf cast camellia \
- bn ec rsa dsa ecdsa dh ecdh dso engine \
- buffer bio stack lhash rand err \
- evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
- store pqueue
-# keep in mind that the above list is adjusted by ./Configure
-# according to no-xxx arguments...
-
-# tests to perform. "alltests" is a special word indicating that all tests
-# should be performed.
-TESTS = alltests
-
-MAKEFILE= Makefile
-
-MANDIR=$(OPENSSLDIR)/man
-MAN1=1
-MAN3=3
-MANSUFFIX=
-SHELL=/bin/sh
-
-TOP= .
-ONEDIRS=out tmp
-EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
-WDIRS= windows
-LIBS= libcrypto.a libssl.a
-SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
-SHARED_SSL=libssl$(SHLIB_EXT)
-SHARED_LIBS=
-SHARED_LIBS_LINK_EXTS=
-SHARED_LDFLAGS=
-
-GENERAL= Makefile
-BASENAME= openssl
-NAME= $(BASENAME)-$(VERSION)
-TARFILE= $(NAME).tar
-WTARFILE= $(NAME)-win.tar
-EXHEADER= e_os2.h
-HEADER= e_os.h
-
-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
-
-# as we stick to -e, CLEARENV ensures that local variables in lower
-# Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
-# shell, which [annoyingly enough] terminates unset with error if VAR
-# is not present:-( TOP= && unset TOP is tribute to HP-UX /bin/sh,
-# which terminates unset with error if no variable was present:-(
-CLEARENV= TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS} \
- $${INCLUDE+INCLUDE} $${INCLUDES+INCLUDES} \
- $${DIR+DIR} $${DIRS+DIRS} $${SRC+SRC} \
- $${LIBSRC+LIBSRC} $${LIBOBJ+LIBOBJ} $${ALL+ALL} \
- $${EXHEADER+EXHEADER} $${HEADER+HEADER} \
- $${GENERAL+GENERAL} $${CFLAGS+CFLAGS} \
- $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
- $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} \
- $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
- $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
-
-BUILDENV= PLATFORM='${PLATFORM}' PROCESSOR='${PROCESSOR}' \
- CC='${CC}' CFLAG='${CFLAG}' \
- AS='${CC}' ASFLAG='${CFLAG} -c' \
- AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
- SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \
- INSTALL_PREFIX='${INSTALL_PREFIX}' \
- INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
- MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
- DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
- MAKEDEPPROG='${MAKEDEPPROG}' \
- SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
- KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
- EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
- SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' \
- PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' \
- CPUID_OBJ='${CPUID_OBJ}' \
- BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' \
- AES_ASM_OBJ='${AES_ASM_OBJ}' \
- BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' \
- RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' \
- SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' \
- MD5_ASM_OBJ='${MD5_ASM_OBJ}' \
- RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' \
- THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
-# MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
-# which in turn eliminates ambiguities in variable treatment with -e.
-
-# BUILD_CMD is a generic macro to build a given target in a given
-# subdirectory. The target must be given through the shell variable
-# `target' and the subdirectory to build in must be given through `dir'.
-# This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or
-# BUILD_ONE_CMD instead.
-#
-# BUILD_ONE_CMD is a macro to build a given target in a given
-# subdirectory if that subdirectory is part of $(DIRS). It requires
-# exactly the same shell variables as BUILD_CMD.
-#
-# RECURSIVE_BUILD_CMD is a macro to build a given target in all
-# subdirectories defined in $(DIRS). It requires that the target
-# is given through the shell variable `target'.
-BUILD_CMD= if [ -d "$$dir" ]; then \
- ( cd $$dir && echo "making $$target in $$dir..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \
- ) || exit 1; \
- fi
-RECURSIVE_BUILD_CMD=for dir in $(DIRS); do $(BUILD_CMD); done
-BUILD_ONE_CMD=\
- if echo " $(DIRS) " | grep " $$dir " >/dev/null 2>/dev/null; then \
- $(BUILD_CMD); \
- fi
-
-reflect:
- @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
-
-sub_all: build_all
-build_all: build_libs build_apps build_tests build_tools
-
-build_libs: build_crypto build_ssl build_engines
-
-build_crypto:
- @dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl:
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
- @dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
- @dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
- @dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools:
- @dir=tools; target=all; $(BUILD_ONE_CMD)
-
-all_testapps: build_libs build_testapps
-build_testapps:
- @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
-
-libcrypto$(SHLIB_EXT): libcrypto.a
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- $(MAKE) SHLIBDIRS=crypto build-shared; \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
- fi
-
-libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
- fi
-
-clean-shared:
- @set -e; for i in $(SHLIBDIRS); do \
- if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
- tmp="$(SHARED_LIBS_LINK_EXTS)"; \
- for j in $${tmp:-x}; do \
- ( set -x; rm -f lib$$i$$j ); \
- done; \
- fi; \
- ( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
- if [ "$(PLATFORM)" = "Cygwin" ]; then \
- ( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
- fi; \
- done
-
-link-shared:
- @ set -e; for i in ${SHLIBDIRS}; do \
- $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
- LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
- symlink.$(SHLIB_TARGET); \
- libs="$$libs -l$$i"; \
- done
-
-build-shared: do_$(SHLIB_TARGET) link-shared
-
-do_$(SHLIB_TARGET):
- @ set -e; libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
- if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
- libs="$(LIBKRB5) $$libs"; \
- fi; \
- $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
- LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
- LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
- LIBDEPS="$$libs $(EX_LIBS)" \
- link_a.$(SHLIB_TARGET); \
- libs="-l$$i $$libs"; \
- done
-
-libcrypto.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/lib'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL-libcrypto'; \
- echo 'Description: OpenSSL cryptography library'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
-
-libssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/lib'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
-
-openssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/lib'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
- echo 'Version: '$(VERSION); \
- echo 'Requires: '; \
- echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-
-Makefile: Makefile.org Configure config
- @echo "Makefile is older than Makefile.org, Configure or config."
- @echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
- @false
-
-libclean:
- rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
-
-clean: libclean
- rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
- @set -e; target=clean; $(RECURSIVE_BUILD_CMD)
- rm -f $(LIBS)
- rm -f openssl.pc libssl.pc libcrypto.pc
- rm -f speed.* .pure
- rm -f $(TARFILE)
- @set -e; for i in $(ONEDIRS) ;\
- do \
- rm -fr $$i/*; \
- done
-
-makefile.one: files
- $(PERL) util/mk1mf.pl >makefile.one; \
- sh util/do_ms.sh
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile > $(TOP)/MINFO
- @set -e; target=files; $(RECURSIVE_BUILD_CMD)
-
-links:
- @$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
- @$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
- @set -e; target=links; $(RECURSIVE_BUILD_CMD)
-
-gentests:
- @(cd test && echo "generating dummy tests (if needed)..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
-
-dclean:
- rm -f *.bak
- @set -e; target=dclean; $(RECURSIVE_BUILD_CMD)
-
-rehash: rehash.time
-rehash.time: certs
- @(OPENSSL="`pwd`/util/opensslwrap.sh"; \
- OPENSSL_DEBUG_MEMORY=on; \
- export OPENSSL OPENSSL_DEBUG_MEMORY; \
- $(PERL) tools/c_rehash certs)
- touch rehash.time
-
-test: tests
-
-tests: rehash
- @(cd test && echo "testing..." && \
- $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
- util/opensslwrap.sh version -a
-
-report:
- @$(PERL) util/selftest.pl
-
-depend:
- @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
-
-lint:
- @set -e; target=lint; $(RECURSIVE_BUILD_CMD)
-
-tags:
- rm -f TAGS
- find . -name '[^.]*.[ch]' | xargs etags -a
-
-errors:
- $(PERL) util/mkerr.pl -recurse -write
- (cd engines; $(MAKE) PERL=$(PERL) errors)
- $(PERL) util/ck_errf.pl */*.c */*/*.c
-
-stacks:
- $(PERL) util/mkstack.pl -write
-
-util/libeay.num::
- $(PERL) util/mkdef.pl crypto update
-
-util/ssleay.num::
- $(PERL) util/mkdef.pl ssl update
-
-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
- $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
- $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
-
-apps/openssl-vms.cnf: apps/openssl.cnf
- $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
-
-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
- $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
-
-
-TABLE: Configure
- (echo 'Output of `Configure TABLE'"':"; \
- $(PERL) Configure TABLE) > TABLE
-
-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
-
-# Build distribution tar-file. As the list of files returned by "find" is
-# pretty long, on several platforms a "too many arguments" error or similar
-# would occur. Therefore the list of files is temporarily stored into a file
-# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
-# tar does not support the --files-from option.
-tar:
- find . -type d -print | xargs chmod 755
- find . -type f -print | xargs chmod a+r
- find . -type f -perm -0100 -print | xargs chmod a+x
- find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
- $(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
- tardy --user_number=0 --user_name=openssl \
- --group_number=0 --group_name=openssl \
- --prefix=openssl-$(VERSION) - |\
- gzip --best >../$(TARFILE).gz; \
- rm -f ../$(TARFILE).list; \
- ls -l ../$(TARFILE).gz
-
-tar-snap:
- @$(TAR) $(TARFLAGS) -cvf - \
- `find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*' \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
- tardy --user_number=0 --user_name=openssl \
- --group_number=0 --group_name=openssl \
- --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
- ls -l ../$(TARFILE)
-
-dist:
- $(PERL) Configure dist
- @$(MAKE) dist_pem_h
- @$(MAKE) SDIRS='${SDIRS}' clean
- @$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
-
-dist_pem_h:
- (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-
-install: all install_docs install_sw
-
-install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib \
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
- $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/private
- @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
- @set -e; for i in $(LIBS) ;\
- do \
- if [ -f "$$i" ]; then \
- ( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
- fi; \
- done;
- @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
- tmp="$(SHARED_LIBS)"; \
- for i in $${tmp:-x}; \
- do \
- if [ -f "$$i" -o -f "$$i.a" ]; then \
- ( echo installing $$i; \
- if [ "$(PLATFORM)" != "Cygwin" ]; then \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
- else \
- c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
- cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
- fi ); \
- fi; \
- done; \
- ( here="`pwd`"; \
- cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
- $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
- if [ "$(INSTALLTOP)" != "/usr" ]; then \
- echo 'OpenSSL shared libraries have been installed in:'; \
- echo ' $(INSTALLTOP)'; \
- echo ''; \
- sed -e '1,/^$$/d' doc/openssl-shared.txt; \
- fi; \
- fi
- cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc
- cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc
- cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
-
-install_docs:
- @$(PERL) $(TOP)/util/mkdir-p.pl \
- $(INSTALL_PREFIX)$(MANDIR)/man1 \
- $(INSTALL_PREFIX)$(MANDIR)/man3 \
- $(INSTALL_PREFIX)$(MANDIR)/man5 \
- $(INSTALL_PREFIX)$(MANDIR)/man7
- @pod2man="`cd util; ./pod2mantest $(PERL)`"; \
- here="`pwd`"; \
- filecase=; \
- if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
- filecase=-i; \
- fi; \
- set -e; for i in doc/apps/*.pod; do \
- fn=`basename $$i .pod`; \
- sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
- --section=$$sec --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
- (grep -v $$filecase "^$$fn\$$"; true) | \
- (grep -v "[ ]"; true) | \
- (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
- while read n; do \
- $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
- done); \
- done; \
- set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
- fn=`basename $$i .pod`; \
- sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
- echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
- (cd `$(PERL) util/dirname.pl $$i`; \
- sh -c "$$pod2man \
- --section=$$sec --center=OpenSSL \
- --release=$(VERSION) `basename $$i`") \
- > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
- $(PERL) util/extract-names.pl < $$i | \
- (grep -v $$filecase "^$$fn\$$"; true) | \
- (grep -v "[ ]"; true) | \
- (cd $(INSTALL_PREFIX)$(MANDIR)/man$$sec/; \
- while read n; do \
- $$here/util/point.sh $$fn.$${sec}$(MANSUFFIX) "$$n".$${sec}$(MANSUFFIX); \
- done); \
- done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/Makefile.shared b/crypto/openssl/Makefile.shared
deleted file mode 100644
index 1b94aa1..0000000
--- a/crypto/openssl/Makefile.shared
+++ /dev/null
@@ -1,603 +0,0 @@
-#
-# Helper makefile to link shared libraries in a portable way.
-# This is much simpler than libtool, and hopefully not too error-prone.
-#
-# The following variables need to be set on the command line to build
-# properly
-
-# CC contains the current compiler. This one MUST be defined
-CC=cc
-CFLAGS=$(CFLAG)
-# LDFLAGS contains flags to be used when temporary object files (when building
-# shared libraries) are created, or when an application is linked.
-# SHARED_LDFLAGS contains flags to be used when the shared library is created.
-LDFLAGS=
-SHARED_LDFLAGS=
-
-# LIBNAME contains just the name of the library, without prefix ("lib"
-# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
-# .dll, ...). This one MUST have a value when using this makefile to
-# build shared libraries.
-# For example, to build libfoo.so, you need to do the following:
-#LIBNAME=foo
-LIBNAME=
-
-# APPNAME contains just the name of the application, without suffix (""
-# on Unix, ".exe" on Windows, ...). This one MUST have a value when using
-# this makefile to build applications.
-# For example, to build foo, you need to do the following:
-#APPNAME=foo
-APPNAME=
-
-# OBJECTS contains all the object files to link together into the application.
-# This must contain at least one object file.
-#OBJECTS=foo.o
-OBJECTS=
-
-# LIBEXTRAS contains extra modules to link together with the library.
-# For example, if a second library, say libbar.a needs to be linked into
-# libfoo.so, you need to do the following:
-#LIBEXTRAS=libbar.a
-# Note that this MUST be used when using the link_o targets, to hold the
-# names of all object files that go into the target library.
-LIBEXTRAS=
-
-# LIBVERSION contains the current version of the library.
-# For example, to build libfoo.so.1.2, you need to do the following:
-#LIBVERSION=1.2
-LIBVERSION=
-
-# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
-# the library. They MUST be in decreasing order.
-# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
-# and libfoo.so.1, you need to do the following:
-#LIBCOMPATVERSIONS=1.2 1
-# Note that on systems that use sonames, the last number will appear as
-# part of it.
-# It's also possible, for systems that support it (Tru64, for example),
-# to add extra compatibility info with more precision, by adding a second
-# list of versions, separated from the first with a semicolon, like this:
-#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
-LIBCOMPATVERSIONS=
-
-# LIBDEPS contains all the flags necessary to cover all necessary
-# dependencies to other libraries.
-LIBDEPS=
-
-#------------------------------------------------------------------------------
-# The rest is private to this makefile.
-
-SET_X=:
-#SET_X=set -x
-
-top:
- echo "Trying to use this makefile interactively? Don't."
-
-CALC_VERSIONS= \
- SHLIB_COMPAT=; SHLIB_SOVER=; \
- if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
- prev=""; \
- for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
- SHLIB_SOVER_NODOT=$$v; \
- SHLIB_SOVER=.$$v; \
- if [ -n "$$prev" ]; then \
- SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
- fi; \
- prev=$$v; \
- done; \
- fi
-
-LINK_APP= \
- ( $(SET_X); \
- LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
- LDCMD="$${LDCMD:-$(CC)}"; LDFLAGS="$${LDFLAGS:-$(CFLAGS)}"; \
- LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
- LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
- $${LDCMD} $${LDFLAGS} -o $${APPNAME:=$(APPNAME)} $(OBJECTS) $${LIBDEPS} )
-
-LINK_SO= \
- ( $(SET_X); \
- LIBDEPS="$${LIBDEPS:-$(LIBDEPS)}"; \
- SHAREDCMD="$${SHAREDCMD:-$(CC)}"; \
- SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
- nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
- LIBPATH=`for x in $$LIBDEPS; do if echo $$x | grep '^ *-L' > /dev/null 2>&1; then echo $$x | sed -e 's/^ *-L//'; fi; done | uniq`; \
- LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
- LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
- $${SHAREDCMD} $${SHAREDFLAGS} \
- -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
- $$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS \
- ) && $(SYMLINK_SO); \
- ( $(SET_X); rm -f lib$(LIBNAME).exp )
-
-SYMLINK_SO= \
- if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
- prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
- if [ -n "$$SHLIB_COMPAT" ]; then \
- for x in $$SHLIB_COMPAT; do \
- ( $(SET_X); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
- ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
- prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
- done; \
- fi; \
- if [ -n "$$SHLIB_SOVER" ]; then \
- ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- fi; \
- fi
-
-LINK_SO_A= SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
-LINK_SO_O= SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
-
-LINK_SO_A_VIA_O= \
- SHOBJECTS=lib$(LIBNAME).o; \
- ALL=$$ALLSYMSFLAGS; ALLSYMSFLAGS=; NOALLSYMSFLAGS=; \
- ( $(SET_X); \
- ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
- $(LINK_SO) && rm -f $(LIBNAME).o
-
-LINK_SO_A_UNPACKED= \
- UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
- (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && \
- ([ -z "$(LIBEXTRAS)" ] || cp $(LIBEXTRAS) $$UNPACKDIR) && \
- SHOBJECTS=$$UNPACKDIR/*.o; \
- $(LINK_SO) && rm -rf $$UNPACKDIR
-
-DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
-
-DO_GNU_SO=$(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS='-Wl,--whole-archive'; \
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-
-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
-
-#This is rather special. It's a special target with which one can link
-#applications without bothering with any features that have anything to
-#do with shared libraries, for example when linking against static
-#libraries. It's mostly here to avoid a lot of conditionals everywhere
-#else...
-link_app.:
- $(LINK_APP)
-
-link_o.gnu:
- @ $(DO_GNU_SO); $(LINK_SO_O)
-link_a.gnu:
- @ $(DO_GNU_SO); $(LINK_SO_A)
-link_app.gnu:
- @ $(DO_GNU_APP); $(LINK_APP)
-
-link_o.bsd:
- @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
- $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- LIBDEPS=" "; \
- ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
- NOALLSYMSFLAGS=; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
- fi; $(LINK_SO_O)
-link_a.bsd:
- @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
- $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- LIBDEPS=" "; \
- ALLSYMSFLAGS="-Wl,-Bforcearchive"; \
- NOALLSYMSFLAGS=; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -nostdlib"; \
- fi; $(LINK_SO_A)
-link_app.bsd:
- @if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \
- LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBPATH)"; \
- fi; $(LINK_APP)
-
-# For Darwin AKA Mac OS/X (dyld)
-# link_o.darwin produces .so, because we let it use dso_dlfcn module,
-# which has .so extension hard-coded. One can argue that one should
-# develop special dso module for MacOS X. At least manual encourages
-# to use native NSModule(3) API and refers to dlfcn as termporary hack.
-link_o.darwin:
- @ $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME); \
- SHLIB_SUFFIX=.so; \
- ALLSYMSFLAGS='-all_load'; \
- NOALLSYMSFLAGS=''; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
- if [ -n "$(LIBVERSION)" ]; then \
- SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
- fi; \
- if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
- SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
- fi; \
- $(LINK_SO_O)
-link_a.darwin:
- @ $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME); \
- SHLIB_SUFFIX=.dylib; \
- ALLSYMSFLAGS='-all_load'; \
- NOALLSYMSFLAGS=''; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS)"; \
- if [ -n "$(LIBVERSION)" ]; then \
- SHAREDFLAGS="$$SHAREDFLAGS -current_version $(LIBVERSION)"; \
- fi; \
- if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
- SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
- fi; \
- SHAREDFLAGS="$$SHAREDFLAGS -install_name ${INSTALLTOP}/lib/$$SHLIB${SHLIB_EXT}"; \
- $(LINK_SO_A)
-link_app.darwin: # is there run-path on darwin?
- $(LINK_APP)
-
-link_o.cygwin:
- @ $(CALC_VERSIONS); \
- INHIBIT_SYMLINKS=yes; \
- SHLIB=cyg$(LIBNAME); \
- expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \
- SHLIB_SUFFIX=.dll; \
- LIBVERSION="$(LIBVERSION)"; \
- SHLIB_SOVER=${LIBVERSION:+"-$(LIBVERSION)"}; \
- ALLSYMSFLAGS='-Wl,--whole-archive'; \
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
- $(LINK_SO_O)
-link_a.cygwin:
- @ $(CALC_VERSIONS); \
- INHIBIT_SYMLINKS=yes; \
- SHLIB=cyg$(LIBNAME); \
- expr $(PLATFORM) : 'mingw' > /dev/null && SHLIB=$(LIBNAME)eay32; \
- SHLIB_SUFFIX=.dll; \
- SHLIB_SOVER=-$(LIBVERSION); \
- ALLSYMSFLAGS='-Wl,--whole-archive'; \
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- base=; [ $(LIBNAME) = "crypto" ] && base=-Wl,--image-base,0x63000000; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared $$base -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a"; \
- [ -f apps/$$SHLIB$$SHLIB_SUFFIX ] && rm apps/$$SHLIB$$SHLIB_SUFFIX; \
- [ -f test/$$SHLIB$$SHLIB_SUFFIX ] && rm test/$$SHLIB$$SHLIB_SUFFIX; \
- $(LINK_SO_A) || exit 1; \
- cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX apps/; \
- cp -p $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX test/
-link_app.cygwin:
- $(LINK_APP)
-
-link_o.alpha-osf1:
- @ if ${DETECT_GNU_LD}; then \
- $(DO_GNU_SO); \
- else \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
- if [ -n "$$SHLIB_HIST" ]; then \
- SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
- else \
- SHLIB_HIST="$(LIBVERSION)"; \
- fi; \
- SHLIB_SOVER=; \
- ALLSYMSFLAGS='-all'; \
- NOALLSYMSFLAGS='-none'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \
- if [ -n "$$SHLIB_HIST" ]; then \
- SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
- fi; \
- fi; \
- $(LINK_SO_O)
-link_a.alpha-osf1:
- @ if ${DETECT_GNU_LD}; then \
- $(DO_GNU_SO); \
- else \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
- if [ -n "$$SHLIB_HIST" ]; then \
- SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
- else \
- SHLIB_HIST="$(LIBVERSION)"; \
- fi; \
- SHLIB_SOVER=; \
- ALLSYMSFLAGS='-all'; \
- NOALLSYMSFLAGS='-none'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared"; \
- if [ -n "$$SHLIB_HIST" ]; then \
- SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \
- fi; \
- fi; \
- $(LINK_SO_A)
-link_app.alpha-osf1:
- @if ${DETECT_GNU_LD}; then \
- $(DO_GNU_APP); \
- else \
- LDFLAGS="$(CFLAGS) -rpath $(LIBRPATH)"; \
- fi; \
- $(LINK_APP)
-
-link_o.solaris:
- @ if ${DETECT_GNU_LD}; then \
- $(DO_GNU_SO); \
- else \
- $(CALC_VERSIONS); \
- MINUSZ='-z '; \
- ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS="$${MINUSZ}allextract"; \
- NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
- fi; \
- $(LINK_SO_O)
-link_a.solaris:
- @ if ${DETECT_GNU_LD}; then \
- $(DO_GNU_SO); \
- else \
- $(CALC_VERSIONS); \
- MINUSZ='-z '; \
- (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=;\
- ALLSYMSFLAGS="$${MINUSZ}allextract"; \
- NOALLSYMSFLAGS="$${MINUSZ}defaultextract"; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX -Wl,-Bsymbolic"; \
- fi; \
- $(LINK_SO_A)
-link_app.solaris:
- @ if ${DETECT_GNU_LD}; then \
- $(DO_GNU_APP); \
- else \
- LDFLAGS="$(CFLAGS) -R $(LIBRPATH)"; \
- fi; \
- $(LINK_APP)
-
-# OpenServer 5 native compilers used
-link_o.svr3:
- @ if ${DETECT_GNU_LD}; then \
- $(DO_GNU_SO); \
- else \
- $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS=''; \
- NOALLSYMSFLAGS=''; \
- SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
- fi; \
- $(LINK_SO_O)
-link_a.svr3:
- @ if ${DETECT_GNU_LD}; then \
- $(DO_GNU_SO); \
- else \
- $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS=''; \
- NOALLSYMSFLAGS=''; \
- SHAREDFLAGS="$(CFLAGS) -G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
- fi; \
- $(LINK_SO_A_UNPACKED)
-link_app.svr3:
- @${DETECT_GNU_LD} && $(DO_GNU_APP); \
- $(LINK_APP)
-
-# UnixWare 7 and OpenUNIX 8 native compilers used
-link_o.svr5:
- @ if ${DETECT_GNU_LD}; then \
- $(DO_GNU_SO); \
- else \
- $(CALC_VERSIONS); \
- SHARE_FLAG='-G'; \
- ($(CC) -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS=''; \
- NOALLSYMSFLAGS=''; \
- SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
- fi; \
- $(LINK_SO_O)
-link_a.svr5:
- @ if ${DETECT_GNU_LD}; then \
- $(DO_GNU_SO); \
- else \
- $(CALC_VERSIONS); \
- SHARE_FLAG='-G'; \
- (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS=''; \
- NOALLSYMSFLAGS=''; \
- SHAREDFLAGS="$(CFLAGS) $${SHARE_FLAG} -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
- fi; \
- $(LINK_SO_A_UNPACKED)
-link_app.svr5:
- @${DETECT_GNU_LD} && $(DO_GNU_APP); \
- $(LINK_APP)
-
-link_o.irix:
- @ if ${DETECT_GNU_LD}; then \
- $(DO_GNU_SO); \
- else \
- $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- MINUSWL=""; \
- ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
- ALLSYMSFLAGS="$${MINUSWL}-all"; \
- NOALLSYMSFLAGS="$${MINUSWL}-none"; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
- fi; \
- $(LINK_SO_O)
-link_a.irix:
- @ if ${DETECT_GNU_LD}; then \
- $(DO_GNU_SO); \
- else \
- $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- MINUSWL=""; \
- ($(CC) -v 2>&1 | grep gcc) > /dev/null && MINUSWL="-Wl,"; \
- ALLSYMSFLAGS="$${MINUSWL}-all"; \
- NOALLSYMSFLAGS="$${MINUSWL}-none"; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
- fi; \
- $(LINK_SO_A)
-link_app.irix:
- @LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"; \
- $(LINK_APP)
-
-# 32-bit PA-RISC HP-UX embeds the -L pathname of libs we link with, so
-# we compensate for it with +cdp ../: and +cdp ./:. Yes, these rewrite
-# rules imply that we can only link one level down in catalog structure,
-# but that's what takes place for the moment of this writing. +cdp option
-# was introduced in HP-UX 11.x and applies in 32-bit PA-RISC link
-# editor context only [it's simply ignored in other cases, which are all
-# ELFs by the way].
-#
-link_o.hpux:
- @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
- $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME).sl; \
- expr "$(CFLAGS)" : '.*DSO_DLFCN' > /dev/null && SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS='-Wl,-Fl'; \
- NOALLSYMSFLAGS=''; \
- expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
- fi; \
- rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
- $(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-link_a.hpux:
- @if ${DETECT_GNU_LD}; then $(DO_GNU_SO); else \
- $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME).sl; \
- expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS='-Wl,-Fl'; \
- NOALLSYMSFLAGS=''; \
- expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-B,symbolic,+vnocompatwarnings,-z,+s,+h,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
- fi; \
- rm -f $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX || :; \
- $(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
-link_app.hpux:
- @if ${DETECT_GNU_LD}; then $(DO_GNU_APP); else \
- LDFLAGS="$(CFLAGS) -Wl,+s,+cdp,../:,+cdp,./:,+b,$(LIBRPATH)"; \
- fi; \
- $(LINK_APP)
-
-link_o.aix:
- @ $(CALC_VERSIONS); \
- OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]\([0-9]*\)'`; \
- OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS='-bnogc'; \
- NOALLSYMSFLAGS=''; \
- SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp -bM:SRE'; \
- $(LINK_SO_O); rm -rf lib$(LIBNAME).exp
-link_a.aix:
- @ $(CALC_VERSIONS); \
- OBJECT_MODE=`expr x$(SHARED_LDFLAGS) : 'x\-[a-z]\([0-9]*\)'`; \
- OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS='-bnogc'; \
- NOALLSYMSFLAGS=''; \
- SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -G -bE:lib$(LIBNAME).exp -bM:SRE'; \
- $(LINK_SO_A_VIA_O)
-link_app.aix:
- LDFLAGS="$(CFLAGS) -blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
- $(LINK_APP)
-
-link_o.reliantunix:
- @ $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS=; \
- NOALLSYMSFLAGS=''; \
- SHAREDFLAGS='$(CFLAGS) -G'; \
- $(LINK_SO_O)
-link_a.reliantunix:
- @ $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME).so; \
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS=; \
- NOALLSYMSFLAGS=''; \
- SHAREDFLAGS='$(CFLAGS) -G'; \
- $(LINK_SO_A_UNPACKED)
-link_app.reliantunix:
- $(LINK_APP)
-
-# Targets to build symbolic links when needed
-symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
-symlink.aix symlink.reliantunix:
- @ $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME).so; \
- $(SYMLINK_SO)
-symlink.darwin:
- @ $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME); \
- SHLIB_SUFFIX=.dylib; \
- $(SYMLINK_SO)
-symlink.hpux:
- @ $(CALC_VERSIONS); \
- SHLIB=lib$(LIBNAME).sl; \
- expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \
- $(SYMLINK_SO)
-# The following lines means those specific architectures do no symlinks
-symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
-
-# Compatibility targets
-link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
-link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu
-link_app.bsd-gcc-shared link_app.linux-shared link_app.gnu-shared: link_app.gnu
-symlink.bsd-gcc-shared symlink.bsd-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
-link_o.bsd-shared: link_o.bsd
-link_a.bsd-shared: link_a.bsd
-link_app.bsd-shared: link_app.bsd
-link_o.darwin-shared: link_o.darwin
-link_a.darwin-shared: link_a.darwin
-link_app.darwin-shared: link_app.darwin
-symlink.darwin-shared: symlink.darwin
-link_o.cygwin-shared: link_o.cygwin
-link_a.cygwin-shared: link_a.cygwin
-link_app.cygwin-shared: link_app.cygwin
-symlink.cygwin-shared: symlink.cygwin
-link_o.alpha-osf1-shared: link_o.alpha-osf1
-link_a.alpha-osf1-shared: link_a.alpha-osf1
-link_app.alpha-osf1-shared: link_app.alpha-osf1
-symlink.alpha-osf1-shared: symlink.alpha-osf1
-link_o.tru64-shared: link_o.tru64
-link_a.tru64-shared: link_a.tru64
-link_app.tru64-shared: link_app.tru64
-symlink.tru64-shared: symlink.tru64
-link_o.tru64-shared-rpath: link_o.tru64-rpath
-link_a.tru64-shared-rpath: link_a.tru64-rpath
-link_app.tru64-shared-rpath: link_app.tru64-rpath
-symlink.tru64-shared-rpath: symlink.tru64-rpath
-link_o.solaris-shared: link_o.solaris
-link_a.solaris-shared: link_a.solaris
-link_app.solaris-shared: link_app.solaris
-symlink.solaris-shared: symlink.solaris
-link_o.svr3-shared: link_o.svr3
-link_a.svr3-shared: link_a.svr3
-link_app.svr3-shared: link_app.svr3
-symlink.svr3-shared: symlink.svr3
-link_o.svr5-shared: link_o.svr5
-link_a.svr5-shared: link_a.svr5
-link_app.svr5-shared: link_app.svr5
-symlink.svr5-shared: symlink.svr5
-link_o.irix-shared: link_o.irix
-link_a.irix-shared: link_a.irix
-link_app.irix-shared: link_app.irix
-symlink.irix-shared: symlink.irix
-link_o.hpux-shared: link_o.hpux
-link_a.hpux-shared: link_a.hpux
-link_app.hpux-shared: link_app.hpux
-symlink.hpux-shared: symlink.hpux
-link_o.aix-shared: link_o.aix
-link_a.aix-shared: link_a.aix
-link_app.aix-shared: link_app.aix
-symlink.aix-shared: symlink.aix
-link_o.reliantunix-shared: link_o.reliantunix
-link_a.reliantunix-shared: link_a.reliantunix
-link_app.reliantunix-shared: link_app.reliantunix
-symlink.reliantunix-shared: symlink.reliantunix
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
deleted file mode 100644
index c808a76..0000000
--- a/crypto/openssl/NEWS
+++ /dev/null
@@ -1,462 +0,0 @@
-
- NEWS
- ====
-
- This file gives a brief overview of the major changes between each OpenSSL
- release. For more details please read the CHANGES file.
-
- Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e:
-
- o Various ciphersuite selection fixes.
- o RFC3779 support.
-
- Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d:
-
- o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
- o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
- o Changes to ciphersuite selection algorithm
-
- Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c:
-
- o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
- o New cipher Camellia
-
- Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b:
-
- o Cipher string fixes.
- o Fixes for VC++ 2005.
- o Updated ECC cipher suite support.
- o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
- o Zlib compression usage fixes.
- o Built in dynamic engine compilation support on Win32.
- o Fixes auto dynamic engine loading in Win32.
-
- Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a:
-
- o Fix potential SSL 2.0 rollback, CVE-2005-2969
- o Extended Windows CE support
-
- Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8:
-
- o Major work on the BIGNUM library for higher efficiency and to
- make operations more streamlined and less contradictory. This
- is the result of a major audit of the BIGNUM library.
- o Addition of BIGNUM functions for fields GF(2^m) and NIST
- curves, to support the Elliptic Crypto functions.
- o Major work on Elliptic Crypto; ECDH and ECDSA added, including
- the use through EVP, X509 and ENGINE.
- o New ASN.1 mini-compiler that's usable through the OpenSSL
- configuration file.
- o Added support for ASN.1 indefinite length constructed encoding.
- o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
- o Complete rework of shared library construction and linking
- programs with shared or static libraries, through a separate
- Makefile.shared.
- o Rework of the passing of parameters from one Makefile to another.
- o Changed ENGINE framework to load dynamic engine modules
- automatically from specifically given directories.
- o New structure and ASN.1 functions for CertificatePair.
- o Changed the ZLIB compression method to be stateful.
- o Changed the key-generation and primality testing "progress"
- mechanism to take a structure that contains the ticker
- function and an argument.
- o New engine module: GMP (performs private key exponentiation).
- o New engine module: VIA PadLOck ACE extension in VIA C3
- Nehemiah processors.
- o Added support for IPv6 addresses in certificate extensions.
- See RFC 1884, section 2.2.
- o Added support for certificate policy mappings, policy
- constraints and name constraints.
- o Added support for multi-valued AVAs in the OpenSSL
- configuration file.
- o Added support for multiple certificates with the same subject
- in the 'openssl ca' index file.
- o Make it possible to create self-signed certificates using
- 'openssl ca -selfsign'.
- o Make it possible to generate a serial number file with
- 'openssl ca -create_serial'.
- o New binary search functions with extended functionality.
- o New BUF functions.
- o New STORE structure and library to provide an interface to all
- sorts of data repositories. Supports storage of public and
- private keys, certificates, CRLs, numbers and arbitrary blobs.
- This library is unfortunately unfinished and unused withing
- OpenSSL.
- o New control functions for the error stack.
- o Changed the PKCS#7 library to support one-pass S/MIME
- processing.
- o Added the possibility to compile without old deprecated
- functionality with the OPENSSL_NO_DEPRECATED macro or the
- 'no-deprecated' argument to the config and Configure scripts.
- o Constification of all ASN.1 conversion functions, and other
- affected functions.
- o Improved platform support for PowerPC.
- o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
- o New X509_VERIFY_PARAM structure to support parametrisation
- of X.509 path validation.
- o Major overhaul of RC4 performance on Intel P4, IA-64 and
- AMD64.
- o Changed the Configure script to have some algorithms disabled
- by default. Those can be explicitely enabled with the new
- argument form 'enable-xxx'.
- o Change the default digest in 'openssl' commands from MD5 to
- SHA-1.
- o Added support for DTLS.
- o New BIGNUM blinding.
- o Added support for the RSA-PSS encryption scheme
- o Added support for the RSA X.931 padding.
- o Added support for BSD sockets on NetWare.
- o Added support for files larger than 2GB.
- o Added initial support for Win64.
- o Added alternate pkg-config files.
-
- Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l:
-
- o Introduce limits to prevent malicious key DoS (CVE-2006-2940)
- o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
-
- Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k:
-
- o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
-
- Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j:
-
- o Visual C++ 2005 fixes.
- o Update Windows build system for FIPS.
-
- Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i:
-
- o Give EVP_MAX_MD_SIZE it's old value, except for a FIPS build.
-
- Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h:
-
- o Fix SSL 2.0 Rollback, CVE-2005-2969
- o Allow use of fixed-length exponent on DSA signing
- o Default fixed-window RSA, DSA, DH private-key operations
-
- Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g:
-
- o More compilation issues fixed.
- o Adaptation to more modern Kerberos API.
- o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
- o Enhanced x86_64 assembler BIGNUM module.
- o More constification.
- o Added processing of proxy certificates (RFC 3820).
-
- Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f:
-
- o Several compilation issues fixed.
- o Many memory allocation failure checks added.
- o Improved comparison of X509 Name type.
- o Mandatory basic checks on certificates.
- o Performance improvements.
-
- Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e:
-
- o Fix race condition in CRL checking code.
- o Fixes to PKCS#7 (S/MIME) code.
-
- Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d:
-
- o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
- o Security: Fix null-pointer assignment in do_change_cipher_spec()
- o Allow multiple active certificates with same subject in CA index
- o Multiple X509 verification fixes
- o Speed up HMAC and other operations
-
- Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c:
-
- o Security: fix various ASN1 parsing bugs.
- o New -ignore_err option to OCSP utility.
- o Various interop and bug fixes in S/MIME code.
- o SSL/TLS protocol fix for unrequested client certificates.
-
- Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b:
-
- o Security: counter the Klima-Pokorny-Rosa extension of
- Bleichbacher's attack
- o Security: make RSA blinding default.
- o Configuration: Irix fixes, AIX fixes, better mingw support.
- o Support for new platforms: linux-ia64-ecc.
- o Build: shared library support fixes.
- o ASN.1: treat domainComponent correctly.
- o Documentation: fixes and additions.
-
- Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:
-
- o Security: Important security related bugfixes.
- o Enhanced compatibility with MIT Kerberos.
- o Can be built without the ENGINE framework.
- o IA32 assembler enhancements.
- o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
- o Configuration: the no-err option now works properly.
- o SSL/TLS: now handles manual certificate chain building.
- o SSL/TLS: certain session ID malfunctions corrected.
-
- Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
-
- o New library section OCSP.
- o Complete rewrite of ASN1 code.
- o CRL checking in verify code and openssl utility.
- o Extension copying in 'ca' utility.
- o Flexible display options in 'ca' utility.
- o Provisional support for international characters with UTF8.
- o Support for external crypto devices ('engine') is no longer
- a separate distribution.
- o New elliptic curve library section.
- o New AES (Rijndael) library section.
- o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
- Linux x86_64, Linux 64-bit on Sparc v9
- o Extended support for some platforms: VxWorks
- o Enhanced support for shared libraries.
- o Now only builds PIC code when shared library support is requested.
- o Support for pkg-config.
- o Lots of new manuals.
- o Makes symbolic links to or copies of manuals to cover all described
- functions.
- o Change DES API to clean up the namespace (some applications link also
- against libdes providing similar functions having the same name).
- Provide macros for backward compatibility (will be removed in the
- future).
- o Unify handling of cryptographic algorithms (software and engine)
- to be available via EVP routines for asymmetric and symmetric ciphers.
- o NCONF: new configuration handling routines.
- o Change API to use more 'const' modifiers to improve error checking
- and help optimizers.
- o Finally remove references to RSAref.
- o Reworked parts of the BIGNUM code.
- o Support for new engines: Broadcom ubsec, Accelerated Encryption
- Processing, IBM 4758.
- o A few new engines added in the demos area.
- o Extended and corrected OID (object identifier) table.
- o PRNG: query at more locations for a random device, automatic query for
- EGD style random sources at several locations.
- o SSL/TLS: allow optional cipher choice according to server's preference.
- o SSL/TLS: allow server to explicitly set new session ids.
- o SSL/TLS: support Kerberos cipher suites (RFC2712).
- Only supports MIT Kerberos for now.
- o SSL/TLS: allow more precise control of renegotiations and sessions.
- o SSL/TLS: add callback to retrieve SSL/TLS messages.
- o SSL/TLS: support AES cipher suites (RFC3268).
-
- Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k:
-
- o Security: fix various ASN1 parsing bugs.
- o SSL/TLS protocol fix for unrequested client certificates.
-
- Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j:
-
- o Security: counter the Klima-Pokorny-Rosa extension of
- Bleichbacher's attack
- o Security: make RSA blinding default.
- o Build: shared library support fixes.
-
- Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
-
- o Important security related bugfixes.
-
- Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
-
- o New configuration targets for Tandem OSS and A/UX.
- o New OIDs for Microsoft attributes.
- o Better handling of SSL session caching.
- o Better comparison of distinguished names.
- o Better handling of shared libraries in a mixed GNU/non-GNU environment.
- o Support assembler code with Borland C.
- o Fixes for length problems.
- o Fixes for uninitialised variables.
- o Fixes for memory leaks, some unusual crashes and some race conditions.
- o Fixes for smaller building problems.
- o Updates of manuals, FAQ and other instructive documents.
-
- Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
-
- o Important building fixes on Unix.
-
- Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
-
- o Various important bugfixes.
-
- Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
-
- o Important security related bugfixes.
- o Various SSL/TLS library bugfixes.
-
- Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
-
- o Various SSL/TLS library bugfixes.
- o Fix DH parameter generation for 'non-standard' generators.
-
- Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
-
- o Various SSL/TLS library bugfixes.
- o BIGNUM library fixes.
- o RSA OAEP and random number generation fixes.
- o Object identifiers corrected and added.
- o Add assembler BN routines for IA64.
- o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
- MIPS Linux; shared library support for Irix, HP-UX.
- o Add crypto accelerator support for AEP, Baltimore SureWare,
- Broadcom and Cryptographic Appliance's keyserver
- [in 0.9.6c-engine release].
-
- Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
-
- o Security fix: PRNG improvements.
- o Security fix: RSA OAEP check.
- o Security fix: Reinsert and fix countermeasure to Bleichbacher's
- attack.
- o MIPS bug fix in BIGNUM.
- o Bug fix in "openssl enc".
- o Bug fix in X.509 printing routine.
- o Bug fix in DSA verification routine and DSA S/MIME verification.
- o Bug fix to make PRNG thread-safe.
- o Bug fix in RAND_file_name().
- o Bug fix in compatibility mode trust settings.
- o Bug fix in blowfish EVP.
- o Increase default size for BIO buffering filter.
- o Compatibility fixes in some scripts.
-
- Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
-
- o Security fix: change behavior of OpenSSL to avoid using
- environment variables when running as root.
- o Security fix: check the result of RSA-CRT to reduce the
- possibility of deducing the private key from an incorrectly
- calculated signature.
- o Security fix: prevent Bleichenbacher's DSA attack.
- o Security fix: Zero the premaster secret after deriving the
- master secret in DH ciphersuites.
- o Reimplement SSL_peek(), which had various problems.
- o Compatibility fix: the function des_encrypt() renamed to
- des_encrypt1() to avoid clashes with some Unixen libc.
- o Bug fixes for Win32, HP/UX and Irix.
- o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
- memory checking routines.
- o Bug fixes for RSA operations in threaded environments.
- o Bug fixes in misc. openssl applications.
- o Remove a few potential memory leaks.
- o Add tighter checks of BIGNUM routines.
- o Shared library support has been reworked for generality.
- o More documentation.
- o New function BN_rand_range().
- o Add "-rand" option to openssl s_client and s_server.
-
- Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
-
- o Some documentation for BIO and SSL libraries.
- o Enhanced chain verification using key identifiers.
- o New sign and verify options to 'dgst' application.
- o Support for DER and PEM encoded messages in 'smime' application.
- o New 'rsautl' application, low level RSA utility.
- o MD4 now included.
- o Bugfix for SSL rollback padding check.
- o Support for external crypto devices [1].
- o Enhanced EVP interface.
-
- [1] The support for external crypto devices is currently a separate
- distribution. See the file README.ENGINE.
-
- Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
-
- o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
- o Shared library support for HPUX and Solaris-gcc
- o Support of Linux/IA64
- o Assembler support for Mingw32
- o New 'rand' application
- o New way to check for existence of algorithms from scripts
-
- Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
-
- o S/MIME support in new 'smime' command
- o Documentation for the OpenSSL command line application
- o Automation of 'req' application
- o Fixes to make s_client, s_server work under Windows
- o Support for multiple fieldnames in SPKACs
- o New SPKAC command line utilty and associated library functions
- o Options to allow passwords to be obtained from various sources
- o New public key PEM format and options to handle it
- o Many other fixes and enhancements to command line utilities
- o Usable certificate chain verification
- o Certificate purpose checking
- o Certificate trust settings
- o Support of authority information access extension
- o Extensions in certificate requests
- o Simplified X509 name and attribute routines
- o Initial (incomplete) support for international character sets
- o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
- o Read only memory BIOs and simplified creation function
- o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
- record; allow fragmentation and interleaving of handshake and other
- data
- o TLS/SSL code now "tolerates" MS SGC
- o Work around for Netscape client certificate hang bug
- o RSA_NULL option that removes RSA patent code but keeps other
- RSA functionality
- o Memory leak detection now allows applications to add extra information
- via a per-thread stack
- o PRNG robustness improved
- o EGD support
- o BIGNUM library bug fixes
- o Faster DSA parameter generation
- o Enhanced support for Alpha Linux
- o Experimental MacOS support
-
- Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
-
- o Transparent support for PKCS#8 format private keys: these are used
- by several software packages and are more secure than the standard
- form
- o PKCS#5 v2.0 implementation
- o Password callbacks have a new void * argument for application data
- o Avoid various memory leaks
- o New pipe-like BIO that allows using the SSL library when actual I/O
- must be handled by the application (BIO pair)
-
- Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
- o Lots of enhancements and cleanups to the Configuration mechanism
- o RSA OEAP related fixes
- o Added `openssl ca -revoke' option for revoking a certificate
- o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
- o Source tree cleanups: removed lots of obsolete files
- o Thawte SXNet, certificate policies and CRL distribution points
- extension support
- o Preliminary (experimental) S/MIME support
- o Support for ASN.1 UTF8String and VisibleString
- o Full integration of PKCS#12 code
- o Sparc assembler bignum implementation, optimized hash functions
- o Option to disable selected ciphers
-
- Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
- o Fixed a security hole related to session resumption
- o Fixed RSA encryption routines for the p < q case
- o "ALL" in cipher lists now means "everything except NULL ciphers"
- o Support for Triple-DES CBCM cipher
- o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
- o First support for new TLSv1 ciphers
- o Added a few new BIOs (syslog BIO, reliable BIO)
- o Extended support for DSA certificate/keys.
- o Extended support for Certificate Signing Requests (CSR)
- o Initial support for X.509v3 extensions
- o Extended support for compression inside the SSL record layer
- o Overhauled Win32 builds
- o Cleanups and fixes to the Big Number (BN) library
- o Support for ASN.1 GeneralizedTime
- o Splitted ASN.1 SETs from SEQUENCEs
- o ASN1 and PEM support for Netscape Certificate Sequences
- o Overhauled Perl interface
- o Lots of source tree cleanups.
- o Lots of memory leak fixes.
- o Lots of bug fixes.
-
- Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
- o Integration of the popular NO_RSA/NO_DSA patches
- o Initial support for compression inside the SSL record layer
- o Added BIO proxy and filtering functionality
- o Extended Big Number (BN) library
- o Added RIPE MD160 message digest
- o Addeed support for RC2/64bit cipher
- o Extended ASN.1 parser routines
- o Adjustations of the source tree for CVS
- o Support for various new platforms
-
diff --git a/crypto/openssl/PROBLEMS b/crypto/openssl/PROBLEMS
deleted file mode 100644
index ed3c174..0000000
--- a/crypto/openssl/PROBLEMS
+++ /dev/null
@@ -1,197 +0,0 @@
-* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
-
-
- NOTE: The problem described here only applies when OpenSSL isn't built
- with shared library support (i.e. without the "shared" configuration
- option). If you build with shared library support, you will have no
- problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
-
-
-This is really a misfeature in ld, which seems to look for .dylib libraries
-along the whole library path before it bothers looking for .a libraries. This
-means that -L switches won't matter unless OpenSSL is built with shared
-library support.
-
-The workaround may be to change the following lines in apps/Makefile and
-test/Makefile:
-
- LIBCRYPTO=-L.. -lcrypto
- LIBSSL=-L.. -lssl
-
-to:
-
- LIBCRYPTO=../libcrypto.a
- LIBSSL=../libssl.a
-
-It's possible that something similar is needed for shared library support
-as well. That hasn't been well tested yet.
-
-
-Another solution that many seem to recommend is to move the libraries
-/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
-directory, build and install OpenSSL and anything that depends on your
-build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
-original places. Note that the version numbers on those two libraries
-may differ on your machine.
-
-
-As long as Apple doesn't fix the problem with ld, this problem building
-OpenSSL will remain as is.
-
-
-* Parallell make leads to errors
-
-While running tests, running a parallell make is a bad idea. Many test
-scripts use the same name for output and input files, which means different
-will interfere with each other and lead to test failure.
-
-The solution is simple for now: don't run parallell make when testing.
-
-
-* Bugs in gcc triggered
-
-- According to a problem report, there are bugs in gcc 3.0 that are
- triggered by some of the code in OpenSSL, more specifically in
- PEM_get_EVP_CIPHER_INFO(). The triggering code is the following:
-
- header+=11;
- if (*header != '4') return(0); header++;
- if (*header != ',') return(0); header++;
-
- What happens is that gcc might optimize a little too agressively, and
- you end up with an extra incrementation when *header != '4'.
-
- We recommend that you upgrade gcc to as high a 3.x version as you can.
-
-- According to multiple problem reports, some of our message digest
- implementations trigger bug[s] in code optimizer in gcc 3.3 for sparc64
- and gcc 2.96 for ppc. Former fails to complete RIPEMD160 test, while
- latter - SHA one.
-
- The recomendation is to upgrade your compiler. This naturally applies to
- other similar cases.
-
-- There is a subtle Solaris x86-specific gcc run-time environment bug, which
- "falls between" OpenSSL [0.9.8 and later], Solaris ld and GCC. The bug
- manifests itself as Segmentation Fault upon early application start-up.
- The problem can be worked around by patching the environment according to
- http://www.openssl.org/~appro/values.c.
-
-* solaris64-sparcv9-cc SHA-1 performance with WorkShop 6 compiler.
-
-As subject suggests SHA-1 might perform poorly (4 times slower)
-if compiled with WorkShop 6 compiler and -xarch=v9. The cause for
-this seems to be the fact that compiler emits multiplication to
-perform shift operations:-( To work the problem around configure
-with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
-
-* Problems with hp-parisc2-cc target when used with "no-asm" flag
-
-When using the hp-parisc2-cc target, wrong bignum code is generated.
-This is due to the SIXTY_FOUR_BIT build being compiled with the +O3
-aggressive optimization.
-The problem manifests itself by the BN_kronecker test hanging in an
-endless loop. Reason: the BN_kronecker test calls BN_generate_prime()
-which itself hangs. The reason could be tracked down to the bn_mul_comba8()
-function in bn_asm.c. At some occasions the higher 32bit value of r[7]
-is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,
-as no debugger support possible at +O3 and additional fprintf()'s
-introduced fixed the bug, therefore it is most likely a bug in the
-optimizer.
-The bug was found in the BN_kronecker test but may also lead to
-failures in other parts of the code.
-(See Ticket #426.)
-
-Workaround: modify the target to +O2 when building with no-asm.
-
-* Problems building shared libraries on SCO OpenServer Release 5.0.6
- with gcc 2.95.3
-
-The symptoms appear when running the test suite, more specifically
-test/ectest, with the following result:
-
-OSSL_LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$OSSL_LIBPATH:$LD_LIBRARY_PATH"; DYLD_LIBRARY_PATH="$OSSL_LIBPATH:$DYLD_LIBRARY_PATH"; SHLIB_PATH="$OSSL_LIBPATH:$SHLIB_PATH"; LIBPATH="$OSSL_LIBPATH:$LIBPATH"; if [ "debug-sco5-gcc" = "Cygwin" ]; then PATH="${LIBPATH}:$PATH"; fi; export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; ./ectest
-ectest.c:186: ABORT
-
-The cause of the problem seems to be that isxdigit(), called from
-BN_hex2bn(), returns 0 on a perfectly legitimate hex digit. Further
-investigation shows that any of the isxxx() macros return 0 on any
-input. A direct look in the information array that the isxxx() use,
-called __ctype, shows that it contains all zeroes...
-
-Taking a look at the newly created libcrypto.so with nm, one can see
-that the variable __ctype is defined in libcrypto's .bss (which
-explains why it is filled with zeroes):
-
-$ nm -Pg libcrypto.so | grep __ctype
-__ctype B 0011659c
-__ctype2 U
-
-Curiously, __ctype2 is undefined, in spite of being declared in
-/usr/include/ctype.h in exactly the same way as __ctype.
-
-Any information helping to solve this issue would be deeply
-appreciated.
-
-NOTE: building non-shared doesn't come with this problem.
-
-* ULTRIX build fails with shell errors, such as "bad substitution"
- and "test: argument expected"
-
-The problem is caused by ULTRIX /bin/sh supporting only original
-Bourne shell syntax/semantics, and the trouble is that the vast
-majority is so accustomed to more modern syntax, that very few
-people [if any] would recognize the ancient syntax even as valid.
-This inevitably results in non-trivial scripts breaking on ULTRIX,
-and OpenSSL isn't an exclusion. Fortunately there is workaround,
-hire /bin/ksh to do the job /bin/sh fails to do.
-
-1. Trick make(1) to use /bin/ksh by setting up following environ-
- ment variables *prior* you execute ./Configure and make:
-
- PROG_ENV=POSIX
- MAKESHELL=/bin/ksh
- export PROG_ENV MAKESHELL
-
- or if your shell is csh-compatible:
-
- setenv PROG_ENV POSIX
- setenv MAKESHELL /bin/ksh
-
-2. Trick /bin/sh to use alternative expression evaluator. Create
- following 'test' script for example in /tmp:
-
- #!/bin/ksh
- ${0##*/} "$@"
-
- Then 'chmod a+x /tmp/test; ln /tmp/test /tmp/[' and *prepend*
- your $PATH with chosen location, e.g. PATH=/tmp:$PATH. Alter-
- natively just replace system /bin/test and /bin/[ with the
- above script.
-
-* hpux64-ia64-cc fails blowfish test.
-
-Compiler bug, presumably at particular patch level. It should be noted
-that same compiler generates correct 32-bit code, a.k.a. hpux-ia64-cc
-target. Drop optimization level to +O2 when compiling 64-bit bf_skey.o.
-
-* no-engines generates errors.
-
-Unfortunately, the 'no-engines' configuration option currently doesn't
-work properly. Use 'no-hw' and you'll will at least get no hardware
-support. We'll see how we fix that on OpenSSL versions past 0.9.8.
-
-* 'make test' fails in BN_sqr [commonly with "error 139" denoting SIGSEGV]
- if elder GNU binutils were deployed to link shared libcrypto.so.
-
-As subject suggests the failure is caused by a bug in elder binutils,
-either as or ld, and was observed on FreeBSD and Linux. There are two
-options. First is naturally to upgrade binutils, the second one - to
-reconfigure with additional no-sse2 [or 386] option passed to ./config.
-
-* If configured with ./config no-dso, toolkit still gets linked with -ldl,
- which most notably poses a problem when linking with dietlibc.
-
-We don't have framework to associate -ldl with no-dso, therefore the only
-way is to edit Makefile right after ./config no-dso and remove -ldl from
-EX_LIBS line.
diff --git a/crypto/openssl/README b/crypto/openssl/README
deleted file mode 100644
index 907e235..0000000
--- a/crypto/openssl/README
+++ /dev/null
@@ -1,200 +0,0 @@
-
- OpenSSL 0.9.8e 23 Feb 2007
-
- Copyright (c) 1998-2007 The OpenSSL Project
- Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
- All rights reserved.
-
- DESCRIPTION
- -----------
-
- The OpenSSL Project is a collaborative effort to develop a robust,
- commercial-grade, fully featured, and Open Source toolkit implementing the
- Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
- protocols as well as a full-strength general purpose cryptography library.
- The project is managed by a worldwide community of volunteers that use the
- Internet to communicate, plan, and develop the OpenSSL toolkit and its
- related documentation.
-
- OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
- and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the
- OpenSSL license plus the SSLeay license) situation, which basically means
- that you are free to get and use it for commercial and non-commercial
- purposes as long as you fulfill the conditions of both licenses.
-
- OVERVIEW
- --------
-
- The OpenSSL toolkit includes:
-
- libssl.a:
- Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
- both SSLv2, SSLv3 and TLSv1 in the one server and client.
-
- libcrypto.a:
- General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
- actually logically part of it. It includes routines for the following:
-
- Ciphers
- libdes - EAY's libdes DES encryption package which has been floating
- around the net for a few years. It includes 15
- 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
- cbc, cfb and ofb; pcbc and a more general form of cfb and
- ofb) including desx in cbc mode, a fast crypt(3), and
- routines to read passwords from the keyboard.
- RC4 encryption,
- RC2 encryption - 4 different modes, ecb, cbc, cfb and ofb.
- Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
- IDEA encryption - 4 different modes, ecb, cbc, cfb and ofb.
-
- Digests
- MD5 and MD2 message digest algorithms, fast implementations,
- SHA (SHA-0) and SHA-1 message digest algorithms,
- MDC2 message digest. A DES based hash that is popular on smart cards.
-
- Public Key
- RSA encryption/decryption/generation.
- There is no limit on the number of bits.
- DSA encryption/decryption/generation.
- There is no limit on the number of bits.
- Diffie-Hellman key-exchange/key generation.
- There is no limit on the number of bits.
-
- X.509v3 certificates
- X509 encoding/decoding into/from binary ASN1 and a PEM
- based ASCII-binary encoding which supports encryption with a
- private key. Program to generate RSA and DSA certificate
- requests and to generate RSA and DSA certificates.
-
- Systems
- The normal digital envelope routines and base64 encoding. Higher
- level access to ciphers and digests by name. New ciphers can be
- loaded at run time. The BIO io system which is a simple non-blocking
- IO abstraction. Current methods supported are file descriptors,
- sockets, socket accept, socket connect, memory buffer, buffering, SSL
- client/server, file pointer, encryption, digest, non-blocking testing
- and null.
-
- Data structures
- A dynamically growing hashing system
- A simple stack.
- A Configuration loader that uses a format similar to MS .ini files.
-
- openssl:
- A command line tool that can be used for:
- Creation of RSA, DH and DSA key parameters
- Creation of X.509 certificates, CSRs and CRLs
- Calculation of Message Digests
- Encryption and Decryption with Ciphers
- SSL/TLS Client and Server Tests
- Handling of S/MIME signed or encrypted mail
-
-
- PATENTS
- -------
-
- Various companies hold various patents for various algorithms in various
- locations around the world. _YOU_ are responsible for ensuring that your use
- of any algorithms is legal by checking if there are any patents in your
- country. The file contains some of the patents that we know about or are
- rumored to exist. This is not a definitive list.
-
- RSA Security holds software patents on the RC5 algorithm. If you
- intend to use this cipher, you must contact RSA Security for
- licensing conditions. Their web page is http://www.rsasecurity.com/.
-
- RC4 is a trademark of RSA Security, so use of this label should perhaps
- only be used with RSA Security's permission.
-
- The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
- Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA. They
- should be contacted if that algorithm is to be used; their web page is
- http://www.ascom.ch/.
-
- The MDC2 algorithm is patented by IBM.
-
- NTT and Mitsubishi have patents and pending patents on the Camellia
- algorithm, but allow use at no charge without requiring an explicit
- licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
-
- INSTALLATION
- ------------
-
- To install this package under a Unix derivative, read the INSTALL file. For
- a Win32 platform, read the INSTALL.W32 file. For OpenVMS systems, read
- INSTALL.VMS.
-
- Read the documentation in the doc/ directory. It is quite rough, but it
- lists the functions; you will probably have to look at the code to work out
- how to use them. Look at the example programs.
-
- PROBLEMS
- --------
-
- For some platforms, there are some known problems that may affect the user
- or application author. We try to collect those in doc/PROBLEMS, with current
- thoughts on how they should be solved in a future of OpenSSL.
-
- SUPPORT
- -------
-
- If you have any problems with OpenSSL then please take the following steps
- first:
-
- - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
- to see if the problem has already been addressed
- - Remove ASM versions of libraries
- - Remove compiler optimisation flags
-
- If you wish to report a bug then please include the following information in
- any bug report:
-
- - On Unix systems:
- Self-test report generated by 'make report'
- - On other systems:
- OpenSSL version: output of 'openssl version -a'
- OS Name, Version, Hardware platform
- Compiler Details (name, version)
- - Application Details (name, version)
- - Problem Description (steps that will reproduce the problem, if known)
- - Stack Traceback (if the application dumps core)
-
- Report the bug to the OpenSSL project via the Request Tracker
- (http://www.openssl.org/support/rt2.html) by mail to:
-
- openssl-bugs@openssl.org
-
- Note that mail to openssl-bugs@openssl.org is recorded in the publicly
- readable request tracker database and is forwarded to a public
- mailing list. Confidential mail may be sent to openssl-security@openssl.org
- (PGP key available from the key servers).
-
- HOW TO CONTRIBUTE TO OpenSSL
- ----------------------------
-
- Development is coordinated on the openssl-dev mailing list (see
- http://www.openssl.org for information on subscribing). If you
- would like to submit a patch, send it to openssl-dev@openssl.org with
- the string "[PATCH]" in the subject. Please be sure to include a
- textual explanation of what your patch does.
-
- Note: For legal reasons, contributions from the US can be accepted only
- if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
- (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
- please take some time to look at
- http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
- and
- http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
- for the details. If "your encryption source code is too large to serve as
- an email attachment", they are glad to receive it by fax instead; hope you
- have a cheap long-distance plan.
-
- Our preferred format for changes is "diff -u" output. You might
- generate it like this:
-
- # cd openssl-work
- # [your changes]
- # ./Configure dist; make clean
- # cd ..
- # diff -ur openssl-orig openssl-work > mydiffs.patch
-
diff --git a/crypto/openssl/README.ASN1 b/crypto/openssl/README.ASN1
deleted file mode 100644
index 11bcfaf..0000000
--- a/crypto/openssl/README.ASN1
+++ /dev/null
@@ -1,187 +0,0 @@
-
-OpenSSL ASN1 Revision
-=====================
-
-This document describes some of the issues relating to the new ASN1 code.
-
-Previous OpenSSL ASN1 problems
-=============================
-
-OK why did the OpenSSL ASN1 code need revising in the first place? Well
-there are lots of reasons some of which are included below...
-
-1. The code is difficult to read and write. For every single ASN1 structure
-(e.g. SEQUENCE) four functions need to be written for new, free, encode and
-decode operations. This is a very painful and error prone operation. Very few
-people have ever written any OpenSSL ASN1 and those that have usually wish
-they hadn't.
-
-2. Partly because of 1. the code is bloated and takes up a disproportionate
-amount of space. The SEQUENCE encoder is particularly bad: it essentially
-contains two copies of the same operation, one to compute the SEQUENCE length
-and the other to encode it.
-
-3. The code is memory based: that is it expects to be able to read the whole
-structure from memory. This is fine for small structures but if you have a
-(say) 1Gb PKCS#7 signedData structure it isn't such a good idea...
-
-4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily
-changing the tag to the expected one, attempting to read it, then changing it
-back again. This means that decode buffers have to be writable even though they
-are ultimately unchanged. This gets in the way of constification.
-
-5. The handling of EXPLICIT isn't much better. It adds a chunk of code into
-the decoder and encoder for every EXPLICIT tag.
-
-6. APPLICATION and PRIVATE tags aren't even supported at all.
-
-7. Even IMPLICIT isn't complete: there is no support for implicitly tagged
-types that are not OPTIONAL.
-
-8. Much of the code assumes that a tag will fit in a single octet. This is
-only true if the tag is 30 or less (mercifully tags over 30 are rare).
-
-9. The ASN1 CHOICE type has to be largely handled manually, there aren't any
-macros that properly support it.
-
-10. Encoders have no concept of OPTIONAL and have no error checking. If the
-passed structure contains a NULL in a mandatory field it will not be encoded,
-resulting in an invalid structure.
-
-11. It is tricky to add ASN1 encoders and decoders to external applications.
-
-Template model
-==============
-
-One of the major problems with revision is the sheer volume of the ASN1 code.
-Attempts to change (for example) the IMPLICIT behaviour would result in a
-modification of *every* single decode function.
-
-I decided to adopt a template based approach. I'm using the term 'template'
-in a manner similar to SNACC templates: it has nothing to do with C++
-templates.
-
-A template is a description of an ASN1 module as several constant C structures.
-It describes in a machine readable way exactly how the ASN1 structure should
-behave. If this template contains enough detail then it is possible to write
-versions of new, free, encode, decode (and possibly others operations) that
-operate on templates.
-
-Instead of having to write code to handle each operation only a single
-template needs to be written. If new operations are needed (such as a 'print'
-operation) only a single new template based function needs to be written
-which will then automatically handle all existing templates.
-
-Plans for revision
-==================
-
-The revision will consist of the following steps. Other than the first two
-these can be handled in any order.
-
-o Design and write template new, free, encode and decode operations, initially
-memory based. *DONE*
-
-o Convert existing ASN1 code to template form. *IN PROGRESS*
-
-o Convert an existing ASN1 compiler (probably SNACC) to output templates
-in OpenSSL form.
-
-o Add support for BIO based ASN1 encoders and decoders to handle large
-structures, initially blocking I/O.
-
-o Add support for non blocking I/O: this is quite a bit harder than blocking
-I/O.
-
-o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute
-certificates etc etc.
-
-Description of major changes
-============================
-
-The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is
-absent. The meaning of absent depends on the context. If for example the
-boolean type is DEFAULT FALSE (as in the case of the critical flag for
-certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.
-Usually the value will only ever be read via an API which will hide this from
-an application.
-
-There is an evil bug in the old ASN1 code that mishandles OPTIONAL with
-SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The
-old code would omit the structure if the STACK was NULL (which is fine) or if
-it had zero elements (which is NOT OK). This causes problems because an empty
-SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when
-it is encoded it will be omitted resulting in different encodings. The new code
-only omits the encoding if the STACK is NULL, if it contains zero elements it
-is encoded and empty. There is an additional problem though: because an empty
-STACK was omitted, sometimes the corresponding *_new() function would
-initialize the STACK to empty so an application could immediately use it, if
-this is done with the new code (i.e. a NULL) it wont work. Therefore a new
-STACK should be allocated first. One instance of this is the X509_CRL list of
-revoked certificates: a helper function X509_CRL_add0_revoked() has been added
-for this purpose.
-
-The X509_ATTRIBUTE structure used to have an element called 'set' which took
-the value 1 if the attribute value was a SET OF or 0 if it was a single. Due
-to the behaviour of CHOICE in the new code this has been changed to a field
-called 'single' which is 0 for a SET OF and 1 for single. The old field has
-been deleted to deliberately break source compatibility. Since this structure
-is normally accessed via higher level functions this shouldn't break too much.
-
-The X509_REQ_INFO certificate request info structure no longer has a field
-called 'req_kludge'. This used to be set to 1 if the attributes field was
-(incorrectly) omitted. You can check to see if the field is omitted now by
-checking if the attributes field is NULL. Similarly if you need to omit
-the field then free attributes and set it to NULL.
-
-The top level 'detached' field in the PKCS7 structure is no longer set when
-a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.
-The behaviour of PKCS7_get_detached() is unaffected.
-
-The values of 'type' in the GENERAL_NAME structure have changed. This is
-because the old code use the ASN1 initial octet as the selector. The new
-code uses the index in the ASN1_CHOICE template.
-
-The DIST_POINT_NAME structure has changed to be a true CHOICE type.
-
-typedef struct DIST_POINT_NAME_st {
-int type;
-union {
- STACK_OF(GENERAL_NAME) *fullname;
- STACK_OF(X509_NAME_ENTRY) *relativename;
-} name;
-} DIST_POINT_NAME;
-
-This means that name.fullname or name.relativename should be set
-and type reflects the option. That is if name.fullname is set then
-type is 0 and if name.relativename is set type is 1.
-
-With the old code using the i2d functions would typically involve:
-
-unsigned char *buf, *p;
-int len;
-/* Find length of encoding */
-len = i2d_SOMETHING(x, NULL);
-/* Allocate buffer */
-buf = OPENSSL_malloc(len);
-if(buf == NULL) {
- /* Malloc error */
-}
-/* Use temp variable because &p gets updated to point to end of
- * encoding.
- */
-p = buf;
-i2d_SOMETHING(x, &p);
-
-
-Using the new i2d you can also do:
-
-unsigned char *buf = NULL;
-int len;
-len = i2d_SOMETHING(x, &buf);
-if(len < 0) {
- /* Malloc error */
-}
-
-and it will automatically allocate and populate a buffer with the
-encoding. After this call 'buf' will point to the start of the
-encoding which is len bytes long.
diff --git a/crypto/openssl/README.ENGINE b/crypto/openssl/README.ENGINE
deleted file mode 100644
index 0ff8333..0000000
--- a/crypto/openssl/README.ENGINE
+++ /dev/null
@@ -1,289 +0,0 @@
- ENGINE
- ======
-
- With OpenSSL 0.9.6, a new component was added to support alternative
- cryptography implementations, most commonly for interfacing with external
- crypto devices (eg. accelerator cards). This component is called ENGINE,
- and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)
- caused a little confusion as 0.9.6** releases were rolled in two
- versions, a "standard" and an "engine" version. In development for 0.9.7,
- the ENGINE code has been merged into the main branch and will be present
- in the standard releases from 0.9.7 forwards.
-
- There are currently built-in ENGINE implementations for the following
- crypto devices:
-
- o CryptoSwift
- o Compaq Atalla
- o nCipher CHIL
- o Nuron
- o Broadcom uBSec
-
- In addition, dynamic binding to external ENGINE implementations is now
- provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
- section below for details.
-
- At this stage, a number of things are still needed and are being worked on:
-
- 1 Integration of EVP support.
- 2 Configuration support.
- 3 Documentation!
-
-1 With respect to EVP, this relates to support for ciphers and digests in
- the ENGINE model so that alternative implementations of existing
- algorithms/modes (or previously unimplemented ones) can be provided by
- ENGINE implementations.
-
-2 Configuration support currently exists in the ENGINE API itself, in the
- form of "control commands". These allow an application to expose to the
- user/admin the set of commands and parameter types a given ENGINE
- implementation supports, and for an application to directly feed string
- based input to those ENGINEs, in the form of name-value pairs. This is an
- extensible way for ENGINEs to define their own "configuration" mechanisms
- that are specific to a given ENGINE (eg. for a particular hardware
- device) but that should be consistent across *all* OpenSSL-based
- applications when they use that ENGINE. Work is in progress (or at least
- in planning) for supporting these control commands from the CONF (or
- NCONF) code so that applications using OpenSSL's existing configuration
- file format can have ENGINE settings specified in much the same way.
- Presently however, applications must use the ENGINE API itself to provide
- such functionality. To see first hand the types of commands available
- with the various compiled-in ENGINEs (see further down for dynamic
- ENGINEs), use the "engine" openssl utility with full verbosity, ie;
- openssl engine -vvvv
-
-3 Documentation? Volunteers welcome! The source code is reasonably well
- self-documenting, but some summaries and usage instructions are needed -
- moreover, they are needed in the same POD format the existing OpenSSL
- documentation is provided in. Any complete or incomplete contributions
- would help make this happen.
-
- STABILITY & BUG-REPORTS
- =======================
-
- What already exists is fairly stable as far as it has been tested, but
- the test base has been a bit small most of the time. For the most part,
- the vendors of the devices these ENGINEs support have contributed to the
- development and/or testing of the implementations, and *usually* (with no
- guarantees) have experience in using the ENGINE support to drive their
- devices from common OpenSSL-based applications. Bugs and/or inexplicable
- behaviour in using a specific ENGINE implementation should be sent to the
- author of that implementation (if it is mentioned in the corresponding C
- file), and in the case of implementations for commercial hardware
- devices, also through whatever vendor support channels are available. If
- none of this is possible, or the problem seems to be something about the
- ENGINE API itself (ie. not necessarily specific to a particular ENGINE
- implementation) then you should mail complete details to the relevant
- OpenSSL mailing list. For a definition of "complete details", refer to
- the OpenSSL "README" file. As for which list to send it to;
-
- openssl-users: if you are *using* the ENGINE abstraction, either in an
- pre-compiled application or in your own application code.
-
- openssl-dev: if you are discussing problems with OpenSSL source code.
-
- USAGE
- =====
-
- The default "openssl" ENGINE is always chosen when performing crypto
- operations unless you specify otherwise. You must actively tell the
- openssl utility commands to use anything else through a new command line
- switch called "-engine". Also, if you want to use the ENGINE support in
- your own code to do something similar, you must likewise explicitly
- select the ENGINE implementation you want.
-
- Depending on the type of hardware, system, and configuration, "settings"
- may need to be applied to an ENGINE for it to function as expected/hoped.
- The recommended way of doing this is for the application to support
- ENGINE "control commands" so that each ENGINE implementation can provide
- whatever configuration primitives it might require and the application
- can allow the user/admin (and thus the hardware vendor's support desk
- also) to provide any such input directly to the ENGINE implementation.
- This way, applications do not need to know anything specific to any
- device, they only need to provide the means to carry such user/admin
- input through to the ENGINE in question. Ie. this connects *you* (and
- your helpdesk) to the specific ENGINE implementation (and device), and
- allows application authors to not get buried in hassle supporting
- arbitrary devices they know (and care) nothing about.
-
- A new "openssl" utility, "openssl engine", has been added in that allows
- for testing and examination of ENGINE implementations. Basic usage
- instructions are available by specifying the "-?" command line switch.
-
- DYNAMIC ENGINES
- ===============
-
- The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
- implementations that aren't pre-compiled and linked into OpenSSL-based
- applications. This could be because existing compiled-in implementations
- have known problems and you wish to use a newer version with an existing
- application. It could equally be because the application (or OpenSSL
- library) you are using simply doesn't have support for the ENGINE you
- wish to use, and the ENGINE provider (eg. hardware vendor) is providing
- you with a self-contained implementation in the form of a shared-library.
- The other use-case for "dynamic" is with applications that wish to
- maintain the smallest foot-print possible and so do not link in various
- ENGINE implementations from OpenSSL, but instead leaves you to provide
- them, if you want them, in the form of "dynamic"-loadable
- shared-libraries. It should be possible for hardware vendors to provide
- their own shared-libraries to support arbitrary hardware to work with
- applications based on OpenSSL 0.9.7 or later. If you're using an
- application based on 0.9.7 (or later) and the support you desire is only
- announced for versions later than the one you need, ask the vendor to
- backport their ENGINE to the version you need.
-
- How does "dynamic" work?
- ------------------------
- The dynamic ENGINE has a special flag in its implementation such that
- every time application code asks for the 'dynamic' ENGINE, it in fact
- gets its own copy of it. As such, multi-threaded code (or code that
- multiplexes multiple uses of 'dynamic' in a single application in any
- way at all) does not get confused by 'dynamic' being used to do many
- independent things. Other ENGINEs typically don't do this so there is
- only ever 1 ENGINE structure of its type (and reference counts are used
- to keep order). The dynamic ENGINE itself provides absolutely no
- cryptographic functionality, and any attempt to "initialise" the ENGINE
- automatically fails. All it does provide are a few "control commands"
- that can be used to control how it will load an external ENGINE
- implementation from a shared-library. To see these control commands,
- use the command-line;
-
- openssl engine -vvvv dynamic
-
- The "SO_PATH" control command should be used to identify the
- shared-library that contains the ENGINE implementation, and "NO_VCHECK"
- might possibly be useful if there is a minor version conflict and you
- (or a vendor helpdesk) is convinced you can safely ignore it.
- "ID" is probably only needed if a shared-library implements
- multiple ENGINEs, but if you know the engine id you expect to be using,
- it doesn't hurt to specify it (and this provides a sanity check if
- nothing else). "LIST_ADD" is only required if you actually wish the
- loaded ENGINE to be discoverable by application code later on using the
- ENGINE's "id". For most applications, this isn't necessary - but some
- application authors may have nifty reasons for using it. The "LOAD"
- command is the only one that takes no parameters and is the command
- that uses the settings from any previous commands to actually *load*
- the shared-library ENGINE implementation. If this command succeeds, the
- (copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
- that has been loaded from the shared-library. As such, any control
- commands supported by the loaded ENGINE could then be executed as per
- normal. Eg. if ENGINE "foo" is implemented in the shared-library
- "libfoo.so" and it supports some special control command "CMD_FOO", the
- following code would load and use it (NB: obviously this code has no
- error checking);
-
- ENGINE *e = ENGINE_by_id("dynamic");
- ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
- ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
- ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
- ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
-
- For testing, the "openssl engine" utility can be useful for this sort
- of thing. For example the above code excerpt would achieve much the
- same result as;
-
- openssl engine dynamic \
- -pre SO_PATH:/lib/libfoo.so \
- -pre ID:foo \
- -pre LOAD \
- -pre "CMD_FOO:some input data"
-
- Or to simply see the list of commands supported by the "foo" ENGINE;
-
- openssl engine -vvvv dynamic \
- -pre SO_PATH:/lib/libfoo.so \
- -pre ID:foo \
- -pre LOAD
-
- Applications that support the ENGINE API and more specifically, the
- "control commands" mechanism, will provide some way for you to pass
- such commands through to ENGINEs. As such, you would select "dynamic"
- as the ENGINE to use, and the parameters/commands you pass would
- control the *actual* ENGINE used. Each command is actually a name-value
- pair and the value can sometimes be omitted (eg. the "LOAD" command).
- Whilst the syntax demonstrated in "openssl engine" uses a colon to
- separate the command name from the value, applications may provide
- their own syntax for making that separation (eg. a win32 registry
- key-value pair may be used by some applications). The reason for the
- "-pre" syntax in the "openssl engine" utility is that some commands
- might be issued to an ENGINE *after* it has been initialised for use.
- Eg. if an ENGINE implementation requires a smart-card to be inserted
- during initialisation (or a PIN to be typed, or whatever), there may be
- a control command you can issue afterwards to "forget" the smart-card
- so that additional initialisation is no longer possible. In
- applications such as web-servers, where potentially volatile code may
- run on the same host system, this may provide some arguable security
- value. In such a case, the command would be passed to the ENGINE after
- it has been initialised for use, and so the "-post" switch would be
- used instead. Applications may provide a different syntax for
- supporting this distinction, and some may simply not provide it at all
- ("-pre" is almost always what you're after, in reality).
-
- How do I build a "dynamic" ENGINE?
- ----------------------------------
- This question is trickier - currently OpenSSL bundles various ENGINE
- implementations that are statically built in, and any application that
- calls the "ENGINE_load_builtin_engines()" function will automatically
- have all such ENGINEs available (and occupying memory). Applications
- that don't call that function have no ENGINEs available like that and
- would have to use "dynamic" to load any such ENGINE - but on the other
- hand such applications would only have the memory footprint of any
- ENGINEs explicitly loaded using user/admin provided control commands.
- The main advantage of not statically linking ENGINEs and only using
- "dynamic" for hardware support is that any installation using no
- "external" ENGINE suffers no unnecessary memory footprint from unused
- ENGINEs. Likewise, installations that do require an ENGINE incur the
- overheads from only *that* ENGINE once it has been loaded.
-
- Sounds good? Maybe, but currently building an ENGINE implementation as
- a shared-library that can be loaded by "dynamic" isn't automated in
- OpenSSL's build process. It can be done manually quite easily however.
- Such a shared-library can either be built with any OpenSSL code it
- needs statically linked in, or it can link dynamically against OpenSSL
- if OpenSSL itself is built as a shared library. The instructions are
- the same in each case, but in the former (statically linked any
- dependencies on OpenSSL) you must ensure OpenSSL is built with
- position-independent code ("PIC"). The default OpenSSL compilation may
- already specify the relevant flags to do this, but you should consult
- with your compiler documentation if you are in any doubt.
-
- This example will show building the "atalla" ENGINE in the
- crypto/engine/ directory as a shared-library for use via the "dynamic"
- ENGINE.
- 1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
- source tree.
- 2) Recompile at least one source file so you can see all the compiler
- flags (and syntax) being used to build normally. Eg;
- touch hw_atalla.c ; make
- will rebuild "hw_atalla.o" using all such flags.
- 3) Manually enter the same compilation line to compile the
- "hw_atalla.c" file but with the following two changes;
- (a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
- (b) change the output file from "hw_atalla.o" to something new,
- eg. "tmp_atalla.o"
- 4) Link "tmp_atalla.o" into a shared-library using the top-level
- OpenSSL libraries to resolve any dependencies. The syntax for doing
- this depends heavily on your system/compiler and is a nightmare
- known well to anyone who has worked with shared-library portability
- before. 'gcc' on Linux, for example, would use the following syntax;
- gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
- 5) Test your shared library using "openssl engine" as explained in the
- previous section. Eg. from the top-level directory, you might try;
- apps/openssl engine -vvvv dynamic \
- -pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
- If the shared-library loads successfully, you will see both "-pre"
- commands marked as "SUCCESS" and the list of control commands
- displayed (because of "-vvvv") will be the control commands for the
- *atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
- the "-t" switch to the utility if you want it to try and initialise
- the atalla ENGINE for use to test any possible hardware/driver
- issues.
-
- PROBLEMS
- ========
-
- It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
- A quick test done right before the release showed that trying "openssl speed
- -engine cswift" generated errors. If the DSO gets enabled, an attempt is made
- to write at memory address 0x00000002.
-
diff --git a/crypto/openssl/apps/CA.pl b/crypto/openssl/apps/CA.pl
deleted file mode 100755
index a3965ec..0000000
--- a/crypto/openssl/apps/CA.pl
+++ /dev/null
@@ -1,189 +0,0 @@
-#!/usr/bin/perl
-#
-# CA - wrapper around ca to make it easier to use ... basically ca requires
-# some setup stuff to be done before you can use it and this makes
-# things easier between now and when Eric is convinced to fix it :-)
-#
-# CA -newca ... will setup the right stuff
-# CA -newreq[-nodes] ... will generate a certificate request
-# CA -sign ... will sign the generated request and output
-#
-# At the end of that grab newreq.pem and newcert.pem (one has the key
-# and the other the certificate) and cat them together and that is what
-# you want/need ... I'll make even this a little cleaner later.
-#
-#
-# 12-Jan-96 tjh Added more things ... including CA -signcert which
-# converts a certificate to a request and then signs it.
-# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
-# environment variable so this can be driven from
-# a script.
-# 25-Jul-96 eay Cleaned up filenames some more.
-# 11-Jun-96 eay Fixed a few filename missmatches.
-# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
-# 18-Apr-96 tjh Original hacking
-#
-# Tim Hudson
-# tjh@cryptsoft.com
-#
-
-# 27-Apr-98 snh Translation into perl, fix existing CA bug.
-#
-#
-# Steve Henson
-# shenson@bigfoot.com
-
-# default openssl.cnf file has setup as per the following
-# demoCA ... where everything is stored
-
-my $openssl;
-if(defined $ENV{OPENSSL}) {
- $openssl = $ENV{OPENSSL};
-} else {
- $openssl = "openssl";
- $ENV{OPENSSL} = $openssl;
-}
-
-$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
-$DAYS="-days 365"; # 1 year
-$CADAYS="-days 1095"; # 3 years
-$REQ="$openssl req $SSLEAY_CONFIG";
-$CA="$openssl ca $SSLEAY_CONFIG";
-$VERIFY="$openssl verify";
-$X509="$openssl x509";
-$PKCS12="$openssl pkcs12";
-
-$CATOP="./demoCA";
-$CAKEY="cakey.pem";
-$CAREQ="careq.pem";
-$CACERT="cacert.pem";
-
-$DIRMODE = 0777;
-
-$RET = 0;
-
-foreach (@ARGV) {
- if ( /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
- exit 0;
- } elsif (/^-newcert$/) {
- # create a certificate
- system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
- $RET=$?;
- print "Certificate is in newcert.pem, private key is in newkey.pem\n"
- } elsif (/^-newreq$/) {
- # create a certificate request
- system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
- $RET=$?;
- print "Request is in newreq.pem, private key is in newkey.pem\n";
- } elsif (/^-newreq-nodes$/) {
- # create a certificate request
- system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
- $RET=$?;
- print "Request is in newreq.pem, private key is in newkey.pem\n";
- } elsif (/^-newca$/) {
- # if explicitly asked for or it doesn't exist then setup the
- # directory structure that Eric likes to manage things
- $NEW="1";
- if ( "$NEW" || ! -f "${CATOP}/serial" ) {
- # create the directory hierarchy
- mkdir $CATOP, $DIRMODE;
- mkdir "${CATOP}/certs", $DIRMODE;
- mkdir "${CATOP}/crl", $DIRMODE ;
- mkdir "${CATOP}/newcerts", $DIRMODE;
- mkdir "${CATOP}/private", $DIRMODE;
- open OUT, ">${CATOP}/index.txt";
- close OUT;
- open OUT, ">${CATOP}/crlnumber";
- print OUT "01\n";
- close OUT;
- }
- if ( ! -f "${CATOP}/private/$CAKEY" ) {
- print "CA certificate filename (or enter to create)\n";
- $FILE = <STDIN>;
-
- chop $FILE;
-
- # ask user for existing CA certificate
- if ($FILE) {
- cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
- cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
- $RET=$?;
- } else {
- print "Making CA certificate ...\n";
- system ("$REQ -new -keyout " .
- "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
- system ("$CA -create_serial " .
- "-out ${CATOP}/$CACERT $CADAYS -batch " .
- "-keyfile ${CATOP}/private/$CAKEY -selfsign " .
- "-extensions v3_ca " .
- "-infiles ${CATOP}/$CAREQ ");
- $RET=$?;
- }
- }
- } elsif (/^-pkcs12$/) {
- my $cname = $ARGV[1];
- $cname = "My Certificate" unless defined $cname;
- system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
- "-certfile ${CATOP}/$CACERT -out newcert.p12 " .
- "-export -name \"$cname\"");
- $RET=$?;
- print "PKCS #12 file is in newcert.p12\n";
- exit $RET;
- } elsif (/^-xsign$/) {
- system ("$CA -policy policy_anything -infiles newreq.pem");
- $RET=$?;
- } elsif (/^(-sign|-signreq)$/) {
- system ("$CA -policy policy_anything -out newcert.pem " .
- "-infiles newreq.pem");
- $RET=$?;
- print "Signed certificate is in newcert.pem\n";
- } elsif (/^(-signCA)$/) {
- system ("$CA -policy policy_anything -out newcert.pem " .
- "-extensions v3_ca -infiles newreq.pem");
- $RET=$?;
- print "Signed CA certificate is in newcert.pem\n";
- } elsif (/^-signcert$/) {
- system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
- "-out tmp.pem");
- system ("$CA -policy policy_anything -out newcert.pem " .
- "-infiles tmp.pem");
- $RET = $?;
- print "Signed certificate is in newcert.pem\n";
- } elsif (/^-verify$/) {
- if (shift) {
- foreach $j (@ARGV) {
- system ("$VERIFY -CAfile $CATOP/$CACERT $j");
- $RET=$? if ($? != 0);
- }
- exit $RET;
- } else {
- system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
- $RET=$?;
- exit 0;
- }
- } else {
- print STDERR "Unknown arg $_\n";
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
- exit 1;
- }
-}
-
-exit $RET;
-
-sub cp_pem {
-my ($infile, $outfile, $bound) = @_;
-open IN, $infile;
-open OUT, ">$outfile";
-my $flag = 0;
-while (<IN>) {
- $flag = 1 if (/^-----BEGIN.*$bound/) ;
- print OUT $_ if ($flag);
- if (/^-----END.*$bound/) {
- close IN;
- close OUT;
- return;
- }
-}
-}
-
diff --git a/crypto/openssl/apps/CA.pl.in b/crypto/openssl/apps/CA.pl.in
deleted file mode 100644
index c783a6e..0000000
--- a/crypto/openssl/apps/CA.pl.in
+++ /dev/null
@@ -1,189 +0,0 @@
-#!/usr/local/bin/perl
-#
-# CA - wrapper around ca to make it easier to use ... basically ca requires
-# some setup stuff to be done before you can use it and this makes
-# things easier between now and when Eric is convinced to fix it :-)
-#
-# CA -newca ... will setup the right stuff
-# CA -newreq[-nodes] ... will generate a certificate request
-# CA -sign ... will sign the generated request and output
-#
-# At the end of that grab newreq.pem and newcert.pem (one has the key
-# and the other the certificate) and cat them together and that is what
-# you want/need ... I'll make even this a little cleaner later.
-#
-#
-# 12-Jan-96 tjh Added more things ... including CA -signcert which
-# converts a certificate to a request and then signs it.
-# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
-# environment variable so this can be driven from
-# a script.
-# 25-Jul-96 eay Cleaned up filenames some more.
-# 11-Jun-96 eay Fixed a few filename missmatches.
-# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
-# 18-Apr-96 tjh Original hacking
-#
-# Tim Hudson
-# tjh@cryptsoft.com
-#
-
-# 27-Apr-98 snh Translation into perl, fix existing CA bug.
-#
-#
-# Steve Henson
-# shenson@bigfoot.com
-
-# default openssl.cnf file has setup as per the following
-# demoCA ... where everything is stored
-
-my $openssl;
-if(defined $ENV{OPENSSL}) {
- $openssl = $ENV{OPENSSL};
-} else {
- $openssl = "openssl";
- $ENV{OPENSSL} = $openssl;
-}
-
-$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
-$DAYS="-days 365"; # 1 year
-$CADAYS="-days 1095"; # 3 years
-$REQ="$openssl req $SSLEAY_CONFIG";
-$CA="$openssl ca $SSLEAY_CONFIG";
-$VERIFY="$openssl verify";
-$X509="$openssl x509";
-$PKCS12="$openssl pkcs12";
-
-$CATOP="./demoCA";
-$CAKEY="cakey.pem";
-$CAREQ="careq.pem";
-$CACERT="cacert.pem";
-
-$DIRMODE = 0777;
-
-$RET = 0;
-
-foreach (@ARGV) {
- if ( /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
- exit 0;
- } elsif (/^-newcert$/) {
- # create a certificate
- system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS");
- $RET=$?;
- print "Certificate is in newcert.pem, private key is in newkey.pem\n"
- } elsif (/^-newreq$/) {
- # create a certificate request
- system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS");
- $RET=$?;
- print "Request is in newreq.pem, private key is in newkey.pem\n";
- } elsif (/^-newreq-nodes$/) {
- # create a certificate request
- system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS");
- $RET=$?;
- print "Request is in newreq.pem, private key is in newkey.pem\n";
- } elsif (/^-newca$/) {
- # if explicitly asked for or it doesn't exist then setup the
- # directory structure that Eric likes to manage things
- $NEW="1";
- if ( "$NEW" || ! -f "${CATOP}/serial" ) {
- # create the directory hierarchy
- mkdir $CATOP, $DIRMODE;
- mkdir "${CATOP}/certs", $DIRMODE;
- mkdir "${CATOP}/crl", $DIRMODE ;
- mkdir "${CATOP}/newcerts", $DIRMODE;
- mkdir "${CATOP}/private", $DIRMODE;
- open OUT, ">${CATOP}/index.txt";
- close OUT;
- open OUT, ">${CATOP}/crlnumber";
- print OUT "01\n";
- close OUT;
- }
- if ( ! -f "${CATOP}/private/$CAKEY" ) {
- print "CA certificate filename (or enter to create)\n";
- $FILE = <STDIN>;
-
- chop $FILE;
-
- # ask user for existing CA certificate
- if ($FILE) {
- cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
- cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
- $RET=$?;
- } else {
- print "Making CA certificate ...\n";
- system ("$REQ -new -keyout " .
- "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ");
- system ("$CA -create_serial " .
- "-out ${CATOP}/$CACERT $CADAYS -batch " .
- "-keyfile ${CATOP}/private/$CAKEY -selfsign " .
- "-extensions v3_ca " .
- "-infiles ${CATOP}/$CAREQ ");
- $RET=$?;
- }
- }
- } elsif (/^-pkcs12$/) {
- my $cname = $ARGV[1];
- $cname = "My Certificate" unless defined $cname;
- system ("$PKCS12 -in newcert.pem -inkey newkey.pem " .
- "-certfile ${CATOP}/$CACERT -out newcert.p12 " .
- "-export -name \"$cname\"");
- $RET=$?;
- print "PKCS #12 file is in newcert.p12\n";
- exit $RET;
- } elsif (/^-xsign$/) {
- system ("$CA -policy policy_anything -infiles newreq.pem");
- $RET=$?;
- } elsif (/^(-sign|-signreq)$/) {
- system ("$CA -policy policy_anything -out newcert.pem " .
- "-infiles newreq.pem");
- $RET=$?;
- print "Signed certificate is in newcert.pem\n";
- } elsif (/^(-signCA)$/) {
- system ("$CA -policy policy_anything -out newcert.pem " .
- "-extensions v3_ca -infiles newreq.pem");
- $RET=$?;
- print "Signed CA certificate is in newcert.pem\n";
- } elsif (/^-signcert$/) {
- system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
- "-out tmp.pem");
- system ("$CA -policy policy_anything -out newcert.pem " .
- "-infiles tmp.pem");
- $RET = $?;
- print "Signed certificate is in newcert.pem\n";
- } elsif (/^-verify$/) {
- if (shift) {
- foreach $j (@ARGV) {
- system ("$VERIFY -CAfile $CATOP/$CACERT $j");
- $RET=$? if ($? != 0);
- }
- exit $RET;
- } else {
- system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
- $RET=$?;
- exit 0;
- }
- } else {
- print STDERR "Unknown arg $_\n";
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
- exit 1;
- }
-}
-
-exit $RET;
-
-sub cp_pem {
-my ($infile, $outfile, $bound) = @_;
-open IN, $infile;
-open OUT, ">$outfile";
-my $flag = 0;
-while (<IN>) {
- $flag = 1 if (/^-----BEGIN.*$bound/) ;
- print OUT $_ if ($flag);
- if (/^-----END.*$bound/) {
- close IN;
- close OUT;
- return;
- }
-}
-}
-
diff --git a/crypto/openssl/apps/CA.sh b/crypto/openssl/apps/CA.sh
deleted file mode 100644
index a0b20d8..0000000
--- a/crypto/openssl/apps/CA.sh
+++ /dev/null
@@ -1,139 +0,0 @@
-#!/bin/sh
-#
-# CA - wrapper around ca to make it easier to use ... basically ca requires
-# some setup stuff to be done before you can use it and this makes
-# things easier between now and when Eric is convinced to fix it :-)
-#
-# CA -newca ... will setup the right stuff
-# CA -newreq ... will generate a certificate request
-# CA -sign ... will sign the generated request and output
-#
-# At the end of that grab newreq.pem and newcert.pem (one has the key
-# and the other the certificate) and cat them together and that is what
-# you want/need ... I'll make even this a little cleaner later.
-#
-#
-# 12-Jan-96 tjh Added more things ... including CA -signcert which
-# converts a certificate to a request and then signs it.
-# 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG
-# environment variable so this can be driven from
-# a script.
-# 25-Jul-96 eay Cleaned up filenames some more.
-# 11-Jun-96 eay Fixed a few filename missmatches.
-# 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'.
-# 18-Apr-96 tjh Original hacking
-#
-# Tim Hudson
-# tjh@cryptsoft.com
-#
-
-# default openssl.cnf file has setup as per the following
-# demoCA ... where everything is stored
-
-if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
-
-DAYS="-days 365" # 1 year
-CADAYS="-days 1095" # 3 years
-REQ="$OPENSSL req $SSLEAY_CONFIG"
-CA="$OPENSSL ca $SSLEAY_CONFIG"
-VERIFY="$OPENSSL verify"
-X509="$OPENSSL x509"
-
-CATOP=./demoCA
-CAKEY=./cakey.pem
-CAREQ=./careq.pem
-CACERT=./cacert.pem
-
-for i
-do
-case $i in
--\?|-h|-help)
- echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" >&2
- exit 0
- ;;
--newcert)
- # create a certificate
- $REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS
- RET=$?
- echo "Certificate is in newcert.pem, private key is in newkey.pem"
- ;;
--newreq)
- # create a certificate request
- $REQ -new -keyout newkey.pem -out newreq.pem $DAYS
- RET=$?
- echo "Request is in newreq.pem, private key is in newkey.pem"
- ;;
--newca)
- # if explicitly asked for or it doesn't exist then setup the directory
- # structure that Eric likes to manage things
- NEW="1"
- if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
- # create the directory hierarchy
- mkdir ${CATOP}
- mkdir ${CATOP}/certs
- mkdir ${CATOP}/crl
- mkdir ${CATOP}/newcerts
- mkdir ${CATOP}/private
- echo "00" > ${CATOP}/serial
- touch ${CATOP}/index.txt
- fi
- if [ ! -f ${CATOP}/private/$CAKEY ]; then
- echo "CA certificate filename (or enter to create)"
- read FILE
-
- # ask user for existing CA certificate
- if [ "$FILE" ]; then
- cp $FILE ${CATOP}/private/$CAKEY
- RET=$?
- else
- echo "Making CA certificate ..."
- $REQ -new -keyout ${CATOP}/private/$CAKEY \
- -out ${CATOP}/$CAREQ
- $CA -out ${CATOP}/$CACERT $CADAYS -batch \
- -keyfile ${CATOP}/private/$CAKEY -selfsign \
- -infiles ${CATOP}/$CAREQ
- RET=$?
- fi
- fi
- ;;
--xsign)
- $CA -policy policy_anything -infiles newreq.pem
- RET=$?
- ;;
--sign|-signreq)
- $CA -policy policy_anything -out newcert.pem -infiles newreq.pem
- RET=$?
- cat newcert.pem
- echo "Signed certificate is in newcert.pem"
- ;;
--signcert)
- echo "Cert passphrase will be requested twice - bug?"
- $X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
- $CA -policy policy_anything -out newcert.pem -infiles tmp.pem
- cat newcert.pem
- echo "Signed certificate is in newcert.pem"
- ;;
--verify)
- shift
- if [ -z "$1" ]; then
- $VERIFY -CAfile $CATOP/$CACERT newcert.pem
- RET=$?
- else
- for j
- do
- $VERIFY -CAfile $CATOP/$CACERT $j
- if [ $? != 0 ]; then
- RET=$?
- fi
- done
- fi
- exit 0
- ;;
-*)
- echo "Unknown arg $i";
- exit 1
- ;;
-esac
-done
-exit $RET
-
diff --git a/crypto/openssl/apps/Makefile b/crypto/openssl/apps/Makefile
deleted file mode 100644
index 41cd3ca..0000000
--- a/crypto/openssl/apps/Makefile
+++ /dev/null
@@ -1,901 +0,0 @@
-#
-# apps/Makefile
-#
-
-DIR= apps
-TOP= ..
-CC= cc
-INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES)
-CFLAG= -g -static
-MAKEFILE= Makefile
-PERL= perl
-RM= rm -f
-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
-PEX_LIBS=
-EX_LIBS=
-EXE_EXT=
-
-SHLIB_TARGET=
-
-CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile makeapps.com install.com
-
-DLIBCRYPTO=../libcrypto.a
-DLIBSSL=../libssl.a
-LIBCRYPTO=-L.. -lcrypto
-LIBSSL=-L.. -lssl
-
-PROGRAM= openssl
-
-SCRIPTS=CA.sh CA.pl
-
-EXE= $(PROGRAM)$(EXE_EXT)
-
-E_EXE= verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
- ca crl rsa rsautl dsa dsaparam ec ecparam \
- x509 genrsa gendsa s_server s_client speed \
- s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
- pkcs8 spkac smime rand engine ocsp prime
-
-PROGS= $(PROGRAM).c
-
-A_OBJ=apps.o
-A_SRC=apps.c
-S_OBJ= s_cb.o s_socket.o
-S_SRC= s_cb.c s_socket.c
-RAND_OBJ=app_rand.o
-RAND_SRC=app_rand.c
-
-E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
- ca.o pkcs7.o crl2p7.o crl.o \
- rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \
- x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
- s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
- ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o \
- ocsp.o prime.o
-
-E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
- pkcs7.c crl2p7.c crl.c \
- rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \
- x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
- s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
- ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c \
- ocsp.c prime.c
-
-SRC=$(E_SRC)
-
-EXHEADER=
-HEADER= apps.h progs.h s_apps.h \
- testdsa.h testrsa.h \
- $(EXHEADER)
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- @(cd ..; $(MAKE) DIRS=$(DIR) all)
-
-all: exe
-
-exe: $(EXE)
-
-req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
- shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
- shlib_target="$(SHLIB_TARGET)"; \
- fi; \
- $(MAKE) -f $(TOP)/Makefile.shared -e \
- APPNAME=req OBJECTS="sreq.o $(A_OBJ) $(RAND_OBJ)" \
- LIBDEPS="$(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)" \
- link_app.$${shlib_target}
-
-sreq.o: req.c
- $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- @set -e; for i in $(EXE); \
- do \
- (echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
- done;
- @set -e; for i in $(SCRIPTS); \
- do \
- (echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
- chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
- done
- @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
- chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
- mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
-
-tags:
- ctags $(SRC)
-
-tests:
-
-links:
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- @if [ -z "$(THIS)" ]; then \
- $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
- else \
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
- fi
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
- rm -f req
-
-$(DLIBSSL):
- (cd ..; $(MAKE) DIRS=ssl all)
-
-$(DLIBCRYPTO):
- (cd ..; $(MAKE) DIRS=crypto all)
-
-$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
- $(RM) $(EXE)
- shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
- shlib_target="$(SHLIB_TARGET)"; \
- fi; \
- if [ "$${shlib_target}" = "darwin-shared" ] ; then \
- LIBRARIES="$(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO)" ; \
- else \
- LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
- fi; \
- $(MAKE) -f $(TOP)/Makefile.shared -e \
- APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
- LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
- link_app.$${shlib_target}
- -(cd ..; \
- OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
- $(PERL) tools/c_rehash certs)
-
-progs.h: progs.pl
- $(PERL) progs.pl $(E_EXE) >progs.h
- $(RM) $(PROGRAM).o
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-app_rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-app_rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-app_rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-app_rand.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-app_rand.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
-app_rand.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h app_rand.c
-app_rand.o: apps.h
-apps.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-apps.o: ../include/openssl/engine.h ../include/openssl/err.h
-apps.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
-apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
-apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-apps.o: ../include/openssl/x509v3.h apps.c apps.h
-asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
-asn1pars.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
-asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-asn1pars.o: asn1pars.c
-ca.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ca.o: ../include/openssl/engine.h ../include/openssl/err.h
-ca.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
-ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ca.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
-ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ca.o: ../include/openssl/x509v3.h apps.h ca.c
-ciphers.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ciphers.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h
-ciphers.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-ciphers.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ciphers.o: ../include/openssl/x509_vfy.h apps.h ciphers.c
-crl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-crl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-crl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-crl.o: ../include/openssl/err.h ../include/openssl/evp.h
-crl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-crl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
-crl.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-crl.o: ../include/openssl/x509v3.h apps.h crl.c
-crl2p7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-crl2p7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-crl2p7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
-crl2p7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
-crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-crl2p7.o: crl2p7.c
-dgst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-dgst.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-dgst.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
-dgst.o: ../include/openssl/hmac.h ../include/openssl/lhash.h
-dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-dgst.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c
-dh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dh.o: ../include/openssl/dh.h ../include/openssl/e_os2.h
-dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-dh.o: ../include/openssl/err.h ../include/openssl/evp.h
-dh.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dh.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dh.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dh.c
-dsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-dsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-dsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-dsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-dsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h dsa.c
-dsaparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-dsaparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-dsaparam.o: ../include/openssl/engine.h ../include/openssl/err.h
-dsaparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-dsaparam.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-dsaparam.o: ../include/openssl/stack.h ../include/openssl/store.h
-dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-dsaparam.o: ../include/openssl/ui.h ../include/openssl/x509.h
-dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c
-ec.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ec.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-ec.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-ec.o: ../include/openssl/err.h ../include/openssl/evp.h
-ec.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ec.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ec.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ec.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-ec.o: ../include/openssl/sha.h ../include/openssl/stack.h
-ec.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-ec.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h ec.c
-ecparam.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ecparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ecparam.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ecparam.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ecparam.o: ../include/openssl/engine.h ../include/openssl/err.h
-ecparam.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ecparam.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c
-enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-enc.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-enc.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-enc.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-enc.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-enc.o: ../include/openssl/x509_vfy.h apps.h enc.c
-engine.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-engine.o: ../include/openssl/comp.h ../include/openssl/conf.h
-engine.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-engine.o: ../include/openssl/engine.h ../include/openssl/err.h
-engine.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-engine.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-engine.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-engine.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-engine.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-engine.o: ../include/openssl/x509_vfy.h apps.h engine.c
-errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
-errstr.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-errstr.o: ../include/openssl/engine.h ../include/openssl/err.h
-errstr.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-errstr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-errstr.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-errstr.o: ../include/openssl/x509_vfy.h apps.h errstr.c
-gendh.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-gendh.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-gendh.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-gendh.o: ../include/openssl/engine.h ../include/openssl/err.h
-gendh.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-gendh.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-gendh.o: ../include/openssl/stack.h ../include/openssl/store.h
-gendh.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendh.o: ../include/openssl/ui.h ../include/openssl/x509.h
-gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c
-gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-gendsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-gendsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-gendsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-gendsa.o: gendsa.c
-genrsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-genrsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-genrsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-genrsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-genrsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-genrsa.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-genrsa.o: ../include/openssl/stack.h ../include/openssl/store.h
-genrsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-genrsa.o: ../include/openssl/ui.h ../include/openssl/x509.h
-genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c
-nseq.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-nseq.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-nseq.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
-nseq.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-nseq.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-nseq.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
-nseq.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h nseq.c
-ocsp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ocsp.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ocsp.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h
-ocsp.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
-ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ocsp.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c
-openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
-openssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-openssl.o: ../include/openssl/engine.h ../include/openssl/err.h
-openssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-openssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-openssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-openssl.o: ../include/openssl/x509_vfy.h apps.h openssl.c progs.h s_apps.h
-passwd.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-passwd.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
-passwd.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
-passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
-passwd.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-passwd.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
-passwd.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-passwd.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-passwd.o: passwd.c
-pkcs12.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs12.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-pkcs12.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs12.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
-pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs12.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-pkcs12.o: ../include/openssl/x509_vfy.h apps.h pkcs12.c
-pkcs7.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs7.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-pkcs7.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs7.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
-pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs7.c
-pkcs8.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-pkcs8.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-pkcs8.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
-pkcs8.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
-pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-pkcs8.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-pkcs8.o: ../include/openssl/x509_vfy.h apps.h pkcs8.c
-prime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-prime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-prime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-prime.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-prime.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-prime.o: ../include/openssl/engine.h ../include/openssl/evp.h
-prime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-prime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-prime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-prime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-prime.o: ../include/openssl/sha.h ../include/openssl/stack.h
-prime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-prime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h prime.c
-rand.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-rand.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-rand.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-rand.o: ../include/openssl/err.h ../include/openssl/evp.h
-rand.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rand.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rand.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-rand.o: ../include/openssl/x509_vfy.h apps.h rand.c
-req.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-req.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-req.o: ../include/openssl/engine.h ../include/openssl/err.h
-req.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-req.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-req.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-req.o: ../include/openssl/stack.h ../include/openssl/store.h
-req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-req.o: ../include/openssl/ui.h ../include/openssl/x509.h
-req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h req.c
-rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-rsa.o: ../include/openssl/engine.h ../include/openssl/err.h
-rsa.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
-rsa.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h rsa.c
-rsautl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-rsautl.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-rsautl.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
-rsautl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rsautl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
-rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-rsautl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c
-s_cb.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_cb.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_cb.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-s_cb.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_cb.c
-s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_client.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_client.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_client.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-s_client.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_client.o: s_apps.h s_client.c timeouts.h
-s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_server.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-s_server.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_server.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_server.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-s_server.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s_server.o: ../include/openssl/store.h ../include/openssl/symhacks.h
-s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-s_server.o: ../include/openssl/ui.h ../include/openssl/x509.h
-s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_server.c timeouts.h
-s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_socket.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s_socket.o: ../include/openssl/engine.h ../include/openssl/evp.h
-s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s_socket.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
-s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-s_socket.o: s_apps.h s_socket.c
-s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
-s_time.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s_time.o: ../include/openssl/engine.h ../include/openssl/err.h
-s_time.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s_time.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-s_time.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h s_time.c
-sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
-sess_id.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
-sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h
-sess_id.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-sess_id.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-sess_id.o: ../include/openssl/x509_vfy.h apps.h sess_id.c
-smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-smime.o: ../include/openssl/err.h ../include/openssl/evp.h
-smime.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-smime.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-smime.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
-smime.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-smime.o: ../include/openssl/x509v3.h apps.h smime.c
-speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
-speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
-speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-speed.o: ../include/openssl/cast.h ../include/openssl/conf.h
-speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
-speed.o: ../include/openssl/des_old.h ../include/openssl/dsa.h
-speed.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-speed.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-speed.o: ../include/openssl/engine.h ../include/openssl/err.h
-speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
-speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
-speed.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
-speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
-speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-speed.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
-speed.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
-speed.o: ../include/openssl/x509_vfy.h apps.h speed.c testdsa.h testrsa.h
-spkac.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-spkac.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-spkac.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
-spkac.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-spkac.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-spkac.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
-spkac.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h spkac.c
-verify.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-verify.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-verify.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-verify.o: ../include/openssl/err.h ../include/openssl/evp.h
-verify.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-verify.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-verify.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h
-verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
-verify.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-verify.o: ../include/openssl/x509v3.h apps.h verify.c
-version.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
-version.o: ../include/openssl/buffer.h ../include/openssl/conf.h
-version.o: ../include/openssl/crypto.h ../include/openssl/des.h
-version.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
-version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-version.o: ../include/openssl/evp.h ../include/openssl/idea.h
-version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
-version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-version.o: ../include/openssl/rc4.h ../include/openssl/safestack.h
-version.o: ../include/openssl/sha.h ../include/openssl/stack.h
-version.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
-version.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
-version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
-version.o: version.c
-x509.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-x509.o: ../include/openssl/err.h ../include/openssl/evp.h
-x509.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-x509.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-x509.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h
-x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-x509.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
-x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c
diff --git a/crypto/openssl/apps/app_rand.c b/crypto/openssl/apps/app_rand.c
deleted file mode 100644
index b7b6128..0000000
--- a/crypto/openssl/apps/app_rand.c
+++ /dev/null
@@ -1,218 +0,0 @@
-/* apps/app_rand.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-
-
-static int seeded = 0;
-static int egdsocket = 0;
-
-int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
- {
- int consider_randfile = (file == NULL);
- char buffer[200];
-
-#ifdef OPENSSL_SYS_WINDOWS
- BIO_printf(bio_e,"Loading 'screen' into random state -");
- BIO_flush(bio_e);
- RAND_screen();
- BIO_printf(bio_e," done\n");
-#endif
-
- if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
- else if (RAND_egd(file) > 0)
- {
- /* we try if the given filename is an EGD socket.
- if it is, we don't write anything back to the file. */
- egdsocket = 1;
- return 1;
- }
- if (file == NULL || !RAND_load_file(file, -1))
- {
- if (RAND_status() == 0)
- {
- if (!dont_warn)
- {
- BIO_printf(bio_e,"unable to load 'random state'\n");
- BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
- BIO_printf(bio_e,"with much random data.\n");
- if (consider_randfile) /* explanation does not apply when a file is explicitly named */
- {
- BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
- BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
- }
- }
- return 0;
- }
- }
- seeded = 1;
- return 1;
- }
-
-long app_RAND_load_files(char *name)
- {
- char *p,*n;
- int last;
- long tot=0;
- int egd;
-
- for (;;)
- {
- last=0;
- for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
- if (*p == '\0') last=1;
- *p='\0';
- n=name;
- name=p+1;
- if (*n == '\0') break;
-
- egd=RAND_egd(n);
- if (egd > 0)
- tot+=egd;
- else
- tot+=RAND_load_file(n,-1);
- if (last) break;
- }
- if (tot > 512)
- app_RAND_allow_write_file();
- return(tot);
- }
-
-int app_RAND_write_file(const char *file, BIO *bio_e)
- {
- char buffer[200];
-
- if (egdsocket || !seeded)
- /* If we did not manage to read the seed file,
- * we should not write a low-entropy seed file back --
- * it would suppress a crucial warning the next time
- * we want to use it. */
- return 0;
-
- if (file == NULL)
- file = RAND_file_name(buffer, sizeof buffer);
- if (file == NULL || !RAND_write_file(file))
- {
- BIO_printf(bio_e,"unable to write 'random state'\n");
- return 0;
- }
- return 1;
- }
-
-void app_RAND_allow_write_file(void)
- {
- seeded = 1;
- }
diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
deleted file mode 100644
index 613c3ba..0000000
--- a/crypto/openssl/apps/apps.c
+++ /dev/null
@@ -1,2335 +0,0 @@
-/* apps/apps.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <ctype.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
-#include <openssl/ui.h>
-#include <openssl/safestack.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include <openssl/bn.h>
-
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
-
-typedef struct {
- const char *name;
- unsigned long flag;
- unsigned long mask;
-} NAME_EX_TBL;
-
-static UI_METHOD *ui_method = NULL;
-
-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
-static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
-
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-/* Looks like this stuff is worth moving into separate function */
-static EVP_PKEY *
-load_netscape_key(BIO *err, BIO *key, const char *file,
- const char *key_descrip, int format);
-#endif
-
-int app_init(long mesgwin);
-#ifdef undef /* never finished - probably never will be :-) */
-int args_from_file(char *file, int *argc, char **argv[])
- {
- FILE *fp;
- int num,i;
- unsigned int len;
- static char *buf=NULL;
- static char **arg=NULL;
- char *p;
- struct stat stbuf;
-
- if (stat(file,&stbuf) < 0) return(0);
-
- fp=fopen(file,"r");
- if (fp == NULL)
- return(0);
-
- *argc=0;
- *argv=NULL;
-
- len=(unsigned int)stbuf.st_size;
- if (buf != NULL) OPENSSL_free(buf);
- buf=(char *)OPENSSL_malloc(len+1);
- if (buf == NULL) return(0);
-
- len=fread(buf,1,len,fp);
- if (len <= 1) return(0);
- buf[len]='\0';
-
- i=0;
- for (p=buf; *p; p++)
- if (*p == '\n') i++;
- if (arg != NULL) OPENSSL_free(arg);
- arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
-
- *argv=arg;
- num=0;
- p=buf;
- for (;;)
- {
- if (!*p) break;
- if (*p == '#') /* comment line */
- {
- while (*p && (*p != '\n')) p++;
- continue;
- }
- /* else we have a line */
- *(arg++)=p;
- num++;
- while (*p && ((*p != ' ') && (*p != '\t') && (*p != '\n')))
- p++;
- if (!*p) break;
- if (*p == '\n')
- {
- *(p++)='\0';
- continue;
- }
- /* else it is a tab or space */
- p++;
- while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
- p++;
- if (!*p) break;
- if (*p == '\n')
- {
- p++;
- continue;
- }
- *(arg++)=p++;
- num++;
- while (*p && (*p != '\n')) p++;
- if (!*p) break;
- /* else *p == '\n' */
- *(p++)='\0';
- }
- *argc=num;
- return(1);
- }
-#endif
-
-int str2fmt(char *s)
- {
- if ((*s == 'D') || (*s == 'd'))
- return(FORMAT_ASN1);
- else if ((*s == 'T') || (*s == 't'))
- return(FORMAT_TEXT);
- else if ((*s == 'P') || (*s == 'p'))
- return(FORMAT_PEM);
- else if ((*s == 'N') || (*s == 'n'))
- return(FORMAT_NETSCAPE);
- else if ((*s == 'S') || (*s == 's'))
- return(FORMAT_SMIME);
- else if ((*s == '1')
- || (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
- || (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
- return(FORMAT_PKCS12);
- else if ((*s == 'E') || (*s == 'e'))
- return(FORMAT_ENGINE);
- else
- return(FORMAT_UNDEF);
- }
-
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE)
-void program_name(char *in, char *out, int size)
- {
- int i,n;
- char *p=NULL;
-
- n=strlen(in);
- /* find the last '/', '\' or ':' */
- for (i=n-1; i>0; i--)
- {
- if ((in[i] == '/') || (in[i] == '\\') || (in[i] == ':'))
- {
- p= &(in[i+1]);
- break;
- }
- }
- if (p == NULL)
- p=in;
- n=strlen(p);
-
-#if defined(OPENSSL_SYS_NETWARE)
- /* strip off trailing .nlm if present. */
- if ((n > 4) && (p[n-4] == '.') &&
- ((p[n-3] == 'n') || (p[n-3] == 'N')) &&
- ((p[n-2] == 'l') || (p[n-2] == 'L')) &&
- ((p[n-1] == 'm') || (p[n-1] == 'M')))
- n-=4;
-#else
- /* strip off trailing .exe if present. */
- if ((n > 4) && (p[n-4] == '.') &&
- ((p[n-3] == 'e') || (p[n-3] == 'E')) &&
- ((p[n-2] == 'x') || (p[n-2] == 'X')) &&
- ((p[n-1] == 'e') || (p[n-1] == 'E')))
- n-=4;
-#endif
-
- if (n > size-1)
- n=size-1;
-
- for (i=0; i<n; i++)
- {
- if ((p[i] >= 'A') && (p[i] <= 'Z'))
- out[i]=p[i]-'A'+'a';
- else
- out[i]=p[i];
- }
- out[n]='\0';
- }
-#else
-#ifdef OPENSSL_SYS_VMS
-void program_name(char *in, char *out, int size)
- {
- char *p=in, *q;
- char *chars=":]>";
-
- while(*chars != '\0')
- {
- q=strrchr(p,*chars);
- if (q > p)
- p = q + 1;
- chars++;
- }
-
- q=strrchr(p,'.');
- if (q == NULL)
- q = p + strlen(p);
- strncpy(out,p,size-1);
- if (q-p >= size)
- {
- out[size-1]='\0';
- }
- else
- {
- out[q-p]='\0';
- }
- }
-#else
-void program_name(char *in, char *out, int size)
- {
- char *p;
-
- p=strrchr(in,'/');
- if (p != NULL)
- p++;
- else
- p=in;
- BUF_strlcpy(out,p,size);
- }
-#endif
-#endif
-
-int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
- {
- int num,len,i;
- char *p;
-
- *argc=0;
- *argv=NULL;
-
- len=strlen(buf);
- i=0;
- if (arg->count == 0)
- {
- arg->count=20;
- arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
- }
- for (i=0; i<arg->count; i++)
- arg->data[i]=NULL;
-
- num=0;
- p=buf;
- for (;;)
- {
- /* first scan over white space */
- if (!*p) break;
- while (*p && ((*p == ' ') || (*p == '\t') || (*p == '\n')))
- p++;
- if (!*p) break;
-
- /* The start of something good :-) */
- if (num >= arg->count)
- {
- char **tmp_p;
- int tlen = arg->count + 20;
- tmp_p = (char **)OPENSSL_realloc(arg->data,
- sizeof(char *)*tlen);
- if (tmp_p == NULL)
- return 0;
- arg->data = tmp_p;
- arg->count = tlen;
- /* initialize newly allocated data */
- for (i = num; i < arg->count; i++)
- arg->data[i] = NULL;
- }
- arg->data[num++]=p;
-
- /* now look for the end of this */
- if ((*p == '\'') || (*p == '\"')) /* scan for closing quote */
- {
- i= *(p++);
- arg->data[num-1]++; /* jump over quote */
- while (*p && (*p != i))
- p++;
- *p='\0';
- }
- else
- {
- while (*p && ((*p != ' ') &&
- (*p != '\t') && (*p != '\n')))
- p++;
-
- if (*p == '\0')
- p--;
- else
- *p='\0';
- }
- p++;
- }
- *argc=num;
- *argv=arg->data;
- return(1);
- }
-
-#ifndef APP_INIT
-int app_init(long mesgwin)
- {
- return(1);
- }
-#endif
-
-
-int dump_cert_text (BIO *out, X509 *x)
-{
- char *p;
-
- p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
- BIO_puts(out,"subject=");
- BIO_puts(out,p);
- OPENSSL_free(p);
-
- p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
- BIO_puts(out,"\nissuer=");
- BIO_puts(out,p);
- BIO_puts(out,"\n");
- OPENSSL_free(p);
-
- return 0;
-}
-
-static int ui_open(UI *ui)
- {
- return UI_method_get_opener(UI_OpenSSL())(ui);
- }
-static int ui_read(UI *ui, UI_STRING *uis)
- {
- if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
- && UI_get0_user_data(ui))
- {
- switch(UI_get_string_type(uis))
- {
- case UIT_PROMPT:
- case UIT_VERIFY:
- {
- const char *password =
- ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password && password[0] != '\0')
- {
- UI_set_result(ui, uis, password);
- return 1;
- }
- }
- default:
- break;
- }
- }
- return UI_method_get_reader(UI_OpenSSL())(ui, uis);
- }
-static int ui_write(UI *ui, UI_STRING *uis)
- {
- if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
- && UI_get0_user_data(ui))
- {
- switch(UI_get_string_type(uis))
- {
- case UIT_PROMPT:
- case UIT_VERIFY:
- {
- const char *password =
- ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
- if (password && password[0] != '\0')
- return 1;
- }
- default:
- break;
- }
- }
- return UI_method_get_writer(UI_OpenSSL())(ui, uis);
- }
-static int ui_close(UI *ui)
- {
- return UI_method_get_closer(UI_OpenSSL())(ui);
- }
-int setup_ui_method(void)
- {
- ui_method = UI_create_method("OpenSSL application user interface");
- UI_method_set_opener(ui_method, ui_open);
- UI_method_set_reader(ui_method, ui_read);
- UI_method_set_writer(ui_method, ui_write);
- UI_method_set_closer(ui_method, ui_close);
- return 0;
- }
-void destroy_ui_method(void)
- {
- if(ui_method)
- {
- UI_destroy_method(ui_method);
- ui_method = NULL;
- }
- }
-int password_callback(char *buf, int bufsiz, int verify,
- PW_CB_DATA *cb_tmp)
- {
- UI *ui = NULL;
- int res = 0;
- const char *prompt_info = NULL;
- const char *password = NULL;
- PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
-
- if (cb_data)
- {
- if (cb_data->password)
- password = cb_data->password;
- if (cb_data->prompt_info)
- prompt_info = cb_data->prompt_info;
- }
-
- if (password)
- {
- res = strlen(password);
- if (res > bufsiz)
- res = bufsiz;
- memcpy(buf, password, res);
- return res;
- }
-
- ui = UI_new_method(ui_method);
- if (ui)
- {
- int ok = 0;
- char *buff = NULL;
- int ui_flags = 0;
- char *prompt = NULL;
-
- prompt = UI_construct_prompt(ui, "pass phrase",
- prompt_info);
-
- ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
- UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
-
- if (ok >= 0)
- ok = UI_add_input_string(ui,prompt,ui_flags,buf,
- PW_MIN_LENGTH,BUFSIZ-1);
- if (ok >= 0 && verify)
- {
- buff = (char *)OPENSSL_malloc(bufsiz);
- ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
- PW_MIN_LENGTH,BUFSIZ-1, buf);
- }
- if (ok >= 0)
- do
- {
- ok = UI_process(ui);
- }
- while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
-
- if (buff)
- {
- OPENSSL_cleanse(buff,(unsigned int)bufsiz);
- OPENSSL_free(buff);
- }
-
- if (ok >= 0)
- res = strlen(buf);
- if (ok == -1)
- {
- BIO_printf(bio_err, "User interface error\n");
- ERR_print_errors(bio_err);
- OPENSSL_cleanse(buf,(unsigned int)bufsiz);
- res = 0;
- }
- if (ok == -2)
- {
- BIO_printf(bio_err,"aborted!\n");
- OPENSSL_cleanse(buf,(unsigned int)bufsiz);
- res = 0;
- }
- UI_free(ui);
- OPENSSL_free(prompt);
- }
- return res;
- }
-
-static char *app_get_pass(BIO *err, char *arg, int keepbio);
-
-int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
-{
- int same;
- if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
- else same = 1;
- if(arg1) {
- *pass1 = app_get_pass(err, arg1, same);
- if(!*pass1) return 0;
- } else if(pass1) *pass1 = NULL;
- if(arg2) {
- *pass2 = app_get_pass(err, arg2, same ? 2 : 0);
- if(!*pass2) return 0;
- } else if(pass2) *pass2 = NULL;
- return 1;
-}
-
-static char *app_get_pass(BIO *err, char *arg, int keepbio)
-{
- char *tmp, tpass[APP_PASS_LEN];
- static BIO *pwdbio = NULL;
- int i;
- if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
- if(!strncmp(arg, "env:", 4)) {
- tmp = getenv(arg + 4);
- if(!tmp) {
- BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
- return NULL;
- }
- return BUF_strdup(tmp);
- }
- if(!keepbio || !pwdbio) {
- if(!strncmp(arg, "file:", 5)) {
- pwdbio = BIO_new_file(arg + 5, "r");
- if(!pwdbio) {
- BIO_printf(err, "Can't open file %s\n", arg + 5);
- return NULL;
- }
- } else if(!strncmp(arg, "fd:", 3)) {
- BIO *btmp;
- i = atoi(arg + 3);
- if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
- if((i < 0) || !pwdbio) {
- BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
- return NULL;
- }
- /* Can't do BIO_gets on an fd BIO so add a buffering BIO */
- btmp = BIO_new(BIO_f_buffer());
- pwdbio = BIO_push(btmp, pwdbio);
- } else if(!strcmp(arg, "stdin")) {
- pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
- if(!pwdbio) {
- BIO_printf(err, "Can't open BIO for stdin\n");
- return NULL;
- }
- } else {
- BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
- return NULL;
- }
- }
- i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
- if(keepbio != 1) {
- BIO_free_all(pwdbio);
- pwdbio = NULL;
- }
- if(i <= 0) {
- BIO_printf(err, "Error reading password from BIO\n");
- return NULL;
- }
- tmp = strchr(tpass, '\n');
- if(tmp) *tmp = 0;
- return BUF_strdup(tpass);
-}
-
-int add_oid_section(BIO *err, CONF *conf)
-{
- char *p;
- STACK_OF(CONF_VALUE) *sktmp;
- CONF_VALUE *cnf;
- int i;
- if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
- {
- ERR_clear_error();
- return 1;
- }
- if(!(sktmp = NCONF_get_section(conf, p))) {
- BIO_printf(err, "problem loading oid section %s\n", p);
- return 0;
- }
- for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
- cnf = sk_CONF_VALUE_value(sktmp, i);
- if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
- BIO_printf(err, "problem creating object %s=%s\n",
- cnf->name, cnf->value);
- return 0;
- }
- }
- return 1;
-}
-
-static int load_pkcs12(BIO *err, BIO *in, const char *desc,
- pem_password_cb *pem_cb, void *cb_data,
- EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
- {
- const char *pass;
- char tpass[PEM_BUFSIZE];
- int len, ret = 0;
- PKCS12 *p12;
- p12 = d2i_PKCS12_bio(in, NULL);
- if (p12 == NULL)
- {
- BIO_printf(err, "Error loading PKCS12 file for %s\n", desc);
- goto die;
- }
- /* See if an empty password will do */
- if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0))
- pass = "";
- else
- {
- if (!pem_cb)
- pem_cb = (pem_password_cb *)password_callback;
- len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
- if (len < 0)
- {
- BIO_printf(err, "Passpharse callback error for %s\n",
- desc);
- goto die;
- }
- if (len < PEM_BUFSIZE)
- tpass[len] = 0;
- if (!PKCS12_verify_mac(p12, tpass, len))
- {
- BIO_printf(err,
- "Mac verify error (wrong password?) in PKCS12 file for %s\n", desc);
- goto die;
- }
- pass = tpass;
- }
- ret = PKCS12_parse(p12, pass, pkey, cert, ca);
- die:
- if (p12)
- PKCS12_free(p12);
- return ret;
- }
-
-X509 *load_cert(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip)
- {
- ASN1_HEADER *ah=NULL;
- BUF_MEM *buf=NULL;
- X509 *x=NULL;
- BIO *cert;
-
- if ((cert=BIO_new(BIO_s_file())) == NULL)
- {
- ERR_print_errors(err);
- goto end;
- }
-
- if (file == NULL)
- {
- setvbuf(stdin, NULL, _IONBF, 0);
- BIO_set_fp(cert,stdin,BIO_NOCLOSE);
- }
- else
- {
- if (BIO_read_filename(cert,file) <= 0)
- {
- BIO_printf(err, "Error opening %s %s\n",
- cert_descrip, file);
- ERR_print_errors(err);
- goto end;
- }
- }
-
- if (format == FORMAT_ASN1)
- x=d2i_X509_bio(cert,NULL);
- else if (format == FORMAT_NETSCAPE)
- {
- const unsigned char *p,*op;
- int size=0,i;
-
- /* We sort of have to do it this way because it is sort of nice
- * to read the header first and check it, then
- * try to read the certificate */
- buf=BUF_MEM_new();
- for (;;)
- {
- if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
- goto end;
- i=BIO_read(cert,&(buf->data[size]),1024*10);
- size+=i;
- if (i == 0) break;
- if (i < 0)
- {
- perror("reading certificate");
- goto end;
- }
- }
- p=(unsigned char *)buf->data;
- op=p;
-
- /* First load the header */
- if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
- goto end;
- if ((ah->header == NULL) || (ah->header->data == NULL) ||
- (strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,
- ah->header->length) != 0))
- {
- BIO_printf(err,"Error reading header on certificate\n");
- goto end;
- }
- /* header is ok, so now read the object */
- p=op;
- ah->meth=X509_asn1_meth();
- if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
- goto end;
- x=(X509 *)ah->data;
- ah->data=NULL;
- }
- else if (format == FORMAT_PEM)
- x=PEM_read_bio_X509_AUX(cert,NULL,
- (pem_password_cb *)password_callback, NULL);
- else if (format == FORMAT_PKCS12)
- {
- if (!load_pkcs12(err, cert,cert_descrip, NULL, NULL,
- NULL, &x, NULL))
- goto end;
- }
- else {
- BIO_printf(err,"bad input format specified for %s\n",
- cert_descrip);
- goto end;
- }
-end:
- if (x == NULL)
- {
- BIO_printf(err,"unable to load certificate\n");
- ERR_print_errors(err);
- }
- if (ah != NULL) ASN1_HEADER_free(ah);
- if (cert != NULL) BIO_free(cert);
- if (buf != NULL) BUF_MEM_free(buf);
- return(x);
- }
-
-EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip)
- {
- BIO *key=NULL;
- EVP_PKEY *pkey=NULL;
- PW_CB_DATA cb_data;
-
- cb_data.password = pass;
- cb_data.prompt_info = file;
-
- if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
- {
- BIO_printf(err,"no keyfile specified\n");
- goto end;
- }
-#ifndef OPENSSL_NO_ENGINE
- if (format == FORMAT_ENGINE)
- {
- if (!e)
- BIO_printf(bio_err,"no engine specified\n");
- else
- pkey = ENGINE_load_private_key(e, file,
- ui_method, &cb_data);
- goto end;
- }
-#endif
- key=BIO_new(BIO_s_file());
- if (key == NULL)
- {
- ERR_print_errors(err);
- goto end;
- }
- if (file == NULL && maybe_stdin)
- {
- setvbuf(stdin, NULL, _IONBF, 0);
- BIO_set_fp(key,stdin,BIO_NOCLOSE);
- }
- else
- if (BIO_read_filename(key,file) <= 0)
- {
- BIO_printf(err, "Error opening %s %s\n",
- key_descrip, file);
- ERR_print_errors(err);
- goto end;
- }
- if (format == FORMAT_ASN1)
- {
- pkey=d2i_PrivateKey_bio(key, NULL);
- }
- else if (format == FORMAT_PEM)
- {
- pkey=PEM_read_bio_PrivateKey(key,NULL,
- (pem_password_cb *)password_callback, &cb_data);
- }
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
- pkey = load_netscape_key(err, key, file, key_descrip, format);
-#endif
- else if (format == FORMAT_PKCS12)
- {
- if (!load_pkcs12(err, key, key_descrip,
- (pem_password_cb *)password_callback, &cb_data,
- &pkey, NULL, NULL))
- goto end;
- }
- else
- {
- BIO_printf(err,"bad input format specified for key file\n");
- goto end;
- }
- end:
- if (key != NULL) BIO_free(key);
- if (pkey == NULL)
- BIO_printf(err,"unable to load %s\n", key_descrip);
- return(pkey);
- }
-
-EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip)
- {
- BIO *key=NULL;
- EVP_PKEY *pkey=NULL;
- PW_CB_DATA cb_data;
-
- cb_data.password = pass;
- cb_data.prompt_info = file;
-
- if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
- {
- BIO_printf(err,"no keyfile specified\n");
- goto end;
- }
-#ifndef OPENSSL_NO_ENGINE
- if (format == FORMAT_ENGINE)
- {
- if (!e)
- BIO_printf(bio_err,"no engine specified\n");
- else
- pkey = ENGINE_load_public_key(e, file,
- ui_method, &cb_data);
- goto end;
- }
-#endif
- key=BIO_new(BIO_s_file());
- if (key == NULL)
- {
- ERR_print_errors(err);
- goto end;
- }
- if (file == NULL && maybe_stdin)
- {
- setvbuf(stdin, NULL, _IONBF, 0);
- BIO_set_fp(key,stdin,BIO_NOCLOSE);
- }
- else
- if (BIO_read_filename(key,file) <= 0)
- {
- BIO_printf(err, "Error opening %s %s\n",
- key_descrip, file);
- ERR_print_errors(err);
- goto end;
- }
- if (format == FORMAT_ASN1)
- {
- pkey=d2i_PUBKEY_bio(key, NULL);
- }
- else if (format == FORMAT_PEM)
- {
- pkey=PEM_read_bio_PUBKEY(key,NULL,
- (pem_password_cb *)password_callback, &cb_data);
- }
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
- else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
- pkey = load_netscape_key(err, key, file, key_descrip, format);
-#endif
- else
- {
- BIO_printf(err,"bad input format specified for key file\n");
- goto end;
- }
- end:
- if (key != NULL) BIO_free(key);
- if (pkey == NULL)
- BIO_printf(err,"unable to load %s\n", key_descrip);
- return(pkey);
- }
-
-#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
-static EVP_PKEY *
-load_netscape_key(BIO *err, BIO *key, const char *file,
- const char *key_descrip, int format)
- {
- EVP_PKEY *pkey;
- BUF_MEM *buf;
- RSA *rsa;
- const unsigned char *p;
- int size, i;
-
- buf=BUF_MEM_new();
- pkey = EVP_PKEY_new();
- size = 0;
- if (buf == NULL || pkey == NULL)
- goto error;
- for (;;)
- {
- if (!BUF_MEM_grow_clean(buf,size+1024*10))
- goto error;
- i = BIO_read(key, &(buf->data[size]), 1024*10);
- size += i;
- if (i == 0)
- break;
- if (i < 0)
- {
- BIO_printf(err, "Error reading %s %s",
- key_descrip, file);
- goto error;
- }
- }
- p=(unsigned char *)buf->data;
- rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
- (format == FORMAT_IISSGC ? 1 : 0));
- if (rsa == NULL)
- goto error;
- BUF_MEM_free(buf);
- EVP_PKEY_set1_RSA(pkey, rsa);
- return pkey;
-error:
- BUF_MEM_free(buf);
- EVP_PKEY_free(pkey);
- return NULL;
- }
-#endif /* ndef OPENSSL_NO_RC4 */
-
-STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip)
- {
- BIO *certs;
- int i;
- STACK_OF(X509) *othercerts = NULL;
- STACK_OF(X509_INFO) *allcerts = NULL;
- X509_INFO *xi;
- PW_CB_DATA cb_data;
-
- cb_data.password = pass;
- cb_data.prompt_info = file;
-
- if((certs = BIO_new(BIO_s_file())) == NULL)
- {
- ERR_print_errors(err);
- goto end;
- }
-
- if (file == NULL)
- BIO_set_fp(certs,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(certs,file) <= 0)
- {
- BIO_printf(err, "Error opening %s %s\n",
- cert_descrip, file);
- ERR_print_errors(err);
- goto end;
- }
- }
-
- if (format == FORMAT_PEM)
- {
- othercerts = sk_X509_new_null();
- if(!othercerts)
- {
- sk_X509_free(othercerts);
- othercerts = NULL;
- goto end;
- }
- allcerts = PEM_X509_INFO_read_bio(certs, NULL,
- (pem_password_cb *)password_callback, &cb_data);
- for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
- {
- xi = sk_X509_INFO_value (allcerts, i);
- if (xi->x509)
- {
- sk_X509_push(othercerts, xi->x509);
- xi->x509 = NULL;
- }
- }
- goto end;
- }
- else {
- BIO_printf(err,"bad input format specified for %s\n",
- cert_descrip);
- goto end;
- }
-end:
- if (othercerts == NULL)
- {
- BIO_printf(err,"unable to load certificates\n");
- ERR_print_errors(err);
- }
- if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
- if (certs != NULL) BIO_free(certs);
- return(othercerts);
- }
-
-
-#define X509V3_EXT_UNKNOWN_MASK (0xfL << 16)
-/* Return error for unknown extensions */
-#define X509V3_EXT_DEFAULT 0
-/* Print error for unknown extensions */
-#define X509V3_EXT_ERROR_UNKNOWN (1L << 16)
-/* ASN1 parse unknown extensions */
-#define X509V3_EXT_PARSE_UNKNOWN (2L << 16)
-/* BIO_dump unknown extensions */
-#define X509V3_EXT_DUMP_UNKNOWN (3L << 16)
-
-#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
- X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
-
-int set_cert_ex(unsigned long *flags, const char *arg)
-{
- static const NAME_EX_TBL cert_tbl[] = {
- { "compatible", X509_FLAG_COMPAT, 0xffffffffl},
- { "ca_default", X509_FLAG_CA, 0xffffffffl},
- { "no_header", X509_FLAG_NO_HEADER, 0},
- { "no_version", X509_FLAG_NO_VERSION, 0},
- { "no_serial", X509_FLAG_NO_SERIAL, 0},
- { "no_signame", X509_FLAG_NO_SIGNAME, 0},
- { "no_validity", X509_FLAG_NO_VALIDITY, 0},
- { "no_subject", X509_FLAG_NO_SUBJECT, 0},
- { "no_issuer", X509_FLAG_NO_ISSUER, 0},
- { "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
- { "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
- { "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
- { "no_aux", X509_FLAG_NO_AUX, 0},
- { "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
- { "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
- { "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- { "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- { "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
- { NULL, 0, 0}
- };
- return set_multi_opts(flags, arg, cert_tbl);
-}
-
-int set_name_ex(unsigned long *flags, const char *arg)
-{
- static const NAME_EX_TBL ex_tbl[] = {
- { "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
- { "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
- { "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
- { "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
- { "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
- { "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
- { "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
- { "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
- { "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
- { "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
- { "compat", XN_FLAG_COMPAT, 0xffffffffL},
- { "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
- { "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
- { "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
- { "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
- { "dn_rev", XN_FLAG_DN_REV, 0},
- { "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
- { "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
- { "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
- { "align", XN_FLAG_FN_ALIGN, 0},
- { "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
- { "space_eq", XN_FLAG_SPC_EQ, 0},
- { "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
- { "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
- { "oneline", XN_FLAG_ONELINE, 0xffffffffL},
- { "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
- { "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
- { NULL, 0, 0}
- };
- return set_multi_opts(flags, arg, ex_tbl);
-}
-
-int set_ext_copy(int *copy_type, const char *arg)
-{
- if (!strcasecmp(arg, "none"))
- *copy_type = EXT_COPY_NONE;
- else if (!strcasecmp(arg, "copy"))
- *copy_type = EXT_COPY_ADD;
- else if (!strcasecmp(arg, "copyall"))
- *copy_type = EXT_COPY_ALL;
- else
- return 0;
- return 1;
-}
-
-int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
-{
- STACK_OF(X509_EXTENSION) *exts = NULL;
- X509_EXTENSION *ext, *tmpext;
- ASN1_OBJECT *obj;
- int i, idx, ret = 0;
- if (!x || !req || (copy_type == EXT_COPY_NONE))
- return 1;
- exts = X509_REQ_get_extensions(req);
-
- for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
- ext = sk_X509_EXTENSION_value(exts, i);
- obj = X509_EXTENSION_get_object(ext);
- idx = X509_get_ext_by_OBJ(x, obj, -1);
- /* Does extension exist? */
- if (idx != -1) {
- /* If normal copy don't override existing extension */
- if (copy_type == EXT_COPY_ADD)
- continue;
- /* Delete all extensions of same type */
- do {
- tmpext = X509_get_ext(x, idx);
- X509_delete_ext(x, idx);
- X509_EXTENSION_free(tmpext);
- idx = X509_get_ext_by_OBJ(x, obj, -1);
- } while (idx != -1);
- }
- if (!X509_add_ext(x, ext, -1))
- goto end;
- }
-
- ret = 1;
-
- end:
-
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-
- return ret;
-}
-
-
-
-
-static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
-{
- STACK_OF(CONF_VALUE) *vals;
- CONF_VALUE *val;
- int i, ret = 1;
- if(!arg) return 0;
- vals = X509V3_parse_list(arg);
- for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
- val = sk_CONF_VALUE_value(vals, i);
- if (!set_table_opts(flags, val->name, in_tbl))
- ret = 0;
- }
- sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
- return ret;
-}
-
-static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
-{
- char c;
- const NAME_EX_TBL *ptbl;
- c = arg[0];
-
- if(c == '-') {
- c = 0;
- arg++;
- } else if (c == '+') {
- c = 1;
- arg++;
- } else c = 1;
-
- for(ptbl = in_tbl; ptbl->name; ptbl++) {
- if(!strcasecmp(arg, ptbl->name)) {
- *flags &= ~ptbl->mask;
- if(c) *flags |= ptbl->flag;
- else *flags &= ~ptbl->flag;
- return 1;
- }
- }
- return 0;
-}
-
-void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags)
-{
- char *buf;
- char mline = 0;
- int indent = 0;
-
- if(title) BIO_puts(out, title);
- if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
- mline = 1;
- indent = 4;
- }
- if(lflags == XN_FLAG_COMPAT) {
- buf = X509_NAME_oneline(nm, 0, 0);
- BIO_puts(out, buf);
- BIO_puts(out, "\n");
- OPENSSL_free(buf);
- } else {
- if(mline) BIO_puts(out, "\n");
- X509_NAME_print_ex(out, nm, indent, lflags);
- BIO_puts(out, "\n");
- }
-}
-
-X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
-{
- X509_STORE *store;
- X509_LOOKUP *lookup;
- if(!(store = X509_STORE_new())) goto end;
- lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
- if (lookup == NULL) goto end;
- if (CAfile) {
- if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
- BIO_printf(bp, "Error loading file %s\n", CAfile);
- goto end;
- }
- } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
- if (lookup == NULL) goto end;
- if (CApath) {
- if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
- BIO_printf(bp, "Error loading directory %s\n", CApath);
- goto end;
- }
- } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- ERR_clear_error();
- return store;
- end:
- X509_STORE_free(store);
- return NULL;
-}
-
-#ifndef OPENSSL_NO_ENGINE
-/* Try to load an engine in a shareable library */
-static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
- {
- ENGINE *e = ENGINE_by_id("dynamic");
- if (e)
- {
- if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
- || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
- {
- ENGINE_free(e);
- e = NULL;
- }
- }
- return e;
- }
-
-ENGINE *setup_engine(BIO *err, const char *engine, int debug)
- {
- ENGINE *e = NULL;
-
- if (engine)
- {
- if(strcmp(engine, "auto") == 0)
- {
- BIO_printf(err,"enabling auto ENGINE support\n");
- ENGINE_register_all_complete();
- return NULL;
- }
- if((e = ENGINE_by_id(engine)) == NULL
- && (e = try_load_engine(err, engine, debug)) == NULL)
- {
- BIO_printf(err,"invalid engine \"%s\"\n", engine);
- ERR_print_errors(err);
- return NULL;
- }
- if (debug)
- {
- ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
- 0, err, 0);
- }
- ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
- if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
- {
- BIO_printf(err,"can't use that engine\n");
- ERR_print_errors(err);
- ENGINE_free(e);
- return NULL;
- }
-
- BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
-
- /* Free our "structural" reference. */
- ENGINE_free(e);
- }
- return e;
- }
-#endif
-
-int load_config(BIO *err, CONF *cnf)
- {
- if (!cnf)
- cnf = config;
- if (!cnf)
- return 1;
-
- OPENSSL_load_builtin_modules();
-
- if (CONF_modules_load(cnf, NULL, 0) <= 0)
- {
- BIO_printf(err, "Error configuring OpenSSL\n");
- ERR_print_errors(err);
- return 0;
- }
- return 1;
- }
-
-char *make_config_name()
- {
- const char *t=X509_get_default_cert_area();
- size_t len;
- char *p;
-
- len=strlen(t)+strlen(OPENSSL_CONF)+2;
- p=OPENSSL_malloc(len);
- BUF_strlcpy(p,t,len);
-#ifndef OPENSSL_SYS_VMS
- BUF_strlcat(p,"/",len);
-#endif
- BUF_strlcat(p,OPENSSL_CONF,len);
-
- return p;
- }
-
-static unsigned long index_serial_hash(const char **a)
- {
- const char *n;
-
- n=a[DB_serial];
- while (*n == '0') n++;
- return(lh_strhash(n));
- }
-
-static int index_serial_cmp(const char **a, const char **b)
- {
- const char *aa,*bb;
-
- for (aa=a[DB_serial]; *aa == '0'; aa++);
- for (bb=b[DB_serial]; *bb == '0'; bb++);
- return(strcmp(aa,bb));
- }
-
-static int index_name_qual(char **a)
- { return(a[0][0] == 'V'); }
-
-static unsigned long index_name_hash(const char **a)
- { return(lh_strhash(a[DB_name])); }
-
-int index_name_cmp(const char **a, const char **b)
- { return(strcmp(a[DB_name],
- b[DB_name])); }
-
-static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
-static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
-static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
-static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
-
-#undef BSIZE
-#define BSIZE 256
-
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai)
- {
- BIO *in=NULL;
- BIGNUM *ret=NULL;
- MS_STATIC char buf[1024];
- ASN1_INTEGER *ai=NULL;
-
- ai=ASN1_INTEGER_new();
- if (ai == NULL) goto err;
-
- if ((in=BIO_new(BIO_s_file())) == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- if (BIO_read_filename(in,serialfile) <= 0)
- {
- if (!create)
- {
- perror(serialfile);
- goto err;
- }
- else
- {
- ret=BN_new();
- if (ret == NULL || !rand_serial(ret, ai))
- BIO_printf(bio_err, "Out of memory\n");
- }
- }
- else
- {
- if (!a2i_ASN1_INTEGER(in,ai,buf,1024))
- {
- BIO_printf(bio_err,"unable to load number from %s\n",
- serialfile);
- goto err;
- }
- ret=ASN1_INTEGER_to_BN(ai,NULL);
- if (ret == NULL)
- {
- BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
- goto err;
- }
- }
-
- if (ret && retai)
- {
- *retai = ai;
- ai = NULL;
- }
- err:
- if (in != NULL) BIO_free(in);
- if (ai != NULL) ASN1_INTEGER_free(ai);
- return(ret);
- }
-
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai)
- {
- char buf[1][BSIZE];
- BIO *out = NULL;
- int ret=0;
- ASN1_INTEGER *ai=NULL;
- int j;
-
- if (suffix == NULL)
- j = strlen(serialfile);
- else
- j = strlen(serialfile) + strlen(suffix) + 1;
- if (j >= BSIZE)
- {
- BIO_printf(bio_err,"file name too long\n");
- goto err;
- }
-
- if (suffix == NULL)
- BUF_strlcpy(buf[0], serialfile, BSIZE);
- else
- {
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", serialfile, suffix);
-#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", serialfile, suffix);
-#endif
- }
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
- if (BIO_write_filename(out,buf[0]) <= 0)
- {
- perror(serialfile);
- goto err;
- }
-
- if ((ai=BN_to_ASN1_INTEGER(serial,NULL)) == NULL)
- {
- BIO_printf(bio_err,"error converting serial to ASN.1 format\n");
- goto err;
- }
- i2a_ASN1_INTEGER(out,ai);
- BIO_puts(out,"\n");
- ret=1;
- if (retai)
- {
- *retai = ai;
- ai = NULL;
- }
-err:
- if (out != NULL) BIO_free_all(out);
- if (ai != NULL) ASN1_INTEGER_free(ai);
- return(ret);
- }
-
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix)
- {
- char buf[5][BSIZE];
- int i,j;
- struct stat sb;
-
- i = strlen(serialfile) + strlen(old_suffix);
- j = strlen(serialfile) + strlen(new_suffix);
- if (i > j) j = i;
- if (j + 1 >= BSIZE)
- {
- BIO_printf(bio_err,"file name too long\n");
- goto err;
- }
-
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
- serialfile, new_suffix);
-#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
- serialfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
- serialfile, old_suffix);
-#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
- serialfile, old_suffix);
-#endif
- if (stat(serialfile,&sb) < 0)
- {
- if (errno != ENOENT
-#ifdef ENOTDIR
- && errno != ENOTDIR
-#endif
- )
- goto err;
- }
- else
- {
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- serialfile, buf[1]);
-#endif
- if (rename(serialfile,buf[1]) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- serialfile, buf[1]);
- perror("reason");
- goto err;
- }
- }
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- buf[0],serialfile);
-#endif
- if (rename(buf[0],serialfile) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- buf[0],serialfile);
- perror("reason");
- rename(buf[1],serialfile);
- goto err;
- }
- return 1;
- err:
- return 0;
- }
-
-int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
- {
- BIGNUM *btmp;
- int ret = 0;
- if (b)
- btmp = b;
- else
- btmp = BN_new();
-
- if (!btmp)
- return 0;
-
- if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
- goto error;
- if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
- goto error;
-
- ret = 1;
-
- error:
-
- if (!b)
- BN_free(btmp);
-
- return ret;
- }
-
-CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
- {
- CA_DB *retdb = NULL;
- TXT_DB *tmpdb = NULL;
- BIO *in = BIO_new(BIO_s_file());
- CONF *dbattr_conf = NULL;
- char buf[1][BSIZE];
- long errorline= -1;
-
- if (in == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
- if (BIO_read_filename(in,dbfile) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
- goto err;
- }
- if ((tmpdb = TXT_DB_read(in,DB_NUMBER)) == NULL)
- {
- if (tmpdb != NULL) TXT_DB_free(tmpdb);
- goto err;
- }
-
-#ifndef OPENSSL_SYS_VMS
- BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
-#else
- BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
-#endif
- dbattr_conf = NCONF_new(NULL);
- if (NCONF_load(dbattr_conf,buf[0],&errorline) <= 0)
- {
- if (errorline > 0)
- {
- BIO_printf(bio_err,
- "error on line %ld of db attribute file '%s'\n"
- ,errorline,buf[0]);
- goto err;
- }
- else
- {
- NCONF_free(dbattr_conf);
- dbattr_conf = NULL;
- }
- }
-
- if ((retdb = OPENSSL_malloc(sizeof(CA_DB))) == NULL)
- {
- fprintf(stderr, "Out of memory\n");
- goto err;
- }
-
- retdb->db = tmpdb;
- tmpdb = NULL;
- if (db_attr)
- retdb->attributes = *db_attr;
- else
- {
- retdb->attributes.unique_subject = 1;
- }
-
- if (dbattr_conf)
- {
- char *p = NCONF_get_string(dbattr_conf,NULL,"unique_subject");
- if (p)
- {
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG[load_index]: unique_subject = \"%s\"\n", p);
-#endif
- retdb->attributes.unique_subject = parse_yesno(p,1);
- }
- }
-
- err:
- if (dbattr_conf) NCONF_free(dbattr_conf);
- if (tmpdb) TXT_DB_free(tmpdb);
- if (in) BIO_free_all(in);
- return retdb;
- }
-
-int index_index(CA_DB *db)
- {
- if (!TXT_DB_create_index(db->db, DB_serial, NULL,
- LHASH_HASH_FN(index_serial_hash),
- LHASH_COMP_FN(index_serial_cmp)))
- {
- BIO_printf(bio_err,
- "error creating serial number index:(%ld,%ld,%ld)\n",
- db->db->error,db->db->arg1,db->db->arg2);
- return 0;
- }
-
- if (db->attributes.unique_subject
- && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
- LHASH_HASH_FN(index_name_hash),
- LHASH_COMP_FN(index_name_cmp)))
- {
- BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
- db->db->error,db->db->arg1,db->db->arg2);
- return 0;
- }
- return 1;
- }
-
-int save_index(const char *dbfile, const char *suffix, CA_DB *db)
- {
- char buf[3][BSIZE];
- BIO *out = BIO_new(BIO_s_file());
- int j;
-
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- j = strlen(dbfile) + strlen(suffix);
- if (j + 6 >= BSIZE)
- {
- BIO_printf(bio_err,"file name too long\n");
- goto err;
- }
-
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr", dbfile);
-#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.attr.%s", dbfile, suffix);
-#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-attr-%s", dbfile, suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s", dbfile, suffix);
-#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s", dbfile, suffix);
-#endif
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[0]);
-#endif
- if (BIO_write_filename(out,buf[0]) <= 0)
- {
- perror(dbfile);
- BIO_printf(bio_err,"unable to open '%s'\n", dbfile);
- goto err;
- }
- j=TXT_DB_write(out,db->db);
- if (j <= 0) goto err;
-
- BIO_free(out);
-
- out = BIO_new(BIO_s_file());
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: writing \"%s\"\n", buf[1]);
-#endif
- if (BIO_write_filename(out,buf[1]) <= 0)
- {
- perror(buf[2]);
- BIO_printf(bio_err,"unable to open '%s'\n", buf[2]);
- goto err;
- }
- BIO_printf(out,"unique_subject = %s\n",
- db->attributes.unique_subject ? "yes" : "no");
- BIO_free(out);
-
- return 1;
- err:
- return 0;
- }
-
-int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix)
- {
- char buf[5][BSIZE];
- int i,j;
- struct stat sb;
-
- i = strlen(dbfile) + strlen(old_suffix);
- j = strlen(dbfile) + strlen(new_suffix);
- if (i > j) j = i;
- if (j + 6 >= BSIZE)
- {
- BIO_printf(bio_err,"file name too long\n");
- goto err;
- }
-
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s.attr", dbfile);
-#else
- j = BIO_snprintf(buf[4], sizeof buf[4], "%s-attr", dbfile);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s.attr.%s",
- dbfile, new_suffix);
-#else
- j = BIO_snprintf(buf[2], sizeof buf[2], "%s-attr-%s",
- dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s.%s",
- dbfile, new_suffix);
-#else
- j = BIO_snprintf(buf[0], sizeof buf[0], "%s-%s",
- dbfile, new_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s.%s",
- dbfile, old_suffix);
-#else
- j = BIO_snprintf(buf[1], sizeof buf[1], "%s-%s",
- dbfile, old_suffix);
-#endif
-#ifndef OPENSSL_SYS_VMS
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s.attr.%s",
- dbfile, old_suffix);
-#else
- j = BIO_snprintf(buf[3], sizeof buf[3], "%s-attr-%s",
- dbfile, old_suffix);
-#endif
- if (stat(dbfile,&sb) < 0)
- {
- if (errno != ENOENT
-#ifdef ENOTDIR
- && errno != ENOTDIR
-#endif
- )
- goto err;
- }
- else
- {
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- dbfile, buf[1]);
-#endif
- if (rename(dbfile,buf[1]) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- dbfile, buf[1]);
- perror("reason");
- goto err;
- }
- }
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- buf[0],dbfile);
-#endif
- if (rename(buf[0],dbfile) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- buf[0],dbfile);
- perror("reason");
- rename(buf[1],dbfile);
- goto err;
- }
- if (stat(buf[4],&sb) < 0)
- {
- if (errno != ENOENT
-#ifdef ENOTDIR
- && errno != ENOTDIR
-#endif
- )
- goto err;
- }
- else
- {
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- buf[4],buf[3]);
-#endif
- if (rename(buf[4],buf[3]) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- buf[4], buf[3]);
- perror("reason");
- rename(dbfile,buf[0]);
- rename(buf[1],dbfile);
- goto err;
- }
- }
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: renaming \"%s\" to \"%s\"\n",
- buf[2],buf[4]);
-#endif
- if (rename(buf[2],buf[4]) < 0)
- {
- BIO_printf(bio_err,
- "unable to rename %s to %s\n",
- buf[2],buf[4]);
- perror("reason");
- rename(buf[3],buf[4]);
- rename(dbfile,buf[0]);
- rename(buf[1],dbfile);
- goto err;
- }
- return 1;
- err:
- return 0;
- }
-
-void free_index(CA_DB *db)
- {
- if (db)
- {
- if (db->db) TXT_DB_free(db->db);
- OPENSSL_free(db);
- }
- }
-
-int parse_yesno(const char *str, int def)
- {
- int ret = def;
- if (str)
- {
- switch (*str)
- {
- case 'f': /* false */
- case 'F': /* FALSE */
- case 'n': /* no */
- case 'N': /* NO */
- case '0': /* 0 */
- ret = 0;
- break;
- case 't': /* true */
- case 'T': /* TRUE */
- case 'y': /* yes */
- case 'Y': /* YES */
- case '1': /* 1 */
- ret = 0;
- break;
- default:
- ret = def;
- break;
- }
- }
- return ret;
- }
-
-/*
- * subject is expected to be in the format /type0=value0/type1=value1/type2=...
- * where characters may be escaped by \
- */
-X509_NAME *parse_name(char *subject, long chtype, int multirdn)
- {
- size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
- char *buf = OPENSSL_malloc(buflen);
- size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
- char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
- char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
- int *mval = OPENSSL_malloc (max_ne * sizeof (int));
-
- char *sp = subject, *bp = buf;
- int i, ne_num = 0;
-
- X509_NAME *n = NULL;
- int nid;
-
- if (!buf || !ne_types || !ne_values)
- {
- BIO_printf(bio_err, "malloc error\n");
- goto error;
- }
-
- if (*subject != '/')
- {
- BIO_printf(bio_err, "Subject does not start with '/'.\n");
- goto error;
- }
- sp++; /* skip leading / */
-
- /* no multivalued RDN by default */
- mval[ne_num] = 0;
-
- while (*sp)
- {
- /* collect type */
- ne_types[ne_num] = bp;
- while (*sp)
- {
- if (*sp == '\\') /* is there anything to escape in the type...? */
- {
- if (*++sp)
- *bp++ = *sp++;
- else
- {
- BIO_printf(bio_err, "escape character at end of string\n");
- goto error;
- }
- }
- else if (*sp == '=')
- {
- sp++;
- *bp++ = '\0';
- break;
- }
- else
- *bp++ = *sp++;
- }
- if (!*sp)
- {
- BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
- goto error;
- }
- ne_values[ne_num] = bp;
- while (*sp)
- {
- if (*sp == '\\')
- {
- if (*++sp)
- *bp++ = *sp++;
- else
- {
- BIO_printf(bio_err, "escape character at end of string\n");
- goto error;
- }
- }
- else if (*sp == '/')
- {
- sp++;
- /* no multivalued RDN by default */
- mval[ne_num+1] = 0;
- break;
- }
- else if (*sp == '+' && multirdn)
- {
- /* a not escaped + signals a mutlivalued RDN */
- sp++;
- mval[ne_num+1] = -1;
- break;
- }
- else
- *bp++ = *sp++;
- }
- *bp++ = '\0';
- ne_num++;
- }
-
- if (!(n = X509_NAME_new()))
- goto error;
-
- for (i = 0; i < ne_num; i++)
- {
- if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
- {
- BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
- continue;
- }
-
- if (!*ne_values[i])
- {
- BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
- continue;
- }
-
- if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,mval[i]))
- goto error;
- }
-
- OPENSSL_free(ne_values);
- OPENSSL_free(ne_types);
- OPENSSL_free(buf);
- return n;
-
-error:
- X509_NAME_free(n);
- if (ne_values)
- OPENSSL_free(ne_values);
- if (ne_types)
- OPENSSL_free(ne_types);
- if (buf)
- OPENSSL_free(buf);
- return NULL;
-}
-
-/* This code MUST COME AFTER anything that uses rename() */
-#ifdef OPENSSL_SYS_WIN32
-int WIN32_rename(const char *from, const char *to)
- {
-#ifndef OPENSSL_SYS_WINCE
- /* Windows rename gives an error if 'to' exists, so delete it
- * first and ignore file not found errror
- */
- if((remove(to) != 0) && (errno != ENOENT))
- return -1;
-#undef rename
- return rename(from, to);
-#else
- /* convert strings to UNICODE */
- {
- BOOL result = FALSE;
- WCHAR* wfrom;
- WCHAR* wto;
- int i;
- wfrom = malloc((strlen(from)+1)*2);
- wto = malloc((strlen(to)+1)*2);
- if (wfrom != NULL && wto != NULL)
- {
- for (i=0; i<(int)strlen(from)+1; i++)
- wfrom[i] = (short)from[i];
- for (i=0; i<(int)strlen(to)+1; i++)
- wto[i] = (short)to[i];
- result = MoveFile(wfrom, wto);
- }
- if (wfrom != NULL)
- free(wfrom);
- if (wto != NULL)
- free(wto);
- return result;
- }
-#endif
- }
-#endif
-
-int args_verify(char ***pargs, int *pargc,
- int *badarg, BIO *err, X509_VERIFY_PARAM **pm)
- {
- ASN1_OBJECT *otmp = NULL;
- unsigned long flags = 0;
- int i;
- int purpose = 0;
- char **oldargs = *pargs;
- char *arg = **pargs, *argn = (*pargs)[1];
- if (!strcmp(arg, "-policy"))
- {
- if (!argn)
- *badarg = 1;
- else
- {
- otmp = OBJ_txt2obj(argn, 0);
- if (!otmp)
- {
- BIO_printf(err, "Invalid Policy \"%s\"\n",
- argn);
- *badarg = 1;
- }
- }
- (*pargs)++;
- }
- else if (strcmp(arg,"-purpose") == 0)
- {
- X509_PURPOSE *xptmp;
- if (!argn)
- *badarg = 1;
- else
- {
- i = X509_PURPOSE_get_by_sname(argn);
- if(i < 0)
- {
- BIO_printf(err, "unrecognized purpose\n");
- *badarg = 1;
- }
- else
- {
- xptmp = X509_PURPOSE_get0(i);
- purpose = X509_PURPOSE_get_id(xptmp);
- }
- }
- (*pargs)++;
- }
- else if (!strcmp(arg, "-ignore_critical"))
- flags |= X509_V_FLAG_IGNORE_CRITICAL;
- else if (!strcmp(arg, "-issuer_checks"))
- flags |= X509_V_FLAG_CB_ISSUER_CHECK;
- else if (!strcmp(arg, "-crl_check"))
- flags |= X509_V_FLAG_CRL_CHECK;
- else if (!strcmp(arg, "-crl_check_all"))
- flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
- else if (!strcmp(arg, "-policy_check"))
- flags |= X509_V_FLAG_POLICY_CHECK;
- else if (!strcmp(arg, "-explicit_policy"))
- flags |= X509_V_FLAG_EXPLICIT_POLICY;
- else if (!strcmp(arg, "-x509_strict"))
- flags |= X509_V_FLAG_X509_STRICT;
- else if (!strcmp(arg, "-policy_print"))
- flags |= X509_V_FLAG_NOTIFY_POLICY;
- else
- return 0;
-
- if (*badarg)
- {
- if (*pm)
- X509_VERIFY_PARAM_free(*pm);
- *pm = NULL;
- goto end;
- }
-
- if (!*pm && !(*pm = X509_VERIFY_PARAM_new()))
- {
- *badarg = 1;
- goto end;
- }
-
- if (otmp)
- X509_VERIFY_PARAM_add0_policy(*pm, otmp);
- if (flags)
- X509_VERIFY_PARAM_set_flags(*pm, flags);
-
- if (purpose)
- X509_VERIFY_PARAM_set_purpose(*pm, purpose);
-
- end:
-
- (*pargs)++;
-
- if (pargc)
- *pargc -= *pargs - oldargs;
-
- return 1;
-
- }
-
-static void nodes_print(BIO *out, const char *name,
- STACK_OF(X509_POLICY_NODE) *nodes)
- {
- X509_POLICY_NODE *node;
- int i;
- BIO_printf(out, "%s Policies:", name);
- if (nodes)
- {
- BIO_puts(out, "\n");
- for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++)
- {
- node = sk_X509_POLICY_NODE_value(nodes, i);
- X509_POLICY_NODE_print(out, node, 2);
- }
- }
- else
- BIO_puts(out, " <empty>\n");
- }
-
-void policies_print(BIO *out, X509_STORE_CTX *ctx)
- {
- X509_POLICY_TREE *tree;
- int explicit_policy;
- int free_out = 0;
- if (out == NULL)
- {
- out = BIO_new_fp(stderr, BIO_NOCLOSE);
- free_out = 1;
- }
- tree = X509_STORE_CTX_get0_policy_tree(ctx);
- explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
-
- BIO_printf(out, "Require explicit Policy: %s\n",
- explicit_policy ? "True" : "False");
-
- nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree));
- nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree));
- if (free_out)
- BIO_free(out);
- }
diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h
deleted file mode 100644
index 26dcbc5..0000000
--- a/crypto/openssl/apps/apps.h
+++ /dev/null
@@ -1,345 +0,0 @@
-/* apps/apps.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_APPS_H
-#define HEADER_APPS_H
-
-#include "e_os.h"
-
-#include <openssl/bio.h>
-#include <openssl/x509.h>
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-#include <openssl/txt_db.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/ossl_typ.h>
-
-int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
-int app_RAND_write_file(const char *file, BIO *bio_e);
-/* When `file' is NULL, use defaults.
- * `bio_e' is for error messages. */
-void app_RAND_allow_write_file(void);
-long app_RAND_load_files(char *file); /* `file' is a list of files to read,
- * separated by LIST_SEPARATOR_CHAR
- * (see e_os.h). The string is
- * destroyed! */
-
-#ifdef OPENSSL_SYS_WIN32
-#define rename(from,to) WIN32_rename((from),(to))
-int WIN32_rename(const char *oldname,const char *newname);
-#endif
-
-#ifndef MONOLITH
-
-#define MAIN(a,v) main(a,v)
-
-#ifndef NON_MAIN
-CONF *config=NULL;
-BIO *bio_err=NULL;
-#else
-extern CONF *config;
-extern BIO *bio_err;
-#endif
-
-#else
-
-#define MAIN(a,v) PROG(a,v)
-extern CONF *config;
-extern char *default_config_file;
-extern BIO *bio_err;
-
-#endif
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#ifdef SIGPIPE
-#define do_pipe_sig() signal(SIGPIPE,SIG_IGN)
-#else
-#define do_pipe_sig()
-#endif
-
-#if defined(MONOLITH) && !defined(OPENSSL_C)
-# define apps_startup() \
- do_pipe_sig()
-# define apps_shutdown()
-#else
-# ifndef OPENSSL_NO_ENGINE
-# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
- defined(OPENSSL_SYS_WIN32)
-# ifdef _O_BINARY
-# define apps_startup() \
- do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
-# else
-# define apps_startup() \
- do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
-# endif
-# else
-# define apps_startup() \
- do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
- ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
- setup_ui_method(); } while(0)
-# endif
-# define apps_shutdown() \
- do { CONF_modules_unload(1); destroy_ui_method(); \
- EVP_cleanup(); ENGINE_cleanup(); \
- CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
- ERR_free_strings(); } while(0)
-# else
-# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
- defined(OPENSSL_SYS_WIN32)
-# ifdef _O_BINARY
-# define apps_startup() \
- do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- setup_ui_method(); } while(0)
-# else
-# define apps_startup() \
- do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
- ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
- setup_ui_method(); } while(0)
-# endif
-# else
-# define apps_startup() \
- do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
- ERR_load_crypto_strings(); \
- setup_ui_method(); } while(0)
-# endif
-# define apps_shutdown() \
- do { CONF_modules_unload(1); destroy_ui_method(); \
- EVP_cleanup(); \
- CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
- ERR_free_strings(); } while(0)
-# endif
-#endif
-
-typedef struct args_st
- {
- char **data;
- int count;
- } ARGS;
-
-#define PW_MIN_LENGTH 4
-typedef struct pw_cb_data
- {
- const void *password;
- const char *prompt_info;
- } PW_CB_DATA;
-
-int password_callback(char *buf, int bufsiz, int verify,
- PW_CB_DATA *cb_data);
-
-int setup_ui_method(void);
-void destroy_ui_method(void);
-
-int should_retry(int i);
-int args_from_file(char *file, int *argc, char **argv[]);
-int str2fmt(char *s);
-void program_name(char *in,char *out,int size);
-int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-#ifdef HEADER_X509_H
-int dump_cert_text(BIO *out, X509 *x);
-void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags);
-#endif
-int set_cert_ex(unsigned long *flags, const char *arg);
-int set_name_ex(unsigned long *flags, const char *arg);
-int set_ext_copy(int *copy_type, const char *arg);
-int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
-int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
-int add_oid_section(BIO *err, CONF *conf);
-X509 *load_cert(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip);
-EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip);
-EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
- const char *pass, ENGINE *e, const char *key_descrip);
-STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
- const char *pass, ENGINE *e, const char *cert_descrip);
-X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
-#ifndef OPENSSL_NO_ENGINE
-ENGINE *setup_engine(BIO *err, const char *engine, int debug);
-#endif
-
-int load_config(BIO *err, CONF *cnf);
-char *make_config_name(void);
-
-/* Functions defined in ca.c and also used in ocsp.c */
-int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
- ASN1_GENERALIZEDTIME **pinvtm, const char *str);
-
-#define DB_type 0
-#define DB_exp_date 1
-#define DB_rev_date 2
-#define DB_serial 3 /* index - unique */
-#define DB_file 4
-#define DB_name 5 /* index - unique when active and not disabled */
-#define DB_NUMBER 6
-
-#define DB_TYPE_REV 'R'
-#define DB_TYPE_EXP 'E'
-#define DB_TYPE_VAL 'V'
-
-typedef struct db_attr_st
- {
- int unique_subject;
- } DB_ATTR;
-typedef struct ca_db_st
- {
- DB_ATTR attributes;
- TXT_DB *db;
- } CA_DB;
-
-BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
-int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
-int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
-CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
-int index_index(CA_DB *db);
-int save_index(const char *dbfile, const char *suffix, CA_DB *db);
-int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
-void free_index(CA_DB *db);
-int index_name_cmp(const char **a, const char **b);
-int parse_yesno(const char *str, int def);
-
-X509_NAME *parse_name(char *str, long chtype, int multirdn);
-int args_verify(char ***pargs, int *pargc,
- int *badarg, BIO *err, X509_VERIFY_PARAM **pm);
-void policies_print(BIO *out, X509_STORE_CTX *ctx);
-
-#define FORMAT_UNDEF 0
-#define FORMAT_ASN1 1
-#define FORMAT_TEXT 2
-#define FORMAT_PEM 3
-#define FORMAT_NETSCAPE 4
-#define FORMAT_PKCS12 5
-#define FORMAT_SMIME 6
-#define FORMAT_ENGINE 7
-#define FORMAT_IISSGC 8 /* XXX this stupid macro helps us to avoid
- * adding yet another param to load_*key() */
-
-#define EXT_COPY_NONE 0
-#define EXT_COPY_ADD 1
-#define EXT_COPY_ALL 2
-
-#define NETSCAPE_CERT_HDR "certificate"
-
-#define APP_PASS_LEN 1024
-
-#define SERIAL_RAND_BITS 64
-
-#endif
diff --git a/crypto/openssl/apps/asn1pars.c b/crypto/openssl/apps/asn1pars.c
deleted file mode 100644
index b1a7c8e..0000000
--- a/crypto/openssl/apps/asn1pars.c
+++ /dev/null
@@ -1,444 +0,0 @@
-/* apps/asn1pars.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to
- * add the -strparse option which parses nested binary structures
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -in arg - input file - default stdin
- * -i - indent the details by depth
- * -offset - where in the file to start
- * -length - how many bytes to use
- * -oid file - extra oid description file
- */
-
-#undef PROG
-#define PROG asn1parse_main
-
-int MAIN(int, char **);
-
-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
-
-int MAIN(int argc, char **argv)
- {
- int i,badops=0,offset=0,ret=1,j;
- unsigned int length=0;
- long num,tmplen;
- BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
- int informat,indent=0, noout = 0, dump = 0;
- char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
- char *genstr=NULL, *genconf=NULL;
- unsigned char *tmpbuf;
- const unsigned char *ctmpbuf;
- BUF_MEM *buf=NULL;
- STACK *osk=NULL;
- ASN1_TYPE *at=NULL;
-
- informat=FORMAT_PEM;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- prog=argv[0];
- argc--;
- argv++;
- if ((osk=sk_new_null()) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto end;
- }
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- derfile= *(++argv);
- }
- else if (strcmp(*argv,"-i") == 0)
- {
- indent=1;
- }
- else if (strcmp(*argv,"-noout") == 0) noout = 1;
- else if (strcmp(*argv,"-oid") == 0)
- {
- if (--argc < 1) goto bad;
- oidfile= *(++argv);
- }
- else if (strcmp(*argv,"-offset") == 0)
- {
- if (--argc < 1) goto bad;
- offset= atoi(*(++argv));
- }
- else if (strcmp(*argv,"-length") == 0)
- {
- if (--argc < 1) goto bad;
- length= atoi(*(++argv));
- if (length == 0) goto bad;
- }
- else if (strcmp(*argv,"-dump") == 0)
- {
- dump= -1;
- }
- else if (strcmp(*argv,"-dlimit") == 0)
- {
- if (--argc < 1) goto bad;
- dump= atoi(*(++argv));
- if (dump <= 0) goto bad;
- }
- else if (strcmp(*argv,"-strparse") == 0)
- {
- if (--argc < 1) goto bad;
- sk_push(osk,*(++argv));
- }
- else if (strcmp(*argv,"-genstr") == 0)
- {
- if (--argc < 1) goto bad;
- genstr= *(++argv);
- }
- else if (strcmp(*argv,"-genconf") == 0)
- {
- if (--argc < 1) goto bad;
- genconf= *(++argv);
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file (output format is always DER\n");
- BIO_printf(bio_err," -noout arg don't produce any output\n");
- BIO_printf(bio_err," -offset arg offset into file\n");
- BIO_printf(bio_err," -length arg length of section in file\n");
- BIO_printf(bio_err," -i indent entries\n");
- BIO_printf(bio_err," -dump dump unknown data in hex form\n");
- BIO_printf(bio_err," -dlimit arg dump the first arg bytes of unknown data in hex form\n");
- BIO_printf(bio_err," -oid file file of extra oid definitions\n");
- BIO_printf(bio_err," -strparse offset\n");
- BIO_printf(bio_err," a series of these can be used to 'dig' into multiple\n");
- BIO_printf(bio_err," ASN1 blob wrappings\n");
- BIO_printf(bio_err," -genstr str string to generate ASN1 structure from\n");
- BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
-
- if (oidfile != NULL)
- {
- if (BIO_read_filename(in,oidfile) <= 0)
- {
- BIO_printf(bio_err,"problems opening %s\n",oidfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- OBJ_create_objects(in);
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
- if (derfile) {
- if(!(derout = BIO_new_file(derfile, "wb"))) {
- BIO_printf(bio_err,"problems opening %s\n",derfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if ((buf=BUF_MEM_new()) == NULL) goto end;
- if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
-
- if (genstr || genconf)
- {
- num = do_generate(bio_err, genstr, genconf, buf);
- if (num < 0)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- else
- {
-
- if (informat == FORMAT_PEM)
- {
- BIO *tmp;
-
- if ((b64=BIO_new(BIO_f_base64())) == NULL)
- goto end;
- BIO_push(b64,in);
- tmp=in;
- in=b64;
- b64=tmp;
- }
-
- num=0;
- for (;;)
- {
- if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
- i=BIO_read(in,&(buf->data[num]),BUFSIZ);
- if (i <= 0) break;
- num+=i;
- }
- }
- str=buf->data;
-
- /* If any structs to parse go through in sequence */
-
- if (sk_num(osk))
- {
- tmpbuf=(unsigned char *)str;
- tmplen=num;
- for (i=0; i<sk_num(osk); i++)
- {
- ASN1_TYPE *atmp;
- int typ;
- j=atoi(sk_value(osk,i));
- if (j == 0)
- {
- BIO_printf(bio_err,"'%s' is an invalid number\n",sk_value(osk,i));
- continue;
- }
- tmpbuf+=j;
- tmplen-=j;
- atmp = at;
- ctmpbuf = tmpbuf;
- at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen);
- ASN1_TYPE_free(atmp);
- if(!at)
- {
- BIO_printf(bio_err,"Error parsing structure\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- typ = ASN1_TYPE_get(at);
- if ((typ == V_ASN1_OBJECT)
- || (typ == V_ASN1_NULL))
- {
- BIO_printf(bio_err, "Can't parse %s type\n",
- typ == V_ASN1_NULL ? "NULL" : "OBJECT");
- ERR_print_errors(bio_err);
- goto end;
- }
- /* hmm... this is a little evil but it works */
- tmpbuf=at->value.asn1_string->data;
- tmplen=at->value.asn1_string->length;
- }
- str=(char *)tmpbuf;
- num=tmplen;
- }
-
- if (offset >= num)
- {
- BIO_printf(bio_err, "Error: offset too large\n");
- goto end;
- }
-
- num -= offset;
-
- if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
- if(derout) {
- if(BIO_write(derout, str + offset, length) != (int)length) {
- BIO_printf(bio_err, "Error writing output\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- if (!noout &&
- !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
- indent,dump))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- ret=0;
-end:
- BIO_free(derout);
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (b64 != NULL) BIO_free(b64);
- if (ret != 0)
- ERR_print_errors(bio_err);
- if (buf != NULL) BUF_MEM_free(buf);
- if (at != NULL) ASN1_TYPE_free(at);
- if (osk != NULL) sk_free(osk);
- OBJ_cleanup();
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
- {
- CONF *cnf = NULL;
- int len;
- long errline;
- unsigned char *p;
- ASN1_TYPE *atyp = NULL;
-
- if (genconf)
- {
- cnf = NCONF_new(NULL);
- if (!NCONF_load(cnf, genconf, &errline))
- goto conferr;
- if (!genstr)
- genstr = NCONF_get_string(cnf, "default", "asn1");
- if (!genstr)
- {
- BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
- goto err;
- }
- }
-
- atyp = ASN1_generate_nconf(genstr, cnf);
- NCONF_free(cnf);
-
- if (!atyp)
- return -1;
-
- len = i2d_ASN1_TYPE(atyp, NULL);
-
- if (len <= 0)
- goto err;
-
- if (!BUF_MEM_grow(buf,len))
- goto err;
-
- p=(unsigned char *)buf->data;
-
- i2d_ASN1_TYPE(atyp, &p);
-
- ASN1_TYPE_free(atyp);
- return len;
-
- conferr:
-
- if (errline > 0)
- BIO_printf(bio, "Error on line %ld of config file '%s'\n",
- errline, genconf);
- else
- BIO_printf(bio, "Error loading config file '%s'\n", genconf);
-
- err:
- NCONF_free(cnf);
- ASN1_TYPE_free(atyp);
-
- return -1;
-
- }
diff --git a/crypto/openssl/apps/ca-cert.srl b/crypto/openssl/apps/ca-cert.srl
deleted file mode 100644
index 2c7456e..0000000
--- a/crypto/openssl/apps/ca-cert.srl
+++ /dev/null
@@ -1 +0,0 @@
-07
diff --git a/crypto/openssl/apps/ca-key.pem b/crypto/openssl/apps/ca-key.pem
deleted file mode 100644
index 3a520b2..0000000
--- a/crypto/openssl/apps/ca-key.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
-gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
-2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
-AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
-hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
-J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
-HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
-21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
-nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
-MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
-pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
-KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
-XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/apps/ca-req.pem b/crypto/openssl/apps/ca-req.pem
deleted file mode 100644
index 77bf7ec..0000000
--- a/crypto/openssl/apps/ca-req.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBmTCCAQICAQAwWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
-GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgx
-MDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgy
-bTsZDCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/d
-FXSv1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUe
-cQU2mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAKlk7
-cxu9gCJN3/iQFyJXQ6YphaiQAT5VBXTx9ftRrQIjA3vxlDzPWGDy+V5Tqa7h8PtR
-5Bn00JShII2zf0hjyjKils6x/UkWmjEiwSiFp4hR70iE8XwSNEHY2P6j6nQEIpgW
-kbfgmmUqk7dl2V+ossTJ80B8SBpEhrn81V/cHxA=
------END CERTIFICATE REQUEST-----
diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c
deleted file mode 100644
index e9d79de..0000000
--- a/crypto/openssl/apps/ca.c
+++ /dev/null
@@ -1,3003 +0,0 @@
-/* apps/ca.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* The PPKI stuff has been donated by Jeff Barber <jeffb@issl.atl.hp.com> */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <openssl/conf.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/txt_db.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/objects.h>
-#include <openssl/ocsp.h>
-#include <openssl/pem.h>
-
-#ifndef W_OK
-# ifdef OPENSSL_SYS_VMS
-# if defined(__DECC)
-# include <unistd.h>
-# else
-# include <unixlib.h>
-# endif
-# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_NETWARE)
-# include <sys/file.h>
-# endif
-#endif
-
-#include "apps.h"
-
-#ifndef W_OK
-# define F_OK 0
-# define X_OK 1
-# define W_OK 2
-# define R_OK 4
-#endif
-
-#undef PROG
-#define PROG ca_main
-
-#define BASE_SECTION "ca"
-#define CONFIG_FILE "openssl.cnf"
-
-#define ENV_DEFAULT_CA "default_ca"
-
-#define STRING_MASK "string_mask"
-#define UTF8_IN "utf8"
-
-#define ENV_DIR "dir"
-#define ENV_CERTS "certs"
-#define ENV_CRL_DIR "crl_dir"
-#define ENV_CA_DB "CA_DB"
-#define ENV_NEW_CERTS_DIR "new_certs_dir"
-#define ENV_CERTIFICATE "certificate"
-#define ENV_SERIAL "serial"
-#define ENV_CRLNUMBER "crlnumber"
-#define ENV_CRL "crl"
-#define ENV_PRIVATE_KEY "private_key"
-#define ENV_RANDFILE "RANDFILE"
-#define ENV_DEFAULT_DAYS "default_days"
-#define ENV_DEFAULT_STARTDATE "default_startdate"
-#define ENV_DEFAULT_ENDDATE "default_enddate"
-#define ENV_DEFAULT_CRL_DAYS "default_crl_days"
-#define ENV_DEFAULT_CRL_HOURS "default_crl_hours"
-#define ENV_DEFAULT_MD "default_md"
-#define ENV_DEFAULT_EMAIL_DN "email_in_dn"
-#define ENV_PRESERVE "preserve"
-#define ENV_POLICY "policy"
-#define ENV_EXTENSIONS "x509_extensions"
-#define ENV_CRLEXT "crl_extensions"
-#define ENV_MSIE_HACK "msie_hack"
-#define ENV_NAMEOPT "name_opt"
-#define ENV_CERTOPT "cert_opt"
-#define ENV_EXTCOPY "copy_extensions"
-#define ENV_UNIQUE_SUBJECT "unique_subject"
-
-#define ENV_DATABASE "database"
-
-/* Additional revocation information types */
-
-#define REV_NONE 0 /* No addditional information */
-#define REV_CRL_REASON 1 /* Value is CRL reason code */
-#define REV_HOLD 2 /* Value is hold instruction */
-#define REV_KEY_COMPROMISE 3 /* Value is cert key compromise time */
-#define REV_CA_COMPROMISE 4 /* Value is CA key compromise time */
-
-static const char *ca_usage[]={
-"usage: ca args\n",
-"\n",
-" -verbose - Talk alot while doing things\n",
-" -config file - A config file\n",
-" -name arg - The particular CA definition to use\n",
-" -gencrl - Generate a new CRL\n",
-" -crldays days - Days is when the next CRL is due\n",
-" -crlhours hours - Hours is when the next CRL is due\n",
-" -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n",
-" -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n",
-" -days arg - number of days to certify the certificate for\n",
-" -md arg - md to use, one of md2, md5, sha or sha1\n",
-" -policy arg - The CA 'policy' to support\n",
-" -keyfile arg - private key file\n",
-" -keyform arg - private key file format (PEM or ENGINE)\n",
-" -key arg - key to decode the private key if it is encrypted\n",
-" -cert file - The CA certificate\n",
-" -selfsign - sign a certificate with the key associated with it\n",
-" -in file - The input PEM encoded certificate request(s)\n",
-" -out file - Where to put the output file(s)\n",
-" -outdir dir - Where to put output certificates\n",
-" -infiles .... - The last argument, requests to process\n",
-" -spkac file - File contains DN and signed public key and challenge\n",
-" -ss_cert file - File contains a self signed cert to sign\n",
-" -preserveDN - Don't re-order the DN\n",
-" -noemailDN - Don't add the EMAIL field into certificate' subject\n",
-" -batch - Don't ask questions\n",
-" -msie_hack - msie modifications to handle all those universal strings\n",
-" -revoke file - Revoke a certificate (given in file)\n",
-" -subj arg - Use arg instead of request's subject\n",
-" -utf8 - input characters are UTF8 (default ASCII)\n",
-" -multivalue-rdn - enable support for multivalued RDNs\n",
-" -extensions .. - Extension section (override value in config file)\n",
-" -extfile file - Configuration file with X509v3 extentions to add\n",
-" -crlexts .. - CRL extension section (override value in config file)\n",
-#ifndef OPENSSL_NO_ENGINE
-" -engine e - use engine e, possibly a hardware device.\n",
-#endif
-" -status serial - Shows certificate status given the serial number\n",
-" -updatedb - Updates db for expired certificates\n",
-NULL
-};
-
-#ifdef EFENCE
-extern int EF_PROTECT_FREE;
-extern int EF_PROTECT_BELOW;
-extern int EF_ALIGNMENT;
-#endif
-
-static void lookup_fail(const char *name, const char *tag);
-static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
- const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,CA_DB *db,
- BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate,
- char *enddate, long days, int batch, char *ext_sect, CONF *conf,
- int verbose, unsigned long certopt, unsigned long nameopt,
- int default_op, int ext_copy, int selfsign);
-static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
- const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
- CA_DB *db, BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn,
- char *startdate, char *enddate, long days, int batch,
- char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy,
- ENGINE *e);
-static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
- const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
- CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn, int email_dn,
- char *startdate, char *enddate, long days, char *ext_sect,
- CONF *conf, int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy);
-static int fix_data(int nid, int *type);
-static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,char *subj,unsigned long chtype, int multirdn,
- int email_dn, char *startdate, char *enddate, long days, int batch,
- int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
- unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy, int selfsign);
-static int do_revoke(X509 *x509, CA_DB *db, int ext, char *extval);
-static int get_certificate_status(const char *ser_status, CA_DB *db);
-static int do_updatedb(CA_DB *db);
-static int check_time_format(char *str);
-char *make_revocation_str(int rev_type, char *rev_arg);
-int make_revoked(X509_REVOKED *rev, const char *str);
-int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
-static CONF *conf=NULL;
-static CONF *extconf=NULL;
-static char *section=NULL;
-
-static int preserve=0;
-static int msie_hack=0;
-
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- char *key=NULL,*passargin=NULL;
- int create_ser = 0;
- int free_key = 0;
- int total=0;
- int total_done=0;
- int badops=0;
- int ret=1;
- int email_dn=1;
- int req=0;
- int verbose=0;
- int gencrl=0;
- int dorevoke=0;
- int doupdatedb=0;
- long crldays=0;
- long crlhours=0;
- long errorline= -1;
- char *configfile=NULL;
- char *md=NULL;
- char *policy=NULL;
- char *keyfile=NULL;
- char *certfile=NULL;
- int keyform=FORMAT_PEM;
- char *infile=NULL;
- char *spkac_file=NULL;
- char *ss_cert_file=NULL;
- char *ser_status=NULL;
- EVP_PKEY *pkey=NULL;
- int output_der = 0;
- char *outfile=NULL;
- char *outdir=NULL;
- char *serialfile=NULL;
- char *crlnumberfile=NULL;
- char *extensions=NULL;
- char *extfile=NULL;
- char *subj=NULL;
- unsigned long chtype = MBSTRING_ASC;
- int multirdn = 0;
- char *tmp_email_dn=NULL;
- char *crl_ext=NULL;
- int rev_type = REV_NONE;
- char *rev_arg = NULL;
- BIGNUM *serial=NULL;
- BIGNUM *crlnumber=NULL;
- char *startdate=NULL;
- char *enddate=NULL;
- long days=0;
- int batch=0;
- int notext=0;
- unsigned long nameopt = 0, certopt = 0;
- int default_op = 1;
- int ext_copy = EXT_COPY_NONE;
- int selfsign = 0;
- X509 *x509=NULL, *x509p = NULL;
- X509 *x=NULL;
- BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
- char *dbfile=NULL;
- CA_DB *db=NULL;
- X509_CRL *crl=NULL;
- X509_REVOKED *r=NULL;
- ASN1_TIME *tmptm;
- ASN1_INTEGER *tmpser;
- char *f;
- const char *p, **pp;
- int i,j;
- const EVP_MD *dgst=NULL;
- STACK_OF(CONF_VALUE) *attribs=NULL;
- STACK_OF(X509) *cert_sk=NULL;
-#undef BSIZE
-#define BSIZE 256
- MS_STATIC char buf[3][BSIZE];
- char *randfile=NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine = NULL;
-#endif
- char *tofree=NULL;
- DB_ATTR db_attr;
-
-#ifdef EFENCE
-EF_PROTECT_FREE=1;
-EF_PROTECT_BELOW=1;
-EF_ALIGNMENT=0;
-#endif
-
- apps_startup();
-
- conf = NULL;
- key = NULL;
- section = NULL;
-
- preserve=0;
- msie_hack=0;
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-verbose") == 0)
- verbose=1;
- else if (strcmp(*argv,"-config") == 0)
- {
- if (--argc < 1) goto bad;
- configfile= *(++argv);
- }
- else if (strcmp(*argv,"-name") == 0)
- {
- if (--argc < 1) goto bad;
- section= *(++argv);
- }
- else if (strcmp(*argv,"-subj") == 0)
- {
- if (--argc < 1) goto bad;
- subj= *(++argv);
- /* preserve=1; */
- }
- else if (strcmp(*argv,"-utf8") == 0)
- chtype = MBSTRING_UTF8;
- else if (strcmp(*argv,"-create_serial") == 0)
- create_ser = 1;
- else if (strcmp(*argv,"-multivalue-rdn") == 0)
- multirdn=1;
- else if (strcmp(*argv,"-startdate") == 0)
- {
- if (--argc < 1) goto bad;
- startdate= *(++argv);
- }
- else if (strcmp(*argv,"-enddate") == 0)
- {
- if (--argc < 1) goto bad;
- enddate= *(++argv);
- }
- else if (strcmp(*argv,"-days") == 0)
- {
- if (--argc < 1) goto bad;
- days=atoi(*(++argv));
- }
- else if (strcmp(*argv,"-md") == 0)
- {
- if (--argc < 1) goto bad;
- md= *(++argv);
- }
- else if (strcmp(*argv,"-policy") == 0)
- {
- if (--argc < 1) goto bad;
- policy= *(++argv);
- }
- else if (strcmp(*argv,"-keyfile") == 0)
- {
- if (--argc < 1) goto bad;
- keyfile= *(++argv);
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
- keyform=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- key= *(++argv);
- }
- else if (strcmp(*argv,"-cert") == 0)
- {
- if (--argc < 1) goto bad;
- certfile= *(++argv);
- }
- else if (strcmp(*argv,"-selfsign") == 0)
- selfsign=1;
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- req=1;
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-outdir") == 0)
- {
- if (--argc < 1) goto bad;
- outdir= *(++argv);
- }
- else if (strcmp(*argv,"-notext") == 0)
- notext=1;
- else if (strcmp(*argv,"-batch") == 0)
- batch=1;
- else if (strcmp(*argv,"-preserveDN") == 0)
- preserve=1;
- else if (strcmp(*argv,"-noemailDN") == 0)
- email_dn=0;
- else if (strcmp(*argv,"-gencrl") == 0)
- gencrl=1;
- else if (strcmp(*argv,"-msie_hack") == 0)
- msie_hack=1;
- else if (strcmp(*argv,"-crldays") == 0)
- {
- if (--argc < 1) goto bad;
- crldays= atol(*(++argv));
- }
- else if (strcmp(*argv,"-crlhours") == 0)
- {
- if (--argc < 1) goto bad;
- crlhours= atol(*(++argv));
- }
- else if (strcmp(*argv,"-infiles") == 0)
- {
- argc--;
- argv++;
- req=1;
- break;
- }
- else if (strcmp(*argv, "-ss_cert") == 0)
- {
- if (--argc < 1) goto bad;
- ss_cert_file = *(++argv);
- req=1;
- }
- else if (strcmp(*argv, "-spkac") == 0)
- {
- if (--argc < 1) goto bad;
- spkac_file = *(++argv);
- req=1;
- }
- else if (strcmp(*argv,"-revoke") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- dorevoke=1;
- }
- else if (strcmp(*argv,"-extensions") == 0)
- {
- if (--argc < 1) goto bad;
- extensions= *(++argv);
- }
- else if (strcmp(*argv,"-extfile") == 0)
- {
- if (--argc < 1) goto bad;
- extfile= *(++argv);
- }
- else if (strcmp(*argv,"-status") == 0)
- {
- if (--argc < 1) goto bad;
- ser_status= *(++argv);
- }
- else if (strcmp(*argv,"-updatedb") == 0)
- {
- doupdatedb=1;
- }
- else if (strcmp(*argv,"-crlexts") == 0)
- {
- if (--argc < 1) goto bad;
- crl_ext= *(++argv);
- }
- else if (strcmp(*argv,"-crl_reason") == 0)
- {
- if (--argc < 1) goto bad;
- rev_arg = *(++argv);
- rev_type = REV_CRL_REASON;
- }
- else if (strcmp(*argv,"-crl_hold") == 0)
- {
- if (--argc < 1) goto bad;
- rev_arg = *(++argv);
- rev_type = REV_HOLD;
- }
- else if (strcmp(*argv,"-crl_compromise") == 0)
- {
- if (--argc < 1) goto bad;
- rev_arg = *(++argv);
- rev_type = REV_KEY_COMPROMISE;
- }
- else if (strcmp(*argv,"-crl_CA_compromise") == 0)
- {
- if (--argc < 1) goto bad;
- rev_arg = *(++argv);
- rev_type = REV_CA_COMPROMISE;
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else
- {
-bad:
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
- for (pp=ca_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
- goto err;
- }
-
- ERR_load_crypto_strings();
-
- /*****************************************************************/
- tofree=NULL;
- if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
- if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
- if (configfile == NULL)
- {
- const char *s=X509_get_default_cert_area();
- size_t len;
-
-#ifdef OPENSSL_SYS_VMS
- len = strlen(s)+sizeof(CONFIG_FILE);
- tofree=OPENSSL_malloc(len);
- strcpy(tofree,s);
-#else
- len = strlen(s)+sizeof(CONFIG_FILE)+1;
- tofree=OPENSSL_malloc(len);
- BUF_strlcpy(tofree,s,len);
- BUF_strlcat(tofree,"/",len);
-#endif
- BUF_strlcat(tofree,CONFIG_FILE,len);
- configfile=tofree;
- }
-
- BIO_printf(bio_err,"Using configuration from %s\n",configfile);
- conf = NCONF_new(NULL);
- if (NCONF_load(conf,configfile,&errorline) <= 0)
- {
- if (errorline <= 0)
- BIO_printf(bio_err,"error loading the config file '%s'\n",
- configfile);
- else
- BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
- ,errorline,configfile);
- goto err;
- }
- if(tofree)
- {
- OPENSSL_free(tofree);
- tofree = NULL;
- }
-
- if (!load_config(bio_err, conf))
- goto err;
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- /* Lets get the config section we are using */
- if (section == NULL)
- {
- section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
- if (section == NULL)
- {
- lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
- goto err;
- }
- }
-
- if (conf != NULL)
- {
- p=NCONF_get_string(conf,NULL,"oid_file");
- if (p == NULL)
- ERR_clear_error();
- if (p != NULL)
- {
- BIO *oid_bio;
-
- oid_bio=BIO_new_file(p,"r");
- if (oid_bio == NULL)
- {
- /*
- BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
- ERR_print_errors(bio_err);
- */
- ERR_clear_error();
- }
- else
- {
- OBJ_create_objects(oid_bio);
- BIO_free(oid_bio);
- }
- }
- if (!add_oid_section(bio_err,conf))
- {
- ERR_print_errors(bio_err);
- goto err;
- }
- }
-
- randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
- if (randfile == NULL)
- ERR_clear_error();
- app_RAND_load_file(randfile, bio_err, 0);
-
- f = NCONF_get_string(conf, section, STRING_MASK);
- if (!f)
- ERR_clear_error();
-
- if(f && !ASN1_STRING_set_default_mask_asc(f)) {
- BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
- goto err;
- }
-
- if (chtype != MBSTRING_UTF8){
- f = NCONF_get_string(conf, section, UTF8_IN);
- if (!f)
- ERR_clear_error();
- else if (!strcmp(f, "yes"))
- chtype = MBSTRING_UTF8;
- }
-
- db_attr.unique_subject = 1;
- p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
- if (p)
- {
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: unique_subject = \"%s\"\n", p);
-#endif
- db_attr.unique_subject = parse_yesno(p,1);
- }
- else
- ERR_clear_error();
-#ifdef RL_DEBUG
- if (!p)
- BIO_printf(bio_err, "DEBUG: unique_subject undefined\n", p);
-#endif
-#ifdef RL_DEBUG
- BIO_printf(bio_err, "DEBUG: configured unique_subject is %d\n",
- db_attr.unique_subject);
-#endif
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- Sout=BIO_new(BIO_s_file());
- Cout=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL) || (Sout == NULL) || (Cout == NULL))
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- /*****************************************************************/
- /* report status of cert with serial number given on command line */
- if (ser_status)
- {
- if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
- {
- lookup_fail(section,ENV_DATABASE);
- goto err;
- }
- db = load_index(dbfile,&db_attr);
- if (db == NULL) goto err;
-
- if (!index_index(db)) goto err;
-
- if (get_certificate_status(ser_status,db) != 1)
- BIO_printf(bio_err,"Error verifying serial %s!\n",
- ser_status);
- goto err;
- }
-
- /*****************************************************************/
- /* we definitely need a private key, so let's get it */
-
- if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
- section,ENV_PRIVATE_KEY)) == NULL))
- {
- lookup_fail(section,ENV_PRIVATE_KEY);
- goto err;
- }
- if (!key)
- {
- free_key = 1;
- if (!app_passwd(bio_err, passargin, NULL, &key, NULL))
- {
- BIO_printf(bio_err,"Error getting password\n");
- goto err;
- }
- }
- pkey = load_key(bio_err, keyfile, keyform, 0, key, e,
- "CA private key");
- if (key) OPENSSL_cleanse(key,strlen(key));
- if (pkey == NULL)
- {
- /* load_key() has already printed an appropriate message */
- goto err;
- }
-
- /*****************************************************************/
- /* we need a certificate */
- if (!selfsign || spkac_file || ss_cert_file || gencrl)
- {
- if ((certfile == NULL)
- && ((certfile=NCONF_get_string(conf,
- section,ENV_CERTIFICATE)) == NULL))
- {
- lookup_fail(section,ENV_CERTIFICATE);
- goto err;
- }
- x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
- "CA certificate");
- if (x509 == NULL)
- goto err;
-
- if (!X509_check_private_key(x509,pkey))
- {
- BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
- goto err;
- }
- }
- if (!selfsign) x509p = x509;
-
- f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
- if (f == NULL)
- ERR_clear_error();
- if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
- preserve=1;
- f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
- if (f == NULL)
- ERR_clear_error();
- if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
- msie_hack=1;
-
- f=NCONF_get_string(conf,section,ENV_NAMEOPT);
-
- if (f)
- {
- if (!set_name_ex(&nameopt, f))
- {
- BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
- goto err;
- }
- default_op = 0;
- }
- else
- ERR_clear_error();
-
- f=NCONF_get_string(conf,section,ENV_CERTOPT);
-
- if (f)
- {
- if (!set_cert_ex(&certopt, f))
- {
- BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
- goto err;
- }
- default_op = 0;
- }
- else
- ERR_clear_error();
-
- f=NCONF_get_string(conf,section,ENV_EXTCOPY);
-
- if (f)
- {
- if (!set_ext_copy(&ext_copy, f))
- {
- BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
- goto err;
- }
- }
- else
- ERR_clear_error();
-
- /*****************************************************************/
- /* lookup where to write new certificates */
- if ((outdir == NULL) && (req))
- {
- struct stat sb;
-
- if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
- == NULL)
- {
- BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
- goto err;
- }
-#ifndef OPENSSL_SYS_VMS
- /* outdir is a directory spec, but access() for VMS demands a
- filename. In any case, stat(), below, will catch the problem
- if outdir is not a directory spec, and the fopen() or open()
- will catch an error if there is no write access.
-
- Presumably, this problem could also be solved by using the DEC
- C routines to convert the directory syntax to Unixly, and give
- that to access(). However, time's too short to do that just
- now.
- */
- if (access(outdir,R_OK|W_OK|X_OK) != 0)
- {
- BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
- perror(outdir);
- goto err;
- }
-
- if (stat(outdir,&sb) != 0)
- {
- BIO_printf(bio_err,"unable to stat(%s)\n",outdir);
- perror(outdir);
- goto err;
- }
-#ifdef S_IFDIR
- if (!(sb.st_mode & S_IFDIR))
- {
- BIO_printf(bio_err,"%s need to be a directory\n",outdir);
- perror(outdir);
- goto err;
- }
-#endif
-#endif
- }
-
- /*****************************************************************/
- /* we need to load the database file */
- if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
- {
- lookup_fail(section,ENV_DATABASE);
- goto err;
- }
- db = load_index(dbfile, &db_attr);
- if (db == NULL) goto err;
-
- /* Lets check some fields */
- for (i=0; i<sk_num(db->db->data); i++)
- {
- pp=(const char **)sk_value(db->db->data,i);
- if ((pp[DB_type][0] != DB_TYPE_REV) &&
- (pp[DB_rev_date][0] != '\0'))
- {
- BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1);
- goto err;
- }
- if ((pp[DB_type][0] == DB_TYPE_REV) &&
- !make_revoked(NULL, pp[DB_rev_date]))
- {
- BIO_printf(bio_err," in entry %d\n", i+1);
- goto err;
- }
- if (!check_time_format((char *)pp[DB_exp_date]))
- {
- BIO_printf(bio_err,"entry %d: invalid expiry date\n",i+1);
- goto err;
- }
- p=pp[DB_serial];
- j=strlen(p);
- if (*p == '-')
- {
- p++;
- j--;
- }
- if ((j&1) || (j < 2))
- {
- BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j);
- goto err;
- }
- while (*p)
- {
- if (!( ((*p >= '0') && (*p <= '9')) ||
- ((*p >= 'A') && (*p <= 'F')) ||
- ((*p >= 'a') && (*p <= 'f'))) )
- {
- BIO_printf(bio_err,"entry %d: bad serial number characters, char pos %ld, char is '%c'\n",i+1,(long)(p-pp[DB_serial]),*p);
- goto err;
- }
- p++;
- }
- }
- if (verbose)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- TXT_DB_write(out,db->db);
- BIO_printf(bio_err,"%d entries loaded from the database\n",
- db->db->data->num);
- BIO_printf(bio_err,"generating index\n");
- }
-
- if (!index_index(db)) goto err;
-
- /*****************************************************************/
- /* Update the db file for expired certificates */
- if (doupdatedb)
- {
- if (verbose)
- BIO_printf(bio_err, "Updating %s ...\n",
- dbfile);
-
- i = do_updatedb(db);
- if (i == -1)
- {
- BIO_printf(bio_err,"Malloc failure\n");
- goto err;
- }
- else if (i == 0)
- {
- if (verbose) BIO_printf(bio_err,
- "No entries found to mark expired\n");
- }
- else
- {
- if (!save_index(dbfile,"new",db)) goto err;
-
- if (!rotate_index(dbfile,"new","old")) goto err;
-
- if (verbose) BIO_printf(bio_err,
- "Done. %d entries marked as expired\n",i);
- }
- }
-
- /*****************************************************************/
- /* Read extentions config file */
- if (extfile)
- {
- extconf = NCONF_new(NULL);
- if (NCONF_load(extconf,extfile,&errorline) <= 0)
- {
- if (errorline <= 0)
- BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
- extfile);
- else
- BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n",
- errorline,extfile);
- ret = 1;
- goto err;
- }
-
- if (verbose)
- BIO_printf(bio_err, "Successfully loaded extensions file %s\n", extfile);
-
- /* We can have sections in the ext file */
- if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
- extensions = "default";
- }
-
- /*****************************************************************/
- if (req || gencrl)
- {
- if (outfile != NULL)
- {
- if (BIO_write_filename(Sout,outfile) <= 0)
- {
- perror(outfile);
- goto err;
- }
- }
- else
- {
- BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- Sout = BIO_push(tmpbio, Sout);
- }
-#endif
- }
- }
-
- if ((md == NULL) && ((md=NCONF_get_string(conf,
- section,ENV_DEFAULT_MD)) == NULL))
- {
- lookup_fail(section,ENV_DEFAULT_MD);
- goto err;
- }
-
- if ((dgst=EVP_get_digestbyname(md)) == NULL)
- {
- BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
- goto err;
- }
-
- if (req)
- {
- if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,
- section,ENV_DEFAULT_EMAIL_DN)) != NULL ))
- {
- if(strcmp(tmp_email_dn,"no") == 0)
- email_dn=0;
- }
- if (verbose)
- BIO_printf(bio_err,"message digest is %s\n",
- OBJ_nid2ln(dgst->type));
- if ((policy == NULL) && ((policy=NCONF_get_string(conf,
- section,ENV_POLICY)) == NULL))
- {
- lookup_fail(section,ENV_POLICY);
- goto err;
- }
- if (verbose)
- BIO_printf(bio_err,"policy is %s\n",policy);
-
- if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
- == NULL)
- {
- lookup_fail(section,ENV_SERIAL);
- goto err;
- }
-
- if (!extconf)
- {
- /* no '-extfile' option, so we look for extensions
- * in the main configuration file */
- if (!extensions)
- {
- extensions=NCONF_get_string(conf,section,
- ENV_EXTENSIONS);
- if (!extensions)
- ERR_clear_error();
- }
- if (extensions)
- {
- /* Check syntax of file */
- X509V3_CTX ctx;
- X509V3_set_ctx_test(&ctx);
- X509V3_set_nconf(&ctx, conf);
- if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
- NULL))
- {
- BIO_printf(bio_err,
- "Error Loading extension section %s\n",
- extensions);
- ret = 1;
- goto err;
- }
- }
- }
-
- if (startdate == NULL)
- {
- startdate=NCONF_get_string(conf,section,
- ENV_DEFAULT_STARTDATE);
- if (startdate == NULL)
- ERR_clear_error();
- }
- if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
- {
- BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
- goto err;
- }
- if (startdate == NULL) startdate="today";
-
- if (enddate == NULL)
- {
- enddate=NCONF_get_string(conf,section,
- ENV_DEFAULT_ENDDATE);
- if (enddate == NULL)
- ERR_clear_error();
- }
- if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
- {
- BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
- goto err;
- }
-
- if (days == 0)
- {
- if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
- days = 0;
- }
- if (!enddate && (days == 0))
- {
- BIO_printf(bio_err,"cannot lookup how many days to certify for\n");
- goto err;
- }
-
- if ((serial=load_serial(serialfile, create_ser, NULL)) == NULL)
- {
- BIO_printf(bio_err,"error while loading serial number\n");
- goto err;
- }
- if (verbose)
- {
- if (BN_is_zero(serial))
- BIO_printf(bio_err,"next serial number is 00\n");
- else
- {
- if ((f=BN_bn2hex(serial)) == NULL) goto err;
- BIO_printf(bio_err,"next serial number is %s\n",f);
- OPENSSL_free(f);
- }
- }
-
- if ((attribs=NCONF_get_section(conf,policy)) == NULL)
- {
- BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
- goto err;
- }
-
- if ((cert_sk=sk_X509_new_null()) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- if (spkac_file != NULL)
- {
- total++;
- j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
- serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,extensions,
- conf,verbose,certopt,nameopt,default_op,ext_copy);
- if (j < 0) goto err;
- if (j > 0)
- {
- total_done++;
- BIO_printf(bio_err,"\n");
- if (!BN_add_word(serial,1)) goto err;
- if (!sk_X509_push(cert_sk,x))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- if (outfile)
- {
- output_der = 1;
- batch = 1;
- }
- }
- }
- if (ss_cert_file != NULL)
- {
- total++;
- j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
- db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
- extensions,conf,verbose, certopt, nameopt,
- default_op, ext_copy, e);
- if (j < 0) goto err;
- if (j > 0)
- {
- total_done++;
- BIO_printf(bio_err,"\n");
- if (!BN_add_word(serial,1)) goto err;
- if (!sk_X509_push(cert_sk,x))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- }
- }
- if (infile != NULL)
- {
- total++;
- j=certify(&x,infile,pkey,x509p,dgst,attribs,db,
- serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
- extensions,conf,verbose, certopt, nameopt,
- default_op, ext_copy, selfsign);
- if (j < 0) goto err;
- if (j > 0)
- {
- total_done++;
- BIO_printf(bio_err,"\n");
- if (!BN_add_word(serial,1)) goto err;
- if (!sk_X509_push(cert_sk,x))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- }
- }
- for (i=0; i<argc; i++)
- {
- total++;
- j=certify(&x,argv[i],pkey,x509p,dgst,attribs,db,
- serial,subj,chtype,multirdn,email_dn,startdate,enddate,days,batch,
- extensions,conf,verbose, certopt, nameopt,
- default_op, ext_copy, selfsign);
- if (j < 0) goto err;
- if (j > 0)
- {
- total_done++;
- BIO_printf(bio_err,"\n");
- if (!BN_add_word(serial,1)) goto err;
- if (!sk_X509_push(cert_sk,x))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- }
- }
- /* we have a stack of newly certified certificates
- * and a data base and serial number that need
- * updating */
-
- if (sk_X509_num(cert_sk) > 0)
- {
- if (!batch)
- {
- BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
- (void)BIO_flush(bio_err);
- buf[0][0]='\0';
- fgets(buf[0],10,stdin);
- if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
- {
- BIO_printf(bio_err,"CERTIFICATION CANCELED\n");
- ret=0;
- goto err;
- }
- }
-
- BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
-
- if (!save_serial(serialfile,"new",serial,NULL)) goto err;
-
- if (!save_index(dbfile, "new", db)) goto err;
- }
-
- if (verbose)
- BIO_printf(bio_err,"writing new certificates\n");
- for (i=0; i<sk_X509_num(cert_sk); i++)
- {
- int k;
- char *n;
-
- x=sk_X509_value(cert_sk,i);
-
- j=x->cert_info->serialNumber->length;
- p=(const char *)x->cert_info->serialNumber->data;
-
- if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
- {
- BIO_printf(bio_err,"certificate file name too long\n");
- goto err;
- }
-
- strcpy(buf[2],outdir);
-
-#ifndef OPENSSL_SYS_VMS
- BUF_strlcat(buf[2],"/",sizeof(buf[2]));
-#endif
-
- n=(char *)&(buf[2][strlen(buf[2])]);
- if (j > 0)
- {
- for (k=0; k<j; k++)
- {
- if (n >= &(buf[2][sizeof(buf[2])]))
- break;
- BIO_snprintf(n,
- &buf[2][0] + sizeof(buf[2]) - n,
- "%02X",(unsigned char)*(p++));
- n+=2;
- }
- }
- else
- {
- *(n++)='0';
- *(n++)='0';
- }
- *(n++)='.'; *(n++)='p'; *(n++)='e'; *(n++)='m';
- *n='\0';
- if (verbose)
- BIO_printf(bio_err,"writing %s\n",buf[2]);
-
- if (BIO_write_filename(Cout,buf[2]) <= 0)
- {
- perror(buf[2]);
- goto err;
- }
- write_new_certificate(Cout,x, 0, notext);
- write_new_certificate(Sout,x, output_der, notext);
- }
-
- if (sk_X509_num(cert_sk))
- {
- /* Rename the database and the serial file */
- if (!rotate_serial(serialfile,"new","old")) goto err;
-
- if (!rotate_index(dbfile,"new","old")) goto err;
-
- BIO_printf(bio_err,"Data Base Updated\n");
- }
- }
-
- /*****************************************************************/
- if (gencrl)
- {
- int crl_v2 = 0;
- if (!crl_ext)
- {
- crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
- if (!crl_ext)
- ERR_clear_error();
- }
- if (crl_ext)
- {
- /* Check syntax of file */
- X509V3_CTX ctx;
- X509V3_set_ctx_test(&ctx);
- X509V3_set_nconf(&ctx, conf);
- if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
- {
- BIO_printf(bio_err,
- "Error Loading CRL extension section %s\n",
- crl_ext);
- ret = 1;
- goto err;
- }
- }
-
- if ((crlnumberfile=NCONF_get_string(conf,section,ENV_CRLNUMBER))
- != NULL)
- if ((crlnumber=load_serial(crlnumberfile,0,NULL)) == NULL)
- {
- BIO_printf(bio_err,"error while loading CRL number\n");
- goto err;
- }
-
- if (!crldays && !crlhours)
- {
- if (!NCONF_get_number(conf,section,
- ENV_DEFAULT_CRL_DAYS, &crldays))
- crldays = 0;
- if (!NCONF_get_number(conf,section,
- ENV_DEFAULT_CRL_HOURS, &crlhours))
- crlhours = 0;
- }
- if ((crldays == 0) && (crlhours == 0))
- {
- BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
- goto err;
- }
-
- if (verbose) BIO_printf(bio_err,"making CRL\n");
- if ((crl=X509_CRL_new()) == NULL) goto err;
- if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err;
-
- tmptm = ASN1_TIME_new();
- if (!tmptm) goto err;
- X509_gmtime_adj(tmptm,0);
- X509_CRL_set_lastUpdate(crl, tmptm);
- X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60);
- X509_CRL_set_nextUpdate(crl, tmptm);
-
- ASN1_TIME_free(tmptm);
-
- for (i=0; i<sk_num(db->db->data); i++)
- {
- pp=(const char **)sk_value(db->db->data,i);
- if (pp[DB_type][0] == DB_TYPE_REV)
- {
- if ((r=X509_REVOKED_new()) == NULL) goto err;
- j = make_revoked(r, pp[DB_rev_date]);
- if (!j) goto err;
- if (j == 2) crl_v2 = 1;
- if (!BN_hex2bn(&serial, pp[DB_serial]))
- goto err;
- tmpser = BN_to_ASN1_INTEGER(serial, NULL);
- BN_free(serial);
- serial = NULL;
- if (!tmpser)
- goto err;
- X509_REVOKED_set_serialNumber(r, tmpser);
- ASN1_INTEGER_free(tmpser);
- X509_CRL_add0_revoked(crl,r);
- }
- }
-
- /* sort the data so it will be written in serial
- * number order */
- X509_CRL_sort(crl);
-
- /* we now have a CRL */
- if (verbose) BIO_printf(bio_err,"signing CRL\n");
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- dgst=EVP_dss1();
- else
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- dgst=EVP_ecdsa();
-#endif
-
- /* Add any extensions asked for */
-
- if (crl_ext || crlnumberfile != NULL)
- {
- X509V3_CTX crlctx;
- X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
- X509V3_set_nconf(&crlctx, conf);
-
- if (crl_ext)
- if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
- crl_ext, crl)) goto err;
- if (crlnumberfile != NULL)
- {
- tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
- if (!tmpser) goto err;
- X509_CRL_add1_ext_i2d(crl,NID_crl_number,tmpser,0,0);
- ASN1_INTEGER_free(tmpser);
- crl_v2 = 1;
- if (!BN_add_word(crlnumber,1)) goto err;
- }
- }
- if (crl_ext || crl_v2)
- {
- if (!X509_CRL_set_version(crl, 1))
- goto err; /* version 2 CRL */
- }
-
-
- if (crlnumberfile != NULL) /* we have a CRL number that need updating */
- if (!save_serial(crlnumberfile,"new",crlnumber,NULL)) goto err;
-
- if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
-
- PEM_write_bio_X509_CRL(Sout,crl);
-
- if (crlnumberfile != NULL) /* Rename the crlnumber file */
- if (!rotate_serial(crlnumberfile,"new","old")) goto err;
-
- }
- /*****************************************************************/
- if (dorevoke)
- {
- if (infile == NULL)
- {
- BIO_printf(bio_err,"no input files\n");
- goto err;
- }
- else
- {
- X509 *revcert;
- revcert=load_cert(bio_err, infile, FORMAT_PEM,
- NULL, e, infile);
- if (revcert == NULL)
- goto err;
- j=do_revoke(revcert,db, rev_type, rev_arg);
- if (j <= 0) goto err;
- X509_free(revcert);
-
- if (!save_index(dbfile, "new", db)) goto err;
-
- if (!rotate_index(dbfile, "new", "old")) goto err;
-
- BIO_printf(bio_err,"Data Base Updated\n");
- }
- }
- /*****************************************************************/
- ret=0;
-err:
- if(tofree)
- OPENSSL_free(tofree);
- BIO_free_all(Cout);
- BIO_free_all(Sout);
- BIO_free_all(out);
- BIO_free_all(in);
-
- if (cert_sk)
- sk_X509_pop_free(cert_sk,X509_free);
-
- if (ret) ERR_print_errors(bio_err);
- app_RAND_write_file(randfile, bio_err);
- if (free_key && key)
- OPENSSL_free(key);
- BN_free(serial);
- free_index(db);
- EVP_PKEY_free(pkey);
- if (x509) X509_free(x509);
- X509_CRL_free(crl);
- NCONF_free(conf);
- NCONF_free(extconf);
- OBJ_cleanup();
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static void lookup_fail(const char *name, const char *tag)
- {
- BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
- }
-
-static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
- long days, int batch, char *ext_sect, CONF *lconf, int verbose,
- unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy, int selfsign)
- {
- X509_REQ *req=NULL;
- BIO *in=NULL;
- EVP_PKEY *pktmp=NULL;
- int ok= -1,i;
-
- in=BIO_new(BIO_s_file());
-
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto err;
- }
- if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL)
- {
- BIO_printf(bio_err,"Error reading certificate request in %s\n",
- infile);
- goto err;
- }
- if (verbose)
- X509_REQ_print(bio_err,req);
-
- BIO_printf(bio_err,"Check that the request matches the signature\n");
-
- if (selfsign && !X509_REQ_check_private_key(req,pkey))
- {
- BIO_printf(bio_err,"Certificate request and CA private key do not match\n");
- ok=0;
- goto err;
- }
- if ((pktmp=X509_REQ_get_pubkey(req)) == NULL)
- {
- BIO_printf(bio_err,"error unpacking public key\n");
- goto err;
- }
- i=X509_REQ_verify(req,pktmp);
- EVP_PKEY_free(pktmp);
- if (i < 0)
- {
- ok=0;
- BIO_printf(bio_err,"Signature verification problems....\n");
- goto err;
- }
- if (i == 0)
- {
- ok=0;
- BIO_printf(bio_err,"Signature did not match the certificate request\n");
- goto err;
- }
- else
- BIO_printf(bio_err,"Signature ok\n");
-
- ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn, email_dn,
- startdate,enddate,days,batch,verbose,req,ext_sect,lconf,
- certopt, nameopt, default_op, ext_copy, selfsign);
-
-err:
- if (req != NULL) X509_REQ_free(req);
- if (in != NULL) BIO_free(in);
- return(ok);
- }
-
-static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj, unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
- long days, int batch, char *ext_sect, CONF *lconf, int verbose,
- unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy, ENGINE *e)
- {
- X509 *req=NULL;
- X509_REQ *rreq=NULL;
- EVP_PKEY *pktmp=NULL;
- int ok= -1,i;
-
- if ((req=load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL)
- goto err;
- if (verbose)
- X509_print(bio_err,req);
-
- BIO_printf(bio_err,"Check that the request matches the signature\n");
-
- if ((pktmp=X509_get_pubkey(req)) == NULL)
- {
- BIO_printf(bio_err,"error unpacking public key\n");
- goto err;
- }
- i=X509_verify(req,pktmp);
- EVP_PKEY_free(pktmp);
- if (i < 0)
- {
- ok=0;
- BIO_printf(bio_err,"Signature verification problems....\n");
- goto err;
- }
- if (i == 0)
- {
- ok=0;
- BIO_printf(bio_err,"Signature did not match the certificate\n");
- goto err;
- }
- else
- BIO_printf(bio_err,"Signature ok\n");
-
- if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
- goto err;
-
- ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
- days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,
- ext_copy, 0);
-
-err:
- if (rreq != NULL) X509_REQ_free(rreq);
- if (req != NULL) X509_free(req);
- return(ok);
- }
-
-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
- STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial, char *subj,
- unsigned long chtype, int multirdn,
- int email_dn, char *startdate, char *enddate, long days, int batch,
- int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
- unsigned long certopt, unsigned long nameopt, int default_op,
- int ext_copy, int selfsign)
- {
- X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL;
- ASN1_UTCTIME *tm,*tmptm;
- ASN1_STRING *str,*str2;
- ASN1_OBJECT *obj;
- X509 *ret=NULL;
- X509_CINF *ci;
- X509_NAME_ENTRY *ne;
- X509_NAME_ENTRY *tne,*push;
- EVP_PKEY *pktmp;
- int ok= -1,i,j,last,nid;
- const char *p;
- CONF_VALUE *cv;
- char *row[DB_NUMBER],**rrow=NULL,**irow=NULL;
- char buf[25];
-
- tmptm=ASN1_UTCTIME_new();
- if (tmptm == NULL)
- {
- BIO_printf(bio_err,"malloc error\n");
- return(0);
- }
-
- for (i=0; i<DB_NUMBER; i++)
- row[i]=NULL;
-
- if (subj)
- {
- X509_NAME *n = parse_name(subj, chtype, multirdn);
-
- if (!n)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
- X509_REQ_set_subject_name(req,n);
- req->req_info->enc.modified = 1;
- X509_NAME_free(n);
- }
-
- if (default_op)
- BIO_printf(bio_err,"The Subject's Distinguished Name is as follows\n");
-
- name=X509_REQ_get_subject_name(req);
- for (i=0; i<X509_NAME_entry_count(name); i++)
- {
- ne= X509_NAME_get_entry(name,i);
- str=X509_NAME_ENTRY_get_data(ne);
- obj=X509_NAME_ENTRY_get_object(ne);
-
- if (msie_hack)
- {
- /* assume all type should be strings */
- nid=OBJ_obj2nid(ne->object);
-
- if (str->type == V_ASN1_UNIVERSALSTRING)
- ASN1_UNIVERSALSTRING_to_string(str);
-
- if ((str->type == V_ASN1_IA5STRING) &&
- (nid != NID_pkcs9_emailAddress))
- str->type=V_ASN1_T61STRING;
-
- if ((nid == NID_pkcs9_emailAddress) &&
- (str->type == V_ASN1_PRINTABLESTRING))
- str->type=V_ASN1_IA5STRING;
- }
-
- /* If no EMAIL is wanted in the subject */
- if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))
- continue;
-
- /* check some things */
- if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
- (str->type != V_ASN1_IA5STRING))
- {
- BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");
- goto err;
- }
- if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING))
- {
- j=ASN1_PRINTABLE_type(str->data,str->length);
- if ( ((j == V_ASN1_T61STRING) &&
- (str->type != V_ASN1_T61STRING)) ||
- ((j == V_ASN1_IA5STRING) &&
- (str->type == V_ASN1_PRINTABLESTRING)))
- {
- BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
- goto err;
- }
- }
-
- if (default_op)
- old_entry_print(bio_err, obj, str);
- }
-
- /* Ok, now we check the 'policy' stuff. */
- if ((subject=X509_NAME_new()) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
-
- /* take a copy of the issuer name before we mess with it. */
- if (selfsign)
- CAname=X509_NAME_dup(name);
- else
- CAname=X509_NAME_dup(x509->cert_info->subject);
- if (CAname == NULL) goto err;
- str=str2=NULL;
-
- for (i=0; i<sk_CONF_VALUE_num(policy); i++)
- {
- cv=sk_CONF_VALUE_value(policy,i); /* get the object id */
- if ((j=OBJ_txt2nid(cv->name)) == NID_undef)
- {
- BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);
- goto err;
- }
- obj=OBJ_nid2obj(j);
-
- last= -1;
- for (;;)
- {
- /* lookup the object in the supplied name list */
- j=X509_NAME_get_index_by_OBJ(name,obj,last);
- if (j < 0)
- {
- if (last != -1) break;
- tne=NULL;
- }
- else
- {
- tne=X509_NAME_get_entry(name,j);
- }
- last=j;
-
- /* depending on the 'policy', decide what to do. */
- push=NULL;
- if (strcmp(cv->value,"optional") == 0)
- {
- if (tne != NULL)
- push=tne;
- }
- else if (strcmp(cv->value,"supplied") == 0)
- {
- if (tne == NULL)
- {
- BIO_printf(bio_err,"The %s field needed to be supplied and was missing\n",cv->name);
- goto err;
- }
- else
- push=tne;
- }
- else if (strcmp(cv->value,"match") == 0)
- {
- int last2;
-
- if (tne == NULL)
- {
- BIO_printf(bio_err,"The mandatory %s field was missing\n",cv->name);
- goto err;
- }
-
- last2= -1;
-
-again2:
- j=X509_NAME_get_index_by_OBJ(CAname,obj,last2);
- if ((j < 0) && (last2 == -1))
- {
- BIO_printf(bio_err,"The %s field does not exist in the CA certificate,\nthe 'policy' is misconfigured\n",cv->name);
- goto err;
- }
- if (j >= 0)
- {
- push=X509_NAME_get_entry(CAname,j);
- str=X509_NAME_ENTRY_get_data(tne);
- str2=X509_NAME_ENTRY_get_data(push);
- last2=j;
- if (ASN1_STRING_cmp(str,str2) != 0)
- goto again2;
- }
- if (j < 0)
- {
- BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str2 == NULL)?"NULL":(char *)str2->data),((str == NULL)?"NULL":(char *)str->data));
- goto err;
- }
- }
- else
- {
- BIO_printf(bio_err,"%s:invalid type in 'policy' configuration\n",cv->value);
- goto err;
- }
-
- if (push != NULL)
- {
- if (!X509_NAME_add_entry(subject,push, -1, 0))
- {
- if (push != NULL)
- X509_NAME_ENTRY_free(push);
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- }
- if (j < 0) break;
- }
- }
-
- if (preserve)
- {
- X509_NAME_free(subject);
- /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
- subject=X509_NAME_dup(name);
- if (subject == NULL) goto err;
- }
-
- if (verbose)
- BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
-
- /* Build the correct Subject if no e-mail is wanted in the subject */
- /* and add it later on because of the method extensions are added (altName) */
-
- if (email_dn)
- dn_subject = subject;
- else
- {
- X509_NAME_ENTRY *tmpne;
- /* Its best to dup the subject DN and then delete any email
- * addresses because this retains its structure.
- */
- if (!(dn_subject = X509_NAME_dup(subject)))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- while((i = X509_NAME_get_index_by_NID(dn_subject,
- NID_pkcs9_emailAddress, -1)) >= 0)
- {
- tmpne = X509_NAME_get_entry(dn_subject, i);
- X509_NAME_delete_entry(dn_subject, i);
- X509_NAME_ENTRY_free(tmpne);
- }
- }
-
- if (BN_is_zero(serial))
- row[DB_serial]=BUF_strdup("00");
- else
- row[DB_serial]=BN_bn2hex(serial);
- if (row[DB_serial] == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
-
- if (db->attributes.unique_subject)
- {
- rrow=TXT_DB_get_by_index(db->db,DB_name,row);
- if (rrow != NULL)
- {
- BIO_printf(bio_err,
- "ERROR:There is already a certificate for %s\n",
- row[DB_name]);
- }
- }
- if (rrow == NULL)
- {
- rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
- if (rrow != NULL)
- {
- BIO_printf(bio_err,"ERROR:Serial number %s has already been issued,\n",
- row[DB_serial]);
- BIO_printf(bio_err," check the database/serial_file for corruption\n");
- }
- }
-
- if (rrow != NULL)
- {
- BIO_printf(bio_err,
- "The matching entry has the following details\n");
- if (rrow[DB_type][0] == 'E')
- p="Expired";
- else if (rrow[DB_type][0] == 'R')
- p="Revoked";
- else if (rrow[DB_type][0] == 'V')
- p="Valid";
- else
- p="\ninvalid type, Data base error\n";
- BIO_printf(bio_err,"Type :%s\n",p);;
- if (rrow[DB_type][0] == 'R')
- {
- p=rrow[DB_exp_date]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"Was revoked on:%s\n",p);
- }
- p=rrow[DB_exp_date]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"Expires on :%s\n",p);
- p=rrow[DB_serial]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"Serial Number :%s\n",p);
- p=rrow[DB_file]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"File name :%s\n",p);
- p=rrow[DB_name]; if (p == NULL) p="undef";
- BIO_printf(bio_err,"Subject Name :%s\n",p);
- ok= -1; /* This is now a 'bad' error. */
- goto err;
- }
-
- /* We are now totally happy, lets make and sign the certificate */
- if (verbose)
- BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
-
- if ((ret=X509_new()) == NULL) goto err;
- ci=ret->cert_info;
-
-#ifdef X509_V3
- /* Make it an X509 v3 certificate. */
- if (!X509_set_version(ret,2)) goto err;
-#endif
-
- if (BN_to_ASN1_INTEGER(serial,ci->serialNumber) == NULL)
- goto err;
- if (selfsign)
- {
- if (!X509_set_issuer_name(ret,subject))
- goto err;
- }
- else
- {
- if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))
- goto err;
- }
-
- if (strcmp(startdate,"today") == 0)
- X509_gmtime_adj(X509_get_notBefore(ret),0);
- else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
-
- if (enddate == NULL)
- X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
- else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
-
- if (!X509_set_subject_name(ret,subject)) goto err;
-
- pktmp=X509_REQ_get_pubkey(req);
- i = X509_set_pubkey(ret,pktmp);
- EVP_PKEY_free(pktmp);
- if (!i) goto err;
-
- /* Lets add the extensions, if there are any */
- if (ext_sect)
- {
- X509V3_CTX ctx;
- if (ci->version == NULL)
- if ((ci->version=ASN1_INTEGER_new()) == NULL)
- goto err;
- ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */
-
- /* Free the current entries if any, there should not
- * be any I believe */
- if (ci->extensions != NULL)
- sk_X509_EXTENSION_pop_free(ci->extensions,
- X509_EXTENSION_free);
-
- ci->extensions = NULL;
-
- /* Initialize the context structure */
- if (selfsign)
- X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0);
- else
- X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
-
- if (extconf)
- {
- if (verbose)
- BIO_printf(bio_err, "Extra configuration file found\n");
-
- /* Use the extconf configuration db LHASH */
- X509V3_set_nconf(&ctx, extconf);
-
- /* Test the structure (needed?) */
- /* X509V3_set_ctx_test(&ctx); */
-
- /* Adds exts contained in the configuration file */
- if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
- {
- BIO_printf(bio_err,
- "ERROR: adding extensions in section %s\n",
- ext_sect);
- ERR_print_errors(bio_err);
- goto err;
- }
- if (verbose)
- BIO_printf(bio_err, "Successfully added extensions from file.\n");
- }
- else if (ext_sect)
- {
- /* We found extensions to be set from config file */
- X509V3_set_nconf(&ctx, lconf);
-
- if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
- {
- BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
- ERR_print_errors(bio_err);
- goto err;
- }
-
- if (verbose)
- BIO_printf(bio_err, "Successfully added extensions from config\n");
- }
- }
-
- /* Copy extensions from request (if any) */
-
- if (!copy_extensions(ret, req, ext_copy))
- {
- BIO_printf(bio_err, "ERROR: adding extensions from request\n");
- ERR_print_errors(bio_err);
- goto err;
- }
-
- /* Set the right value for the noemailDN option */
- if( email_dn == 0 )
- {
- if (!X509_set_subject_name(ret,dn_subject)) goto err;
- }
-
- if (!default_op)
- {
- BIO_printf(bio_err, "Certificate Details:\n");
- /* Never print signature details because signature not present */
- certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
- X509_print_ex(bio_err, ret, nameopt, certopt);
- }
-
- BIO_printf(bio_err,"Certificate is to be certified until ");
- ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
- if (days) BIO_printf(bio_err," (%ld days)",days);
- BIO_printf(bio_err, "\n");
-
- if (!batch)
- {
-
- BIO_printf(bio_err,"Sign the certificate? [y/n]:");
- (void)BIO_flush(bio_err);
- buf[0]='\0';
- fgets(buf,sizeof(buf)-1,stdin);
- if (!((buf[0] == 'y') || (buf[0] == 'Y')))
- {
- BIO_printf(bio_err,"CERTIFICATE WILL NOT BE CERTIFIED\n");
- ok=0;
- goto err;
- }
- }
-
-
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
- pktmp=X509_get_pubkey(ret);
- if (EVP_PKEY_missing_parameters(pktmp) &&
- !EVP_PKEY_missing_parameters(pkey))
- EVP_PKEY_copy_parameters(pktmp,pkey);
- EVP_PKEY_free(pktmp);
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- dgst = EVP_ecdsa();
- pktmp = X509_get_pubkey(ret);
- if (EVP_PKEY_missing_parameters(pktmp) &&
- !EVP_PKEY_missing_parameters(pkey))
- EVP_PKEY_copy_parameters(pktmp, pkey);
- EVP_PKEY_free(pktmp);
-#endif
-
-
- if (!X509_sign(ret,pkey,dgst))
- goto err;
-
- /* We now just add it to the database */
- row[DB_type]=(char *)OPENSSL_malloc(2);
-
- tm=X509_get_notAfter(ret);
- row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
- memcpy(row[DB_exp_date],tm->data,tm->length);
- row[DB_exp_date][tm->length]='\0';
-
- row[DB_rev_date]=NULL;
-
- /* row[DB_serial] done already */
- row[DB_file]=(char *)OPENSSL_malloc(8);
- row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0);
-
- if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
- (row[DB_file] == NULL) || (row[DB_name] == NULL))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- BUF_strlcpy(row[DB_file],"unknown",8);
- row[DB_type][0]='V';
- row[DB_type][1]='\0';
-
- if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
-
- for (i=0; i<DB_NUMBER; i++)
- {
- irow[i]=row[i];
- row[i]=NULL;
- }
- irow[DB_NUMBER]=NULL;
-
- if (!TXT_DB_insert(db->db,irow))
- {
- BIO_printf(bio_err,"failed to update database\n");
- BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
- goto err;
- }
- ok=1;
-err:
- for (i=0; i<DB_NUMBER; i++)
- if (row[i] != NULL) OPENSSL_free(row[i]);
-
- if (CAname != NULL)
- X509_NAME_free(CAname);
- if (subject != NULL)
- X509_NAME_free(subject);
- if ((dn_subject != NULL) && !email_dn)
- X509_NAME_free(dn_subject);
- if (tmptm != NULL)
- ASN1_UTCTIME_free(tmptm);
- if (ok <= 0)
- {
- if (ret != NULL) X509_free(ret);
- ret=NULL;
- }
- else
- *xret=ret;
- return(ok);
- }
-
-static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
- {
-
- if (output_der)
- {
- (void)i2d_X509_bio(bp,x);
- return;
- }
-#if 0
- /* ??? Not needed since X509_print prints all this stuff anyway */
- f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
- BIO_printf(bp,"issuer :%s\n",f);
-
- f=X509_NAME_oneline(X509_get_subject_name(x),buf,256);
- BIO_printf(bp,"subject:%s\n",f);
-
- BIO_puts(bp,"serial :");
- i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
- BIO_puts(bp,"\n\n");
-#endif
- if (!notext)X509_print(bp,x);
- PEM_write_bio_X509(bp,x);
- }
-
-static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
- const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, CA_DB *db,
- BIGNUM *serial, char *subj,unsigned long chtype, int multirdn, int email_dn, char *startdate, char *enddate,
- long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
- unsigned long nameopt, int default_op, int ext_copy)
- {
- STACK_OF(CONF_VALUE) *sk=NULL;
- LHASH *parms=NULL;
- X509_REQ *req=NULL;
- CONF_VALUE *cv=NULL;
- NETSCAPE_SPKI *spki = NULL;
- X509_REQ_INFO *ri;
- char *type,*buf;
- EVP_PKEY *pktmp=NULL;
- X509_NAME *n=NULL;
- X509_NAME_ENTRY *ne=NULL;
- int ok= -1,i,j;
- long errline;
- int nid;
-
- /*
- * Load input file into a hash table. (This is just an easy
- * way to read and parse the file, then put it into a convenient
- * STACK format).
- */
- parms=CONF_load(NULL,infile,&errline);
- if (parms == NULL)
- {
- BIO_printf(bio_err,"error on line %ld of %s\n",errline,infile);
- ERR_print_errors(bio_err);
- goto err;
- }
-
- sk=CONF_get_section(parms, "default");
- if (sk_CONF_VALUE_num(sk) == 0)
- {
- BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
- CONF_free(parms);
- goto err;
- }
-
- /*
- * Now create a dummy X509 request structure. We don't actually
- * have an X509 request, but we have many of the components
- * (a public key, various DN components). The idea is that we
- * put these components into the right X509 request structure
- * and we can use the same code as if you had a real X509 request.
- */
- req=X509_REQ_new();
- if (req == NULL)
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- /*
- * Build up the subject name set.
- */
- ri=req->req_info;
- n = ri->subject;
-
- for (i = 0; ; i++)
- {
- if (sk_CONF_VALUE_num(sk) <= i) break;
-
- cv=sk_CONF_VALUE_value(sk,i);
- type=cv->name;
- /* Skip past any leading X. X: X, etc to allow for
- * multiple instances
- */
- for (buf = cv->name; *buf ; buf++)
- if ((*buf == ':') || (*buf == ',') || (*buf == '.'))
- {
- buf++;
- if (*buf) type = buf;
- break;
- }
-
- buf=cv->value;
- if ((nid=OBJ_txt2nid(type)) == NID_undef)
- {
- if (strcmp(type, "SPKAC") == 0)
- {
- spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
- if (spki == NULL)
- {
- BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- }
- continue;
- }
-
- /*
- if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))
- continue;
- */
-
- j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
- if (fix_data(nid, &j) == 0)
- {
- BIO_printf(bio_err,
- "invalid characters in string %s\n",buf);
- goto err;
- }
-
- if ((ne=X509_NAME_ENTRY_create_by_NID(&ne,nid,j,
- (unsigned char *)buf,
- strlen(buf))) == NULL)
- goto err;
-
- if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err;
- }
- if (spki == NULL)
- {
- BIO_printf(bio_err,"Netscape SPKAC structure not found in %s\n",
- infile);
- goto err;
- }
-
- /*
- * Now extract the key from the SPKI structure.
- */
-
- BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n");
-
- if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL)
- {
- BIO_printf(bio_err,"error unpacking SPKAC public key\n");
- goto err;
- }
-
- j = NETSCAPE_SPKI_verify(spki, pktmp);
- if (j <= 0)
- {
- BIO_printf(bio_err,"signature verification failed on SPKAC public key\n");
- goto err;
- }
- BIO_printf(bio_err,"Signature ok\n");
-
- X509_REQ_set_pubkey(req,pktmp);
- EVP_PKEY_free(pktmp);
- ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,chtype,multirdn,email_dn,startdate,enddate,
- days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op,
- ext_copy, 0);
-err:
- if (req != NULL) X509_REQ_free(req);
- if (parms != NULL) CONF_free(parms);
- if (spki != NULL) NETSCAPE_SPKI_free(spki);
- if (ne != NULL) X509_NAME_ENTRY_free(ne);
-
- return(ok);
- }
-
-static int fix_data(int nid, int *type)
- {
- if (nid == NID_pkcs9_emailAddress)
- *type=V_ASN1_IA5STRING;
- if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
- *type=V_ASN1_T61STRING;
- if ((nid == NID_pkcs9_challengePassword) && (*type == V_ASN1_IA5STRING))
- *type=V_ASN1_T61STRING;
- if ((nid == NID_pkcs9_unstructuredName) && (*type == V_ASN1_T61STRING))
- return(0);
- if (nid == NID_pkcs9_unstructuredName)
- *type=V_ASN1_IA5STRING;
- return(1);
- }
-
-static int check_time_format(char *str)
- {
- ASN1_UTCTIME tm;
-
- tm.data=(unsigned char *)str;
- tm.length=strlen(str);
- tm.type=V_ASN1_UTCTIME;
- return(ASN1_UTCTIME_check(&tm));
- }
-
-static int do_revoke(X509 *x509, CA_DB *db, int type, char *value)
- {
- ASN1_UTCTIME *tm=NULL;
- char *row[DB_NUMBER],**rrow,**irow;
- char *rev_str = NULL;
- BIGNUM *bn = NULL;
- int ok=-1,i;
-
- for (i=0; i<DB_NUMBER; i++)
- row[i]=NULL;
- row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
- bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
- if (BN_is_zero(bn))
- row[DB_serial]=BUF_strdup("00");
- else
- row[DB_serial]=BN_bn2hex(bn);
- BN_free(bn);
- if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- /* We have to lookup by serial number because name lookup
- * skips revoked certs
- */
- rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
- if (rrow == NULL)
- {
- BIO_printf(bio_err,"Adding Entry with serial number %s to DB for %s\n", row[DB_serial], row[DB_name]);
-
- /* We now just add it to the database */
- row[DB_type]=(char *)OPENSSL_malloc(2);
-
- tm=X509_get_notAfter(x509);
- row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
- memcpy(row[DB_exp_date],tm->data,tm->length);
- row[DB_exp_date][tm->length]='\0';
-
- row[DB_rev_date]=NULL;
-
- /* row[DB_serial] done already */
- row[DB_file]=(char *)OPENSSL_malloc(8);
-
- /* row[DB_name] done already */
-
- if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
- (row[DB_file] == NULL))
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
- BUF_strlcpy(row[DB_file],"unknown",8);
- row[DB_type][0]='V';
- row[DB_type][1]='\0';
-
- if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto err;
- }
-
- for (i=0; i<DB_NUMBER; i++)
- {
- irow[i]=row[i];
- row[i]=NULL;
- }
- irow[DB_NUMBER]=NULL;
-
- if (!TXT_DB_insert(db->db,irow))
- {
- BIO_printf(bio_err,"failed to update database\n");
- BIO_printf(bio_err,"TXT_DB error number %ld\n",db->db->error);
- goto err;
- }
-
- /* Revoke Certificate */
- ok = do_revoke(x509,db, type, value);
-
- goto err;
-
- }
- else if (index_name_cmp((const char **)row,(const char **)rrow))
- {
- BIO_printf(bio_err,"ERROR:name does not match %s\n",
- row[DB_name]);
- goto err;
- }
- else if (rrow[DB_type][0]=='R')
- {
- BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
- row[DB_serial]);
- goto err;
- }
- else
- {
- BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);
- rev_str = make_revocation_str(type, value);
- if (!rev_str)
- {
- BIO_printf(bio_err, "Error in revocation arguments\n");
- goto err;
- }
- rrow[DB_type][0]='R';
- rrow[DB_type][1]='\0';
- rrow[DB_rev_date] = rev_str;
- }
- ok=1;
-err:
- for (i=0; i<DB_NUMBER; i++)
- {
- if (row[i] != NULL)
- OPENSSL_free(row[i]);
- }
- return(ok);
- }
-
-static int get_certificate_status(const char *serial, CA_DB *db)
- {
- char *row[DB_NUMBER],**rrow;
- int ok=-1,i;
-
- /* Free Resources */
- for (i=0; i<DB_NUMBER; i++)
- row[i]=NULL;
-
- /* Malloc needed char spaces */
- row[DB_serial] = OPENSSL_malloc(strlen(serial) + 2);
- if (row[DB_serial] == NULL)
- {
- BIO_printf(bio_err,"Malloc failure\n");
- goto err;
- }
-
- if (strlen(serial) % 2)
- {
- /* Set the first char to 0 */;
- row[DB_serial][0]='0';
-
- /* Copy String from serial to row[DB_serial] */
- memcpy(row[DB_serial]+1, serial, strlen(serial));
- row[DB_serial][strlen(serial)+1]='\0';
- }
- else
- {
- /* Copy String from serial to row[DB_serial] */
- memcpy(row[DB_serial], serial, strlen(serial));
- row[DB_serial][strlen(serial)]='\0';
- }
-
- /* Make it Upper Case */
- for (i=0; row[DB_serial][i] != '\0'; i++)
- row[DB_serial][i] = toupper(row[DB_serial][i]);
-
-
- ok=1;
-
- /* Search for the certificate */
- rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
- if (rrow == NULL)
- {
- BIO_printf(bio_err,"Serial %s not present in db.\n",
- row[DB_serial]);
- ok=-1;
- goto err;
- }
- else if (rrow[DB_type][0]=='V')
- {
- BIO_printf(bio_err,"%s=Valid (%c)\n",
- row[DB_serial], rrow[DB_type][0]);
- goto err;
- }
- else if (rrow[DB_type][0]=='R')
- {
- BIO_printf(bio_err,"%s=Revoked (%c)\n",
- row[DB_serial], rrow[DB_type][0]);
- goto err;
- }
- else if (rrow[DB_type][0]=='E')
- {
- BIO_printf(bio_err,"%s=Expired (%c)\n",
- row[DB_serial], rrow[DB_type][0]);
- goto err;
- }
- else if (rrow[DB_type][0]=='S')
- {
- BIO_printf(bio_err,"%s=Suspended (%c)\n",
- row[DB_serial], rrow[DB_type][0]);
- goto err;
- }
- else
- {
- BIO_printf(bio_err,"%s=Unknown (%c).\n",
- row[DB_serial], rrow[DB_type][0]);
- ok=-1;
- }
-err:
- for (i=0; i<DB_NUMBER; i++)
- {
- if (row[i] != NULL)
- OPENSSL_free(row[i]);
- }
- return(ok);
- }
-
-static int do_updatedb (CA_DB *db)
- {
- ASN1_UTCTIME *a_tm = NULL;
- int i, cnt = 0;
- int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
- char **rrow, *a_tm_s;
-
- a_tm = ASN1_UTCTIME_new();
-
- /* get actual time and make a string */
- a_tm = X509_gmtime_adj(a_tm, 0);
- a_tm_s = (char *) OPENSSL_malloc(a_tm->length+1);
- if (a_tm_s == NULL)
- {
- cnt = -1;
- goto err;
- }
-
- memcpy(a_tm_s, a_tm->data, a_tm->length);
- a_tm_s[a_tm->length] = '\0';
-
- if (strncmp(a_tm_s, "49", 2) <= 0)
- a_y2k = 1;
- else
- a_y2k = 0;
-
- for (i = 0; i < sk_num(db->db->data); i++)
- {
- rrow = (char **) sk_value(db->db->data, i);
-
- if (rrow[DB_type][0] == 'V')
- {
- /* ignore entries that are not valid */
- if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
- db_y2k = 1;
- else
- db_y2k = 0;
-
- if (db_y2k == a_y2k)
- {
- /* all on the same y2k side */
- if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0)
- {
- rrow[DB_type][0] = 'E';
- rrow[DB_type][1] = '\0';
- cnt++;
-
- BIO_printf(bio_err, "%s=Expired\n",
- rrow[DB_serial]);
- }
- }
- else if (db_y2k < a_y2k)
- {
- rrow[DB_type][0] = 'E';
- rrow[DB_type][1] = '\0';
- cnt++;
-
- BIO_printf(bio_err, "%s=Expired\n",
- rrow[DB_serial]);
- }
-
- }
- }
-
-err:
-
- ASN1_UTCTIME_free(a_tm);
- OPENSSL_free(a_tm_s);
-
- return (cnt);
- }
-
-static const char *crl_reasons[] = {
- /* CRL reason strings */
- "unspecified",
- "keyCompromise",
- "CACompromise",
- "affiliationChanged",
- "superseded",
- "cessationOfOperation",
- "certificateHold",
- "removeFromCRL",
- /* Additional pseudo reasons */
- "holdInstruction",
- "keyTime",
- "CAkeyTime"
-};
-
-#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *))
-
-/* Given revocation information convert to a DB string.
- * The format of the string is:
- * revtime[,reason,extra]. Where 'revtime' is the
- * revocation time (the current time). 'reason' is the
- * optional CRL reason and 'extra' is any additional
- * argument
- */
-
-char *make_revocation_str(int rev_type, char *rev_arg)
- {
- char *other = NULL, *str;
- const char *reason = NULL;
- ASN1_OBJECT *otmp;
- ASN1_UTCTIME *revtm = NULL;
- int i;
- switch (rev_type)
- {
- case REV_NONE:
- break;
-
- case REV_CRL_REASON:
- for (i = 0; i < 8; i++)
- {
- if (!strcasecmp(rev_arg, crl_reasons[i]))
- {
- reason = crl_reasons[i];
- break;
- }
- }
- if (reason == NULL)
- {
- BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg);
- return NULL;
- }
- break;
-
- case REV_HOLD:
- /* Argument is an OID */
-
- otmp = OBJ_txt2obj(rev_arg, 0);
- ASN1_OBJECT_free(otmp);
-
- if (otmp == NULL)
- {
- BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);
- return NULL;
- }
-
- reason = "holdInstruction";
- other = rev_arg;
- break;
-
- case REV_KEY_COMPROMISE:
- case REV_CA_COMPROMISE:
-
- /* Argument is the key compromise time */
- if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg))
- {
- BIO_printf(bio_err, "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", rev_arg);
- return NULL;
- }
- other = rev_arg;
- if (rev_type == REV_KEY_COMPROMISE)
- reason = "keyTime";
- else
- reason = "CAkeyTime";
-
- break;
-
- }
-
- revtm = X509_gmtime_adj(NULL, 0);
-
- i = revtm->length + 1;
-
- if (reason) i += strlen(reason) + 1;
- if (other) i += strlen(other) + 1;
-
- str = OPENSSL_malloc(i);
-
- if (!str) return NULL;
-
- BUF_strlcpy(str, (char *)revtm->data, i);
- if (reason)
- {
- BUF_strlcat(str, ",", i);
- BUF_strlcat(str, reason, i);
- }
- if (other)
- {
- BUF_strlcat(str, ",", i);
- BUF_strlcat(str, other, i);
- }
- ASN1_UTCTIME_free(revtm);
- return str;
- }
-
-/* Convert revocation field to X509_REVOKED entry
- * return code:
- * 0 error
- * 1 OK
- * 2 OK and some extensions added (i.e. V2 CRL)
- */
-
-
-int make_revoked(X509_REVOKED *rev, const char *str)
- {
- char *tmp = NULL;
- int reason_code = -1;
- int i, ret = 0;
- ASN1_OBJECT *hold = NULL;
- ASN1_GENERALIZEDTIME *comp_time = NULL;
- ASN1_ENUMERATED *rtmp = NULL;
-
- ASN1_TIME *revDate = NULL;
-
- i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str);
-
- if (i == 0)
- goto err;
-
- if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))
- goto err;
-
- if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS))
- {
- rtmp = ASN1_ENUMERATED_new();
- if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code))
- goto err;
- if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
- goto err;
- }
-
- if (rev && comp_time)
- {
- if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0))
- goto err;
- }
- if (rev && hold)
- {
- if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0))
- goto err;
- }
-
- if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
- ret = 2;
- else ret = 1;
-
- err:
-
- if (tmp) OPENSSL_free(tmp);
- ASN1_OBJECT_free(hold);
- ASN1_GENERALIZEDTIME_free(comp_time);
- ASN1_ENUMERATED_free(rtmp);
- ASN1_TIME_free(revDate);
-
- return ret;
- }
-
-int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
- {
- char buf[25],*pbuf, *p;
- int j;
- j=i2a_ASN1_OBJECT(bp,obj);
- pbuf=buf;
- for (j=22-j; j>0; j--)
- *(pbuf++)=' ';
- *(pbuf++)=':';
- *(pbuf++)='\0';
- BIO_puts(bp,buf);
-
- if (str->type == V_ASN1_PRINTABLESTRING)
- BIO_printf(bp,"PRINTABLE:'");
- else if (str->type == V_ASN1_T61STRING)
- BIO_printf(bp,"T61STRING:'");
- else if (str->type == V_ASN1_IA5STRING)
- BIO_printf(bp,"IA5STRING:'");
- else if (str->type == V_ASN1_UNIVERSALSTRING)
- BIO_printf(bp,"UNIVERSALSTRING:'");
- else
- BIO_printf(bp,"ASN.1 %2d:'",str->type);
-
- p=(char *)str->data;
- for (j=str->length; j>0; j--)
- {
- if ((*p >= ' ') && (*p <= '~'))
- BIO_printf(bp,"%c",*p);
- else if (*p & 0x80)
- BIO_printf(bp,"\\0x%02X",*p);
- else if ((unsigned char)*p == 0xf7)
- BIO_printf(bp,"^?");
- else BIO_printf(bp,"^%c",*p+'@');
- p++;
- }
- BIO_printf(bp,"'\n");
- return 1;
- }
-
-int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, const char *str)
- {
- char *tmp = NULL;
- char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
- int reason_code = -1;
- int ret = 0;
- unsigned int i;
- ASN1_OBJECT *hold = NULL;
- ASN1_GENERALIZEDTIME *comp_time = NULL;
- tmp = BUF_strdup(str);
-
- p = strchr(tmp, ',');
-
- rtime_str = tmp;
-
- if (p)
- {
- *p = '\0';
- p++;
- reason_str = p;
- p = strchr(p, ',');
- if (p)
- {
- *p = '\0';
- arg_str = p + 1;
- }
- }
-
- if (prevtm)
- {
- *prevtm = ASN1_UTCTIME_new();
- if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str))
- {
- BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
- goto err;
- }
- }
- if (reason_str)
- {
- for (i = 0; i < NUM_REASONS; i++)
- {
- if(!strcasecmp(reason_str, crl_reasons[i]))
- {
- reason_code = i;
- break;
- }
- }
- if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS)
- {
- BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
- goto err;
- }
-
- if (reason_code == 7)
- reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
- else if (reason_code == 8) /* Hold instruction */
- {
- if (!arg_str)
- {
- BIO_printf(bio_err, "missing hold instruction\n");
- goto err;
- }
- reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;
- hold = OBJ_txt2obj(arg_str, 0);
-
- if (!hold)
- {
- BIO_printf(bio_err, "invalid object identifier %s\n", arg_str);
- goto err;
- }
- if (phold) *phold = hold;
- }
- else if ((reason_code == 9) || (reason_code == 10))
- {
- if (!arg_str)
- {
- BIO_printf(bio_err, "missing compromised time\n");
- goto err;
- }
- comp_time = ASN1_GENERALIZEDTIME_new();
- if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str))
- {
- BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
- goto err;
- }
- if (reason_code == 9)
- reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;
- else
- reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
- }
- }
-
- if (preason) *preason = reason_code;
- if (pinvtm) *pinvtm = comp_time;
- else ASN1_GENERALIZEDTIME_free(comp_time);
-
- ret = 1;
-
- err:
-
- if (tmp) OPENSSL_free(tmp);
- if (!phold) ASN1_OBJECT_free(hold);
- if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time);
-
- return ret;
- }
diff --git a/crypto/openssl/apps/cert.pem b/crypto/openssl/apps/cert.pem
deleted file mode 100644
index de4a77a..0000000
--- a/crypto/openssl/apps/cert.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBoDCCAUoCAQAwDQYJKoZIhvcNAQEEBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
-VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw05NzA5MDkwMzQxMjZa
-Fw05NzEwMDkwMzQxMjZaMF4xCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0
-YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxFzAVBgNVBAMT
-DkVyaWMgdGhlIFlvdW5nMFEwCQYFKw4DAgwFAANEAAJBALVEqPODnpI4rShlY8S7
-tB713JNvabvn6Gned7zylwLLiXQAo/PAT6mfdWPTyCX9RlId/Aroh1ou893BA32Q
-sggwDQYJKoZIhvcNAQEEBQADQQCU5SSgapJSdRXJoX+CpCvFy+JVh9HpSjCpSNKO
-19raHv98hKAUJuP9HyM+SUsffO6mAIgitUaqW8/wDMePhEC3
------END CERTIFICATE-----
diff --git a/crypto/openssl/apps/ciphers.c b/crypto/openssl/apps/ciphers.c
deleted file mode 100644
index 43f0ac5..0000000
--- a/crypto/openssl/apps/ciphers.c
+++ /dev/null
@@ -1,208 +0,0 @@
-/* apps/ciphers.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG ciphers_main
-
-static const char *ciphers_usage[]={
-"usage: ciphers args\n",
-" -v - verbose mode, a textual listing of the ciphers in SSLeay\n",
-" -ssl2 - SSL2 mode\n",
-" -ssl3 - SSL3 mode\n",
-" -tls1 - TLS1 mode\n",
-NULL
-};
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int ret=1,i;
- int verbose=0;
- const char **pp;
- const char *p;
- int badops=0;
- SSL_CTX *ctx=NULL;
- SSL *ssl=NULL;
- char *ciphers=NULL;
- SSL_METHOD *meth=NULL;
- STACK_OF(SSL_CIPHER) *sk;
- char buf[512];
- BIO *STDout=NULL;
-
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- meth=SSLv23_server_method();
-#elif !defined(OPENSSL_NO_SSL3)
- meth=SSLv3_server_method();
-#elif !defined(OPENSSL_NO_SSL2)
- meth=SSLv2_server_method();
-#endif
-
- apps_startup();
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
- STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- STDout = BIO_push(tmpbio, STDout);
- }
-#endif
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-v") == 0)
- verbose=1;
-#ifndef OPENSSL_NO_SSL2
- else if (strcmp(*argv,"-ssl2") == 0)
- meth=SSLv2_client_method();
-#endif
-#ifndef OPENSSL_NO_SSL3
- else if (strcmp(*argv,"-ssl3") == 0)
- meth=SSLv3_client_method();
-#endif
-#ifndef OPENSSL_NO_TLS1
- else if (strcmp(*argv,"-tls1") == 0)
- meth=TLSv1_client_method();
-#endif
- else if ((strncmp(*argv,"-h",2) == 0) ||
- (strcmp(*argv,"-?") == 0))
- {
- badops=1;
- break;
- }
- else
- {
- ciphers= *argv;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
- for (pp=ciphers_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
- goto end;
- }
-
- OpenSSL_add_ssl_algorithms();
-
- ctx=SSL_CTX_new(meth);
- if (ctx == NULL) goto err;
- if (ciphers != NULL) {
- if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
- BIO_printf(bio_err, "Error in cipher list\n");
- goto err;
- }
- }
- ssl=SSL_new(ctx);
- if (ssl == NULL) goto err;
-
-
- if (!verbose)
- {
- for (i=0; ; i++)
- {
- p=SSL_get_cipher_list(ssl,i);
- if (p == NULL) break;
- if (i != 0) BIO_printf(STDout,":");
- BIO_printf(STDout,"%s",p);
- }
- BIO_printf(STDout,"\n");
- }
- else
- {
- sk=SSL_get_ciphers(ssl);
-
- for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- {
- BIO_puts(STDout,SSL_CIPHER_description(
- sk_SSL_CIPHER_value(sk,i),
- buf,sizeof buf));
- }
- }
-
- ret=0;
- if (0)
- {
-err:
- SSL_load_error_strings();
- ERR_print_errors(bio_err);
- }
-end:
- if (ctx != NULL) SSL_CTX_free(ctx);
- if (ssl != NULL) SSL_free(ssl);
- if (STDout != NULL) BIO_free_all(STDout);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
diff --git a/crypto/openssl/apps/client.pem b/crypto/openssl/apps/client.pem
deleted file mode 100644
index 307910e..0000000
--- a/crypto/openssl/apps/client.pem
+++ /dev/null
@@ -1,24 +0,0 @@
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Client test cert (512 bit)
------BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQIwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU2WhcNOTgwNjA5
-MTM1NzU2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
-A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0IGNl
-cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i2Plw
-Z1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs62NNt
-XrT8odkCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBwtMmI7oGUG8nKmftQssATViH5
-NRRtoEw07DxJp/LfatHdrhqQB73eGdL5WILZJXk46Xz2e9WMSUjVCSYhdKxtflU3
-UR2Ajv1Oo0sTNdfz0wDqJNirLNtzyhhsaq8qMTrLwXrCP31VxBiigFSQSUFnZyTE
-9TKwhS4GlwbtCfxSKQ==
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
-q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
-/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
-HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
-ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
-nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
-ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/apps/crl.c b/crypto/openssl/apps/crl.c
deleted file mode 100644
index a0040fb..0000000
--- a/crypto/openssl/apps/crl.c
+++ /dev/null
@@ -1,429 +0,0 @@
-/* apps/crl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG crl_main
-
-#undef POSTFIX
-#define POSTFIX ".rvk"
-
-static const char *crl_usage[]={
-"usage: crl args\n",
-"\n",
-" -inform arg - input format - default PEM (DER or PEM)\n",
-" -outform arg - output format - default PEM\n",
-" -text - print out a text format version\n",
-" -in arg - input file - default stdin\n",
-" -out arg - output file - default stdout\n",
-" -hash - print hash value\n",
-" -fingerprint - print the crl fingerprint\n",
-" -issuer - print issuer DN\n",
-" -lastupdate - lastUpdate field\n",
-" -nextupdate - nextUpdate field\n",
-" -noout - no CRL output\n",
-" -CAfile name - verify CRL using certificates in file \"name\"\n",
-" -CApath dir - verify CRL using certificates in \"dir\"\n",
-" -nameopt arg - various certificate name options\n",
-NULL
-};
-
-static X509_CRL *load_crl(char *file, int format);
-static BIO *bio_out=NULL;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- unsigned long nmflag = 0;
- X509_CRL *x=NULL;
- char *CAfile = NULL, *CApath = NULL;
- int ret=1,i,num,badops=0;
- BIO *out=NULL;
- int informat,outformat;
- char *infile=NULL,*outfile=NULL;
- int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
- int fingerprint = 0;
- const char **pp;
- X509_STORE *store = NULL;
- X509_STORE_CTX ctx;
- X509_LOOKUP *lookup = NULL;
- X509_OBJECT xobj;
- EVP_PKEY *pkey;
- int do_ver = 0;
- const EVP_MD *md_alg,*digest=EVP_sha1();
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- if (bio_out == NULL)
- if ((bio_out=BIO_new(BIO_s_file())) != NULL)
- {
- BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- bio_out = BIO_push(tmpbio, bio_out);
- }
-#endif
- }
-
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- argc--;
- argv++;
- num=0;
- while (argc >= 1)
- {
-#ifdef undef
- if (strcmp(*argv,"-p") == 0)
- {
- if (--argc < 1) goto bad;
- if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/
- }
-#endif
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-CApath") == 0)
- {
- if (--argc < 1) goto bad;
- CApath = *(++argv);
- do_ver = 1;
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile = *(++argv);
- do_ver = 1;
- }
- else if (strcmp(*argv,"-verify") == 0)
- do_ver = 1;
- else if (strcmp(*argv,"-text") == 0)
- text = 1;
- else if (strcmp(*argv,"-hash") == 0)
- hash= ++num;
- else if (strcmp(*argv,"-nameopt") == 0)
- {
- if (--argc < 1) goto bad;
- if (!set_name_ex(&nmflag, *(++argv))) goto bad;
- }
- else if (strcmp(*argv,"-issuer") == 0)
- issuer= ++num;
- else if (strcmp(*argv,"-lastupdate") == 0)
- lastupdate= ++num;
- else if (strcmp(*argv,"-nextupdate") == 0)
- nextupdate= ++num;
- else if (strcmp(*argv,"-noout") == 0)
- noout= ++num;
- else if (strcmp(*argv,"-fingerprint") == 0)
- fingerprint= ++num;
- else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
- {
- /* ok */
- digest=md_alg;
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- for (pp=crl_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
- goto end;
- }
-
- ERR_load_crypto_strings();
- x=load_crl(infile,informat);
- if (x == NULL) { goto end; }
-
- if(do_ver) {
- store = X509_STORE_new();
- lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
- if (lookup == NULL) goto end;
- if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
- X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
- if (lookup == NULL) goto end;
- if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
- X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
- ERR_clear_error();
-
- if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
- BIO_printf(bio_err,
- "Error initialising X509 store\n");
- goto end;
- }
-
- i = X509_STORE_get_by_subject(&ctx, X509_LU_X509,
- X509_CRL_get_issuer(x), &xobj);
- if(i <= 0) {
- BIO_printf(bio_err,
- "Error getting CRL issuer certificate\n");
- goto end;
- }
- pkey = X509_get_pubkey(xobj.data.x509);
- X509_OBJECT_free_contents(&xobj);
- if(!pkey) {
- BIO_printf(bio_err,
- "Error getting CRL issuer public key\n");
- goto end;
- }
- i = X509_CRL_verify(x, pkey);
- EVP_PKEY_free(pkey);
- if(i < 0) goto end;
- if(i == 0) BIO_printf(bio_err, "verify failure\n");
- else BIO_printf(bio_err, "verify OK\n");
- }
-
- if (num)
- {
- for (i=1; i<=num; i++)
- {
- if (issuer == i)
- {
- print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
- }
-
- if (hash == i)
- {
- BIO_printf(bio_out,"%08lx\n",
- X509_NAME_hash(X509_CRL_get_issuer(x)));
- }
- if (lastupdate == i)
- {
- BIO_printf(bio_out,"lastUpdate=");
- ASN1_TIME_print(bio_out,
- X509_CRL_get_lastUpdate(x));
- BIO_printf(bio_out,"\n");
- }
- if (nextupdate == i)
- {
- BIO_printf(bio_out,"nextUpdate=");
- if (X509_CRL_get_nextUpdate(x))
- ASN1_TIME_print(bio_out,
- X509_CRL_get_nextUpdate(x));
- else
- BIO_printf(bio_out,"NONE");
- BIO_printf(bio_out,"\n");
- }
- if (fingerprint == i)
- {
- int j;
- unsigned int n;
- unsigned char md[EVP_MAX_MD_SIZE];
-
- if (!X509_CRL_digest(x,digest,md,&n))
- {
- BIO_printf(bio_err,"out of memory\n");
- goto end;
- }
- BIO_printf(bio_out,"%s Fingerprint=",
- OBJ_nid2sn(EVP_MD_type(digest)));
- for (j=0; j<(int)n; j++)
- {
- BIO_printf(bio_out,"%02X%c",md[j],
- (j+1 == (int)n)
- ?'\n':':');
- }
- }
- }
- }
-
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (text) X509_CRL_print(out, x);
-
- if (noout)
- {
- ret = 0;
- goto end;
- }
-
- if (outformat == FORMAT_ASN1)
- i=(int)i2d_X509_CRL_bio(out,x);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_X509_CRL(out,x);
- else
- {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
- ret=0;
-end:
- BIO_free_all(out);
- BIO_free_all(bio_out);
- bio_out=NULL;
- X509_CRL_free(x);
- if(store) {
- X509_STORE_CTX_cleanup(&ctx);
- X509_STORE_free(store);
- }
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static X509_CRL *load_crl(char *infile, int format)
- {
- X509_CRL *x=NULL;
- BIO *in=NULL;
-
- in=BIO_new(BIO_s_file());
- if (in == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
- if (format == FORMAT_ASN1)
- x=d2i_X509_CRL_bio(in,NULL);
- else if (format == FORMAT_PEM)
- x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
- else {
- BIO_printf(bio_err,"bad input format specified for input crl\n");
- goto end;
- }
- if (x == NULL)
- {
- BIO_printf(bio_err,"unable to load CRL\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
-end:
- BIO_free(in);
- return(x);
- }
-
diff --git a/crypto/openssl/apps/crl2p7.c b/crypto/openssl/apps/crl2p7.c
deleted file mode 100644
index b2f2d12..0000000
--- a/crypto/openssl/apps/crl2p7.c
+++ /dev/null
@@ -1,345 +0,0 @@
-/* apps/crl2p7.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
- * and donated 'to the cause' along with lots and lots of other fixes to
- * the library. */
-
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-#include <openssl/objects.h>
-
-static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
-#undef PROG
-#define PROG crl2pkcs7_main
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int i,badops=0;
- BIO *in=NULL,*out=NULL;
- int informat,outformat;
- char *infile,*outfile,*prog,*certfile;
- PKCS7 *p7 = NULL;
- PKCS7_SIGNED *p7s = NULL;
- X509_CRL *crl=NULL;
- STACK *certflst=NULL;
- STACK_OF(X509_CRL) *crl_stack=NULL;
- STACK_OF(X509) *cert_stack=NULL;
- int ret=1,nocrl=0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-nocrl") == 0)
- {
- nocrl=1;
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-certfile") == 0)
- {
- if (--argc < 1) goto bad;
- if(!certflst) certflst = sk_new_null();
- sk_push(certflst,*(++argv));
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
- BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -certfile arg certificates file of chain to a trusted CA\n");
- BIO_printf(bio_err," (can be used more than once)\n");
- BIO_printf(bio_err," -nocrl no crl to load, just certs from '-certfile'\n");
- ret = 1;
- goto end;
- }
-
- ERR_load_crypto_strings();
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (!nocrl)
- {
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
- if (informat == FORMAT_ASN1)
- crl=d2i_X509_CRL_bio(in,NULL);
- else if (informat == FORMAT_PEM)
- crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
- else {
- BIO_printf(bio_err,"bad input format specified for input crl\n");
- goto end;
- }
- if (crl == NULL)
- {
- BIO_printf(bio_err,"unable to load CRL\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if ((p7=PKCS7_new()) == NULL) goto end;
- if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
- p7->type=OBJ_nid2obj(NID_pkcs7_signed);
- p7->d.sign=p7s;
- p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
-
- if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
- if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
- p7s->crl=crl_stack;
- if (crl != NULL)
- {
- sk_X509_CRL_push(crl_stack,crl);
- crl=NULL; /* now part of p7 for OPENSSL_freeing */
- }
-
- if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
- p7s->cert=cert_stack;
-
- if(certflst) for(i = 0; i < sk_num(certflst); i++) {
- certfile = sk_value(certflst, i);
- if (add_certs_from_file(cert_stack,certfile) < 0)
- {
- BIO_printf(bio_err, "error loading certificates\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- sk_free(certflst);
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (outformat == FORMAT_ASN1)
- i=i2d_PKCS7_bio(out,p7);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_PKCS7(out,p7);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write pkcs7 object\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- ret=0;
-end:
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (p7 != NULL) PKCS7_free(p7);
- if (crl != NULL) X509_CRL_free(crl);
-
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-/*
- *----------------------------------------------------------------------
- * int add_certs_from_file
- *
- * Read a list of certificates to be checked from a file.
- *
- * Results:
- * number of certs added if successful, -1 if not.
- *----------------------------------------------------------------------
- */
-static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
- {
- struct stat st;
- BIO *in=NULL;
- int count=0;
- int ret= -1;
- STACK_OF(X509_INFO) *sk=NULL;
- X509_INFO *xi;
-
- if ((stat(certfile,&st) != 0))
- {
- BIO_printf(bio_err,"unable to load the file, %s\n",certfile);
- goto end;
- }
-
- in=BIO_new(BIO_s_file());
- if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
- {
- BIO_printf(bio_err,"error opening the file, %s\n",certfile);
- goto end;
- }
-
- /* This loads from a file, a stack of x509/crl/pkey sets */
- sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL);
- if (sk == NULL) {
- BIO_printf(bio_err,"error reading the file, %s\n",certfile);
- goto end;
- }
-
- /* scan over it and pull out the CRL's */
- while (sk_X509_INFO_num(sk))
- {
- xi=sk_X509_INFO_shift(sk);
- if (xi->x509 != NULL)
- {
- sk_X509_push(stack,xi->x509);
- xi->x509=NULL;
- count++;
- }
- X509_INFO_free(xi);
- }
-
- ret=count;
-end:
- /* never need to OPENSSL_free x */
- if (in != NULL) BIO_free(in);
- if (sk != NULL) sk_X509_INFO_free(sk);
- return(ret);
- }
-
diff --git a/crypto/openssl/apps/demoCA/cacert.pem b/crypto/openssl/apps/demoCA/cacert.pem
deleted file mode 100644
index affbce3..0000000
--- a/crypto/openssl/apps/demoCA/cacert.pem
+++ /dev/null
@@ -1,14 +0,0 @@
-subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
------BEGIN X509 CERTIFICATE-----
-
-MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
-BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
-MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
-RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
-BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
-LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
-/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
-DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
-IMs6ZOZB
------END X509 CERTIFICATE-----
diff --git a/crypto/openssl/apps/demoCA/index.txt b/crypto/openssl/apps/demoCA/index.txt
deleted file mode 100644
index 2cdd252..0000000
--- a/crypto/openssl/apps/demoCA/index.txt
+++ /dev/null
@@ -1,39 +0,0 @@
-R 980705233205Z 951009233205Z 01 certs/00000001 /CN=Eric Young
-E 951009233205Z 02 certs/00000002 /CN=Duncan Young
-R 980705233205Z 951201010000Z 03 certs/00000003 /CN=Tim Hudson
-V 980705233205Z 04 certs/00000004 /CN=Eric Young4
-V 980705233205Z 05 certs/00000004 /CN=Eric Young5
-V 980705233205Z 06 certs/00000004 /CN=Eric Young6
-V 980705233205Z 07 certs/00000004 /CN=Eric Young7
-V 980705233205Z 08 certs/00000004 /CN=Eric Young8
-V 980705233205Z 09 certs/00000004 /CN=Eric Young9
-V 980705233205Z 0A certs/00000004 /CN=Eric YoungA
-V 980705233205Z 0B certs/00000004 /CN=Eric YoungB
-V 980705233205Z 0C certs/00000004 /CN=Eric YoungC
-V 980705233205Z 0D certs/00000004 /CN=Eric YoungD
-V 980705233205Z 0E certs/00000004 /CN=Eric YoungE
-V 980705233205Z 0F certs/00000004 /CN=Eric YoungF
-V 980705233205Z 10 certs/00000004 /CN=Eric Young10
-V 980705233205Z 11 certs/00000004 /CN=Eric Young11
-V 980705233205Z 12 certs/00000004 /CN=Eric Young12
-V 980705233205Z 13 certs/00000004 /CN=Eric Young13
-V 980705233205Z 14 certs/00000004 /CN=Eric Young14
-V 980705233205Z 15 certs/00000004 /CN=Eric Young15
-V 980705233205Z 16 certs/00000004 /CN=Eric Young16
-V 980705233205Z 17 certs/00000004 /CN=Eric Young17
-V 961206150305Z 010C unknown /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
-V 961206153245Z 010D unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=Eric Young/Email=eay@mincom.oz.au
-V 970322074816Z 010E unknown /CN=Eric Young/Email=eay@mincom.oz.au
-V 970322075152Z 010F unknown /CN=Eric Young
-V 970322075906Z 0110 unknown /CN=Eric Youngg
-V 970324092238Z 0111 unknown /C=AU/SP=Queensland/CN=Eric Young
-V 970324221931Z 0112 unknown /CN=Fred
-V 970324224934Z 0113 unknown /C=AU/CN=eay
-V 971001005237Z 0114 unknown /C=AU/SP=QLD/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
-V 971001010331Z 0115 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test again - x509v3
-V 971001013945Z 0117 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=x509v3 test
-V 971014225415Z 0118 unknown /C=AU/SP=Queensland/CN=test
-V 971015004448Z 0119 unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test2
-V 971016035001Z 011A unknown /C=AU/SP=Queensland/O=Mincom Pty Ltd/OU=MTR/CN=test64
-V 971016080129Z 011B unknown /C=FR/O=ALCATEL/OU=Alcatel Mobile Phones/CN=bourque/Email=bourque@art.alcatel.fr
-V 971016224000Z 011D unknown /L=Bedford/O=Cranfield University/OU=Computer Centre/CN=Peter R Lister/Email=P.Lister@cranfield.ac.uk
diff --git a/crypto/openssl/apps/demoCA/private/cakey.pem b/crypto/openssl/apps/demoCA/private/cakey.pem
deleted file mode 100644
index 48fb18c..0000000
--- a/crypto/openssl/apps/demoCA/private/cakey.pem
+++ /dev/null
@@ -1,24 +0,0 @@
-issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-subject=/C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
------BEGIN X509 CERTIFICATE-----
-
-MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
-BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
-MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
-RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
-BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
-LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
-/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
-DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
-IMs6ZOZB
------END X509 CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-
-MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe
-Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ
-hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG
-sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw
-tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq
-agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA
-g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/apps/demoCA/serial b/crypto/openssl/apps/demoCA/serial
deleted file mode 100644
index 69fa0ff..0000000
--- a/crypto/openssl/apps/demoCA/serial
+++ /dev/null
@@ -1 +0,0 @@
-011E
diff --git a/crypto/openssl/apps/der_chop b/crypto/openssl/apps/der_chop
deleted file mode 100644
index 2ee9d6b..0000000
--- a/crypto/openssl/apps/der_chop
+++ /dev/null
@@ -1,305 +0,0 @@
-#!/usr/bin/perl
-#
-# der_chop ... this is one total hack that Eric is really not proud of
-# so don't look at it and don't ask for support
-#
-# The "documentation" for this (i.e. all the comments) are my fault --tjh
-#
-# This program takes the "raw" output of derparse/asn1parse and
-# converts it into tokens and then runs regular expression matches
-# to try to figure out what to grab to get the things that are needed
-# and it is possible that this will do the wrong thing as it is a *hack*
-#
-# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET)
-# [I know ... promises promises :-)]
-#
-# To convert a Netscape Certificate:
-# der_chop < ServerCert.der > cert.pem
-# To convert a Netscape Key (and encrypt it again to protect it)
-# rsa -inform NET -in ServerKey.der -des > key.pem
-#
-# 23-Apr-96 eay Added the extra ASN.1 string types, I still think this
-# is an evil hack. If nothing else the parsing should
-# be relative, not absolute.
-# 19-Apr-96 tjh hacked (with eay) into 0.5.x format
-#
-# Tim Hudson
-# tjh@cryptsoft.com
-#
-
-
-require 'getopts.pl';
-
-$debug=0;
-
-# this was the 0.4.x way of doing things ...
-$cmd="derparse";
-$x509_cmd="x509";
-$crl_cmd="crl";
-$rc4_cmd="rc4";
-$md2_cmd="md2";
-$md4_cmd="md4";
-$rsa_cmd="rsa -des -inform der ";
-
-# this was the 0.5.x way of doing things ...
-$cmd="openssl asn1parse";
-$x509_cmd="openssl x509";
-$crl_cmd="openssl crl";
-$rc4_cmd="openssl rc4";
-$md2_cmd="openssl md2";
-$md4_cmd="openssl md4";
-$rsa_cmd="openssl rsa -des -inform der ";
-
-&Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
-$depth=($opt_d =~ /^\d+$/)?$opt_d:0;
-
-&init_der();
-
-if ($#ARGV != -1)
- {
- foreach $file (@ARGV)
- {
- print STDERR "doing $file\n";
- &dofile($file);
- }
- }
-else
- {
- $file="/tmp/a$$.DER";
- open(OUT,">$file") || die "unable to open $file:$!\n";
- for (;;)
- {
- $i=sysread(STDIN,$b,1024*10);
- last if ($i <= 0);
- $i=syswrite(OUT,$b,$i);
- }
- &dofile($file);
- unlink($file);
- }
-
-sub dofile
- {
- local($file)=@_;
- local(@p);
-
- $b=&load_file($file);
- @p=&load_file_parse($file);
-
- foreach $_ (@p)
- {
- ($off,$d,$hl,$len)=&parse_line($_);
- $d-=$depth;
- next if ($d != 0);
- next if ($len == 0);
-
- $o=substr($b,$off,$len+$hl);
- ($str,@data)=&der_str($o);
- print "$str\n" if ($opt_v);
- if ($str =~ /^$crl/)
- {
- open(OUT,"|$crl_cmd -inform d -hash -issuer") ||
- die "unable to run $crl_cmd:$!\n";
- print OUT $o;
- close(OUT);
- }
- elsif ($str =~ /^$x509/)
- {
- open(OUT,"|$x509_cmd -inform d -hash -subject -issuer")
- || die "unable to run $x509_cmd:$!\n";
- print OUT $o;
- close(OUT);
- }
- elsif ($str =~ /^$rsa/)
- {
- ($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
- next unless ($type eq "rsaEncryption");
- ($off,$d,$hl,$len)=&parse_line($data[5]);
- $os=substr($o,$off+$hl,$len);
- open(OUT,"|$rsa_cmd")
- || die "unable to run $rsa_cmd:$!\n";
- print OUT $os;
- close(OUT);
- }
- elsif ($str =~ /^0G-1D-1G/)
- {
- ($off,$d,$hl,$len)=&parse_line($data[1]);
- $os=substr($o,$off+$hl,$len);
- print STDERR "<$os>\n" if $opt_v;
- &do_certificate($o,@data)
- if (($os eq "certificate") &&
- ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
- &do_private_key($o,@data)
- if (($os eq "private-key") &&
- ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
- }
- }
- }
-
-sub der_str
- {
- local($str)=@_;
- local(*OUT,*IN,@a,$t,$d,$ret);
- local($file)="/tmp/b$$.DER";
- local(@ret);
-
- open(OUT,">$file");
- print OUT $str;
- close(OUT);
- open(IN,"$cmd -inform 'd' -in $file |") ||
- die "unable to run $cmd:$!\n";
- $ret="";
- while (<IN>)
- {
- chop;
- push(@ret,$_);
-
- print STDERR "$_\n" if ($debug);
-
- @a=split(/\s*:\s*/);
- ($d)=($a[1] =~ /d=\s*(\d+)/);
- $a[2] =~ s/\s+$//;
- $t=$DER_s2i{$a[2]};
- $ret.="$d$t-";
- }
- close(IN);
- unlink($file);
- chop $ret;
- $ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g;
- $ret =~ s/(-3G-4B-4L)+/-RCERT/g;
- return($ret,@ret);
- }
-
-sub init_der
- {
- $crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C";
- $x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C";
- $rsa= "0G-1B-1G-2F-2E-1D";
-
- %DER_i2s=(
- # SSLeay 0.4.x has this list
- "A","EOC",
- "B","INTEGER",
- "C","BIT STRING",
- "D","OCTET STRING",
- "E","NULL",
- "F","OBJECT",
- "G","SEQUENCE",
- "H","SET",
- "I","PRINTABLESTRING",
- "J","T61STRING",
- "K","IA5STRING",
- "L","UTCTIME",
- "M","NUMERICSTRING",
- "N","VIDEOTEXSTRING",
- "O","GENERALIZEDTIME",
- "P","GRAPHICSTRING",
- "Q","ISO64STRING",
- "R","GENERALSTRING",
- "S","UNIVERSALSTRING",
-
- # SSLeay 0.5.x changed some things ... and I'm
- # leaving in the old stuff but adding in these
- # to handle the new as well --tjh
- # - Well I've just taken them out and added the extra new
- # ones :-) - eay
- );
-
- foreach (keys %DER_i2s)
- { $DER_s2i{$DER_i2s{$_}}=$_; }
- }
-
-sub parse_line
- {
- local($_)=@_;
-
- return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/);
- }
-
-# 0:d=0 hl=4 l=377 cons: univ: SEQUENCE
-# 4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING
-# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE
-# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE
-# 23:d=3 hl=2 l= 8 prim: univ: OBJECT_IDENTIFIER :rc4
-# 33:d=3 hl=2 l= 0 prim: univ: NULL
-# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING
-sub do_private_key
- {
- local($data,@struct)=@_;
- local($file)="/tmp/b$$.DER";
- local($off,$d,$hl,$len,$_,$b,@p,$s);
-
- ($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
- if ($type eq "rc4")
- {
- ($off,$d,$hl,$len)=&parse_line($struct[6]);
- open(OUT,"|$rc4_cmd >$file") ||
- die "unable to run $rc4_cmd:$!\n";
- print OUT substr($data,$off+$hl,$len);
- close(OUT);
-
- $b=&load_file($file);
- unlink($file);
-
- ($s,@p)=&der_str($b);
- die "unknown rsa key type\n$s\n"
- if ($s ne '0G-1B-1G-2F-2E-1D');
- local($off,$d,$hl,$len)=&parse_line($p[5]);
- $b=substr($b,$off+$hl,$len);
- ($s,@p)=&der_str($b);
- open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n";
- print OUT $b;
- close(OUT);
- }
- else
- {
- print "'$type' is unknown\n";
- exit(1);
- }
- }
-
-sub do_certificate
- {
- local($data,@struct)=@_;
- local($file)="/tmp/b$$.DER";
- local($off,$d,$hl,$len,$_,$b,@p,$s);
-
- ($off,$d,$hl,$len)=&parse_line($struct[2]);
- $b=substr($data,$off,$len+$hl);
-
- open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n";
- print OUT $b;
- close(OUT);
- }
-
-sub load_file
- {
- local($file)=@_;
- local(*IN,$r,$b,$i);
-
- $r="";
- open(IN,"<$file") || die "unable to open $file:$!\n";
- for (;;)
- {
- $i=sysread(IN,$b,10240);
- last if ($i <= 0);
- $r.=$b;
- }
- close(IN);
- return($r);
- }
-
-sub load_file_parse
- {
- local($file)=@_;
- local(*IN,$r,@ret,$_,$i,$n,$b);
-
- open(IN,"$cmd -inform d -in $file|")
- || die "unable to run der_parse\n";
- while (<IN>)
- {
- chop;
- push(@ret,$_);
- }
- return($r,@ret);
- }
-
diff --git a/crypto/openssl/apps/der_chop.in b/crypto/openssl/apps/der_chop.in
deleted file mode 100644
index 9070b03..0000000
--- a/crypto/openssl/apps/der_chop.in
+++ /dev/null
@@ -1,305 +0,0 @@
-#!/usr/local/bin/perl
-#
-# der_chop ... this is one total hack that Eric is really not proud of
-# so don't look at it and don't ask for support
-#
-# The "documentation" for this (i.e. all the comments) are my fault --tjh
-#
-# This program takes the "raw" output of derparse/asn1parse and
-# converts it into tokens and then runs regular expression matches
-# to try to figure out what to grab to get the things that are needed
-# and it is possible that this will do the wrong thing as it is a *hack*
-#
-# SSLeay 0.5.2+ should have direct read support for x509 (via -inform NET)
-# [I know ... promises promises :-)]
-#
-# To convert a Netscape Certificate:
-# der_chop < ServerCert.der > cert.pem
-# To convert a Netscape Key (and encrypt it again to protect it)
-# rsa -inform NET -in ServerKey.der -des > key.pem
-#
-# 23-Apr-96 eay Added the extra ASN.1 string types, I still think this
-# is an evil hack. If nothing else the parsing should
-# be relative, not absolute.
-# 19-Apr-96 tjh hacked (with eay) into 0.5.x format
-#
-# Tim Hudson
-# tjh@cryptsoft.com
-#
-
-
-require 'getopts.pl';
-
-$debug=0;
-
-# this was the 0.4.x way of doing things ...
-$cmd="derparse";
-$x509_cmd="x509";
-$crl_cmd="crl";
-$rc4_cmd="rc4";
-$md2_cmd="md2";
-$md4_cmd="md4";
-$rsa_cmd="rsa -des -inform der ";
-
-# this was the 0.5.x way of doing things ...
-$cmd="openssl asn1parse";
-$x509_cmd="openssl x509";
-$crl_cmd="openssl crl";
-$rc4_cmd="openssl rc4";
-$md2_cmd="openssl md2";
-$md4_cmd="openssl md4";
-$rsa_cmd="openssl rsa -des -inform der ";
-
-&Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
-$depth=($opt_d =~ /^\d+$/)?$opt_d:0;
-
-&init_der();
-
-if ($#ARGV != -1)
- {
- foreach $file (@ARGV)
- {
- print STDERR "doing $file\n";
- &dofile($file);
- }
- }
-else
- {
- $file="/tmp/a$$.DER";
- open(OUT,">$file") || die "unable to open $file:$!\n";
- for (;;)
- {
- $i=sysread(STDIN,$b,1024*10);
- last if ($i <= 0);
- $i=syswrite(OUT,$b,$i);
- }
- &dofile($file);
- unlink($file);
- }
-
-sub dofile
- {
- local($file)=@_;
- local(@p);
-
- $b=&load_file($file);
- @p=&load_file_parse($file);
-
- foreach $_ (@p)
- {
- ($off,$d,$hl,$len)=&parse_line($_);
- $d-=$depth;
- next if ($d != 0);
- next if ($len == 0);
-
- $o=substr($b,$off,$len+$hl);
- ($str,@data)=&der_str($o);
- print "$str\n" if ($opt_v);
- if ($str =~ /^$crl/)
- {
- open(OUT,"|$crl_cmd -inform d -hash -issuer") ||
- die "unable to run $crl_cmd:$!\n";
- print OUT $o;
- close(OUT);
- }
- elsif ($str =~ /^$x509/)
- {
- open(OUT,"|$x509_cmd -inform d -hash -subject -issuer")
- || die "unable to run $x509_cmd:$!\n";
- print OUT $o;
- close(OUT);
- }
- elsif ($str =~ /^$rsa/)
- {
- ($type)=($data[3] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
- next unless ($type eq "rsaEncryption");
- ($off,$d,$hl,$len)=&parse_line($data[5]);
- $os=substr($o,$off+$hl,$len);
- open(OUT,"|$rsa_cmd")
- || die "unable to run $rsa_cmd:$!\n";
- print OUT $os;
- close(OUT);
- }
- elsif ($str =~ /^0G-1D-1G/)
- {
- ($off,$d,$hl,$len)=&parse_line($data[1]);
- $os=substr($o,$off+$hl,$len);
- print STDERR "<$os>\n" if $opt_v;
- &do_certificate($o,@data)
- if (($os eq "certificate") &&
- ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
- &do_private_key($o,@data)
- if (($os eq "private-key") &&
- ($str =! /^0G-1D-1G-2G-3F-3E-2D/));
- }
- }
- }
-
-sub der_str
- {
- local($str)=@_;
- local(*OUT,*IN,@a,$t,$d,$ret);
- local($file)="/tmp/b$$.DER";
- local(@ret);
-
- open(OUT,">$file");
- print OUT $str;
- close(OUT);
- open(IN,"$cmd -inform 'd' -in $file |") ||
- die "unable to run $cmd:$!\n";
- $ret="";
- while (<IN>)
- {
- chop;
- push(@ret,$_);
-
- print STDERR "$_\n" if ($debug);
-
- @a=split(/\s*:\s*/);
- ($d)=($a[1] =~ /d=\s*(\d+)/);
- $a[2] =~ s/\s+$//;
- $t=$DER_s2i{$a[2]};
- $ret.="$d$t-";
- }
- close(IN);
- unlink($file);
- chop $ret;
- $ret =~ s/(-3H(-4G-5F-5[IJKMQRS])+)+/-NAME/g;
- $ret =~ s/(-3G-4B-4L)+/-RCERT/g;
- return($ret,@ret);
- }
-
-sub init_der
- {
- $crl= "0G-1G-2G-3F-3E-2G-NAME-2L-2L-2G-RCERT-1G-2F-2E-1C";
- $x509="0G-1G-2B-2G-3F-3E-2G-NAME-2G-3L-3L-2G-NAME-2G-3G-4F-4E-3C-1G-2F-2E-1C";
- $rsa= "0G-1B-1G-2F-2E-1D";
-
- %DER_i2s=(
- # SSLeay 0.4.x has this list
- "A","EOC",
- "B","INTEGER",
- "C","BIT STRING",
- "D","OCTET STRING",
- "E","NULL",
- "F","OBJECT",
- "G","SEQUENCE",
- "H","SET",
- "I","PRINTABLESTRING",
- "J","T61STRING",
- "K","IA5STRING",
- "L","UTCTIME",
- "M","NUMERICSTRING",
- "N","VIDEOTEXSTRING",
- "O","GENERALIZEDTIME",
- "P","GRAPHICSTRING",
- "Q","ISO64STRING",
- "R","GENERALSTRING",
- "S","UNIVERSALSTRING",
-
- # SSLeay 0.5.x changed some things ... and I'm
- # leaving in the old stuff but adding in these
- # to handle the new as well --tjh
- # - Well I've just taken them out and added the extra new
- # ones :-) - eay
- );
-
- foreach (keys %DER_i2s)
- { $DER_s2i{$DER_i2s{$_}}=$_; }
- }
-
-sub parse_line
- {
- local($_)=@_;
-
- return(/\s*(\d+):d=\s*(\d+)\s+hl=\s*(\d+)\s+l=\s*(\d+|inf)\s/);
- }
-
-# 0:d=0 hl=4 l=377 cons: univ: SEQUENCE
-# 4:d=1 hl=2 l= 11 prim: univ: OCTET_STRING
-# 17:d=1 hl=4 l=360 cons: univ: SEQUENCE
-# 21:d=2 hl=2 l= 12 cons: univ: SEQUENCE
-# 23:d=3 hl=2 l= 8 prim: univ: OBJECT_IDENTIFIER :rc4
-# 33:d=3 hl=2 l= 0 prim: univ: NULL
-# 35:d=2 hl=4 l=342 prim: univ: OCTET_STRING
-sub do_private_key
- {
- local($data,@struct)=@_;
- local($file)="/tmp/b$$.DER";
- local($off,$d,$hl,$len,$_,$b,@p,$s);
-
- ($type)=($struct[4] =~ /OBJECT_IDENTIFIER :(.*)\s*$/);
- if ($type eq "rc4")
- {
- ($off,$d,$hl,$len)=&parse_line($struct[6]);
- open(OUT,"|$rc4_cmd >$file") ||
- die "unable to run $rc4_cmd:$!\n";
- print OUT substr($data,$off+$hl,$len);
- close(OUT);
-
- $b=&load_file($file);
- unlink($file);
-
- ($s,@p)=&der_str($b);
- die "unknown rsa key type\n$s\n"
- if ($s ne '0G-1B-1G-2F-2E-1D');
- local($off,$d,$hl,$len)=&parse_line($p[5]);
- $b=substr($b,$off+$hl,$len);
- ($s,@p)=&der_str($b);
- open(OUT,"|$rsa_cmd") || die "unable to run $rsa_cmd:$!\n";
- print OUT $b;
- close(OUT);
- }
- else
- {
- print "'$type' is unknown\n";
- exit(1);
- }
- }
-
-sub do_certificate
- {
- local($data,@struct)=@_;
- local($file)="/tmp/b$$.DER";
- local($off,$d,$hl,$len,$_,$b,@p,$s);
-
- ($off,$d,$hl,$len)=&parse_line($struct[2]);
- $b=substr($data,$off,$len+$hl);
-
- open(OUT,"|$x509_cmd -inform d") || die "unable to run $x509_cmd:$!\n";
- print OUT $b;
- close(OUT);
- }
-
-sub load_file
- {
- local($file)=@_;
- local(*IN,$r,$b,$i);
-
- $r="";
- open(IN,"<$file") || die "unable to open $file:$!\n";
- for (;;)
- {
- $i=sysread(IN,$b,10240);
- last if ($i <= 0);
- $r.=$b;
- }
- close(IN);
- return($r);
- }
-
-sub load_file_parse
- {
- local($file)=@_;
- local(*IN,$r,@ret,$_,$i,$n,$b);
-
- open(IN,"$cmd -inform d -in $file|")
- || die "unable to run der_parse\n";
- while (<IN>)
- {
- chop;
- push(@ret,$_);
- }
- return($r,@ret);
- }
-
diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c
deleted file mode 100644
index 09d0934..0000000
--- a/crypto/openssl/apps/dgst.c
+++ /dev/null
@@ -1,507 +0,0 @@
-/* apps/dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/hmac.h>
-
-#undef BUFSIZE
-#define BUFSIZE 1024*8
-
-#undef PROG
-#define PROG dgst_main
-
-int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
- EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
- const char *file,BIO *bmd,const char *hmac_key);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- unsigned char *buf=NULL;
- int i,err=0;
- const EVP_MD *md=NULL,*m;
- BIO *in=NULL,*inp;
- BIO *bmd=NULL;
- BIO *out = NULL;
- const char *name;
-#define PROG_NAME_SIZE 39
- char pname[PROG_NAME_SIZE+1];
- int separator=0;
- int debug=0;
- int keyform=FORMAT_PEM;
- const char *outfile = NULL, *keyfile = NULL;
- const char *sigfile = NULL, *randfile = NULL;
- int out_bin = -1, want_pub = 0, do_verify = 0;
- EVP_PKEY *sigkey = NULL;
- unsigned char *sigbuf = NULL;
- int siglen = 0;
- char *passargin = NULL, *passin = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
- char *hmac_key=NULL;
-
- apps_startup();
-
- if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
- {
- BIO_printf(bio_err,"out of memory\n");
- goto end;
- }
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- /* first check the program name */
- program_name(argv[0],pname,sizeof pname);
-
- md=EVP_get_digestbyname(pname);
-
- argc--;
- argv++;
- while (argc > 0)
- {
- if ((*argv)[0] != '-') break;
- if (strcmp(*argv,"-c") == 0)
- separator=1;
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) break;
- randfile=*(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) break;
- outfile=*(++argv);
- }
- else if (strcmp(*argv,"-sign") == 0)
- {
- if (--argc < 1) break;
- keyfile=*(++argv);
- }
- else if (!strcmp(*argv,"-passin"))
- {
- if (--argc < 1)
- break;
- passargin=*++argv;
- }
- else if (strcmp(*argv,"-verify") == 0)
- {
- if (--argc < 1) break;
- keyfile=*(++argv);
- want_pub = 1;
- do_verify = 1;
- }
- else if (strcmp(*argv,"-prverify") == 0)
- {
- if (--argc < 1) break;
- keyfile=*(++argv);
- do_verify = 1;
- }
- else if (strcmp(*argv,"-signature") == 0)
- {
- if (--argc < 1) break;
- sigfile=*(++argv);
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) break;
- keyform=str2fmt(*(++argv));
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) break;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-hex") == 0)
- out_bin = 0;
- else if (strcmp(*argv,"-binary") == 0)
- out_bin = 1;
- else if (strcmp(*argv,"-d") == 0)
- debug=1;
- else if (!strcmp(*argv,"-hmac"))
- {
- if (--argc < 1)
- break;
- hmac_key=*++argv;
- }
- else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
- md=m;
- else
- break;
- argc--;
- argv++;
- }
-
- if (md == NULL)
- md=EVP_md5();
-
- if(do_verify && !sigfile) {
- BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
- err = 1;
- goto end;
- }
-
- if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
- {
- BIO_printf(bio_err,"unknown option '%s'\n",*argv);
- BIO_printf(bio_err,"options are\n");
- BIO_printf(bio_err,"-c to output the digest with separating colons\n");
- BIO_printf(bio_err,"-d to output debug info\n");
- BIO_printf(bio_err,"-hex output as hex dump\n");
- BIO_printf(bio_err,"-binary output in binary form\n");
- BIO_printf(bio_err,"-sign file sign digest using private key in file\n");
- BIO_printf(bio_err,"-verify file verify a signature using public key in file\n");
- BIO_printf(bio_err,"-prverify file verify a signature using private key in file\n");
- BIO_printf(bio_err,"-keyform arg key file format (PEM or ENGINE)\n");
- BIO_printf(bio_err,"-signature file signature to verify\n");
- BIO_printf(bio_err,"-binary output in binary form\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
-#endif
-
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
- LN_md5,LN_md5);
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
- LN_md4,LN_md4);
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
- LN_md2,LN_md2);
-#ifndef OPENSSL_NO_SHA
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
- LN_sha1,LN_sha1);
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
- LN_sha,LN_sha);
-#ifndef OPENSSL_NO_SHA256
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
- LN_sha256,LN_sha256);
-#endif
-#ifndef OPENSSL_NO_SHA512
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
- LN_sha512,LN_sha512);
-#endif
-#endif
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
- LN_mdc2,LN_mdc2);
- BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
- LN_ripemd160,LN_ripemd160);
- err=1;
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- in=BIO_new(BIO_s_file());
- bmd=BIO_new(BIO_f_md());
- if (debug)
- {
- BIO_set_callback(in,BIO_debug_callback);
- /* needed for windows 3.1 */
- BIO_set_callback_arg(in,(char *)bio_err);
- }
-
- if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
- {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
- if ((in == NULL) || (bmd == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if(out_bin == -1) {
- if(keyfile) out_bin = 1;
- else out_bin = 0;
- }
-
- if(randfile)
- app_RAND_load_file(randfile, bio_err, 0);
-
- if(outfile) {
- if(out_bin)
- out = BIO_new_file(outfile, "wb");
- else out = BIO_new_file(outfile, "w");
- } else {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
-
- if(!out) {
- BIO_printf(bio_err, "Error opening output file %s\n",
- outfile ? outfile : "(stdout)");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if(keyfile)
- {
- if (want_pub)
- sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
- e, "key file");
- else
- sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
- e, "key file");
- if (!sigkey)
- {
- /* load_[pub]key() has already printed an appropriate
- message */
- goto end;
- }
- }
-
- if(sigfile && sigkey) {
- BIO *sigbio;
- sigbio = BIO_new_file(sigfile, "rb");
- siglen = EVP_PKEY_size(sigkey);
- sigbuf = OPENSSL_malloc(siglen);
- if(!sigbio) {
- BIO_printf(bio_err, "Error opening signature file %s\n",
- sigfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- siglen = BIO_read(sigbio, sigbuf, siglen);
- BIO_free(sigbio);
- if(siglen <= 0) {
- BIO_printf(bio_err, "Error reading signature file %s\n",
- sigfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
-
-
- /* we use md as a filter, reading from 'in' */
- if (!BIO_set_md(bmd,md))
- {
- BIO_printf(bio_err, "Error setting digest %s\n", pname);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- inp=BIO_push(bmd,in);
-
- if (argc == 0)
- {
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
- siglen,"","(stdin)",bmd,hmac_key);
- }
- else
- {
- name=OBJ_nid2sn(md->type);
- for (i=0; i<argc; i++)
- {
- char *tmp,*tofree=NULL;
- int r;
-
- if (BIO_read_filename(in,argv[i]) <= 0)
- {
- perror(argv[i]);
- err++;
- continue;
- }
- if(!out_bin)
- {
- size_t len = strlen(name)+strlen(argv[i])+(hmac_key ? 5 : 0)+5;
- tmp=tofree=OPENSSL_malloc(len);
- BIO_snprintf(tmp,len,"%s%s(%s)= ",
- hmac_key ? "HMAC-" : "",name,argv[i]);
- }
- else
- tmp="";
- r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
- siglen,tmp,argv[i],bmd,hmac_key);
- if(r)
- err=r;
- if(tofree)
- OPENSSL_free(tofree);
- (void)BIO_reset(bmd);
- }
- }
-end:
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,BUFSIZE);
- OPENSSL_free(buf);
- }
- if (in != NULL) BIO_free(in);
- if (passin)
- OPENSSL_free(passin);
- BIO_free_all(out);
- EVP_PKEY_free(sigkey);
- if(sigbuf) OPENSSL_free(sigbuf);
- if (bmd != NULL) BIO_free(bmd);
- apps_shutdown();
- OPENSSL_EXIT(err);
- }
-
-int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
- EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
- const char *file,BIO *bmd,const char *hmac_key)
- {
- unsigned int len;
- int i;
- EVP_MD_CTX *md_ctx;
- HMAC_CTX hmac_ctx;
-
- if (hmac_key)
- {
- EVP_MD *md;
-
- BIO_get_md(bmd,&md);
- HMAC_CTX_init(&hmac_ctx);
- HMAC_Init_ex(&hmac_ctx,hmac_key,strlen(hmac_key),md, NULL);
- BIO_get_md_ctx(bmd,&md_ctx);
- BIO_set_md_ctx(bmd,&hmac_ctx.md_ctx);
- }
- for (;;)
- {
- i=BIO_read(bp,(char *)buf,BUFSIZE);
- if(i < 0)
- {
- BIO_printf(bio_err, "Read Error in %s\n",file);
- ERR_print_errors(bio_err);
- return 1;
- }
- if (i == 0) break;
- }
- if(sigin)
- {
- EVP_MD_CTX *ctx;
- BIO_get_md_ctx(bp, &ctx);
- i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key);
- if(i > 0)
- BIO_printf(out, "Verified OK\n");
- else if(i == 0)
- {
- BIO_printf(out, "Verification Failure\n");
- return 1;
- }
- else
- {
- BIO_printf(bio_err, "Error Verifying Data\n");
- ERR_print_errors(bio_err);
- return 1;
- }
- return 0;
- }
- if(key)
- {
- EVP_MD_CTX *ctx;
- BIO_get_md_ctx(bp, &ctx);
- if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key))
- {
- BIO_printf(bio_err, "Error Signing Data\n");
- ERR_print_errors(bio_err);
- return 1;
- }
- }
- else if(hmac_key)
- {
- HMAC_Final(&hmac_ctx,buf,&len);
- HMAC_CTX_cleanup(&hmac_ctx);
- }
- else
- len=BIO_gets(bp,(char *)buf,BUFSIZE);
-
- if(binout) BIO_write(out, buf, len);
- else
- {
- BIO_write(out,title,strlen(title));
- for (i=0; i<(int)len; i++)
- {
- if (sep && (i != 0))
- BIO_printf(out, ":");
- BIO_printf(out, "%02x",buf[i]);
- }
- BIO_printf(out, "\n");
- }
- if (hmac_key)
- {
- BIO_set_md_ctx(bmd,md_ctx);
- }
- return 0;
- }
-
diff --git a/crypto/openssl/apps/dh.c b/crypto/openssl/apps/dh.c
deleted file mode 100644
index c4d891e..0000000
--- a/crypto/openssl/apps/dh.c
+++ /dev/null
@@ -1,352 +0,0 @@
-/* apps/dh.c */
-/* obsoleted by dhparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_DH
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG dh_main
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -check - check the parameters are ok
- * -noout
- * -text
- * -C
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-#endif
- DH *dh=NULL;
- int i,badops=0,text=0;
- BIO *in=NULL,*out=NULL;
- int informat,outformat,check=0,noout=0,C=0,ret=1;
- char *infile,*outfile,*prog;
-#ifndef OPENSSL_NO_ENGINE
- char *engine;
-#endif
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
-#ifndef OPENSSL_NO_ENGINE
- engine=NULL;
-#endif
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-check") == 0)
- check=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-C") == 0)
- C=1;
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -check check the DH parameters\n");
- BIO_printf(bio_err," -text print a text form of the DH parameters\n");
- BIO_printf(bio_err," -C Output C code\n");
- BIO_printf(bio_err," -noout no output\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- goto end;
- }
-
- ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (informat == FORMAT_ASN1)
- dh=d2i_DHparams_bio(in,NULL);
- else if (informat == FORMAT_PEM)
- dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
- else
- {
- BIO_printf(bio_err,"bad input format specified\n");
- goto end;
- }
- if (dh == NULL)
- {
- BIO_printf(bio_err,"unable to load DH parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
-
-
- if (text)
- {
- DHparams_print(out,dh);
-#ifdef undef
- printf("p=");
- BN_print(stdout,dh->p);
- printf("\ng=");
- BN_print(stdout,dh->g);
- printf("\n");
- if (dh->length != 0)
- printf("recommended private length=%ld\n",dh->length);
-#endif
- }
-
- if (check)
- {
- if (!DH_check(dh,&i))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (i & DH_CHECK_P_NOT_PRIME)
- printf("p value is not prime\n");
- if (i & DH_CHECK_P_NOT_SAFE_PRIME)
- printf("p value is not a safe prime\n");
- if (i & DH_UNABLE_TO_CHECK_GENERATOR)
- printf("unable to check the generator value\n");
- if (i & DH_NOT_SUITABLE_GENERATOR)
- printf("the g value is not a generator\n");
- if (i == 0)
- printf("DH parameters appear to be ok.\n");
- }
- if (C)
- {
- unsigned char *data;
- int len,l,bits;
-
- len=BN_num_bytes(dh->p);
- bits=BN_num_bits(dh->p);
- data=(unsigned char *)OPENSSL_malloc(len);
- if (data == NULL)
- {
- perror("OPENSSL_malloc");
- goto end;
- }
- l=BN_bn2bin(dh->p,data);
- printf("static unsigned char dh%d_p[]={",bits);
- for (i=0; i<l; i++)
- {
- if ((i%12) == 0) printf("\n\t");
- printf("0x%02X,",data[i]);
- }
- printf("\n\t};\n");
-
- l=BN_bn2bin(dh->g,data);
- printf("static unsigned char dh%d_g[]={",bits);
- for (i=0; i<l; i++)
- {
- if ((i%12) == 0) printf("\n\t");
- printf("0x%02X,",data[i]);
- }
- printf("\n\t};\n\n");
-
- printf("DH *get_dh%d()\n\t{\n",bits);
- printf("\tDH *dh;\n\n");
- printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
- printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
- bits,bits);
- printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
- bits,bits);
- printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
- printf("\t\treturn(NULL);\n");
- printf("\treturn(dh);\n\t}\n");
- OPENSSL_free(data);
- }
-
-
- if (!noout)
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_DHparams_bio(out,dh);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_DHparams(out,dh);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write DH parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- ret=0;
-end:
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (dh != NULL) DH_free(dh);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-#endif
diff --git a/crypto/openssl/apps/dh1024.pem b/crypto/openssl/apps/dh1024.pem
deleted file mode 100644
index 6eaeca9..0000000
--- a/crypto/openssl/apps/dh1024.pem
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
-jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
-ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC
------END DH PARAMETERS-----
-
-These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.
diff --git a/crypto/openssl/apps/dh2048.pem b/crypto/openssl/apps/dh2048.pem
deleted file mode 100644
index dcd0b8d0..0000000
--- a/crypto/openssl/apps/dh2048.pem
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV
-89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50
-T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb
-zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX
-Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT
-CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==
------END DH PARAMETERS-----
-
-These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
diff --git a/crypto/openssl/apps/dh4096.pem b/crypto/openssl/apps/dh4096.pem
deleted file mode 100644
index 1b35ad8..0000000
--- a/crypto/openssl/apps/dh4096.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
-l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
-Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
-Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
-VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
-alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
-sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
-ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
-OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
-AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
-KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
------END DH PARAMETERS-----
-
-These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.
diff --git a/crypto/openssl/apps/dh512.pem b/crypto/openssl/apps/dh512.pem
deleted file mode 100644
index 200d16c..0000000
--- a/crypto/openssl/apps/dh512.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN DH PARAMETERS-----
-MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak
-XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC
------END DH PARAMETERS-----
-
-These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"
-(http://www.skip-vpn.org/spec/numbers.html).
-See there for how they were generated.
-Note that g is not a generator, but this is not a problem since p is a safe prime.
diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c
deleted file mode 100644
index 04bd57c..0000000
--- a/crypto/openssl/apps/dhparam.c
+++ /dev/null
@@ -1,557 +0,0 @@
-/* apps/dhparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_DH
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#undef PROG
-#define PROG dhparam_main
-
-#define DEFBITS 512
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -dsaparam - read or generate DSA parameters, convert to DH
- * -check - check the parameters are ok
- * -noout
- * -text
- * -C
- */
-
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-#endif
- DH *dh=NULL;
- int i,badops=0,text=0;
-#ifndef OPENSSL_NO_DSA
- int dsaparam=0;
-#endif
- BIO *in=NULL,*out=NULL;
- int informat,outformat,check=0,noout=0,C=0,ret=1;
- char *infile,*outfile,*prog;
- char *inrand=NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
- int num = 0, g = 0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-check") == 0)
- check=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
-#ifndef OPENSSL_NO_DSA
- else if (strcmp(*argv,"-dsaparam") == 0)
- dsaparam=1;
-#endif
- else if (strcmp(*argv,"-C") == 0)
- C=1;
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-2") == 0)
- g=2;
- else if (strcmp(*argv,"-5") == 0)
- g=5;
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
- else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
- goto bad;
- argv++;
- argc--;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] [numbits]\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
-#ifndef OPENSSL_NO_DSA
- BIO_printf(bio_err," -dsaparam read or generate DSA parameters, convert to DH\n");
-#endif
- BIO_printf(bio_err," -check check the DH parameters\n");
- BIO_printf(bio_err," -text print a text form of the DH parameters\n");
- BIO_printf(bio_err," -C Output C code\n");
- BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
- BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
- BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
- BIO_printf(bio_err," the random number generator\n");
- BIO_printf(bio_err," -noout no output\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (g && !num)
- num = DEFBITS;
-
-#ifndef OPENSSL_NO_DSA
- if (dsaparam)
- {
- if (g)
- {
- BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
- goto end;
- }
- }
- else
-#endif
- {
- /* DH parameters */
- if (num && !g)
- g = 2;
- }
-
- if(num) {
-
- BN_GENCB cb;
- BN_GENCB_set(&cb, dh_cb, bio_err);
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
-#ifndef OPENSSL_NO_DSA
- if (dsaparam)
- {
- DSA *dsa = DSA_new();
-
- BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
- if(!dsa || !DSA_generate_parameters_ex(dsa, num,
- NULL, 0, NULL, NULL, &cb))
- {
- if(dsa) DSA_free(dsa);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- dh = DSA_dup_DH(dsa);
- DSA_free(dsa);
- if (dh == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- else
-#endif
- {
- dh = DH_new();
- BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
- BIO_printf(bio_err,"This is going to take a long time\n");
- if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
- {
- if(dh) DH_free(dh);
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- app_RAND_write_file(NULL, bio_err);
- } else {
-
- in=BIO_new(BIO_s_file());
- if (in == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
- if (informat != FORMAT_ASN1 && informat != FORMAT_PEM)
- {
- BIO_printf(bio_err,"bad input format specified\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_DSA
- if (dsaparam)
- {
- DSA *dsa;
-
- if (informat == FORMAT_ASN1)
- dsa=d2i_DSAparams_bio(in,NULL);
- else /* informat == FORMAT_PEM */
- dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
-
- if (dsa == NULL)
- {
- BIO_printf(bio_err,"unable to load DSA parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- dh = DSA_dup_DH(dsa);
- DSA_free(dsa);
- if (dh == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- else
-#endif
- {
- if (informat == FORMAT_ASN1)
- dh=d2i_DHparams_bio(in,NULL);
- else /* informat == FORMAT_PEM */
- dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
-
- if (dh == NULL)
- {
- BIO_printf(bio_err,"unable to load DH parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- /* dh != NULL */
- }
-
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
-
- if (text)
- {
- DHparams_print(out,dh);
- }
-
- if (check)
- {
- if (!DH_check(dh,&i))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (i & DH_CHECK_P_NOT_PRIME)
- printf("p value is not prime\n");
- if (i & DH_CHECK_P_NOT_SAFE_PRIME)
- printf("p value is not a safe prime\n");
- if (i & DH_UNABLE_TO_CHECK_GENERATOR)
- printf("unable to check the generator value\n");
- if (i & DH_NOT_SUITABLE_GENERATOR)
- printf("the g value is not a generator\n");
- if (i == 0)
- printf("DH parameters appear to be ok.\n");
- }
- if (C)
- {
- unsigned char *data;
- int len,l,bits;
-
- len=BN_num_bytes(dh->p);
- bits=BN_num_bits(dh->p);
- data=(unsigned char *)OPENSSL_malloc(len);
- if (data == NULL)
- {
- perror("OPENSSL_malloc");
- goto end;
- }
- printf("#ifndef HEADER_DH_H\n"
- "#include <openssl/dh.h>\n"
- "#endif\n");
- printf("DH *get_dh%d()\n\t{\n",bits);
-
- l=BN_bn2bin(dh->p,data);
- printf("\tstatic unsigned char dh%d_p[]={",bits);
- for (i=0; i<l; i++)
- {
- if ((i%12) == 0) printf("\n\t\t");
- printf("0x%02X,",data[i]);
- }
- printf("\n\t\t};\n");
-
- l=BN_bn2bin(dh->g,data);
- printf("\tstatic unsigned char dh%d_g[]={",bits);
- for (i=0; i<l; i++)
- {
- if ((i%12) == 0) printf("\n\t\t");
- printf("0x%02X,",data[i]);
- }
- printf("\n\t\t};\n");
-
- printf("\tDH *dh;\n\n");
- printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
- printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
- bits,bits);
- printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
- bits,bits);
- printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
- printf("\t\t{ DH_free(dh); return(NULL); }\n");
- if (dh->length)
- printf("\tdh->length = %ld;\n", dh->length);
- printf("\treturn(dh);\n\t}\n");
- OPENSSL_free(data);
- }
-
-
- if (!noout)
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_DHparams_bio(out,dh);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_DHparams(out,dh);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write DH parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- ret=0;
-end:
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (dh != NULL) DH_free(dh);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write(cb->arg,&c,1);
- (void)BIO_flush(cb->arg);
-#ifdef LINT
- p=n;
-#endif
- return 1;
- }
-
-#endif
diff --git a/crypto/openssl/apps/dsa-ca.pem b/crypto/openssl/apps/dsa-ca.pem
deleted file mode 100644
index cccc142..0000000
--- a/crypto/openssl/apps/dsa-ca.pem
+++ /dev/null
@@ -1,40 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
-PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
-u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
-Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
-hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
-SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
-Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
-94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
-tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
-J6zsFbSEHaQGUmfSeoM=
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE REQUEST-----
-MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
-ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
-sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
-rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
-cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
-bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
-CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
-F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
-vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
-AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
-3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
-AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
------END CERTIFICATE REQUEST-----
------BEGIN CERTIFICATE-----
-MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
-CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
-ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
-AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
-ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
-MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
-MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
-C1Q=
------END CERTIFICATE-----
-
diff --git a/crypto/openssl/apps/dsa-pca.pem b/crypto/openssl/apps/dsa-pca.pem
deleted file mode 100644
index d23774e..0000000
--- a/crypto/openssl/apps/dsa-pca.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
-PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
-u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
-Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
-hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
-SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
-Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
-umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
-29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
-6TicfImU7UFRn9h00j0lJQ==
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE REQUEST-----
-MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
-MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
-lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
-Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
-5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
-aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
-kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
-QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
-6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
-yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
-z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
-nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
------END CERTIFICATE REQUEST-----
------BEGIN CERTIFICATE-----
-MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
-CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
-ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
-ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
-R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
-JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
-BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
-mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
-VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
-uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
-umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
-29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
-AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
-5rKUjNBhSg==
------END CERTIFICATE-----
-
diff --git a/crypto/openssl/apps/dsa.c b/crypto/openssl/apps/dsa.c
deleted file mode 100644
index d503031..0000000
--- a/crypto/openssl/apps/dsa.c
+++ /dev/null
@@ -1,341 +0,0 @@
-/* apps/dsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
-#ifndef OPENSSL_NO_DSA
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/dsa.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/bn.h>
-
-#undef PROG
-#define PROG dsa_main
-
-/* -inform arg - input format - default PEM (one of DER, NET or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -des - encrypt output if PEM format with DES in cbc mode
- * -des3 - encrypt output if PEM format
- * -idea - encrypt output if PEM format
- * -aes128 - encrypt output if PEM format
- * -aes192 - encrypt output if PEM format
- * -aes256 - encrypt output if PEM format
- * -camellia128 - encrypt output if PEM format
- * -camellia192 - encrypt output if PEM format
- * -camellia256 - encrypt output if PEM format
- * -text - print a text version
- * -modulus - print the DSA public key
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-#endif
- int ret=1;
- DSA *dsa=NULL;
- int i,badops=0;
- const EVP_CIPHER *enc=NULL;
- BIO *in=NULL,*out=NULL;
- int informat,outformat,text=0,noout=0;
- int pubin = 0, pubout = 0;
- char *infile,*outfile,*prog;
-#ifndef OPENSSL_NO_ENGINE
- char *engine;
-#endif
- char *passargin = NULL, *passargout = NULL;
- char *passin = NULL, *passout = NULL;
- int modulus=0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
-#ifndef OPENSSL_NO_ENGINE
- engine=NULL;
-#endif
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-modulus") == 0)
- modulus=1;
- else if (strcmp(*argv,"-pubin") == 0)
- pubin=1;
- else if (strcmp(*argv,"-pubout") == 0)
- pubout=1;
- else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
- BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -passin arg input file pass phrase source\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -passout arg output file pass phrase source\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
- BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
-#endif
- BIO_printf(bio_err," -text print the key in text\n");
- BIO_printf(bio_err," -noout don't print key out\n");
- BIO_printf(bio_err," -modulus print the DSA public value\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
- BIO_printf(bio_err, "Error getting passwords\n");
- goto end;
- }
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
- BIO_printf(bio_err,"read DSA key\n");
- if (informat == FORMAT_ASN1) {
- if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL);
- else dsa=d2i_DSAPrivateKey_bio(in,NULL);
- } else if (informat == FORMAT_PEM) {
- if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
- else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin);
- } else
- {
- BIO_printf(bio_err,"bad input format specified for key\n");
- goto end;
- }
- if (dsa == NULL)
- {
- BIO_printf(bio_err,"unable to load Key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (text)
- if (!DSA_print(out,dsa,0))
- {
- perror(outfile);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (modulus)
- {
- fprintf(stdout,"Public Key=");
- BN_print(out,dsa->pub_key);
- fprintf(stdout,"\n");
- }
-
- if (noout) goto end;
- BIO_printf(bio_err,"writing DSA key\n");
- if (outformat == FORMAT_ASN1) {
- if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);
- else i=i2d_DSAPrivateKey_bio(out,dsa);
- } else if (outformat == FORMAT_PEM) {
- if(pubin || pubout)
- i=PEM_write_bio_DSA_PUBKEY(out,dsa);
- else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
- NULL,0,NULL, passout);
- } else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write private key\n");
- ERR_print_errors(bio_err);
- }
- else
- ret=0;
-end:
- if(in != NULL) BIO_free(in);
- if(out != NULL) BIO_free_all(out);
- if(dsa != NULL) DSA_free(dsa);
- if(passin) OPENSSL_free(passin);
- if(passout) OPENSSL_free(passout);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-#endif
diff --git a/crypto/openssl/apps/dsa1024.pem b/crypto/openssl/apps/dsa1024.pem
deleted file mode 100644
index 082dec3..0000000
--- a/crypto/openssl/apps/dsa1024.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN DSA PARAMETERS-----
-MIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQPnUx
-mUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtelu+Us
-OSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcHMe36
-bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLsohkj8
-3pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbuSXQH
-zlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7YMu0O
-Arg=
------END DSA PARAMETERS-----
diff --git a/crypto/openssl/apps/dsa512.pem b/crypto/openssl/apps/dsa512.pem
deleted file mode 100644
index 5f86d1a..0000000
--- a/crypto/openssl/apps/dsa512.pem
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN DSA PARAMETERS-----
-MIGdAkEAnRtpjibb8isRcBmG9hnI+BnyGFOURgbQYlAzSwI8UjADizv5X9EkBk97
-TLqqQJv9luQ3M7stWtdaEUBmonZ9MQIVAPtT71C0QJIxVoZTeuiLIppJ+3GPAkEA
-gz6I5cWJc847bAFJv7PHnwrqRJHlMKrZvltftxDXibeOdPvPKR7rqCxUUbgQ3qDO
-L8wka5B33qJoplISogOdIA==
------END DSA PARAMETERS-----
diff --git a/crypto/openssl/apps/dsap.pem b/crypto/openssl/apps/dsap.pem
deleted file mode 100644
index d4dfdb3..0000000
--- a/crypto/openssl/apps/dsap.pem
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN DSA PARAMETERS-----
-MIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZS4J1PHvPrm9MXj5ntVheDPkdmBDTncya
-GAJcMjwsyB/GvLDGd6yGCw/8eF+09wIVAK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2
-t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjgtWiJc/tpvcuzeuAayH89UofjAGueKjXD
-ADiRffvSdhrNw5dkqdql
------END DSA PARAMETERS-----
diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c
deleted file mode 100644
index c301e81..0000000
--- a/crypto/openssl/apps/dsaparam.c
+++ /dev/null
@@ -1,478 +0,0 @@
-/* apps/dsaparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#ifndef OPENSSL_NO_DSA
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG dsaparam_main
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -noout
- * -text
- * -C
- * -noout
- * -genkey
- * #ifdef GENCB_TEST
- * -timebomb n - interrupt keygen after <n> seconds
- * #endif
- */
-
-#ifdef GENCB_TEST
-
-static int stop_keygen_flag = 0;
-
-static void timebomb_sigalarm(int foo)
- {
- stop_keygen_flag = 1;
- }
-
-#endif
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-#endif
- DSA *dsa=NULL;
- int i,badops=0,text=0;
- BIO *in=NULL,*out=NULL;
- int informat,outformat,noout=0,C=0,ret=1;
- char *infile,*outfile,*prog,*inrand=NULL;
- int numbits= -1,num,genkey=0;
- int need_rand=0;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-#ifdef GENCB_TEST
- int timebomb=0;
-#endif
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if(strcmp(*argv, "-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine = *(++argv);
- }
-#endif
-#ifdef GENCB_TEST
- else if(strcmp(*argv, "-timebomb") == 0)
- {
- if (--argc < 1) goto bad;
- timebomb = atoi(*(++argv));
- }
-#endif
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-C") == 0)
- C=1;
- else if (strcmp(*argv,"-genkey") == 0)
- {
- genkey=1;
- need_rand=1;
- }
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- need_rand=1;
- }
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (sscanf(*argv,"%d",&num) == 1)
- {
- /* generate a key */
- numbits=num;
- need_rand=1;
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
- BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -text print as text\n");
- BIO_printf(bio_err," -C Output C code\n");
- BIO_printf(bio_err," -noout no output\n");
- BIO_printf(bio_err," -genkey generate a DSA key\n");
- BIO_printf(bio_err," -rand files to use for random number input\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
-#ifdef GENCB_TEST
- BIO_printf(bio_err," -timebomb n interrupt keygen after <n> seconds\n");
-#endif
- BIO_printf(bio_err," number number of bits to use for generating private key\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (need_rand)
- {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
- if (numbits > 0)
- {
- BN_GENCB cb;
- BN_GENCB_set(&cb, dsa_cb, bio_err);
- assert(need_rand);
- dsa = DSA_new();
- if(!dsa)
- {
- BIO_printf(bio_err,"Error allocating DSA object\n");
- goto end;
- }
- BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
- BIO_printf(bio_err,"This could take some time\n");
-#ifdef GENCB_TEST
- if(timebomb > 0)
- {
- struct sigaction act;
- act.sa_handler = timebomb_sigalarm;
- act.sa_flags = 0;
- BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n",
- timebomb);
- if(sigaction(SIGALRM, &act, NULL) != 0)
- {
- BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n");
- goto end;
- }
- alarm(timebomb);
- }
-#endif
- if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb))
- {
-#ifdef GENCB_TEST
- if(stop_keygen_flag)
- {
- BIO_printf(bio_err,"DSA key generation time-stopped\n");
- /* This is an asked-for behaviour! */
- ret = 0;
- goto end;
- }
-#endif
- BIO_printf(bio_err,"Error, DSA key generation failed\n");
- goto end;
- }
- }
- else if (informat == FORMAT_ASN1)
- dsa=d2i_DSAparams_bio(in,NULL);
- else if (informat == FORMAT_PEM)
- dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
- else
- {
- BIO_printf(bio_err,"bad input format specified\n");
- goto end;
- }
- if (dsa == NULL)
- {
- BIO_printf(bio_err,"unable to load DSA parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (text)
- {
- DSAparams_print(out,dsa);
- }
-
- if (C)
- {
- unsigned char *data;
- int l,len,bits_p,bits_q,bits_g;
-
- len=BN_num_bytes(dsa->p);
- bits_p=BN_num_bits(dsa->p);
- bits_q=BN_num_bits(dsa->q);
- bits_g=BN_num_bits(dsa->g);
- data=(unsigned char *)OPENSSL_malloc(len+20);
- if (data == NULL)
- {
- perror("OPENSSL_malloc");
- goto end;
- }
- l=BN_bn2bin(dsa->p,data);
- printf("static unsigned char dsa%d_p[]={",bits_p);
- for (i=0; i<l; i++)
- {
- if ((i%12) == 0) printf("\n\t");
- printf("0x%02X,",data[i]);
- }
- printf("\n\t};\n");
-
- l=BN_bn2bin(dsa->q,data);
- printf("static unsigned char dsa%d_q[]={",bits_p);
- for (i=0; i<l; i++)
- {
- if ((i%12) == 0) printf("\n\t");
- printf("0x%02X,",data[i]);
- }
- printf("\n\t};\n");
-
- l=BN_bn2bin(dsa->g,data);
- printf("static unsigned char dsa%d_g[]={",bits_p);
- for (i=0; i<l; i++)
- {
- if ((i%12) == 0) printf("\n\t");
- printf("0x%02X,",data[i]);
- }
- printf("\n\t};\n\n");
-
- printf("DSA *get_dsa%d()\n\t{\n",bits_p);
- printf("\tDSA *dsa;\n\n");
- printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n");
- printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n",
- bits_p,bits_p);
- printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n",
- bits_p,bits_p);
- printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
- bits_p,bits_p);
- printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
- printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
- printf("\treturn(dsa);\n\t}\n");
- }
-
-
- if (!noout)
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_DSAparams_bio(out,dsa);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_DSAparams(out,dsa);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write DSA parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- if (genkey)
- {
- DSA *dsakey;
-
- assert(need_rand);
- if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
- if (!DSA_generate_key(dsakey)) goto end;
- if (outformat == FORMAT_ASN1)
- i=i2d_DSAPrivateKey_bio(out,dsakey);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- DSA_free(dsakey);
- }
- if (need_rand)
- app_RAND_write_file(NULL, bio_err);
- ret=0;
-end:
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (dsa != NULL) DSA_free(dsa);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write(cb->arg,&c,1);
- (void)BIO_flush(cb->arg);
-#ifdef LINT
- p=n;
-#endif
-#ifdef GENCB_TEST
- if(stop_keygen_flag)
- return 0;
-#endif
- return 1;
- }
-#endif
diff --git a/crypto/openssl/apps/ec.c b/crypto/openssl/apps/ec.c
deleted file mode 100644
index c63437f..0000000
--- a/crypto/openssl/apps/ec.c
+++ /dev/null
@@ -1,403 +0,0 @@
-/* apps/ec.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_EC
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG ec_main
-
-/* -inform arg - input format - default PEM (one of DER, NET or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -des - encrypt output if PEM format with DES in cbc mode
- * -text - print a text version
- * -param_out - print the elliptic curve parameters
- * -conv_form arg - specifies the point encoding form
- * -param_enc arg - specifies the parameter encoding
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-#endif
- int ret = 1;
- EC_KEY *eckey = NULL;
- const EC_GROUP *group;
- int i, badops = 0;
- const EVP_CIPHER *enc = NULL;
- BIO *in = NULL, *out = NULL;
- int informat, outformat, text=0, noout=0;
- int pubin = 0, pubout = 0, param_out = 0;
- char *infile, *outfile, *prog, *engine;
- char *passargin = NULL, *passargout = NULL;
- char *passin = NULL, *passout = NULL;
- point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
- int new_form = 0;
- int asn1_flag = OPENSSL_EC_NAMED_CURVE;
- int new_asn1_flag = 0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- engine = NULL;
- infile = NULL;
- outfile = NULL;
- informat = FORMAT_PEM;
- outformat = FORMAT_PEM;
-
- prog = argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
- else if (strcmp(*argv, "-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
- else if (strcmp(*argv, "-noout") == 0)
- noout = 1;
- else if (strcmp(*argv, "-text") == 0)
- text = 1;
- else if (strcmp(*argv, "-conv_form") == 0)
- {
- if (--argc < 1)
- goto bad;
- ++argv;
- new_form = 1;
- if (strcmp(*argv, "compressed") == 0)
- form = POINT_CONVERSION_COMPRESSED;
- else if (strcmp(*argv, "uncompressed") == 0)
- form = POINT_CONVERSION_UNCOMPRESSED;
- else if (strcmp(*argv, "hybrid") == 0)
- form = POINT_CONVERSION_HYBRID;
- else
- goto bad;
- }
- else if (strcmp(*argv, "-param_enc") == 0)
- {
- if (--argc < 1)
- goto bad;
- ++argv;
- new_asn1_flag = 1;
- if (strcmp(*argv, "named_curve") == 0)
- asn1_flag = OPENSSL_EC_NAMED_CURVE;
- else if (strcmp(*argv, "explicit") == 0)
- asn1_flag = 0;
- else
- goto bad;
- }
- else if (strcmp(*argv, "-param_out") == 0)
- param_out = 1;
- else if (strcmp(*argv, "-pubin") == 0)
- pubin=1;
- else if (strcmp(*argv, "-pubout") == 0)
- pubout=1;
- else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
- {
- BIO_printf(bio_err, "unknown option %s\n", *argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
- BIO_printf(bio_err, "where options are\n");
- BIO_printf(bio_err, " -inform arg input format - "
- "DER or PEM\n");
- BIO_printf(bio_err, " -outform arg output format - "
- "DER or PEM\n");
- BIO_printf(bio_err, " -in arg input file\n");
- BIO_printf(bio_err, " -passin arg input file pass "
- "phrase source\n");
- BIO_printf(bio_err, " -out arg output file\n");
- BIO_printf(bio_err, " -passout arg output file pass "
- "phrase source\n");
- BIO_printf(bio_err, " -engine e use engine e, "
- "possibly a hardware device.\n");
- BIO_printf(bio_err, " -des encrypt PEM output, "
- "instead of 'des' every other \n"
- " cipher "
- "supported by OpenSSL can be used\n");
- BIO_printf(bio_err, " -text print the key\n");
- BIO_printf(bio_err, " -noout don't print key out\n");
- BIO_printf(bio_err, " -param_out print the elliptic "
- "curve parameters\n");
- BIO_printf(bio_err, " -conv_form arg specifies the "
- "point conversion form \n");
- BIO_printf(bio_err, " possible values:"
- " compressed\n");
- BIO_printf(bio_err, " "
- " uncompressed (default)\n");
- BIO_printf(bio_err, " "
- " hybrid\n");
- BIO_printf(bio_err, " -param_enc arg specifies the way"
- " the ec parameters are encoded\n");
- BIO_printf(bio_err, " in the asn1 der "
- "encoding\n");
- BIO_printf(bio_err, " possilbe values:"
- " named_curve (default)\n");
- BIO_printf(bio_err," "
- "explicit\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
- {
- BIO_printf(bio_err, "Error getting passwords\n");
- goto end;
- }
-
- in = BIO_new(BIO_s_file());
- out = BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in, stdin, BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in, infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
- BIO_printf(bio_err, "read EC key\n");
- if (informat == FORMAT_ASN1)
- {
- if (pubin)
- eckey = d2i_EC_PUBKEY_bio(in, NULL);
- else
- eckey = d2i_ECPrivateKey_bio(in, NULL);
- }
- else if (informat == FORMAT_PEM)
- {
- if (pubin)
- eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL,
- NULL);
- else
- eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL,
- passin);
- }
- else
- {
- BIO_printf(bio_err, "bad input format specified for key\n");
- goto end;
- }
- if (eckey == NULL)
- {
- BIO_printf(bio_err,"unable to load Key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out, stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out, outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- group = EC_KEY_get0_group(eckey);
-
- if (new_form)
- EC_KEY_set_conv_form(eckey, form);
-
- if (new_asn1_flag)
- EC_KEY_set_asn1_flag(eckey, asn1_flag);
-
- if (text)
- if (!EC_KEY_print(out, eckey, 0))
- {
- perror(outfile);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (noout)
- {
- ret = 0;
- goto end;
- }
-
- BIO_printf(bio_err, "writing EC key\n");
- if (outformat == FORMAT_ASN1)
- {
- if (param_out)
- i = i2d_ECPKParameters_bio(out, group);
- else if (pubin || pubout)
- i = i2d_EC_PUBKEY_bio(out, eckey);
- else
- i = i2d_ECPrivateKey_bio(out, eckey);
- }
- else if (outformat == FORMAT_PEM)
- {
- if (param_out)
- i = PEM_write_bio_ECPKParameters(out, group);
- else if (pubin || pubout)
- i = PEM_write_bio_EC_PUBKEY(out, eckey);
- else
- i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
- NULL, 0, NULL, passout);
- }
- else
- {
- BIO_printf(bio_err, "bad output format specified for "
- "outfile\n");
- goto end;
- }
-
- if (!i)
- {
- BIO_printf(bio_err, "unable to write private key\n");
- ERR_print_errors(bio_err);
- }
- else
- ret=0;
-end:
- if (in)
- BIO_free(in);
- if (out)
- BIO_free_all(out);
- if (eckey)
- EC_KEY_free(eckey);
- if (passin)
- OPENSSL_free(passin);
- if (passout)
- OPENSSL_free(passout);
- apps_shutdown();
- OPENSSL_EXIT(ret);
-}
-#endif
diff --git a/crypto/openssl/apps/ecparam.c b/crypto/openssl/apps/ecparam.c
deleted file mode 100644
index 4e1fc83..0000000
--- a/crypto/openssl/apps/ecparam.c
+++ /dev/null
@@ -1,728 +0,0 @@
-/* apps/ecparam.c */
-/*
- * Written by Nils Larsch for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The elliptic curve binary polynomial software is originally written by
- * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_EC
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG ecparam_main
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -noout - do not print the ec parameter
- * -text - print the ec parameters in text form
- * -check - validate the ec parameters
- * -C - print a 'C' function creating the parameters
- * -name arg - use the ec parameters with 'short name' name
- * -list_curves - prints a list of all currently available curve 'short names'
- * -conv_form arg - specifies the point conversion form
- * - possible values: compressed
- * uncompressed (default)
- * hybrid
- * -param_enc arg - specifies the way the ec parameters are encoded
- * in the asn1 der encoding
- * possible values: named_curve (default)
- * explicit
- * -no_seed - if 'explicit' parameters are choosen do not use the seed
- * -genkey - generate ec key
- * -rand file - files to use for random number input
- * -engine e - use engine e, possibly a hardware device
- */
-
-
-static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- EC_GROUP *group = NULL;
- point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
- int new_form = 0;
- int asn1_flag = OPENSSL_EC_NAMED_CURVE;
- int new_asn1_flag = 0;
- char *curve_name = NULL, *inrand = NULL;
- int list_curves = 0, no_seed = 0, check = 0,
- badops = 0, text = 0, i, need_rand = 0, genkey = 0;
- char *infile = NULL, *outfile = NULL, *prog;
- BIO *in = NULL, *out = NULL;
- int informat, outformat, noout = 0, C = 0, ret = 1;
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-#endif
- char *engine = NULL;
-
- BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
- *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
- unsigned char *buffer = NULL;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-text") == 0)
- text = 1;
- else if (strcmp(*argv,"-C") == 0)
- C = 1;
- else if (strcmp(*argv,"-check") == 0)
- check = 1;
- else if (strcmp (*argv, "-name") == 0)
- {
- if (--argc < 1)
- goto bad;
- curve_name = *(++argv);
- }
- else if (strcmp(*argv, "-list_curves") == 0)
- list_curves = 1;
- else if (strcmp(*argv, "-conv_form") == 0)
- {
- if (--argc < 1)
- goto bad;
- ++argv;
- new_form = 1;
- if (strcmp(*argv, "compressed") == 0)
- form = POINT_CONVERSION_COMPRESSED;
- else if (strcmp(*argv, "uncompressed") == 0)
- form = POINT_CONVERSION_UNCOMPRESSED;
- else if (strcmp(*argv, "hybrid") == 0)
- form = POINT_CONVERSION_HYBRID;
- else
- goto bad;
- }
- else if (strcmp(*argv, "-param_enc") == 0)
- {
- if (--argc < 1)
- goto bad;
- ++argv;
- new_asn1_flag = 1;
- if (strcmp(*argv, "named_curve") == 0)
- asn1_flag = OPENSSL_EC_NAMED_CURVE;
- else if (strcmp(*argv, "explicit") == 0)
- asn1_flag = 0;
- else
- goto bad;
- }
- else if (strcmp(*argv, "-no_seed") == 0)
- no_seed = 1;
- else if (strcmp(*argv, "-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-genkey") == 0)
- {
- genkey=1;
- need_rand=1;
- }
- else if (strcmp(*argv, "-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- need_rand=1;
- }
- else if(strcmp(*argv, "-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine = *(++argv);
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err, "where options are\n");
- BIO_printf(bio_err, " -inform arg input format - "
- "default PEM (DER or PEM)\n");
- BIO_printf(bio_err, " -outform arg output format - "
- "default PEM\n");
- BIO_printf(bio_err, " -in arg input file - "
- "default stdin\n");
- BIO_printf(bio_err, " -out arg output file - "
- "default stdout\n");
- BIO_printf(bio_err, " -noout do not print the "
- "ec parameter\n");
- BIO_printf(bio_err, " -text print the ec "
- "parameters in text form\n");
- BIO_printf(bio_err, " -check validate the ec "
- "parameters\n");
- BIO_printf(bio_err, " -C print a 'C' "
- "function creating the parameters\n");
- BIO_printf(bio_err, " -name arg use the "
- "ec parameters with 'short name' name\n");
- BIO_printf(bio_err, " -list_curves prints a list of "
- "all currently available curve 'short names'\n");
- BIO_printf(bio_err, " -conv_form arg specifies the "
- "point conversion form \n");
- BIO_printf(bio_err, " possible values:"
- " compressed\n");
- BIO_printf(bio_err, " "
- " uncompressed (default)\n");
- BIO_printf(bio_err, " "
- " hybrid\n");
- BIO_printf(bio_err, " -param_enc arg specifies the way"
- " the ec parameters are encoded\n");
- BIO_printf(bio_err, " in the asn1 der "
- "encoding\n");
- BIO_printf(bio_err, " possible values:"
- " named_curve (default)\n");
- BIO_printf(bio_err, " "
- " explicit\n");
- BIO_printf(bio_err, " -no_seed if 'explicit'"
- " parameters are choosen do not"
- " use the seed\n");
- BIO_printf(bio_err, " -genkey generate ec"
- " key\n");
- BIO_printf(bio_err, " -rand file files to use for"
- " random number input\n");
- BIO_printf(bio_err, " -engine e use engine e, "
- "possibly a hardware device\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (list_curves)
- {
- EC_builtin_curve *curves = NULL;
- size_t crv_len = 0;
- size_t n = 0;
-
- crv_len = EC_get_builtin_curves(NULL, 0);
-
- curves = OPENSSL_malloc((int)(sizeof(EC_builtin_curve) * crv_len));
-
- if (curves == NULL)
- goto end;
-
- if (!EC_get_builtin_curves(curves, crv_len))
- {
- OPENSSL_free(curves);
- goto end;
- }
-
-
- for (n = 0; n < crv_len; n++)
- {
- const char *comment;
- const char *sname;
- comment = curves[n].comment;
- sname = OBJ_nid2sn(curves[n].nid);
- if (comment == NULL)
- comment = "CURVE DESCRIPTION NOT AVAILABLE";
- if (sname == NULL)
- sname = "";
-
- BIO_printf(out, " %-10s: ", sname);
- BIO_printf(out, "%s\n", comment);
- }
-
- OPENSSL_free(curves);
- ret = 0;
- goto end;
- }
-
- if (curve_name != NULL)
- {
- int nid;
-
- /* workaround for the SECG curve names secp192r1
- * and secp256r1 (which are the same as the curves
- * prime192v1 and prime256v1 defined in X9.62)
- */
- if (!strcmp(curve_name, "secp192r1"))
- {
- BIO_printf(bio_err, "using curve name prime192v1 "
- "instead of secp192r1\n");
- nid = NID_X9_62_prime192v1;
- }
- else if (!strcmp(curve_name, "secp256r1"))
- {
- BIO_printf(bio_err, "using curve name prime256v1 "
- "instead of secp256r1\n");
- nid = NID_X9_62_prime256v1;
- }
- else
- nid = OBJ_sn2nid(curve_name);
-
- if (nid == 0)
- {
- BIO_printf(bio_err, "unknown curve name (%s)\n",
- curve_name);
- goto end;
- }
-
- group = EC_GROUP_new_by_curve_name(nid);
- if (group == NULL)
- {
- BIO_printf(bio_err, "unable to create curve (%s)\n",
- curve_name);
- goto end;
- }
- EC_GROUP_set_asn1_flag(group, asn1_flag);
- EC_GROUP_set_point_conversion_form(group, form);
- }
- else if (informat == FORMAT_ASN1)
- {
- group = d2i_ECPKParameters_bio(in, NULL);
- }
- else if (informat == FORMAT_PEM)
- {
- group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
- }
- else
- {
- BIO_printf(bio_err, "bad input format specified\n");
- goto end;
- }
-
- if (group == NULL)
- {
- BIO_printf(bio_err,
- "unable to load elliptic curve parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (new_form)
- EC_GROUP_set_point_conversion_form(group, form);
-
- if (new_asn1_flag)
- EC_GROUP_set_asn1_flag(group, asn1_flag);
-
- if (no_seed)
- {
- EC_GROUP_set_seed(group, NULL, 0);
- }
-
- if (text)
- {
- if (!ECPKParameters_print(out, group, 0))
- goto end;
- }
-
- if (check)
- {
- if (group == NULL)
- BIO_printf(bio_err, "no elliptic curve parameters\n");
- BIO_printf(bio_err, "checking elliptic curve parameters: ");
- if (!EC_GROUP_check(group, NULL))
- {
- BIO_printf(bio_err, "failed\n");
- ERR_print_errors(bio_err);
- }
- else
- BIO_printf(bio_err, "ok\n");
-
- }
-
- if (C)
- {
- size_t buf_len = 0, tmp_len = 0;
- const EC_POINT *point;
- int is_prime, len = 0;
- const EC_METHOD *meth = EC_GROUP_method_of(group);
-
- if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
- (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
- (ec_order = BN_new()) == NULL ||
- (ec_cofactor = BN_new()) == NULL )
- {
- perror("OPENSSL_malloc");
- goto end;
- }
-
- is_prime = (EC_METHOD_get_field_type(meth) ==
- NID_X9_62_prime_field);
-
- if (is_prime)
- {
- if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
- ec_b, NULL))
- goto end;
- }
- else
- {
- /* TODO */
- goto end;
- }
-
- if ((point = EC_GROUP_get0_generator(group)) == NULL)
- goto end;
- if (!EC_POINT_point2bn(group, point,
- EC_GROUP_get_point_conversion_form(group), ec_gen,
- NULL))
- goto end;
- if (!EC_GROUP_get_order(group, ec_order, NULL))
- goto end;
- if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
- goto end;
-
- if (!ec_p || !ec_a || !ec_b || !ec_gen ||
- !ec_order || !ec_cofactor)
- goto end;
-
- len = BN_num_bits(ec_order);
-
- if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
- buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
- buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
- buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
- buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
- buf_len = tmp_len;
- if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
- buf_len = tmp_len;
-
- buffer = (unsigned char *)OPENSSL_malloc(buf_len);
-
- if (buffer == NULL)
- {
- perror("OPENSSL_malloc");
- goto end;
- }
-
- ecparam_print_var(out, ec_p, "ec_p", len, buffer);
- ecparam_print_var(out, ec_a, "ec_a", len, buffer);
- ecparam_print_var(out, ec_b, "ec_b", len, buffer);
- ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
- ecparam_print_var(out, ec_order, "ec_order", len, buffer);
- ecparam_print_var(out, ec_cofactor, "ec_cofactor", len,
- buffer);
-
- BIO_printf(out, "\n\n");
-
- BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);
- BIO_printf(out, "\tint ok=0;\n");
- BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
- BIO_printf(out, "\tEC_POINT *point = NULL;\n");
- BIO_printf(out, "\tBIGNUM *tmp_1 = NULL, *tmp_2 = NULL, "
- "*tmp_3 = NULL;\n\n");
- BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
- "sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
- "goto err;\n", len, len);
- BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
- "sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
- "goto err;\n", len, len);
- BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
- "sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
- "goto err;\n", len, len);
- if (is_prime)
- {
- BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
- "GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
- "\n\t\tgoto err;\n\n");
- }
- else
- {
- /* TODO */
- goto end;
- }
- BIO_printf(out, "\t/* build generator */\n");
- BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
- "sizeof(ec_gen_%d), tmp_1)) == NULL)"
- "\n\t\tgoto err;\n", len, len);
- BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
- "NULL, NULL);\n");
- BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
- BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
- "sizeof(ec_order_%d), tmp_2)) == NULL)"
- "\n\t\tgoto err;\n", len, len);
- BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
- "sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
- "\n\t\tgoto err;\n", len, len);
- BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
- " tmp_2, tmp_3))\n\t\tgoto err;\n");
- BIO_printf(out, "\n\tok=1;\n");
- BIO_printf(out, "err:\n");
- BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
- BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");
- BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");
- BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");
- BIO_printf(out, "\tif (!ok)\n");
- BIO_printf(out, "\t\t{\n");
- BIO_printf(out, "\t\tEC_GROUP_free(group);\n");
- BIO_printf(out, "\t\tgroup = NULL;\n");
- BIO_printf(out, "\t\t}\n");
- BIO_printf(out, "\treturn(group);\n\t}\n");
- }
-
- if (!noout)
- {
- if (outformat == FORMAT_ASN1)
- i = i2d_ECPKParameters_bio(out, group);
- else if (outformat == FORMAT_PEM)
- i = PEM_write_bio_ECPKParameters(out, group);
- else
- {
- BIO_printf(bio_err,"bad output format specified for"
- " outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err, "unable to write elliptic "
- "curve parameters\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (need_rand)
- {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
- if (genkey)
- {
- EC_KEY *eckey = EC_KEY_new();
-
- if (eckey == NULL)
- goto end;
-
- assert(need_rand);
-
- if (EC_KEY_set_group(eckey, group) == 0)
- goto end;
-
- if (!EC_KEY_generate_key(eckey))
- {
- EC_KEY_free(eckey);
- goto end;
- }
- if (outformat == FORMAT_ASN1)
- i = i2d_ECPrivateKey_bio(out, eckey);
- else if (outformat == FORMAT_PEM)
- i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
- NULL, 0, NULL, NULL);
- else
- {
- BIO_printf(bio_err, "bad output format specified "
- "for outfile\n");
- EC_KEY_free(eckey);
- goto end;
- }
- EC_KEY_free(eckey);
- }
-
- if (need_rand)
- app_RAND_write_file(NULL, bio_err);
-
- ret=0;
-end:
- if (ec_p)
- BN_free(ec_p);
- if (ec_a)
- BN_free(ec_a);
- if (ec_b)
- BN_free(ec_b);
- if (ec_gen)
- BN_free(ec_gen);
- if (ec_order)
- BN_free(ec_order);
- if (ec_cofactor)
- BN_free(ec_cofactor);
- if (buffer)
- OPENSSL_free(buffer);
- if (in != NULL)
- BIO_free(in);
- if (out != NULL)
- BIO_free_all(out);
- if (group != NULL)
- EC_GROUP_free(group);
- apps_shutdown();
- OPENSSL_EXIT(ret);
-}
-
-static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
- int len, unsigned char *buffer)
- {
- BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
- if (BN_is_zero(in))
- BIO_printf(out, "\n\t0x00");
- else
- {
- int i, l;
-
- l = BN_bn2bin(in, buffer);
- for (i=0; i<l-1; i++)
- {
- if ((i%12) == 0)
- BIO_printf(out, "\n\t");
- BIO_printf(out, "0x%02X,", buffer[i]);
- }
- if ((i%12) == 0)
- BIO_printf(out, "\n\t");
- BIO_printf(out, "0x%02X", buffer[i]);
- }
- BIO_printf(out, "\n\t};\n\n");
- return 1;
- }
-#endif
diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c
deleted file mode 100644
index a41ea80..0000000
--- a/crypto/openssl/apps/enc.c
+++ /dev/null
@@ -1,681 +0,0 @@
-/* apps/enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/rand.h>
-#include <openssl/pem.h>
-#include <ctype.h>
-
-int set_hex(char *in,unsigned char *out,int size);
-#undef SIZE
-#undef BSIZE
-#undef PROG
-
-#define SIZE (512)
-#define BSIZE (8*1024)
-#define PROG enc_main
-
-static void show_ciphers(const OBJ_NAME *name,void *bio_)
- {
- BIO *bio=bio_;
- static int n;
-
- if(!islower((unsigned char)*name->name))
- return;
-
- BIO_printf(bio,"-%-25s",name->name);
- if(++n == 3)
- {
- BIO_printf(bio,"\n");
- n=0;
- }
- else
- BIO_printf(bio," ");
- }
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-#endif
- static const char magic[]="Salted__";
- char mbuf[sizeof magic-1];
- char *strbuf=NULL;
- unsigned char *buff=NULL,*bufsize=NULL;
- int bsize=BSIZE,verbose=0;
- int ret=1,inl;
- int nopad = 0;
- unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
- unsigned char salt[PKCS5_SALT_LEN];
- char *str=NULL, *passarg = NULL, *pass = NULL;
- char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
- char *md=NULL;
- int enc=1,printkey=0,i,base64=0;
- int debug=0,olb64=0,nosalt=0;
- const EVP_CIPHER *cipher=NULL,*c;
- EVP_CIPHER_CTX *ctx = NULL;
- char *inf=NULL,*outf=NULL;
- BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
-#define PROG_NAME_SIZE 39
- char pname[PROG_NAME_SIZE+1];
-#ifndef OPENSSL_NO_ENGINE
- char *engine = NULL;
-#endif
- const EVP_MD *dgst=NULL;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- /* first check the program name */
- program_name(argv[0],pname,sizeof pname);
- if (strcmp(pname,"base64") == 0)
- base64=1;
-
- cipher=EVP_get_cipherbyname(pname);
- if (!base64 && (cipher == NULL) && (strcmp(pname,"enc") != 0))
- {
- BIO_printf(bio_err,"%s is an unknown cipher\n",pname);
- goto bad;
- }
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-e") == 0)
- enc=1;
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- inf= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outf= *(++argv);
- }
- else if (strcmp(*argv,"-pass") == 0)
- {
- if (--argc < 1) goto bad;
- passarg= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-d") == 0)
- enc=0;
- else if (strcmp(*argv,"-p") == 0)
- printkey=1;
- else if (strcmp(*argv,"-v") == 0)
- verbose=1;
- else if (strcmp(*argv,"-nopad") == 0)
- nopad=1;
- else if (strcmp(*argv,"-salt") == 0)
- nosalt=0;
- else if (strcmp(*argv,"-nosalt") == 0)
- nosalt=1;
- else if (strcmp(*argv,"-debug") == 0)
- debug=1;
- else if (strcmp(*argv,"-P") == 0)
- printkey=2;
- else if (strcmp(*argv,"-A") == 0)
- olb64=1;
- else if (strcmp(*argv,"-a") == 0)
- base64=1;
- else if (strcmp(*argv,"-base64") == 0)
- base64=1;
- else if (strcmp(*argv,"-bufsize") == 0)
- {
- if (--argc < 1) goto bad;
- bufsize=(unsigned char *)*(++argv);
- }
- else if (strcmp(*argv,"-k") == 0)
- {
- if (--argc < 1) goto bad;
- str= *(++argv);
- }
- else if (strcmp(*argv,"-kfile") == 0)
- {
- static char buf[128];
- FILE *infile;
- char *file;
-
- if (--argc < 1) goto bad;
- file= *(++argv);
- infile=fopen(file,"r");
- if (infile == NULL)
- {
- BIO_printf(bio_err,"unable to read key from '%s'\n",
- file);
- goto bad;
- }
- buf[0]='\0';
- fgets(buf,sizeof buf,infile);
- fclose(infile);
- i=strlen(buf);
- if ((i > 0) &&
- ((buf[i-1] == '\n') || (buf[i-1] == '\r')))
- buf[--i]='\0';
- if ((i > 0) &&
- ((buf[i-1] == '\n') || (buf[i-1] == '\r')))
- buf[--i]='\0';
- if (i < 1)
- {
- BIO_printf(bio_err,"zero length password\n");
- goto bad;
- }
- str=buf;
- }
- else if (strcmp(*argv,"-K") == 0)
- {
- if (--argc < 1) goto bad;
- hkey= *(++argv);
- }
- else if (strcmp(*argv,"-S") == 0)
- {
- if (--argc < 1) goto bad;
- hsalt= *(++argv);
- }
- else if (strcmp(*argv,"-iv") == 0)
- {
- if (--argc < 1) goto bad;
- hiv= *(++argv);
- }
- else if (strcmp(*argv,"-md") == 0)
- {
- if (--argc < 1) goto bad;
- md= *(++argv);
- }
- else if ((argv[0][0] == '-') &&
- ((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
- {
- cipher=c;
- }
- else if (strcmp(*argv,"-none") == 0)
- cipher=NULL;
- else
- {
- BIO_printf(bio_err,"unknown option '%s'\n",*argv);
-bad:
- BIO_printf(bio_err,"options are\n");
- BIO_printf(bio_err,"%-14s input file\n","-in <file>");
- BIO_printf(bio_err,"%-14s output file\n","-out <file>");
- BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
- BIO_printf(bio_err,"%-14s encrypt\n","-e");
- BIO_printf(bio_err,"%-14s decrypt\n","-d");
- BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
- BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
- BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
- BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
- BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n","");
- BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
- BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
- BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
-#endif
-
- BIO_printf(bio_err,"Cipher Types\n");
- OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
- show_ciphers,
- bio_err);
- BIO_printf(bio_err,"\n");
-
- goto end;
- }
- argc--;
- argv++;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
- {
- BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
- goto end;
- }
-
- if (dgst == NULL)
- {
- dgst = EVP_md5();
- }
-
- if (bufsize != NULL)
- {
- unsigned long n;
-
- for (n=0; *bufsize; bufsize++)
- {
- i= *bufsize;
- if ((i <= '9') && (i >= '0'))
- n=n*10+i-'0';
- else if (i == 'k')
- {
- n*=1024;
- bufsize++;
- break;
- }
- }
- if (*bufsize != '\0')
- {
- BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
- goto end;
- }
-
- /* It must be large enough for a base64 encoded line */
- if (base64 && n < 80) n=80;
-
- bsize=(int)n;
- if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
- }
-
- strbuf=OPENSSL_malloc(SIZE);
- buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
- if ((buff == NULL) || (strbuf == NULL))
- {
- BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
- goto end;
- }
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (debug)
- {
- BIO_set_callback(in,BIO_debug_callback);
- BIO_set_callback(out,BIO_debug_callback);
- BIO_set_callback_arg(in,(char *)bio_err);
- BIO_set_callback_arg(out,(char *)bio_err);
- }
-
- if (inf == NULL)
- {
- if (bufsize != NULL)
- setvbuf(stdin, (char *)NULL, _IONBF, 0);
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- }
- else
- {
- if (BIO_read_filename(in,inf) <= 0)
- {
- perror(inf);
- goto end;
- }
- }
-
- if(!str && passarg) {
- if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
- str = pass;
- }
-
- if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
- {
- for (;;)
- {
- char buf[200];
-
- BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
- OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
- (enc)?"encryption":"decryption");
- strbuf[0]='\0';
- i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
- if (i == 0)
- {
- if (strbuf[0] == '\0')
- {
- ret=1;
- goto end;
- }
- str=strbuf;
- break;
- }
- if (i < 0)
- {
- BIO_printf(bio_err,"bad password read\n");
- goto end;
- }
- }
- }
-
-
- if (outf == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
- if (bufsize != NULL)
- setvbuf(stdout, (char *)NULL, _IONBF, 0);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outf) <= 0)
- {
- perror(outf);
- goto end;
- }
- }
-
- rbio=in;
- wbio=out;
-
- if (base64)
- {
- if ((b64=BIO_new(BIO_f_base64())) == NULL)
- goto end;
- if (debug)
- {
- BIO_set_callback(b64,BIO_debug_callback);
- BIO_set_callback_arg(b64,(char *)bio_err);
- }
- if (olb64)
- BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
- if (enc)
- wbio=BIO_push(b64,wbio);
- else
- rbio=BIO_push(b64,rbio);
- }
-
- if (cipher != NULL)
- {
- /* Note that str is NULL if a key was passed on the command
- * line, so we get no salt in that case. Is this a bug?
- */
- if (str != NULL)
- {
- /* Salt handling: if encrypting generate a salt and
- * write to output BIO. If decrypting read salt from
- * input BIO.
- */
- unsigned char *sptr;
- if(nosalt) sptr = NULL;
- else {
- if(enc) {
- if(hsalt) {
- if(!set_hex(hsalt,salt,sizeof salt)) {
- BIO_printf(bio_err,
- "invalid hex salt value\n");
- goto end;
- }
- } else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
- goto end;
- /* If -P option then don't bother writing */
- if((printkey != 2)
- && (BIO_write(wbio,magic,
- sizeof magic-1) != sizeof magic-1
- || BIO_write(wbio,
- (char *)salt,
- sizeof salt) != sizeof salt)) {
- BIO_printf(bio_err,"error writing output file\n");
- goto end;
- }
- } else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
- || BIO_read(rbio,
- (unsigned char *)salt,
- sizeof salt) != sizeof salt) {
- BIO_printf(bio_err,"error reading input file\n");
- goto end;
- } else if(memcmp(mbuf,magic,sizeof magic-1)) {
- BIO_printf(bio_err,"bad magic number\n");
- goto end;
- }
-
- sptr = salt;
- }
-
- EVP_BytesToKey(cipher,dgst,sptr,
- (unsigned char *)str,
- strlen(str),1,key,iv);
- /* zero the complete buffer or the string
- * passed from the command line
- * bug picked up by
- * Larry J. Hughes Jr. <hughes@indiana.edu> */
- if (str == strbuf)
- OPENSSL_cleanse(str,SIZE);
- else
- OPENSSL_cleanse(str,strlen(str));
- }
- if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
- {
- BIO_printf(bio_err,"invalid hex iv value\n");
- goto end;
- }
- if ((hiv == NULL) && (str == NULL))
- {
- /* No IV was explicitly set and no IV was generated
- * during EVP_BytesToKey. Hence the IV is undefined,
- * making correct decryption impossible. */
- BIO_printf(bio_err, "iv undefined\n");
- goto end;
- }
- if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
- {
- BIO_printf(bio_err,"invalid hex key value\n");
- goto end;
- }
-
- if ((benc=BIO_new(BIO_f_cipher())) == NULL)
- goto end;
-
- /* Since we may be changing parameters work on the encryption
- * context rather than calling BIO_set_cipher().
- */
-
- BIO_get_cipher_ctx(benc, &ctx);
- if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
- {
- BIO_printf(bio_err, "Error setting cipher %s\n",
- EVP_CIPHER_name(cipher));
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (nopad)
- EVP_CIPHER_CTX_set_padding(ctx, 0);
-
- if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
- {
- BIO_printf(bio_err, "Error setting cipher %s\n",
- EVP_CIPHER_name(cipher));
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (debug)
- {
- BIO_set_callback(benc,BIO_debug_callback);
- BIO_set_callback_arg(benc,(char *)bio_err);
- }
-
- if (printkey)
- {
- if (!nosalt)
- {
- printf("salt=");
- for (i=0; i<(int)sizeof(salt); i++)
- printf("%02X",salt[i]);
- printf("\n");
- }
- if (cipher->key_len > 0)
- {
- printf("key=");
- for (i=0; i<cipher->key_len; i++)
- printf("%02X",key[i]);
- printf("\n");
- }
- if (cipher->iv_len > 0)
- {
- printf("iv =");
- for (i=0; i<cipher->iv_len; i++)
- printf("%02X",iv[i]);
- printf("\n");
- }
- if (printkey == 2)
- {
- ret=0;
- goto end;
- }
- }
- }
-
- /* Only encrypt/decrypt as we write the file */
- if (benc != NULL)
- wbio=BIO_push(benc,wbio);
-
- for (;;)
- {
- inl=BIO_read(rbio,(char *)buff,bsize);
- if (inl <= 0) break;
- if (BIO_write(wbio,(char *)buff,inl) != inl)
- {
- BIO_printf(bio_err,"error writing output file\n");
- goto end;
- }
- }
- if (!BIO_flush(wbio))
- {
- BIO_printf(bio_err,"bad decrypt\n");
- goto end;
- }
-
- ret=0;
- if (verbose)
- {
- BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in));
- BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
- }
-end:
- ERR_print_errors(bio_err);
- if (strbuf != NULL) OPENSSL_free(strbuf);
- if (buff != NULL) OPENSSL_free(buff);
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (benc != NULL) BIO_free(benc);
- if (b64 != NULL) BIO_free(b64);
- if(pass) OPENSSL_free(pass);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-int set_hex(char *in, unsigned char *out, int size)
- {
- int i,n;
- unsigned char j;
-
- n=strlen(in);
- if (n > (size*2))
- {
- BIO_printf(bio_err,"hex string is too long\n");
- return(0);
- }
- memset(out,0,size);
- for (i=0; i<n; i++)
- {
- j=(unsigned char)*in;
- *(in++)='\0';
- if (j == 0) break;
- if ((j >= '0') && (j <= '9'))
- j-='0';
- else if ((j >= 'A') && (j <= 'F'))
- j=j-'A'+10;
- else if ((j >= 'a') && (j <= 'f'))
- j=j-'a'+10;
- else
- {
- BIO_printf(bio_err,"non-hex digit\n");
- return(0);
- }
- if (i&1)
- out[i/2]|=j;
- else
- out[i/2]=(j<<4);
- }
- return(1);
- }
diff --git a/crypto/openssl/apps/engine.c b/crypto/openssl/apps/engine.c
deleted file mode 100644
index 25c8617..0000000
--- a/crypto/openssl/apps/engine.c
+++ /dev/null
@@ -1,542 +0,0 @@
-/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef OPENSSL_NO_ENGINE
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/engine.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG engine_main
-
-static const char *engine_usage[]={
-"usage: engine opts [engine ...]\n",
-" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
-" -vv will additionally display each command's description\n",
-" -vvv will also add the input flags for each command\n",
-" -vvvv will also show internal input flags\n",
-" -c - for each engine, also list the capabilities\n",
-" -t[t] - for each engine, check that they are really available\n",
-" -tt will display error trace for unavailable engines\n",
-" -pre <cmd> - runs command 'cmd' against the ENGINE before any attempts\n",
-" to load it (if -t is used)\n",
-" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
-" (only used if -t is also provided)\n",
-" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
-" line, or all supported ENGINEs if none are specified.\n",
-" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
-" argument \"/lib/libdriver.so\".\n",
-NULL
-};
-
-static void identity(void *ptr)
- {
- return;
- }
-
-static int append_buf(char **buf, const char *s, int *size, int step)
- {
- int l = strlen(s);
-
- if (*buf == NULL)
- {
- *size = step;
- *buf = OPENSSL_malloc(*size);
- if (*buf == NULL)
- return 0;
- **buf = '\0';
- }
-
- if (**buf != '\0')
- l += 2; /* ", " */
-
- if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
- {
- *size += step;
- *buf = OPENSSL_realloc(*buf, *size);
- }
-
- if (*buf == NULL)
- return 0;
-
- if (**buf != '\0')
- BUF_strlcat(*buf, ", ", *size);
- BUF_strlcat(*buf, s, *size);
-
- return 1;
- }
-
-static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
- {
- int started = 0, err = 0;
- /* Indent before displaying input flags */
- BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
- if(flags == 0)
- {
- BIO_printf(bio_out, "<no flags>\n");
- return 1;
- }
- /* If the object is internal, mark it in a way that shows instead of
- * having it part of all the other flags, even if it really is. */
- if(flags & ENGINE_CMD_FLAG_INTERNAL)
- {
- BIO_printf(bio_out, "[Internal] ");
- }
-
- if(flags & ENGINE_CMD_FLAG_NUMERIC)
- {
- if(started)
- {
- BIO_printf(bio_out, "|");
- err = 1;
- }
- BIO_printf(bio_out, "NUMERIC");
- started = 1;
- }
- /* Now we check that no combinations of the mutually exclusive NUMERIC,
- * STRING, and NO_INPUT flags have been used. Future flags that can be
- * OR'd together with these would need to added after these to preserve
- * the testing logic. */
- if(flags & ENGINE_CMD_FLAG_STRING)
- {
- if(started)
- {
- BIO_printf(bio_out, "|");
- err = 1;
- }
- BIO_printf(bio_out, "STRING");
- started = 1;
- }
- if(flags & ENGINE_CMD_FLAG_NO_INPUT)
- {
- if(started)
- {
- BIO_printf(bio_out, "|");
- err = 1;
- }
- BIO_printf(bio_out, "NO_INPUT");
- started = 1;
- }
- /* Check for unknown flags */
- flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
- ~ENGINE_CMD_FLAG_STRING &
- ~ENGINE_CMD_FLAG_NO_INPUT &
- ~ENGINE_CMD_FLAG_INTERNAL;
- if(flags)
- {
- if(started) BIO_printf(bio_out, "|");
- BIO_printf(bio_out, "<0x%04X>", flags);
- }
- if(err)
- BIO_printf(bio_out, " <illegal flags!>");
- BIO_printf(bio_out, "\n");
- return 1;
- }
-
-static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)
- {
- static const int line_wrap = 78;
- int num;
- int ret = 0;
- char *name = NULL;
- char *desc = NULL;
- int flags;
- int xpos = 0;
- STACK *cmds = NULL;
- if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
- ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
- 0, NULL, NULL)) <= 0))
- {
-#if 0
- BIO_printf(bio_out, "%s<no control commands>\n", indent);
-#endif
- return 1;
- }
-
- cmds = sk_new_null();
-
- if(!cmds)
- goto err;
- do {
- int len;
- /* Get the command input flags */
- if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
- NULL, NULL)) < 0)
- goto err;
- if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)
- {
- /* Get the command name */
- if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
- NULL, NULL)) <= 0)
- goto err;
- if((name = OPENSSL_malloc(len + 1)) == NULL)
- goto err;
- if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
- NULL) <= 0)
- goto err;
- /* Get the command description */
- if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
- NULL, NULL)) < 0)
- goto err;
- if(len > 0)
- {
- if((desc = OPENSSL_malloc(len + 1)) == NULL)
- goto err;
- if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
- NULL) <= 0)
- goto err;
- }
- /* Now decide on the output */
- if(xpos == 0)
- /* Do an indent */
- xpos = BIO_printf(bio_out, indent);
- else
- /* Otherwise prepend a ", " */
- xpos += BIO_printf(bio_out, ", ");
- if(verbose == 1)
- {
- /* We're just listing names, comma-delimited */
- if((xpos > (int)strlen(indent)) &&
- (xpos + (int)strlen(name) > line_wrap))
- {
- BIO_printf(bio_out, "\n");
- xpos = BIO_printf(bio_out, indent);
- }
- xpos += BIO_printf(bio_out, "%s", name);
- }
- else
- {
- /* We're listing names plus descriptions */
- BIO_printf(bio_out, "%s: %s\n", name,
- (desc == NULL) ? "<no description>" : desc);
- /* ... and sometimes input flags */
- if((verbose >= 3) && !util_flags(bio_out, flags,
- indent))
- goto err;
- xpos = 0;
- }
- }
- OPENSSL_free(name); name = NULL;
- if(desc) { OPENSSL_free(desc); desc = NULL; }
- /* Move to the next command */
- num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
- num, NULL, NULL);
- } while(num > 0);
- if(xpos > 0)
- BIO_printf(bio_out, "\n");
- ret = 1;
-err:
- if(cmds) sk_pop_free(cmds, identity);
- if(name) OPENSSL_free(name);
- if(desc) OPENSSL_free(desc);
- return ret;
- }
-
-static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent)
- {
- int loop, res, num = sk_num(cmds);
- if(num < 0)
- {
- BIO_printf(bio_out, "[Error]: internal stack error\n");
- return;
- }
- for(loop = 0; loop < num; loop++)
- {
- char buf[256];
- const char *cmd, *arg;
- cmd = sk_value(cmds, loop);
- res = 1; /* assume success */
- /* Check if this command has no ":arg" */
- if((arg = strstr(cmd, ":")) == NULL)
- {
- if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
- res = 0;
- }
- else
- {
- if((int)(arg - cmd) > 254)
- {
- BIO_printf(bio_out,"[Error]: command name too long\n");
- return;
- }
- memcpy(buf, cmd, (int)(arg - cmd));
- buf[arg-cmd] = '\0';
- arg++; /* Move past the ":" */
- /* Call the command with the argument */
- if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
- res = 0;
- }
- if(res)
- BIO_printf(bio_out, "[Success]: %s\n", cmd);
- else
- {
- BIO_printf(bio_out, "[Failure]: %s\n", cmd);
- ERR_print_errors(bio_out);
- }
- }
- }
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int ret=1,i;
- const char **pp;
- int verbose=0, list_cap=0, test_avail=0, test_avail_noise = 0;
- ENGINE *e;
- STACK *engines = sk_new_null();
- STACK *pre_cmds = sk_new_null();
- STACK *post_cmds = sk_new_null();
- int badops=1;
- BIO *bio_out=NULL;
- const char *indent = " ";
-
- apps_startup();
- SSL_load_error_strings();
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
- bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- bio_out = BIO_push(tmpbio, bio_out);
- }
-#endif
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strncmp(*argv,"-v",2) == 0)
- {
- if(strspn(*argv + 1, "v") < strlen(*argv + 1))
- goto skip_arg_loop;
- if((verbose=strlen(*argv + 1)) > 4)
- goto skip_arg_loop;
- }
- else if (strcmp(*argv,"-c") == 0)
- list_cap=1;
- else if (strncmp(*argv,"-t",2) == 0)
- {
- test_avail=1;
- if(strspn(*argv + 1, "t") < strlen(*argv + 1))
- goto skip_arg_loop;
- if((test_avail_noise = strlen(*argv + 1) - 1) > 1)
- goto skip_arg_loop;
- }
- else if (strcmp(*argv,"-pre") == 0)
- {
- argc--; argv++;
- if (argc == 0)
- goto skip_arg_loop;
- sk_push(pre_cmds,*argv);
- }
- else if (strcmp(*argv,"-post") == 0)
- {
- argc--; argv++;
- if (argc == 0)
- goto skip_arg_loop;
- sk_push(post_cmds,*argv);
- }
- else if ((strncmp(*argv,"-h",2) == 0) ||
- (strcmp(*argv,"-?") == 0))
- goto skip_arg_loop;
- else
- sk_push(engines,*argv);
- argc--;
- argv++;
- }
- /* Looks like everything went OK */
- badops = 0;
-skip_arg_loop:
-
- if (badops)
- {
- for (pp=engine_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
- goto end;
- }
-
- if (sk_num(engines) == 0)
- {
- for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
- {
- sk_push(engines,(char *)ENGINE_get_id(e));
- }
- }
-
- for (i=0; i<sk_num(engines); i++)
- {
- const char *id = sk_value(engines,i);
- if ((e = ENGINE_by_id(id)) != NULL)
- {
- const char *name = ENGINE_get_name(e);
- /* Do "id" first, then "name". Easier to auto-parse. */
- BIO_printf(bio_out, "(%s) %s\n", id, name);
- util_do_cmds(e, pre_cmds, bio_out, indent);
- if (strcmp(ENGINE_get_id(e), id) != 0)
- {
- BIO_printf(bio_out, "Loaded: (%s) %s\n",
- ENGINE_get_id(e), ENGINE_get_name(e));
- }
- if (list_cap)
- {
- int cap_size = 256;
- char *cap_buf = NULL;
- int k,n;
- const int *nids;
- ENGINE_CIPHERS_PTR fn_c;
- ENGINE_DIGESTS_PTR fn_d;
-
- if (ENGINE_get_RSA(e) != NULL
- && !append_buf(&cap_buf, "RSA",
- &cap_size, 256))
- goto end;
- if (ENGINE_get_DSA(e) != NULL
- && !append_buf(&cap_buf, "DSA",
- &cap_size, 256))
- goto end;
- if (ENGINE_get_DH(e) != NULL
- && !append_buf(&cap_buf, "DH",
- &cap_size, 256))
- goto end;
- if (ENGINE_get_RAND(e) != NULL
- && !append_buf(&cap_buf, "RAND",
- &cap_size, 256))
- goto end;
-
- fn_c = ENGINE_get_ciphers(e);
- if(!fn_c) goto skip_ciphers;
- n = fn_c(e, NULL, &nids, 0);
- for(k=0 ; k < n ; ++k)
- if(!append_buf(&cap_buf,
- OBJ_nid2sn(nids[k]),
- &cap_size, 256))
- goto end;
-
-skip_ciphers:
- fn_d = ENGINE_get_digests(e);
- if(!fn_d) goto skip_digests;
- n = fn_d(e, NULL, &nids, 0);
- for(k=0 ; k < n ; ++k)
- if(!append_buf(&cap_buf,
- OBJ_nid2sn(nids[k]),
- &cap_size, 256))
- goto end;
-
-skip_digests:
- if (cap_buf && (*cap_buf != '\0'))
- BIO_printf(bio_out, " [%s]\n", cap_buf);
-
- OPENSSL_free(cap_buf);
- }
- if(test_avail)
- {
- BIO_printf(bio_out, "%s", indent);
- if (ENGINE_init(e))
- {
- BIO_printf(bio_out, "[ available ]\n");
- util_do_cmds(e, post_cmds, bio_out, indent);
- ENGINE_finish(e);
- }
- else
- {
- BIO_printf(bio_out, "[ unavailable ]\n");
- if(test_avail_noise)
- ERR_print_errors_fp(stdout);
- ERR_clear_error();
- }
- }
- if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
- goto end;
- ENGINE_free(e);
- }
- else
- ERR_print_errors(bio_err);
- }
-
- ret=0;
-end:
-
- ERR_print_errors(bio_err);
- sk_pop_free(engines, identity);
- sk_pop_free(pre_cmds, identity);
- sk_pop_free(post_cmds, identity);
- if (bio_out != NULL) BIO_free_all(bio_out);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-#else
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/apps/errstr.c b/crypto/openssl/apps/errstr.c
deleted file mode 100644
index 19489b0..0000000
--- a/crypto/openssl/apps/errstr.c
+++ /dev/null
@@ -1,126 +0,0 @@
-/* apps/errstr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/lhash.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG errstr_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int i,ret=0;
- char buf[256];
- unsigned long l;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- SSL_load_error_strings();
-
- if ((argc > 1) && (strcmp(argv[1],"-stats") == 0))
- {
- BIO *out=NULL;
-
- out=BIO_new(BIO_s_file());
- if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
- {
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
- lh_stats_bio((LHASH *)ERR_get_string_table(),out);
- lh_node_usage_stats_bio((LHASH *)
- ERR_get_string_table(),out);
- }
- if (out != NULL) BIO_free_all(out);
- argc--;
- argv++;
- }
-
- for (i=1; i<argc; i++)
- {
- if (sscanf(argv[i],"%lx",&l))
- {
- ERR_error_string_n(l, buf, sizeof buf);
- printf("%s\n",buf);
- }
- else
- {
- printf("%s: bad error code\n",argv[i]);
- printf("usage: errstr [-stats] <errno> ...\n");
- ret++;
- }
- }
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
diff --git a/crypto/openssl/apps/gendh.c b/crypto/openssl/apps/gendh.c
deleted file mode 100644
index 4749786..0000000
--- a/crypto/openssl/apps/gendh.c
+++ /dev/null
@@ -1,238 +0,0 @@
-/* apps/gendh.c */
-/* obsoleted by dhparam.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#ifndef OPENSSL_NO_DH
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#define DEFBITS 512
-#undef PROG
-#define PROG gendh_main
-
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- BN_GENCB cb;
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-#endif
- DH *dh=NULL;
- int ret=1,num=DEFBITS;
- int g=2;
- char *outfile=NULL;
- char *inrand=NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
- BIO *out=NULL;
-
- apps_startup();
-
- BN_GENCB_set(&cb, dh_cb, bio_err);
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- argv++;
- argc--;
- for (;;)
- {
- if (argc <= 0) break;
- if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-2") == 0)
- g=2;
- /* else if (strcmp(*argv,"-3") == 0)
- g=3; */
- else if (strcmp(*argv,"-5") == 0)
- g=5;
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
- else
- break;
- argv++;
- argc--;
- }
- if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
- {
-bad:
- BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
- BIO_printf(bio_err," -out file - output the key to 'file\n");
- BIO_printf(bio_err," -2 - use 2 as the generator value\n");
- /* BIO_printf(bio_err," -3 - use 3 as the generator value\n"); */
- BIO_printf(bio_err," -5 - use 5 as the generator value\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
- BIO_printf(bio_err," the random number generator\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
- BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
- BIO_printf(bio_err,"This is going to take a long time\n");
-
- if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
- goto end;
-
- app_RAND_write_file(NULL, bio_err);
-
- if (!PEM_write_bio_DHparams(out,dh))
- goto end;
- ret=0;
-end:
- if (ret != 0)
- ERR_print_errors(bio_err);
- if (out != NULL) BIO_free_all(out);
- if (dh != NULL) DH_free(dh);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write(cb->arg,&c,1);
- (void)BIO_flush(cb->arg);
-#ifdef LINT
- p=n;
-#endif
- return 1;
- }
-#endif
diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c
deleted file mode 100644
index 936a42b..0000000
--- a/crypto/openssl/apps/gendsa.c
+++ /dev/null
@@ -1,274 +0,0 @@
-/* apps/gendsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h> /* for OPENSSL_NO_DSA */
-#ifndef OPENSSL_NO_DSA
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#define DEFBITS 512
-#undef PROG
-#define PROG gendsa_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-#endif
- DSA *dsa=NULL;
- int ret=1;
- char *outfile=NULL;
- char *inrand=NULL,*dsaparams=NULL;
- char *passargout = NULL, *passout = NULL;
- BIO *out=NULL,*in=NULL;
- const EVP_CIPHER *enc=NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- argv++;
- argc--;
- for (;;)
- {
- if (argc <= 0) break;
- if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
- else if (strcmp(*argv,"-") == 0)
- goto bad;
-#ifndef OPENSSL_NO_DES
- else if (strcmp(*argv,"-des") == 0)
- enc=EVP_des_cbc();
- else if (strcmp(*argv,"-des3") == 0)
- enc=EVP_des_ede3_cbc();
-#endif
-#ifndef OPENSSL_NO_IDEA
- else if (strcmp(*argv,"-idea") == 0)
- enc=EVP_idea_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
- else if (strcmp(*argv,"-aes128") == 0)
- enc=EVP_aes_128_cbc();
- else if (strcmp(*argv,"-aes192") == 0)
- enc=EVP_aes_192_cbc();
- else if (strcmp(*argv,"-aes256") == 0)
- enc=EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- else if (strcmp(*argv,"-camellia128") == 0)
- enc=EVP_camellia_128_cbc();
- else if (strcmp(*argv,"-camellia192") == 0)
- enc=EVP_camellia_192_cbc();
- else if (strcmp(*argv,"-camellia256") == 0)
- enc=EVP_camellia_256_cbc();
-#endif
- else if (**argv != '-' && dsaparams == NULL)
- {
- dsaparams = *argv;
- }
- else
- goto bad;
- argv++;
- argc--;
- }
-
- if (dsaparams == NULL)
- {
-bad:
- BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
- BIO_printf(bio_err," -out file - output the key to 'file'\n");
-#ifndef OPENSSL_NO_DES
- BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n");
- BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
-#endif
-#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
-#endif
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err," - load the file (or the files in the directory) into\n");
- BIO_printf(bio_err," the random number generator\n");
- BIO_printf(bio_err," dsaparam-file\n");
- BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
-
- in=BIO_new(BIO_s_file());
- if (!(BIO_read_filename(in,dsaparams)))
- {
- perror(dsaparams);
- goto end;
- }
-
- if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
- {
- BIO_printf(bio_err,"unable to load DSA parameter file\n");
- goto end;
- }
- BIO_free(in);
- in = NULL;
-
- out=BIO_new(BIO_s_file());
- if (out == NULL) goto end;
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
- BIO_printf(bio_err,"Generating DSA key, %d bits\n",
- BN_num_bits(dsa->p));
- if (!DSA_generate_key(dsa)) goto end;
-
- app_RAND_write_file(NULL, bio_err);
-
- if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout))
- goto end;
- ret=0;
-end:
- if (ret != 0)
- ERR_print_errors(bio_err);
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- if (dsa != NULL) DSA_free(dsa);
- if(passout) OPENSSL_free(passout);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-#endif
diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c
deleted file mode 100644
index d716a3c..0000000
--- a/crypto/openssl/apps/genrsa.c
+++ /dev/null
@@ -1,320 +0,0 @@
-/* apps/genrsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#ifndef OPENSSL_NO_RSA
-#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-
-#define DEFBITS 512
-#undef PROG
-#define PROG genrsa_main
-
-static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- BN_GENCB cb;
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-#endif
- int ret=1;
- int i,num=DEFBITS;
- long l;
- const EVP_CIPHER *enc=NULL;
- unsigned long f4=RSA_F4;
- char *outfile=NULL;
- char *passargout = NULL, *passout = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
- char *inrand=NULL;
- BIO *out=NULL;
- BIGNUM *bn = BN_new();
- RSA *rsa = RSA_new();
-
- if(!bn || !rsa) goto err;
-
- apps_startup();
- BN_GENCB_set(&cb, genrsa_cb, bio_err);
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto err;
- if ((out=BIO_new(BIO_s_file())) == NULL)
- {
- BIO_printf(bio_err,"unable to create BIO for output\n");
- goto err;
- }
-
- argv++;
- argc--;
- for (;;)
- {
- if (argc <= 0) break;
- if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-3") == 0)
- f4=3;
- else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
- f4=RSA_F4;
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
-#ifndef OPENSSL_NO_DES
- else if (strcmp(*argv,"-des") == 0)
- enc=EVP_des_cbc();
- else if (strcmp(*argv,"-des3") == 0)
- enc=EVP_des_ede3_cbc();
-#endif
-#ifndef OPENSSL_NO_IDEA
- else if (strcmp(*argv,"-idea") == 0)
- enc=EVP_idea_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
- else if (strcmp(*argv,"-aes128") == 0)
- enc=EVP_aes_128_cbc();
- else if (strcmp(*argv,"-aes192") == 0)
- enc=EVP_aes_192_cbc();
- else if (strcmp(*argv,"-aes256") == 0)
- enc=EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- else if (strcmp(*argv,"-camellia128") == 0)
- enc=EVP_camellia_128_cbc();
- else if (strcmp(*argv,"-camellia192") == 0)
- enc=EVP_camellia_192_cbc();
- else if (strcmp(*argv,"-camellia256") == 0)
- enc=EVP_camellia_256_cbc();
-#endif
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
- else
- break;
- argv++;
- argc--;
- }
- if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
- {
-bad:
- BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
- BIO_printf(bio_err," -des encrypt the generated key with DES in cbc mode\n");
- BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
-#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
-#endif
- BIO_printf(bio_err," -out file output the key to 'file\n");
- BIO_printf(bio_err," -passout arg output file pass phrase source\n");
- BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n");
- BIO_printf(bio_err," -3 use 3 for the E value\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err," load the file (or the files in the directory) into\n");
- BIO_printf(bio_err," the random number generator\n");
- goto err;
- }
-
- ERR_load_crypto_strings();
-
- if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
- BIO_printf(bio_err, "Error getting password\n");
- goto err;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto err;
- }
- }
-
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
- && !RAND_status())
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
- BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
- num);
-
- if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
- goto err;
-
- app_RAND_write_file(NULL, bio_err);
-
- /* We need to do the following for when the base number size is <
- * long, esp windows 3.1 :-(. */
- l=0L;
- for (i=0; i<rsa->e->top; i++)
- {
-#ifndef SIXTY_FOUR_BIT
- l<<=BN_BITS4;
- l<<=BN_BITS4;
-#endif
- l+=rsa->e->d[i];
- }
- BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
- {
- PW_CB_DATA cb_data;
- cb_data.password = passout;
- cb_data.prompt_info = outfile;
- if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,
- (pem_password_cb *)password_callback,&cb_data))
- goto err;
- }
-
- ret=0;
-err:
- if (bn) BN_free(bn);
- if (rsa) RSA_free(rsa);
- if (out) BIO_free_all(out);
- if(passout) OPENSSL_free(passout);
- if (ret != 0)
- ERR_print_errors(bio_err);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write(cb->arg,&c,1);
- (void)BIO_flush(cb->arg);
-#ifdef LINT
- p=n;
-#endif
- return 1;
- }
-#else /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/apps/nseq.c b/crypto/openssl/apps/nseq.c
deleted file mode 100644
index dc71d45..0000000
--- a/crypto/openssl/apps/nseq.c
+++ /dev/null
@@ -1,167 +0,0 @@
-/* nseq.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/pem.h>
-#include <openssl/err.h>
-
-#undef PROG
-#define PROG nseq_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
- char **args, *infile = NULL, *outfile = NULL;
- BIO *in = NULL, *out = NULL;
- int toseq = 0;
- X509 *x509 = NULL;
- NETSCAPE_CERT_SEQUENCE *seq = NULL;
- int i, ret = 1;
- int badarg = 0;
- if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
- ERR_load_crypto_strings();
- args = argv + 1;
- while (!badarg && *args && *args[0] == '-') {
- if (!strcmp (*args, "-toseq")) toseq = 1;
- else if (!strcmp (*args, "-in")) {
- if (args[1]) {
- args++;
- infile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-out")) {
- if (args[1]) {
- args++;
- outfile = *args;
- } else badarg = 1;
- } else badarg = 1;
- args++;
- }
-
- if (badarg) {
- BIO_printf (bio_err, "Netscape certificate sequence utility\n");
- BIO_printf (bio_err, "Usage nseq [options]\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-in file input file\n");
- BIO_printf (bio_err, "-out file output file\n");
- BIO_printf (bio_err, "-toseq output NS Sequence file\n");
- OPENSSL_EXIT(1);
- }
-
- if (infile) {
- if (!(in = BIO_new_file (infile, "r"))) {
- BIO_printf (bio_err,
- "Can't open input file %s\n", infile);
- goto end;
- }
- } else in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
- if (outfile) {
- if (!(out = BIO_new_file (outfile, "w"))) {
- BIO_printf (bio_err,
- "Can't open output file %s\n", outfile);
- goto end;
- }
- } else {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- if (toseq) {
- seq = NETSCAPE_CERT_SEQUENCE_new();
- seq->certs = sk_X509_new_null();
- while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
- sk_X509_push(seq->certs,x509);
-
- if(!sk_X509_num(seq->certs))
- {
- BIO_printf (bio_err, "Error reading certs file %s\n", infile);
- ERR_print_errors(bio_err);
- goto end;
- }
- PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
- ret = 0;
- goto end;
- }
-
- if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
- BIO_printf (bio_err, "Error reading sequence file %s\n", infile);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- for(i = 0; i < sk_X509_num(seq->certs); i++) {
- x509 = sk_X509_value(seq->certs, i);
- dump_cert_text(out, x509);
- PEM_write_bio_X509(out, x509);
- }
- ret = 0;
-end:
- BIO_free(in);
- BIO_free_all(out);
- NETSCAPE_CERT_SEQUENCE_free(seq);
-
- OPENSSL_EXIT(ret);
-}
-
diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c
deleted file mode 100644
index 3ee6dfb..0000000
--- a/crypto/openssl/apps/ocsp.c
+++ /dev/null
@@ -1,1234 +0,0 @@
-/* ocsp.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#ifndef OPENSSL_NO_OCSP
-
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/pem.h>
-#include <openssl/ocsp.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-#include <openssl/bn.h>
-
-/* Maximum leeway in validity period: default 5 minutes */
-#define MAX_VALIDITY_PERIOD (5 * 60)
-
-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids);
-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids);
-static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
- STACK *names, STACK_OF(OCSP_CERTID) *ids,
- long nsec, long maxage);
-
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
- X509 *ca, X509 *rcert, EVP_PKEY *rkey,
- STACK_OF(X509) *rother, unsigned long flags,
- int nmin, int ndays);
-
-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
-static BIO *init_responder(char *port);
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
-static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
-
-#undef PROG
-#define PROG ocsp_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- char **args;
- char *host = NULL, *port = NULL, *path = "/";
- char *reqin = NULL, *respin = NULL;
- char *reqout = NULL, *respout = NULL;
- char *signfile = NULL, *keyfile = NULL;
- char *rsignfile = NULL, *rkeyfile = NULL;
- char *outfile = NULL;
- int add_nonce = 1, noverify = 0, use_ssl = -1;
- OCSP_REQUEST *req = NULL;
- OCSP_RESPONSE *resp = NULL;
- OCSP_BASICRESP *bs = NULL;
- X509 *issuer = NULL, *cert = NULL;
- X509 *signer = NULL, *rsigner = NULL;
- EVP_PKEY *key = NULL, *rkey = NULL;
- BIO *acbio = NULL, *cbio = NULL;
- BIO *derbio = NULL;
- BIO *out = NULL;
- int req_text = 0, resp_text = 0;
- long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
- char *CAfile = NULL, *CApath = NULL;
- X509_STORE *store = NULL;
- SSL_CTX *ctx = NULL;
- STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
- char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
- unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
- int ret = 1;
- int accept_count = -1;
- int badarg = 0;
- int i;
- int ignore_err = 0;
- STACK *reqnames = NULL;
- STACK_OF(OCSP_CERTID) *ids = NULL;
-
- X509 *rca_cert = NULL;
- char *ridx_filename = NULL;
- char *rca_filename = NULL;
- CA_DB *rdb = NULL;
- int nmin = 0, ndays = -1;
-
- if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
- SSL_load_error_strings();
- OpenSSL_add_ssl_algorithms();
- args = argv + 1;
- reqnames = sk_new_null();
- ids = sk_OCSP_CERTID_new_null();
- while (!badarg && *args && *args[0] == '-')
- {
- if (!strcmp(*args, "-out"))
- {
- if (args[1])
- {
- args++;
- outfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-url"))
- {
- if (args[1])
- {
- args++;
- if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl))
- {
- BIO_printf(bio_err, "Error parsing URL\n");
- badarg = 1;
- }
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-host"))
- {
- if (args[1])
- {
- args++;
- host = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-port"))
- {
- if (args[1])
- {
- args++;
- port = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-ignore_err"))
- ignore_err = 1;
- else if (!strcmp(*args, "-noverify"))
- noverify = 1;
- else if (!strcmp(*args, "-nonce"))
- add_nonce = 2;
- else if (!strcmp(*args, "-no_nonce"))
- add_nonce = 0;
- else if (!strcmp(*args, "-resp_no_certs"))
- rflags |= OCSP_NOCERTS;
- else if (!strcmp(*args, "-resp_key_id"))
- rflags |= OCSP_RESPID_KEY;
- else if (!strcmp(*args, "-no_certs"))
- sign_flags |= OCSP_NOCERTS;
- else if (!strcmp(*args, "-no_signature_verify"))
- verify_flags |= OCSP_NOSIGS;
- else if (!strcmp(*args, "-no_cert_verify"))
- verify_flags |= OCSP_NOVERIFY;
- else if (!strcmp(*args, "-no_chain"))
- verify_flags |= OCSP_NOCHAIN;
- else if (!strcmp(*args, "-no_cert_checks"))
- verify_flags |= OCSP_NOCHECKS;
- else if (!strcmp(*args, "-no_explicit"))
- verify_flags |= OCSP_NOEXPLICIT;
- else if (!strcmp(*args, "-trust_other"))
- verify_flags |= OCSP_TRUSTOTHER;
- else if (!strcmp(*args, "-no_intern"))
- verify_flags |= OCSP_NOINTERN;
- else if (!strcmp(*args, "-text"))
- {
- req_text = 1;
- resp_text = 1;
- }
- else if (!strcmp(*args, "-req_text"))
- req_text = 1;
- else if (!strcmp(*args, "-resp_text"))
- resp_text = 1;
- else if (!strcmp(*args, "-reqin"))
- {
- if (args[1])
- {
- args++;
- reqin = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-respin"))
- {
- if (args[1])
- {
- args++;
- respin = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-signer"))
- {
- if (args[1])
- {
- args++;
- signfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-VAfile"))
- {
- if (args[1])
- {
- args++;
- verify_certfile = *args;
- verify_flags |= OCSP_TRUSTOTHER;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-sign_other"))
- {
- if (args[1])
- {
- args++;
- sign_certfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-verify_other"))
- {
- if (args[1])
- {
- args++;
- verify_certfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-CAfile"))
- {
- if (args[1])
- {
- args++;
- CAfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-CApath"))
- {
- if (args[1])
- {
- args++;
- CApath = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-validity_period"))
- {
- if (args[1])
- {
- args++;
- nsec = atol(*args);
- if (nsec < 0)
- {
- BIO_printf(bio_err,
- "Illegal validity period %s\n",
- *args);
- badarg = 1;
- }
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-status_age"))
- {
- if (args[1])
- {
- args++;
- maxage = atol(*args);
- if (maxage < 0)
- {
- BIO_printf(bio_err,
- "Illegal validity age %s\n",
- *args);
- badarg = 1;
- }
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-signkey"))
- {
- if (args[1])
- {
- args++;
- keyfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-reqout"))
- {
- if (args[1])
- {
- args++;
- reqout = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-respout"))
- {
- if (args[1])
- {
- args++;
- respout = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-path"))
- {
- if (args[1])
- {
- args++;
- path = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-issuer"))
- {
- if (args[1])
- {
- args++;
- X509_free(issuer);
- issuer = load_cert(bio_err, *args, FORMAT_PEM,
- NULL, e, "issuer certificate");
- if(!issuer) goto end;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-cert"))
- {
- if (args[1])
- {
- args++;
- X509_free(cert);
- cert = load_cert(bio_err, *args, FORMAT_PEM,
- NULL, e, "certificate");
- if(!cert) goto end;
- if(!add_ocsp_cert(&req, cert, issuer, ids))
- goto end;
- if(!sk_push(reqnames, *args))
- goto end;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-serial"))
- {
- if (args[1])
- {
- args++;
- if(!add_ocsp_serial(&req, *args, issuer, ids))
- goto end;
- if(!sk_push(reqnames, *args))
- goto end;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-index"))
- {
- if (args[1])
- {
- args++;
- ridx_filename = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-CA"))
- {
- if (args[1])
- {
- args++;
- rca_filename = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-nmin"))
- {
- if (args[1])
- {
- args++;
- nmin = atol(*args);
- if (nmin < 0)
- {
- BIO_printf(bio_err,
- "Illegal update period %s\n",
- *args);
- badarg = 1;
- }
- }
- if (ndays == -1)
- ndays = 0;
- else badarg = 1;
- }
- else if (!strcmp (*args, "-nrequest"))
- {
- if (args[1])
- {
- args++;
- accept_count = atol(*args);
- if (accept_count < 0)
- {
- BIO_printf(bio_err,
- "Illegal accept count %s\n",
- *args);
- badarg = 1;
- }
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-ndays"))
- {
- if (args[1])
- {
- args++;
- ndays = atol(*args);
- if (ndays < 0)
- {
- BIO_printf(bio_err,
- "Illegal update period %s\n",
- *args);
- badarg = 1;
- }
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-rsigner"))
- {
- if (args[1])
- {
- args++;
- rsignfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-rkey"))
- {
- if (args[1])
- {
- args++;
- rkeyfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp(*args, "-rother"))
- {
- if (args[1])
- {
- args++;
- rcertfile = *args;
- }
- else badarg = 1;
- }
- else badarg = 1;
- args++;
- }
-
- /* Have we anything to do? */
- if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1;
-
- if (badarg)
- {
- BIO_printf (bio_err, "OCSP utility\n");
- BIO_printf (bio_err, "Usage ocsp [options]\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-out file output filename\n");
- BIO_printf (bio_err, "-issuer file issuer certificate\n");
- BIO_printf (bio_err, "-cert file certificate to check\n");
- BIO_printf (bio_err, "-serial n serial number to check\n");
- BIO_printf (bio_err, "-signer file certificate to sign OCSP request with\n");
- BIO_printf (bio_err, "-signkey file private key to sign OCSP request with\n");
- BIO_printf (bio_err, "-sign_other file additional certificates to include in signed request\n");
- BIO_printf (bio_err, "-no_certs don't include any certificates in signed request\n");
- BIO_printf (bio_err, "-req_text print text form of request\n");
- BIO_printf (bio_err, "-resp_text print text form of response\n");
- BIO_printf (bio_err, "-text print text form of request and response\n");
- BIO_printf (bio_err, "-reqout file write DER encoded OCSP request to \"file\"\n");
- BIO_printf (bio_err, "-respout file write DER encoded OCSP reponse to \"file\"\n");
- BIO_printf (bio_err, "-reqin file read DER encoded OCSP request from \"file\"\n");
- BIO_printf (bio_err, "-respin file read DER encoded OCSP reponse from \"file\"\n");
- BIO_printf (bio_err, "-nonce add OCSP nonce to request\n");
- BIO_printf (bio_err, "-no_nonce don't add OCSP nonce to request\n");
- BIO_printf (bio_err, "-url URL OCSP responder URL\n");
- BIO_printf (bio_err, "-host host:n send OCSP request to host on port n\n");
- BIO_printf (bio_err, "-path path to use in OCSP request\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf (bio_err, "-VAfile file validator certificates file\n");
- BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
- BIO_printf (bio_err, "-status_age n maximum status age in seconds\n");
- BIO_printf (bio_err, "-noverify don't verify response at all\n");
- BIO_printf (bio_err, "-verify_other file additional certificates to search for signer\n");
- BIO_printf (bio_err, "-trust_other don't verify additional certificates\n");
- BIO_printf (bio_err, "-no_intern don't search certificates contained in response for signer\n");
- BIO_printf (bio_err, "-no_signature_verify don't check signature on response\n");
- BIO_printf (bio_err, "-no_cert_verify don't check signing certificate\n");
- BIO_printf (bio_err, "-no_chain don't chain verify response\n");
- BIO_printf (bio_err, "-no_cert_checks don't do additional checks on signing certificate\n");
- BIO_printf (bio_err, "-port num port to run responder on\n");
- BIO_printf (bio_err, "-index file certificate status index file\n");
- BIO_printf (bio_err, "-CA file CA certificate\n");
- BIO_printf (bio_err, "-rsigner file responder certificate to sign responses with\n");
- BIO_printf (bio_err, "-rkey file responder key to sign responses with\n");
- BIO_printf (bio_err, "-rother file other certificates to include in response\n");
- BIO_printf (bio_err, "-resp_no_certs don't include any certificates in response\n");
- BIO_printf (bio_err, "-nmin n number of minutes before next update\n");
- BIO_printf (bio_err, "-ndays n number of days before next update\n");
- BIO_printf (bio_err, "-resp_key_id identify reponse by signing certificate key ID\n");
- BIO_printf (bio_err, "-nrequest n number of requests to accept (default unlimited)\n");
- goto end;
- }
-
- if(outfile) out = BIO_new_file(outfile, "w");
- else out = BIO_new_fp(stdout, BIO_NOCLOSE);
-
- if(!out)
- {
- BIO_printf(bio_err, "Error opening output file\n");
- goto end;
- }
-
- if (!req && (add_nonce != 2)) add_nonce = 0;
-
- if (!req && reqin)
- {
- derbio = BIO_new_file(reqin, "rb");
- if (!derbio)
- {
- BIO_printf(bio_err, "Error Opening OCSP request file\n");
- goto end;
- }
- req = d2i_OCSP_REQUEST_bio(derbio, NULL);
- BIO_free(derbio);
- if(!req)
- {
- BIO_printf(bio_err, "Error reading OCSP request\n");
- goto end;
- }
- }
-
- if (!req && port)
- {
- acbio = init_responder(port);
- if (!acbio)
- goto end;
- }
-
- if (rsignfile && !rdb)
- {
- if (!rkeyfile) rkeyfile = rsignfile;
- rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
- NULL, e, "responder certificate");
- if (!rsigner)
- {
- BIO_printf(bio_err, "Error loading responder certificate\n");
- goto end;
- }
- rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
- NULL, e, "CA certificate");
- if (rcertfile)
- {
- rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
- NULL, e, "responder other certificates");
- if (!rother) goto end;
- }
- rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
- "responder private key");
- if (!rkey)
- goto end;
- }
- if(acbio)
- BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
-
- redo_accept:
-
- if (acbio)
- {
- if (!do_responder(&req, &cbio, acbio, port))
- goto end;
- if (!req)
- {
- resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
- send_ocsp_response(cbio, resp);
- goto done_resp;
- }
- }
-
- if (!req && (signfile || reqout || host || add_nonce || ridx_filename))
- {
- BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
- goto end;
- }
-
- if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1);
-
- if (signfile)
- {
- if (!keyfile) keyfile = signfile;
- signer = load_cert(bio_err, signfile, FORMAT_PEM,
- NULL, e, "signer certificate");
- if (!signer)
- {
- BIO_printf(bio_err, "Error loading signer certificate\n");
- goto end;
- }
- if (sign_certfile)
- {
- sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,
- NULL, e, "signer certificates");
- if (!sign_other) goto end;
- }
- key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
- "signer private key");
- if (!key)
- goto end;
- if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags))
- {
- BIO_printf(bio_err, "Error signing OCSP request\n");
- goto end;
- }
- }
-
- if (req_text && req) OCSP_REQUEST_print(out, req, 0);
-
- if (reqout)
- {
- derbio = BIO_new_file(reqout, "wb");
- if(!derbio)
- {
- BIO_printf(bio_err, "Error opening file %s\n", reqout);
- goto end;
- }
- i2d_OCSP_REQUEST_bio(derbio, req);
- BIO_free(derbio);
- }
-
- if (ridx_filename && (!rkey || !rsigner || !rca_cert))
- {
- BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n");
- goto end;
- }
-
- if (ridx_filename && !rdb)
- {
- rdb = load_index(ridx_filename, NULL);
- if (!rdb) goto end;
- if (!index_index(rdb)) goto end;
- }
-
- if (rdb)
- {
- i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays);
- if (cbio)
- send_ocsp_response(cbio, resp);
- }
- else if (host)
- {
-#ifndef OPENSSL_NO_SOCK
- cbio = BIO_new_connect(host);
-#else
- BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
- goto end;
-#endif
- if (!cbio)
- {
- BIO_printf(bio_err, "Error creating connect BIO\n");
- goto end;
- }
- if (port) BIO_set_conn_port(cbio, port);
- if (use_ssl == 1)
- {
- BIO *sbio;
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- ctx = SSL_CTX_new(SSLv23_client_method());
-#elif !defined(OPENSSL_NO_SSL3)
- ctx = SSL_CTX_new(SSLv3_client_method());
-#elif !defined(OPENSSL_NO_SSL2)
- ctx = SSL_CTX_new(SSLv2_client_method());
-#else
- BIO_printf(bio_err, "SSL is disabled\n");
- goto end;
-#endif
- if (ctx == NULL)
- {
- BIO_printf(bio_err, "Error creating SSL context.\n");
- goto end;
- }
- SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
- sbio = BIO_new_ssl(ctx, 1);
- cbio = BIO_push(sbio, cbio);
- }
- if (BIO_do_connect(cbio) <= 0)
- {
- BIO_printf(bio_err, "Error connecting BIO\n");
- goto end;
- }
- resp = OCSP_sendreq_bio(cbio, path, req);
- BIO_free_all(cbio);
- cbio = NULL;
- if (!resp)
- {
- BIO_printf(bio_err, "Error querying OCSP responsder\n");
- goto end;
- }
- }
- else if (respin)
- {
- derbio = BIO_new_file(respin, "rb");
- if (!derbio)
- {
- BIO_printf(bio_err, "Error Opening OCSP response file\n");
- goto end;
- }
- resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
- BIO_free(derbio);
- if(!resp)
- {
- BIO_printf(bio_err, "Error reading OCSP response\n");
- goto end;
- }
-
- }
- else
- {
- ret = 0;
- goto end;
- }
-
- done_resp:
-
- if (respout)
- {
- derbio = BIO_new_file(respout, "wb");
- if(!derbio)
- {
- BIO_printf(bio_err, "Error opening file %s\n", respout);
- goto end;
- }
- i2d_OCSP_RESPONSE_bio(derbio, resp);
- BIO_free(derbio);
- }
-
- i = OCSP_response_status(resp);
-
- if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL)
- {
- BIO_printf(out, "Responder Error: %s (%d)\n",
- OCSP_response_status_str(i), i);
- if (ignore_err)
- goto redo_accept;
- ret = 0;
- goto end;
- }
-
- if (resp_text) OCSP_RESPONSE_print(out, resp, 0);
-
- /* If running as responder don't verify our own response */
- if (cbio)
- {
- if (accept_count > 0)
- accept_count--;
- /* Redo if more connections needed */
- if (accept_count)
- {
- BIO_free_all(cbio);
- cbio = NULL;
- OCSP_REQUEST_free(req);
- req = NULL;
- OCSP_RESPONSE_free(resp);
- resp = NULL;
- goto redo_accept;
- }
- goto end;
- }
-
- if (!store)
- store = setup_verify(bio_err, CAfile, CApath);
- if (!store)
- goto end;
- if (verify_certfile)
- {
- verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
- NULL, e, "validator certificate");
- if (!verify_other) goto end;
- }
-
- bs = OCSP_response_get1_basic(resp);
-
- if (!bs)
- {
- BIO_printf(bio_err, "Error parsing response\n");
- goto end;
- }
-
- if (!noverify)
- {
- if (req && ((i = OCSP_check_nonce(req, bs)) <= 0))
- {
- if (i == -1)
- BIO_printf(bio_err, "WARNING: no nonce in response\n");
- else
- {
- BIO_printf(bio_err, "Nonce Verify error\n");
- goto end;
- }
- }
-
- i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
- if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0);
-
- if(i <= 0)
- {
- BIO_printf(bio_err, "Response Verify Failure\n");
- ERR_print_errors(bio_err);
- }
- else
- BIO_printf(bio_err, "Response verify OK\n");
-
- }
-
- if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
- goto end;
-
- ret = 0;
-
-end:
- ERR_print_errors(bio_err);
- X509_free(signer);
- X509_STORE_free(store);
- EVP_PKEY_free(key);
- EVP_PKEY_free(rkey);
- X509_free(issuer);
- X509_free(cert);
- X509_free(rsigner);
- X509_free(rca_cert);
- free_index(rdb);
- BIO_free_all(cbio);
- BIO_free_all(acbio);
- BIO_free(out);
- OCSP_REQUEST_free(req);
- OCSP_RESPONSE_free(resp);
- OCSP_BASICRESP_free(bs);
- sk_free(reqnames);
- sk_OCSP_CERTID_free(ids);
- sk_X509_pop_free(sign_other, X509_free);
- sk_X509_pop_free(verify_other, X509_free);
-
- if (use_ssl != -1)
- {
- OPENSSL_free(host);
- OPENSSL_free(port);
- OPENSSL_free(path);
- SSL_CTX_free(ctx);
- }
-
- OPENSSL_EXIT(ret);
-}
-
-static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids)
- {
- OCSP_CERTID *id;
- if(!issuer)
- {
- BIO_printf(bio_err, "No issuer certificate specified\n");
- return 0;
- }
- if(!*req) *req = OCSP_REQUEST_new();
- if(!*req) goto err;
- id = OCSP_cert_to_id(NULL, cert, issuer);
- if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
- if(!OCSP_request_add0_id(*req, id)) goto err;
- return 1;
-
- err:
- BIO_printf(bio_err, "Error Creating OCSP request\n");
- return 0;
- }
-
-static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
- STACK_OF(OCSP_CERTID) *ids)
- {
- OCSP_CERTID *id;
- X509_NAME *iname;
- ASN1_BIT_STRING *ikey;
- ASN1_INTEGER *sno;
- if(!issuer)
- {
- BIO_printf(bio_err, "No issuer certificate specified\n");
- return 0;
- }
- if(!*req) *req = OCSP_REQUEST_new();
- if(!*req) goto err;
- iname = X509_get_subject_name(issuer);
- ikey = X509_get0_pubkey_bitstr(issuer);
- sno = s2i_ASN1_INTEGER(NULL, serial);
- if(!sno)
- {
- BIO_printf(bio_err, "Error converting serial number %s\n", serial);
- return 0;
- }
- id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno);
- ASN1_INTEGER_free(sno);
- if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
- if(!OCSP_request_add0_id(*req, id)) goto err;
- return 1;
-
- err:
- BIO_printf(bio_err, "Error Creating OCSP request\n");
- return 0;
- }
-
-static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
- STACK *names, STACK_OF(OCSP_CERTID) *ids,
- long nsec, long maxage)
- {
- OCSP_CERTID *id;
- char *name;
- int i;
-
- int status, reason;
-
- ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
-
- if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids))
- return 1;
-
- for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
- {
- id = sk_OCSP_CERTID_value(ids, i);
- name = sk_value(names, i);
- BIO_printf(out, "%s: ", name);
-
- if(!OCSP_resp_find_status(bs, id, &status, &reason,
- &rev, &thisupd, &nextupd))
- {
- BIO_puts(out, "ERROR: No Status found.\n");
- continue;
- }
-
- /* Check validity: if invalid write to output BIO so we
- * know which response this refers to.
- */
- if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage))
- {
- BIO_puts(out, "WARNING: Status times invalid.\n");
- ERR_print_errors(out);
- }
- BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
-
- BIO_puts(out, "\tThis Update: ");
- ASN1_GENERALIZEDTIME_print(out, thisupd);
- BIO_puts(out, "\n");
-
- if(nextupd)
- {
- BIO_puts(out, "\tNext Update: ");
- ASN1_GENERALIZEDTIME_print(out, nextupd);
- BIO_puts(out, "\n");
- }
-
- if (status != V_OCSP_CERTSTATUS_REVOKED)
- continue;
-
- if (reason != -1)
- BIO_printf(out, "\tReason: %s\n",
- OCSP_crl_reason_str(reason));
-
- BIO_puts(out, "\tRevocation Time: ");
- ASN1_GENERALIZEDTIME_print(out, rev);
- BIO_puts(out, "\n");
- }
-
- return 1;
- }
-
-
-static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
- X509 *ca, X509 *rcert, EVP_PKEY *rkey,
- STACK_OF(X509) *rother, unsigned long flags,
- int nmin, int ndays)
- {
- ASN1_TIME *thisupd = NULL, *nextupd = NULL;
- OCSP_CERTID *cid, *ca_id = NULL;
- OCSP_BASICRESP *bs = NULL;
- int i, id_count, ret = 1;
-
-
- id_count = OCSP_request_onereq_count(req);
-
- if (id_count <= 0)
- {
- *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
- goto end;
- }
-
- ca_id = OCSP_cert_to_id(EVP_sha1(), NULL, ca);
-
- bs = OCSP_BASICRESP_new();
- thisupd = X509_gmtime_adj(NULL, 0);
- if (ndays != -1)
- nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 );
-
- /* Examine each certificate id in the request */
- for (i = 0; i < id_count; i++)
- {
- OCSP_ONEREQ *one;
- ASN1_INTEGER *serial;
- char **inf;
- one = OCSP_request_onereq_get0(req, i);
- cid = OCSP_onereq_get0_id(one);
- /* Is this request about our CA? */
- if (OCSP_id_issuer_cmp(ca_id, cid))
- {
- OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_UNKNOWN,
- 0, NULL,
- thisupd, nextupd);
- continue;
- }
- OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
- inf = lookup_serial(db, serial);
- if (!inf)
- OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_UNKNOWN,
- 0, NULL,
- thisupd, nextupd);
- else if (inf[DB_type][0] == DB_TYPE_VAL)
- OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_GOOD,
- 0, NULL,
- thisupd, nextupd);
- else if (inf[DB_type][0] == DB_TYPE_REV)
- {
- ASN1_OBJECT *inst = NULL;
- ASN1_TIME *revtm = NULL;
- ASN1_GENERALIZEDTIME *invtm = NULL;
- OCSP_SINGLERESP *single;
- int reason = -1;
- unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
- single = OCSP_basic_add1_status(bs, cid,
- V_OCSP_CERTSTATUS_REVOKED,
- reason, revtm,
- thisupd, nextupd);
- if (invtm)
- OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0);
- else if (inst)
- OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_instruction_code, inst, 0, 0);
- ASN1_OBJECT_free(inst);
- ASN1_TIME_free(revtm);
- ASN1_GENERALIZEDTIME_free(invtm);
- }
- }
-
- OCSP_copy_nonce(bs, req);
-
- OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags);
-
- *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
-
- end:
- ASN1_TIME_free(thisupd);
- ASN1_TIME_free(nextupd);
- OCSP_CERTID_free(ca_id);
- OCSP_BASICRESP_free(bs);
- return ret;
-
- }
-
-static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
- {
- int i;
- BIGNUM *bn = NULL;
- char *itmp, *row[DB_NUMBER],**rrow;
- for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
- bn = ASN1_INTEGER_to_BN(ser,NULL);
- if (BN_is_zero(bn))
- itmp = BUF_strdup("00");
- else
- itmp = BN_bn2hex(bn);
- row[DB_serial] = itmp;
- BN_free(bn);
- rrow=TXT_DB_get_by_index(db->db,DB_serial,row);
- OPENSSL_free(itmp);
- return rrow;
- }
-
-/* Quick and dirty OCSP server: read in and parse input request */
-
-static BIO *init_responder(char *port)
- {
- BIO *acbio = NULL, *bufbio = NULL;
- bufbio = BIO_new(BIO_f_buffer());
- if (!bufbio)
- goto err;
-#ifndef OPENSSL_NO_SOCK
- acbio = BIO_new_accept(port);
-#else
- BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n");
-#endif
- if (!acbio)
- goto err;
- BIO_set_accept_bios(acbio, bufbio);
- bufbio = NULL;
-
- if (BIO_do_accept(acbio) <= 0)
- {
- BIO_printf(bio_err, "Error setting up accept BIO\n");
- ERR_print_errors(bio_err);
- goto err;
- }
-
- return acbio;
-
- err:
- BIO_free_all(acbio);
- BIO_free(bufbio);
- return NULL;
- }
-
-static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port)
- {
- int have_post = 0, len;
- OCSP_REQUEST *req = NULL;
- char inbuf[1024];
- BIO *cbio = NULL;
-
- if (BIO_do_accept(acbio) <= 0)
- {
- BIO_printf(bio_err, "Error accepting connection\n");
- ERR_print_errors(bio_err);
- return 0;
- }
-
- cbio = BIO_pop(acbio);
- *pcbio = cbio;
-
- for(;;)
- {
- len = BIO_gets(cbio, inbuf, sizeof inbuf);
- if (len <= 0)
- return 1;
- /* Look for "POST" signalling start of query */
- if (!have_post)
- {
- if(strncmp(inbuf, "POST", 4))
- {
- BIO_printf(bio_err, "Invalid request\n");
- return 1;
- }
- have_post = 1;
- }
- /* Look for end of headers */
- if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
- break;
- }
-
- /* Try to read OCSP request */
-
- req = d2i_OCSP_REQUEST_bio(cbio, NULL);
-
- if (!req)
- {
- BIO_printf(bio_err, "Error parsing OCSP request\n");
- ERR_print_errors(bio_err);
- }
-
- *preq = req;
-
- return 1;
-
- }
-
-static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
- {
- char http_resp[] =
- "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
- "Content-Length: %d\r\n\r\n";
- if (!cbio)
- return 0;
- BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
- i2d_OCSP_RESPONSE_bio(cbio, resp);
- BIO_flush(cbio);
- return 1;
- }
-
-#endif
diff --git a/crypto/openssl/apps/oid.cnf b/crypto/openssl/apps/oid.cnf
deleted file mode 100644
index faf425a..0000000
--- a/crypto/openssl/apps/oid.cnf
+++ /dev/null
@@ -1,6 +0,0 @@
-2.99999.1 SET.ex1 SET x509v3 extension 1
-2.99999.2 SET.ex2 SET x509v3 extension 2
-2.99999.3 SET.ex3 SET x509v3 extension 3
-2.99999.4 SET.ex4 SET x509v3 extension 4
-2.99999.5 SET.ex5 SET x509v3 extension 5
-2.99999.6 SET.ex6 SET x509v3 extension 6
diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c
deleted file mode 100644
index 47aee5b..0000000
--- a/crypto/openssl/apps/openssl.c
+++ /dev/null
@@ -1,526 +0,0 @@
-/* apps/openssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/conf.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
-#include "progs.h"
-#include "s_apps.h"
-#include <openssl/err.h>
-
-/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
- * base prototypes (we cast each variable inside the function to the required
- * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
- * functions. */
-
-/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */
-static unsigned long MS_CALLBACK hash(const void *a_void);
-/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */
-static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
-static LHASH *prog_init(void );
-static int do_cmd(LHASH *prog,int argc,char *argv[]);
-char *default_config_file=NULL;
-
-/* Make sure there is only one when MONOLITH is defined */
-#ifdef MONOLITH
-CONF *config=NULL;
-BIO *bio_err=NULL;
-#endif
-
-
-static void lock_dbg_cb(int mode, int type, const char *file, int line)
- {
- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
- const char *errstr = NULL;
- int rw;
-
- rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
- if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
- {
- errstr = "invalid mode";
- goto err;
- }
-
- if (type < 0 || type >= CRYPTO_NUM_LOCKS)
- {
- errstr = "type out of bounds";
- goto err;
- }
-
- if (mode & CRYPTO_LOCK)
- {
- if (modes[type])
- {
- errstr = "already locked";
- /* must not happen in a single-threaded program
- * (would deadlock) */
- goto err;
- }
-
- modes[type] = rw;
- }
- else if (mode & CRYPTO_UNLOCK)
- {
- if (!modes[type])
- {
- errstr = "not locked";
- goto err;
- }
-
- if (modes[type] != rw)
- {
- errstr = (rw == CRYPTO_READ) ?
- "CRYPTO_r_unlock on write lock" :
- "CRYPTO_w_unlock on read lock";
- }
-
- modes[type] = 0;
- }
- else
- {
- errstr = "invalid mode";
- goto err;
- }
-
- err:
- if (errstr)
- {
- /* we cannot use bio_err here */
- fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
- errstr, mode, type, file, line);
- }
- }
-
-
-int main(int Argc, char *Argv[])
- {
- ARGS arg;
-#define PROG_NAME_SIZE 39
- char pname[PROG_NAME_SIZE+1];
- FUNCTION f,*fp;
- MS_STATIC const char *prompt;
- MS_STATIC char buf[1024];
- char *to_free=NULL;
- int n,i,ret=0;
- int argc;
- char **argv,*p;
- LHASH *prog=NULL;
- long errline;
-
- arg.data=NULL;
- arg.count=0;
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */
- {
- if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
- {
- CRYPTO_malloc_debug_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- }
- else
- {
- /* OPENSSL_DEBUG_MEMORY=off */
- CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
- }
- }
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-#if 0
- if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
-#endif
- {
- CRYPTO_set_locking_callback(lock_dbg_cb);
- }
-
- apps_startup();
-
- /* Lets load up our environment a little */
- p=getenv("OPENSSL_CONF");
- if (p == NULL)
- p=getenv("SSLEAY_CONF");
- if (p == NULL)
- p=to_free=make_config_name();
-
- default_config_file=p;
-
- config=NCONF_new(NULL);
- i=NCONF_load(config,p,&errline);
- if (i == 0)
- {
- NCONF_free(config);
- config = NULL;
- ERR_clear_error();
- }
-
- prog=prog_init();
-
- /* first check the program name */
- program_name(Argv[0],pname,sizeof pname);
-
- f.name=pname;
- fp=(FUNCTION *)lh_retrieve(prog,&f);
- if (fp != NULL)
- {
- Argv[0]=pname;
- ret=fp->func(Argc,Argv);
- goto end;
- }
-
- /* ok, now check that there are not arguments, if there are,
- * run with them, shifting the ssleay off the front */
- if (Argc != 1)
- {
- Argc--;
- Argv++;
- ret=do_cmd(prog,Argc,Argv);
- if (ret < 0) ret=0;
- goto end;
- }
-
- /* ok, lets enter the old 'OpenSSL>' mode */
-
- for (;;)
- {
- ret=0;
- p=buf;
- n=sizeof buf;
- i=0;
- for (;;)
- {
- p[0]='\0';
- if (i++)
- prompt=">";
- else prompt="OpenSSL> ";
- fputs(prompt,stdout);
- fflush(stdout);
- fgets(p,n,stdin);
- if (p[0] == '\0') goto end;
- i=strlen(p);
- if (i <= 1) break;
- if (p[i-2] != '\\') break;
- i-=2;
- p+=i;
- n-=i;
- }
- if (!chopup_args(&arg,buf,&argc,&argv)) break;
-
- ret=do_cmd(prog,argc,argv);
- if (ret < 0)
- {
- ret=0;
- goto end;
- }
- if (ret != 0)
- BIO_printf(bio_err,"error in %s\n",argv[0]);
- (void)BIO_flush(bio_err);
- }
- BIO_printf(bio_err,"bad exit\n");
- ret=1;
-end:
- if (to_free)
- OPENSSL_free(to_free);
- if (config != NULL)
- {
- NCONF_free(config);
- config=NULL;
- }
- if (prog != NULL) lh_free(prog);
- if (arg.data != NULL) OPENSSL_free(arg.data);
-
- apps_shutdown();
-
- CRYPTO_mem_leaks(bio_err);
- if (bio_err != NULL)
- {
- BIO_free(bio_err);
- bio_err=NULL;
- }
- OPENSSL_EXIT(ret);
- }
-
-#define LIST_STANDARD_COMMANDS "list-standard-commands"
-#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
-#define LIST_CIPHER_COMMANDS "list-cipher-commands"
-
-static int do_cmd(LHASH *prog, int argc, char *argv[])
- {
- FUNCTION f,*fp;
- int i,ret=1,tp,nl;
-
- if ((argc <= 0) || (argv[0] == NULL))
- { ret=0; goto end; }
- f.name=argv[0];
- fp=(FUNCTION *)lh_retrieve(prog,&f);
- if (fp != NULL)
- {
- ret=fp->func(argc,argv);
- }
- else if ((strncmp(argv[0],"no-",3)) == 0)
- {
- BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- bio_stdout = BIO_push(tmpbio, bio_stdout);
- }
-#endif
- f.name=argv[0]+3;
- ret = (lh_retrieve(prog,&f) != NULL);
- if (!ret)
- BIO_printf(bio_stdout, "%s\n", argv[0]);
- else
- BIO_printf(bio_stdout, "%s\n", argv[0]+3);
- BIO_free_all(bio_stdout);
- goto end;
- }
- else if ((strcmp(argv[0],"quit") == 0) ||
- (strcmp(argv[0],"q") == 0) ||
- (strcmp(argv[0],"exit") == 0) ||
- (strcmp(argv[0],"bye") == 0))
- {
- ret= -1;
- goto end;
- }
- else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
- (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
- (strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0))
- {
- int list_type;
- BIO *bio_stdout;
-
- if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0)
- list_type = FUNC_TYPE_GENERAL;
- else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)
- list_type = FUNC_TYPE_MD;
- else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
- list_type = FUNC_TYPE_CIPHER;
- bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- bio_stdout = BIO_push(tmpbio, bio_stdout);
- }
-#endif
-
- for (fp=functions; fp->name != NULL; fp++)
- if (fp->type == list_type)
- BIO_printf(bio_stdout, "%s\n", fp->name);
- BIO_free_all(bio_stdout);
- ret=0;
- goto end;
- }
- else
- {
- BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
- argv[0]);
- BIO_printf(bio_err, "\nStandard commands");
- i=0;
- tp=0;
- for (fp=functions; fp->name != NULL; fp++)
- {
- nl=0;
-#ifdef OPENSSL_NO_CAMELLIA
- if (((i++) % 5) == 0)
-#else
- if (((i++) % 4) == 0)
-#endif
- {
- BIO_printf(bio_err,"\n");
- nl=1;
- }
- if (fp->type != tp)
- {
- tp=fp->type;
- if (!nl) BIO_printf(bio_err,"\n");
- if (tp == FUNC_TYPE_MD)
- {
- i=1;
- BIO_printf(bio_err,
- "\nMessage Digest commands (see the `dgst' command for more details)\n");
- }
- else if (tp == FUNC_TYPE_CIPHER)
- {
- i=1;
- BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
- }
- }
-#ifdef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err,"%-15s",fp->name);
-#else
- BIO_printf(bio_err,"%-18s",fp->name);
-#endif
- }
- BIO_printf(bio_err,"\n\n");
- ret=0;
- }
-end:
- return(ret);
- }
-
-static int SortFnByName(const void *_f1,const void *_f2)
- {
- const FUNCTION *f1=_f1;
- const FUNCTION *f2=_f2;
-
- if(f1->type != f2->type)
- return f1->type-f2->type;
- return strcmp(f1->name,f2->name);
- }
-
-static LHASH *prog_init(void)
- {
- LHASH *ret;
- FUNCTION *f;
- size_t i;
-
- /* Purely so it looks nice when the user hits ? */
- for(i=0,f=functions ; f->name != NULL ; ++f,++i)
- ;
- qsort(functions,i,sizeof *functions,SortFnByName);
-
- if ((ret=lh_new(hash, cmp)) == NULL)
- return(NULL);
-
- for (f=functions; f->name != NULL; f++)
- lh_insert(ret,f);
- return(ret);
- }
-
-/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
-static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
- {
- return(strncmp(((const FUNCTION *)a_void)->name,
- ((const FUNCTION *)b_void)->name,8));
- }
-
-/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
-static unsigned long MS_CALLBACK hash(const void *a_void)
- {
- return(lh_strhash(((const FUNCTION *)a_void)->name));
- }
diff --git a/crypto/openssl/apps/openssl.cnf b/crypto/openssl/apps/openssl.cnf
deleted file mode 100644
index 9e59020..0000000
--- a/crypto/openssl/apps/openssl.cnf
+++ /dev/null
@@ -1,313 +0,0 @@
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME = .
-RANDFILE = $ENV::HOME/.rnd
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file = $ENV::HOME/.oid
-oid_section = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca' and 'req'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./demoCA # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cacert.pem # The CA certificate
-serial = $dir/serial # The current serial number
-crlnumber = $dir/crlnumber # the current crl number
- # must be commented out to leave a V1 CRL
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cakey.pem# The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = usr_cert # The extentions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions = crl_ext
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = sha1 # which md to use.
-preserve = no # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 1024
-default_keyfile = privkey.pem
-distinguished_name = req_distinguished_name
-attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix : PrintableString, BMPString.
-# utf8only: only UTF8Strings.
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
-# so use this option with caution!
-string_mask = nombstr
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_min = 2
-countryName_max = 2
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Some-State
-
-localityName = Locality Name (eg, city)
-
-0.organizationName = Organization Name (eg, company)
-0.organizationName_default = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName = Second Organization Name (eg, company)
-#1.organizationName_default = World Wide Web Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 64
-
-# SET-ex3 = SET extension number 3
-
-[ req_attributes ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer:always
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always,issuer:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/crypto/openssl/apps/passwd.c b/crypto/openssl/apps/passwd.c
deleted file mode 100644
index 9ca25dd..0000000
--- a/crypto/openssl/apps/passwd.c
+++ /dev/null
@@ -1,512 +0,0 @@
-/* apps/passwd.c */
-
-#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
-# define NO_MD5CRYPT_1
-#endif
-
-#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
-
-#include <assert.h>
-#include <string.h>
-
-#include "apps.h"
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_DES
-# include <openssl/des.h>
-#endif
-#ifndef NO_MD5CRYPT_1
-# include <openssl/md5.h>
-#endif
-
-
-#undef PROG
-#define PROG passwd_main
-
-
-static unsigned const char cov_2char[64]={
- /* from crypto/des/fcrypt.c */
- 0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
- 0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
- 0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
- 0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
- 0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
- 0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
- 0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
- 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
-};
-
-static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
- char *passwd, BIO *out, int quiet, int table, int reverse,
- size_t pw_maxlen, int usecrypt, int use1, int useapr1);
-
-/* -crypt - standard Unix password algorithm (default)
- * -1 - MD5-based password algorithm
- * -apr1 - MD5-based password algorithm, Apache variant
- * -salt string - salt
- * -in file - read passwords from file
- * -stdin - read passwords from stdin
- * -noverify - never verify when reading password from terminal
- * -quiet - no warnings
- * -table - format output as table
- * -reverse - switch table columns
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int ret = 1;
- char *infile = NULL;
- int in_stdin = 0;
- int in_noverify = 0;
- char *salt = NULL, *passwd = NULL, **passwds = NULL;
- char *salt_malloc = NULL, *passwd_malloc = NULL;
- size_t passwd_malloc_size = 0;
- int pw_source_defined = 0;
- BIO *in = NULL, *out = NULL;
- int i, badopt, opt_done;
- int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
- int usecrypt = 0, use1 = 0, useapr1 = 0;
- size_t pw_maxlen = 0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto err;
- out = BIO_new(BIO_s_file());
- if (out == NULL)
- goto err;
- BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
-
- badopt = 0, opt_done = 0;
- i = 0;
- while (!badopt && !opt_done && argv[++i] != NULL)
- {
- if (strcmp(argv[i], "-crypt") == 0)
- usecrypt = 1;
- else if (strcmp(argv[i], "-1") == 0)
- use1 = 1;
- else if (strcmp(argv[i], "-apr1") == 0)
- useapr1 = 1;
- else if (strcmp(argv[i], "-salt") == 0)
- {
- if ((argv[i+1] != NULL) && (salt == NULL))
- {
- passed_salt = 1;
- salt = argv[++i];
- }
- else
- badopt = 1;
- }
- else if (strcmp(argv[i], "-in") == 0)
- {
- if ((argv[i+1] != NULL) && !pw_source_defined)
- {
- pw_source_defined = 1;
- infile = argv[++i];
- }
- else
- badopt = 1;
- }
- else if (strcmp(argv[i], "-stdin") == 0)
- {
- if (!pw_source_defined)
- {
- pw_source_defined = 1;
- in_stdin = 1;
- }
- else
- badopt = 1;
- }
- else if (strcmp(argv[i], "-noverify") == 0)
- in_noverify = 1;
- else if (strcmp(argv[i], "-quiet") == 0)
- quiet = 1;
- else if (strcmp(argv[i], "-table") == 0)
- table = 1;
- else if (strcmp(argv[i], "-reverse") == 0)
- reverse = 1;
- else if (argv[i][0] == '-')
- badopt = 1;
- else if (!pw_source_defined)
- /* non-option arguments, use as passwords */
- {
- pw_source_defined = 1;
- passwds = &argv[i];
- opt_done = 1;
- }
- else
- badopt = 1;
- }
-
- if (!usecrypt && !use1 && !useapr1) /* use default */
- usecrypt = 1;
- if (usecrypt + use1 + useapr1 > 1) /* conflict */
- badopt = 1;
-
- /* reject unsupported algorithms */
-#ifdef OPENSSL_NO_DES
- if (usecrypt) badopt = 1;
-#endif
-#ifdef NO_MD5CRYPT_1
- if (use1 || useapr1) badopt = 1;
-#endif
-
- if (badopt)
- {
- BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
- BIO_printf(bio_err, "where options are\n");
-#ifndef OPENSSL_NO_DES
- BIO_printf(bio_err, "-crypt standard Unix password algorithm (default)\n");
-#endif
-#ifndef NO_MD5CRYPT_1
- BIO_printf(bio_err, "-1 MD5-based password algorithm\n");
- BIO_printf(bio_err, "-apr1 MD5-based password algorithm, Apache variant\n");
-#endif
- BIO_printf(bio_err, "-salt string use provided salt\n");
- BIO_printf(bio_err, "-in file read passwords from file\n");
- BIO_printf(bio_err, "-stdin read passwords from stdin\n");
- BIO_printf(bio_err, "-noverify never verify when reading password from terminal\n");
- BIO_printf(bio_err, "-quiet no warnings\n");
- BIO_printf(bio_err, "-table format output as table\n");
- BIO_printf(bio_err, "-reverse switch table columns\n");
-
- goto err;
- }
-
- if ((infile != NULL) || in_stdin)
- {
- in = BIO_new(BIO_s_file());
- if (in == NULL)
- goto err;
- if (infile != NULL)
- {
- assert(in_stdin == 0);
- if (BIO_read_filename(in, infile) <= 0)
- goto err;
- }
- else
- {
- assert(in_stdin);
- BIO_set_fp(in, stdin, BIO_NOCLOSE);
- }
- }
-
- if (usecrypt)
- pw_maxlen = 8;
- else if (use1 || useapr1)
- pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */
-
- if (passwds == NULL)
- {
- /* no passwords on the command line */
-
- passwd_malloc_size = pw_maxlen + 2;
- /* longer than necessary so that we can warn about truncation */
- passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
- if (passwd_malloc == NULL)
- goto err;
- }
-
- if ((in == NULL) && (passwds == NULL))
- {
- /* build a null-terminated list */
- static char *passwds_static[2] = {NULL, NULL};
-
- passwds = passwds_static;
- if (in == NULL)
- if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
- goto err;
- passwds[0] = passwd_malloc;
- }
-
- if (in == NULL)
- {
- assert(passwds != NULL);
- assert(*passwds != NULL);
-
- do /* loop over list of passwords */
- {
- passwd = *passwds++;
- if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
- quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
- goto err;
- }
- while (*passwds != NULL);
- }
- else
- /* in != NULL */
- {
- int done;
-
- assert (passwd != NULL);
- do
- {
- int r = BIO_gets(in, passwd, pw_maxlen + 1);
- if (r > 0)
- {
- char *c = (strchr(passwd, '\n')) ;
- if (c != NULL)
- *c = 0; /* truncate at newline */
- else
- {
- /* ignore rest of line */
- char trash[BUFSIZ];
- do
- r = BIO_gets(in, trash, sizeof trash);
- while ((r > 0) && (!strchr(trash, '\n')));
- }
-
- if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
- quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
- goto err;
- }
- done = (r <= 0);
- }
- while (!done);
- }
- ret = 0;
-
-err:
- ERR_print_errors(bio_err);
- if (salt_malloc)
- OPENSSL_free(salt_malloc);
- if (passwd_malloc)
- OPENSSL_free(passwd_malloc);
- if (in)
- BIO_free(in);
- if (out)
- BIO_free_all(out);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-
-#ifndef NO_MD5CRYPT_1
-/* MD5-based password algorithm (should probably be available as a library
- * function; then the static buffer would not be acceptable).
- * For magic string "1", this should be compatible to the MD5-based BSD
- * password algorithm.
- * For 'magic' string "apr1", this is compatible to the MD5-based Apache
- * password algorithm.
- * (Apparently, the Apache password algorithm is identical except that the
- * 'magic' string was changed -- the laziest application of the NIH principle
- * I've ever encountered.)
- */
-static char *md5crypt(const char *passwd, const char *magic, const char *salt)
- {
- static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
- unsigned char buf[MD5_DIGEST_LENGTH];
- char *salt_out;
- int n;
- unsigned int i;
- EVP_MD_CTX md,md2;
- size_t passwd_len, salt_len;
-
- passwd_len = strlen(passwd);
- out_buf[0] = '$';
- out_buf[1] = 0;
- assert(strlen(magic) <= 4); /* "1" or "apr1" */
- strncat(out_buf, magic, 4);
- strncat(out_buf, "$", 1);
- strncat(out_buf, salt, 8);
- assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
- salt_out = out_buf + 2 + strlen(magic);
- salt_len = strlen(salt_out);
- assert(salt_len <= 8);
-
- EVP_MD_CTX_init(&md);
- EVP_DigestInit_ex(&md,EVP_md5(), NULL);
- EVP_DigestUpdate(&md, passwd, passwd_len);
- EVP_DigestUpdate(&md, "$", 1);
- EVP_DigestUpdate(&md, magic, strlen(magic));
- EVP_DigestUpdate(&md, "$", 1);
- EVP_DigestUpdate(&md, salt_out, salt_len);
-
- EVP_MD_CTX_init(&md2);
- EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
- EVP_DigestUpdate(&md2, passwd, passwd_len);
- EVP_DigestUpdate(&md2, salt_out, salt_len);
- EVP_DigestUpdate(&md2, passwd, passwd_len);
- EVP_DigestFinal_ex(&md2, buf, NULL);
-
- for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
- EVP_DigestUpdate(&md, buf, sizeof buf);
- EVP_DigestUpdate(&md, buf, i);
-
- n = passwd_len;
- while (n)
- {
- EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
- n >>= 1;
- }
- EVP_DigestFinal_ex(&md, buf, NULL);
-
- for (i = 0; i < 1000; i++)
- {
- EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
- EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf,
- (i & 1) ? passwd_len : sizeof buf);
- if (i % 3)
- EVP_DigestUpdate(&md2, salt_out, salt_len);
- if (i % 7)
- EVP_DigestUpdate(&md2, passwd, passwd_len);
- EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned const char *) passwd,
- (i & 1) ? sizeof buf : passwd_len);
- EVP_DigestFinal_ex(&md2, buf, NULL);
- }
- EVP_MD_CTX_cleanup(&md2);
-
- {
- /* transform buf into output string */
-
- unsigned char buf_perm[sizeof buf];
- int dest, source;
- char *output;
-
- /* silly output permutation */
- for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17)
- buf_perm[dest] = buf[source];
- buf_perm[14] = buf[5];
- buf_perm[15] = buf[11];
-#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */
- assert(16 == sizeof buf_perm);
-#endif
-
- output = salt_out + salt_len;
- assert(output == out_buf + strlen(out_buf));
-
- *output++ = '$';
-
- for (i = 0; i < 15; i += 3)
- {
- *output++ = cov_2char[buf_perm[i+2] & 0x3f];
- *output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) |
- (buf_perm[i+2] >> 6)];
- *output++ = cov_2char[((buf_perm[i] & 3) << 4) |
- (buf_perm[i+1] >> 4)];
- *output++ = cov_2char[buf_perm[i] >> 2];
- }
- assert(i == 15);
- *output++ = cov_2char[buf_perm[i] & 0x3f];
- *output++ = cov_2char[buf_perm[i] >> 6];
- *output = 0;
- assert(strlen(out_buf) < sizeof(out_buf));
- }
- EVP_MD_CTX_cleanup(&md);
-
- return out_buf;
- }
-#endif
-
-
-static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
- char *passwd, BIO *out, int quiet, int table, int reverse,
- size_t pw_maxlen, int usecrypt, int use1, int useapr1)
- {
- char *hash = NULL;
-
- assert(salt_p != NULL);
- assert(salt_malloc_p != NULL);
-
- /* first make sure we have a salt */
- if (!passed_salt)
- {
-#ifndef OPENSSL_NO_DES
- if (usecrypt)
- {
- if (*salt_malloc_p == NULL)
- {
- *salt_p = *salt_malloc_p = OPENSSL_malloc(3);
- if (*salt_malloc_p == NULL)
- goto err;
- }
- if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
- goto err;
- (*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
- (*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
- (*salt_p)[2] = 0;
-#ifdef CHARSET_EBCDIC
- ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert
- * back to ASCII */
-#endif
- }
-#endif /* !OPENSSL_NO_DES */
-
-#ifndef NO_MD5CRYPT_1
- if (use1 || useapr1)
- {
- int i;
-
- if (*salt_malloc_p == NULL)
- {
- *salt_p = *salt_malloc_p = OPENSSL_malloc(9);
- if (*salt_malloc_p == NULL)
- goto err;
- }
- if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
- goto err;
-
- for (i = 0; i < 8; i++)
- (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
- (*salt_p)[8] = 0;
- }
-#endif /* !NO_MD5CRYPT_1 */
- }
-
- assert(*salt_p != NULL);
-
- /* truncate password if necessary */
- if ((strlen(passwd) > pw_maxlen))
- {
- if (!quiet)
- /* XXX: really we should know how to print a size_t, not cast it */
- BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen);
- passwd[pw_maxlen] = 0;
- }
- assert(strlen(passwd) <= pw_maxlen);
-
- /* now compute password hash */
-#ifndef OPENSSL_NO_DES
- if (usecrypt)
- hash = DES_crypt(passwd, *salt_p);
-#endif
-#ifndef NO_MD5CRYPT_1
- if (use1 || useapr1)
- hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
-#endif
- assert(hash != NULL);
-
- if (table && !reverse)
- BIO_printf(out, "%s\t%s\n", passwd, hash);
- else if (table && reverse)
- BIO_printf(out, "%s\t%s\n", hash, passwd);
- else
- BIO_printf(out, "%s\n", hash);
- return 1;
-
-err:
- return 0;
- }
-#else
-
-int MAIN(int argc, char **argv)
- {
- fputs("Program not available.\n", stderr)
- OPENSSL_EXIT(1);
- }
-#endif
diff --git a/crypto/openssl/apps/pca-cert.srl b/crypto/openssl/apps/pca-cert.srl
deleted file mode 100644
index 2c7456e..0000000
--- a/crypto/openssl/apps/pca-cert.srl
+++ /dev/null
@@ -1 +0,0 @@
-07
diff --git a/crypto/openssl/apps/pca-key.pem b/crypto/openssl/apps/pca-key.pem
deleted file mode 100644
index 20029ab..0000000
--- a/crypto/openssl/apps/pca-key.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
-wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
-vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
-AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
-z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
-xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
-HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
-yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
-xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
-7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
-h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
-QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
-hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/apps/pca-req.pem b/crypto/openssl/apps/pca-req.pem
deleted file mode 100644
index 33f1553..0000000
--- a/crypto/openssl/apps/pca-req.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBmjCCAQMCAQAwXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
-GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAo
-MTAyNCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfj
-Irkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUX
-MRsp22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3
-vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAEzz
-IG8NnfpnPTQSCN5zJhOfy6p9AcDyQzuJirYv1HR/qoYWalPh/U2uiK0lAim7qMcv
-wOlK3I7A8B7/4dLqvIqgtUj9b1WT8zIrnwdvJI4osLI2BY+c1pVlp174DHLMol1L
-Cl1e3N5BTm7lCitTYjuUhsw6hiA8IcdNKDo6sktV
------END CERTIFICATE REQUEST-----
diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c
deleted file mode 100644
index d5873e9..0000000
--- a/crypto/openssl/apps/pkcs12.c
+++ /dev/null
@@ -1,945 +0,0 @@
-/* pkcs12.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/pkcs12.h>
-
-#define PROG pkcs12_main
-
-const EVP_CIPHER *enc;
-
-
-#define NOKEYS 0x1
-#define NOCERTS 0x2
-#define INFO 0x4
-#define CLCERTS 0x8
-#define CACERTS 0x10
-
-int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
- int passlen, int options, char *pempass);
-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);
-void hex_prin(BIO *out, unsigned char *buf, int len);
-int alg_print(BIO *x, X509_ALGOR *alg);
-int cert_load(BIO *in, STACK_OF(X509) *sk);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
-{
- ENGINE *e = NULL;
- char *infile=NULL, *outfile=NULL, *keyname = NULL;
- char *certfile=NULL;
- BIO *in=NULL, *out = NULL;
- char **args;
- char *name = NULL;
- char *csp_name = NULL;
- PKCS12 *p12 = NULL;
- char pass[50], macpass[50];
- int export_cert = 0;
- int options = 0;
- int chain = 0;
- int badarg = 0;
- int iter = PKCS12_DEFAULT_ITER;
- int maciter = PKCS12_DEFAULT_ITER;
- int twopass = 0;
- int keytype = 0;
- int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
- int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- int ret = 1;
- int macver = 1;
- int noprompt = 0;
- STACK *canames = NULL;
- char *cpass = NULL, *mpass = NULL;
- char *passargin = NULL, *passargout = NULL, *passarg = NULL;
- char *passin = NULL, *passout = NULL;
- char *inrand = NULL;
- char *CApath = NULL, *CAfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- apps_startup();
-
- enc = EVP_des_ede3_cbc();
- if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- args = argv + 1;
-
-
- while (*args) {
- if (*args[0] == '-') {
- if (!strcmp (*args, "-nokeys")) options |= NOKEYS;
- else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;
- else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;
- else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;
- else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;
- else if (!strcmp (*args, "-cacerts")) options |= CACERTS;
- else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);
- else if (!strcmp (*args, "-info")) options |= INFO;
- else if (!strcmp (*args, "-chain")) chain = 1;
- else if (!strcmp (*args, "-twopass")) twopass = 1;
- else if (!strcmp (*args, "-nomacver")) macver = 0;
- else if (!strcmp (*args, "-descert"))
- cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
- else if (!strcmp (*args, "-export")) export_cert = 1;
- else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
-#ifndef OPENSSL_NO_IDEA
- else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
-#endif
- else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
-#ifndef OPENSSL_NO_AES
- else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
- else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
- else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();
- else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();
- else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();
-#endif
- else if (!strcmp (*args, "-noiter")) iter = 1;
- else if (!strcmp (*args, "-maciter"))
- maciter = PKCS12_DEFAULT_ITER;
- else if (!strcmp (*args, "-nomaciter"))
- maciter = 1;
- else if (!strcmp (*args, "-nomac"))
- maciter = -1;
- else if (!strcmp (*args, "-nodes")) enc=NULL;
- else if (!strcmp (*args, "-certpbe")) {
- if (args[1]) {
- args++;
- if (!strcmp(*args, "NONE"))
- cert_pbe = -1;
- else
- cert_pbe=OBJ_txt2nid(*args);
- if(cert_pbe == NID_undef) {
- BIO_printf(bio_err,
- "Unknown PBE algorithm %s\n", *args);
- badarg = 1;
- }
- } else badarg = 1;
- } else if (!strcmp (*args, "-keypbe")) {
- if (args[1]) {
- args++;
- if (!strcmp(*args, "NONE"))
- key_pbe = -1;
- else
- key_pbe=OBJ_txt2nid(*args);
- if(key_pbe == NID_undef) {
- BIO_printf(bio_err,
- "Unknown PBE algorithm %s\n", *args);
- badarg = 1;
- }
- } else badarg = 1;
- } else if (!strcmp (*args, "-rand")) {
- if (args[1]) {
- args++;
- inrand = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-inkey")) {
- if (args[1]) {
- args++;
- keyname = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-certfile")) {
- if (args[1]) {
- args++;
- certfile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-name")) {
- if (args[1]) {
- args++;
- name = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-CSP")) {
- if (args[1]) {
- args++;
- csp_name = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-caname")) {
- if (args[1]) {
- args++;
- if (!canames) canames = sk_new_null();
- sk_push(canames, *args);
- } else badarg = 1;
- } else if (!strcmp (*args, "-in")) {
- if (args[1]) {
- args++;
- infile = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-out")) {
- if (args[1]) {
- args++;
- outfile = *args;
- } else badarg = 1;
- } else if (!strcmp(*args,"-passin")) {
- if (args[1]) {
- args++;
- passargin = *args;
- } else badarg = 1;
- } else if (!strcmp(*args,"-passout")) {
- if (args[1]) {
- args++;
- passargout = *args;
- } else badarg = 1;
- } else if (!strcmp (*args, "-password")) {
- if (args[1]) {
- args++;
- passarg = *args;
- noprompt = 1;
- } else badarg = 1;
- } else if (!strcmp(*args,"-CApath")) {
- if (args[1]) {
- args++;
- CApath = *args;
- } else badarg = 1;
- } else if (!strcmp(*args,"-CAfile")) {
- if (args[1]) {
- args++;
- CAfile = *args;
- } else badarg = 1;
-#ifndef OPENSSL_NO_ENGINE
- } else if (!strcmp(*args,"-engine")) {
- if (args[1]) {
- args++;
- engine = *args;
- } else badarg = 1;
-#endif
- } else badarg = 1;
-
- } else badarg = 1;
- args++;
- }
-
- if (badarg) {
- BIO_printf (bio_err, "Usage: pkcs12 [options]\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-export output PKCS12 file\n");
- BIO_printf (bio_err, "-chain add certificate chain\n");
- BIO_printf (bio_err, "-inkey file private key if not infile\n");
- BIO_printf (bio_err, "-certfile f add all certs in f\n");
- BIO_printf (bio_err, "-CApath arg - PEM format directory of CA's\n");
- BIO_printf (bio_err, "-CAfile arg - PEM format file of CA's\n");
- BIO_printf (bio_err, "-name \"name\" use name as friendly name\n");
- BIO_printf (bio_err, "-caname \"nm\" use nm as CA friendly name (can be used more than once).\n");
- BIO_printf (bio_err, "-in infile input filename\n");
- BIO_printf (bio_err, "-out outfile output filename\n");
- BIO_printf (bio_err, "-noout don't output anything, just verify.\n");
- BIO_printf (bio_err, "-nomacver don't verify MAC.\n");
- BIO_printf (bio_err, "-nocerts don't output certificates.\n");
- BIO_printf (bio_err, "-clcerts only output client certificates.\n");
- BIO_printf (bio_err, "-cacerts only output CA certificates.\n");
- BIO_printf (bio_err, "-nokeys don't output private keys.\n");
- BIO_printf (bio_err, "-info give info about PKCS#12 structure.\n");
- BIO_printf (bio_err, "-des encrypt private keys with DES\n");
- BIO_printf (bio_err, "-des3 encrypt private keys with triple DES (default)\n");
-#ifndef OPENSSL_NO_IDEA
- BIO_printf (bio_err, "-idea encrypt private keys with idea\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
-#endif
- BIO_printf (bio_err, "-nodes don't encrypt private keys\n");
- BIO_printf (bio_err, "-noiter don't use encryption iteration\n");
- BIO_printf (bio_err, "-maciter use MAC iteration\n");
- BIO_printf (bio_err, "-twopass separate MAC, encryption passwords\n");
- BIO_printf (bio_err, "-descert encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
- BIO_printf (bio_err, "-certpbe alg specify certificate PBE algorithm (default RC2-40)\n");
- BIO_printf (bio_err, "-keypbe alg specify private key PBE algorithm (default 3DES)\n");
- BIO_printf (bio_err, "-keyex set MS key exchange type\n");
- BIO_printf (bio_err, "-keysig set MS key signature type\n");
- BIO_printf (bio_err, "-password p set import/export password source\n");
- BIO_printf (bio_err, "-passin p input file pass phrase source\n");
- BIO_printf (bio_err, "-passout p output file pass phrase source\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
- BIO_printf(bio_err, " the random number generator\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if(passarg) {
- if(export_cert) passargout = passarg;
- else passargin = passarg;
- }
-
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
- BIO_printf(bio_err, "Error getting passwords\n");
- goto end;
- }
-
- if(!cpass) {
- if(export_cert) cpass = passout;
- else cpass = passin;
- }
-
- if(cpass) {
- mpass = cpass;
- noprompt = 1;
- } else {
- cpass = pass;
- mpass = macpass;
- }
-
- if(export_cert || inrand) {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
- ERR_load_crypto_strings();
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("read files");
-#endif
-
- if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);
- else in = BIO_new_file(infile, "rb");
- if (!in) {
- BIO_printf(bio_err, "Error opening input file %s\n",
- infile ? infile : "<stdin>");
- perror (infile);
- goto end;
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("write files");
-#endif
-
- if (!outfile) {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- } else out = BIO_new_file(outfile, "wb");
- if (!out) {
- BIO_printf(bio_err, "Error opening output file %s\n",
- outfile ? outfile : "<stdout>");
- perror (outfile);
- goto end;
- }
- if (twopass) {
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("read MAC password");
-#endif
- if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
- {
- BIO_printf (bio_err, "Can't read Password\n");
- goto end;
- }
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
- }
-
- if (export_cert) {
- EVP_PKEY *key = NULL;
- X509 *ucert = NULL, *x = NULL;
- STACK_OF(X509) *certs=NULL;
- unsigned char *catmp = NULL;
- int i;
-
- if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))
- {
- BIO_printf(bio_err, "Nothing to do!\n");
- goto export_end;
- }
-
- if (options & NOCERTS)
- chain = 0;
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("process -export_cert");
- CRYPTO_push_info("reading private key");
-#endif
- if (!(options & NOKEYS))
- {
- key = load_key(bio_err, keyname ? keyname : infile,
- FORMAT_PEM, 1, passin, e, "private key");
- if (!key)
- goto export_end;
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading certs from input");
-#endif
-
- /* Load in all certs in input file */
- if(!(options & NOCERTS))
- {
- certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
- "certificates");
- if (!certs)
- goto export_end;
-
- if (key)
- {
- /* Look for matching private key */
- for(i = 0; i < sk_X509_num(certs); i++)
- {
- x = sk_X509_value(certs, i);
- if(X509_check_private_key(x, key))
- {
- ucert = x;
- /* Zero keyid and alias */
- X509_keyid_set1(ucert, NULL, 0);
- X509_alias_set1(ucert, NULL, 0);
- /* Remove from list */
- sk_X509_delete(certs, i);
- break;
- }
- }
- if (!ucert)
- {
- BIO_printf(bio_err, "No certificate matches private key\n");
- goto export_end;
- }
- }
-
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading certs from input 2");
-#endif
-
- /* Add any more certificates asked for */
- if(certfile)
- {
- STACK_OF(X509) *morecerts=NULL;
- if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
- NULL, e,
- "certificates from certfile")))
- goto export_end;
- while(sk_X509_num(morecerts) > 0)
- sk_X509_push(certs, sk_X509_shift(morecerts));
- sk_X509_free(morecerts);
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading certs from certfile");
-#endif
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("building chain");
-#endif
-
- /* If chaining get chain from user cert */
- if (chain) {
- int vret;
- STACK_OF(X509) *chain2;
- X509_STORE *store = X509_STORE_new();
- if (!store)
- {
- BIO_printf (bio_err, "Memory allocation error\n");
- goto export_end;
- }
- if (!X509_STORE_load_locations(store, CAfile, CApath))
- X509_STORE_set_default_paths (store);
-
- vret = get_cert_chain (ucert, store, &chain2);
- X509_STORE_free(store);
-
- if (!vret) {
- /* Exclude verified certificate */
- for (i = 1; i < sk_X509_num (chain2) ; i++)
- sk_X509_push(certs, sk_X509_value (chain2, i));
- /* Free first certificate */
- X509_free(sk_X509_value(chain2, 0));
- sk_X509_free(chain2);
- } else {
- if (vret >= 0)
- BIO_printf (bio_err, "Error %s getting chain.\n",
- X509_verify_cert_error_string(vret));
- else
- ERR_print_errors(bio_err);
- goto export_end;
- }
- }
-
- /* Add any CA names */
-
- for (i = 0; i < sk_num(canames); i++)
- {
- catmp = (unsigned char *)sk_value(canames, i);
- X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
- }
-
- if (csp_name && key)
- EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
- MBSTRING_ASC, (unsigned char *)csp_name, -1);
-
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("reading password");
-#endif
-
- if(!noprompt &&
- EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))
- {
- BIO_printf (bio_err, "Can't read Password\n");
- goto export_end;
- }
- if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("creating PKCS#12 structure");
-#endif
-
- p12 = PKCS12_create(cpass, name, key, ucert, certs,
- key_pbe, cert_pbe, iter, -1, keytype);
-
- if (!p12)
- {
- ERR_print_errors (bio_err);
- goto export_end;
- }
-
- if (maciter != -1)
- PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL);
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_push_info("writing pkcs12");
-#endif
-
- i2d_PKCS12_bio(out, p12);
-
- ret = 0;
-
- export_end:
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
- CRYPTO_pop_info();
- CRYPTO_push_info("process -export_cert: freeing");
-#endif
-
- if (key) EVP_PKEY_free(key);
- if (certs) sk_X509_pop_free(certs, X509_free);
- if (ucert) X509_free(ucert);
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
- goto end;
-
- }
-
- if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
- ERR_print_errors(bio_err);
- goto end;
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("read import password");
-#endif
- if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
- BIO_printf (bio_err, "Can't read Password\n");
- goto end;
- }
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
-
- if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);
-
- if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
- if(macver) {
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("verify MAC");
-#endif
- /* If we enter empty password try no password first */
- if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
- /* If mac and crypto pass the same set it to NULL too */
- if(!twopass) cpass = NULL;
- } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
- BIO_printf (bio_err, "Mac verify error: invalid password?\n");
- ERR_print_errors (bio_err);
- goto end;
- }
- BIO_printf (bio_err, "MAC verified OK\n");
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
- }
-
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("output keys and certificates");
-#endif
- if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout)) {
- BIO_printf(bio_err, "Error outputting keys and certificates\n");
- ERR_print_errors (bio_err);
- goto end;
- }
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
- ret = 0;
- end:
- if (p12) PKCS12_free(p12);
- if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
-#ifdef CRYPTO_MDEBUG
- CRYPTO_remove_all_info();
-#endif
- BIO_free(in);
- BIO_free_all(out);
- if (canames) sk_free(canames);
- if(passin) OPENSSL_free(passin);
- if(passout) OPENSSL_free(passout);
- apps_shutdown();
- OPENSSL_EXIT(ret);
-}
-
-int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
- int passlen, int options, char *pempass)
-{
- STACK_OF(PKCS7) *asafes = NULL;
- STACK_OF(PKCS12_SAFEBAG) *bags;
- int i, bagnid;
- int ret = 0;
- PKCS7 *p7;
-
- if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
- for (i = 0; i < sk_PKCS7_num (asafes); i++) {
- p7 = sk_PKCS7_value (asafes, i);
- bagnid = OBJ_obj2nid (p7->type);
- if (bagnid == NID_pkcs7_data) {
- bags = PKCS12_unpack_p7data(p7);
- if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
- } else if (bagnid == NID_pkcs7_encrypted) {
- if (options & INFO) {
- BIO_printf(bio_err, "PKCS7 Encrypted data: ");
- alg_print(bio_err,
- p7->d.encrypted->enc_data->algorithm);
- }
- bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
- } else continue;
- if (!bags) goto err;
- if (!dump_certs_pkeys_bags (out, bags, pass, passlen,
- options, pempass)) {
- sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
- goto err;
- }
- sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
- bags = NULL;
- }
- ret = 1;
-
- err:
-
- if (asafes)
- sk_PKCS7_pop_free (asafes, PKCS7_free);
- return ret;
-}
-
-int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
- char *pass, int passlen, int options, char *pempass)
-{
- int i;
- for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
- if (!dump_certs_pkeys_bag (out,
- sk_PKCS12_SAFEBAG_value (bags, i),
- pass, passlen,
- options, pempass))
- return 0;
- }
- return 1;
-}
-
-int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
- int passlen, int options, char *pempass)
-{
- EVP_PKEY *pkey;
- PKCS8_PRIV_KEY_INFO *p8;
- X509 *x509;
-
- switch (M_PKCS12_bag_type(bag))
- {
- case NID_keyBag:
- if (options & INFO) BIO_printf (bio_err, "Key bag\n");
- if (options & NOKEYS) return 1;
- print_attribs (out, bag->attrib, "Bag Attributes");
- p8 = bag->value.keybag;
- if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
- print_attribs (out, p8->attributes, "Key Attributes");
- PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
- EVP_PKEY_free(pkey);
- break;
-
- case NID_pkcs8ShroudedKeyBag:
- if (options & INFO) {
- BIO_printf (bio_err, "Shrouded Keybag: ");
- alg_print (bio_err, bag->value.shkeybag->algor);
- }
- if (options & NOKEYS) return 1;
- print_attribs (out, bag->attrib, "Bag Attributes");
- if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
- return 0;
- if (!(pkey = EVP_PKCS82PKEY (p8))) {
- PKCS8_PRIV_KEY_INFO_free(p8);
- return 0;
- }
- print_attribs (out, p8->attributes, "Key Attributes");
- PKCS8_PRIV_KEY_INFO_free(p8);
- PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
- EVP_PKEY_free(pkey);
- break;
-
- case NID_certBag:
- if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");
- if (options & NOCERTS) return 1;
- if (PKCS12_get_attr(bag, NID_localKeyID)) {
- if (options & CACERTS) return 1;
- } else if (options & CLCERTS) return 1;
- print_attribs (out, bag->attrib, "Bag Attributes");
- if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
- return 1;
- if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
- dump_cert_text (out, x509);
- PEM_write_bio_X509 (out, x509);
- X509_free(x509);
- break;
-
- case NID_safeContentsBag:
- if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");
- print_attribs (out, bag->attrib, "Bag Attributes");
- return dump_certs_pkeys_bags (out, bag->value.safes, pass,
- passlen, options, pempass);
-
- default:
- BIO_printf (bio_err, "Warning unsupported bag type: ");
- i2a_ASN1_OBJECT (bio_err, bag->type);
- BIO_printf (bio_err, "\n");
- return 1;
- break;
- }
- return 1;
-}
-
-/* Given a single certificate return a verified chain or NULL if error */
-
-/* Hope this is OK .... */
-
-int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
-{
- X509_STORE_CTX store_ctx;
- STACK_OF(X509) *chn;
- int i = 0;
-
- /* FIXME: Should really check the return status of X509_STORE_CTX_init
- * for an error, but how that fits into the return value of this
- * function is less obvious. */
- X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
- if (X509_verify_cert(&store_ctx) <= 0) {
- i = X509_STORE_CTX_get_error (&store_ctx);
- if (i == 0)
- /* avoid returning 0 if X509_verify_cert() did not
- * set an appropriate error value in the context */
- i = -1;
- chn = NULL;
- goto err;
- } else
- chn = X509_STORE_CTX_get1_chain(&store_ctx);
-err:
- X509_STORE_CTX_cleanup(&store_ctx);
- *chain = chn;
-
- return i;
-}
-
-int alg_print (BIO *x, X509_ALGOR *alg)
-{
- PBEPARAM *pbe;
- const unsigned char *p;
- p = alg->parameter->value.sequence->data;
- pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
- if (!pbe)
- return 1;
- BIO_printf (bio_err, "%s, Iteration %ld\n",
- OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)),
- ASN1_INTEGER_get(pbe->iter));
- PBEPARAM_free (pbe);
- return 1;
-}
-
-/* Load all certificates from a given file */
-
-int cert_load(BIO *in, STACK_OF(X509) *sk)
-{
- int ret;
- X509 *cert;
- ret = 0;
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("cert_load(): reading one cert");
-#endif
- while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
- ret = 1;
- sk_X509_push(sk, cert);
-#ifdef CRYPTO_MDEBUG
- CRYPTO_push_info("cert_load(): reading one cert");
-#endif
- }
-#ifdef CRYPTO_MDEBUG
- CRYPTO_pop_info();
-#endif
- if(ret) ERR_clear_error();
- return ret;
-}
-
-/* Generalised attribute print: handle PKCS#8 and bag attributes */
-
-int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
-{
- X509_ATTRIBUTE *attr;
- ASN1_TYPE *av;
- char *value;
- int i, attr_nid;
- if(!attrlst) {
- BIO_printf(out, "%s: <No Attributes>\n", name);
- return 1;
- }
- if(!sk_X509_ATTRIBUTE_num(attrlst)) {
- BIO_printf(out, "%s: <Empty Attributes>\n", name);
- return 1;
- }
- BIO_printf(out, "%s\n", name);
- for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
- attr = sk_X509_ATTRIBUTE_value(attrlst, i);
- attr_nid = OBJ_obj2nid(attr->object);
- BIO_printf(out, " ");
- if(attr_nid == NID_undef) {
- i2a_ASN1_OBJECT (out, attr->object);
- BIO_printf(out, ": ");
- } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
-
- if(sk_ASN1_TYPE_num(attr->value.set)) {
- av = sk_ASN1_TYPE_value(attr->value.set, 0);
- switch(av->type) {
- case V_ASN1_BMPSTRING:
- value = uni2asc(av->value.bmpstring->data,
- av->value.bmpstring->length);
- BIO_printf(out, "%s\n", value);
- OPENSSL_free(value);
- break;
-
- case V_ASN1_OCTET_STRING:
- hex_prin(out, av->value.octet_string->data,
- av->value.octet_string->length);
- BIO_printf(out, "\n");
- break;
-
- case V_ASN1_BIT_STRING:
- hex_prin(out, av->value.bit_string->data,
- av->value.bit_string->length);
- BIO_printf(out, "\n");
- break;
-
- default:
- BIO_printf(out, "<Unsupported tag %d>\n", av->type);
- break;
- }
- } else BIO_printf(out, "<No Values>\n");
- }
- return 1;
-}
-
-void hex_prin(BIO *out, unsigned char *buf, int len)
-{
- int i;
- for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
-}
-
-#endif
diff --git a/crypto/openssl/apps/pkcs7.c b/crypto/openssl/apps/pkcs7.c
deleted file mode 100644
index da4dbe7..0000000
--- a/crypto/openssl/apps/pkcs7.c
+++ /dev/null
@@ -1,318 +0,0 @@
-/* apps/pkcs7.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pkcs7.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG pkcs7_main
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -print_certs
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-#endif
- PKCS7 *p7=NULL;
- int i,badops=0;
- BIO *in=NULL,*out=NULL;
- int informat,outformat;
- char *infile,*outfile,*prog;
- int print_certs=0,text=0,noout=0;
- int ret=1;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-print_certs") == 0)
- print_certs=1;
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
- BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -print_certs print any certs or crl in the input\n");
- BIO_printf(bio_err," -text print full details of certificates\n");
- BIO_printf(bio_err," -noout don't output encoded data\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- ret = 1;
- goto end;
- }
-
- ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- if (in == NULL)
- {
- perror(infile);
- goto end;
- }
- }
-
- if (informat == FORMAT_ASN1)
- p7=d2i_PKCS7_bio(in,NULL);
- else if (informat == FORMAT_PEM)
- p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
- else
- {
- BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
- goto end;
- }
- if (p7 == NULL)
- {
- BIO_printf(bio_err,"unable to load PKCS7 object\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (print_certs)
- {
- STACK_OF(X509) *certs=NULL;
- STACK_OF(X509_CRL) *crls=NULL;
-
- i=OBJ_obj2nid(p7->type);
- switch (i)
- {
- case NID_pkcs7_signed:
- certs=p7->d.sign->cert;
- crls=p7->d.sign->crl;
- break;
- case NID_pkcs7_signedAndEnveloped:
- certs=p7->d.signed_and_enveloped->cert;
- crls=p7->d.signed_and_enveloped->crl;
- break;
- default:
- break;
- }
-
- if (certs != NULL)
- {
- X509 *x;
-
- for (i=0; i<sk_X509_num(certs); i++)
- {
- x=sk_X509_value(certs,i);
- if(text) X509_print(out, x);
- else dump_cert_text(out, x);
-
- if(!noout) PEM_write_bio_X509(out,x);
- BIO_puts(out,"\n");
- }
- }
- if (crls != NULL)
- {
- X509_CRL *crl;
-
- for (i=0; i<sk_X509_CRL_num(crls); i++)
- {
- crl=sk_X509_CRL_value(crls,i);
-
- X509_CRL_print(out, crl);
-
- if(!noout)PEM_write_bio_X509_CRL(out,crl);
- BIO_puts(out,"\n");
- }
- }
-
- ret=0;
- goto end;
- }
-
- if(!noout) {
- if (outformat == FORMAT_ASN1)
- i=i2d_PKCS7_bio(out,p7);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_PKCS7(out,p7);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
-
- if (!i)
- {
- BIO_printf(bio_err,"unable to write pkcs7 object\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- ret=0;
-end:
- if (p7 != NULL) PKCS7_free(p7);
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free_all(out);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
diff --git a/crypto/openssl/apps/pkcs8.c b/crypto/openssl/apps/pkcs8.c
deleted file mode 100644
index d508544..0000000
--- a/crypto/openssl/apps/pkcs8.c
+++ /dev/null
@@ -1,460 +0,0 @@
-/* pkcs8.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999-2004.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pkcs12.h>
-
-#define PROG pkcs8_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- char **args, *infile = NULL, *outfile = NULL;
- char *passargin = NULL, *passargout = NULL;
- BIO *in = NULL, *out = NULL;
- int topk8 = 0;
- int pbe_nid = -1;
- const EVP_CIPHER *cipher = NULL;
- int iter = PKCS12_DEFAULT_ITER;
- int informat, outformat;
- int p8_broken = PKCS8_OK;
- int nocrypt = 0;
- X509_SIG *p8;
- PKCS8_PRIV_KEY_INFO *p8inf;
- EVP_PKEY *pkey=NULL;
- char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
- int badarg = 0;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- ERR_load_crypto_strings();
- OpenSSL_add_all_algorithms();
- args = argv + 1;
- while (!badarg && *args && *args[0] == '-')
- {
- if (!strcmp(*args,"-v2"))
- {
- if (args[1])
- {
- args++;
- cipher=EVP_get_cipherbyname(*args);
- if (!cipher)
- {
- BIO_printf(bio_err,
- "Unknown cipher %s\n", *args);
- badarg = 1;
- }
- }
- else
- badarg = 1;
- }
- else if (!strcmp(*args,"-v1"))
- {
- if (args[1])
- {
- args++;
- pbe_nid=OBJ_txt2nid(*args);
- if (pbe_nid == NID_undef)
- {
- BIO_printf(bio_err,
- "Unknown PBE algorithm %s\n", *args);
- badarg = 1;
- }
- }
- else
- badarg = 1;
- }
- else if (!strcmp(*args,"-inform"))
- {
- if (args[1])
- {
- args++;
- informat=str2fmt(*args);
- }
- else badarg = 1;
- }
- else if (!strcmp(*args,"-outform"))
- {
- if (args[1])
- {
- args++;
- outformat=str2fmt(*args);
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-topk8"))
- topk8 = 1;
- else if (!strcmp (*args, "-noiter"))
- iter = 1;
- else if (!strcmp (*args, "-nocrypt"))
- nocrypt = 1;
- else if (!strcmp (*args, "-nooct"))
- p8_broken = PKCS8_NO_OCTET;
- else if (!strcmp (*args, "-nsdb"))
- p8_broken = PKCS8_NS_DB;
- else if (!strcmp (*args, "-embed"))
- p8_broken = PKCS8_EMBEDDED_PARAM;
- else if (!strcmp(*args,"-passin"))
- {
- if (!args[1]) goto bad;
- passargin= *(++args);
- }
- else if (!strcmp(*args,"-passout"))
- {
- if (!args[1]) goto bad;
- passargout= *(++args);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*args,"-engine") == 0)
- {
- if (!args[1]) goto bad;
- engine= *(++args);
- }
-#endif
- else if (!strcmp (*args, "-in"))
- {
- if (args[1])
- {
- args++;
- infile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-out"))
- {
- if (args[1])
- {
- args++;
- outfile = *args;
- }
- else badarg = 1;
- }
- else badarg = 1;
- args++;
- }
-
- if (badarg)
- {
- bad:
- BIO_printf(bio_err, "Usage pkcs8 [options]\n");
- BIO_printf(bio_err, "where options are\n");
- BIO_printf(bio_err, "-in file input file\n");
- BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
- BIO_printf(bio_err, "-passin arg input file pass phrase source\n");
- BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
- BIO_printf(bio_err, "-out file output file\n");
- BIO_printf(bio_err, "-passout arg output file pass phrase source\n");
- BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
- BIO_printf(bio_err, "-nooct use (nonstandard) no octet format\n");
- BIO_printf(bio_err, "-embed use (nonstandard) embedded DSA parameters format\n");
- BIO_printf(bio_err, "-nsdb use (nonstandard) DSA Netscape DB format\n");
- BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
- BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
- BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
- BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- return 1;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
- {
- BIO_printf(bio_err, "Error getting passwords\n");
- return 1;
- }
-
- if ((pbe_nid == -1) && !cipher)
- pbe_nid = NID_pbeWithMD5AndDES_CBC;
-
- if (infile)
- {
- if (!(in = BIO_new_file(infile, "rb")))
- {
- BIO_printf(bio_err,
- "Can't open input file %s\n", infile);
- return (1);
- }
- }
- else
- in = BIO_new_fp (stdin, BIO_NOCLOSE);
-
- if (outfile)
- {
- if (!(out = BIO_new_file (outfile, "wb")))
- {
- BIO_printf(bio_err,
- "Can't open output file %s\n", outfile);
- return (1);
- }
- }
- else
- {
- out = BIO_new_fp (stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- if (topk8)
- {
- BIO_free(in); /* Not needed in this section */
- pkey = load_key(bio_err, infile, informat, 1,
- passin, e, "key");
- if (!pkey)
- {
- BIO_free_all(out);
- return 1;
- }
- if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
- {
- BIO_printf(bio_err, "Error converting key\n");
- ERR_print_errors(bio_err);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return 1;
- }
- if (nocrypt)
- {
- if (outformat == FORMAT_PEM)
- PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
- else if (outformat == FORMAT_ASN1)
- i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
- else
- {
- BIO_printf(bio_err, "Bad format specified for key\n");
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return (1);
- }
- }
- else
- {
- if (passout)
- p8pass = passout;
- else
- {
- p8pass = pass;
- if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
- {
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return (1);
- }
- }
- app_RAND_load_file(NULL, bio_err, 0);
- if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
- p8pass, strlen(p8pass),
- NULL, 0, iter, p8inf)))
- {
- BIO_printf(bio_err, "Error encrypting key\n");
- ERR_print_errors(bio_err);
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return (1);
- }
- app_RAND_write_file(NULL, bio_err);
- if (outformat == FORMAT_PEM)
- PEM_write_bio_PKCS8(out, p8);
- else if (outformat == FORMAT_ASN1)
- i2d_PKCS8_bio(out, p8);
- else
- {
- BIO_printf(bio_err, "Bad format specified for key\n");
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- return (1);
- }
- X509_SIG_free(p8);
- }
-
- PKCS8_PRIV_KEY_INFO_free (p8inf);
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- if (passin)
- OPENSSL_free(passin);
- if (passout)
- OPENSSL_free(passout);
- return (0);
- }
-
- if (nocrypt)
- {
- if (informat == FORMAT_PEM)
- p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
- else if (informat == FORMAT_ASN1)
- p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
- else
- {
- BIO_printf(bio_err, "Bad format specified for key\n");
- return (1);
- }
- }
- else
- {
- if (informat == FORMAT_PEM)
- p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
- else if (informat == FORMAT_ASN1)
- p8 = d2i_PKCS8_bio(in, NULL);
- else
- {
- BIO_printf(bio_err, "Bad format specified for key\n");
- return (1);
- }
-
- if (!p8)
- {
- BIO_printf (bio_err, "Error reading key\n");
- ERR_print_errors(bio_err);
- return (1);
- }
- if (passin)
- p8pass = passin;
- else
- {
- p8pass = pass;
- EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
- }
- p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
- X509_SIG_free(p8);
- }
-
- if (!p8inf)
- {
- BIO_printf(bio_err, "Error decrypting key\n");
- ERR_print_errors(bio_err);
- return (1);
- }
-
- if (!(pkey = EVP_PKCS82PKEY(p8inf)))
- {
- BIO_printf(bio_err, "Error converting key\n");
- ERR_print_errors(bio_err);
- return (1);
- }
-
- if (p8inf->broken)
- {
- BIO_printf(bio_err, "Warning: broken key encoding: ");
- switch (p8inf->broken)
- {
- case PKCS8_NO_OCTET:
- BIO_printf(bio_err, "No Octet String in PrivateKey\n");
- break;
-
- case PKCS8_EMBEDDED_PARAM:
- BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
- break;
-
- case PKCS8_NS_DB:
- BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
- break;
-
- default:
- BIO_printf(bio_err, "Unknown broken type\n");
- break;
- }
- }
-
- PKCS8_PRIV_KEY_INFO_free(p8inf);
- if (outformat == FORMAT_PEM)
- PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
- else if (outformat == FORMAT_ASN1)
- i2d_PrivateKey_bio(out, pkey);
- else
- {
- BIO_printf(bio_err, "Bad format specified for key\n");
- return (1);
- }
-
- end:
- EVP_PKEY_free(pkey);
- BIO_free_all(out);
- BIO_free(in);
- if (passin)
- OPENSSL_free(passin);
- if (passout)
- OPENSSL_free(passout);
-
- return (0);
- }
diff --git a/crypto/openssl/apps/prime.c b/crypto/openssl/apps/prime.c
deleted file mode 100644
index af2fed1..0000000
--- a/crypto/openssl/apps/prime.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include <string.h>
-
-#include "apps.h"
-#include <openssl/bn.h>
-
-
-#undef PROG
-#define PROG prime_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int hex=0;
- int checks=20;
- BIGNUM *bn=NULL;
- BIO *bio_out;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- --argc;
- ++argv;
- while (argc >= 1 && **argv == '-')
- {
- if(!strcmp(*argv,"-hex"))
- hex=1;
- else if(!strcmp(*argv,"-checks"))
- if(--argc < 1)
- goto bad;
- else
- checks=atoi(*++argv);
- else
- {
- BIO_printf(bio_err,"Unknown option '%s'\n",*argv);
- goto bad;
- }
- --argc;
- ++argv;
- }
-
- if (argv[0] == NULL)
- {
- BIO_printf(bio_err,"No prime specified\n");
- goto bad;
- }
-
- if ((bio_out=BIO_new(BIO_s_file())) != NULL)
- {
- BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- bio_out = BIO_push(tmpbio, bio_out);
- }
-#endif
- }
-
- if(hex)
- BN_hex2bn(&bn,argv[0]);
- else
- BN_dec2bn(&bn,argv[0]);
-
- BN_print(bio_out,bn);
- BIO_printf(bio_out," is %sprime\n",
- BN_is_prime_ex(bn,checks,NULL,NULL) ? "" : "not ");
-
- BN_free(bn);
- BIO_free_all(bio_out);
-
- return 0;
-
- bad:
- BIO_printf(bio_err,"options are\n");
- BIO_printf(bio_err,"%-14s hex\n","-hex");
- BIO_printf(bio_err,"%-14s number of checks\n","-checks <n>");
- return 1;
- }
diff --git a/crypto/openssl/apps/privkey.pem b/crypto/openssl/apps/privkey.pem
deleted file mode 100644
index 0af4647..0000000
--- a/crypto/openssl/apps/privkey.pem
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,BA26229A1653B7FF
-
-6nhWG8PKhTPO/s3ZvjUa6226NlKdvPDZFsNXOOoSUs9ejxpb/aj5huhs6qRYzsz9
-Year47uaAZYhGD0vAagnNiBnYmjWEpN9G/wQxG7pgZThK1ZxDi63qn8aQ8UjuGHo
-F6RpnnBQIAnWTWqr/Qsybtc5EoNkrj/Cpx0OfbSr6gZsFBCxwX1R1hT3/mhJ45f3
-XMofY32Vdfx9/vtw1O7HmlHXQnXaqnbd9/nn1EpvFJG9+UjPoW7gV4jCOLuR4deE
-jS8hm+cpkwXmFtk3VGjT9tQXPpMv3JpYfBqgGQoMAJ5Toq0DWcHi6Wg08PsD8lgy
-vmTioPsRg+JGkJkJ8GnusgLpQdlQJbjzd7wGE6ElUFLfOxLo8bLlRHoriHNdWYhh
-JjY0LyeTkovcmWxVjImc6ZyBz5Ly4t0BYf1gq3OkjsV91Q1taBxnhiavfizqMCAf
-PPB3sLQnlXG77TOXkNxpqbZfEYrVZW2Nsqqdn8s07Uj4IMONZyq2odYKWFPMJBiM
-POYwXjMAOcmFMTHYsVlhcUJuV6LOuipw/FEbTtPH/MYMxLe4zx65dYo1rb4iLKLS
-gMtB0o/Wl4Xno3ZXh1ucicYnV2J7NpVcjVq+3SFiCRu2SrSkZHZ23EPS13Ec6fcz
-8X/YGA2vTJ8MAOozAzQUwHQYvLk7bIoQVekqDq4p0AZQbhdspHpArCk0Ifqqzg/v
-Uyky/zZiQYanzDenTSRVI/8wac3olxpU8QvbySxYqmbkgq6bTpXJfYFQfnAttEsC
-dA4S5UFgyOPZluxCAM4yaJF3Ft6neutNwftuJQMbgCUi9vYg2tGdSw==
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/apps/progs.h b/crypto/openssl/apps/progs.h
deleted file mode 100644
index 011974b..0000000
--- a/crypto/openssl/apps/progs.h
+++ /dev/null
@@ -1,324 +0,0 @@
-/* apps/progs.h */
-/* automatically generated by progs.pl for openssl.c */
-
-extern int verify_main(int argc,char *argv[]);
-extern int asn1parse_main(int argc,char *argv[]);
-extern int req_main(int argc,char *argv[]);
-extern int dgst_main(int argc,char *argv[]);
-extern int dh_main(int argc,char *argv[]);
-extern int dhparam_main(int argc,char *argv[]);
-extern int enc_main(int argc,char *argv[]);
-extern int passwd_main(int argc,char *argv[]);
-extern int gendh_main(int argc,char *argv[]);
-extern int errstr_main(int argc,char *argv[]);
-extern int ca_main(int argc,char *argv[]);
-extern int crl_main(int argc,char *argv[]);
-extern int rsa_main(int argc,char *argv[]);
-extern int rsautl_main(int argc,char *argv[]);
-extern int dsa_main(int argc,char *argv[]);
-extern int dsaparam_main(int argc,char *argv[]);
-extern int ec_main(int argc,char *argv[]);
-extern int ecparam_main(int argc,char *argv[]);
-extern int x509_main(int argc,char *argv[]);
-extern int genrsa_main(int argc,char *argv[]);
-extern int gendsa_main(int argc,char *argv[]);
-extern int s_server_main(int argc,char *argv[]);
-extern int s_client_main(int argc,char *argv[]);
-extern int speed_main(int argc,char *argv[]);
-extern int s_time_main(int argc,char *argv[]);
-extern int version_main(int argc,char *argv[]);
-extern int pkcs7_main(int argc,char *argv[]);
-extern int crl2pkcs7_main(int argc,char *argv[]);
-extern int sess_id_main(int argc,char *argv[]);
-extern int ciphers_main(int argc,char *argv[]);
-extern int nseq_main(int argc,char *argv[]);
-extern int pkcs12_main(int argc,char *argv[]);
-extern int pkcs8_main(int argc,char *argv[]);
-extern int spkac_main(int argc,char *argv[]);
-extern int smime_main(int argc,char *argv[]);
-extern int rand_main(int argc,char *argv[]);
-extern int engine_main(int argc,char *argv[]);
-extern int ocsp_main(int argc,char *argv[]);
-extern int prime_main(int argc,char *argv[]);
-
-#define FUNC_TYPE_GENERAL 1
-#define FUNC_TYPE_MD 2
-#define FUNC_TYPE_CIPHER 3
-
-typedef struct {
- int type;
- const char *name;
- int (*func)(int argc,char *argv[]);
- } FUNCTION;
-
-FUNCTION functions[] = {
- {FUNC_TYPE_GENERAL,"verify",verify_main},
- {FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
- {FUNC_TYPE_GENERAL,"req",req_main},
- {FUNC_TYPE_GENERAL,"dgst",dgst_main},
-#ifndef OPENSSL_NO_DH
- {FUNC_TYPE_GENERAL,"dh",dh_main},
-#endif
-#ifndef OPENSSL_NO_DH
- {FUNC_TYPE_GENERAL,"dhparam",dhparam_main},
-#endif
- {FUNC_TYPE_GENERAL,"enc",enc_main},
- {FUNC_TYPE_GENERAL,"passwd",passwd_main},
-#ifndef OPENSSL_NO_DH
- {FUNC_TYPE_GENERAL,"gendh",gendh_main},
-#endif
- {FUNC_TYPE_GENERAL,"errstr",errstr_main},
- {FUNC_TYPE_GENERAL,"ca",ca_main},
- {FUNC_TYPE_GENERAL,"crl",crl_main},
-#ifndef OPENSSL_NO_RSA
- {FUNC_TYPE_GENERAL,"rsa",rsa_main},
-#endif
-#ifndef OPENSSL_NO_RSA
- {FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
-#endif
-#ifndef OPENSSL_NO_DSA
- {FUNC_TYPE_GENERAL,"dsa",dsa_main},
-#endif
-#ifndef OPENSSL_NO_DSA
- {FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
-#endif
-#ifndef OPENSSL_NO_EC
- {FUNC_TYPE_GENERAL,"ec",ec_main},
-#endif
-#ifndef OPENSSL_NO_EC
- {FUNC_TYPE_GENERAL,"ecparam",ecparam_main},
-#endif
- {FUNC_TYPE_GENERAL,"x509",x509_main},
-#ifndef OPENSSL_NO_RSA
- {FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
-#endif
-#ifndef OPENSSL_NO_DSA
- {FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
-#endif
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
- {FUNC_TYPE_GENERAL,"s_server",s_server_main},
-#endif
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
- {FUNC_TYPE_GENERAL,"s_client",s_client_main},
-#endif
-#ifndef OPENSSL_NO_SPEED
- {FUNC_TYPE_GENERAL,"speed",speed_main},
-#endif
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
- {FUNC_TYPE_GENERAL,"s_time",s_time_main},
-#endif
- {FUNC_TYPE_GENERAL,"version",version_main},
- {FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
- {FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
- {FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
-#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
- {FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
-#endif
- {FUNC_TYPE_GENERAL,"nseq",nseq_main},
-#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
- {FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
-#endif
- {FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
- {FUNC_TYPE_GENERAL,"spkac",spkac_main},
- {FUNC_TYPE_GENERAL,"smime",smime_main},
- {FUNC_TYPE_GENERAL,"rand",rand_main},
-#ifndef OPENSSL_NO_ENGINE
- {FUNC_TYPE_GENERAL,"engine",engine_main},
-#endif
- {FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
- {FUNC_TYPE_GENERAL,"prime",prime_main},
-#ifndef OPENSSL_NO_MD2
- {FUNC_TYPE_MD,"md2",dgst_main},
-#endif
-#ifndef OPENSSL_NO_MD4
- {FUNC_TYPE_MD,"md4",dgst_main},
-#endif
-#ifndef OPENSSL_NO_MD5
- {FUNC_TYPE_MD,"md5",dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA
- {FUNC_TYPE_MD,"sha",dgst_main},
-#endif
-#ifndef OPENSSL_NO_SHA1
- {FUNC_TYPE_MD,"sha1",dgst_main},
-#endif
-#ifndef OPENSSL_NO_MDC2
- {FUNC_TYPE_MD,"mdc2",dgst_main},
-#endif
-#ifndef OPENSSL_NO_RMD160
- {FUNC_TYPE_MD,"rmd160",dgst_main},
-#endif
-#ifndef OPENSSL_NO_AES
- {FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
- {FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
- {FUNC_TYPE_CIPHER,"aes-192-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
- {FUNC_TYPE_CIPHER,"aes-192-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
- {FUNC_TYPE_CIPHER,"aes-256-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_AES
- {FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- {FUNC_TYPE_CIPHER,"camellia-128-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- {FUNC_TYPE_CIPHER,"camellia-128-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- {FUNC_TYPE_CIPHER,"camellia-192-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- {FUNC_TYPE_CIPHER,"camellia-192-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- {FUNC_TYPE_CIPHER,"camellia-256-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- {FUNC_TYPE_CIPHER,"camellia-256-ecb",enc_main},
-#endif
- {FUNC_TYPE_CIPHER,"base64",enc_main},
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des3",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"desx",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
- {FUNC_TYPE_CIPHER,"idea",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC4
- {FUNC_TYPE_CIPHER,"rc4",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC4
- {FUNC_TYPE_CIPHER,"rc4-40",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
- {FUNC_TYPE_CIPHER,"rc2",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
- {FUNC_TYPE_CIPHER,"bf",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
- {FUNC_TYPE_CIPHER,"cast",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
- {FUNC_TYPE_CIPHER,"rc5",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede3",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_DES
- {FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
- {FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
- {FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
- {FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_IDEA
- {FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
- {FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
- {FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
- {FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
- {FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
- {FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC2
- {FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
- {FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
- {FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
- {FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_BF
- {FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
- {FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
- {FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
- {FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
- {FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
-#endif
-#ifndef OPENSSL_NO_CAST
- {FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
- {FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
- {FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
- {FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
-#endif
-#ifndef OPENSSL_NO_RC5
- {FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
-#endif
- {0,NULL,NULL}
- };
diff --git a/crypto/openssl/apps/progs.pl b/crypto/openssl/apps/progs.pl
deleted file mode 100644
index 7b1de74..0000000
--- a/crypto/openssl/apps/progs.pl
+++ /dev/null
@@ -1,91 +0,0 @@
-#!/usr/local/bin/perl
-
-print "/* apps/progs.h */\n";
-print "/* automatically generated by progs.pl for openssl.c */\n\n";
-
-grep(s/^asn1pars$/asn1parse/,@ARGV);
-
-foreach (@ARGV)
- { printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
-
-print <<'EOF';
-
-#define FUNC_TYPE_GENERAL 1
-#define FUNC_TYPE_MD 2
-#define FUNC_TYPE_CIPHER 3
-
-typedef struct {
- int type;
- const char *name;
- int (*func)(int argc,char *argv[]);
- } FUNCTION;
-
-FUNCTION functions[] = {
-EOF
-
-foreach (@ARGV)
- {
- push(@files,$_);
- $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
- if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
- { print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; }
- elsif ( ($_ =~ /^speed$/))
- { print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; }
- elsif ( ($_ =~ /^engine$/))
- { print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; }
- elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/))
- { print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n"; }
- elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
- { print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
- elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/))
- { print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";}
- elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
- { print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
- elsif ( ($_ =~ /^pkcs12$/))
- { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
- else
- { print $str; }
- }
-
-foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
- {
- push(@files,$_);
- printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
- }
-
-foreach (
- "aes-128-cbc", "aes-128-ecb",
- "aes-192-cbc", "aes-192-ecb",
- "aes-256-cbc", "aes-256-ecb",
- "camellia-128-cbc", "camellia-128-ecb",
- "camellia-192-cbc", "camellia-192-ecb",
- "camellia-256-cbc", "camellia-256-ecb",
- "base64",
- "des", "des3", "desx", "idea", "rc4", "rc4-40",
- "rc2", "bf", "cast", "rc5",
- "des-ecb", "des-ede", "des-ede3",
- "des-cbc", "des-ede-cbc","des-ede3-cbc",
- "des-cfb", "des-ede-cfb","des-ede3-cfb",
- "des-ofb", "des-ede-ofb","des-ede3-ofb",
- "idea-cbc","idea-ecb", "idea-cfb", "idea-ofb",
- "rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
- "bf-cbc", "bf-ecb", "bf-cfb", "bf-ofb",
- "cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
- "cast-cbc", "rc5-cbc", "rc5-ecb", "rc5-cfb", "rc5-ofb")
- {
- push(@files,$_);
-
- $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
- if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
- elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
- elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; }
- elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }
- elsif ($_ =~ /rc4/) { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }
- elsif ($_ =~ /rc2/) { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }
- elsif ($_ =~ /bf/) { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
- elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; }
- elsif ($_ =~ /rc5/) { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; }
- print $t;
- }
-
-print "\t{0,NULL,NULL}\n\t};\n";
diff --git a/crypto/openssl/apps/rand.c b/crypto/openssl/apps/rand.c
deleted file mode 100644
index a893896..0000000
--- a/crypto/openssl/apps/rand.c
+++ /dev/null
@@ -1,227 +0,0 @@
-/* apps/rand.c */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "apps.h"
-
-#include <ctype.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-
-#undef PROG
-#define PROG rand_main
-
-/* -out file - write to file
- * -rand file:file - PRNG seed files
- * -base64 - encode output
- * num - write 'num' bytes
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-#endif
- int i, r, ret = 1;
- int badopt;
- char *outfile = NULL;
- char *inrand = NULL;
- int base64 = 0;
- BIO *out = NULL;
- int num = -1;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto err;
-
- badopt = 0;
- i = 0;
- while (!badopt && argv[++i] != NULL)
- {
- if (strcmp(argv[i], "-out") == 0)
- {
- if ((argv[i+1] != NULL) && (outfile == NULL))
- outfile = argv[++i];
- else
- badopt = 1;
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(argv[i], "-engine") == 0)
- {
- if ((argv[i+1] != NULL) && (engine == NULL))
- engine = argv[++i];
- else
- badopt = 1;
- }
-#endif
- else if (strcmp(argv[i], "-rand") == 0)
- {
- if ((argv[i+1] != NULL) && (inrand == NULL))
- inrand = argv[++i];
- else
- badopt = 1;
- }
- else if (strcmp(argv[i], "-base64") == 0)
- {
- if (!base64)
- base64 = 1;
- else
- badopt = 1;
- }
- else if (isdigit((unsigned char)argv[i][0]))
- {
- if (num < 0)
- {
- r = sscanf(argv[i], "%d", &num);
- if (r == 0 || num < 0)
- badopt = 1;
- }
- else
- badopt = 1;
- }
- else
- badopt = 1;
- }
-
- if (num < 0)
- badopt = 1;
-
- if (badopt)
- {
- BIO_printf(bio_err, "Usage: rand [options] num\n");
- BIO_printf(bio_err, "where options are\n");
- BIO_printf(bio_err, "-out file - write to file\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err, "-engine e - use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, "-base64 - encode output\n");
- goto err;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
- out = BIO_new(BIO_s_file());
- if (out == NULL)
- goto err;
- if (outfile != NULL)
- r = BIO_write_filename(out, outfile);
- else
- {
- r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- if (r <= 0)
- goto err;
-
- if (base64)
- {
- BIO *b64 = BIO_new(BIO_f_base64());
- if (b64 == NULL)
- goto err;
- out = BIO_push(b64, out);
- }
-
- while (num > 0)
- {
- unsigned char buf[4096];
- int chunk;
-
- chunk = num;
- if (chunk > (int)sizeof(buf))
- chunk = sizeof buf;
- r = RAND_bytes(buf, chunk);
- if (r <= 0)
- goto err;
- BIO_write(out, buf, chunk);
- num -= chunk;
- }
- BIO_flush(out);
-
- app_RAND_write_file(NULL, bio_err);
- ret = 0;
-
-err:
- ERR_print_errors(bio_err);
- if (out)
- BIO_free_all(out);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c
deleted file mode 100644
index f58e65e..0000000
--- a/crypto/openssl/apps/req.c
+++ /dev/null
@@ -1,1686 +0,0 @@
-/* apps/req.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/conf.h>
-#include <openssl/err.h>
-#include <openssl/asn1.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/objects.h>
-#include <openssl/pem.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#define SECTION "req"
-
-#define BITS "default_bits"
-#define KEYFILE "default_keyfile"
-#define PROMPT "prompt"
-#define DISTINGUISHED_NAME "distinguished_name"
-#define ATTRIBUTES "attributes"
-#define V3_EXTENSIONS "x509_extensions"
-#define REQ_EXTENSIONS "req_extensions"
-#define STRING_MASK "string_mask"
-#define UTF8_IN "utf8"
-
-#define DEFAULT_KEY_LENGTH 512
-#define MIN_KEY_LENGTH 384
-
-#undef PROG
-#define PROG req_main
-
-/* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -verify - check request signature
- * -noout - don't print stuff out.
- * -text - print out human readable text.
- * -nodes - no des encryption
- * -config file - Load configuration file.
- * -key file - make a request using key in file (or use it for verification).
- * -keyform arg - key file format.
- * -rand file(s) - load the file(s) into the PRNG.
- * -newkey - make a key and a request.
- * -modulus - print RSA modulus.
- * -pubkey - output Public Key.
- * -x509 - output a self signed X509 structure instead.
- * -asn1-kludge - output new certificate request in a format that some CA's
- * require. This format is wrong
- */
-
-static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int mutlirdn,
- int attribs,unsigned long chtype);
-static int build_subject(X509_REQ *req, char *subj, unsigned long chtype,
- int multirdn);
-static int prompt_info(X509_REQ *req,
- STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
- unsigned long chtype);
-static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
- STACK_OF(CONF_VALUE) *attr, int attribs,
- unsigned long chtype);
-static int add_attribute_object(X509_REQ *req, char *text, const char *def,
- char *value, int nid, int n_min,
- int n_max, unsigned long chtype);
-static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
- int nid,int n_min,int n_max, unsigned long chtype, int mval);
-#ifndef OPENSSL_NO_RSA
-static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb);
-#endif
-static int req_check_len(int len,int n_min,int n_max);
-static int check_end(const char *str, const char *end);
-#ifndef MONOLITH
-static char *default_config_file=NULL;
-#endif
-static CONF *req_conf=NULL;
-static int batch=0;
-
-#define TYPE_RSA 1
-#define TYPE_DSA 2
-#define TYPE_DH 3
-#define TYPE_EC 4
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
-#ifndef OPENSSL_NO_DSA
- DSA *dsa_params=NULL;
-#endif
-#ifndef OPENSSL_NO_ECDSA
- EC_KEY *ec_params = NULL;
-#endif
- unsigned long nmflag = 0, reqflag = 0;
- int ex=1,x509=0,days=30;
- X509 *x509ss=NULL;
- X509_REQ *req=NULL;
- EVP_PKEY *pkey=NULL;
- int i=0,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
- long newkey = -1;
- BIO *in=NULL,*out=NULL;
- int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
- int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
- char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
- char *extensions = NULL;
- char *req_exts = NULL;
- const EVP_CIPHER *cipher=NULL;
- ASN1_INTEGER *serial = NULL;
- int modulus=0;
- char *inrand=NULL;
- char *passargin = NULL, *passargout = NULL;
- char *passin = NULL, *passout = NULL;
- char *p;
- char *subj = NULL;
- int multirdn = 0;
- const EVP_MD *md_alg=NULL,*digest=EVP_sha1();
- unsigned long chtype = MBSTRING_ASC;
-#ifndef MONOLITH
- char *to_free;
- long errline;
-#endif
-
- req_conf = NULL;
-#ifndef OPENSSL_NO_DES
- cipher=EVP_des_ede3_cbc();
-#endif
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- keyfile= *(++argv);
- }
- else if (strcmp(*argv,"-pubkey") == 0)
- {
- pubkey=1;
- }
- else if (strcmp(*argv,"-new") == 0)
- {
- newreq=1;
- }
- else if (strcmp(*argv,"-config") == 0)
- {
- if (--argc < 1) goto bad;
- template= *(++argv);
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
- keyform=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-keyout") == 0)
- {
- if (--argc < 1) goto bad;
- keyout= *(++argv);
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
- else if (strcmp(*argv,"-newkey") == 0)
- {
- int is_numeric;
-
- if (--argc < 1) goto bad;
- p= *(++argv);
- is_numeric = p[0] >= '0' && p[0] <= '9';
- if (strncmp("rsa:",p,4) == 0 || is_numeric)
- {
- pkey_type=TYPE_RSA;
- if(!is_numeric)
- p+=4;
- newkey= atoi(p);
- }
- else
-#ifndef OPENSSL_NO_DSA
- if (strncmp("dsa:",p,4) == 0)
- {
- X509 *xtmp=NULL;
- EVP_PKEY *dtmp;
-
- pkey_type=TYPE_DSA;
- p+=4;
- if ((in=BIO_new_file(p,"r")) == NULL)
- {
- perror(p);
- goto end;
- }
- if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
- {
- ERR_clear_error();
- (void)BIO_reset(in);
- if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
- {
- BIO_printf(bio_err,"unable to load DSA parameters from file\n");
- goto end;
- }
-
- if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
- if (dtmp->type == EVP_PKEY_DSA)
- dsa_params=DSAparams_dup(dtmp->pkey.dsa);
- EVP_PKEY_free(dtmp);
- X509_free(xtmp);
- if (dsa_params == NULL)
- {
- BIO_printf(bio_err,"Certificate does not contain DSA parameters\n");
- goto end;
- }
- }
- BIO_free(in);
- in=NULL;
- newkey=BN_num_bits(dsa_params->p);
- }
- else
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (strncmp("ec:",p,3) == 0)
- {
- X509 *xtmp=NULL;
- EVP_PKEY *dtmp;
- EC_GROUP *group;
-
- pkey_type=TYPE_EC;
- p+=3;
- if ((in=BIO_new_file(p,"r")) == NULL)
- {
- perror(p);
- goto end;
- }
- if ((ec_params = EC_KEY_new()) == NULL)
- goto end;
- group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
- if (group == NULL)
- {
- EC_KEY_free(ec_params);
- ERR_clear_error();
- (void)BIO_reset(in);
- if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
- {
- BIO_printf(bio_err,"unable to load EC parameters from file\n");
- goto end;
- }
-
- if ((dtmp=X509_get_pubkey(xtmp))==NULL)
- goto end;
- if (dtmp->type == EVP_PKEY_EC)
- ec_params = EC_KEY_dup(dtmp->pkey.ec);
- EVP_PKEY_free(dtmp);
- X509_free(xtmp);
- if (ec_params == NULL)
- {
- BIO_printf(bio_err,"Certificate does not contain EC parameters\n");
- goto end;
- }
- }
- else
- {
- if (EC_KEY_set_group(ec_params, group) == 0)
- goto end;
- EC_GROUP_free(group);
- }
-
- BIO_free(in);
- in=NULL;
- newkey = EC_GROUP_get_degree(EC_KEY_get0_group(ec_params));
- }
- else
-#endif
-#ifndef OPENSSL_NO_DH
- if (strncmp("dh:",p,4) == 0)
- {
- pkey_type=TYPE_DH;
- p+=3;
- }
- else
-#endif
- {
- goto bad;
- }
-
- newreq=1;
- }
- else if (strcmp(*argv,"-batch") == 0)
- batch=1;
- else if (strcmp(*argv,"-newhdr") == 0)
- newhdr=1;
- else if (strcmp(*argv,"-modulus") == 0)
- modulus=1;
- else if (strcmp(*argv,"-verify") == 0)
- verify=1;
- else if (strcmp(*argv,"-nodes") == 0)
- nodes=1;
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-verbose") == 0)
- verbose=1;
- else if (strcmp(*argv,"-utf8") == 0)
- chtype = MBSTRING_UTF8;
- else if (strcmp(*argv,"-nameopt") == 0)
- {
- if (--argc < 1) goto bad;
- if (!set_name_ex(&nmflag, *(++argv))) goto bad;
- }
- else if (strcmp(*argv,"-reqopt") == 0)
- {
- if (--argc < 1) goto bad;
- if (!set_cert_ex(&reqflag, *(++argv))) goto bad;
- }
- else if (strcmp(*argv,"-subject") == 0)
- subject=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-x509") == 0)
- x509=1;
- else if (strcmp(*argv,"-asn1-kludge") == 0)
- kludge=1;
- else if (strcmp(*argv,"-no-asn1-kludge") == 0)
- kludge=0;
- else if (strcmp(*argv,"-subj") == 0)
- {
- if (--argc < 1) goto bad;
- subj= *(++argv);
- }
- else if (strcmp(*argv,"-multivalue-rdn") == 0)
- multirdn=1;
- else if (strcmp(*argv,"-days") == 0)
- {
- if (--argc < 1) goto bad;
- days= atoi(*(++argv));
- if (days == 0) days=30;
- }
- else if (strcmp(*argv,"-set_serial") == 0)
- {
- if (--argc < 1) goto bad;
- serial = s2i_ASN1_INTEGER(NULL, *(++argv));
- if (!serial) goto bad;
- }
- else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
- {
- /* ok */
- digest=md_alg;
- }
- else if (strcmp(*argv,"-extensions") == 0)
- {
- if (--argc < 1) goto bad;
- extensions = *(++argv);
- }
- else if (strcmp(*argv,"-reqexts") == 0)
- {
- if (--argc < 1) goto bad;
- req_exts = *(++argv);
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
- BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -text text form of request\n");
- BIO_printf(bio_err," -pubkey output public key\n");
- BIO_printf(bio_err," -noout do not output REQ\n");
- BIO_printf(bio_err," -verify verify signature on REQ\n");
- BIO_printf(bio_err," -modulus RSA modulus\n");
- BIO_printf(bio_err," -nodes don't encrypt the output key\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device\n");
-#endif
- BIO_printf(bio_err," -subject output the request's subject\n");
- BIO_printf(bio_err," -passin private key password source\n");
- BIO_printf(bio_err," -key file use the private key contained in file\n");
- BIO_printf(bio_err," -keyform arg key file format\n");
- BIO_printf(bio_err," -keyout arg file to send the key to\n");
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err," load the file (or the files in the directory) into\n");
- BIO_printf(bio_err," the random number generator\n");
- BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
- BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-#ifndef OPENSSL_NO_ECDSA
- BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
-#endif
- BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
- BIO_printf(bio_err," -config file request template file.\n");
- BIO_printf(bio_err," -subj arg set or modify request subject\n");
- BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n");
- BIO_printf(bio_err," -new new request.\n");
- BIO_printf(bio_err," -batch do not ask anything during request generation\n");
- BIO_printf(bio_err," -x509 output a x509 structure instead of a cert. req.\n");
- BIO_printf(bio_err," -days number of days a certificate generated by -x509 is valid for.\n");
- BIO_printf(bio_err," -set_serial serial number to use for a certificate generated by -x509.\n");
- BIO_printf(bio_err," -newhdr output \"NEW\" in the header lines\n");
- BIO_printf(bio_err," -asn1-kludge Output the 'request' in a format that is wrong but some CA's\n");
- BIO_printf(bio_err," have been reported as requiring\n");
- BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
- BIO_printf(bio_err," -reqexts .. specify request extension section (override value in config file)\n");
- BIO_printf(bio_err," -utf8 input characters are UTF8 (default ASCII)\n");
- BIO_printf(bio_err," -nameopt arg - various certificate name options\n");
- BIO_printf(bio_err," -reqopt arg - various request text options\n\n");
- goto end;
- }
-
- ERR_load_crypto_strings();
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
- BIO_printf(bio_err, "Error getting passwords\n");
- goto end;
- }
-
-#ifndef MONOLITH /* else this has happened in openssl.c (global `config') */
- /* Lets load up our environment a little */
- p=getenv("OPENSSL_CONF");
- if (p == NULL)
- p=getenv("SSLEAY_CONF");
- if (p == NULL)
- p=to_free=make_config_name();
- default_config_file=p;
- config=NCONF_new(NULL);
- i=NCONF_load(config, p, &errline);
-#endif
-
- if (template != NULL)
- {
- long errline = -1;
-
- if( verbose )
- BIO_printf(bio_err,"Using configuration from %s\n",template);
- req_conf=NCONF_new(NULL);
- i=NCONF_load(req_conf,template,&errline);
- if (i == 0)
- {
- BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
- goto end;
- }
- }
- else
- {
- req_conf=config;
-
- if (req_conf == NULL)
- {
- BIO_printf(bio_err,"Unable to load config info from %s\n", default_config_file);
- if (newreq)
- goto end;
- }
- else if( verbose )
- BIO_printf(bio_err,"Using configuration from %s\n",
- default_config_file);
- }
-
- if (req_conf != NULL)
- {
- if (!load_config(bio_err, req_conf))
- goto end;
- p=NCONF_get_string(req_conf,NULL,"oid_file");
- if (p == NULL)
- ERR_clear_error();
- if (p != NULL)
- {
- BIO *oid_bio;
-
- oid_bio=BIO_new_file(p,"r");
- if (oid_bio == NULL)
- {
- /*
- BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
- ERR_print_errors(bio_err);
- */
- }
- else
- {
- OBJ_create_objects(oid_bio);
- BIO_free(oid_bio);
- }
- }
- }
- if(!add_oid_section(bio_err, req_conf)) goto end;
-
- if (md_alg == NULL)
- {
- p=NCONF_get_string(req_conf,SECTION,"default_md");
- if (p == NULL)
- ERR_clear_error();
- if (p != NULL)
- {
- if ((md_alg=EVP_get_digestbyname(p)) != NULL)
- digest=md_alg;
- }
- }
-
- if (!extensions)
- {
- extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
- if (!extensions)
- ERR_clear_error();
- }
- if (extensions) {
- /* Check syntax of file */
- X509V3_CTX ctx;
- X509V3_set_ctx_test(&ctx);
- X509V3_set_nconf(&ctx, req_conf);
- if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
- BIO_printf(bio_err,
- "Error Loading extension section %s\n", extensions);
- goto end;
- }
- }
-
- if(!passin)
- {
- passin = NCONF_get_string(req_conf, SECTION, "input_password");
- if (!passin)
- ERR_clear_error();
- }
-
- if(!passout)
- {
- passout = NCONF_get_string(req_conf, SECTION, "output_password");
- if (!passout)
- ERR_clear_error();
- }
-
- p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
- if (!p)
- ERR_clear_error();
-
- if(p && !ASN1_STRING_set_default_mask_asc(p)) {
- BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
- goto end;
- }
-
- if (chtype != MBSTRING_UTF8)
- {
- p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
- if (!p)
- ERR_clear_error();
- else if (!strcmp(p, "yes"))
- chtype = MBSTRING_UTF8;
- }
-
-
- if(!req_exts)
- {
- req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
- if (!req_exts)
- ERR_clear_error();
- }
- if(req_exts) {
- /* Check syntax of file */
- X509V3_CTX ctx;
- X509V3_set_ctx_test(&ctx);
- X509V3_set_nconf(&ctx, req_conf);
- if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
- BIO_printf(bio_err,
- "Error Loading request extension section %s\n",
- req_exts);
- goto end;
- }
- }
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- goto end;
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (keyfile != NULL)
- {
- pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
- "Private Key");
- if (!pkey)
- {
- /* load_key() has already printed an appropriate
- message */
- goto end;
- }
- if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA ||
- EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)
- {
- char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
- if (randfile == NULL)
- ERR_clear_error();
- app_RAND_load_file(randfile, bio_err, 0);
- }
- }
-
- if (newreq && (pkey == NULL))
- {
-#ifndef OPENSSL_NO_RSA
- BN_GENCB cb;
-#endif
- char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
- if (randfile == NULL)
- ERR_clear_error();
- app_RAND_load_file(randfile, bio_err, 0);
- if (inrand)
- app_RAND_load_files(inrand);
-
- if (newkey <= 0)
- {
- if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
- newkey=DEFAULT_KEY_LENGTH;
- }
-
- if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA))
- {
- BIO_printf(bio_err,"private key length is too short,\n");
- BIO_printf(bio_err,"it needs to be at least %d bits, not %ld\n",MIN_KEY_LENGTH,newkey);
- goto end;
- }
- BIO_printf(bio_err,"Generating a %ld bit %s private key\n",
- newkey,(pkey_type == TYPE_RSA)?"RSA":
- (pkey_type == TYPE_DSA)?"DSA":"EC");
-
- if ((pkey=EVP_PKEY_new()) == NULL) goto end;
-
-#ifndef OPENSSL_NO_RSA
- BN_GENCB_set(&cb, req_cb, bio_err);
- if (pkey_type == TYPE_RSA)
- {
- RSA *rsa = RSA_new();
- BIGNUM *bn = BN_new();
- if(!bn || !rsa || !BN_set_word(bn, 0x10001) ||
- !RSA_generate_key_ex(rsa, newkey, bn, &cb) ||
- !EVP_PKEY_assign_RSA(pkey, rsa))
- {
- if(bn) BN_free(bn);
- if(rsa) RSA_free(rsa);
- goto end;
- }
- BN_free(bn);
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey_type == TYPE_DSA)
- {
- if (!DSA_generate_key(dsa_params)) goto end;
- if (!EVP_PKEY_assign_DSA(pkey,dsa_params)) goto end;
- dsa_params=NULL;
- }
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey_type == TYPE_EC)
- {
- if (!EC_KEY_generate_key(ec_params)) goto end;
- if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params))
- goto end;
- ec_params = NULL;
- }
-#endif
-
- app_RAND_write_file(randfile, bio_err);
-
- if (pkey == NULL) goto end;
-
- if (keyout == NULL)
- {
- keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
- if (keyout == NULL)
- ERR_clear_error();
- }
-
- if (keyout == NULL)
- {
- BIO_printf(bio_err,"writing new private key to stdout\n");
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- BIO_printf(bio_err,"writing new private key to '%s'\n",keyout);
- if (BIO_write_filename(out,keyout) <= 0)
- {
- perror(keyout);
- goto end;
- }
- }
-
- p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
- if (p == NULL)
- {
- ERR_clear_error();
- p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
- if (p == NULL)
- ERR_clear_error();
- }
- if ((p != NULL) && (strcmp(p,"no") == 0))
- cipher=NULL;
- if (nodes) cipher=NULL;
-
- i=0;
-loop:
- if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
- NULL,0,NULL,passout))
- {
- if ((ERR_GET_REASON(ERR_peek_error()) ==
- PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
- {
- ERR_clear_error();
- i++;
- goto loop;
- }
- goto end;
- }
- BIO_printf(bio_err,"-----\n");
- }
-
- if (!newreq)
- {
- /* Since we are using a pre-existing certificate
- * request, the kludge 'format' info should not be
- * changed. */
- kludge= -1;
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
-
- if (informat == FORMAT_ASN1)
- req=d2i_X509_REQ_bio(in,NULL);
- else if (informat == FORMAT_PEM)
- req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
- else
- {
- BIO_printf(bio_err,"bad input format specified for X509 request\n");
- goto end;
- }
- if (req == NULL)
- {
- BIO_printf(bio_err,"unable to load X509 request\n");
- goto end;
- }
- }
-
- if (newreq || x509)
- {
- if (pkey == NULL)
- {
- BIO_printf(bio_err,"you need to specify a private key\n");
- goto end;
- }
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- digest=EVP_ecdsa();
-#endif
- if (req == NULL)
- {
- req=X509_REQ_new();
- if (req == NULL)
- {
- goto end;
- }
-
- i=make_REQ(req,pkey,subj,multirdn,!x509, chtype);
- subj=NULL; /* done processing '-subj' option */
- if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
- {
- sk_X509_ATTRIBUTE_free(req->req_info->attributes);
- req->req_info->attributes = NULL;
- }
- if (!i)
- {
- BIO_printf(bio_err,"problems making Certificate Request\n");
- goto end;
- }
- }
- if (x509)
- {
- EVP_PKEY *tmppkey;
- X509V3_CTX ext_ctx;
- if ((x509ss=X509_new()) == NULL) goto end;
-
- /* Set version to V3 */
- if(extensions && !X509_set_version(x509ss, 2)) goto end;
- if (serial)
- {
- if (!X509_set_serialNumber(x509ss, serial)) goto end;
- }
- else
- {
- if (!rand_serial(NULL,
- X509_get_serialNumber(x509ss)))
- goto end;
- }
-
- if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
- if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
- if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end;
- if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
- tmppkey = X509_REQ_get_pubkey(req);
- if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
- EVP_PKEY_free(tmppkey);
-
- /* Set up V3 context struct */
-
- X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
- X509V3_set_nconf(&ext_ctx, req_conf);
-
- /* Add extensions */
- if(extensions && !X509V3_EXT_add_nconf(req_conf,
- &ext_ctx, extensions, x509ss))
- {
- BIO_printf(bio_err,
- "Error Loading extension section %s\n",
- extensions);
- goto end;
- }
-
- if (!(i=X509_sign(x509ss,pkey,digest)))
- goto end;
- }
- else
- {
- X509V3_CTX ext_ctx;
-
- /* Set up V3 context struct */
-
- X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
- X509V3_set_nconf(&ext_ctx, req_conf);
-
- /* Add extensions */
- if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf,
- &ext_ctx, req_exts, req))
- {
- BIO_printf(bio_err,
- "Error Loading extension section %s\n",
- req_exts);
- goto end;
- }
- if (!(i=X509_REQ_sign(req,pkey,digest)))
- goto end;
- }
- }
-
- if (subj && x509)
- {
- BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
- goto end;
- }
-
- if (subj && !x509)
- {
- if (verbose)
- {
- BIO_printf(bio_err, "Modifying Request's Subject\n");
- print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
- }
-
- if (build_subject(req, subj, chtype, multirdn) == 0)
- {
- BIO_printf(bio_err, "ERROR: cannot modify subject\n");
- ex=1;
- goto end;
- }
-
- req->req_info->enc.modified = 1;
-
- if (verbose)
- {
- print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
- }
- }
-
- if (verify && !x509)
- {
- int tmp=0;
-
- if (pkey == NULL)
- {
- pkey=X509_REQ_get_pubkey(req);
- tmp=1;
- if (pkey == NULL) goto end;
- }
-
- i=X509_REQ_verify(req,pkey);
- if (tmp) {
- EVP_PKEY_free(pkey);
- pkey=NULL;
- }
-
- if (i < 0)
- {
- goto end;
- }
- else if (i == 0)
- {
- BIO_printf(bio_err,"verify failure\n");
- ERR_print_errors(bio_err);
- }
- else /* if (i > 0) */
- BIO_printf(bio_err,"verify OK\n");
- }
-
- if (noout && !text && !modulus && !subject && !pubkey)
- {
- ex=0;
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
- i=(int)BIO_append_filename(out,outfile);
- else
- i=(int)BIO_write_filename(out,outfile);
- if (!i)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (pubkey)
- {
- EVP_PKEY *tpubkey;
- tpubkey=X509_REQ_get_pubkey(req);
- if (tpubkey == NULL)
- {
- BIO_printf(bio_err,"Error getting public key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- PEM_write_bio_PUBKEY(out, tpubkey);
- EVP_PKEY_free(tpubkey);
- }
-
- if (text)
- {
- if (x509)
- X509_print_ex(out, x509ss, nmflag, reqflag);
- else
- X509_REQ_print_ex(out, req, nmflag, reqflag);
- }
-
- if(subject)
- {
- if(x509)
- print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
- else
- print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
- }
-
- if (modulus)
- {
- EVP_PKEY *tpubkey;
-
- if (x509)
- tpubkey=X509_get_pubkey(x509ss);
- else
- tpubkey=X509_REQ_get_pubkey(req);
- if (tpubkey == NULL)
- {
- fprintf(stdout,"Modulus=unavailable\n");
- goto end;
- }
- fprintf(stdout,"Modulus=");
-#ifndef OPENSSL_NO_RSA
- if (tpubkey->type == EVP_PKEY_RSA)
- BN_print(out,tpubkey->pkey.rsa->n);
- else
-#endif
- fprintf(stdout,"Wrong Algorithm type");
- EVP_PKEY_free(tpubkey);
- fprintf(stdout,"\n");
- }
-
- if (!noout && !x509)
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_X509_REQ_bio(out,req);
- else if (outformat == FORMAT_PEM) {
- if(newhdr) i=PEM_write_bio_X509_REQ_NEW(out,req);
- else i=PEM_write_bio_X509_REQ(out,req);
- } else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write X509 request\n");
- goto end;
- }
- }
- if (!noout && x509 && (x509ss != NULL))
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_X509_bio(out,x509ss);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_X509(out,x509ss);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write X509 certificate\n");
- goto end;
- }
- }
- ex=0;
-end:
-#ifndef MONOLITH
- if(to_free)
- OPENSSL_free(to_free);
-#endif
- if (ex)
- {
- ERR_print_errors(bio_err);
- }
- if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
- BIO_free(in);
- BIO_free_all(out);
- EVP_PKEY_free(pkey);
- X509_REQ_free(req);
- X509_free(x509ss);
- ASN1_INTEGER_free(serial);
- if(passargin && passin) OPENSSL_free(passin);
- if(passargout && passout) OPENSSL_free(passout);
- OBJ_cleanup();
-#ifndef OPENSSL_NO_DSA
- if (dsa_params != NULL) DSA_free(dsa_params);
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (ec_params != NULL) EC_KEY_free(ec_params);
-#endif
- apps_shutdown();
- OPENSSL_EXIT(ex);
- }
-
-static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
- int attribs, unsigned long chtype)
- {
- int ret=0,i;
- char no_prompt = 0;
- STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
- char *tmp, *dn_sect,*attr_sect;
-
- tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
- if (tmp == NULL)
- ERR_clear_error();
- if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
-
- dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
- if (dn_sect == NULL)
- {
- BIO_printf(bio_err,"unable to find '%s' in config\n",
- DISTINGUISHED_NAME);
- goto err;
- }
- dn_sk=NCONF_get_section(req_conf,dn_sect);
- if (dn_sk == NULL)
- {
- BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
- goto err;
- }
-
- attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
- if (attr_sect == NULL)
- {
- ERR_clear_error();
- attr_sk=NULL;
- }
- else
- {
- attr_sk=NCONF_get_section(req_conf,attr_sect);
- if (attr_sk == NULL)
- {
- BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
- goto err;
- }
- }
-
- /* setup version number */
- if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
-
- if (no_prompt)
- i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
- else
- {
- if (subj)
- i = build_subject(req, subj, chtype, multirdn);
- else
- i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
- }
- if(!i) goto err;
-
- if (!X509_REQ_set_pubkey(req,pkey)) goto err;
-
- ret=1;
-err:
- return(ret);
- }
-
-/*
- * subject is expected to be in the format /type0=value0/type1=value1/type2=...
- * where characters may be escaped by \
- */
-static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, int multirdn)
- {
- X509_NAME *n;
-
- if (!(n = parse_name(subject, chtype, multirdn)))
- return 0;
-
- if (!X509_REQ_set_subject_name(req, n))
- {
- X509_NAME_free(n);
- return 0;
- }
- X509_NAME_free(n);
- return 1;
-}
-
-
-static int prompt_info(X509_REQ *req,
- STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
- STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
- unsigned long chtype)
- {
- int i;
- char *p,*q;
- char buf[100];
- int nid, mval;
- long n_min,n_max;
- char *type, *value;
- const char *def;
- CONF_VALUE *v;
- X509_NAME *subj;
- subj = X509_REQ_get_subject_name(req);
-
- if(!batch)
- {
- BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
- BIO_printf(bio_err,"into your certificate request.\n");
- BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
- BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
- BIO_printf(bio_err,"For some fields there will be a default value,\n");
- BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
- BIO_printf(bio_err,"-----\n");
- }
-
-
- if (sk_CONF_VALUE_num(dn_sk))
- {
- i= -1;
-start: for (;;)
- {
- i++;
- if (sk_CONF_VALUE_num(dn_sk) <= i) break;
-
- v=sk_CONF_VALUE_value(dn_sk,i);
- p=q=NULL;
- type=v->name;
- if(!check_end(type,"_min") || !check_end(type,"_max") ||
- !check_end(type,"_default") ||
- !check_end(type,"_value")) continue;
- /* Skip past any leading X. X: X, etc to allow for
- * multiple instances
- */
- for(p = v->name; *p ; p++)
- if ((*p == ':') || (*p == ',') ||
- (*p == '.')) {
- p++;
- if(*p) type = p;
- break;
- }
- if (*type == '+')
- {
- mval = -1;
- type++;
- }
- else
- mval = 0;
- /* If OBJ not recognised ignore it */
- if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
- if (BIO_snprintf(buf,sizeof buf,"%s_default",v->name)
- >= (int)sizeof(buf))
- {
- BIO_printf(bio_err,"Name '%s' too long\n",v->name);
- return 0;
- }
-
- if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
- {
- ERR_clear_error();
- def="";
- }
-
- BIO_snprintf(buf,sizeof buf,"%s_value",v->name);
- if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
- {
- ERR_clear_error();
- value=NULL;
- }
-
- BIO_snprintf(buf,sizeof buf,"%s_min",v->name);
- if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
- {
- ERR_clear_error();
- n_min = -1;
- }
-
- BIO_snprintf(buf,sizeof buf,"%s_max",v->name);
- if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
- {
- ERR_clear_error();
- n_max = -1;
- }
-
- if (!add_DN_object(subj,v->value,def,value,nid,
- n_min,n_max, chtype, mval))
- return 0;
- }
- if (X509_NAME_entry_count(subj) == 0)
- {
- BIO_printf(bio_err,"error, no objects specified in config file\n");
- return 0;
- }
-
- if (attribs)
- {
- if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
- {
- BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
- BIO_printf(bio_err,"to be sent with your certificate request\n");
- }
-
- i= -1;
-start2: for (;;)
- {
- i++;
- if ((attr_sk == NULL) ||
- (sk_CONF_VALUE_num(attr_sk) <= i))
- break;
-
- v=sk_CONF_VALUE_value(attr_sk,i);
- type=v->name;
- if ((nid=OBJ_txt2nid(type)) == NID_undef)
- goto start2;
-
- if (BIO_snprintf(buf,sizeof buf,"%s_default",type)
- >= (int)sizeof(buf))
- {
- BIO_printf(bio_err,"Name '%s' too long\n",v->name);
- return 0;
- }
-
- if ((def=NCONF_get_string(req_conf,attr_sect,buf))
- == NULL)
- {
- ERR_clear_error();
- def="";
- }
-
-
- BIO_snprintf(buf,sizeof buf,"%s_value",type);
- if ((value=NCONF_get_string(req_conf,attr_sect,buf))
- == NULL)
- {
- ERR_clear_error();
- value=NULL;
- }
-
- BIO_snprintf(buf,sizeof buf,"%s_min",type);
- if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
- n_min = -1;
-
- BIO_snprintf(buf,sizeof buf,"%s_max",type);
- if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
- n_max = -1;
-
- if (!add_attribute_object(req,
- v->value,def,value,nid,n_min,n_max, chtype))
- return 0;
- }
- }
- }
- else
- {
- BIO_printf(bio_err,"No template, please set one up.\n");
- return 0;
- }
-
- return 1;
-
- }
-
-static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
- STACK_OF(CONF_VALUE) *attr_sk, int attribs, unsigned long chtype)
- {
- int i;
- char *p,*q;
- char *type;
- CONF_VALUE *v;
- X509_NAME *subj;
-
- subj = X509_REQ_get_subject_name(req);
-
- for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
- {
- int mval;
- v=sk_CONF_VALUE_value(dn_sk,i);
- p=q=NULL;
- type=v->name;
- /* Skip past any leading X. X: X, etc to allow for
- * multiple instances
- */
- for(p = v->name; *p ; p++)
-#ifndef CHARSET_EBCDIC
- if ((*p == ':') || (*p == ',') || (*p == '.')) {
-#else
- if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) {
-#endif
- p++;
- if(*p) type = p;
- break;
- }
-#ifndef CHARSET_EBCDIC
- if (*p == '+')
-#else
- if (*p == os_toascii['+'])
-#endif
- {
- p++;
- mval = -1;
- }
- else
- mval = 0;
- if (!X509_NAME_add_entry_by_txt(subj,type, chtype,
- (unsigned char *) v->value,-1,-1,mval)) return 0;
-
- }
-
- if (!X509_NAME_entry_count(subj))
- {
- BIO_printf(bio_err,"error, no objects specified in config file\n");
- return 0;
- }
- if (attribs)
- {
- for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
- {
- v=sk_CONF_VALUE_value(attr_sk,i);
- if(!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
- (unsigned char *)v->value, -1)) return 0;
- }
- }
- return 1;
- }
-
-
-static int add_DN_object(X509_NAME *n, char *text, const char *def, char *value,
- int nid, int n_min, int n_max, unsigned long chtype, int mval)
- {
- int i,ret=0;
- MS_STATIC char buf[1024];
-start:
- if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
- (void)BIO_flush(bio_err);
- if(value != NULL)
- {
- BUF_strlcpy(buf,value,sizeof buf);
- BUF_strlcat(buf,"\n",sizeof buf);
- BIO_printf(bio_err,"%s\n",value);
- }
- else
- {
- buf[0]='\0';
- if (!batch)
- {
- fgets(buf,sizeof buf,stdin);
- }
- else
- {
- buf[0] = '\n';
- buf[1] = '\0';
- }
- }
-
- if (buf[0] == '\0') return(0);
- else if (buf[0] == '\n')
- {
- if ((def == NULL) || (def[0] == '\0'))
- return(1);
- BUF_strlcpy(buf,def,sizeof buf);
- BUF_strlcat(buf,"\n",sizeof buf);
- }
- else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
-
- i=strlen(buf);
- if (buf[i-1] != '\n')
- {
- BIO_printf(bio_err,"weird input :-(\n");
- return(0);
- }
- buf[--i]='\0';
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(buf, buf, i);
-#endif
- if(!req_check_len(i, n_min, n_max)) goto start;
- if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
- (unsigned char *) buf, -1,-1,mval)) goto err;
- ret=1;
-err:
- return(ret);
- }
-
-static int add_attribute_object(X509_REQ *req, char *text, const char *def,
- char *value, int nid, int n_min,
- int n_max, unsigned long chtype)
- {
- int i;
- static char buf[1024];
-
-start:
- if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
- (void)BIO_flush(bio_err);
- if (value != NULL)
- {
- BUF_strlcpy(buf,value,sizeof buf);
- BUF_strlcat(buf,"\n",sizeof buf);
- BIO_printf(bio_err,"%s\n",value);
- }
- else
- {
- buf[0]='\0';
- if (!batch)
- {
- fgets(buf,sizeof buf,stdin);
- }
- else
- {
- buf[0] = '\n';
- buf[1] = '\0';
- }
- }
-
- if (buf[0] == '\0') return(0);
- else if (buf[0] == '\n')
- {
- if ((def == NULL) || (def[0] == '\0'))
- return(1);
- BUF_strlcpy(buf,def,sizeof buf);
- BUF_strlcat(buf,"\n",sizeof buf);
- }
- else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
-
- i=strlen(buf);
- if (buf[i-1] != '\n')
- {
- BIO_printf(bio_err,"weird input :-(\n");
- return(0);
- }
- buf[--i]='\0';
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(buf, buf, i);
-#endif
- if(!req_check_len(i, n_min, n_max)) goto start;
-
- if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
- (unsigned char *)buf, -1)) {
- BIO_printf(bio_err, "Error adding attribute\n");
- ERR_print_errors(bio_err);
- goto err;
- }
-
- return(1);
-err:
- return(0);
- }
-
-#ifndef OPENSSL_NO_RSA
-static int MS_CALLBACK req_cb(int p, int n, BN_GENCB *cb)
- {
- char c='*';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- BIO_write(cb->arg,&c,1);
- (void)BIO_flush(cb->arg);
-#ifdef LINT
- p=n;
-#endif
- return 1;
- }
-#endif
-
-static int req_check_len(int len, int n_min, int n_max)
- {
- if ((n_min > 0) && (len < n_min))
- {
- BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
- return(0);
- }
- if ((n_max >= 0) && (len > n_max))
- {
- BIO_printf(bio_err,"string is too long, it needs to be less than %d bytes long\n",n_max);
- return(0);
- }
- return(1);
- }
-
-/* Check if the end of a string matches 'end' */
-static int check_end(const char *str, const char *end)
-{
- int elen, slen;
- const char *tmp;
- elen = strlen(end);
- slen = strlen(str);
- if(elen > slen) return 1;
- tmp = str + slen - elen;
- return strcmp(tmp, end);
-}
diff --git a/crypto/openssl/apps/req.pem b/crypto/openssl/apps/req.pem
deleted file mode 100644
index 5537df6..0000000
--- a/crypto/openssl/apps/req.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBlzCCAVcCAQAwXjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEXMBUGA1UEAxMORXJp
-YyB0aGUgWW91bmcwge8wgaYGBSsOAwIMMIGcAkEA+ZiKEvZmc9MtnaFZh4NiZ3oZ
-S4J1PHvPrm9MXj5ntVheDPkdmBDTncyaGAJcMjwsyB/GvLDGd6yGCw/8eF+09wIV
-AK3VagOxGd/Q4Af5NbxR5FB7CXEjAkA2t/q7HgVLi0KeKvcDG8BRl3wuy7bCvpjg
-tWiJc/tpvcuzeuAayH89UofjAGueKjXDADiRffvSdhrNw5dkqdqlA0QAAkEAtUSo
-84OekjitKGVjxLu0HvXck29pu+foad53vPKXAsuJdACj88BPqZ91Y9PIJf1GUh38
-CuiHWi7z3cEDfZCyCKAAMAkGBSsOAwIbBQADLwAwLAIUTg8amKVBE9oqC5B75dDQ
-Chy3LdQCFHKodGEj3LjuTzdm/RTe2KZL9Uzf
------END CERTIFICATE REQUEST-----
diff --git a/crypto/openssl/apps/rsa.c b/crypto/openssl/apps/rsa.c
deleted file mode 100644
index cf09a19..0000000
--- a/crypto/openssl/apps/rsa.c
+++ /dev/null
@@ -1,397 +0,0 @@
-/* apps/rsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_RSA
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/bn.h>
-
-#undef PROG
-#define PROG rsa_main
-
-/* -inform arg - input format - default PEM (one of DER, NET or PEM)
- * -outform arg - output format - default PEM
- * -in arg - input file - default stdin
- * -out arg - output file - default stdout
- * -des - encrypt output if PEM format with DES in cbc mode
- * -des3 - encrypt output if PEM format
- * -idea - encrypt output if PEM format
- * -aes128 - encrypt output if PEM format
- * -aes192 - encrypt output if PEM format
- * -aes256 - encrypt output if PEM format
- * -camellia128 - encrypt output if PEM format
- * -camellia192 - encrypt output if PEM format
- * -camellia256 - encrypt output if PEM format
- * -text - print a text version
- * -modulus - print the RSA key modulus
- * -check - verify key consistency
- * -pubin - Expect a public key in input file.
- * -pubout - Output a public key.
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- int ret=1;
- RSA *rsa=NULL;
- int i,badops=0, sgckey=0;
- const EVP_CIPHER *enc=NULL;
- BIO *out=NULL;
- int informat,outformat,text=0,check=0,noout=0;
- int pubin = 0, pubout = 0;
- char *infile,*outfile,*prog;
- char *passargin = NULL, *passargout = NULL;
- char *passin = NULL, *passout = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
- int modulus=0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- infile=NULL;
- outfile=NULL;
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-passout") == 0)
- {
- if (--argc < 1) goto bad;
- passargout= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-sgckey") == 0)
- sgckey=1;
- else if (strcmp(*argv,"-pubin") == 0)
- pubin=1;
- else if (strcmp(*argv,"-pubout") == 0)
- pubout=1;
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-text") == 0)
- text=1;
- else if (strcmp(*argv,"-modulus") == 0)
- modulus=1;
- else if (strcmp(*argv,"-check") == 0)
- check=1;
- else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -sgckey Use IIS SGC key format\n");
- BIO_printf(bio_err," -passin arg input file pass phrase source\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -passout arg output file pass phrase source\n");
- BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
- BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
- BIO_printf(bio_err," encrypt PEM output with cbc camellia\n");
-#endif
- BIO_printf(bio_err," -text print the key in text\n");
- BIO_printf(bio_err," -noout don't print key out\n");
- BIO_printf(bio_err," -modulus print the RSA key modulus\n");
- BIO_printf(bio_err," -check verify key consistency\n");
- BIO_printf(bio_err," -pubin expect a public key in input file\n");
- BIO_printf(bio_err," -pubout output a public key\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- goto end;
- }
-
- ERR_load_crypto_strings();
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
- BIO_printf(bio_err, "Error getting passwords\n");
- goto end;
- }
-
- if(check && pubin) {
- BIO_printf(bio_err, "Only private keys can be checked\n");
- goto end;
- }
-
- out=BIO_new(BIO_s_file());
-
- {
- EVP_PKEY *pkey;
-
- if (pubin)
- pkey = load_pubkey(bio_err, infile,
- (informat == FORMAT_NETSCAPE && sgckey ?
- FORMAT_IISSGC : informat), 1,
- passin, e, "Public Key");
- else
- pkey = load_key(bio_err, infile,
- (informat == FORMAT_NETSCAPE && sgckey ?
- FORMAT_IISSGC : informat), 1,
- passin, e, "Private Key");
-
- if (pkey != NULL)
- rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);
- EVP_PKEY_free(pkey);
- }
-
- if (rsa == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
-
- if (text)
- if (!RSA_print(out,rsa,0))
- {
- perror(outfile);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (modulus)
- {
- BIO_printf(out,"Modulus=");
- BN_print(out,rsa->n);
- BIO_printf(out,"\n");
- }
-
- if (check)
- {
- int r = RSA_check_key(rsa);
-
- if (r == 1)
- BIO_printf(out,"RSA key ok\n");
- else if (r == 0)
- {
- unsigned long err;
-
- while ((err = ERR_peek_error()) != 0 &&
- ERR_GET_LIB(err) == ERR_LIB_RSA &&
- ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
- ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
- {
- BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
- ERR_get_error(); /* remove e from error stack */
- }
- }
-
- if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (noout)
- {
- ret = 0;
- goto end;
- }
- BIO_printf(bio_err,"writing RSA key\n");
- if (outformat == FORMAT_ASN1) {
- if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);
- else i=i2d_RSAPrivateKey_bio(out,rsa);
- }
-#ifndef OPENSSL_NO_RC4
- else if (outformat == FORMAT_NETSCAPE)
- {
- unsigned char *p,*pp;
- int size;
-
- i=1;
- size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);
- if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL)
- {
- BIO_printf(bio_err,"Memory allocation failure\n");
- goto end;
- }
- pp=p;
- i2d_RSA_NET(rsa,&p,NULL, sgckey);
- BIO_write(out,(char *)pp,size);
- OPENSSL_free(pp);
- }
-#endif
- else if (outformat == FORMAT_PEM) {
- if(pubout || pubin)
- i=PEM_write_bio_RSA_PUBKEY(out,rsa);
- else i=PEM_write_bio_RSAPrivateKey(out,rsa,
- enc,NULL,0,NULL,passout);
- } else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write key\n");
- ERR_print_errors(bio_err);
- }
- else
- ret=0;
-end:
- if(out != NULL) BIO_free_all(out);
- if(rsa != NULL) RSA_free(rsa);
- if(passin) OPENSSL_free(passin);
- if(passout) OPENSSL_free(passout);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-#else /* !OPENSSL_NO_RSA */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/apps/rsa8192.pem b/crypto/openssl/apps/rsa8192.pem
deleted file mode 100644
index 946a6e5..0000000
--- a/crypto/openssl/apps/rsa8192.pem
+++ /dev/null
@@ -1,101 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-
-MIISKAIBAAKCBAEAiQ2f1X6Bte1DKD0OoCBKEikzPW+5w3oXk3WwnE97Wxzy6wJZ
-ebbZC3CZKKBnJeBMrysPf+lK+9+fP6Vm8bp1wvbcSIA59BDrX6irFSuM/bdnkbuF
-MFlDjt+uVrxwoyqfPi2IPot1HQg3l5mdyBqcTWvbOnU2L9HZxJfPUCjfzdTMPrMY
-55/A20XL7tlV2opEfwhy3uVlveQBM0DnZ3MUQfrk+lRRNWv7yE4ScbOfER9fjvOm
-yJc3ZbOa3e+AMGGU9OqJ/fyOl0SGYyP2k23omy/idBV4uOs8QWdnAvq8UOzDdua3
-tuf5Tn17XBurPJ8juwyPBNispkwwn8BjxAZVPhwUIcxFBg339IxJ9cW0WdVy4nNA
-LWo/8Ahlf+kZNnFNGCPFytU9gGMLMhab9w/rLrwa9qNe4L8Fmu1JxONn1WfhMOKE
-aFmycf2olJsYLgUIGYZrjnYu0p/7P3yhTOv8JIhmK+SzmA/I0xiQoF84rpaQzH2d
-PvxICOA9oQSowou0gLuBSZWm6LiXirg1DZCziU46v33ErQlWM1dSyNaUSzihcV59
-mVD0nmzboXH75lGiyiZlp8cLbozzoCwvk9rYqpUGSBzbAy0ECCpabGpzO2Ug+oDi
-71e5z4WMpeoR4IS8MaOG/GsJnwaXhiB/gNYfK+8pRADVk5StEAZDE2alSuCbDs0z
-d9zYr4/em5T9VZsLetxRE7pm/Es9yELuViz8/Tm0/8MVdmNYc/xZU1t6qYYFdyQ2
-wlGDTiNPsjR8yXCkmBjKwqnuleu1X6LaZu3VPhEkXGcyFAquQUkSiMv0Yu74qAe0
-bQ2v+jjZzP6AM9LUo89cW4Kd8SGD96BdNlAVPNMXoBcIOsZBwsOtETBd4KAyvkXE
-Ob17u+PLl4UPnSxm9ypKZunUNFRPxtKUyjySYnvlGL+kTjAXrIrZwKJqIn0uhnfa
-Ck3o7bU6yVMK22ODxy2/Vi3E0P6k5JLwnrF0VIOBqGhts66qo6mWDP8l6MZHARFd
-pU+nofssVmr8tLKmMmjYGMM5GmKIXRNBs0ksTwFnKRs9AmpE5owC8tTSVdTAkGuS
-os7QwLvyvNzq7BGJiVr0Iy3Dhsl1vzR35acNOrCsDl3DcCQONKJ2sVXV4pD3dBah
-mG3sR/jHgjasffJJ35uiGoAua9dbT7HG/+D0z1SHYaVqH8zO4VZSOnGJh/P9rtxx
-cckFDbiag/JMWig2lbnCjebTtp/BcUsK3TNaDOb7vb0LvbAeRJadd1EFu6PSlH3K
-LykSUPm4UedvUU3cWjqkSY5lITFJkVaIYOv/EljYtK7p7kFZFTaEwMAWxgsXU3pQ
-tTzVmq1gZ4vXPwcUq0zK50Frq0F7SQc21ZsunwIDAQABAoIEADuQAkDEpBausJsS
-PgL1RXuzECPJJJCBxTE+2qx0FoY4hJICCWTORHGmU8nGPE3Ht0wBiNDsULw6KXl9
-psmzYW6D3qRbpdQebky6fu/KZ5H0XTyGpJGomaXELH5hkwo2gdKB805LSXB+m7p0
-9o96kSdMkpBLVGtf5iZ8W4rY2LsZmlI9f7taQHSLVt/M8HTz1mTnBRU92QO3zZW6
-xVa+OrWaFl18u3ZeIaSh2X40tBK68cqstXVD0r2OWuXNKobcQeJW8/XABzBShZ0c
-ihL0lzyqiN4uXrLu+Nbr22b+FU2OODy6dGk3U6/69NvI4piMCPlHsfhHOnFjd1ZW
-RIVywyUlCtLNdcn11CchuRro+0J3c2Ba+i9Cl9r3qzT11xFEGF8/XLyUBBCB+uGf
-1dR/xJQhCA7cXWWLXyI/semxcvTaGpImP6kiIl1MAjHjXZTSdvyw4JmfXyYGhSjI
-P0mw3Xn7FXxJ/os9gOfNKz2nZHjr0q4sgWRYO+4vllkeL0GteZrg4oVaVpmZb7LH
-77afhodLylhijlEtV5skfkPujbBLQk6E5Ez3U/huEt2NLg6guADmwxMxfBRliZO4
-4Ex/td4cuggpEj3FGJV74qRvdvj/MF/uF7IxC/3WapPIsFBFH4zrJsUYt6u3L68I
-/KC/bfioDeUR/8ANw1DNh+UsnPV3GJIwDkIJKdppi2uXPahJyJQQ8Inps53nn8Gg
-GifS+HnOXNgMoKOJnZ9IDGjXpfjIs8dJNrGfDHF0mH30N2WARq2v/a3cNUC+f8Bq
-HSKQ9YrZopktMunsut8u7ZYbTmjIqJpXCaM0CCrSlzSMTDHFSj2tzLk6+qnxeGxB
-ZwIdShbdeK+0ETG91lE1e9RPQs/uXQP9+uCHJV0YpqQcA6pkCLYJfYpoSMu/Bafy
-AgfVZz6l5tyEnV0wCcbopsQShc1k9xtTbYNF1h9AQHknj6zeDW4iZMvmVeh3RovT
-52OA2R8oLyauF+QaG6x2wUjEx13SJlaBarJZ4seZIOJ+a8+oNzKsbgokXc2cyC9p
-5FAZz1OsOb68o93qD1Xvl7bY97fq2q55L7G1XHPPLtZE5lGiLGDtnAuwY8UPrdpr
-7Mv2yIxB7xVGurXyHb5PvusR88XED6HMPfLBG/55ENHTal7G5mRix+IWSBAIkxA5
-KZ0j8r5Ng4+wELZhqFQai39799bIAyiV6CEz4kyDXlo0kSSexp8o4iz5sPq5vp6h
-cCb7rdRw7uRnbXrHmXahxoB+ibXaurgV/6B2yurrU/UFoxEp2sHp8LXZGfF6ztY1
-dMhSQAACK2vGy5yNagbkTHLgVaHicG5zavJBqzCE+lbPlCqhOUQPdOIwvjHNjdS/
-DL3WV/ECggIBAMbW65wPk/i43nSyeZeYwcHtR1SUJqDXavYfBPC0VRhKz+7DVMFw
-Nwnocn6gITABc445W1yl7U3uww+LGuDlSlFnd8WuiXpVYud9/jeNu6Mu4wvNsnWr
-f4f4ua8CcS03GmqmcbROD2Z6by1AblCZ2UL1kv9cUX1FLVjPP1ESAGKoePt3BmZQ
-J1uJfK8HilNT8dcUlj/5CBi2uHxttDhoG0sxXE/SVsG9OD/Pjme0mj7gdzc6Ztd+
-TALuvpNQR4pRzfo5XWDZBcEYntcEE3PxYJB1+vnZ8509ew5/yLHTbLjFxIcx71zY
-fhH0gM36Sz7mz37r0+E/QkRkc5bVIDC4LDnWmjpAde6QUx0d218ShNx6sJo4kt5c
-Dd7tEVx8nuX8AIZYgwsOb382anLyFRkkmEdK3gRvwQ6SWR36Ez5L7/mHWODpLAX5
-mVBKSG4/ccFbc633/g0xHw0Nwajir/klckdakuYPlwF0yAxJSKDLhmNctDhRmxjC
-YP+fISkl5oTvFRzJH6HEyNu8M3ybRvmpPIjM5J5JpnB2IYbohYBR+T6/97C1DKrd
-mzL5PjlrWm0c1/d7LlDoP65fOShDMmj2zCiBAHHOM0Alokx+v5LmMd8NJumZIwGJ
-Rt5OpeMOhowz6j1AjYxYgV7PmJL6Ovpfb775od/aLaUbbwHz2uWIvfF7AoICAQCw
-c7NaO7oJVLJClhYw6OCvjT6oqtgNVWaennnDiJgzY9lv5HEgV0MAG0eYuB3hvj+w
-Y1P9DJxP1D+R+cshYrAFg8yU/3kaYVNI0Bl3ygX0eW1b/0HZTdocs+8kM/9PZQDR
-WrKQoU5lHvqRt99dXlD4NWGI2YQtzdZ8iet9QLqnjwRZabgE96mF01qKisMnFcsh
-KjT7ieheU4J15TZj/mdZRNK126d7e3q/rNj73e5EJ9tkYLcolSr4gpknUMJULSEi
-JH1/Qx7C/mTAMRsN5SkOthnGq0djCNWfPv/3JV0H67Uf5krFlnwLebrgfTYoPPdo
-yO7iBUNJzv6Qh22malLp4P8gzACkD7DGlSTnoB5cLwcjmDGg+i9WrUBbOiVTeQfZ
-kOj1o+Tz35ndpq/DDUVlqliB9krcxva+QHeJPH53EGI+YVg1nD+s/vUDZ3mQMGX9
-DQou2L8uU6RnWNv/BihGcL8QvS4Ty6QyPOUPpD3zc70JQAEcQk9BxQNaELgJX0IN
-22cYn22tYvElew9G41OpDqzBRcfbdJmKXQ2HcroShutYJQRGUpAXHk24fy6JVkIU
-ojF5U6cwextMja1ZIIZgh9eugIRUeIE7319nQNDzuXWjRCcoBLA25P7wnpHWDRpz
-D9ovXCIvdja74lL5psqobV6L5+fbLPkSgXoImKR0LQKCAgAIC9Jk8kxumCyIVGCP
-PeM5Uby9M3GMuKrfYsn0Y5e97+kSJF1dpojTodBgR2KQar6eVrvXt+8uZCcIjfx8
-dUrYmHNEUJfHl4T1ESgkX1vkcpVFeQFruZDjk7EP3+1sgvpSroGTZkVBRFsTXbQZ
-FuCv0Pgt1TKG+zGmklxhj3TsiRy8MEjWAxBUp++ftZJnZNI4feDGnfEx7tLwVhAg
-6DWSiWDO6hgQpvOLwX5lu+0x9itc1MQsnDO/OqIDnBAJDN5k7cVVkfKlqbVjxgpz
-eqUJs3yAd81f44kDQTCB4ahYocgeIGsrOqd/WoGL1EEPPo/O9wQP7VtlIRt8UwuG
-bS18+a4sBUfAa56xYu/pnPo7YcubsgZfcSIujzFQqMpVTClJRnOnEuJ4J1+PXzRz
-XAO9fs4VJ+CMEmgAyonUz4Xadxulnknlw//sO9VKgM69oFHCDHL/XamAAbqAdwvf
-7R/+uy+Ol7romC0wMhb6SsIZazrvvH2mNtduAKZ638nAP1x/WbQp+6iVG7yJok7w
-82Q7tO7baOePTXh12Rrt4mNPor0HLYxhra4GFgfqkumJ2Mz0esuZAozxJXFOq8ly
-beo9CVtXP5zbT6qNpeNismX6PLICaev8t+1iOZSE56WSLtefuuj/cOVrTMNDz1Rr
-pUkEVV2zjUSjlcScM538A9iL2QKCAgBLbBk0r6T0ihRsK9UucMxhnYEz/Vq+UEu9
-70Vi1AciqEJv9nh4d3Q3HnH7EHANZxG4Jqzm1DYYVUQa9GfkTFeq88xFv/GW2hUM
-YY8RSfRDrIeXNEOETCe37x2AHw25dRXlZtw+wARPau91y9+Y/FCl18NqCHfcUEin
-ERjsf/eI2bPlODAlR2tZvZ7M60VBdqpN8cmV3zvI3e88z43xLfQlDyr1+v7a5Evy
-lEJnXlSTI2o+vKxtl103vjMSwA1gh63K90gBVsJWXQDZueOzi8mB9UqNRfcMmOEe
-4YHttTXPxeu0x+4cCRfam9zKShsVFgI28vRQ/ijl6qmbQ5gV8wqf18GV1j1L4z0P
-lP6iVynDA4MMrug/w9DqPsHsfK0pwekeETfSj4y0xVXyjWZBfHG2ZBrS6mDTf+RG
-LC4sJgR0hjdILLnUqIX7PzuhieBHRrjBcopwvcryVWRHnI7kslAS0+yHjiWc5oW3
-x5mtlum4HzelNYuD9cAE/95P6CeSMfp9CyIE/KSX4VvsRm6gQVkoQRKMxnQIFQ3w
-O5gl1l88vhjoo2HxYScgCp70BsDwiUNTqIR3NM+ZBHYFweVf3Gwz5LzHZT2rEZtD
-6VXRP75Q/2wOLnqCO4bK4BUs6sqxcQZmOldruPkPynrY0oPfHHExjxZDvQu4/r80
-Ls3n0L8yvQKCAgEAnYWS6EikwaQNpJEfiUnOlglgFz4EE1eVkrDbBY4J3oPU+doz
-DrqmsvgpSZIAfd2MUbkN4pOMsMTjbeIYWDnZDa1RoctKs3FhwFPHwAjQpznab4mn
-Bp81FMHM40qyb0NaNuFRwghdXvoQvBBX1p8oEnFzDRvTiuS/vTPTA8KDY8IeRp8R
-oGzKHpfziNwq/URpqj7pwi9odNjGZvR2IwYw9jCLPIqaEbMoSOdI0mg4MoYyqP4q
-nm7d4wqSDwrYxiXZ6f3nYpkhEY1lb0Wbksp1ig8sKSF4nDZRGK1RSfE+6gjBp94H
-X/Wog6Zb6NC9ZpusTiDLvuIUXcyUJvmHiWjSNqiTv8jurlwEsgSwhziEQfqLrtdV
-QI3PRMolBkD1iCk+HFE53r05LMf1bp3r4MS+naaQrLbIrl1kgDNGwVdgS+SCM7Bg
-TwEgE67iOb2iIoUpon/NyP4LesMzvdpsu2JFlfz13PmmQ34mFI7tWvOb3NA5DP3c
-46C6SaWI0TD9B11nJbHGTYN3Si9n0EBgoDJEXUKeh3km9O47dgvkSug4WzhYsvrE
-rMlMLtKfp2w8HlMZpsUlToNCx6CI+tJrohzcs3BAVAbjFAXRKWGijB1rxwyDdHPv
-I+/wJTNaRNPQ1M0SwtEL/zJd21y3KSPn4eL+GP3efhlDSjtlDvZqkdAUsU8=
------END RSA PRIVATE KEY-----
-
diff --git a/crypto/openssl/apps/rsautl.c b/crypto/openssl/apps/rsautl.c
deleted file mode 100644
index 4638909..0000000
--- a/crypto/openssl/apps/rsautl.c
+++ /dev/null
@@ -1,333 +0,0 @@
-/* rsautl.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-#ifndef OPENSSL_NO_RSA
-
-#include "apps.h"
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/rsa.h>
-
-#define RSA_SIGN 1
-#define RSA_VERIFY 2
-#define RSA_ENCRYPT 3
-#define RSA_DECRYPT 4
-
-#define KEY_PRIVKEY 1
-#define KEY_PUBKEY 2
-#define KEY_CERT 3
-
-static void usage(void);
-
-#undef PROG
-
-#define PROG rsautl_main
-
-int MAIN(int argc, char **);
-
-int MAIN(int argc, char **argv)
-{
- ENGINE *e = NULL;
- BIO *in = NULL, *out = NULL;
- char *infile = NULL, *outfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine = NULL;
-#endif
- char *keyfile = NULL;
- char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
- int keyform = FORMAT_PEM;
- char need_priv = 0, badarg = 0, rev = 0;
- char hexdump = 0, asn1parse = 0;
- X509 *x;
- EVP_PKEY *pkey = NULL;
- RSA *rsa = NULL;
- unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
- char *passargin = NULL, *passin = NULL;
- int rsa_inlen, rsa_outlen = 0;
- int keysize;
-
- int ret = 1;
-
- argc--;
- argv++;
-
- if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
- ERR_load_crypto_strings();
- OpenSSL_add_all_algorithms();
- pad = RSA_PKCS1_PADDING;
-
- while(argc >= 1)
- {
- if (!strcmp(*argv,"-in")) {
- if (--argc < 1) badarg = 1;
- infile= *(++argv);
- } else if (!strcmp(*argv,"-out")) {
- if (--argc < 1) badarg = 1;
- outfile= *(++argv);
- } else if(!strcmp(*argv, "-inkey")) {
- if (--argc < 1) badarg = 1;
- keyfile = *(++argv);
- } else if (!strcmp(*argv,"-passin")) {
- if (--argc < 1) badarg = 1;
- passargin= *(++argv);
- } else if (strcmp(*argv,"-keyform") == 0) {
- if (--argc < 1) badarg = 1;
- keyform=str2fmt(*(++argv));
-#ifndef OPENSSL_NO_ENGINE
- } else if(!strcmp(*argv, "-engine")) {
- if (--argc < 1) badarg = 1;
- engine = *(++argv);
-#endif
- } else if(!strcmp(*argv, "-pubin")) {
- key_type = KEY_PUBKEY;
- } else if(!strcmp(*argv, "-certin")) {
- key_type = KEY_CERT;
- }
- else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;
- else if(!strcmp(*argv, "-hexdump")) hexdump = 1;
- else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;
- else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
- else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
- else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
- else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
- else if(!strcmp(*argv, "-sign")) {
- rsa_mode = RSA_SIGN;
- need_priv = 1;
- } else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;
- else if(!strcmp(*argv, "-rev")) rev = 1;
- else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;
- else if(!strcmp(*argv, "-decrypt")) {
- rsa_mode = RSA_DECRYPT;
- need_priv = 1;
- } else badarg = 1;
- if(badarg) {
- usage();
- goto end;
- }
- argc--;
- argv++;
- }
-
- if(need_priv && (key_type != KEY_PRIVKEY)) {
- BIO_printf(bio_err, "A private key is needed for this operation\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
- if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
-/* FIXME: seed PRNG only if needed */
- app_RAND_load_file(NULL, bio_err, 0);
-
- switch(key_type) {
- case KEY_PRIVKEY:
- pkey = load_key(bio_err, keyfile, keyform, 0,
- passin, e, "Private Key");
- break;
-
- case KEY_PUBKEY:
- pkey = load_pubkey(bio_err, keyfile, keyform, 0,
- NULL, e, "Public Key");
- break;
-
- case KEY_CERT:
- x = load_cert(bio_err, keyfile, keyform,
- NULL, e, "Certificate");
- if(x) {
- pkey = X509_get_pubkey(x);
- X509_free(x);
- }
- break;
- }
-
- if(!pkey) {
- return 1;
- }
-
- rsa = EVP_PKEY_get1_RSA(pkey);
- EVP_PKEY_free(pkey);
-
- if(!rsa) {
- BIO_printf(bio_err, "Error getting RSA key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
-
- if(infile) {
- if(!(in = BIO_new_file(infile, "rb"))) {
- BIO_printf(bio_err, "Error Reading Input File\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- } else in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
- if(outfile) {
- if(!(out = BIO_new_file(outfile, "wb"))) {
- BIO_printf(bio_err, "Error Reading Output File\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- } else {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
-
- keysize = RSA_size(rsa);
-
- rsa_in = OPENSSL_malloc(keysize * 2);
- rsa_out = OPENSSL_malloc(keysize);
-
- /* Read the input data */
- rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
- if(rsa_inlen <= 0) {
- BIO_printf(bio_err, "Error reading input Data\n");
- exit(1);
- }
- if(rev) {
- int i;
- unsigned char ctmp;
- for(i = 0; i < rsa_inlen/2; i++) {
- ctmp = rsa_in[i];
- rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
- rsa_in[rsa_inlen - 1 - i] = ctmp;
- }
- }
- switch(rsa_mode) {
-
- case RSA_VERIFY:
- rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
- break;
-
- case RSA_SIGN:
- rsa_outlen = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
- break;
-
- case RSA_ENCRYPT:
- rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
- break;
-
- case RSA_DECRYPT:
- rsa_outlen = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
- break;
-
- }
-
- if(rsa_outlen <= 0) {
- BIO_printf(bio_err, "RSA operation error\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- ret = 0;
- if(asn1parse) {
- if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
- ERR_print_errors(bio_err);
- }
- } else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
- else BIO_write(out, rsa_out, rsa_outlen);
- end:
- RSA_free(rsa);
- BIO_free(in);
- BIO_free_all(out);
- if(rsa_in) OPENSSL_free(rsa_in);
- if(rsa_out) OPENSSL_free(rsa_out);
- if(passin) OPENSSL_free(passin);
- return ret;
-}
-
-static void usage()
-{
- BIO_printf(bio_err, "Usage: rsautl [options]\n");
- BIO_printf(bio_err, "-in file input file\n");
- BIO_printf(bio_err, "-out file output file\n");
- BIO_printf(bio_err, "-inkey file input key\n");
- BIO_printf(bio_err, "-keyform arg private key format - default PEM\n");
- BIO_printf(bio_err, "-pubin input is an RSA public\n");
- BIO_printf(bio_err, "-certin input is a certificate carrying an RSA public key\n");
- BIO_printf(bio_err, "-ssl use SSL v2 padding\n");
- BIO_printf(bio_err, "-raw use no padding\n");
- BIO_printf(bio_err, "-pkcs use PKCS#1 v1.5 padding (default)\n");
- BIO_printf(bio_err, "-oaep use PKCS#1 OAEP\n");
- BIO_printf(bio_err, "-sign sign with private key\n");
- BIO_printf(bio_err, "-verify verify with public key\n");
- BIO_printf(bio_err, "-encrypt encrypt with public key\n");
- BIO_printf(bio_err, "-decrypt decrypt with private key\n");
- BIO_printf(bio_err, "-hexdump hex dump output\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err, "-engine e use engine e, possibly a hardware device.\n");
- BIO_printf (bio_err, "-passin arg pass phrase source\n");
-#endif
-
-}
-
-#endif
diff --git a/crypto/openssl/apps/s1024key.pem b/crypto/openssl/apps/s1024key.pem
deleted file mode 100644
index 19e0403..0000000
--- a/crypto/openssl/apps/s1024key.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
-S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
-pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
-AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
-dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
-bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
-Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
-zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
-6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
-QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
-dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
-0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
-nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/apps/s1024req.pem b/crypto/openssl/apps/s1024req.pem
deleted file mode 100644
index bb75e7e..0000000
--- a/crypto/openssl/apps/s1024req.pem
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBojCCAQsCAQAwZDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
-GjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSQwIgYDVQQDExtTZXJ2ZXIgdGVz
-dCBjZXJ0ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALMR
-9TwT5kZMa0ddXleG8zYuDfZ9dQiPJ1dvfgEZU9fqg3v5o1VL15ZrK9b/73+9RvRo
-KqKUmukV6yAi1XZPxWGGM4T75dTPjq42lwxTvAcwQBdS58+nO2kWbxkSTa0Uq9p2
-RJKg3yVvXWO69lWRKQ+UHrmkWFJ7hApKnongeuRjAgMBAAEwDQYJKoZIhvcNAQEE
-BQADgYEAStHlk4pBbwiNeQ2/PKTPPXzITYC8Gn0XMbrU94e/6JIKiO7aArq9Espq
-nrBSvC14dHcNl6NNvnkEKdQ7hAkcACfBbnOXA/oQvMBd4GD78cH3k0jVDoVUEjil
-frLfWlckW6WzpTktt0ZPDdAjJCmKVh0ABHimi7Bo9FC3wIGIe5M=
------END CERTIFICATE REQUEST-----
diff --git a/crypto/openssl/apps/s512-key.pem b/crypto/openssl/apps/s512-key.pem
deleted file mode 100644
index 0e3ff2d..0000000
--- a/crypto/openssl/apps/s512-key.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
-TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
-OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
-gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
-rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
-PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
-vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/apps/s512-req.pem b/crypto/openssl/apps/s512-req.pem
deleted file mode 100644
index ea314be..0000000
--- a/crypto/openssl/apps/s512-req.pem
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
-MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0
-IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8S
-MVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8E
-y2//Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAANBAAB+uQi+qwn6qRSHB8EUTvsm
-5TNTHzYDeN39nyIbZNX2s0se3Srn2Bxft5YCwD3moFZ9QoyDHxE0h6qLX5yjD+8=
------END CERTIFICATE REQUEST-----
diff --git a/crypto/openssl/apps/s_apps.h b/crypto/openssl/apps/s_apps.h
deleted file mode 100644
index 886a95a..0000000
--- a/crypto/openssl/apps/s_apps.h
+++ /dev/null
@@ -1,170 +0,0 @@
-/* apps/s_apps.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
-#include <sys/types.h>
-#endif
-#include <openssl/opensslconf.h>
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-#include <conio.h>
-#endif
-
-#ifdef OPENSSL_SYS_MSDOS
-#define _kbhit kbhit
-#endif
-
-#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
-/* VAX C does not defined fd_set and friends, but it's actually quite simple */
-/* These definitions are borrowed from SOCKETSHR. /Richard Levitte */
-#define MAX_NOFILE 32
-#define NBBY 8 /* number of bits in a byte */
-
-#ifndef FD_SETSIZE
-#define FD_SETSIZE MAX_NOFILE
-#endif /* FD_SETSIZE */
-
-/* How many things we'll allow select to use. 0 if unlimited */
-#define MAXSELFD MAX_NOFILE
-typedef int fd_mask; /* int here! VMS prototypes int, not long */
-#define NFDBITS (sizeof(fd_mask) * NBBY) /* bits per mask (power of 2!)*/
-#define NFDSHIFT 5 /* Shift based on above */
-
-typedef fd_mask fd_set;
-#define FD_SET(n, p) (*(p) |= (1 << ((n) % NFDBITS)))
-#define FD_CLR(n, p) (*(p) &= ~(1 << ((n) % NFDBITS)))
-#define FD_ISSET(n, p) (*(p) & (1 << ((n) % NFDBITS)))
-#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p)))
-#endif
-
-#define PORT 4433
-#define PORT_STR "4433"
-#define PROTOCOL "tcp"
-
-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
-#ifdef HEADER_X509_H
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-#endif
-#ifdef HEADER_SSL_H
-int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
-int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
-#endif
-int init_client(int *sock, char *server, int port, int type);
-int should_retry(int i);
-int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
-
-long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
- int argi, long argl, long ret);
-
-#ifdef HEADER_SSL_H
-void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
-void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
-#endif
diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c
deleted file mode 100644
index 9a35d46..0000000
--- a/crypto/openssl/apps/s_cb.c
+++ /dev/null
@@ -1,577 +0,0 @@
-/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#define USE_SOCKETS
-#define NON_MAIN
-#include "apps.h"
-#undef NON_MAIN
-#undef USE_SOCKETS
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include "s_apps.h"
-
-int verify_depth=0;
-int verify_error=X509_V_OK;
-
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
- {
- char buf[256];
- X509 *err_cert;
- int err,depth;
-
- err_cert=X509_STORE_CTX_get_current_cert(ctx);
- err= X509_STORE_CTX_get_error(ctx);
- depth= X509_STORE_CTX_get_error_depth(ctx);
-
- X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
- BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
- if (!ok)
- {
- BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
- X509_verify_cert_error_string(err));
- if (verify_depth >= depth)
- {
- ok=1;
- verify_error=X509_V_OK;
- }
- else
- {
- ok=0;
- verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
- }
- }
- switch (ctx->error)
- {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);
- BIO_printf(bio_err,"issuer= %s\n",buf);
- break;
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- BIO_printf(bio_err,"notBefore=");
- ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
- BIO_printf(bio_err,"\n");
- break;
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- BIO_printf(bio_err,"notAfter=");
- ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
- BIO_printf(bio_err,"\n");
- break;
- }
- BIO_printf(bio_err,"verify return:%d\n",ok);
- return(ok);
- }
-
-int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
- {
- if (cert_file != NULL)
- {
- /*
- SSL *ssl;
- X509 *x509;
- */
-
- if (SSL_CTX_use_certificate_file(ctx,cert_file,
- SSL_FILETYPE_PEM) <= 0)
- {
- BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
- ERR_print_errors(bio_err);
- return(0);
- }
- if (key_file == NULL) key_file=cert_file;
- if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
- SSL_FILETYPE_PEM) <= 0)
- {
- BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
- ERR_print_errors(bio_err);
- return(0);
- }
-
- /*
- In theory this is no longer needed
- ssl=SSL_new(ctx);
- x509=SSL_get_certificate(ssl);
-
- if (x509 != NULL) {
- EVP_PKEY *pktmp;
- pktmp = X509_get_pubkey(x509);
- EVP_PKEY_copy_parameters(pktmp,
- SSL_get_privatekey(ssl));
- EVP_PKEY_free(pktmp);
- }
- SSL_free(ssl);
- */
-
- /* If we are using DSA, we can copy the parameters from
- * the private key */
-
-
- /* Now we know that a key and cert have been set against
- * the SSL context */
- if (!SSL_CTX_check_private_key(ctx))
- {
- BIO_printf(bio_err,"Private key does not match the certificate public key\n");
- return(0);
- }
- }
- return(1);
- }
-
-int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
- {
- if (cert == NULL)
- return 1;
- if (SSL_CTX_use_certificate(ctx,cert) <= 0)
- {
- BIO_printf(bio_err,"error setting certificate\n");
- ERR_print_errors(bio_err);
- return 0;
- }
- if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
- {
- BIO_printf(bio_err,"error setting private key\n");
- ERR_print_errors(bio_err);
- return 0;
- }
-
-
- /* Now we know that a key and cert have been set against
- * the SSL context */
- if (!SSL_CTX_check_private_key(ctx))
- {
- BIO_printf(bio_err,"Private key does not match the certificate public key\n");
- return 0;
- }
- return 1;
- }
-
-long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
- int argi, long argl, long ret)
- {
- BIO *out;
-
- out=(BIO *)BIO_get_callback_arg(bio);
- if (out == NULL) return(ret);
-
- if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
- {
- BIO_printf(out,"read from %p [%p] (%d bytes => %ld (0x%lX))\n",
- (void *)bio,argp,argi,ret,ret);
- BIO_dump(out,argp,(int)ret);
- return(ret);
- }
- else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
- {
- BIO_printf(out,"write to %p [%p] (%d bytes => %ld (0x%lX))\n",
- (void *)bio,argp,argi,ret,ret);
- BIO_dump(out,argp,(int)ret);
- }
- return(ret);
- }
-
-void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
- {
- const char *str;
- int w;
-
- w=where& ~SSL_ST_MASK;
-
- if (w & SSL_ST_CONNECT) str="SSL_connect";
- else if (w & SSL_ST_ACCEPT) str="SSL_accept";
- else str="undefined";
-
- if (where & SSL_CB_LOOP)
- {
- BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
- }
- else if (where & SSL_CB_ALERT)
- {
- str=(where & SSL_CB_READ)?"read":"write";
- BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
- str,
- SSL_alert_type_string_long(ret),
- SSL_alert_desc_string_long(ret));
- }
- else if (where & SSL_CB_EXIT)
- {
- if (ret == 0)
- BIO_printf(bio_err,"%s:failed in %s\n",
- str,SSL_state_string_long(s));
- else if (ret < 0)
- {
- BIO_printf(bio_err,"%s:error in %s\n",
- str,SSL_state_string_long(s));
- }
- }
- }
-
-
-void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
- {
- BIO *bio = arg;
- const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
-
- str_write_p = write_p ? ">>>" : "<<<";
-
- switch (version)
- {
- case SSL2_VERSION:
- str_version = "SSL 2.0";
- break;
- case SSL3_VERSION:
- str_version = "SSL 3.0 ";
- break;
- case TLS1_VERSION:
- str_version = "TLS 1.0 ";
- break;
- default:
- str_version = "???";
- }
-
- if (version == SSL2_VERSION)
- {
- str_details1 = "???";
-
- if (len > 0)
- {
- switch (((const unsigned char*)buf)[0])
- {
- case 0:
- str_details1 = ", ERROR:";
- str_details2 = " ???";
- if (len >= 3)
- {
- unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
-
- switch (err)
- {
- case 0x0001:
- str_details2 = " NO-CIPHER-ERROR";
- break;
- case 0x0002:
- str_details2 = " NO-CERTIFICATE-ERROR";
- break;
- case 0x0004:
- str_details2 = " BAD-CERTIFICATE-ERROR";
- break;
- case 0x0006:
- str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
- break;
- }
- }
-
- break;
- case 1:
- str_details1 = ", CLIENT-HELLO";
- break;
- case 2:
- str_details1 = ", CLIENT-MASTER-KEY";
- break;
- case 3:
- str_details1 = ", CLIENT-FINISHED";
- break;
- case 4:
- str_details1 = ", SERVER-HELLO";
- break;
- case 5:
- str_details1 = ", SERVER-VERIFY";
- break;
- case 6:
- str_details1 = ", SERVER-FINISHED";
- break;
- case 7:
- str_details1 = ", REQUEST-CERTIFICATE";
- break;
- case 8:
- str_details1 = ", CLIENT-CERTIFICATE";
- break;
- }
- }
- }
-
- if (version == SSL3_VERSION || version == TLS1_VERSION)
- {
- switch (content_type)
- {
- case 20:
- str_content_type = "ChangeCipherSpec";
- break;
- case 21:
- str_content_type = "Alert";
- break;
- case 22:
- str_content_type = "Handshake";
- break;
- }
-
- if (content_type == 21) /* Alert */
- {
- str_details1 = ", ???";
-
- if (len == 2)
- {
- switch (((const unsigned char*)buf)[0])
- {
- case 1:
- str_details1 = ", warning";
- break;
- case 2:
- str_details1 = ", fatal";
- break;
- }
-
- str_details2 = " ???";
- switch (((const unsigned char*)buf)[1])
- {
- case 0:
- str_details2 = " close_notify";
- break;
- case 10:
- str_details2 = " unexpected_message";
- break;
- case 20:
- str_details2 = " bad_record_mac";
- break;
- case 21:
- str_details2 = " decryption_failed";
- break;
- case 22:
- str_details2 = " record_overflow";
- break;
- case 30:
- str_details2 = " decompression_failure";
- break;
- case 40:
- str_details2 = " handshake_failure";
- break;
- case 42:
- str_details2 = " bad_certificate";
- break;
- case 43:
- str_details2 = " unsupported_certificate";
- break;
- case 44:
- str_details2 = " certificate_revoked";
- break;
- case 45:
- str_details2 = " certificate_expired";
- break;
- case 46:
- str_details2 = " certificate_unknown";
- break;
- case 47:
- str_details2 = " illegal_parameter";
- break;
- case 48:
- str_details2 = " unknown_ca";
- break;
- case 49:
- str_details2 = " access_denied";
- break;
- case 50:
- str_details2 = " decode_error";
- break;
- case 51:
- str_details2 = " decrypt_error";
- break;
- case 60:
- str_details2 = " export_restriction";
- break;
- case 70:
- str_details2 = " protocol_version";
- break;
- case 71:
- str_details2 = " insufficient_security";
- break;
- case 80:
- str_details2 = " internal_error";
- break;
- case 90:
- str_details2 = " user_canceled";
- break;
- case 100:
- str_details2 = " no_renegotiation";
- break;
- }
- }
- }
-
- if (content_type == 22) /* Handshake */
- {
- str_details1 = "???";
-
- if (len > 0)
- {
- switch (((const unsigned char*)buf)[0])
- {
- case 0:
- str_details1 = ", HelloRequest";
- break;
- case 1:
- str_details1 = ", ClientHello";
- break;
- case 2:
- str_details1 = ", ServerHello";
- break;
- case 11:
- str_details1 = ", Certificate";
- break;
- case 12:
- str_details1 = ", ServerKeyExchange";
- break;
- case 13:
- str_details1 = ", CertificateRequest";
- break;
- case 14:
- str_details1 = ", ServerHelloDone";
- break;
- case 15:
- str_details1 = ", CertificateVerify";
- break;
- case 16:
- str_details1 = ", ClientKeyExchange";
- break;
- case 20:
- str_details1 = ", Finished";
- break;
- }
- }
- }
- }
-
- BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
-
- if (len > 0)
- {
- size_t num, i;
-
- BIO_printf(bio, " ");
- num = len;
-#if 0
- if (num > 16)
- num = 16;
-#endif
- for (i = 0; i < num; i++)
- {
- if (i % 16 == 0 && i > 0)
- BIO_printf(bio, "\n ");
- BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
- }
- if (i < len)
- BIO_printf(bio, " ...");
- BIO_printf(bio, "\n");
- }
- BIO_flush(bio);
- }
diff --git a/crypto/openssl/apps/s_client.c b/crypto/openssl/apps/s_client.c
deleted file mode 100644
index 3f302c5..0000000
--- a/crypto/openssl/apps/s_client.c
+++ /dev/null
@@ -1,1308 +0,0 @@
-/* apps/s_client.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/e_os2.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-
-/* With IPv6, it looks like Digital has mixed up the proper order of
- recursive header file inclusion, resulting in the compiler complaining
- that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
- is needed to have fileno() declared correctly... So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
-#define __U_INT
-typedef unsigned int u_int;
-#endif
-
-#define USE_SOCKETS
-#include "apps.h"
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#include "s_apps.h"
-#include "timeouts.h"
-
-#ifdef OPENSSL_SYS_WINCE
-/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
-#ifdef fileno
-#undef fileno
-#endif
-#define fileno(a) (int)_fileno(a)
-#endif
-
-
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#undef FIONBIO
-#endif
-
-#undef PROG
-#define PROG s_client_main
-
-/*#define SSL_HOST_NAME "www.netscape.com" */
-/*#define SSL_HOST_NAME "193.118.187.102" */
-#define SSL_HOST_NAME "localhost"
-
-/*#define TEST_CERT "client.pem" */ /* no default cert. */
-
-#undef BUFSIZZ
-#define BUFSIZZ 1024*8
-
-extern int verify_depth;
-extern int verify_error;
-
-#ifdef FIONBIO
-static int c_nbio=0;
-#endif
-static int c_Pause=0;
-static int c_debug=0;
-static int c_msg=0;
-static int c_showcerts=0;
-
-static void sc_usage(void);
-static void print_stuff(BIO *berr,SSL *con,int full);
-static BIO *bio_c_out=NULL;
-static int c_quiet=0;
-static int c_ign_eof=0;
-
-static void sc_usage(void)
- {
- BIO_printf(bio_err,"usage: s_client args\n");
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err," -host host - use -connect instead\n");
- BIO_printf(bio_err," -port port - use -connect instead\n");
- BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-
- BIO_printf(bio_err," -verify depth - turn on peer certificate verification\n");
- BIO_printf(bio_err," -cert arg - certificate file to use, PEM format assumed\n");
- BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
- BIO_printf(bio_err," -key arg - Private key file to use, in cert file if\n");
- BIO_printf(bio_err," not specified but cert file is.\n");
- BIO_printf(bio_err," -keyform arg - key format (PEM or DER) PEM default\n");
- BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
- BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
- BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
- BIO_printf(bio_err," -reconnect - Drop and re-make the connection with the same Session-ID\n");
- BIO_printf(bio_err," -pause - sleep(1) after each read(2) and write(2) system call\n");
- BIO_printf(bio_err," -showcerts - show all certificates in the chain\n");
- BIO_printf(bio_err," -debug - extra output\n");
-#ifdef WATT32
- BIO_printf(bio_err," -wdebug - WATT-32 tcp debugging\n");
-#endif
- BIO_printf(bio_err," -msg - Show protocol messages\n");
- BIO_printf(bio_err," -nbio_test - more ssl protocol testing\n");
- BIO_printf(bio_err," -state - print the 'ssl' states\n");
-#ifdef FIONBIO
- BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
-#endif
- BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
- BIO_printf(bio_err," -quiet - no s_client output\n");
- BIO_printf(bio_err," -ign_eof - ignore input eof (default when -quiet)\n");
- BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
- BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
- BIO_printf(bio_err," -tls1 - just use TLSv1\n");
- BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
- BIO_printf(bio_err," -mtu - set the MTU\n");
- BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
- BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
- BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n");
- BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
- BIO_printf(bio_err," command to see what is available\n");
- BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
- BIO_printf(bio_err," for those protocols that support it, where\n");
- BIO_printf(bio_err," 'prot' defines which one to assume. Currently,\n");
- BIO_printf(bio_err," only \"smtp\", \"pop3\", \"imap\", and \"ftp\" are supported.\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
-#endif
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
-
- }
-
-enum
-{
- PROTO_OFF = 0,
- PROTO_SMTP,
- PROTO_POP3,
- PROTO_IMAP,
- PROTO_FTP
-};
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int off=0;
- SSL *con=NULL,*con2=NULL;
- X509_STORE *store = NULL;
- int s,k,width,state=0;
- char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
- int cbuf_len,cbuf_off;
- int sbuf_len,sbuf_off;
- fd_set readfds,writefds;
- short port=PORT;
- int full_log=1;
- char *host=SSL_HOST_NAME;
- char *cert_file=NULL,*key_file=NULL;
- int cert_format = FORMAT_PEM, key_format = FORMAT_PEM;
- char *passarg = NULL, *pass = NULL;
- X509 *cert = NULL;
- EVP_PKEY *key = NULL;
- char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
- int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
- int crlf=0;
- int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
- SSL_CTX *ctx=NULL;
- int ret=1,in_init=1,i,nbio_test=0;
- int starttls_proto = PROTO_OFF;
- int prexit = 0, vflags = 0;
- SSL_METHOD *meth=NULL;
-#ifdef sock_type
-#undef sock_type
-#endif
- int sock_type=SOCK_STREAM;
- BIO *sbio;
- char *inrand=NULL;
- int mbuf_len=0;
-#ifndef OPENSSL_NO_ENGINE
- char *engine_id=NULL;
- ENGINE *e=NULL;
-#endif
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
- struct timeval tv;
-#endif
-
- struct sockaddr peer;
- int peerlen = sizeof(peer);
- int enable_timeouts = 0 ;
- long mtu = 0;
-
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- meth=SSLv23_client_method();
-#elif !defined(OPENSSL_NO_SSL3)
- meth=SSLv3_client_method();
-#elif !defined(OPENSSL_NO_SSL2)
- meth=SSLv2_client_method();
-#endif
-
- apps_startup();
- c_Pause=0;
- c_quiet=0;
- c_ign_eof=0;
- c_debug=0;
- c_msg=0;
- c_showcerts=0;
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- if ( ((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
- ((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
- ((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
- {
- BIO_printf(bio_err,"out of memory\n");
- goto end;
- }
-
- verify_depth=0;
- verify_error=X509_V_OK;
-#ifdef FIONBIO
- c_nbio=0;
-#endif
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-host") == 0)
- {
- if (--argc < 1) goto bad;
- host= *(++argv);
- }
- else if (strcmp(*argv,"-port") == 0)
- {
- if (--argc < 1) goto bad;
- port=atoi(*(++argv));
- if (port == 0) goto bad;
- }
- else if (strcmp(*argv,"-connect") == 0)
- {
- if (--argc < 1) goto bad;
- if (!extract_host_port(*(++argv),&host,NULL,&port))
- goto bad;
- }
- else if (strcmp(*argv,"-verify") == 0)
- {
- verify=SSL_VERIFY_PEER;
- if (--argc < 1) goto bad;
- verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
- }
- else if (strcmp(*argv,"-cert") == 0)
- {
- if (--argc < 1) goto bad;
- cert_file= *(++argv);
- }
- else if (strcmp(*argv,"-certform") == 0)
- {
- if (--argc < 1) goto bad;
- cert_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-crl_check") == 0)
- vflags |= X509_V_FLAG_CRL_CHECK;
- else if (strcmp(*argv,"-crl_check_all") == 0)
- vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
- else if (strcmp(*argv,"-prexit") == 0)
- prexit=1;
- else if (strcmp(*argv,"-crlf") == 0)
- crlf=1;
- else if (strcmp(*argv,"-quiet") == 0)
- {
- c_quiet=1;
- c_ign_eof=1;
- }
- else if (strcmp(*argv,"-ign_eof") == 0)
- c_ign_eof=1;
- else if (strcmp(*argv,"-pause") == 0)
- c_Pause=1;
- else if (strcmp(*argv,"-debug") == 0)
- c_debug=1;
-#ifdef WATT32
- else if (strcmp(*argv,"-wdebug") == 0)
- dbug_init();
-#endif
- else if (strcmp(*argv,"-msg") == 0)
- c_msg=1;
- else if (strcmp(*argv,"-showcerts") == 0)
- c_showcerts=1;
- else if (strcmp(*argv,"-nbio_test") == 0)
- nbio_test=1;
- else if (strcmp(*argv,"-state") == 0)
- state=1;
-#ifndef OPENSSL_NO_SSL2
- else if (strcmp(*argv,"-ssl2") == 0)
- meth=SSLv2_client_method();
-#endif
-#ifndef OPENSSL_NO_SSL3
- else if (strcmp(*argv,"-ssl3") == 0)
- meth=SSLv3_client_method();
-#endif
-#ifndef OPENSSL_NO_TLS1
- else if (strcmp(*argv,"-tls1") == 0)
- meth=TLSv1_client_method();
-#endif
-#ifndef OPENSSL_NO_DTLS1
- else if (strcmp(*argv,"-dtls1") == 0)
- {
- meth=DTLSv1_client_method();
- sock_type=SOCK_DGRAM;
- }
- else if (strcmp(*argv,"-timeout") == 0)
- enable_timeouts=1;
- else if (strcmp(*argv,"-mtu") == 0)
- {
- if (--argc < 1) goto bad;
- mtu = atol(*(++argv));
- }
-#endif
- else if (strcmp(*argv,"-bugs") == 0)
- bugs=1;
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
- key_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-pass") == 0)
- {
- if (--argc < 1) goto bad;
- passarg = *(++argv);
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- key_file= *(++argv);
- }
- else if (strcmp(*argv,"-reconnect") == 0)
- {
- reconnect=5;
- }
- else if (strcmp(*argv,"-CApath") == 0)
- {
- if (--argc < 1) goto bad;
- CApath= *(++argv);
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
- }
- else if (strcmp(*argv,"-no_tls1") == 0)
- off|=SSL_OP_NO_TLSv1;
- else if (strcmp(*argv,"-no_ssl3") == 0)
- off|=SSL_OP_NO_SSLv3;
- else if (strcmp(*argv,"-no_ssl2") == 0)
- off|=SSL_OP_NO_SSLv2;
- else if (strcmp(*argv,"-serverpref") == 0)
- off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
- else if (strcmp(*argv,"-cipher") == 0)
- {
- if (--argc < 1) goto bad;
- cipher= *(++argv);
- }
-#ifdef FIONBIO
- else if (strcmp(*argv,"-nbio") == 0)
- { c_nbio=1; }
-#endif
- else if (strcmp(*argv,"-starttls") == 0)
- {
- if (--argc < 1) goto bad;
- ++argv;
- if (strcmp(*argv,"smtp") == 0)
- starttls_proto = PROTO_SMTP;
- else if (strcmp(*argv,"pop3") == 0)
- starttls_proto = PROTO_POP3;
- else if (strcmp(*argv,"imap") == 0)
- starttls_proto = PROTO_IMAP;
- else if (strcmp(*argv,"ftp") == 0)
- starttls_proto = PROTO_FTP;
- else
- goto bad;
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine_id = *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badop=1;
- break;
- }
- argc--;
- argv++;
- }
- if (badop)
- {
-bad:
- sc_usage();
- goto end;
- }
-
- OpenSSL_add_ssl_algorithms();
- SSL_load_error_strings();
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine_id, 1);
-#endif
- if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
- {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
- if (key_file == NULL)
- key_file = cert_file;
-
-
- if (key_file)
-
- {
-
- key = load_key(bio_err, key_file, key_format, 0, pass, e,
- "client certificate private key file");
- if (!key)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- }
-
- if (cert_file)
-
- {
- cert = load_cert(bio_err,cert_file,cert_format,
- NULL, e, "client certificate file");
-
- if (!cert)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
- && !RAND_status())
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
- if (bio_c_out == NULL)
- {
- if (c_quiet && !c_debug && !c_msg)
- {
- bio_c_out=BIO_new(BIO_s_null());
- }
- else
- {
- if (bio_c_out == NULL)
- bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
- }
- }
-
- ctx=SSL_CTX_new(meth);
- if (ctx == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (bugs)
- SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
- else
- SSL_CTX_set_options(ctx,off);
- /* DTLS: partial reads end up discarding unread UDP bytes :-(
- * Setting read ahead solves this problem.
- */
- if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
-
- if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
- if (cipher != NULL)
- if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
- BIO_printf(bio_err,"error setting cipher list\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-#if 0
- else
- SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
-#endif
-
- SSL_CTX_set_verify(ctx,verify,verify_callback);
- if (!set_cert_key_stuff(ctx,cert,key))
- goto end;
-
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
- {
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
- }
-
- store = SSL_CTX_get_cert_store(ctx);
- X509_STORE_set_flags(store, vflags);
-
- con=SSL_new(ctx);
-#ifndef OPENSSL_NO_KRB5
- if (con && (con->kssl_ctx = kssl_ctx_new()) != NULL)
- {
- kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
- }
-#endif /* OPENSSL_NO_KRB5 */
-/* SSL_set_cipher_list(con,"RC4-MD5"); */
-
-re_start:
-
- if (init_client(&s,host,port,sock_type) == 0)
- {
- BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
- SHUTDOWN(s);
- goto end;
- }
- BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
-
-#ifdef FIONBIO
- if (c_nbio)
- {
- unsigned long l=1;
- BIO_printf(bio_c_out,"turning on non blocking io\n");
- if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-#endif
- if (c_Pause & 0x01) con->debug=1;
-
- if ( SSL_version(con) == DTLS1_VERSION)
- {
- struct timeval timeout;
-
- sbio=BIO_new_dgram(s,BIO_NOCLOSE);
- if (getsockname(s, &peer, (void *)&peerlen) < 0)
- {
- BIO_printf(bio_err, "getsockname:errno=%d\n",
- get_last_socket_error());
- SHUTDOWN(s);
- goto end;
- }
-
- BIO_ctrl_set_connected(sbio, 1, &peer);
-
- if ( enable_timeouts)
- {
- timeout.tv_sec = 0;
- timeout.tv_usec = DGRAM_RCV_TIMEOUT;
- BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
-
- timeout.tv_sec = 0;
- timeout.tv_usec = DGRAM_SND_TIMEOUT;
- BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
- }
-
- if ( mtu > 0)
- {
- SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(con, mtu);
- }
- else
- /* want to do MTU discovery */
- BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
- }
- else
- sbio=BIO_new_socket(s,BIO_NOCLOSE);
-
-
-
- if (nbio_test)
- {
- BIO *test;
-
- test=BIO_new(BIO_f_nbio_test());
- sbio=BIO_push(test,sbio);
- }
-
- if (c_debug)
- {
- con->debug=1;
- BIO_set_callback(sbio,bio_dump_callback);
- BIO_set_callback_arg(sbio,(char *)bio_c_out);
- }
- if (c_msg)
- {
- SSL_set_msg_callback(con, msg_cb);
- SSL_set_msg_callback_arg(con, bio_c_out);
- }
-
- SSL_set_bio(con,sbio,sbio);
- SSL_set_connect_state(con);
-
- /* ok, lets connect */
- width=SSL_get_fd(con)+1;
-
- read_tty=1;
- write_tty=0;
- tty_on=0;
- read_ssl=1;
- write_ssl=1;
-
- cbuf_len=0;
- cbuf_off=0;
- sbuf_len=0;
- sbuf_off=0;
-
- /* This is an ugly hack that does a lot of assumptions */
- /* We do have to handle multi-line responses which may come
- in a single packet or not. We therefore have to use
- BIO_gets() which does need a buffering BIO. So during
- the initial chitchat we do push a buffering BIO into the
- chain that is removed again later on to not disturb the
- rest of the s_client operation. */
- if (starttls_proto == PROTO_SMTP)
- {
- int foundit=0;
- BIO *fbio = BIO_new(BIO_f_buffer());
- BIO_push(fbio, sbio);
- /* wait for multi-line response to end from SMTP */
- do
- {
- mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
- }
- while (mbuf_len>3 && mbuf[3]=='-');
- /* STARTTLS command requires EHLO... */
- BIO_printf(fbio,"EHLO openssl.client.net\r\n");
- BIO_flush(fbio);
- /* wait for multi-line response to end EHLO SMTP response */
- do
- {
- mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
- if (strstr(mbuf,"STARTTLS"))
- foundit=1;
- }
- while (mbuf_len>3 && mbuf[3]=='-');
- BIO_flush(fbio);
- BIO_pop(fbio);
- BIO_free(fbio);
- if (!foundit)
- BIO_printf(bio_err,
- "didn't found starttls in server response,"
- " try anyway...\n");
- BIO_printf(sbio,"STARTTLS\r\n");
- BIO_read(sbio,sbuf,BUFSIZZ);
- }
- else if (starttls_proto == PROTO_POP3)
- {
- BIO_read(sbio,mbuf,BUFSIZZ);
- BIO_printf(sbio,"STLS\r\n");
- BIO_read(sbio,sbuf,BUFSIZZ);
- }
- else if (starttls_proto == PROTO_IMAP)
- {
- int foundit=0;
- BIO *fbio = BIO_new(BIO_f_buffer());
- BIO_push(fbio, sbio);
- BIO_gets(fbio,mbuf,BUFSIZZ);
- /* STARTTLS command requires CAPABILITY... */
- BIO_printf(fbio,". CAPABILITY\r\n");
- BIO_flush(fbio);
- /* wait for multi-line CAPABILITY response */
- do
- {
- mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
- if (strstr(mbuf,"STARTTLS"))
- foundit=1;
- }
- while (mbuf_len>3 && mbuf[0]!='.');
- BIO_flush(fbio);
- BIO_pop(fbio);
- BIO_free(fbio);
- if (!foundit)
- BIO_printf(bio_err,
- "didn't found STARTTLS in server response,"
- " try anyway...\n");
- BIO_printf(sbio,". STARTTLS\r\n");
- BIO_read(sbio,sbuf,BUFSIZZ);
- }
- else if (starttls_proto == PROTO_FTP)
- {
- BIO *fbio = BIO_new(BIO_f_buffer());
- BIO_push(fbio, sbio);
- /* wait for multi-line response to end from FTP */
- do
- {
- mbuf_len = BIO_gets(fbio,mbuf,BUFSIZZ);
- }
- while (mbuf_len>3 && mbuf[3]=='-');
- BIO_flush(fbio);
- BIO_pop(fbio);
- BIO_free(fbio);
- BIO_printf(sbio,"AUTH TLS\r\n");
- BIO_read(sbio,sbuf,BUFSIZZ);
- }
-
- for (;;)
- {
- FD_ZERO(&readfds);
- FD_ZERO(&writefds);
-
- if (SSL_in_init(con) && !SSL_total_renegotiations(con))
- {
- in_init=1;
- tty_on=0;
- }
- else
- {
- tty_on=1;
- if (in_init)
- {
- in_init=0;
- print_stuff(bio_c_out,con,full_log);
- if (full_log > 0) full_log--;
-
- if (starttls_proto)
- {
- BIO_printf(bio_err,"%s",mbuf);
- /* We don't need to know any more */
- starttls_proto = PROTO_OFF;
- }
-
- if (reconnect)
- {
- reconnect--;
- BIO_printf(bio_c_out,"drop connection and then reconnect\n");
- SSL_shutdown(con);
- SSL_set_connect_state(con);
- SHUTDOWN(SSL_get_fd(con));
- goto re_start;
- }
- }
- }
-
- ssl_pending = read_ssl && SSL_pending(con);
-
- if (!ssl_pending)
- {
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
- if (tty_on)
- {
- if (read_tty) FD_SET(fileno(stdin),&readfds);
- if (write_tty) FD_SET(fileno(stdout),&writefds);
- }
- if (read_ssl)
- FD_SET(SSL_get_fd(con),&readfds);
- if (write_ssl)
- FD_SET(SSL_get_fd(con),&writefds);
-#else
- if(!tty_on || !write_tty) {
- if (read_ssl)
- FD_SET(SSL_get_fd(con),&readfds);
- if (write_ssl)
- FD_SET(SSL_get_fd(con),&writefds);
- }
-#endif
-/* printf("mode tty(%d %d%d) ssl(%d%d)\n",
- tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
-
- /* Note: under VMS with SOCKETSHR the second parameter
- * is currently of type (int *) whereas under other
- * systems it is (void *) if you don't have a cast it
- * will choke the compiler: if you do have a cast then
- * you can either go for (int *) or (void *).
- */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
- /* Under Windows/DOS we make the assumption that we can
- * always write to the tty: therefore if we need to
- * write to the tty we just fall through. Otherwise
- * we timeout the select every second and see if there
- * are any keypresses. Note: this is a hack, in a proper
- * Windows application we wouldn't do this.
- */
- i=0;
- if(!write_tty) {
- if(read_tty) {
- tv.tv_sec = 1;
- tv.tv_usec = 0;
- i=select(width,(void *)&readfds,(void *)&writefds,
- NULL,&tv);
-#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
- if(!i && (!_kbhit() || !read_tty) ) continue;
-#else
- if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
-#endif
- } else i=select(width,(void *)&readfds,(void *)&writefds,
- NULL,NULL);
- }
-#elif defined(OPENSSL_SYS_NETWARE)
- if(!write_tty) {
- if(read_tty) {
- tv.tv_sec = 1;
- tv.tv_usec = 0;
- i=select(width,(void *)&readfds,(void *)&writefds,
- NULL,&tv);
- } else i=select(width,(void *)&readfds,(void *)&writefds,
- NULL,NULL);
- }
-#else
- i=select(width,(void *)&readfds,(void *)&writefds,
- NULL,NULL);
-#endif
- if ( i < 0)
- {
- BIO_printf(bio_err,"bad select %d\n",
- get_last_socket_error());
- goto shut;
- /* goto end; */
- }
- }
-
- if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
- {
- k=SSL_write(con,&(cbuf[cbuf_off]),
- (unsigned int)cbuf_len);
- switch (SSL_get_error(con,k))
- {
- case SSL_ERROR_NONE:
- cbuf_off+=k;
- cbuf_len-=k;
- if (k <= 0) goto end;
- /* we have done a write(con,NULL,0); */
- if (cbuf_len <= 0)
- {
- read_tty=1;
- write_ssl=0;
- }
- else /* if (cbuf_len > 0) */
- {
- read_tty=0;
- write_ssl=1;
- }
- break;
- case SSL_ERROR_WANT_WRITE:
- BIO_printf(bio_c_out,"write W BLOCK\n");
- write_ssl=1;
- read_tty=0;
- break;
- case SSL_ERROR_WANT_READ:
- BIO_printf(bio_c_out,"write R BLOCK\n");
- write_tty=0;
- read_ssl=1;
- write_ssl=0;
- break;
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_printf(bio_c_out,"write X BLOCK\n");
- break;
- case SSL_ERROR_ZERO_RETURN:
- if (cbuf_len != 0)
- {
- BIO_printf(bio_c_out,"shutdown\n");
- goto shut;
- }
- else
- {
- read_tty=1;
- write_ssl=0;
- break;
- }
-
- case SSL_ERROR_SYSCALL:
- if ((k != 0) || (cbuf_len != 0))
- {
- BIO_printf(bio_err,"write:errno=%d\n",
- get_last_socket_error());
- goto shut;
- }
- else
- {
- read_tty=1;
- write_ssl=0;
- }
- break;
- case SSL_ERROR_SSL:
- ERR_print_errors(bio_err);
- goto shut;
- }
- }
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
- /* Assume Windows/DOS can always write */
- else if (!ssl_pending && write_tty)
-#else
- else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
-#endif
- {
-#ifdef CHARSET_EBCDIC
- ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
-#endif
- i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
-
- if (i <= 0)
- {
- BIO_printf(bio_c_out,"DONE\n");
- goto shut;
- /* goto end; */
- }
-
- sbuf_len-=i;;
- sbuf_off+=i;
- if (sbuf_len <= 0)
- {
- read_ssl=1;
- write_tty=0;
- }
- }
- else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
- {
-#ifdef RENEG
-{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
-#endif
-#if 1
- k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
-#else
-/* Demo for pending and peek :-) */
- k=SSL_read(con,sbuf,16);
-{ char zbuf[10240];
-printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240));
-}
-#endif
-
- switch (SSL_get_error(con,k))
- {
- case SSL_ERROR_NONE:
- if (k <= 0)
- goto end;
- sbuf_off=0;
- sbuf_len=k;
-
- read_ssl=0;
- write_tty=1;
- break;
- case SSL_ERROR_WANT_WRITE:
- BIO_printf(bio_c_out,"read W BLOCK\n");
- write_ssl=1;
- read_tty=0;
- break;
- case SSL_ERROR_WANT_READ:
- BIO_printf(bio_c_out,"read R BLOCK\n");
- write_tty=0;
- read_ssl=1;
- if ((read_tty == 0) && (write_ssl == 0))
- write_ssl=1;
- break;
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_printf(bio_c_out,"read X BLOCK\n");
- break;
- case SSL_ERROR_SYSCALL:
- BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
- goto shut;
- case SSL_ERROR_ZERO_RETURN:
- BIO_printf(bio_c_out,"closed\n");
- goto shut;
- case SSL_ERROR_SSL:
- ERR_print_errors(bio_err);
- goto shut;
- /* break; */
- }
- }
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-#if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
- else if (_kbhit())
-#else
- else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
-#endif
-#elif defined (OPENSSL_SYS_NETWARE)
- else if (_kbhit())
-#else
- else if (FD_ISSET(fileno(stdin),&readfds))
-#endif
- {
- if (crlf)
- {
- int j, lf_num;
-
- i=read(fileno(stdin),cbuf,BUFSIZZ/2);
- lf_num = 0;
- /* both loops are skipped when i <= 0 */
- for (j = 0; j < i; j++)
- if (cbuf[j] == '\n')
- lf_num++;
- for (j = i-1; j >= 0; j--)
- {
- cbuf[j+lf_num] = cbuf[j];
- if (cbuf[j] == '\n')
- {
- lf_num--;
- i++;
- cbuf[j+lf_num] = '\r';
- }
- }
- assert(lf_num == 0);
- }
- else
- i=read(fileno(stdin),cbuf,BUFSIZZ);
-
- if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
- {
- BIO_printf(bio_err,"DONE\n");
- goto shut;
- }
-
- if ((!c_ign_eof) && (cbuf[0] == 'R'))
- {
- BIO_printf(bio_err,"RENEGOTIATING\n");
- SSL_renegotiate(con);
- cbuf_len=0;
- }
- else
- {
- cbuf_len=i;
- cbuf_off=0;
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(cbuf, cbuf, i);
-#endif
- }
-
- write_ssl=1;
- read_tty=0;
- }
- }
-shut:
- SSL_shutdown(con);
- SHUTDOWN(SSL_get_fd(con));
- ret=0;
-end:
- if(prexit) print_stuff(bio_c_out,con,1);
- if (con != NULL) SSL_free(con);
- if (con2 != NULL) SSL_free(con2);
- if (ctx != NULL) SSL_CTX_free(ctx);
- if (cert)
- X509_free(cert);
- if (key)
- EVP_PKEY_free(key);
- if (pass)
- OPENSSL_free(pass);
- if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
- if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
- if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
- if (bio_c_out != NULL)
- {
- BIO_free(bio_c_out);
- bio_c_out=NULL;
- }
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-
-static void print_stuff(BIO *bio, SSL *s, int full)
- {
- X509 *peer=NULL;
- char *p;
- static const char *space=" ";
- char buf[BUFSIZ];
- STACK_OF(X509) *sk;
- STACK_OF(X509_NAME) *sk2;
- SSL_CIPHER *c;
- X509_NAME *xn;
- int j,i;
-#ifndef OPENSSL_NO_COMP
- const COMP_METHOD *comp, *expansion;
-#endif
-
- if (full)
- {
- int got_a_chain = 0;
-
- sk=SSL_get_peer_cert_chain(s);
- if (sk != NULL)
- {
- got_a_chain = 1; /* we don't have it for SSL2 (yet) */
-
- BIO_printf(bio,"---\nCertificate chain\n");
- for (i=0; i<sk_X509_num(sk); i++)
- {
- X509_NAME_oneline(X509_get_subject_name(
- sk_X509_value(sk,i)),buf,sizeof buf);
- BIO_printf(bio,"%2d s:%s\n",i,buf);
- X509_NAME_oneline(X509_get_issuer_name(
- sk_X509_value(sk,i)),buf,sizeof buf);
- BIO_printf(bio," i:%s\n",buf);
- if (c_showcerts)
- PEM_write_bio_X509(bio,sk_X509_value(sk,i));
- }
- }
-
- BIO_printf(bio,"---\n");
- peer=SSL_get_peer_certificate(s);
- if (peer != NULL)
- {
- BIO_printf(bio,"Server certificate\n");
- if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
- PEM_write_bio_X509(bio,peer);
- X509_NAME_oneline(X509_get_subject_name(peer),
- buf,sizeof buf);
- BIO_printf(bio,"subject=%s\n",buf);
- X509_NAME_oneline(X509_get_issuer_name(peer),
- buf,sizeof buf);
- BIO_printf(bio,"issuer=%s\n",buf);
- }
- else
- BIO_printf(bio,"no peer certificate available\n");
-
- sk2=SSL_get_client_CA_list(s);
- if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
- {
- BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
- for (i=0; i<sk_X509_NAME_num(sk2); i++)
- {
- xn=sk_X509_NAME_value(sk2,i);
- X509_NAME_oneline(xn,buf,sizeof(buf));
- BIO_write(bio,buf,strlen(buf));
- BIO_write(bio,"\n",1);
- }
- }
- else
- {
- BIO_printf(bio,"---\nNo client certificate CA names sent\n");
- }
- p=SSL_get_shared_ciphers(s,buf,sizeof buf);
- if (p != NULL)
- {
- /* This works only for SSL 2. In later protocol
- * versions, the client does not know what other
- * ciphers (in addition to the one to be used
- * in the current connection) the server supports. */
-
- BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
- j=i=0;
- while (*p)
- {
- if (*p == ':')
- {
- BIO_write(bio,space,15-j%25);
- i++;
- j=0;
- BIO_write(bio,((i%3)?" ":"\n"),1);
- }
- else
- {
- BIO_write(bio,p,1);
- j++;
- }
- p++;
- }
- BIO_write(bio,"\n",1);
- }
-
- BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
- BIO_number_read(SSL_get_rbio(s)),
- BIO_number_written(SSL_get_wbio(s)));
- }
- BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
- c=SSL_get_current_cipher(s);
- BIO_printf(bio,"%s, Cipher is %s\n",
- SSL_CIPHER_get_version(c),
- SSL_CIPHER_get_name(c));
- if (peer != NULL) {
- EVP_PKEY *pktmp;
- pktmp = X509_get_pubkey(peer);
- BIO_printf(bio,"Server public key is %d bit\n",
- EVP_PKEY_bits(pktmp));
- EVP_PKEY_free(pktmp);
- }
-#ifndef OPENSSL_NO_COMP
- comp=SSL_get_current_compression(s);
- expansion=SSL_get_current_expansion(s);
- BIO_printf(bio,"Compression: %s\n",
- comp ? SSL_COMP_get_name(comp) : "NONE");
- BIO_printf(bio,"Expansion: %s\n",
- expansion ? SSL_COMP_get_name(expansion) : "NONE");
-#endif
- SSL_SESSION_print(bio,SSL_get_session(s));
- BIO_printf(bio,"---\n");
- if (peer != NULL)
- X509_free(peer);
- /* flush, or debugging output gets mixed with http response */
- BIO_flush(bio);
- }
-
diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c
deleted file mode 100644
index 6c433e6..0000000
--- a/crypto/openssl/apps/s_server.c
+++ /dev/null
@@ -1,2015 +0,0 @@
-/* apps/s_server.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-/* Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code */
-#ifdef OPENSSL_NO_DEPRECATED
-#undef OPENSSL_NO_DEPRECATED
-#endif
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <sys/stat.h>
-#include <openssl/e_os2.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-
-#if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */
-#include <sys/types.h>
-#endif
-
-/* With IPv6, it looks like Digital has mixed up the proper order of
- recursive header file inclusion, resulting in the compiler complaining
- that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
- is needed to have fileno() declared correctly... So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
-#define __U_INT
-typedef unsigned int u_int;
-#endif
-
-#include <openssl/lhash.h>
-#include <openssl/bn.h>
-#define USE_SOCKETS
-#include "apps.h"
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include "s_apps.h"
-#include "timeouts.h"
-
-#ifdef OPENSSL_SYS_WINCE
-/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
-#ifdef fileno
-#undef fileno
-#endif
-#define fileno(a) (int)_fileno(a)
-#endif
-
-#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
-/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
-#undef FIONBIO
-#endif
-
-#ifndef OPENSSL_NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
-#endif
-static int sv_body(char *hostname, int s, unsigned char *context);
-static int www_body(char *hostname, int s, unsigned char *context);
-static void close_accept_socket(void );
-static void sv_usage(void);
-static int init_ssl_connection(SSL *s);
-static void print_stats(BIO *bp,SSL_CTX *ctx);
-static int generate_session_id(const SSL *ssl, unsigned char *id,
- unsigned int *id_len);
-#ifndef OPENSSL_NO_DH
-static DH *load_dh_param(const char *dhfile);
-static DH *get_dh512(void);
-#endif
-
-#ifdef MONOLITH
-static void s_server_init(void);
-#endif
-
-#ifndef S_ISDIR
-# if defined(_S_IFMT) && defined(_S_IFDIR)
-# define S_ISDIR(a) (((a) & _S_IFMT) == _S_IFDIR)
-# else
-# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
-# endif
-#endif
-
-#ifndef OPENSSL_NO_DH
-static unsigned char dh512_p[]={
- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
- 0x47,0x74,0xE8,0x33,
- };
-static unsigned char dh512_g[]={
- 0x02,
- };
-
-static DH *get_dh512(void)
- {
- DH *dh=NULL;
-
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- return(NULL);
- return(dh);
- }
-#endif
-
-
-/* static int load_CA(SSL_CTX *ctx, char *file);*/
-
-#undef BUFSIZZ
-#define BUFSIZZ 16*1024
-static int bufsize=BUFSIZZ;
-static int accept_socket= -1;
-
-#define TEST_CERT "server.pem"
-#undef PROG
-#define PROG s_server_main
-
-extern int verify_depth;
-
-static char *cipher=NULL;
-static int s_server_verify=SSL_VERIFY_NONE;
-static int s_server_session_id_context = 1; /* anything will do */
-static const char *s_cert_file=TEST_CERT,*s_key_file=NULL;
-static char *s_dcert_file=NULL,*s_dkey_file=NULL;
-#ifdef FIONBIO
-static int s_nbio=0;
-#endif
-static int s_nbio_test=0;
-int s_crlf=0;
-static SSL_CTX *ctx=NULL;
-static int www=0;
-
-static BIO *bio_s_out=NULL;
-static int s_debug=0;
-static int s_msg=0;
-static int s_quiet=0;
-
-static int hack=0;
-#ifndef OPENSSL_NO_ENGINE
-static char *engine_id=NULL;
-#endif
-static const char *session_id_prefix=NULL;
-
-static int enable_timeouts = 0;
-#ifdef mtu
-#undef mtu
-#endif
-static long mtu;
-static int cert_chain = 0;
-
-
-#ifdef MONOLITH
-static void s_server_init(void)
- {
- accept_socket=-1;
- cipher=NULL;
- s_server_verify=SSL_VERIFY_NONE;
- s_dcert_file=NULL;
- s_dkey_file=NULL;
- s_cert_file=TEST_CERT;
- s_key_file=NULL;
-#ifdef FIONBIO
- s_nbio=0;
-#endif
- s_nbio_test=0;
- ctx=NULL;
- www=0;
-
- bio_s_out=NULL;
- s_debug=0;
- s_msg=0;
- s_quiet=0;
- hack=0;
-#ifndef OPENSSL_NO_ENGINE
- engine_id=NULL;
-#endif
- }
-#endif
-
-static void sv_usage(void)
- {
- BIO_printf(bio_err,"usage: s_server [args ...]\n");
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err," -accept arg - port to accept on (default is %d)\n",PORT);
- BIO_printf(bio_err," -context arg - set session ID context\n");
- BIO_printf(bio_err," -verify arg - turn on peer certificate verification\n");
- BIO_printf(bio_err," -Verify arg - turn on peer certificate verification, must have a cert.\n");
- BIO_printf(bio_err," -cert arg - certificate file to use\n");
- BIO_printf(bio_err," (default is %s)\n",TEST_CERT);
- BIO_printf(bio_err," -certform arg - certificate format (PEM or DER) PEM default\n");
- BIO_printf(bio_err," -key arg - Private Key file to use, in cert file if\n");
- BIO_printf(bio_err," not specified (default is %s)\n",TEST_CERT);
- BIO_printf(bio_err," -keyform arg - key format (PEM, DER or ENGINE) PEM default\n");
- BIO_printf(bio_err," -pass arg - private key file pass phrase source\n");
- BIO_printf(bio_err," -dcert arg - second certificate file to use (usually for DSA)\n");
- BIO_printf(bio_err," -dcertform x - second certificate format (PEM or DER) PEM default\n");
- BIO_printf(bio_err," -dkey arg - second private key file to use (usually for DSA)\n");
- BIO_printf(bio_err," -dkeyform arg - second key format (PEM, DER or ENGINE) PEM default\n");
- BIO_printf(bio_err," -dpass arg - second private key file pass phrase source\n");
- BIO_printf(bio_err," -dhparam arg - DH parameter file to use, in cert file if not specified\n");
- BIO_printf(bio_err," or a default set of parameters is used\n");
-#ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
- " Use \"openssl ecparam -list_curves\" for all names\n" \
- " (default is sect163r2).\n");
-#endif
-#ifdef FIONBIO
- BIO_printf(bio_err," -nbio - Run with non-blocking IO\n");
-#endif
- BIO_printf(bio_err," -nbio_test - test with the non-blocking test bio\n");
- BIO_printf(bio_err," -crlf - convert LF from terminal into CRLF\n");
- BIO_printf(bio_err," -debug - Print more output\n");
- BIO_printf(bio_err," -msg - Show protocol messages\n");
- BIO_printf(bio_err," -state - Print the SSL states\n");
- BIO_printf(bio_err," -CApath arg - PEM format directory of CA's\n");
- BIO_printf(bio_err," -CAfile arg - PEM format file of CA's\n");
- BIO_printf(bio_err," -nocert - Don't use any certificates (Anon-DH)\n");
- BIO_printf(bio_err," -cipher arg - play with 'openssl ciphers' to see what goes here\n");
- BIO_printf(bio_err," -serverpref - Use server's cipher preferences\n");
- BIO_printf(bio_err," -quiet - No server output\n");
- BIO_printf(bio_err," -no_tmp_rsa - Do not generate a tmp RSA key\n");
- BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
- BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
- BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
- BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");
- BIO_printf(bio_err," -timeout - Enable timeouts\n");
- BIO_printf(bio_err," -mtu - Set MTU\n");
- BIO_printf(bio_err," -chain - Read a certificate chain\n");
- BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
- BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
- BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n");
-#ifndef OPENSSL_NO_DH
- BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err," -no_ecdhe - Disable ephemeral ECDH\n");
-#endif
- BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
- BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
- BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
- BIO_printf(bio_err," -HTTP - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
- BIO_printf(bio_err," with the assumption it contains a complete HTTP response.\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine id - Initialise and use the specified engine\n");
-#endif
- BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
- BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- }
-
-static int local_argc=0;
-static char **local_argv;
-
-#ifdef CHARSET_EBCDIC
-static int ebcdic_new(BIO *bi);
-static int ebcdic_free(BIO *a);
-static int ebcdic_read(BIO *b, char *out, int outl);
-static int ebcdic_write(BIO *b, const char *in, int inl);
-static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
-static int ebcdic_gets(BIO *bp, char *buf, int size);
-static int ebcdic_puts(BIO *bp, const char *str);
-
-#define BIO_TYPE_EBCDIC_FILTER (18|0x0200)
-static BIO_METHOD methods_ebcdic=
- {
- BIO_TYPE_EBCDIC_FILTER,
- "EBCDIC/ASCII filter",
- ebcdic_write,
- ebcdic_read,
- ebcdic_puts,
- ebcdic_gets,
- ebcdic_ctrl,
- ebcdic_new,
- ebcdic_free,
- };
-
-typedef struct
-{
- size_t alloced;
- char buff[1];
-} EBCDIC_OUTBUFF;
-
-BIO_METHOD *BIO_f_ebcdic_filter()
-{
- return(&methods_ebcdic);
-}
-
-static int ebcdic_new(BIO *bi)
-{
- EBCDIC_OUTBUFF *wbuf;
-
- wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
- wbuf->alloced = 1024;
- wbuf->buff[0] = '\0';
-
- bi->ptr=(char *)wbuf;
- bi->init=1;
- bi->flags=0;
- return(1);
-}
-
-static int ebcdic_free(BIO *a)
-{
- if (a == NULL) return(0);
- if (a->ptr != NULL)
- OPENSSL_free(a->ptr);
- a->ptr=NULL;
- a->init=0;
- a->flags=0;
- return(1);
-}
-
-static int ebcdic_read(BIO *b, char *out, int outl)
-{
- int ret=0;
-
- if (out == NULL || outl == 0) return(0);
- if (b->next_bio == NULL) return(0);
-
- ret=BIO_read(b->next_bio,out,outl);
- if (ret > 0)
- ascii2ebcdic(out,out,ret);
- return(ret);
-}
-
-static int ebcdic_write(BIO *b, const char *in, int inl)
-{
- EBCDIC_OUTBUFF *wbuf;
- int ret=0;
- int num;
- unsigned char n;
-
- if ((in == NULL) || (inl <= 0)) return(0);
- if (b->next_bio == NULL) return(0);
-
- wbuf=(EBCDIC_OUTBUFF *)b->ptr;
-
- if (inl > (num = wbuf->alloced))
- {
- num = num + num; /* double the size */
- if (num < inl)
- num = inl;
- OPENSSL_free(wbuf);
- wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
-
- wbuf->alloced = num;
- wbuf->buff[0] = '\0';
-
- b->ptr=(char *)wbuf;
- }
-
- ebcdic2ascii(wbuf->buff, in, inl);
-
- ret=BIO_write(b->next_bio, wbuf->buff, inl);
-
- return(ret);
-}
-
-static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
-{
- long ret;
-
- if (b->next_bio == NULL) return(0);
- switch (cmd)
- {
- case BIO_CTRL_DUP:
- ret=0L;
- break;
- default:
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- break;
- }
- return(ret);
-}
-
-static int ebcdic_gets(BIO *bp, char *buf, int size)
-{
- int i, ret=0;
- if (bp->next_bio == NULL) return(0);
-/* return(BIO_gets(bp->next_bio,buf,size));*/
- for (i=0; i<size-1; ++i)
- {
- ret = ebcdic_read(bp,&buf[i],1);
- if (ret <= 0)
- break;
- else if (buf[i] == '\n')
- {
- ++i;
- break;
- }
- }
- if (i < size)
- buf[i] = '\0';
- return (ret < 0 && i == 0) ? ret : i;
-}
-
-static int ebcdic_puts(BIO *bp, const char *str)
-{
- if (bp->next_bio == NULL) return(0);
- return ebcdic_write(bp, str, strlen(str));
-}
-#endif
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char *argv[])
- {
- X509_STORE *store = NULL;
- int vflags = 0;
- short port=PORT;
- char *CApath=NULL,*CAfile=NULL;
- unsigned char *context = NULL;
- char *dhfile = NULL;
-#ifndef OPENSSL_NO_ECDH
- char *named_curve = NULL;
-#endif
- int badop=0,bugs=0;
- int ret=1;
- int off=0;
- int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
- int state=0;
- SSL_METHOD *meth=NULL;
-#ifdef sock_type
-#undef sock_type
-#endif
- int sock_type=SOCK_STREAM;
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e=NULL;
-#endif
- char *inrand=NULL;
- int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
- char *passarg = NULL, *pass = NULL;
- char *dpassarg = NULL, *dpass = NULL;
- int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
- X509 *s_cert = NULL, *s_dcert = NULL;
- EVP_PKEY *s_key = NULL, *s_dkey = NULL;
-
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- meth=SSLv23_server_method();
-#elif !defined(OPENSSL_NO_SSL3)
- meth=SSLv3_server_method();
-#elif !defined(OPENSSL_NO_SSL2)
- meth=SSLv2_server_method();
-#endif
-
- local_argc=argc;
- local_argv=argv;
-
- apps_startup();
-#ifdef MONOLITH
- s_server_init();
-#endif
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- verify_depth=0;
-#ifdef FIONBIO
- s_nbio=0;
-#endif
- s_nbio_test=0;
-
- argc--;
- argv++;
-
- while (argc >= 1)
- {
- if ((strcmp(*argv,"-port") == 0) ||
- (strcmp(*argv,"-accept") == 0))
- {
- if (--argc < 1) goto bad;
- if (!extract_port(*(++argv),&port))
- goto bad;
- }
- else if (strcmp(*argv,"-verify") == 0)
- {
- s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
- if (--argc < 1) goto bad;
- verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
- }
- else if (strcmp(*argv,"-Verify") == 0)
- {
- s_server_verify=SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|
- SSL_VERIFY_CLIENT_ONCE;
- if (--argc < 1) goto bad;
- verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
- }
- else if (strcmp(*argv,"-context") == 0)
- {
- if (--argc < 1) goto bad;
- context= (unsigned char *)*(++argv);
- }
- else if (strcmp(*argv,"-cert") == 0)
- {
- if (--argc < 1) goto bad;
- s_cert_file= *(++argv);
- }
- else if (strcmp(*argv,"-certform") == 0)
- {
- if (--argc < 1) goto bad;
- s_cert_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- s_key_file= *(++argv);
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
- s_key_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-pass") == 0)
- {
- if (--argc < 1) goto bad;
- passarg = *(++argv);
- }
- else if (strcmp(*argv,"-dhparam") == 0)
- {
- if (--argc < 1) goto bad;
- dhfile = *(++argv);
- }
-#ifndef OPENSSL_NO_ECDH
- else if (strcmp(*argv,"-named_curve") == 0)
- {
- if (--argc < 1) goto bad;
- named_curve = *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-dcertform") == 0)
- {
- if (--argc < 1) goto bad;
- s_dcert_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-dcert") == 0)
- {
- if (--argc < 1) goto bad;
- s_dcert_file= *(++argv);
- }
- else if (strcmp(*argv,"-dkeyform") == 0)
- {
- if (--argc < 1) goto bad;
- s_dkey_format = str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-dpass") == 0)
- {
- if (--argc < 1) goto bad;
- dpassarg = *(++argv);
- }
- else if (strcmp(*argv,"-dkey") == 0)
- {
- if (--argc < 1) goto bad;
- s_dkey_file= *(++argv);
- }
- else if (strcmp(*argv,"-nocert") == 0)
- {
- nocert=1;
- }
- else if (strcmp(*argv,"-CApath") == 0)
- {
- if (--argc < 1) goto bad;
- CApath= *(++argv);
- }
- else if (strcmp(*argv,"-crl_check") == 0)
- {
- vflags |= X509_V_FLAG_CRL_CHECK;
- }
- else if (strcmp(*argv,"-crl_check") == 0)
- {
- vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
- }
- else if (strcmp(*argv,"-serverpref") == 0)
- { off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
- else if (strcmp(*argv,"-cipher") == 0)
- {
- if (--argc < 1) goto bad;
- cipher= *(++argv);
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
- }
-#ifdef FIONBIO
- else if (strcmp(*argv,"-nbio") == 0)
- { s_nbio=1; }
-#endif
- else if (strcmp(*argv,"-nbio_test") == 0)
- {
-#ifdef FIONBIO
- s_nbio=1;
-#endif
- s_nbio_test=1;
- }
- else if (strcmp(*argv,"-debug") == 0)
- { s_debug=1; }
- else if (strcmp(*argv,"-msg") == 0)
- { s_msg=1; }
- else if (strcmp(*argv,"-hack") == 0)
- { hack=1; }
- else if (strcmp(*argv,"-state") == 0)
- { state=1; }
- else if (strcmp(*argv,"-crlf") == 0)
- { s_crlf=1; }
- else if (strcmp(*argv,"-quiet") == 0)
- { s_quiet=1; }
- else if (strcmp(*argv,"-bugs") == 0)
- { bugs=1; }
- else if (strcmp(*argv,"-no_tmp_rsa") == 0)
- { no_tmp_rsa=1; }
- else if (strcmp(*argv,"-no_dhe") == 0)
- { no_dhe=1; }
- else if (strcmp(*argv,"-no_ecdhe") == 0)
- { no_ecdhe=1; }
- else if (strcmp(*argv,"-www") == 0)
- { www=1; }
- else if (strcmp(*argv,"-WWW") == 0)
- { www=2; }
- else if (strcmp(*argv,"-HTTP") == 0)
- { www=3; }
- else if (strcmp(*argv,"-no_ssl2") == 0)
- { off|=SSL_OP_NO_SSLv2; }
- else if (strcmp(*argv,"-no_ssl3") == 0)
- { off|=SSL_OP_NO_SSLv3; }
- else if (strcmp(*argv,"-no_tls1") == 0)
- { off|=SSL_OP_NO_TLSv1; }
-#ifndef OPENSSL_NO_SSL2
- else if (strcmp(*argv,"-ssl2") == 0)
- { meth=SSLv2_server_method(); }
-#endif
-#ifndef OPENSSL_NO_SSL3
- else if (strcmp(*argv,"-ssl3") == 0)
- { meth=SSLv3_server_method(); }
-#endif
-#ifndef OPENSSL_NO_TLS1
- else if (strcmp(*argv,"-tls1") == 0)
- { meth=TLSv1_server_method(); }
-#endif
-#ifndef OPENSSL_NO_DTLS1
- else if (strcmp(*argv,"-dtls1") == 0)
- {
- meth=DTLSv1_server_method();
- sock_type = SOCK_DGRAM;
- }
- else if (strcmp(*argv,"-timeout") == 0)
- enable_timeouts = 1;
- else if (strcmp(*argv,"-mtu") == 0)
- {
- if (--argc < 1) goto bad;
- mtu = atol(*(++argv));
- }
- else if (strcmp(*argv, "-chain") == 0)
- cert_chain = 1;
-#endif
- else if (strcmp(*argv, "-id_prefix") == 0)
- {
- if (--argc < 1) goto bad;
- session_id_prefix = *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine_id= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-rand") == 0)
- {
- if (--argc < 1) goto bad;
- inrand= *(++argv);
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badop=1;
- break;
- }
- argc--;
- argv++;
- }
- if (badop)
- {
-bad:
- sv_usage();
- goto end;
- }
-
- SSL_load_error_strings();
- OpenSSL_add_ssl_algorithms();
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine_id, 1);
-#endif
-
- if (!app_passwd(bio_err, passarg, dpassarg, &pass, &dpass))
- {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
-
- if (s_key_file == NULL)
- s_key_file = s_cert_file;
-
- if (nocert == 0)
- {
- s_key = load_key(bio_err, s_key_file, s_key_format, 0, pass, e,
- "server certificate private key file");
- if (!s_key)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- s_cert = load_cert(bio_err,s_cert_file,s_cert_format,
- NULL, e, "server certificate file");
-
- if (!s_cert)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (s_dcert_file)
- {
-
- if (s_dkey_file == NULL)
- s_dkey_file = s_dcert_file;
-
- s_dkey = load_key(bio_err, s_dkey_file, s_dkey_format,
- 0, dpass, e,
- "second certificate private key file");
- if (!s_dkey)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- s_dcert = load_cert(bio_err,s_dcert_file,s_dcert_format,
- NULL, e, "second server certificate file");
-
- if (!s_dcert)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- }
-
- if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
- && !RAND_status())
- {
- BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
- }
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
-
- if (bio_s_out == NULL)
- {
- if (s_quiet && !s_debug && !s_msg)
- {
- bio_s_out=BIO_new(BIO_s_null());
- }
- else
- {
- if (bio_s_out == NULL)
- bio_s_out=BIO_new_fp(stdout,BIO_NOCLOSE);
- }
- }
-
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
- if (nocert)
-#endif
- {
- s_cert_file=NULL;
- s_key_file=NULL;
- s_dcert_file=NULL;
- s_dkey_file=NULL;
- }
-
- ctx=SSL_CTX_new(meth);
- if (ctx == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (session_id_prefix)
- {
- if(strlen(session_id_prefix) >= 32)
- BIO_printf(bio_err,
-"warning: id_prefix is too long, only one new session will be possible\n");
- else if(strlen(session_id_prefix) >= 16)
- BIO_printf(bio_err,
-"warning: id_prefix is too long if you use SSLv2\n");
- if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
- {
- BIO_printf(bio_err,"error setting 'id_prefix'\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
- }
- SSL_CTX_set_quiet_shutdown(ctx,1);
- if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
- if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
- SSL_CTX_set_options(ctx,off);
- /* DTLS: partial reads end up discarding unread UDP bytes :-(
- * Setting read ahead solves this problem.
- */
- if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
-
- if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
-
- SSL_CTX_sess_set_cache_size(ctx,128);
-
-#if 0
- if (cipher == NULL) cipher=getenv("SSL_CIPHER");
-#endif
-
-#if 0
- if (s_cert_file == NULL)
- {
- BIO_printf(bio_err,"You must specify a certificate file for the server to use\n");
- goto end;
- }
-#endif
-
- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(ctx)))
- {
- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
- }
- store = SSL_CTX_get_cert_store(ctx);
- X509_STORE_set_flags(store, vflags);
-
-#ifndef OPENSSL_NO_DH
- if (!no_dhe)
- {
- DH *dh=NULL;
-
- if (dhfile)
- dh = load_dh_param(dhfile);
- else if (s_cert_file)
- dh = load_dh_param(s_cert_file);
-
- if (dh != NULL)
- {
- BIO_printf(bio_s_out,"Setting temp DH parameters\n");
- }
- else
- {
- BIO_printf(bio_s_out,"Using default temp DH parameters\n");
- dh=get_dh512();
- }
- (void)BIO_flush(bio_s_out);
-
- SSL_CTX_set_tmp_dh(ctx,dh);
- DH_free(dh);
- }
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- if (!no_ecdhe)
- {
- EC_KEY *ecdh=NULL;
-
- if (named_curve)
- {
- int nid = OBJ_sn2nid(named_curve);
-
- if (nid == 0)
- {
- BIO_printf(bio_err, "unknown curve name (%s)\n",
- named_curve);
- goto end;
- }
- ecdh = EC_KEY_new_by_curve_name(nid);
- if (ecdh == NULL)
- {
- BIO_printf(bio_err, "unable to create curve (%s)\n",
- named_curve);
- goto end;
- }
- }
-
- if (ecdh != NULL)
- {
- BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
- }
- else
- {
- BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
- ecdh = EC_KEY_new_by_curve_name(NID_sect163r2);
- if (ecdh == NULL)
- {
- BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
- goto end;
- }
- }
- (void)BIO_flush(bio_s_out);
-
- SSL_CTX_set_tmp_ecdh(ctx,ecdh);
- EC_KEY_free(ecdh);
- }
-#endif
-
- if (!set_cert_key_stuff(ctx,s_cert,s_key))
- goto end;
- if (s_dcert != NULL)
- {
- if (!set_cert_key_stuff(ctx,s_dcert,s_dkey))
- goto end;
- }
-
-#ifndef OPENSSL_NO_RSA
-#if 1
- if (!no_tmp_rsa)
- SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
-#else
- if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
- {
- RSA *rsa;
-
- BIO_printf(bio_s_out,"Generating temp (512 bit) RSA key...");
- BIO_flush(bio_s_out);
-
- rsa=RSA_generate_key(512,RSA_F4,NULL);
-
- if (!SSL_CTX_set_tmp_rsa(ctx,rsa))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- RSA_free(rsa);
- BIO_printf(bio_s_out,"\n");
- }
-#endif
-#endif
-
- if (cipher != NULL)
- if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
- BIO_printf(bio_err,"error setting cipher list\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
- SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
- sizeof s_server_session_id_context);
-
- if (CAfile != NULL)
- SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
-
- BIO_printf(bio_s_out,"ACCEPT\n");
- if (www)
- do_server(port,sock_type,&accept_socket,www_body, context);
- else
- do_server(port,sock_type,&accept_socket,sv_body, context);
- print_stats(bio_s_out,ctx);
- ret=0;
-end:
- if (ctx != NULL) SSL_CTX_free(ctx);
- if (s_cert)
- X509_free(s_cert);
- if (s_dcert)
- X509_free(s_dcert);
- if (s_key)
- EVP_PKEY_free(s_key);
- if (s_dkey)
- EVP_PKEY_free(s_dkey);
- if (pass)
- OPENSSL_free(pass);
- if (dpass)
- OPENSSL_free(dpass);
- if (bio_s_out != NULL)
- {
- BIO_free(bio_s_out);
- bio_s_out=NULL;
- }
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
- {
- BIO_printf(bio,"%4ld items in the session cache\n",
- SSL_CTX_sess_number(ssl_ctx));
- BIO_printf(bio,"%4ld client connects (SSL_connect())\n",
- SSL_CTX_sess_connect(ssl_ctx));
- BIO_printf(bio,"%4ld client renegotiates (SSL_connect())\n",
- SSL_CTX_sess_connect_renegotiate(ssl_ctx));
- BIO_printf(bio,"%4ld client connects that finished\n",
- SSL_CTX_sess_connect_good(ssl_ctx));
- BIO_printf(bio,"%4ld server accepts (SSL_accept())\n",
- SSL_CTX_sess_accept(ssl_ctx));
- BIO_printf(bio,"%4ld server renegotiates (SSL_accept())\n",
- SSL_CTX_sess_accept_renegotiate(ssl_ctx));
- BIO_printf(bio,"%4ld server accepts that finished\n",
- SSL_CTX_sess_accept_good(ssl_ctx));
- BIO_printf(bio,"%4ld session cache hits\n",SSL_CTX_sess_hits(ssl_ctx));
- BIO_printf(bio,"%4ld session cache misses\n",SSL_CTX_sess_misses(ssl_ctx));
- BIO_printf(bio,"%4ld session cache timeouts\n",SSL_CTX_sess_timeouts(ssl_ctx));
- BIO_printf(bio,"%4ld callback cache hits\n",SSL_CTX_sess_cb_hits(ssl_ctx));
- BIO_printf(bio,"%4ld cache full overflows (%ld allowed)\n",
- SSL_CTX_sess_cache_full(ssl_ctx),
- SSL_CTX_sess_get_cache_size(ssl_ctx));
- }
-
-static int sv_body(char *hostname, int s, unsigned char *context)
- {
- char *buf=NULL;
- fd_set readfds;
- int ret=1,width;
- int k,i;
- unsigned long l;
- SSL *con=NULL;
- BIO *sbio;
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
- struct timeval tv;
-#endif
-
- if ((buf=OPENSSL_malloc(bufsize)) == NULL)
- {
- BIO_printf(bio_err,"out of memory\n");
- goto err;
- }
-#ifdef FIONBIO
- if (s_nbio)
- {
- unsigned long sl=1;
-
- if (!s_quiet)
- BIO_printf(bio_err,"turning on non blocking io\n");
- if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
- ERR_print_errors(bio_err);
- }
-#endif
-
- if (con == NULL) {
- con=SSL_new(ctx);
-#ifndef OPENSSL_NO_KRB5
- if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
- {
- kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
- KRB5SVC);
- kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
- KRB5KEYTAB);
- }
-#endif /* OPENSSL_NO_KRB5 */
- if(context)
- SSL_set_session_id_context(con, context,
- strlen((char *)context));
- }
- SSL_clear(con);
-
- if (SSL_version(con) == DTLS1_VERSION)
- {
- struct timeval timeout;
-
- sbio=BIO_new_dgram(s,BIO_NOCLOSE);
-
- if ( enable_timeouts)
- {
- timeout.tv_sec = 0;
- timeout.tv_usec = DGRAM_RCV_TIMEOUT;
- BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
-
- timeout.tv_sec = 0;
- timeout.tv_usec = DGRAM_SND_TIMEOUT;
- BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
- }
-
-
- if ( mtu > 0)
- {
- SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
- SSL_set_mtu(con, mtu);
- }
- else
- /* want to do MTU discovery */
- BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
-
- /* turn on cookie exchange */
- SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
- }
- else
- sbio=BIO_new_socket(s,BIO_NOCLOSE);
-
- if (s_nbio_test)
- {
- BIO *test;
-
- test=BIO_new(BIO_f_nbio_test());
- sbio=BIO_push(test,sbio);
- }
- SSL_set_bio(con,sbio,sbio);
- SSL_set_accept_state(con);
- /* SSL_set_fd(con,s); */
-
- if (s_debug)
- {
- con->debug=1;
- BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
- BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
- }
- if (s_msg)
- {
- SSL_set_msg_callback(con, msg_cb);
- SSL_set_msg_callback_arg(con, bio_s_out);
- }
-
- width=s+1;
- for (;;)
- {
- int read_from_terminal;
- int read_from_sslcon;
-
- read_from_terminal = 0;
- read_from_sslcon = SSL_pending(con);
-
- if (!read_from_sslcon)
- {
- FD_ZERO(&readfds);
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)
- FD_SET(fileno(stdin),&readfds);
-#endif
- FD_SET(s,&readfds);
- /* Note: under VMS with SOCKETSHR the second parameter is
- * currently of type (int *) whereas under other systems
- * it is (void *) if you don't have a cast it will choke
- * the compiler: if you do have a cast then you can either
- * go for (int *) or (void *).
- */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE)
- /* Under DOS (non-djgpp) and Windows we can't select on stdin: only
- * on sockets. As a workaround we timeout the select every
- * second and check for any keypress. In a proper Windows
- * application we wouldn't do this because it is inefficient.
- */
- tv.tv_sec = 1;
- tv.tv_usec = 0;
- i=select(width,(void *)&readfds,NULL,NULL,&tv);
- if((i < 0) || (!i && !_kbhit() ) )continue;
- if(_kbhit())
- read_from_terminal = 1;
-#else
- i=select(width,(void *)&readfds,NULL,NULL,NULL);
- if (i <= 0) continue;
- if (FD_ISSET(fileno(stdin),&readfds))
- read_from_terminal = 1;
-#endif
- if (FD_ISSET(s,&readfds))
- read_from_sslcon = 1;
- }
- if (read_from_terminal)
- {
- if (s_crlf)
- {
- int j, lf_num;
-
- i=read(fileno(stdin), buf, bufsize/2);
- lf_num = 0;
- /* both loops are skipped when i <= 0 */
- for (j = 0; j < i; j++)
- if (buf[j] == '\n')
- lf_num++;
- for (j = i-1; j >= 0; j--)
- {
- buf[j+lf_num] = buf[j];
- if (buf[j] == '\n')
- {
- lf_num--;
- i++;
- buf[j+lf_num] = '\r';
- }
- }
- assert(lf_num == 0);
- }
- else
- i=read(fileno(stdin),buf,bufsize);
- if (!s_quiet)
- {
- if ((i <= 0) || (buf[0] == 'Q'))
- {
- BIO_printf(bio_s_out,"DONE\n");
- SHUTDOWN(s);
- close_accept_socket();
- ret= -11;
- goto err;
- }
- if ((i <= 0) || (buf[0] == 'q'))
- {
- BIO_printf(bio_s_out,"DONE\n");
- if (SSL_version(con) != DTLS1_VERSION)
- SHUTDOWN(s);
- /* close_accept_socket();
- ret= -11;*/
- goto err;
- }
- if ((buf[0] == 'r') &&
- ((buf[1] == '\n') || (buf[1] == '\r')))
- {
- SSL_renegotiate(con);
- i=SSL_do_handshake(con);
- printf("SSL_do_handshake -> %d\n",i);
- i=0; /*13; */
- continue;
- /* strcpy(buf,"server side RE-NEGOTIATE\n"); */
- }
- if ((buf[0] == 'R') &&
- ((buf[1] == '\n') || (buf[1] == '\r')))
- {
- SSL_set_verify(con,
- SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
- SSL_renegotiate(con);
- i=SSL_do_handshake(con);
- printf("SSL_do_handshake -> %d\n",i);
- i=0; /* 13; */
- continue;
- /* strcpy(buf,"server side RE-NEGOTIATE asking for client cert\n"); */
- }
- if (buf[0] == 'P')
- {
- static const char *str="Lets print some clear text\n";
- BIO_write(SSL_get_wbio(con),str,strlen(str));
- }
- if (buf[0] == 'S')
- {
- print_stats(bio_s_out,SSL_get_SSL_CTX(con));
- }
- }
-#ifdef CHARSET_EBCDIC
- ebcdic2ascii(buf,buf,i);
-#endif
- l=k=0;
- for (;;)
- {
- /* should do a select for the write */
-#ifdef RENEG
-{ static count=0; if (++count == 100) { count=0; SSL_renegotiate(con); } }
-#endif
- k=SSL_write(con,&(buf[l]),(unsigned int)i);
- switch (SSL_get_error(con,k))
- {
- case SSL_ERROR_NONE:
- break;
- case SSL_ERROR_WANT_WRITE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_printf(bio_s_out,"Write BLOCK\n");
- break;
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- BIO_printf(bio_s_out,"ERROR\n");
- ERR_print_errors(bio_err);
- ret=1;
- goto err;
- /* break; */
- case SSL_ERROR_ZERO_RETURN:
- BIO_printf(bio_s_out,"DONE\n");
- ret=1;
- goto err;
- }
- l+=k;
- i-=k;
- if (i <= 0) break;
- }
- }
- if (read_from_sslcon)
- {
- if (!SSL_is_init_finished(con))
- {
- i=init_ssl_connection(con);
-
- if (i < 0)
- {
- ret=0;
- goto err;
- }
- else if (i == 0)
- {
- ret=1;
- goto err;
- }
- }
- else
- {
-again:
- i=SSL_read(con,(char *)buf,bufsize);
- switch (SSL_get_error(con,i))
- {
- case SSL_ERROR_NONE:
-#ifdef CHARSET_EBCDIC
- ascii2ebcdic(buf,buf,i);
-#endif
- write(fileno(stdout),buf,
- (unsigned int)i);
- if (SSL_pending(con)) goto again;
- break;
- case SSL_ERROR_WANT_WRITE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_printf(bio_s_out,"Read BLOCK\n");
- break;
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- BIO_printf(bio_s_out,"ERROR\n");
- ERR_print_errors(bio_err);
- ret=1;
- goto err;
- case SSL_ERROR_ZERO_RETURN:
- BIO_printf(bio_s_out,"DONE\n");
- ret=1;
- goto err;
- }
- }
- }
- }
-err:
- BIO_printf(bio_s_out,"shutting down SSL\n");
-#if 1
- SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
- SSL_shutdown(con);
-#endif
- if (con != NULL) SSL_free(con);
- BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
- if (buf != NULL)
- {
- OPENSSL_cleanse(buf,bufsize);
- OPENSSL_free(buf);
- }
- if (ret >= 0)
- BIO_printf(bio_s_out,"ACCEPT\n");
- return(ret);
- }
-
-static void close_accept_socket(void)
- {
- BIO_printf(bio_err,"shutdown accept socket\n");
- if (accept_socket >= 0)
- {
- SHUTDOWN2(accept_socket);
- }
- }
-
-static int init_ssl_connection(SSL *con)
- {
- int i;
- const char *str;
- X509 *peer;
- long verify_error;
- MS_STATIC char buf[BUFSIZ];
-
- if ((i=SSL_accept(con)) <= 0)
- {
- if (BIO_sock_should_retry(i))
- {
- BIO_printf(bio_s_out,"DELAY\n");
- return(1);
- }
-
- BIO_printf(bio_err,"ERROR\n");
- verify_error=SSL_get_verify_result(con);
- if (verify_error != X509_V_OK)
- {
- BIO_printf(bio_err,"verify error:%s\n",
- X509_verify_cert_error_string(verify_error));
- }
- else
- ERR_print_errors(bio_err);
- return(0);
- }
-
- PEM_write_bio_SSL_SESSION(bio_s_out,SSL_get_session(con));
-
- peer=SSL_get_peer_certificate(con);
- if (peer != NULL)
- {
- BIO_printf(bio_s_out,"Client certificate\n");
- PEM_write_bio_X509(bio_s_out,peer);
- X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
- BIO_printf(bio_s_out,"subject=%s\n",buf);
- X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
- BIO_printf(bio_s_out,"issuer=%s\n",buf);
- X509_free(peer);
- }
-
- if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
- BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
- str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
- BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
- if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
- if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
- TLS1_FLAGS_TLS_PADDING_BUG)
- BIO_printf(bio_s_out,"Peer has incorrect TLSv1 block padding\n");
-#ifndef OPENSSL_NO_KRB5
- if (con->kssl_ctx->client_princ != NULL)
- {
- BIO_printf(bio_s_out,"Kerberos peer principal is %s\n",
- con->kssl_ctx->client_princ);
- }
-#endif /* OPENSSL_NO_KRB5 */
- return(1);
- }
-
-#ifndef OPENSSL_NO_DH
-static DH *load_dh_param(const char *dhfile)
- {
- DH *ret=NULL;
- BIO *bio;
-
- if ((bio=BIO_new_file(dhfile,"r")) == NULL)
- goto err;
- ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
-err:
- if (bio != NULL) BIO_free(bio);
- return(ret);
- }
-#endif
-
-#if 0
-static int load_CA(SSL_CTX *ctx, char *file)
- {
- FILE *in;
- X509 *x=NULL;
-
- if ((in=fopen(file,"r")) == NULL)
- return(0);
-
- for (;;)
- {
- if (PEM_read_X509(in,&x,NULL) == NULL)
- break;
- SSL_CTX_add_client_CA(ctx,x);
- }
- if (x != NULL) X509_free(x);
- fclose(in);
- return(1);
- }
-#endif
-
-static int www_body(char *hostname, int s, unsigned char *context)
- {
- char *buf=NULL;
- int ret=1;
- int i,j,k,blank,dot;
- struct stat st_buf;
- SSL *con;
- SSL_CIPHER *c;
- BIO *io,*ssl_bio,*sbio;
- long total_bytes;
-
- buf=OPENSSL_malloc(bufsize);
- if (buf == NULL) return(0);
- io=BIO_new(BIO_f_buffer());
- ssl_bio=BIO_new(BIO_f_ssl());
- if ((io == NULL) || (ssl_bio == NULL)) goto err;
-
-#ifdef FIONBIO
- if (s_nbio)
- {
- unsigned long sl=1;
-
- if (!s_quiet)
- BIO_printf(bio_err,"turning on non blocking io\n");
- if (BIO_socket_ioctl(s,FIONBIO,&sl) < 0)
- ERR_print_errors(bio_err);
- }
-#endif
-
- /* lets make the output buffer a reasonable size */
- if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
-
- if ((con=SSL_new(ctx)) == NULL) goto err;
-#ifndef OPENSSL_NO_KRB5
- if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
- {
- kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
- kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
- }
-#endif /* OPENSSL_NO_KRB5 */
- if(context) SSL_set_session_id_context(con, context,
- strlen((char *)context));
-
- sbio=BIO_new_socket(s,BIO_NOCLOSE);
- if (s_nbio_test)
- {
- BIO *test;
-
- test=BIO_new(BIO_f_nbio_test());
- sbio=BIO_push(test,sbio);
- }
- SSL_set_bio(con,sbio,sbio);
- SSL_set_accept_state(con);
-
- /* SSL_set_fd(con,s); */
- BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
- BIO_push(io,ssl_bio);
-#ifdef CHARSET_EBCDIC
- io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io);
-#endif
-
- if (s_debug)
- {
- con->debug=1;
- BIO_set_callback(SSL_get_rbio(con),bio_dump_callback);
- BIO_set_callback_arg(SSL_get_rbio(con),(char *)bio_s_out);
- }
- if (s_msg)
- {
- SSL_set_msg_callback(con, msg_cb);
- SSL_set_msg_callback_arg(con, bio_s_out);
- }
-
- blank=0;
- for (;;)
- {
- if (hack)
- {
- i=SSL_accept(con);
-
- switch (SSL_get_error(con,i))
- {
- case SSL_ERROR_NONE:
- break;
- case SSL_ERROR_WANT_WRITE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_X509_LOOKUP:
- continue;
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- case SSL_ERROR_ZERO_RETURN:
- ret=1;
- goto err;
- /* break; */
- }
-
- SSL_renegotiate(con);
- SSL_write(con,NULL,0);
- }
-
- i=BIO_gets(io,buf,bufsize-1);
- if (i < 0) /* error */
- {
- if (!BIO_should_retry(io))
- {
- if (!s_quiet)
- ERR_print_errors(bio_err);
- goto err;
- }
- else
- {
- BIO_printf(bio_s_out,"read R BLOCK\n");
-#if defined(OPENSSL_SYS_NETWARE)
- delay(1000);
-#elif !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
- sleep(1);
-#endif
- continue;
- }
- }
- else if (i == 0) /* end of input */
- {
- ret=1;
- goto end;
- }
-
- /* else we have data */
- if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) ||
- ((www == 2) && (strncmp("GET /stats ",buf,10) == 0)))
- {
- char *p;
- X509 *peer;
- STACK_OF(SSL_CIPHER) *sk;
- static const char *space=" ";
-
- BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
- BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
- BIO_puts(io,"<pre>\n");
-/* BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
- BIO_puts(io,"\n");
- for (i=0; i<local_argc; i++)
- {
- BIO_puts(io,local_argv[i]);
- BIO_write(io," ",1);
- }
- BIO_puts(io,"\n");
-
- /* The following is evil and should not really
- * be done */
- BIO_printf(io,"Ciphers supported in s_server binary\n");
- sk=SSL_get_ciphers(con);
- j=sk_SSL_CIPHER_num(sk);
- for (i=0; i<j; i++)
- {
- c=sk_SSL_CIPHER_value(sk,i);
- BIO_printf(io,"%-11s:%-25s",
- SSL_CIPHER_get_version(c),
- SSL_CIPHER_get_name(c));
- if ((((i+1)%2) == 0) && (i+1 != j))
- BIO_puts(io,"\n");
- }
- BIO_puts(io,"\n");
- p=SSL_get_shared_ciphers(con,buf,bufsize);
- if (p != NULL)
- {
- BIO_printf(io,"---\nCiphers common between both SSL end points:\n");
- j=i=0;
- while (*p)
- {
- if (*p == ':')
- {
- BIO_write(io,space,26-j);
- i++;
- j=0;
- BIO_write(io,((i%3)?" ":"\n"),1);
- }
- else
- {
- BIO_write(io,p,1);
- j++;
- }
- p++;
- }
- BIO_puts(io,"\n");
- }
- BIO_printf(io,((con->hit)
- ?"---\nReused, "
- :"---\nNew, "));
- c=SSL_get_current_cipher(con);
- BIO_printf(io,"%s, Cipher is %s\n",
- SSL_CIPHER_get_version(c),
- SSL_CIPHER_get_name(c));
- SSL_SESSION_print(io,SSL_get_session(con));
- BIO_printf(io,"---\n");
- print_stats(io,SSL_get_SSL_CTX(con));
- BIO_printf(io,"---\n");
- peer=SSL_get_peer_certificate(con);
- if (peer != NULL)
- {
- BIO_printf(io,"Client certificate\n");
- X509_print(io,peer);
- PEM_write_bio_X509(io,peer);
- }
- else
- BIO_puts(io,"no client certificate available\n");
- BIO_puts(io,"</BODY></HTML>\r\n\r\n");
- break;
- }
- else if ((www == 2 || www == 3)
- && (strncmp("GET /",buf,5) == 0))
- {
- BIO *file;
- char *p,*e;
- static const char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
-
- /* skip the '/' */
- p= &(buf[5]);
-
- dot = 1;
- for (e=p; *e != '\0'; e++)
- {
- if (e[0] == ' ')
- break;
-
- switch (dot)
- {
- case 1:
- dot = (e[0] == '.') ? 2 : 0;
- break;
- case 2:
- dot = (e[0] == '.') ? 3 : 0;
- break;
- case 3:
- dot = (e[0] == '/') ? -1 : 0;
- break;
- }
- if (dot == 0)
- dot = (e[0] == '/') ? 1 : 0;
- }
- dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
-
- if (*e == '\0')
- {
- BIO_puts(io,text);
- BIO_printf(io,"'%s' is an invalid file name\r\n",p);
- break;
- }
- *e='\0';
-
- if (dot)
- {
- BIO_puts(io,text);
- BIO_printf(io,"'%s' contains '..' reference\r\n",p);
- break;
- }
-
- if (*p == '/')
- {
- BIO_puts(io,text);
- BIO_printf(io,"'%s' is an invalid path\r\n",p);
- break;
- }
-
-#if 0
- /* append if a directory lookup */
- if (e[-1] == '/')
- strcat(p,"index.html");
-#endif
-
- /* if a directory, do the index thang */
- if (stat(p,&st_buf) < 0)
- {
- BIO_puts(io,text);
- BIO_printf(io,"Error accessing '%s'\r\n",p);
- ERR_print_errors(io);
- break;
- }
- if (S_ISDIR(st_buf.st_mode))
- {
-#if 0 /* must check buffer size */
- strcat(p,"/index.html");
-#else
- BIO_puts(io,text);
- BIO_printf(io,"'%s' is a directory\r\n",p);
- break;
-#endif
- }
-
- if ((file=BIO_new_file(p,"r")) == NULL)
- {
- BIO_puts(io,text);
- BIO_printf(io,"Error opening '%s'\r\n",p);
- ERR_print_errors(io);
- break;
- }
-
- if (!s_quiet)
- BIO_printf(bio_err,"FILE:%s\n",p);
-
- if (www == 2)
- {
- i=strlen(p);
- if ( ((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
- ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
- ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
- BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
- else
- BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
- }
- /* send the file */
- total_bytes=0;
- for (;;)
- {
- i=BIO_read(file,buf,bufsize);
- if (i <= 0) break;
-
-#ifdef RENEG
- total_bytes+=i;
- fprintf(stderr,"%d\n",i);
- if (total_bytes > 3*1024)
- {
- total_bytes=0;
- fprintf(stderr,"RENEGOTIATE\n");
- SSL_renegotiate(con);
- }
-#endif
-
- for (j=0; j<i; )
- {
-#ifdef RENEG
-{ static count=0; if (++count == 13) { SSL_renegotiate(con); } }
-#endif
- k=BIO_write(io,&(buf[j]),i-j);
- if (k <= 0)
- {
- if (!BIO_should_retry(io))
- goto write_error;
- else
- {
- BIO_printf(bio_s_out,"rwrite W BLOCK\n");
- }
- }
- else
- {
- j+=k;
- }
- }
- }
-write_error:
- BIO_free(file);
- break;
- }
- }
-
- for (;;)
- {
- i=(int)BIO_flush(io);
- if (i <= 0)
- {
- if (!BIO_should_retry(io))
- break;
- }
- else
- break;
- }
-end:
-#if 1
- /* make sure we re-use sessions */
- SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
- /* This kills performance */
-/* SSL_shutdown(con); A shutdown gets sent in the
- * BIO_free_all(io) procession */
-#endif
-
-err:
-
- if (ret >= 0)
- BIO_printf(bio_s_out,"ACCEPT\n");
-
- if (buf != NULL) OPENSSL_free(buf);
- if (io != NULL) BIO_free_all(io);
-/* if (ssl_bio != NULL) BIO_free(ssl_bio);*/
- return(ret);
- }
-
-#ifndef OPENSSL_NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
- {
- BIGNUM *bn = NULL;
- static RSA *rsa_tmp=NULL;
-
- if (!rsa_tmp && ((bn = BN_new()) == NULL))
- BIO_printf(bio_err,"Allocation error in generating RSA key\n");
- if (!rsa_tmp && bn)
- {
- if (!s_quiet)
- {
- BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
- (void)BIO_flush(bio_err);
- }
- if(!BN_set_word(bn, RSA_F4) || ((rsa_tmp = RSA_new()) == NULL) ||
- !RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL))
- {
- if(rsa_tmp) RSA_free(rsa_tmp);
- rsa_tmp = NULL;
- }
- if (!s_quiet)
- {
- BIO_printf(bio_err,"\n");
- (void)BIO_flush(bio_err);
- }
- BN_free(bn);
- }
- return(rsa_tmp);
- }
-#endif
-
-#define MAX_SESSION_ID_ATTEMPTS 10
-static int generate_session_id(const SSL *ssl, unsigned char *id,
- unsigned int *id_len)
- {
- unsigned int count = 0;
- do {
- RAND_pseudo_bytes(id, *id_len);
- /* Prefix the session_id with the required prefix. NB: If our
- * prefix is too long, clip it - but there will be worse effects
- * anyway, eg. the server could only possibly create 1 session
- * ID (ie. the prefix!) so all future session negotiations will
- * fail due to conflicts. */
- memcpy(id, session_id_prefix,
- (strlen(session_id_prefix) < *id_len) ?
- strlen(session_id_prefix) : *id_len);
- }
- while(SSL_has_matching_session_id(ssl, id, *id_len) &&
- (++count < MAX_SESSION_ID_ATTEMPTS));
- if(count >= MAX_SESSION_ID_ATTEMPTS)
- return 0;
- return 1;
- }
diff --git a/crypto/openssl/apps/s_socket.c b/crypto/openssl/apps/s_socket.c
deleted file mode 100644
index 4a922e1..0000000
--- a/crypto/openssl/apps/s_socket.c
+++ /dev/null
@@ -1,617 +0,0 @@
-/* apps/s_socket.c - socket-related functions used by s_client and s_server */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <signal.h>
-
-/* With IPv6, it looks like Digital has mixed up the proper order of
- recursive header file inclusion, resulting in the compiler complaining
- that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
- is needed to have fileno() declared correctly... So let's define u_int */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
-#define __U_INT
-typedef unsigned int u_int;
-#endif
-
-#define USE_SOCKETS
-#define NON_MAIN
-#include "apps.h"
-#undef USE_SOCKETS
-#undef NON_MAIN
-#include "s_apps.h"
-#include <openssl/ssl.h>
-
-#ifdef FLAT_INC
-#include "e_os.h"
-#else
-#include "../e_os.h"
-#endif
-
-#ifndef OPENSSL_NO_SOCK
-
-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK)
-#include "netdb.h"
-#endif
-
-static struct hostent *GetHostByName(char *name);
-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
-static void ssl_sock_cleanup(void);
-#endif
-static int ssl_sock_init(void);
-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
-static int init_server(int *sock, int port, int type);
-static int init_server_long(int *sock, int port,char *ip, int type);
-static int do_accept(int acc_sock, int *sock, char **host);
-static int host_ip(char *str, unsigned char ip[4]);
-
-#ifdef OPENSSL_SYS_WIN16
-#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
-#else
-#define SOCKET_PROTOCOL IPPROTO_TCP
-#endif
-
-#if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
-static int wsa_init_done=0;
-#endif
-
-#ifdef OPENSSL_SYS_WINDOWS
-static struct WSAData wsa_state;
-static int wsa_init_done=0;
-
-#ifdef OPENSSL_SYS_WIN16
-static HWND topWnd=0;
-static FARPROC lpTopWndProc=NULL;
-static FARPROC lpTopHookProc=NULL;
-extern HINSTANCE _hInstance; /* nice global CRT provides */
-
-static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
- LPARAM lParam)
- {
- if (hwnd == topWnd)
- {
- switch(message)
- {
- case WM_DESTROY:
- case WM_CLOSE:
- SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
- ssl_sock_cleanup();
- break;
- }
- }
- return CallWindowProc(lpTopWndProc,hwnd,message,wParam,lParam);
- }
-
-static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
- {
- topWnd=hwnd;
- return(FALSE);
- }
-
-#endif /* OPENSSL_SYS_WIN32 */
-#endif /* OPENSSL_SYS_WINDOWS */
-
-#ifdef OPENSSL_SYS_WINDOWS
-static void ssl_sock_cleanup(void)
- {
- if (wsa_init_done)
- {
- wsa_init_done=0;
-#ifndef OPENSSL_SYS_WINCE
- WSACancelBlockingCall();
-#endif
- WSACleanup();
- }
- }
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
-static void sock_cleanup(void)
- {
- if (wsa_init_done)
- {
- wsa_init_done=0;
- WSACleanup();
- }
- }
-#endif
-
-static int ssl_sock_init(void)
- {
-#ifdef WATT32
- extern int _watt_do_exit;
- _watt_do_exit = 0;
- if (sock_init())
- return (0);
-#elif defined(OPENSSL_SYS_WINDOWS)
- if (!wsa_init_done)
- {
- int err;
-
-#ifdef SIGINT
- signal(SIGINT,(void (*)(int))ssl_sock_cleanup);
-#endif
- wsa_init_done=1;
- memset(&wsa_state,0,sizeof(wsa_state));
- if (WSAStartup(0x0101,&wsa_state)!=0)
- {
- err=WSAGetLastError();
- BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err);
- return(0);
- }
-
-#ifdef OPENSSL_SYS_WIN16
- EnumTaskWindows(GetCurrentTask(),enumproc,0L);
- lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
- lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
-
- SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
-#endif /* OPENSSL_SYS_WIN16 */
- }
-#elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
- WORD wVerReq;
- WSADATA wsaData;
- int err;
-
- if (!wsa_init_done)
- {
-
-# ifdef SIGINT
- signal(SIGINT,(void (*)(int))sock_cleanup);
-# endif
-
- wsa_init_done=1;
- wVerReq = MAKEWORD( 2, 0 );
- err = WSAStartup(wVerReq,&wsaData);
- if (err != 0)
- {
- BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err);
- return(0);
- }
- }
-#endif /* OPENSSL_SYS_WINDOWS */
- return(1);
- }
-
-int init_client(int *sock, char *host, int port, int type)
- {
- unsigned char ip[4];
- short p=0;
-
- if (!host_ip(host,&(ip[0])))
- {
- return(0);
- }
- if (p != 0) port=p;
- return(init_client_ip(sock,ip,port,type));
- }
-
-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
- {
- unsigned long addr;
- struct sockaddr_in them;
- int s,i;
-
- if (!ssl_sock_init()) return(0);
-
- memset((char *)&them,0,sizeof(them));
- them.sin_family=AF_INET;
- them.sin_port=htons((unsigned short)port);
- addr=(unsigned long)
- ((unsigned long)ip[0]<<24L)|
- ((unsigned long)ip[1]<<16L)|
- ((unsigned long)ip[2]<< 8L)|
- ((unsigned long)ip[3]);
- them.sin_addr.s_addr=htonl(addr);
-
- if (type == SOCK_STREAM)
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- else /* ( type == SOCK_DGRAM) */
- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-
- if (s == INVALID_SOCKET) { perror("socket"); return(0); }
-
-#ifndef OPENSSL_SYS_MPE
- if (type == SOCK_STREAM)
- {
- i=0;
- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
- if (i < 0) { perror("keepalive"); return(0); }
- }
-#endif
-
- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
- { close(s); perror("connect"); return(0); }
- *sock=s;
- return(1);
- }
-
-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
- {
- int sock;
- char *name = NULL;
- int accept_socket;
- int i;
-
- if (!init_server(&accept_socket,port,type)) return(0);
-
- if (ret != NULL)
- {
- *ret=accept_socket;
- /* return(1);*/
- }
- for (;;)
- {
- if (type==SOCK_STREAM)
- {
- if (do_accept(accept_socket,&sock,&name) == 0)
- {
- SHUTDOWN(accept_socket);
- return(0);
- }
- }
- else
- sock = accept_socket;
- i=(*cb)(name,sock, context);
- if (name != NULL) OPENSSL_free(name);
- if (type==SOCK_STREAM)
- SHUTDOWN2(sock);
- if (i < 0)
- {
- SHUTDOWN2(accept_socket);
- return(i);
- }
- }
- }
-
-static int init_server_long(int *sock, int port, char *ip, int type)
- {
- int ret=0;
- struct sockaddr_in server;
- int s= -1,i;
-
- if (!ssl_sock_init()) return(0);
-
- memset((char *)&server,0,sizeof(server));
- server.sin_family=AF_INET;
- server.sin_port=htons((unsigned short)port);
- if (ip == NULL)
- server.sin_addr.s_addr=INADDR_ANY;
- else
-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-#ifndef BIT_FIELD_LIMITS
- memcpy(&server.sin_addr.s_addr,ip,4);
-#else
- memcpy(&server.sin_addr,ip,4);
-#endif
-
- if (type == SOCK_STREAM)
- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
- else /* type == SOCK_DGRAM */
- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
-
- if (s == INVALID_SOCKET) goto err;
-#if defined SOL_SOCKET && defined SO_REUSEADDR
- {
- int j = 1;
- setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
- (void *) &j, sizeof j);
- }
-#endif
- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
- {
-#ifndef OPENSSL_SYS_WINDOWS
- perror("bind");
-#endif
- goto err;
- }
- /* Make it 128 for linux */
- if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
- i=0;
- *sock=s;
- ret=1;
-err:
- if ((ret == 0) && (s != -1))
- {
- SHUTDOWN(s);
- }
- return(ret);
- }
-
-static int init_server(int *sock, int port, int type)
- {
- return(init_server_long(sock, port, NULL, type));
- }
-
-static int do_accept(int acc_sock, int *sock, char **host)
- {
- int ret,i;
- struct hostent *h1,*h2;
- static struct sockaddr_in from;
- int len;
-/* struct linger ling; */
-
- if (!ssl_sock_init()) return(0);
-
-#ifndef OPENSSL_SYS_WINDOWS
-redoit:
-#endif
-
- memset((char *)&from,0,sizeof(from));
- len=sizeof(from);
- /* Note: under VMS with SOCKETSHR the fourth parameter is currently
- * of type (int *) whereas under other systems it is (void *) if
- * you don't have a cast it will choke the compiler: if you do
- * have a cast then you can either go for (int *) or (void *).
- */
- ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
- if (ret == INVALID_SOCKET)
- {
-#if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
- i=WSAGetLastError();
- BIO_printf(bio_err,"accept error %d\n",i);
-#else
- if (errno == EINTR)
- {
- /*check_timeout(); */
- goto redoit;
- }
- fprintf(stderr,"errno=%d ",errno);
- perror("accept");
-#endif
- return(0);
- }
-
-/*
- ling.l_onoff=1;
- ling.l_linger=0;
- i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
- if (i < 0) { perror("linger"); return(0); }
- i=0;
- i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
- if (i < 0) { perror("keepalive"); return(0); }
-*/
-
- if (host == NULL) goto end;
-#ifndef BIT_FIELD_LIMITS
- /* I should use WSAAsyncGetHostByName() under windows */
- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
- sizeof(from.sin_addr.s_addr),AF_INET);
-#else
- h1=gethostbyaddr((char *)&from.sin_addr,
- sizeof(struct in_addr),AF_INET);
-#endif
- if (h1 == NULL)
- {
- BIO_printf(bio_err,"bad gethostbyaddr\n");
- *host=NULL;
- /* return(0); */
- }
- else
- {
- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
- {
- perror("OPENSSL_malloc");
- return(0);
- }
- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
-
- h2=GetHostByName(*host);
- if (h2 == NULL)
- {
- BIO_printf(bio_err,"gethostbyname failure\n");
- return(0);
- }
- i=0;
- if (h2->h_addrtype != AF_INET)
- {
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
- return(0);
- }
- }
-end:
- *sock=ret;
- return(1);
- }
-
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
- short *port_ptr)
- {
- char *h,*p;
-
- h=str;
- p=strchr(str,':');
- if (p == NULL)
- {
- BIO_printf(bio_err,"no port defined\n");
- return(0);
- }
- *(p++)='\0';
-
- if ((ip != NULL) && !host_ip(str,ip))
- goto err;
- if (host_ptr != NULL) *host_ptr=h;
-
- if (!extract_port(p,port_ptr))
- goto err;
- return(1);
-err:
- return(0);
- }
-
-static int host_ip(char *str, unsigned char ip[4])
- {
- unsigned int in[4];
- int i;
-
- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
- {
- for (i=0; i<4; i++)
- if (in[i] > 255)
- {
- BIO_printf(bio_err,"invalid IP address\n");
- goto err;
- }
- ip[0]=in[0];
- ip[1]=in[1];
- ip[2]=in[2];
- ip[3]=in[3];
- }
- else
- { /* do a gethostbyname */
- struct hostent *he;
-
- if (!ssl_sock_init()) return(0);
-
- he=GetHostByName(str);
- if (he == NULL)
- {
- BIO_printf(bio_err,"gethostbyname failure\n");
- goto err;
- }
- /* cast to short because of win16 winsock definition */
- if ((short)he->h_addrtype != AF_INET)
- {
- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
- return(0);
- }
- ip[0]=he->h_addr_list[0][0];
- ip[1]=he->h_addr_list[0][1];
- ip[2]=he->h_addr_list[0][2];
- ip[3]=he->h_addr_list[0][3];
- }
- return(1);
-err:
- return(0);
- }
-
-int extract_port(char *str, short *port_ptr)
- {
- int i;
- struct servent *s;
-
- i=atoi(str);
- if (i != 0)
- *port_ptr=(unsigned short)i;
- else
- {
- s=getservbyname(str,"tcp");
- if (s == NULL)
- {
- BIO_printf(bio_err,"getservbyname failure for %s\n",str);
- return(0);
- }
- *port_ptr=ntohs((unsigned short)s->s_port);
- }
- return(1);
- }
-
-#define GHBN_NUM 4
-static struct ghbn_cache_st
- {
- char name[128];
- struct hostent ent;
- unsigned long order;
- } ghbn_cache[GHBN_NUM];
-
-static unsigned long ghbn_hits=0L;
-static unsigned long ghbn_miss=0L;
-
-static struct hostent *GetHostByName(char *name)
- {
- struct hostent *ret;
- int i,lowi=0;
- unsigned long low= (unsigned long)-1;
-
- for (i=0; i<GHBN_NUM; i++)
- {
- if (low > ghbn_cache[i].order)
- {
- low=ghbn_cache[i].order;
- lowi=i;
- }
- if (ghbn_cache[i].order > 0)
- {
- if (strncmp(name,ghbn_cache[i].name,128) == 0)
- break;
- }
- }
- if (i == GHBN_NUM) /* no hit*/
- {
- ghbn_miss++;
- ret=gethostbyname(name);
- if (ret == NULL) return(NULL);
- /* else add to cache */
- if(strlen(name) < sizeof ghbn_cache[0].name)
- {
- strcpy(ghbn_cache[lowi].name,name);
- memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
- ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
- }
- return(ret);
- }
- else
- {
- ghbn_hits++;
- ret= &(ghbn_cache[i].ent);
- ghbn_cache[i].order=ghbn_miss+ghbn_hits;
- return(ret);
- }
- }
-
-#endif
diff --git a/crypto/openssl/apps/s_time.c b/crypto/openssl/apps/s_time.c
deleted file mode 100644
index 904945e..0000000
--- a/crypto/openssl/apps/s_time.c
+++ /dev/null
@@ -1,735 +0,0 @@
-/* apps/s_time.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define NO_SHUTDOWN
-
-/*-----------------------------------------
- s_time - SSL client connection timer program
- Written and donated by Larry Streepy <streepy@healthcare.com>
- -----------------------------------------*/
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define USE_SOCKETS
-#include "apps.h"
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/pem.h>
-#include "s_apps.h"
-#include <openssl/err.h>
-#ifdef WIN32_STUFF
-#include "winmain.h"
-#include "wintext.h"
-#endif
-#if !defined(OPENSSL_SYS_MSDOS)
-#include OPENSSL_UNISTD
-#endif
-
-#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
-#define TIMES
-#endif
-
-#ifndef _IRIX
-#include <time.h>
-#endif
-#ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
-#include <sys/timeb.h>
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-/* The following if from times(3) man page. It may need to be changed
-*/
-#ifndef HZ
-# ifdef _SC_CLK_TCK
-# define HZ ((double)sysconf(_SC_CLK_TCK))
-# else
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-# define HZ 100.0
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-# endif
-#endif
-
-#undef PROG
-#define PROG s_time_main
-
-#undef ioctl
-#define ioctl ioctlsocket
-
-#define SSL_CONNECT_NAME "localhost:4433"
-
-/*#define TEST_CERT "client.pem" */ /* no default cert. */
-
-#undef BUFSIZZ
-#define BUFSIZZ 1024*10
-
-#define MYBUFSIZ 1024*8
-
-#undef min
-#undef max
-#define min(a,b) (((a) < (b)) ? (a) : (b))
-#define max(a,b) (((a) > (b)) ? (a) : (b))
-
-#undef SECONDS
-#define SECONDS 30
-extern int verify_depth;
-extern int verify_error;
-
-static void s_time_usage(void);
-static int parseArgs( int argc, char **argv );
-static SSL *doConnection( SSL *scon );
-static void s_time_init(void);
-
-/***********************************************************************
- * Static data declarations
- */
-
-/* static char *port=PORT_STR;*/
-static char *host=SSL_CONNECT_NAME;
-static char *t_cert_file=NULL;
-static char *t_key_file=NULL;
-static char *CApath=NULL;
-static char *CAfile=NULL;
-static char *tm_cipher=NULL;
-static int tm_verify = SSL_VERIFY_NONE;
-static int maxTime = SECONDS;
-static SSL_CTX *tm_ctx=NULL;
-static SSL_METHOD *s_time_meth=NULL;
-static char *s_www_path=NULL;
-static long bytes_read=0;
-static int st_bugs=0;
-static int perform=0;
-#ifdef FIONBIO
-static int t_nbio=0;
-#endif
-#ifdef OPENSSL_SYS_WIN32
-static int exitNow = 0; /* Set when it's time to exit main */
-#endif
-
-static void s_time_init(void)
- {
- host=SSL_CONNECT_NAME;
- t_cert_file=NULL;
- t_key_file=NULL;
- CApath=NULL;
- CAfile=NULL;
- tm_cipher=NULL;
- tm_verify = SSL_VERIFY_NONE;
- maxTime = SECONDS;
- tm_ctx=NULL;
- s_time_meth=NULL;
- s_www_path=NULL;
- bytes_read=0;
- st_bugs=0;
- perform=0;
-
-#ifdef FIONBIO
- t_nbio=0;
-#endif
-#ifdef OPENSSL_SYS_WIN32
- exitNow = 0; /* Set when it's time to exit main */
-#endif
- }
-
-/***********************************************************************
- * usage - display usage message
- */
-static void s_time_usage(void)
-{
- static char umsg[] = "\
--time arg - max number of seconds to collect data, default %d\n\
--verify arg - turn on peer certificate verification, arg == depth\n\
--cert arg - certificate file to use, PEM format assumed\n\
--key arg - RSA file to use, PEM format assumed, key is in cert file\n\
- file if not specified by this option\n\
--CApath arg - PEM format directory of CA's\n\
--CAfile arg - PEM format file of CA's\n\
--cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
-
- printf( "usage: s_time <args>\n\n" );
-
- printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
-#ifdef FIONBIO
- printf("-nbio - Run with non-blocking IO\n");
- printf("-ssl2 - Just use SSLv2\n");
- printf("-ssl3 - Just use SSLv3\n");
- printf("-bugs - Turn on SSL bug compatibility\n");
- printf("-new - Just time new connections\n");
- printf("-reuse - Just time connection reuse\n");
- printf("-www page - Retrieve 'page' from the site\n");
-#endif
- printf( umsg,SECONDS );
-}
-
-/***********************************************************************
- * parseArgs - Parse command line arguments and initialize data
- *
- * Returns 0 if ok, -1 on bad args
- */
-static int parseArgs(int argc, char **argv)
-{
- int badop = 0;
-
- verify_depth=0;
- verify_error=X509_V_OK;
-
- argc--;
- argv++;
-
- while (argc >= 1) {
- if (strcmp(*argv,"-connect") == 0)
- {
- if (--argc < 1) goto bad;
- host= *(++argv);
- }
-#if 0
- else if( strcmp(*argv,"-host") == 0)
- {
- if (--argc < 1) goto bad;
- host= *(++argv);
- }
- else if( strcmp(*argv,"-port") == 0)
- {
- if (--argc < 1) goto bad;
- port= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-reuse") == 0)
- perform=2;
- else if (strcmp(*argv,"-new") == 0)
- perform=1;
- else if( strcmp(*argv,"-verify") == 0) {
-
- tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
- if (--argc < 1) goto bad;
- verify_depth=atoi(*(++argv));
- BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
-
- } else if( strcmp(*argv,"-cert") == 0) {
-
- if (--argc < 1) goto bad;
- t_cert_file= *(++argv);
-
- } else if( strcmp(*argv,"-key") == 0) {
-
- if (--argc < 1) goto bad;
- t_key_file= *(++argv);
-
- } else if( strcmp(*argv,"-CApath") == 0) {
-
- if (--argc < 1) goto bad;
- CApath= *(++argv);
-
- } else if( strcmp(*argv,"-CAfile") == 0) {
-
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
-
- } else if( strcmp(*argv,"-cipher") == 0) {
-
- if (--argc < 1) goto bad;
- tm_cipher= *(++argv);
- }
-#ifdef FIONBIO
- else if(strcmp(*argv,"-nbio") == 0) {
- t_nbio=1;
- }
-#endif
- else if(strcmp(*argv,"-www") == 0)
- {
- if (--argc < 1) goto bad;
- s_www_path= *(++argv);
- if(strlen(s_www_path) > MYBUFSIZ-100)
- {
- BIO_printf(bio_err,"-www option too long\n");
- badop=1;
- }
- }
- else if(strcmp(*argv,"-bugs") == 0)
- st_bugs=1;
-#ifndef OPENSSL_NO_SSL2
- else if(strcmp(*argv,"-ssl2") == 0)
- s_time_meth=SSLv2_client_method();
-#endif
-#ifndef OPENSSL_NO_SSL3
- else if(strcmp(*argv,"-ssl3") == 0)
- s_time_meth=SSLv3_client_method();
-#endif
- else if( strcmp(*argv,"-time") == 0) {
-
- if (--argc < 1) goto bad;
- maxTime= atoi(*(++argv));
- }
- else {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badop=1;
- break;
- }
-
- argc--;
- argv++;
- }
-
- if (perform == 0) perform=3;
-
- if(badop) {
-bad:
- s_time_usage();
- return -1;
- }
-
- return 0; /* Valid args */
-}
-
-/***********************************************************************
- * TIME - time functions
- */
-#define START 0
-#define STOP 1
-
-static double tm_Time_F(int s)
- {
- static double ret;
-#ifdef TIMES
- static struct tms tstart,tend;
-
- if(s == START) {
- times(&tstart);
- return(0);
- } else {
- times(&tend);
- ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
- return((ret == 0.0)?1e-6:ret);
- }
-#elif defined(OPENSSL_SYS_NETWARE)
- static clock_t tstart,tend;
-
- if (s == START)
- {
- tstart=clock();
- return(0);
- }
- else
- {
- tend=clock();
- ret=(double)((double)(tend)-(double)(tstart));
- return((ret < 0.001)?0.001:ret);
- }
-#elif defined(OPENSSL_SYS_VXWORKS)
- {
- static unsigned long tick_start, tick_end;
-
- if( s == START )
- {
- tick_start = tickGet();
- return 0;
- }
- else
- {
- tick_end = tickGet();
- ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
- return((ret == 0.0)?1e-6:ret);
- }
- }
-#else /* !times() */
- static struct timeb tstart,tend;
- long i;
-
- if(s == START) {
- ftime(&tstart);
- return(0);
- } else {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
- return((ret == 0.0)?1e-6:ret);
- }
-#endif
-}
-
-/***********************************************************************
- * MAIN - main processing area for client
- * real name depends on MONOLITH
- */
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- double totalTime = 0.0;
- int nConn = 0;
- SSL *scon=NULL;
- long finishtime=0;
- int ret=1,i;
- MS_STATIC char buf[1024*8];
- int ver;
-
- apps_startup();
- s_time_init();
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- s_time_meth=SSLv23_client_method();
-#elif !defined(OPENSSL_NO_SSL3)
- s_time_meth=SSLv3_client_method();
-#elif !defined(OPENSSL_NO_SSL2)
- s_time_meth=SSLv2_client_method();
-#endif
-
- /* parse the command line arguments */
- if( parseArgs( argc, argv ) < 0 )
- goto end;
-
- OpenSSL_add_ssl_algorithms();
- if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
-
- SSL_CTX_set_quiet_shutdown(tm_ctx,1);
-
- if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
- SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
- if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file))
- goto end;
-
- SSL_load_error_strings();
-
- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(tm_ctx)))
- {
- /* BIO_printf(bio_err,"error setting default verify locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
- }
-
- if (tm_cipher == NULL)
- tm_cipher = getenv("SSL_CIPHER");
-
- if (tm_cipher == NULL ) {
- fprintf( stderr, "No CIPHER specified\n" );
- }
-
- if (!(perform & 1)) goto next;
- printf( "Collecting connection statistics for %d seconds\n", maxTime );
-
- /* Loop and time how long it takes to make connections */
-
- bytes_read=0;
- finishtime=(long)time(NULL)+maxTime;
- tm_Time_F(START);
- for (;;)
- {
- if (finishtime < (long)time(NULL)) break;
-#ifdef WIN32_STUFF
-
- if( flushWinMsgs(0) == -1 )
- goto end;
-
- if( waitingToDie || exitNow ) /* we're dead */
- goto end;
-#endif
-
- if( (scon = doConnection( NULL )) == NULL )
- goto end;
-
- if (s_www_path != NULL)
- {
- BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
- SSL_write(scon,buf,strlen(buf));
- while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
- bytes_read+=i;
- }
-
-#ifdef NO_SHUTDOWN
- SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
- SSL_shutdown(scon);
-#endif
- SHUTDOWN2(SSL_get_fd(scon));
-
- nConn += 1;
- if (SSL_session_reused(scon))
- ver='r';
- else
- {
- ver=SSL_version(scon);
- if (ver == TLS1_VERSION)
- ver='t';
- else if (ver == SSL3_VERSION)
- ver='3';
- else if (ver == SSL2_VERSION)
- ver='2';
- else
- ver='*';
- }
- fputc(ver,stdout);
- fflush(stdout);
-
- SSL_free( scon );
- scon=NULL;
- }
- totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
-
- i=(int)((long)time(NULL)-finishtime+maxTime);
- printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
- printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
-
- /* Now loop and time connections using the same session id over and over */
-
-next:
- if (!(perform & 2)) goto end;
- printf( "\n\nNow timing with session id reuse.\n" );
-
- /* Get an SSL object so we can reuse the session id */
- if( (scon = doConnection( NULL )) == NULL )
- {
- fprintf( stderr, "Unable to get connection\n" );
- goto end;
- }
-
- if (s_www_path != NULL)
- {
- BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
- SSL_write(scon,buf,strlen(buf));
- while (SSL_read(scon,buf,sizeof(buf)) > 0)
- ;
- }
-#ifdef NO_SHUTDOWN
- SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
- SSL_shutdown(scon);
-#endif
- SHUTDOWN2(SSL_get_fd(scon));
-
- nConn = 0;
- totalTime = 0.0;
-
- finishtime=(long)time(NULL)+maxTime;
-
- printf( "starting\n" );
- bytes_read=0;
- tm_Time_F(START);
-
- for (;;)
- {
- if (finishtime < (long)time(NULL)) break;
-
-#ifdef WIN32_STUFF
- if( flushWinMsgs(0) == -1 )
- goto end;
-
- if( waitingToDie || exitNow ) /* we're dead */
- goto end;
-#endif
-
- if( (doConnection( scon )) == NULL )
- goto end;
-
- if (s_www_path)
- {
- BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
- SSL_write(scon,buf,strlen(buf));
- while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
- bytes_read+=i;
- }
-
-#ifdef NO_SHUTDOWN
- SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-#else
- SSL_shutdown(scon);
-#endif
- SHUTDOWN2(SSL_get_fd(scon));
-
- nConn += 1;
- if (SSL_session_reused(scon))
- ver='r';
- else
- {
- ver=SSL_version(scon);
- if (ver == TLS1_VERSION)
- ver='t';
- else if (ver == SSL3_VERSION)
- ver='3';
- else if (ver == SSL2_VERSION)
- ver='2';
- else
- ver='*';
- }
- fputc(ver,stdout);
- fflush(stdout);
- }
- totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/
-
-
- printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
- printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
-
- ret=0;
-end:
- if (scon != NULL) SSL_free(scon);
-
- if (tm_ctx != NULL)
- {
- SSL_CTX_free(tm_ctx);
- tm_ctx=NULL;
- }
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-/***********************************************************************
- * doConnection - make a connection
- * Args:
- * scon = earlier ssl connection for session id, or NULL
- * Returns:
- * SSL * = the connection pointer.
- */
-static SSL *doConnection(SSL *scon)
- {
- BIO *conn;
- SSL *serverCon;
- int width, i;
- fd_set readfds;
-
- if ((conn=BIO_new(BIO_s_connect())) == NULL)
- return(NULL);
-
-/* BIO_set_conn_port(conn,port);*/
- BIO_set_conn_hostname(conn,host);
-
- if (scon == NULL)
- serverCon=SSL_new(tm_ctx);
- else
- {
- serverCon=scon;
- SSL_set_connect_state(serverCon);
- }
-
- SSL_set_bio(serverCon,conn,conn);
-
-#if 0
- if( scon != NULL )
- SSL_set_session(serverCon,SSL_get_session(scon));
-#endif
-
- /* ok, lets connect */
- for(;;) {
- i=SSL_connect(serverCon);
- if (BIO_sock_should_retry(i))
- {
- BIO_printf(bio_err,"DELAY\n");
-
- i=SSL_get_fd(serverCon);
- width=i+1;
- FD_ZERO(&readfds);
- FD_SET(i,&readfds);
- /* Note: under VMS with SOCKETSHR the 2nd parameter
- * is currently of type (int *) whereas under other
- * systems it is (void *) if you don't have a cast it
- * will choke the compiler: if you do have a cast then
- * you can either go for (int *) or (void *).
- */
- select(width,(void *)&readfds,NULL,NULL,NULL);
- continue;
- }
- break;
- }
- if(i <= 0)
- {
- BIO_printf(bio_err,"ERROR\n");
- if (verify_error != X509_V_OK)
- BIO_printf(bio_err,"verify error:%s\n",
- X509_verify_cert_error_string(verify_error));
- else
- ERR_print_errors(bio_err);
- if (scon == NULL)
- SSL_free(serverCon);
- return NULL;
- }
-
- return serverCon;
- }
-
-
diff --git a/crypto/openssl/apps/server.pem b/crypto/openssl/apps/server.pem
deleted file mode 100644
index 56248e5..0000000
--- a/crypto/openssl/apps/server.pem
+++ /dev/null
@@ -1,369 +0,0 @@
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
------BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0
-MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
-A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
-cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
-Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4
-GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM
-k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz
-itAE+OjGF+PFKbwX8Q==
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
-TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
-OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
-gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
-rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
-PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
-vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
------END RSA PRIVATE KEY-----
-subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
-issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
-notBefore=950413210656Z
-notAfter =970412210656Z
------BEGIN X509 CERTIFICATE-----
-
-MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
-BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
-ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
-BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
-VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
-MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
-3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
-YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
-hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
-dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
-zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
------END X509 CERTIFICATE-----
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
------BEGIN CERTIFICATE-----
-MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
-OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
-IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
-DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
-1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
-mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
-hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
-YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
-q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
-gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
-2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
-AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
-hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
-J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
-HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
-21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
-nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
-MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
-pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
-KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
-XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
------END RSA PRIVATE KEY-----
------BEGIN X509 CERTIFICATE-----
-MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
-LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
-MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
-b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
-EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
-bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
-ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
-hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
-ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
-bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
-fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
-R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
-Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
------END X509 CERTIFICATE-----
------BEGIN X509 CERTIFICATE-----
-
-MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
-Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
-GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
-bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
-BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
-BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
-ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
-ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
-H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
-WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
-MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
-LC7obsrHD8XAHG+ZRG==
------END X509 CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
-MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
-DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
-CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
-amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
-iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
-U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
-zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
-BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
-/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
-lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
-S7ELuYGtmYgYm9NZOIr7yU0=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
-A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
-aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
-LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
-gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
-ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
-dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
-SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
-bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
-OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
-GJNMJ4L0AJ/ac+SmHZc=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
-BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
-HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
-IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
-MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
-aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
-GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
-ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
-zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
-YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
-hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
-cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
-YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
------END CERTIFICATE-----
-
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
------BEGIN CERTIFICATE-----
-MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
-OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
-NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
-40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
-22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
-BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
-Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
-xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
-cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
-wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
-vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
-AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
-z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
-xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
-HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
-yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
-xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
-7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
-h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
-QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
-hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
------END RSA PRIVATE KEY-----
-subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
-issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
-notBefore=941104185834Z
-notAfter =991103185834Z
------BEGIN X509 CERTIFICATE-----
-
-MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
-Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
-OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
-ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
-975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
-touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
-7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
-9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
-0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
-MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
------END X509 CERTIFICATE-----
-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-notBefore=941109235417Z
-notAfter =991231235417Z
------BEGIN X509 CERTIFICATE-----
-
-MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
-IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
-Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
-YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
-roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
-aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
-HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
-iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
-suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
-cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
------END X509 CERTIFICATE-----
-subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
- /OU=Certification Services Division/CN=Thawte Server CA
- /Email=server-certs@thawte.com
-issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
- /OU=Certification Services Division/CN=Thawte Server CA
- /Email=server-certs@thawte.com
------BEGIN CERTIFICATE-----
-MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
-VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
-VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
-dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
-hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
-N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
-ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
-bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
-aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
-F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
-Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
-KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
-SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
-7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
-qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
-MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
-VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
-VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
-dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
-QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
-NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
-A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
-FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
-cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
-Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
-G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
-c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
-jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
-w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
-GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
-3VZdLbCVIhNoEsysrxCpxcI=
------END CERTIFICATE-----
-Tims test GCI CA
-
------BEGIN CERTIFICATE-----
-MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
-cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
-cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
-gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
-cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
-dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
-AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
-OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
-AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
-TfdbFZtAAD2Hx9jUtY3tfdrJOb8=
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
-MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
-cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
-IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
-VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
-NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
-I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
-RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
-KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
-Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
-9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
-WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
-c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
-Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
-ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
-ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
-FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
-W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
-QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
-9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
-TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
-8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
------END CERTIFICATE-----
-
- subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
- issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
-
------BEGIN CERTIFICATE-----
-MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
-YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
-MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
-YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
-SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
-U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
-RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
-3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
-z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
-hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
-YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
-LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
-KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
-Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
-ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
-dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
-IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
-ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
-TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
-LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
-BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
-53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
-2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
-p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
------END CERTIFICATE-----
-
- subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
- issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
------BEGIN CERTIFICATE-----
-MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
-nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
-AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
-IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
-AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
-Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
-NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
------END CERTIFICATE-----
- subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
- issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
------BEGIN CERTIFICATE-----
-MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
-9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
-IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
-O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
-AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
-g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
-yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
------END CERTIFICATE-----
diff --git a/crypto/openssl/apps/server.srl b/crypto/openssl/apps/server.srl
deleted file mode 100644
index 8a0f05e..0000000
--- a/crypto/openssl/apps/server.srl
+++ /dev/null
@@ -1 +0,0 @@
-01
diff --git a/crypto/openssl/apps/server2.pem b/crypto/openssl/apps/server2.pem
deleted file mode 100644
index 8bb6641..0000000
--- a/crypto/openssl/apps/server2.pem
+++ /dev/null
@@ -1,376 +0,0 @@
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (1024 bit)
------BEGIN CERTIFICATE-----
-MIICLjCCAZcCAQEwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzU0WhcNOTgwNjA5
-MTM1NzU0WjBkMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
-A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxJDAiBgNVBAMTG1NlcnZlciB0ZXN0IGNl
-cnQgKDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsxH1PBPm
-RkxrR11eV4bzNi4N9n11CI8nV29+ARlT1+qDe/mjVUvXlmsr1v/vf71G9GgqopSa
-6RXrICLVdk/FYYYzhPvl1M+OrjaXDFO8BzBAF1Lnz6c7aRZvGRJNrRSr2nZEkqDf
-JW9dY7r2VZEpD5QeuaRYUnuECkqeieB65GMCAwEAATANBgkqhkiG9w0BAQQFAAOB
-gQCWsOta6C0wiVzXz8wPmJKyTrurMlgUss2iSuW9366iwofZddsNg7FXniMzkIf6
-dp7jnmWZwKZ9cXsNUS2o4OL07qOk2HOywC0YsNZQsOBu1CBTYYkIefDiKFL1zQHh
-8lwwNd4NP+OE3NzUNkCfh4DnFfg9WHkXUlD5UpxNRJ4gJA==
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQCzEfU8E+ZGTGtHXV5XhvM2Lg32fXUIjydXb34BGVPX6oN7+aNV
-S9eWayvW/+9/vUb0aCqilJrpFesgItV2T8VhhjOE++XUz46uNpcMU7wHMEAXUufP
-pztpFm8ZEk2tFKvadkSSoN8lb11juvZVkSkPlB65pFhSe4QKSp6J4HrkYwIDAQAB
-AoGBAKy8jvb0Lzby8q11yNLf7+78wCVdYi7ugMHcYA1JVFK8+zb1WfSm44FLQo/0
-dSChAjgz36TTexeLODPYxleJndjVcOMVzsLJjSM8dLpXsTS4FCeMbhw2s2u+xqKY
-bbPWfk+HOTyJjfnkcC5Nbg44eOmruq0gSmBeUXVM5UntlTnxAkEA7TGCA3h7kx5E
-Bl4zl2pc3gPAGt+dyfk5Po9mGJUUXhF5p2zueGmYWW74TmOWB1kzt4QRdYMzFePq
-zfDNXEa1CwJBAMFErdY0xp0UJ13WwBbUTk8rujqQdHtjw0klhpbuKkjxu2hN0wwM
-6p0D9qxF7JHaghqVRI0fAW/EE0OzdHMR9QkCQQDNR26dMFXKsoPu+vItljj/UEGf
-QG7gERiQ4yxaFBPHgdpGo0kT31eh9x9hQGDkxTe0GNG/YSgCRvm8+C3TMcKXAkBD
-dhGn36wkUFCddMSAM4NSJ1VN8/Z0y5HzCmI8dM3VwGtGMUQlxKxwOl30LEQzdS5M
-0SWojNYXiT2gOBfBwtbhAkEAhafl5QEOIgUz+XazS/IlZ8goNKdDVfYgK3mHHjvv
-nY5G+AuGebdNkXJr4KSWxDcN+C2i47zuj4QXA16MAOandA==
------END RSA PRIVATE KEY-----
-subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
-issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
-notBefore=950413210656Z
-notAfter =970412210656Z
------BEGIN X509 CERTIFICATE-----
-
-MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
-BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
-ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
-BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
-VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
-MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
-3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
-YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
-hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
-dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
-zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
------END X509 CERTIFICATE-----
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
------BEGIN CERTIFICATE-----
-MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
-OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
-IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
-DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
-1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
-mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
-hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
-YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
-q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
-gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
-2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
-AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
-hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
-J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
-HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
-21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
-nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
-MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
-pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
-KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
-XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
------END RSA PRIVATE KEY-----
------BEGIN X509 CERTIFICATE-----
-MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
-LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
-MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
-b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
-EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
-bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
-ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
-hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
-ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
-bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
-fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
-R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
-Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
------END X509 CERTIFICATE-----
------BEGIN X509 CERTIFICATE-----
-
-MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
-Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
-GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
-bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
-BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
-BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
-ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
-ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
-H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
-WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
-MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
-LC7obsrHD8XAHG+ZRG==
------END X509 CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
-MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
-DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
-CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
-amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
-iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
-U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
-zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
-BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
-/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
-lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
-S7ELuYGtmYgYm9NZOIr7yU0=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
-A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
-aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
-LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
-gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
-ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
-dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
-SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
-bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
-OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
-GJNMJ4L0AJ/ac+SmHZc=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
-BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
-HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
-IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
-MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
-aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
-GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
-ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
-zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
-YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
-hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
-cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
-YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
------END CERTIFICATE-----
-
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
------BEGIN CERTIFICATE-----
-MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
-OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
-NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
-40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
-22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
-BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
-Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
-xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
-cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
-wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
-vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
-AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
-z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
-xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
-HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
-yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
-xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
-7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
-h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
-QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
-hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
------END RSA PRIVATE KEY-----
-subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
-issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
-notBefore=941104185834Z
-notAfter =991103185834Z
------BEGIN X509 CERTIFICATE-----
-
-MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
-Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
-OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
-ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
-975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
-touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
-7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
-9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
-0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
-MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
------END X509 CERTIFICATE-----
-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-notBefore=941109235417Z
-notAfter =991231235417Z
------BEGIN X509 CERTIFICATE-----
-
-MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
-IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
-Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
-YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
-roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
-aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
-HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
-iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
-suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
-cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
------END X509 CERTIFICATE-----
-subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
- /OU=Certification Services Division/CN=Thawte Server CA
- /Email=server-certs@thawte.com
-issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
- /OU=Certification Services Division/CN=Thawte Server CA
- /Email=server-certs@thawte.com
------BEGIN CERTIFICATE-----
-MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
-VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
-VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
-dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
-hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
-N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
-ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
-bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
-aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
-F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
-Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
-KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
-SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
-7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
-qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
-MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
-VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
-VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
-dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
-QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
-NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
-A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
-FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
-cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
-Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
-G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
-c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
-jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
-w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
-GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
-3VZdLbCVIhNoEsysrxCpxcI=
------END CERTIFICATE-----
-Tims test GCI CA
-
------BEGIN CERTIFICATE-----
-MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
-cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
-cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
-gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
-cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
-dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
-AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
-OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
-AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
-TfdbFZtAAD2Hx9jUtY3tfdrJOb8=
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
-MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
-cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
-IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
-VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
-NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
-I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
-RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
-KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
-Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
-9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
-WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
-c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
-Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
-ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
-ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
-FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
-W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
-QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
-9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
-TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
-8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
------END CERTIFICATE-----
-
- subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
- issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
-
------BEGIN CERTIFICATE-----
-MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
-YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
-MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
-YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
-SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
-U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
-RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
-3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
-z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
-hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
-YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
-LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
-KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
-Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
-ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
-dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
-IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
-ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
-TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
-LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
-BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
-53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
-2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
-p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
------END CERTIFICATE-----
-
- subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
- issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
------BEGIN CERTIFICATE-----
-MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
-nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
-AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
-IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
-AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
-Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
-NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
------END CERTIFICATE-----
- subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
- issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
------BEGIN CERTIFICATE-----
-MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
-9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
-IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
-O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
-AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
-g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
-yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
------END CERTIFICATE-----
diff --git a/crypto/openssl/apps/sess_id.c b/crypto/openssl/apps/sess_id.c
deleted file mode 100644
index b99179f..0000000
--- a/crypto/openssl/apps/sess_id.c
+++ /dev/null
@@ -1,320 +0,0 @@
-/* apps/sess_id.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-
-#undef PROG
-#define PROG sess_id_main
-
-static const char *sess_id_usage[]={
-"usage: sess_id args\n",
-"\n",
-" -inform arg - input format - default PEM (DER or PEM)\n",
-" -outform arg - output format - default PEM\n",
-" -in arg - input file - default stdin\n",
-" -out arg - output file - default stdout\n",
-" -text - print ssl session id details\n",
-" -cert - output certificate \n",
-" -noout - no CRL output\n",
-" -context arg - set the session ID context\n",
-NULL
-};
-
-static SSL_SESSION *load_sess_id(char *file, int format);
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- SSL_SESSION *x=NULL;
- int ret=1,i,num,badops=0;
- BIO *out=NULL;
- int informat,outformat;
- char *infile=NULL,*outfile=NULL,*context=NULL;
- int cert=0,noout=0,text=0;
- const char **pp;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
-
- argc--;
- argv++;
- num=0;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-text") == 0)
- text= ++num;
- else if (strcmp(*argv,"-cert") == 0)
- cert= ++num;
- else if (strcmp(*argv,"-noout") == 0)
- noout= ++num;
- else if (strcmp(*argv,"-context") == 0)
- {
- if(--argc < 1) goto bad;
- context=*++argv;
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- for (pp=sess_id_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
- goto end;
- }
-
- ERR_load_crypto_strings();
- x=load_sess_id(infile,informat);
- if (x == NULL) { goto end; }
-
- if(context)
- {
- x->sid_ctx_length=strlen(context);
- if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)
- {
- BIO_printf(bio_err,"Context too long\n");
- goto end;
- }
- memcpy(x->sid_ctx,context,x->sid_ctx_length);
- }
-
-#ifdef undef
- /* just testing for memory leaks :-) */
- {
- SSL_SESSION *s;
- char buf[1024*10],*p;
- int i;
-
- s=SSL_SESSION_new();
-
- p= &buf;
- i=i2d_SSL_SESSION(x,&p);
- p= &buf;
- d2i_SSL_SESSION(&s,&p,(long)i);
- p= &buf;
- d2i_SSL_SESSION(&s,&p,(long)i);
- p= &buf;
- d2i_SSL_SESSION(&s,&p,(long)i);
- SSL_SESSION_free(s);
- }
-#endif
-
- if (!noout || text)
- {
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
- }
-
- if (text)
- {
- SSL_SESSION_print(out,x);
-
- if (cert)
- {
- if (x->peer == NULL)
- BIO_puts(out,"No certificate present\n");
- else
- X509_print(out,x->peer);
- }
- }
-
- if (!noout && !cert)
- {
- if (outformat == FORMAT_ASN1)
- i=i2d_SSL_SESSION_bio(out,x);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_SSL_SESSION(out,x);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i) {
- BIO_printf(bio_err,"unable to write SSL_SESSION\n");
- goto end;
- }
- }
- else if (!noout && (x->peer != NULL)) /* just print the certificate */
- {
- if (outformat == FORMAT_ASN1)
- i=(int)i2d_X509_bio(out,x->peer);
- else if (outformat == FORMAT_PEM)
- i=PEM_write_bio_X509(out,x->peer);
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i) {
- BIO_printf(bio_err,"unable to write X509\n");
- goto end;
- }
- }
- ret=0;
-end:
- if (out != NULL) BIO_free_all(out);
- if (x != NULL) SSL_SESSION_free(x);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static SSL_SESSION *load_sess_id(char *infile, int format)
- {
- SSL_SESSION *x=NULL;
- BIO *in=NULL;
-
- in=BIO_new(BIO_s_file());
- if (in == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- goto end;
- }
- }
- if (format == FORMAT_ASN1)
- x=d2i_SSL_SESSION_bio(in,NULL);
- else if (format == FORMAT_PEM)
- x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL);
- else {
- BIO_printf(bio_err,"bad input format specified for input crl\n");
- goto end;
- }
- if (x == NULL)
- {
- BIO_printf(bio_err,"unable to load SSL_SESSION\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
-end:
- if (in != NULL) BIO_free(in);
- return(x);
- }
-
diff --git a/crypto/openssl/apps/set/set-g-ca.pem b/crypto/openssl/apps/set/set-g-ca.pem
deleted file mode 100644
index 78499f0..0000000
--- a/crypto/openssl/apps/set/set-g-ca.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDeDCCAuGgAwIBAgIgYCYUeg8NJ9kO1q3z6vGCkAmPRfu5+Nur0FyGF79MADMw
-DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
-MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
-MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtQ
-Q0ExMDIxMTgyODEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJyi5V7l1HohY6hN/2N9x6mvWeMy8rD1
-6lfXjgmiuGmhpaszWYaalesMcS2OGuG8Lq3PkaSzpVzqASKfIOjxLMsdpYyYJRub
-vRPDWi3xd8wlp9xUwWHKqn+ki8mPo0yN4eONwZZ4rcZr6K+tWd+5EJZSjuENJoQ/
-SRRmGRzdcS7XAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
-EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
-aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
-MTAyMjAxMjIwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
-SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwICBDB5
-BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
-Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
-ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBn19R2
-AgGvpJDmfXrHTDdCoYyMkaP2MPzw0hFRwh+wqnw0/pqUXa7MrLXMqtD3rUyOWaNR
-9fYpJZd0Bh/1OeIc2+U+VNfUovLLuZ8nNemdxyq2KMYnHtnh7UdO7atZ+PFLVu8x
-a+J2Mtj8MGy12CJNTJcjLSrJ/1f3AuVrwELjlQ==
------END CERTIFICATE-----
diff --git a/crypto/openssl/apps/set/set-m-ca.pem b/crypto/openssl/apps/set/set-m-ca.pem
deleted file mode 100644
index 0e74caf..0000000
--- a/crypto/openssl/apps/set/set-m-ca.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDeDCCAuGgAwIBAgIgEGvcf5aUnufALdVMa/dmPdflq1CoORGeK5DUwbqhVYcw
-DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
-MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
-MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtN
-Q0ExMDIxMTgyNzEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALuWwr63YrT1GIZpYKfIeiVFHESG/FZO
-7RAJKml/p12ZyZ7D5YPP4BBXVsa1H8e8arR1LKC4rdCArrtKKlBeBiMo9+NB+u35
-FnLnTmfzM4iZ2Syw35DXY8+Xn/LM7RJ1RG+vMNcTqpoUg7QPye7flq2Pt7vVROPn
-SZxPyVxmILe3AgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
-EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
-aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
-MTAyMjAxMjEwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
-SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIDCDB5
-BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
-Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
-ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQApaj0W
-GgyR47URZEZ7z83yivvnVErqtodub/nR1fMgJ4bDC0ofjA0SzXBP1/3eDq9VkPuS
-EKUw9BpM2XrSUKhJ6F1CbBjWpM0M7GC1nTSxMxmV+XL+Ab/Gn2SwozUApWtht29/
-x9VLB8qsi6wN2aOsVdQMl5iVCjGQYfEkyuoIgA==
------END CERTIFICATE-----
diff --git a/crypto/openssl/apps/set/set_b_ca.pem b/crypto/openssl/apps/set/set_b_ca.pem
deleted file mode 100644
index eba7d5c..0000000
--- a/crypto/openssl/apps/set/set_b_ca.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID1zCCAr+gAwIBAgIgYClSzXgB3u31VMarY+lXwPKU9DtoBMzaaivuVzV9a9kw
-DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx
-ODI5MB4XDTk2MTAxNzAwMDAwMFoXDTk2MTExNjIzNTk1OVowRTELMAkGA1UEBhMC
-VVMxFDASBgNVBAoTC0JDQTEwMTcxMTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlBy
-b2R1Y3QgVHlwZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApPewvR0BwV02
-9E12ic48pMY/aMB6SkMEWPDx2hURr0DKYGJ6qMvzZn2pSfaVH1BqDtK6oK4Ye5Mj
-ItywwQIdXXO9Ut8+TLnvtzq9ByCJ0YThjZJBc7ZcpJxSV7QAoBON/lzxZuAVq3+L
-3uc39MgRwmBpRllZEpWrkojxs6166X0CAwEAAaOCAVcwggFTMFQGA1UdIwRNMEuh
-J6QlMCMxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtSQ0ExMDExMTgyOYIgVqenwCYv
-mmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYwDgYDVR0PAQH/BAQDAgEGMC4GA1Ud
-EAEB/wQkMCKADzE5OTYxMDE3MTc1NzAwWoEPMTk5NjExMTYyMzU5NTlaMBsGA1Ud
-IAEB/wQRMA8wDQYLYIZIAYb4RQEHAQEwEgYDVR0TAQH/BAgwBgEB/wIBATAPBgSG
-jW8DAQH/BAQDAgABMHkGBIaNbwcBAf8EbjBsMCQCAQAwCQYFKw4DAhoFAAQUMmY3
-NGIxYWY0ZmNjMDYwZjc2NzYTD3RlcnNlIHN0YXRlbWVudIAXaHR0cDovL3d3dy52
-ZXJpc2lnbi5jb22BGmdldHNldC1jZW50ZXJAdmVyaXNpZ24uY29tMA0GCSqGSIb3
-DQEBBQUAA4IBAQAWoMS8Aj2sO0LDxRoMcnWTKY8nd8Jw2vl2Mgsm+0qCvcndICM5
-43N0y9uHlP8WeCZULbFz95gTL8mfP/QTu4EctMUkQgRHJnx80f0XSF3HE/X6zBbI
-9rit/bF6yP1mhkdss/vGanReDpki7q8pLx+VIIcxWst/366HP3dW1Fb7ECW/WmVV
-VMN93f/xqk9I4sXchVZcVKQT3W4tzv+qQvugrEi1dSEkbAy1CITEAEGiaFhGUyCe
-WPox3guRXaEHoINNeajGrISe6d//alsz5EEroBoLnM2ryqWfLAtRsf4rjNzTgklw
-lbiz0fw7bNkXKp5ZVr0wlnOjQnoSM6dTI0AV
------END CERTIFICATE-----
diff --git a/crypto/openssl/apps/set/set_c_ca.pem b/crypto/openssl/apps/set/set_c_ca.pem
deleted file mode 100644
index 48b2cbd..0000000
--- a/crypto/openssl/apps/set/set_c_ca.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDeDCCAuGgAwIBAgIgOnl8J6lAYNDdTWtIojWCGnloNf4ufHjOZ4Fkxwg5xOsw
-DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0JDQTEwMTcx
-MTA0MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjIw
-MDAwMDBaFw05NjExMjEyMzU5NTlaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKEwtD
-Q0ExMDIxMTYxNjEgMB4GA1UEAxMXQnJhbmQgTmFtZTpQcm9kdWN0IFR5cGUwgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANA3a9+U8oXU3Dv1wJf8g0A7HjCRZAXc
-Y8E4OLOdye5aUssxifCE05qTPVqHMXo6cnCYcfroMdURhjQlswyTGtjQybgUnXjp
-pchw+V4D1DkN0ThErrMCh9ZFSykC0lUhQTRLESvbIb4Gal/HMAFAF5sj0GoOFi2H
-RRj7gpzBIU3xAgMBAAGjggFXMIIBUzBUBgNVHSMETTBLoSekJTAjMQswCQYDVQQG
-EwJVUzEUMBIGA1UEChMLUkNBMTAxMTE4MjmCIGApUs14Ad7t9VTGq2PpV8DylPQ7
-aATM2mor7lc1fWvZMA4GA1UdDwEB/wQEAwIBBjAuBgNVHRABAf8EJDAigA8xOTk2
-MTAyMjAxMTAwMFqBDzE5OTYxMTIxMjM1OTU5WjAbBgNVHSABAf8EETAPMA0GC2CG
-SAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYBAf8CAQAwDwYEho1vAwEB/wQEAwIEEDB5
-BgSGjW8HAQH/BG4wbDAkAgEAMAkGBSsOAwIaBQAEFDJmNzRiMWFmNGZjYzA2MGY3
-Njc2Ew90ZXJzZSBzdGF0ZW1lbnSAF2h0dHA6Ly93d3cudmVyaXNpZ24uY29tgRpn
-ZXRzZXQtY2VudGVyQHZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBteLaZ
-u/TASC64UWPfhxYAUdys9DQ1pG/J1qPWNTkjOmpXFvW+7l/3nkxyRPgUoFNwx1e7
-XVVPr6zhy8LaaXppwfIZvVryzAUdbtijiUf/MO0hvV3w7e9NlCVProdU5H9EvCXr
-+IV8rH8fdEkirIVyw0JGHkuWhkmtS1HEwai9vg==
------END CERTIFICATE-----
diff --git a/crypto/openssl/apps/set/set_d_ct.pem b/crypto/openssl/apps/set/set_d_ct.pem
deleted file mode 100644
index 9f8c7d8..0000000
--- a/crypto/openssl/apps/set/set_d_ct.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDdjCCAt+gAwIBAgIgRU5t24v72xVDpZ4iHpyoOAQaQmfio1yhTZAOkBfT2uUw
-DQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxFDASBgNVBAoTC0NDQTEwMjEx
-NjE2MSAwHgYDVQQDExdCcmFuZCBOYW1lOlByb2R1Y3QgVHlwZTAeFw05NjEwMjQw
-MDAwMDBaFw05NjExMjMyMzU5NTlaMG4xCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdC
-cmFuZElEMSYwJAYDVQQLEx1Jc3N1aW5nIEZpbmFuY2lhbCBJbnN0aXR1dGlvbjEl
-MCMGA1UEAxMcR2lYb0t0VjViN1V0MHZKa2hkSG5RYmNzc2JrPTBcMA0GCSqGSIb3
-DQEBAQUAA0sAMEgCQQDIUxgpNB1aoSW585WErtN8WInCRWCqDj3RGT2mJye0F4SM
-/iT5ywdWMasmw18vpEpDlMypfZnRkUAdfyHcRABVAgMBAAGjggFwMIIBbDB2BgNV
-HSMEbzBtoUmkRzBFMQswCQYDVQQGEwJVUzEUMBIGA1UEChMLQkNBMTAxNzExMDQx
-IDAeBgNVBAMTF0JyYW5kIE5hbWU6UHJvZHVjdCBUeXBlgiA6eXwnqUBg0N1Na0ii
-NYIaeWg1/i58eM5ngWTHCDnE6zAOBgNVHQ8BAf8EBAMCB4AwLgYDVR0QAQH/BCQw
-IoAPMTk5NjEwMjQwMTA0MDBagQ8xOTk2MTEyMzIzNTk1OVowGAYDVR0gBBEwDzAN
-BgtghkgBhvhFAQcBATAMBgNVHRMBAf8EAjAAMA8GBIaNbwMBAf8EBAMCB4AweQYE
-ho1vBwEB/wRuMGwwJAIBADAJBgUrDgMCGgUABBQzOTgyMzk4NzIzNzg5MTM0OTc4
-MhMPdGVyc2Ugc3RhdGVtZW50gBdodHRwOi8vd3d3LnZlcmlzaWduLmNvbYEaZ2V0
-c2V0LWNlbnRlckB2ZXJpc2lnbi5jb20wDQYJKoZIhvcNAQEFBQADgYEAVHCjhxeD
-mIFSkm3DpQAq7pGfcAFPWvSM9I9bK8qeFT1M5YQ+5fbPqaWlNcQlGKIe3cHd4+0P
-ndL5lb6UBhhA0kTzEYA38+HtBxPe/lokCv0bYfyWY9asUmvfbUrTYta0yjN7ixnV
-UqvxxHQHOAwhf6bcc7xNHapOxloWzGUU0RQ=
------END CERTIFICATE-----
diff --git a/crypto/openssl/apps/set/set_root.pem b/crypto/openssl/apps/set/set_root.pem
deleted file mode 100644
index 8dd104f..0000000
--- a/crypto/openssl/apps/set/set_root.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDZzCCAk+gAwIBAgIgVqenwCYvmmxUIvi9gUMCa+uJGJ60mZecw9HrISXnLaYw
-DQYJKoZIhvcNAQEFBQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1JDQTEwMTEx
-ODI5MB4XDTk2MTAxMjAwMDAwMFoXDTk2MTExMTIzNTk1OVowIzELMAkGA1UEBhMC
-VVMxFDASBgNVBAoTC1JDQTEwMTExODI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAukca0PVUGFIYX7EyrShi+dVi9GTNzG0V2Wtdw6DqFzKfedba/KpE
-zqnRDV/wRZlBn3oXPS6kNCFiBPRV9mEFXI7y2W+q8/vPurjRDIXMsqQ+dAhKwf4q
-rofJBTiET4NUN0YTtpx6aYuoVubjiOgKdbqnUArxAWWP2Dkco17ipEYyUtd4sTAe
-/xKR02AHpbYGYPSHjMDS/nzUJ7uX4d51phs0rt7If48ExJSnDV/KoHMfm42mdmH2
-g23005qdHKY3UXeh10tZmb3QtGTSvF6OqpRZ+e9/ALklu7ZcIjqbb944ci4QWemb
-ZNWiDFrWWUoO1k942BI/iZ8Fh8pETYSDBQIDAQABo4GGMIGDMA4GA1UdDwEB/wQE
-AwIBBjAuBgNVHRABAf8EJDAigA8xOTk2MTAxMjAxMzQwMFqBDzE5OTYxMTExMjM1
-OTU5WjAbBgNVHSABAf8EETAPMA0GC2CGSAGG+EUBBwEBMBIGA1UdEwEB/wQIMAYB
-Af8CAQIwEAYEho1vAwEB/wQFAwMHAIAwDQYJKoZIhvcNAQEFBQADggEBAK4tntea
-y+ws7PdULwfqAS5osaoNvw73uBn5lROTpx91uhQbJyf0oZ3XG9GUuHZBpqG9qmr9
-vIL40RsvRpNMYgaNHKTxF716yx6rZmruAYZsrE3SpV63tQJCckKLPSge2E5uDhSQ
-O8UjusG+IRT9fKMXUHLv4OmZPOQVOSl1qTCN2XoJFqEPtC3Y9P4YR4xHL0P2jb1l
-DLdIbruuh+6omH+0XUZd5fKnQZTTi6gjl0iunj3wGnkcqGZtwr3j87ONiB/8tDwY
-vz8ceII4YYdX12PrNzn+fu3R5rChvPW4/ah/SaYQ2VQ0AupaIF4xrNJ/gLYYw0YO
-bxCrVJLd8tu9WgA=
------END CERTIFICATE-----
diff --git a/crypto/openssl/apps/smime.c b/crypto/openssl/apps/smime.c
deleted file mode 100644
index 830f18c..0000000
--- a/crypto/openssl/apps/smime.c
+++ /dev/null
@@ -1,794 +0,0 @@
-/* smime.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* S/MIME utility function */
-
-#include <stdio.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/crypto.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/x509_vfy.h>
-#include <openssl/x509v3.h>
-
-#undef PROG
-#define PROG smime_main
-static int save_certs(char *signerfile, STACK_OF(X509) *signers);
-static int smime_cb(int ok, X509_STORE_CTX *ctx);
-
-#define SMIME_OP 0x10
-#define SMIME_ENCRYPT (1 | SMIME_OP)
-#define SMIME_DECRYPT 2
-#define SMIME_SIGN (3 | SMIME_OP)
-#define SMIME_VERIFY 4
-#define SMIME_PK7OUT 5
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- int operation = 0;
- int ret = 0;
- char **args;
- const char *inmode = "r", *outmode = "w";
- char *infile = NULL, *outfile = NULL;
- char *signerfile = NULL, *recipfile = NULL;
- char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
- const EVP_CIPHER *cipher = NULL;
- PKCS7 *p7 = NULL;
- X509_STORE *store = NULL;
- X509 *cert = NULL, *recip = NULL, *signer = NULL;
- EVP_PKEY *key = NULL;
- STACK_OF(X509) *encerts = NULL, *other = NULL;
- BIO *in = NULL, *out = NULL, *indata = NULL;
- int badarg = 0;
- int flags = PKCS7_DETACHED;
- char *to = NULL, *from = NULL, *subject = NULL;
- char *CAfile = NULL, *CApath = NULL;
- char *passargin = NULL, *passin = NULL;
- char *inrand = NULL;
- int need_rand = 0;
- int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
- int keyform = FORMAT_PEM;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- X509_VERIFY_PARAM *vpm = NULL;
-
- args = argv + 1;
- ret = 1;
-
- apps_startup();
-
- if (bio_err == NULL)
- {
- if ((bio_err = BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
- }
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- while (!badarg && *args && *args[0] == '-')
- {
- if (!strcmp (*args, "-encrypt"))
- operation = SMIME_ENCRYPT;
- else if (!strcmp (*args, "-decrypt"))
- operation = SMIME_DECRYPT;
- else if (!strcmp (*args, "-sign"))
- operation = SMIME_SIGN;
- else if (!strcmp (*args, "-verify"))
- operation = SMIME_VERIFY;
- else if (!strcmp (*args, "-pk7out"))
- operation = SMIME_PK7OUT;
-#ifndef OPENSSL_NO_DES
- else if (!strcmp (*args, "-des3"))
- cipher = EVP_des_ede3_cbc();
- else if (!strcmp (*args, "-des"))
- cipher = EVP_des_cbc();
-#endif
-#ifndef OPENSSL_NO_RC2
- else if (!strcmp (*args, "-rc2-40"))
- cipher = EVP_rc2_40_cbc();
- else if (!strcmp (*args, "-rc2-128"))
- cipher = EVP_rc2_cbc();
- else if (!strcmp (*args, "-rc2-64"))
- cipher = EVP_rc2_64_cbc();
-#endif
-#ifndef OPENSSL_NO_AES
- else if (!strcmp(*args,"-aes128"))
- cipher = EVP_aes_128_cbc();
- else if (!strcmp(*args,"-aes192"))
- cipher = EVP_aes_192_cbc();
- else if (!strcmp(*args,"-aes256"))
- cipher = EVP_aes_256_cbc();
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- else if (!strcmp(*args,"-camellia128"))
- cipher = EVP_camellia_128_cbc();
- else if (!strcmp(*args,"-camellia192"))
- cipher = EVP_camellia_192_cbc();
- else if (!strcmp(*args,"-camellia256"))
- cipher = EVP_camellia_256_cbc();
-#endif
- else if (!strcmp (*args, "-text"))
- flags |= PKCS7_TEXT;
- else if (!strcmp (*args, "-nointern"))
- flags |= PKCS7_NOINTERN;
- else if (!strcmp (*args, "-noverify"))
- flags |= PKCS7_NOVERIFY;
- else if (!strcmp (*args, "-nochain"))
- flags |= PKCS7_NOCHAIN;
- else if (!strcmp (*args, "-nocerts"))
- flags |= PKCS7_NOCERTS;
- else if (!strcmp (*args, "-noattr"))
- flags |= PKCS7_NOATTR;
- else if (!strcmp (*args, "-nodetach"))
- flags &= ~PKCS7_DETACHED;
- else if (!strcmp (*args, "-nosmimecap"))
- flags |= PKCS7_NOSMIMECAP;
- else if (!strcmp (*args, "-binary"))
- flags |= PKCS7_BINARY;
- else if (!strcmp (*args, "-nosigs"))
- flags |= PKCS7_NOSIGS;
- else if (!strcmp (*args, "-nooldmime"))
- flags |= PKCS7_NOOLDMIMETYPE;
- else if (!strcmp (*args, "-crlfeol"))
- flags |= PKCS7_CRLFEOL;
- else if (!strcmp(*args,"-rand"))
- {
- if (args[1])
- {
- args++;
- inrand = *args;
- }
- else
- badarg = 1;
- need_rand = 1;
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (!strcmp(*args,"-engine"))
- {
- if (args[1])
- {
- args++;
- engine = *args;
- }
- else badarg = 1;
- }
-#endif
- else if (!strcmp(*args,"-passin"))
- {
- if (args[1])
- {
- args++;
- passargin = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-to"))
- {
- if (args[1])
- {
- args++;
- to = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-from"))
- {
- if (args[1])
- {
- args++;
- from = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-subject"))
- {
- if (args[1])
- {
- args++;
- subject = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-signer"))
- {
- if (args[1])
- {
- args++;
- signerfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-recip"))
- {
- if (args[1])
- {
- args++;
- recipfile = *args;
- }
- else badarg = 1;
- }
- else if (!strcmp (*args, "-inkey"))
- {
- if (args[1])
- {
- args++;
- keyfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-keyform"))
- {
- if (args[1])
- {
- args++;
- keyform = str2fmt(*args);
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-certfile"))
- {
- if (args[1])
- {
- args++;
- certfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-CAfile"))
- {
- if (args[1])
- {
- args++;
- CAfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-CApath"))
- {
- if (args[1])
- {
- args++;
- CApath = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-in"))
- {
- if (args[1])
- {
- args++;
- infile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-inform"))
- {
- if (args[1])
- {
- args++;
- informat = str2fmt(*args);
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-outform"))
- {
- if (args[1])
- {
- args++;
- outformat = str2fmt(*args);
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-out"))
- {
- if (args[1])
- {
- args++;
- outfile = *args;
- }
- else
- badarg = 1;
- }
- else if (!strcmp (*args, "-content"))
- {
- if (args[1])
- {
- args++;
- contfile = *args;
- }
- else
- badarg = 1;
- }
- else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
- continue;
- else
- badarg = 1;
- args++;
- }
-
-
- if (operation == SMIME_SIGN)
- {
- if (!signerfile)
- {
- BIO_printf(bio_err, "No signer certificate specified\n");
- badarg = 1;
- }
- need_rand = 1;
- }
- else if (operation == SMIME_DECRYPT)
- {
- if (!recipfile && !keyfile)
- {
- BIO_printf(bio_err, "No recipient certificate or key specified\n");
- badarg = 1;
- }
- }
- else if (operation == SMIME_ENCRYPT)
- {
- if (!*args)
- {
- BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
- badarg = 1;
- }
- need_rand = 1;
- }
- else if (!operation)
- badarg = 1;
-
- if (badarg)
- {
- BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
- BIO_printf (bio_err, "where options are\n");
- BIO_printf (bio_err, "-encrypt encrypt message\n");
- BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
- BIO_printf (bio_err, "-sign sign message\n");
- BIO_printf (bio_err, "-verify verify signed message\n");
- BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
-#ifndef OPENSSL_NO_DES
- BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
- BIO_printf (bio_err, "-des encrypt with DES\n");
-#endif
-#ifndef OPENSSL_NO_RC2
- BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40 (default)\n");
- BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
- BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc aes\n");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
- BIO_printf (bio_err, " encrypt PEM output with cbc camellia\n");
-#endif
- BIO_printf (bio_err, "-nointern don't search certificates in message for signer\n");
- BIO_printf (bio_err, "-nosigs don't verify message signature\n");
- BIO_printf (bio_err, "-noverify don't verify signers certificate\n");
- BIO_printf (bio_err, "-nocerts don't include signers certificate when signing\n");
- BIO_printf (bio_err, "-nodetach use opaque signing\n");
- BIO_printf (bio_err, "-noattr don't include any signed attributes\n");
- BIO_printf (bio_err, "-binary don't translate message to text\n");
- BIO_printf (bio_err, "-certfile file other certificates file\n");
- BIO_printf (bio_err, "-signer file signer certificate file\n");
- BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");
- BIO_printf (bio_err, "-in file input file\n");
- BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");
- BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
- BIO_printf (bio_err, "-keyform arg input private key format (PEM or ENGINE)\n");
- BIO_printf (bio_err, "-out file output file\n");
- BIO_printf (bio_err, "-outform arg output format SMIME (default), PEM or DER\n");
- BIO_printf (bio_err, "-content file supply or override content for detached signature\n");
- BIO_printf (bio_err, "-to addr to address\n");
- BIO_printf (bio_err, "-from ad from address\n");
- BIO_printf (bio_err, "-subject s subject\n");
- BIO_printf (bio_err, "-text include or delete text MIME headers\n");
- BIO_printf (bio_err, "-CApath dir trusted certificates directory\n");
- BIO_printf (bio_err, "-CAfile file trusted certificates file\n");
- BIO_printf (bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n");
- BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf (bio_err, "-engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf (bio_err, "-passin arg input file pass phrase source\n");
- BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
- BIO_printf(bio_err, " load the file (or the files in the directory) into\n");
- BIO_printf(bio_err, " the random number generator\n");
- BIO_printf (bio_err, "cert.pem recipient certificate(s) for encryption\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
- {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
- if (need_rand)
- {
- app_RAND_load_file(NULL, bio_err, (inrand != NULL));
- if (inrand != NULL)
- BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
- app_RAND_load_files(inrand));
- }
-
- ret = 2;
-
- if (operation != SMIME_SIGN)
- flags &= ~PKCS7_DETACHED;
-
- if (operation & SMIME_OP)
- {
- if (flags & PKCS7_BINARY)
- inmode = "rb";
- if (outformat == FORMAT_ASN1)
- outmode = "wb";
- }
- else
- {
- if (flags & PKCS7_BINARY)
- outmode = "wb";
- if (informat == FORMAT_ASN1)
- inmode = "rb";
- }
-
- if (operation == SMIME_ENCRYPT)
- {
- if (!cipher)
- {
-#ifndef OPENSSL_NO_RC2
- cipher = EVP_rc2_40_cbc();
-#else
- BIO_printf(bio_err, "No cipher selected\n");
- goto end;
-#endif
- }
- encerts = sk_X509_new_null();
- while (*args)
- {
- if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
- NULL, e, "recipient certificate file")))
- {
-#if 0 /* An appropriate message is already printed */
- BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
-#endif
- goto end;
- }
- sk_X509_push(encerts, cert);
- cert = NULL;
- args++;
- }
- }
-
- if (signerfile && (operation == SMIME_SIGN))
- {
- if (!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
- e, "signer certificate")))
- {
-#if 0 /* An appropri message has already been printed */
- BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
-#endif
- goto end;
- }
- }
-
- if (certfile)
- {
- if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
- e, "certificate file")))
- {
-#if 0 /* An appropriate message has already been printed */
- BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
-#endif
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (recipfile && (operation == SMIME_DECRYPT))
- {
- if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
- e, "recipient certificate file")))
- {
-#if 0 /* An appropriate message has alrady been printed */
- BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
-#endif
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (operation == SMIME_DECRYPT)
- {
- if (!keyfile)
- keyfile = recipfile;
- }
- else if (operation == SMIME_SIGN)
- {
- if (!keyfile)
- keyfile = signerfile;
- }
- else keyfile = NULL;
-
- if (keyfile)
- {
- key = load_key(bio_err, keyfile, keyform, 0, passin, e,
- "signing key file");
- if (!key)
- goto end;
- }
-
- if (infile)
- {
- if (!(in = BIO_new_file(infile, inmode)))
- {
- BIO_printf (bio_err,
- "Can't open input file %s\n", infile);
- goto end;
- }
- }
- else
- in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
- if (outfile)
- {
- if (!(out = BIO_new_file(outfile, outmode)))
- {
- BIO_printf (bio_err,
- "Can't open output file %s\n", outfile);
- goto end;
- }
- }
- else
- {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
-
- if (operation == SMIME_VERIFY)
- {
- if (!(store = setup_verify(bio_err, CAfile, CApath)))
- goto end;
- X509_STORE_set_verify_cb_func(store, smime_cb);
- if (vpm)
- X509_STORE_set1_param(store, vpm);
- }
-
-
- ret = 3;
-
- if (operation == SMIME_ENCRYPT)
- p7 = PKCS7_encrypt(encerts, in, cipher, flags);
- else if (operation == SMIME_SIGN)
- {
- /* If detached data and SMIME output enable partial
- * signing.
- */
- if ((flags & PKCS7_DETACHED) && (outformat == FORMAT_SMIME))
- flags |= PKCS7_STREAM;
- p7 = PKCS7_sign(signer, key, other, in, flags);
- }
- else
- {
- if (informat == FORMAT_SMIME)
- p7 = SMIME_read_PKCS7(in, &indata);
- else if (informat == FORMAT_PEM)
- p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
- else if (informat == FORMAT_ASN1)
- p7 = d2i_PKCS7_bio(in, NULL);
- else
- {
- BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
- goto end;
- }
-
- if (!p7)
- {
- BIO_printf(bio_err, "Error reading S/MIME message\n");
- goto end;
- }
- if (contfile)
- {
- BIO_free(indata);
- if (!(indata = BIO_new_file(contfile, "rb")))
- {
- BIO_printf(bio_err, "Can't read content file %s\n", contfile);
- goto end;
- }
- }
- }
-
- if (!p7)
- {
- BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
- goto end;
- }
-
- ret = 4;
- if (operation == SMIME_DECRYPT)
- {
- if (!PKCS7_decrypt(p7, key, recip, out, flags))
- {
- BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
- goto end;
- }
- }
- else if (operation == SMIME_VERIFY)
- {
- STACK_OF(X509) *signers;
- if (PKCS7_verify(p7, other, store, indata, out, flags))
- BIO_printf(bio_err, "Verification successful\n");
- else
- {
- BIO_printf(bio_err, "Verification failure\n");
- goto end;
- }
- signers = PKCS7_get0_signers(p7, other, flags);
- if (!save_certs(signerfile, signers))
- {
- BIO_printf(bio_err, "Error writing signers to %s\n",
- signerfile);
- ret = 5;
- goto end;
- }
- sk_X509_free(signers);
- }
- else if (operation == SMIME_PK7OUT)
- PEM_write_bio_PKCS7(out, p7);
- else
- {
- if (to)
- BIO_printf(out, "To: %s\n", to);
- if (from)
- BIO_printf(out, "From: %s\n", from);
- if (subject)
- BIO_printf(out, "Subject: %s\n", subject);
- if (outformat == FORMAT_SMIME)
- SMIME_write_PKCS7(out, p7, in, flags);
- else if (outformat == FORMAT_PEM)
- PEM_write_bio_PKCS7(out,p7);
- else if (outformat == FORMAT_ASN1)
- i2d_PKCS7_bio(out,p7);
- else
- {
- BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
- goto end;
- }
- }
- ret = 0;
-end:
- if (need_rand)
- app_RAND_write_file(NULL, bio_err);
- if (ret) ERR_print_errors(bio_err);
- sk_X509_pop_free(encerts, X509_free);
- sk_X509_pop_free(other, X509_free);
- if (vpm)
- X509_VERIFY_PARAM_free(vpm);
- X509_STORE_free(store);
- X509_free(cert);
- X509_free(recip);
- X509_free(signer);
- EVP_PKEY_free(key);
- PKCS7_free(p7);
- BIO_free(in);
- BIO_free(indata);
- BIO_free_all(out);
- if (passin) OPENSSL_free(passin);
- return (ret);
-}
-
-static int save_certs(char *signerfile, STACK_OF(X509) *signers)
- {
- int i;
- BIO *tmp;
- if (!signerfile)
- return 1;
- tmp = BIO_new_file(signerfile, "w");
- if (!tmp) return 0;
- for(i = 0; i < sk_X509_num(signers); i++)
- PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
- BIO_free(tmp);
- return 1;
- }
-
-
-/* Minimal callback just to output policy info (if any) */
-
-static int smime_cb(int ok, X509_STORE_CTX *ctx)
- {
- int error;
-
- error = X509_STORE_CTX_get_error(ctx);
-
- if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
- && ((error != X509_V_OK) || (ok != 2)))
- return ok;
-
- policies_print(NULL, ctx);
-
- return ok;
-
- }
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
deleted file mode 100644
index 7858aee..0000000
--- a/crypto/openssl/apps/speed.c
+++ /dev/null
@@ -1,2834 +0,0 @@
-/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * The ECDH and ECDSA speed test software is originally written by
- * Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-
-/* most of this code has been pilfered from my libdes speed.c program */
-
-#ifndef OPENSSL_NO_SPEED
-
-#undef SECONDS
-#define SECONDS 3
-#define RSA_SECONDS 10
-#define DSA_SECONDS 10
-#define ECDSA_SECONDS 10
-#define ECDH_SECONDS 10
-
-/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */
-/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */
-
-#undef PROG
-#define PROG speed_main
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <string.h>
-#include <math.h>
-#include "apps.h"
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include <openssl/crypto.h>
-#include <openssl/rand.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#if !defined(OPENSSL_SYS_MSDOS)
-#include OPENSSL_UNISTD
-#endif
-
-#ifndef OPENSSL_SYS_NETWARE
-#include <signal.h>
-#endif
-
-#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX)
-# define USE_TOD
-#elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
-# define TIMES
-#endif
-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) && !defined(OPENSSL_SYS_VXWORKS) /* FIXME */
-# define TIMEB
-#endif
-
-#if defined(OPENSSL_SYS_NETWARE)
-#undef TIMES
-#undef TIMEB
-#include <time.h>
-#endif
-
-#ifndef _IRIX
-# include <time.h>
-#endif
-#ifdef TIMES
-# include <sys/types.h>
-# include <sys/times.h>
-#endif
-#ifdef USE_TOD
-# include <sys/time.h>
-# include <sys/resource.h>
-#endif
-
-/* Depending on the VMS version, the tms structure is perhaps defined.
- The __TMS macro will show if it was. If it wasn't defined, we should
- undefine TIMES, since that tells the rest of the program how things
- should be handled. -- Richard Levitte */
-#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
-#undef TIMES
-#endif
-
-#ifdef TIMEB
-#include <sys/timeb.h>
-#endif
-
-#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_NETWARE)
-#error "It seems neither struct tms nor struct timeb is supported in this platform!"
-#endif
-
-#if defined(sun) || defined(__ultrix)
-#define _POSIX_SOURCE
-#include <limits.h>
-#include <sys/param.h>
-#endif
-
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_DES
-#include <openssl/des.h>
-#endif
-#ifndef OPENSSL_NO_AES
-#include <openssl/aes.h>
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
-#include <openssl/camellia.h>
-#endif
-#ifndef OPENSSL_NO_MD2
-#include <openssl/md2.h>
-#endif
-#ifndef OPENSSL_NO_MDC2
-#include <openssl/mdc2.h>
-#endif
-#ifndef OPENSSL_NO_MD4
-#include <openssl/md4.h>
-#endif
-#ifndef OPENSSL_NO_MD5
-#include <openssl/md5.h>
-#endif
-#ifndef OPENSSL_NO_HMAC
-#include <openssl/hmac.h>
-#endif
-#include <openssl/evp.h>
-#ifndef OPENSSL_NO_SHA
-#include <openssl/sha.h>
-#endif
-#ifndef OPENSSL_NO_RIPEMD
-#include <openssl/ripemd.h>
-#endif
-#ifndef OPENSSL_NO_RC4
-#include <openssl/rc4.h>
-#endif
-#ifndef OPENSSL_NO_RC5
-#include <openssl/rc5.h>
-#endif
-#ifndef OPENSSL_NO_RC2
-#include <openssl/rc2.h>
-#endif
-#ifndef OPENSSL_NO_IDEA
-#include <openssl/idea.h>
-#endif
-#ifndef OPENSSL_NO_BF
-#include <openssl/blowfish.h>
-#endif
-#ifndef OPENSSL_NO_CAST
-#include <openssl/cast.h>
-#endif
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#include "./testrsa.h"
-#endif
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#include "./testdsa.h"
-#endif
-#ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
-#endif
-#ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
-#endif
-
-/*
- * The following "HZ" timing stuff should be sync'd up with the code in
- * crypto/tmdiff.[ch]. That appears to try to do the same job, though I think
- * this code is more up to date than libcrypto's so there may be features to
- * migrate over first. This is used in two places further down AFAICS.
- * The point is that nothing in openssl actually *uses* that tmdiff stuff, so
- * either speed.c should be using it or it should go because it's obviously not
- * useful enough. Anyone want to do a janitorial job on this?
- */
-
-/* The following if from times(3) man page. It may need to be changed */
-#ifndef HZ
-# if defined(_SC_CLK_TCK) \
- && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
-# define HZ sysconf(_SC_CLK_TCK)
-# else
-# ifndef CLK_TCK
-# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-# define HZ 100.0
-# else /* _BSD_CLK_TCK_ */
-# define HZ ((double)_BSD_CLK_TCK_)
-# endif
-# else /* CLK_TCK */
-# define HZ ((double)CLK_TCK)
-# endif
-# endif
-#endif
-
-#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2) && !defined(OPENSSL_SYS_NETWARE)
-# define HAVE_FORK 1
-#endif
-
-#undef BUFSIZE
-#define BUFSIZE ((long)1024*8+1)
-int run=0;
-
-static char ftime_used = 0, times_used = 0, gettimeofday_used = 0, getrusage_used = 0;
-static int mr=0;
-static int usertime=1;
-
-static double Time_F(int s);
-static void print_message(const char *s,long num,int length);
-static void pkey_print_message(const char *str, const char *str2,
- long num, int bits, int sec);
-static void print_result(int alg,int run_no,int count,double time_used);
-#ifdef HAVE_FORK
-static int do_multi(int multi);
-#endif
-
-#define ALGOR_NUM 24
-#define SIZE_NUM 5
-#define RSA_NUM 4
-#define DSA_NUM 3
-
-#define EC_NUM 16
-#define MAX_ECDH_SIZE 256
-
-static const char *names[ALGOR_NUM]={
- "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
- "des cbc","des ede3","idea cbc",
- "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
- "aes-128 cbc","aes-192 cbc","aes-256 cbc",
- "camellia-128 cbc","camellia-192 cbc","camellia-256 cbc",
- "evp","sha256","sha512"};
-static double results[ALGOR_NUM][SIZE_NUM];
-static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
-static double rsa_results[RSA_NUM][2];
-static double dsa_results[DSA_NUM][2];
-#ifndef OPENSSL_NO_ECDSA
-static double ecdsa_results[EC_NUM][2];
-#endif
-#ifndef OPENSSL_NO_ECDH
-static double ecdh_results[EC_NUM][1];
-#endif
-
-#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH))
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-static int rnd_fake = 0;
-#endif
-
-#ifdef SIGALRM
-#if defined(__STDC__) || defined(sgi) || defined(_AIX)
-#define SIGRETTYPE void
-#else
-#define SIGRETTYPE int
-#endif
-
-static SIGRETTYPE sig_done(int sig);
-static SIGRETTYPE sig_done(int sig)
- {
- signal(SIGALRM,sig_done);
- run=0;
-#ifdef LINT
- sig=sig;
-#endif
- }
-#endif
-
-#define START 0
-#define STOP 1
-
-#if defined(OPENSSL_SYS_NETWARE)
-
- /* for NetWare the best we can do is use clock() which returns the
- * time, in hundredths of a second, since the NLM began executing
- */
-static double Time_F(int s)
- {
- double ret;
-
- static clock_t tstart,tend;
-
- if (s == START)
- {
- tstart=clock();
- return(0);
- }
- else
- {
- tend=clock();
- ret=(double)((double)(tend)-(double)(tstart));
- return((ret < 0.001)?0.001:ret);
- }
- }
-
-#else
-
-static double Time_F(int s)
- {
- double ret;
-
-#ifdef USE_TOD
- if(usertime)
- {
- static struct rusage tstart,tend;
-
- getrusage_used = 1;
- if (s == START)
- {
- getrusage(RUSAGE_SELF,&tstart);
- return(0);
- }
- else
- {
- long i;
-
- getrusage(RUSAGE_SELF,&tend);
- i=(long)tend.ru_utime.tv_usec-(long)tstart.ru_utime.tv_usec;
- ret=((double)(tend.ru_utime.tv_sec-tstart.ru_utime.tv_sec))
- +((double)i)/1000000.0;
- return((ret < 0.001)?0.001:ret);
- }
- }
- else
- {
- static struct timeval tstart,tend;
- long i;
-
- gettimeofday_used = 1;
- if (s == START)
- {
- gettimeofday(&tstart,NULL);
- return(0);
- }
- else
- {
- gettimeofday(&tend,NULL);
- i=(long)tend.tv_usec-(long)tstart.tv_usec;
- ret=((double)(tend.tv_sec-tstart.tv_sec))+((double)i)/1000000.0;
- return((ret < 0.001)?0.001:ret);
- }
- }
-#else /* ndef USE_TOD */
-
-# ifdef TIMES
- if (usertime)
- {
- static struct tms tstart,tend;
-
- times_used = 1;
- if (s == START)
- {
- times(&tstart);
- return(0);
- }
- else
- {
- times(&tend);
- ret = HZ;
- ret=(double)(tend.tms_utime-tstart.tms_utime) / ret;
- return((ret < 1e-3)?1e-3:ret);
- }
- }
-# endif /* times() */
-# if defined(TIMES) && defined(TIMEB)
- else
-# endif
-# ifdef OPENSSL_SYS_VXWORKS
- {
- static unsigned long tick_start, tick_end;
-
- if( s == START )
- {
- tick_start = tickGet();
- return 0;
- }
- else
- {
- tick_end = tickGet();
- ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
- return((ret < 0.001)?0.001:ret);
- }
- }
-# elif defined(TIMEB)
- {
- static struct timeb tstart,tend;
- long i;
-
- ftime_used = 1;
- if (s == START)
- {
- ftime(&tstart);
- return(0);
- }
- else
- {
- ftime(&tend);
- i=(long)tend.millitm-(long)tstart.millitm;
- ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
- return((ret < 0.001)?0.001:ret);
- }
- }
-# endif
-#endif
- }
-#endif /* if defined(OPENSSL_SYS_NETWARE) */
-
-
-#ifndef OPENSSL_NO_ECDH
-static const int KDF1_SHA1_len = 20;
-static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen)
- {
-#ifndef OPENSSL_NO_SHA
- if (*outlen < SHA_DIGEST_LENGTH)
- return NULL;
- else
- *outlen = SHA_DIGEST_LENGTH;
- return SHA1(in, inlen, out);
-#else
- return NULL;
-#endif /* OPENSSL_NO_SHA */
- }
-#endif /* OPENSSL_NO_ECDH */
-
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
-#ifndef OPENSSL_NO_ENGINE
- ENGINE *e = NULL;
-#endif
- unsigned char *buf=NULL,*buf2=NULL;
- int mret=1;
- long count=0,save_count=0;
- int i,j,k;
-#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
- long rsa_count;
-#endif
-#ifndef OPENSSL_NO_RSA
- unsigned rsa_num;
-#endif
- unsigned char md[EVP_MAX_MD_SIZE];
-#ifndef OPENSSL_NO_MD2
- unsigned char md2[MD2_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_MDC2
- unsigned char mdc2[MDC2_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_MD4
- unsigned char md4[MD4_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_MD5
- unsigned char md5[MD5_DIGEST_LENGTH];
- unsigned char hmac[MD5_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_SHA
- unsigned char sha[SHA_DIGEST_LENGTH];
-#ifndef OPENSSL_NO_SHA256
- unsigned char sha256[SHA256_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_SHA512
- unsigned char sha512[SHA512_DIGEST_LENGTH];
-#endif
-#endif
-#ifndef OPENSSL_NO_RIPEMD
- unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
-#endif
-#ifndef OPENSSL_NO_RC4
- RC4_KEY rc4_ks;
-#endif
-#ifndef OPENSSL_NO_RC5
- RC5_32_KEY rc5_ks;
-#endif
-#ifndef OPENSSL_NO_RC2
- RC2_KEY rc2_ks;
-#endif
-#ifndef OPENSSL_NO_IDEA
- IDEA_KEY_SCHEDULE idea_ks;
-#endif
-#ifndef OPENSSL_NO_BF
- BF_KEY bf_ks;
-#endif
-#ifndef OPENSSL_NO_CAST
- CAST_KEY cast_ks;
-#endif
- static const unsigned char key16[16]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-#ifndef OPENSSL_NO_AES
- static const unsigned char key24[24]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
- 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
- static const unsigned char key32[32]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
- 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
- 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- static const unsigned char ckey24[24]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
- 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
- static const unsigned char ckey32[32]=
- {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
- 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
- 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
- 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
-#endif
-#ifndef OPENSSL_NO_AES
-#define MAX_BLOCK_SIZE 128
-#else
-#define MAX_BLOCK_SIZE 64
-#endif
- unsigned char DES_iv[8];
- unsigned char iv[MAX_BLOCK_SIZE/8];
-#ifndef OPENSSL_NO_DES
- DES_cblock *buf_as_des_cblock = NULL;
- static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
- static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
- static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
- DES_key_schedule sch;
- DES_key_schedule sch2;
- DES_key_schedule sch3;
-#endif
-#ifndef OPENSSL_NO_AES
- AES_KEY aes_ks1, aes_ks2, aes_ks3;
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
-#endif
-#define D_MD2 0
-#define D_MDC2 1
-#define D_MD4 2
-#define D_MD5 3
-#define D_HMAC 4
-#define D_SHA1 5
-#define D_RMD160 6
-#define D_RC4 7
-#define D_CBC_DES 8
-#define D_EDE3_DES 9
-#define D_CBC_IDEA 10
-#define D_CBC_RC2 11
-#define D_CBC_RC5 12
-#define D_CBC_BF 13
-#define D_CBC_CAST 14
-#define D_CBC_128_AES 15
-#define D_CBC_192_AES 16
-#define D_CBC_256_AES 17
-#define D_CBC_128_CML 18
-#define D_CBC_192_CML 19
-#define D_CBC_256_CML 20
-#define D_EVP 21
-#define D_SHA256 22
-#define D_SHA512 23
- double d=0.0;
- long c[ALGOR_NUM][SIZE_NUM];
-#define R_DSA_512 0
-#define R_DSA_1024 1
-#define R_DSA_2048 2
-#define R_RSA_512 0
-#define R_RSA_1024 1
-#define R_RSA_2048 2
-#define R_RSA_4096 3
-
-#define R_EC_P160 0
-#define R_EC_P192 1
-#define R_EC_P224 2
-#define R_EC_P256 3
-#define R_EC_P384 4
-#define R_EC_P521 5
-#define R_EC_K163 6
-#define R_EC_K233 7
-#define R_EC_K283 8
-#define R_EC_K409 9
-#define R_EC_K571 10
-#define R_EC_B163 11
-#define R_EC_B233 12
-#define R_EC_B283 13
-#define R_EC_B409 14
-#define R_EC_B571 15
-
-#ifndef OPENSSL_NO_RSA
- RSA *rsa_key[RSA_NUM];
- long rsa_c[RSA_NUM][2];
- static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
- static unsigned char *rsa_data[RSA_NUM]=
- {test512,test1024,test2048,test4096};
- static int rsa_data_length[RSA_NUM]={
- sizeof(test512),sizeof(test1024),
- sizeof(test2048),sizeof(test4096)};
-#endif
-#ifndef OPENSSL_NO_DSA
- DSA *dsa_key[DSA_NUM];
- long dsa_c[DSA_NUM][2];
- static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
-#endif
-#ifndef OPENSSL_NO_EC
- /* We only test over the following curves as they are representative,
- * To add tests over more curves, simply add the curve NID
- * and curve name to the following arrays and increase the
- * EC_NUM value accordingly.
- */
- static unsigned int test_curves[EC_NUM] =
- {
- /* Prime Curves */
- NID_secp160r1,
- NID_X9_62_prime192v1,
- NID_secp224r1,
- NID_X9_62_prime256v1,
- NID_secp384r1,
- NID_secp521r1,
- /* Binary Curves */
- NID_sect163k1,
- NID_sect233k1,
- NID_sect283k1,
- NID_sect409k1,
- NID_sect571k1,
- NID_sect163r2,
- NID_sect233r1,
- NID_sect283r1,
- NID_sect409r1,
- NID_sect571r1
- };
- static const char * test_curves_names[EC_NUM] =
- {
- /* Prime Curves */
- "secp160r1",
- "nistp192",
- "nistp224",
- "nistp256",
- "nistp384",
- "nistp521",
- /* Binary Curves */
- "nistk163",
- "nistk233",
- "nistk283",
- "nistk409",
- "nistk571",
- "nistb163",
- "nistb233",
- "nistb283",
- "nistb409",
- "nistb571"
- };
- static int test_curves_bits[EC_NUM] =
- {
- 160, 192, 224, 256, 384, 521,
- 163, 233, 283, 409, 571,
- 163, 233, 283, 409, 571
- };
-
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
- unsigned char ecdsasig[256];
- unsigned int ecdsasiglen;
- EC_KEY *ecdsa[EC_NUM];
- long ecdsa_c[EC_NUM][2];
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
- unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
- int secret_size_a, secret_size_b;
- int ecdh_checks = 0;
- int secret_idx = 0;
- long ecdh_c[EC_NUM][2];
-#endif
-
- int rsa_doit[RSA_NUM];
- int dsa_doit[DSA_NUM];
-#ifndef OPENSSL_NO_ECDSA
- int ecdsa_doit[EC_NUM];
-#endif
-#ifndef OPENSSL_NO_ECDH
- int ecdh_doit[EC_NUM];
-#endif
- int doit[ALGOR_NUM];
- int pr_header=0;
- const EVP_CIPHER *evp_cipher=NULL;
- const EVP_MD *evp_md=NULL;
- int decrypt=0;
-#ifdef HAVE_FORK
- int multi=0;
-#endif
-
-#ifndef TIMES
- usertime=-1;
-#endif
-
- apps_startup();
- memset(results, 0, sizeof(results));
-#ifndef OPENSSL_NO_DSA
- memset(dsa_key,0,sizeof(dsa_key));
-#endif
-#ifndef OPENSSL_NO_ECDSA
- for (i=0; i<EC_NUM; i++) ecdsa[i] = NULL;
-#endif
-#ifndef OPENSSL_NO_ECDH
- for (i=0; i<EC_NUM; i++)
- {
- ecdh_a[i] = NULL;
- ecdh_b[i] = NULL;
- }
-#endif
-
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
-#ifndef OPENSSL_NO_RSA
- memset(rsa_key,0,sizeof(rsa_key));
- for (i=0; i<RSA_NUM; i++)
- rsa_key[i]=NULL;
-#endif
-
- if ((buf=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
- {
- BIO_printf(bio_err,"out of memory\n");
- goto end;
- }
-#ifndef OPENSSL_NO_DES
- buf_as_des_cblock = (DES_cblock *)buf;
-#endif
- if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
- {
- BIO_printf(bio_err,"out of memory\n");
- goto end;
- }
-
- memset(c,0,sizeof(c));
- memset(DES_iv,0,sizeof(DES_iv));
- memset(iv,0,sizeof(iv));
-
- for (i=0; i<ALGOR_NUM; i++)
- doit[i]=0;
- for (i=0; i<RSA_NUM; i++)
- rsa_doit[i]=0;
- for (i=0; i<DSA_NUM; i++)
- dsa_doit[i]=0;
-#ifndef OPENSSL_NO_ECDSA
- for (i=0; i<EC_NUM; i++)
- ecdsa_doit[i]=0;
-#endif
-#ifndef OPENSSL_NO_ECDH
- for (i=0; i<EC_NUM; i++)
- ecdh_doit[i]=0;
-#endif
-
-
- j=0;
- argc--;
- argv++;
- while (argc)
- {
- if ((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
- {
- usertime = 0;
- j--; /* Otherwise, -elapsed gets confused with
- an algorithm. */
- }
- else if ((argc > 0) && (strcmp(*argv,"-evp") == 0))
- {
- argc--;
- argv++;
- if(argc == 0)
- {
- BIO_printf(bio_err,"no EVP given\n");
- goto end;
- }
- evp_cipher=EVP_get_cipherbyname(*argv);
- if(!evp_cipher)
- {
- evp_md=EVP_get_digestbyname(*argv);
- }
- if(!evp_cipher && !evp_md)
- {
- BIO_printf(bio_err,"%s is an unknown cipher or digest\n",*argv);
- goto end;
- }
- doit[D_EVP]=1;
- }
- else if (argc > 0 && !strcmp(*argv,"-decrypt"))
- {
- decrypt=1;
- j--; /* Otherwise, -elapsed gets confused with
- an algorithm. */
- }
-#ifndef OPENSSL_NO_ENGINE
- else if ((argc > 0) && (strcmp(*argv,"-engine") == 0))
- {
- argc--;
- argv++;
- if(argc == 0)
- {
- BIO_printf(bio_err,"no engine given\n");
- goto end;
- }
- e = setup_engine(bio_err, *argv, 0);
- /* j will be increased again further down. We just
- don't want speed to confuse an engine with an
- algorithm, especially when none is given (which
- means all of them should be run) */
- j--;
- }
-#endif
-#ifdef HAVE_FORK
- else if ((argc > 0) && (strcmp(*argv,"-multi") == 0))
- {
- argc--;
- argv++;
- if(argc == 0)
- {
- BIO_printf(bio_err,"no multi count given\n");
- goto end;
- }
- multi=atoi(argv[0]);
- if(multi <= 0)
- {
- BIO_printf(bio_err,"bad multi count\n");
- goto end;
- }
- j--; /* Otherwise, -mr gets confused with
- an algorithm. */
- }
-#endif
- else if (argc > 0 && !strcmp(*argv,"-mr"))
- {
- mr=1;
- j--; /* Otherwise, -mr gets confused with
- an algorithm. */
- }
- else
-#ifndef OPENSSL_NO_MD2
- if (strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
- else
-#endif
-#ifndef OPENSSL_NO_MDC2
- if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
- else
-#endif
-#ifndef OPENSSL_NO_MD4
- if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
- else
-#endif
-#ifndef OPENSSL_NO_MD5
- if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
- else
-#endif
-#ifndef OPENSSL_NO_MD5
- if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
- else
-#endif
-#ifndef OPENSSL_NO_SHA
- if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
- else
- if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1,
- doit[D_SHA256]=1,
- doit[D_SHA512]=1;
- else
-#ifndef OPENSSL_NO_SHA256
- if (strcmp(*argv,"sha256") == 0) doit[D_SHA256]=1;
- else
-#endif
-#ifndef OPENSSL_NO_SHA512
- if (strcmp(*argv,"sha512") == 0) doit[D_SHA512]=1;
- else
-#endif
-#endif
-#ifndef OPENSSL_NO_RIPEMD
- if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
- else
- if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
- else
- if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
- else
-#endif
-#ifndef OPENSSL_NO_RC4
- if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
- else
-#endif
-#ifndef OPENSSL_NO_DES
- if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
- else if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
- else
-#endif
-#ifndef OPENSSL_NO_AES
- if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1;
- else if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1;
- else if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;
- else
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- if (strcmp(*argv,"camellia-128-cbc") == 0) doit[D_CBC_128_CML]=1;
- else if (strcmp(*argv,"camellia-192-cbc") == 0) doit[D_CBC_192_CML]=1;
- else if (strcmp(*argv,"camellia-256-cbc") == 0) doit[D_CBC_256_CML]=1;
- else
-#endif
-#ifndef OPENSSL_NO_RSA
-#if 0 /* was: #ifdef RSAref */
- if (strcmp(*argv,"rsaref") == 0)
- {
- RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
- j--;
- }
- else
-#endif
-#ifndef RSA_NULL
- if (strcmp(*argv,"openssl") == 0)
- {
- RSA_set_default_method(RSA_PKCS1_SSLeay());
- j--;
- }
- else
-#endif
-#endif /* !OPENSSL_NO_RSA */
- if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
- else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
- else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2;
- else if (strcmp(*argv,"rsa512") == 0) rsa_doit[R_RSA_512]=2;
- else if (strcmp(*argv,"rsa1024") == 0) rsa_doit[R_RSA_1024]=2;
- else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2;
- else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2;
- else
-#ifndef OPENSSL_NO_RC2
- if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1;
- else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
- else
-#endif
-#ifndef OPENSSL_NO_RC5
- if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
- else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
- else
-#endif
-#ifndef OPENSSL_NO_IDEA
- if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
- else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
- else
-#endif
-#ifndef OPENSSL_NO_BF
- if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
- else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
- else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
- else
-#endif
-#ifndef OPENSSL_NO_CAST
- if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
- else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
- else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
- else
-#endif
-#ifndef OPENSSL_NO_DES
- if (strcmp(*argv,"des") == 0)
- {
- doit[D_CBC_DES]=1;
- doit[D_EDE3_DES]=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_AES
- if (strcmp(*argv,"aes") == 0)
- {
- doit[D_CBC_128_AES]=1;
- doit[D_CBC_192_AES]=1;
- doit[D_CBC_256_AES]=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- if (strcmp(*argv,"camellia") == 0)
- {
- doit[D_CBC_128_CML]=1;
- doit[D_CBC_192_CML]=1;
- doit[D_CBC_256_CML]=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_RSA
- if (strcmp(*argv,"rsa") == 0)
- {
- rsa_doit[R_RSA_512]=1;
- rsa_doit[R_RSA_1024]=1;
- rsa_doit[R_RSA_2048]=1;
- rsa_doit[R_RSA_4096]=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (strcmp(*argv,"dsa") == 0)
- {
- dsa_doit[R_DSA_512]=1;
- dsa_doit[R_DSA_1024]=1;
- dsa_doit[R_DSA_2048]=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
- else if (strcmp(*argv,"ecdsap192") == 0) ecdsa_doit[R_EC_P192]=2;
- else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
- else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
- else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
- else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
- else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
- else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
- else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
- else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
- else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
- else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
- else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
- else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
- else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
- else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
- else if (strcmp(*argv,"ecdsa") == 0)
- {
- for (i=0; i < EC_NUM; i++)
- ecdsa_doit[i]=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
- else if (strcmp(*argv,"ecdhp192") == 0) ecdh_doit[R_EC_P192]=2;
- else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
- else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
- else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
- else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
- else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
- else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
- else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
- else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
- else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
- else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
- else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
- else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
- else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
- else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
- else if (strcmp(*argv,"ecdh") == 0)
- {
- for (i=0; i < EC_NUM; i++)
- ecdh_doit[i]=1;
- }
- else
-#endif
- {
- BIO_printf(bio_err,"Error: bad option or value\n");
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err,"Available values:\n");
-#ifndef OPENSSL_NO_MD2
- BIO_printf(bio_err,"md2 ");
-#endif
-#ifndef OPENSSL_NO_MDC2
- BIO_printf(bio_err,"mdc2 ");
-#endif
-#ifndef OPENSSL_NO_MD4
- BIO_printf(bio_err,"md4 ");
-#endif
-#ifndef OPENSSL_NO_MD5
- BIO_printf(bio_err,"md5 ");
-#ifndef OPENSSL_NO_HMAC
- BIO_printf(bio_err,"hmac ");
-#endif
-#endif
-#ifndef OPENSSL_NO_SHA1
- BIO_printf(bio_err,"sha1 ");
-#endif
-#ifndef OPENSSL_NO_SHA256
- BIO_printf(bio_err,"sha256 ");
-#endif
-#ifndef OPENSSL_NO_SHA512
- BIO_printf(bio_err,"sha512 ");
-#endif
-#ifndef OPENSSL_NO_RIPEMD160
- BIO_printf(bio_err,"rmd160");
-#endif
-#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
- !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
- !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160)
- BIO_printf(bio_err,"\n");
-#endif
-
-#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err,"idea-cbc ");
-#endif
-#ifndef OPENSSL_NO_RC2
- BIO_printf(bio_err,"rc2-cbc ");
-#endif
-#ifndef OPENSSL_NO_RC5
- BIO_printf(bio_err,"rc5-cbc ");
-#endif
-#ifndef OPENSSL_NO_BF
- BIO_printf(bio_err,"bf-cbc");
-#endif
-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
- !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
- BIO_printf(bio_err,"\n");
-#endif
-#ifndef OPENSSL_NO_DES
- BIO_printf(bio_err,"des-cbc des-ede3 ");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err,"camellia-128-cbc camellia-192-cbc camellia-256-cbc ");
-#endif
-#ifndef OPENSSL_NO_RC4
- BIO_printf(bio_err,"rc4");
-#endif
- BIO_printf(bio_err,"\n");
-
-#ifndef OPENSSL_NO_RSA
- BIO_printf(bio_err,"rsa512 rsa1024 rsa2048 rsa4096\n");
-#endif
-
-#ifndef OPENSSL_NO_DSA
- BIO_printf(bio_err,"dsa512 dsa1024 dsa2048\n");
-#endif
-#ifndef OPENSSL_NO_ECDSA
- BIO_printf(bio_err,"ecdsap160 ecdsap192 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
- BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
- BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
- BIO_printf(bio_err,"ecdsa\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
- BIO_printf(bio_err,"ecdhp160 ecdhp192 ecdhp224 ecdhp256 ecdhp384 ecdhp521\n");
- BIO_printf(bio_err,"ecdhk163 ecdhk233 ecdhk283 ecdhk409 ecdhk571\n");
- BIO_printf(bio_err,"ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n");
- BIO_printf(bio_err,"ecdh\n");
-#endif
-
-#ifndef OPENSSL_NO_IDEA
- BIO_printf(bio_err,"idea ");
-#endif
-#ifndef OPENSSL_NO_RC2
- BIO_printf(bio_err,"rc2 ");
-#endif
-#ifndef OPENSSL_NO_DES
- BIO_printf(bio_err,"des ");
-#endif
-#ifndef OPENSSL_NO_AES
- BIO_printf(bio_err,"aes ");
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- BIO_printf(bio_err,"camellia ");
-#endif
-#ifndef OPENSSL_NO_RSA
- BIO_printf(bio_err,"rsa ");
-#endif
-#ifndef OPENSSL_NO_BF
- BIO_printf(bio_err,"blowfish");
-#endif
-#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
- !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \
- !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES) || \
- !defined(OPENSSL_NO_CAMELLIA)
- BIO_printf(bio_err,"\n");
-#endif
-
- BIO_printf(bio_err,"\n");
- BIO_printf(bio_err,"Available options:\n");
-#if defined(TIMES) || defined(USE_TOD)
- BIO_printf(bio_err,"-elapsed measure time in real time instead of CPU user time.\n");
-#endif
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err,"-engine e use engine e, possibly a hardware device.\n");
-#endif
- BIO_printf(bio_err,"-evp e use EVP e.\n");
- BIO_printf(bio_err,"-decrypt time decryption instead of encryption (only EVP).\n");
- BIO_printf(bio_err,"-mr produce machine readable output.\n");
-#ifdef HAVE_FORK
- BIO_printf(bio_err,"-multi n run n benchmarks in parallel.\n");
-#endif
- goto end;
- }
- argc--;
- argv++;
- j++;
- }
-
-#ifdef HAVE_FORK
- if(multi && do_multi(multi))
- goto show_res;
-#endif
-
- if (j == 0)
- {
- for (i=0; i<ALGOR_NUM; i++)
- {
- if (i != D_EVP)
- doit[i]=1;
- }
- for (i=0; i<RSA_NUM; i++)
- rsa_doit[i]=1;
- for (i=0; i<DSA_NUM; i++)
- dsa_doit[i]=1;
- }
- for (i=0; i<ALGOR_NUM; i++)
- if (doit[i]) pr_header++;
-
- if (usertime == 0 && !mr)
- BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");
- if (usertime <= 0 && !mr)
- {
- BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
- BIO_printf(bio_err,"program when this computer is idle.\n");
- }
-
-#ifndef OPENSSL_NO_RSA
- for (i=0; i<RSA_NUM; i++)
- {
- const unsigned char *p;
-
- p=rsa_data[i];
- rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);
- if (rsa_key[i] == NULL)
- {
- BIO_printf(bio_err,"internal error loading RSA key number %d\n",i);
- goto end;
- }
-#if 0
- else
- {
- BIO_printf(bio_err,mr ? "+RK:%d:"
- : "Loaded RSA key, %d bit modulus and e= 0x",
- BN_num_bits(rsa_key[i]->n));
- BN_print(bio_err,rsa_key[i]->e);
- BIO_printf(bio_err,"\n");
- }
-#endif
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
- dsa_key[0]=get_dsa512();
- dsa_key[1]=get_dsa1024();
- dsa_key[2]=get_dsa2048();
-#endif
-
-#ifndef OPENSSL_NO_DES
- DES_set_key_unchecked(&key,&sch);
- DES_set_key_unchecked(&key2,&sch2);
- DES_set_key_unchecked(&key3,&sch3);
-#endif
-#ifndef OPENSSL_NO_AES
- AES_set_encrypt_key(key16,128,&aes_ks1);
- AES_set_encrypt_key(key24,192,&aes_ks2);
- AES_set_encrypt_key(key32,256,&aes_ks3);
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- Camellia_set_key(key16,128,&camellia_ks1);
- Camellia_set_key(ckey24,192,&camellia_ks2);
- Camellia_set_key(ckey32,256,&camellia_ks3);
-#endif
-#ifndef OPENSSL_NO_IDEA
- idea_set_encrypt_key(key16,&idea_ks);
-#endif
-#ifndef OPENSSL_NO_RC4
- RC4_set_key(&rc4_ks,16,key16);
-#endif
-#ifndef OPENSSL_NO_RC2
- RC2_set_key(&rc2_ks,16,key16,128);
-#endif
-#ifndef OPENSSL_NO_RC5
- RC5_32_set_key(&rc5_ks,16,key16,12);
-#endif
-#ifndef OPENSSL_NO_BF
- BF_set_key(&bf_ks,16,key16);
-#endif
-#ifndef OPENSSL_NO_CAST
- CAST_set_key(&cast_ks,16,key16);
-#endif
-#ifndef OPENSSL_NO_RSA
- memset(rsa_c,0,sizeof(rsa_c));
-#endif
-#ifndef SIGALRM
-#ifndef OPENSSL_NO_DES
- BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
- count=10;
- do {
- long it;
- count*=2;
- Time_F(START);
- for (it=count; it; it--)
- DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
- &sch,DES_ENCRYPT);
- d=Time_F(STOP);
- } while (d <3);
- save_count=count;
- c[D_MD2][0]=count/10;
- c[D_MDC2][0]=count/10;
- c[D_MD4][0]=count;
- c[D_MD5][0]=count;
- c[D_HMAC][0]=count;
- c[D_SHA1][0]=count;
- c[D_RMD160][0]=count;
- c[D_RC4][0]=count*5;
- c[D_CBC_DES][0]=count;
- c[D_EDE3_DES][0]=count/3;
- c[D_CBC_IDEA][0]=count;
- c[D_CBC_RC2][0]=count;
- c[D_CBC_RC5][0]=count;
- c[D_CBC_BF][0]=count;
- c[D_CBC_CAST][0]=count;
- c[D_CBC_128_AES][0]=count;
- c[D_CBC_192_AES][0]=count;
- c[D_CBC_256_AES][0]=count;
- c[D_CBC_128_CML][0]=count;
- c[D_CBC_192_CML][0]=count;
- c[D_CBC_256_CML][0]=count;
- c[D_SHA256][0]=count;
- c[D_SHA512][0]=count;
-
- for (i=1; i<SIZE_NUM; i++)
- {
- c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
- c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
- c[D_MD4][i]=c[D_MD4][0]*4*lengths[0]/lengths[i];
- c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
- c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
- c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
- c[D_RMD160][i]=c[D_RMD160][0]*4*lengths[0]/lengths[i];
- c[D_SHA256][i]=c[D_SHA256][0]*4*lengths[0]/lengths[i];
- c[D_SHA512][i]=c[D_SHA512][0]*4*lengths[0]/lengths[i];
- }
- for (i=1; i<SIZE_NUM; i++)
- {
- long l0,l1;
-
- l0=(long)lengths[i-1];
- l1=(long)lengths[i];
- c[D_RC4][i]=c[D_RC4][i-1]*l0/l1;
- c[D_CBC_DES][i]=c[D_CBC_DES][i-1]*l0/l1;
- c[D_EDE3_DES][i]=c[D_EDE3_DES][i-1]*l0/l1;
- c[D_CBC_IDEA][i]=c[D_CBC_IDEA][i-1]*l0/l1;
- c[D_CBC_RC2][i]=c[D_CBC_RC2][i-1]*l0/l1;
- c[D_CBC_RC5][i]=c[D_CBC_RC5][i-1]*l0/l1;
- c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
- c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
- c[D_CBC_128_AES][i]=c[D_CBC_128_AES][i-1]*l0/l1;
- c[D_CBC_192_AES][i]=c[D_CBC_192_AES][i-1]*l0/l1;
- c[D_CBC_256_AES][i]=c[D_CBC_256_AES][i-1]*l0/l1;
- c[D_CBC_128_CML][i]=c[D_CBC_128_CML][i-1]*l0/l1;
- c[D_CBC_192_CML][i]=c[D_CBC_192_CML][i-1]*l0/l1;
- c[D_CBC_256_CML][i]=c[D_CBC_256_CML][i-1]*l0/l1;
- }
-#ifndef OPENSSL_NO_RSA
- rsa_c[R_RSA_512][0]=count/2000;
- rsa_c[R_RSA_512][1]=count/400;
- for (i=1; i<RSA_NUM; i++)
- {
- rsa_c[i][0]=rsa_c[i-1][0]/8;
- rsa_c[i][1]=rsa_c[i-1][1]/4;
- if ((rsa_doit[i] <= 1) && (rsa_c[i][0] == 0))
- rsa_doit[i]=0;
- else
- {
- if (rsa_c[i][0] == 0)
- {
- rsa_c[i][0]=1;
- rsa_c[i][1]=20;
- }
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
- dsa_c[R_DSA_512][0]=count/1000;
- dsa_c[R_DSA_512][1]=count/1000/2;
- for (i=1; i<DSA_NUM; i++)
- {
- dsa_c[i][0]=dsa_c[i-1][0]/4;
- dsa_c[i][1]=dsa_c[i-1][1]/4;
- if ((dsa_doit[i] <= 1) && (dsa_c[i][0] == 0))
- dsa_doit[i]=0;
- else
- {
- if (dsa_c[i] == 0)
- {
- dsa_c[i][0]=1;
- dsa_c[i][1]=1;
- }
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
- ecdsa_c[R_EC_P160][0]=count/1000;
- ecdsa_c[R_EC_P160][1]=count/1000/2;
- for (i=R_EC_P192; i<=R_EC_P521; i++)
- {
- ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
- ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
- if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
- ecdsa_doit[i]=0;
- else
- {
- if (ecdsa_c[i] == 0)
- {
- ecdsa_c[i][0]=1;
- ecdsa_c[i][1]=1;
- }
- }
- }
- ecdsa_c[R_EC_K163][0]=count/1000;
- ecdsa_c[R_EC_K163][1]=count/1000/2;
- for (i=R_EC_K233; i<=R_EC_K571; i++)
- {
- ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
- ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
- if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
- ecdsa_doit[i]=0;
- else
- {
- if (ecdsa_c[i] == 0)
- {
- ecdsa_c[i][0]=1;
- ecdsa_c[i][1]=1;
- }
- }
- }
- ecdsa_c[R_EC_B163][0]=count/1000;
- ecdsa_c[R_EC_B163][1]=count/1000/2;
- for (i=R_EC_B233; i<=R_EC_B571; i++)
- {
- ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
- ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
- if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
- ecdsa_doit[i]=0;
- else
- {
- if (ecdsa_c[i] == 0)
- {
- ecdsa_c[i][0]=1;
- ecdsa_c[i][1]=1;
- }
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- ecdh_c[R_EC_P160][0]=count/1000;
- ecdh_c[R_EC_P160][1]=count/1000;
- for (i=R_EC_P192; i<=R_EC_P521; i++)
- {
- ecdh_c[i][0]=ecdh_c[i-1][0]/2;
- ecdh_c[i][1]=ecdh_c[i-1][1]/2;
- if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
- ecdh_doit[i]=0;
- else
- {
- if (ecdh_c[i] == 0)
- {
- ecdh_c[i][0]=1;
- ecdh_c[i][1]=1;
- }
- }
- }
- ecdh_c[R_EC_K163][0]=count/1000;
- ecdh_c[R_EC_K163][1]=count/1000;
- for (i=R_EC_K233; i<=R_EC_K571; i++)
- {
- ecdh_c[i][0]=ecdh_c[i-1][0]/2;
- ecdh_c[i][1]=ecdh_c[i-1][1]/2;
- if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
- ecdh_doit[i]=0;
- else
- {
- if (ecdh_c[i] == 0)
- {
- ecdh_c[i][0]=1;
- ecdh_c[i][1]=1;
- }
- }
- }
- ecdh_c[R_EC_B163][0]=count/1000;
- ecdh_c[R_EC_B163][1]=count/1000;
- for (i=R_EC_B233; i<=R_EC_B571; i++)
- {
- ecdh_c[i][0]=ecdh_c[i-1][0]/2;
- ecdh_c[i][1]=ecdh_c[i-1][1]/2;
- if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
- ecdh_doit[i]=0;
- else
- {
- if (ecdh_c[i] == 0)
- {
- ecdh_c[i][0]=1;
- ecdh_c[i][1]=1;
- }
- }
- }
-#endif
-
-#define COND(d) (count < (d))
-#define COUNT(d) (d)
-#else
-/* not worth fixing */
-# error "You cannot disable DES on systems without SIGALRM."
-#endif /* OPENSSL_NO_DES */
-#else
-#define COND(c) (run)
-#define COUNT(d) (count)
- signal(SIGALRM,sig_done);
-#endif /* SIGALRM */
-
-#ifndef OPENSSL_NO_MD2
- if (doit[D_MD2])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_MD2][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL);
- d=Time_F(STOP);
- print_result(D_MD2,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_MDC2
- if (doit[D_MDC2])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_MDC2][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL);
- d=Time_F(STOP);
- print_result(D_MDC2,j,count,d);
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_MD4
- if (doit[D_MD4])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_MD4][j]); count++)
- EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL);
- d=Time_F(STOP);
- print_result(D_MD4,j,count,d);
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_MD5
- if (doit[D_MD5])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_MD5][j]); count++)
- EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL);
- d=Time_F(STOP);
- print_result(D_MD5,j,count,d);
- }
- }
-#endif
-
-#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
- if (doit[D_HMAC])
- {
- HMAC_CTX hctx;
-
- HMAC_CTX_init(&hctx);
- HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
- 16,EVP_md5(), NULL);
-
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_HMAC],c[D_HMAC][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_HMAC][j]); count++)
- {
- HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
- HMAC_Update(&hctx,buf,lengths[j]);
- HMAC_Final(&hctx,&(hmac[0]),NULL);
- }
- d=Time_F(STOP);
- print_result(D_HMAC,j,count,d);
- }
- HMAC_CTX_cleanup(&hctx);
- }
-#endif
-#ifndef OPENSSL_NO_SHA
- if (doit[D_SHA1])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_SHA1][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL);
- d=Time_F(STOP);
- print_result(D_SHA1,j,count,d);
- }
- }
-
-#ifndef OPENSSL_NO_SHA256
- if (doit[D_SHA256])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_SHA256],c[D_SHA256][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_SHA256][j]); count++)
- SHA256(buf,lengths[j],sha256);
- d=Time_F(STOP);
- print_result(D_SHA256,j,count,d);
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_SHA512
- if (doit[D_SHA512])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_SHA512],c[D_SHA512][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_SHA512][j]); count++)
- SHA512(buf,lengths[j],sha512);
- d=Time_F(STOP);
- print_result(D_SHA512,j,count,d);
- }
- }
-#endif
-
-#endif
-#ifndef OPENSSL_NO_RIPEMD
- if (doit[D_RMD160])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_RMD160][j]); count++)
- EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL);
- d=Time_F(STOP);
- print_result(D_RMD160,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_RC4
- if (doit[D_RC4])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_RC4],c[D_RC4][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_RC4][j]); count++)
- RC4(&rc4_ks,(unsigned int)lengths[j],
- buf,buf);
- d=Time_F(STOP);
- print_result(D_RC4,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_DES
- if (doit[D_CBC_DES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
- DES_ncbc_encrypt(buf,buf,lengths[j],&sch,
- &DES_iv,DES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_DES,j,count,d);
- }
- }
-
- if (doit[D_EDE3_DES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
- DES_ede3_cbc_encrypt(buf,buf,lengths[j],
- &sch,&sch2,&sch3,
- &DES_iv,DES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_EDE3_DES,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_AES
- if (doit[D_CBC_128_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_128_AES],c[D_CBC_128_AES][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_128_AES][j]); count++)
- AES_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&aes_ks1,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_128_AES,j,count,d);
- }
- }
- if (doit[D_CBC_192_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_192_AES],c[D_CBC_192_AES][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_192_AES][j]); count++)
- AES_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&aes_ks2,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_192_AES,j,count,d);
- }
- }
- if (doit[D_CBC_256_AES])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_256_AES],c[D_CBC_256_AES][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_256_AES][j]); count++)
- AES_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&aes_ks3,
- iv,AES_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_256_AES,j,count,d);
- }
- }
-
-#endif
-#ifndef OPENSSL_NO_CAMELLIA
- if (doit[D_CBC_128_CML])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_128_CML],c[D_CBC_128_CML][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_128_CML][j]); count++)
- Camellia_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&camellia_ks1,
- iv,CAMELLIA_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_128_CML,j,count,d);
- }
- }
- if (doit[D_CBC_192_CML])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_192_CML],c[D_CBC_192_CML][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_192_CML][j]); count++)
- Camellia_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&camellia_ks2,
- iv,CAMELLIA_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_192_CML,j,count,d);
- }
- }
- if (doit[D_CBC_256_CML])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_256_CML],c[D_CBC_256_CML][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_256_CML][j]); count++)
- Camellia_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&camellia_ks3,
- iv,CAMELLIA_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_256_CML,j,count,d);
- }
- }
-
-#endif
-#ifndef OPENSSL_NO_IDEA
- if (doit[D_CBC_IDEA])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_IDEA],c[D_CBC_IDEA][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
- idea_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&idea_ks,
- iv,IDEA_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_IDEA,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_RC2
- if (doit[D_CBC_RC2])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_RC2],c[D_CBC_RC2][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
- RC2_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&rc2_ks,
- iv,RC2_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_RC2,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_RC5
- if (doit[D_CBC_RC5])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_RC5],c[D_CBC_RC5][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
- RC5_32_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&rc5_ks,
- iv,RC5_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_RC5,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_BF
- if (doit[D_CBC_BF])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_BF],c[D_CBC_BF][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
- BF_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&bf_ks,
- iv,BF_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_BF,j,count,d);
- }
- }
-#endif
-#ifndef OPENSSL_NO_CAST
- if (doit[D_CBC_CAST])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- print_message(names[D_CBC_CAST],c[D_CBC_CAST][j],lengths[j]);
- Time_F(START);
- for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
- CAST_cbc_encrypt(buf,buf,
- (unsigned long)lengths[j],&cast_ks,
- iv,CAST_ENCRYPT);
- d=Time_F(STOP);
- print_result(D_CBC_CAST,j,count,d);
- }
- }
-#endif
-
- if (doit[D_EVP])
- {
- for (j=0; j<SIZE_NUM; j++)
- {
- if (evp_cipher)
- {
- EVP_CIPHER_CTX ctx;
- int outl;
-
- names[D_EVP]=OBJ_nid2ln(evp_cipher->nid);
- /* -O3 -fschedule-insns messes up an
- * optimization here! names[D_EVP]
- * somehow becomes NULL */
- print_message(names[D_EVP],save_count,
- lengths[j]);
-
- EVP_CIPHER_CTX_init(&ctx);
- if(decrypt)
- EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
- else
- EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
-
- Time_F(START);
- if(decrypt)
- for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
- EVP_DecryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
- else
- for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
- EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
- if(decrypt)
- EVP_DecryptFinal_ex(&ctx,buf,&outl);
- else
- EVP_EncryptFinal_ex(&ctx,buf,&outl);
- d=Time_F(STOP);
- EVP_CIPHER_CTX_cleanup(&ctx);
- }
- if (evp_md)
- {
- names[D_EVP]=OBJ_nid2ln(evp_md->type);
- print_message(names[D_EVP],save_count,
- lengths[j]);
-
- Time_F(START);
- for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
- EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL);
-
- d=Time_F(STOP);
- }
- print_result(D_EVP,j,count,d);
- }
- }
-
- RAND_pseudo_bytes(buf,36);
-#ifndef OPENSSL_NO_RSA
- for (j=0; j<RSA_NUM; j++)
- {
- int ret;
- if (!rsa_doit[j]) continue;
- ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,"RSA sign failure. No RSA sign will be done.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- pkey_print_message("private","rsa",
- rsa_c[j][0],rsa_bits[j],
- RSA_SECONDS);
-/* RSA_blinding_on(rsa_key[j],NULL); */
- Time_F(START);
- for (count=0,run=1; COND(rsa_c[j][0]); count++)
- {
- ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
- &rsa_num, rsa_key[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,
- "RSA sign failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
- BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
- : "%ld %d bit private RSA's in %.2fs\n",
- count,rsa_bits[j],d);
- rsa_results[j][0]=d/(double)count;
- rsa_count=count;
- }
-
-#if 1
- ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
- if (ret <= 0)
- {
- BIO_printf(bio_err,"RSA verify failure. No RSA verify will be done.\n");
- ERR_print_errors(bio_err);
- rsa_doit[j] = 0;
- }
- else
- {
- pkey_print_message("public","rsa",
- rsa_c[j][1],rsa_bits[j],
- RSA_SECONDS);
- Time_F(START);
- for (count=0,run=1; COND(rsa_c[j][1]); count++)
- {
- ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
- rsa_num, rsa_key[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,
- "RSA verify failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
- BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
- : "%ld %d bit public RSA's in %.2fs\n",
- count,rsa_bits[j],d);
- rsa_results[j][1]=d/(double)count;
- }
-#endif
-
- if (rsa_count <= 1)
- {
- /* if longer than 10s, don't do any more */
- for (j++; j<RSA_NUM; j++)
- rsa_doit[j]=0;
- }
- }
-#endif
-
- RAND_pseudo_bytes(buf,20);
-#ifndef OPENSSL_NO_DSA
- if (RAND_status() != 1)
- {
- RAND_seed(rnd_seed, sizeof rnd_seed);
- rnd_fake = 1;
- }
- for (j=0; j<DSA_NUM; j++)
- {
- unsigned int kk;
- int ret;
-
- if (!dsa_doit[j]) continue;
-/* DSA_generate_key(dsa_key[j]); */
-/* DSA_sign_setup(dsa_key[j],NULL); */
- ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
- &kk,dsa_key[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,"DSA sign failure. No DSA sign will be done.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- pkey_print_message("sign","dsa",
- dsa_c[j][0],dsa_bits[j],
- DSA_SECONDS);
- Time_F(START);
- for (count=0,run=1; COND(dsa_c[j][0]); count++)
- {
- ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
- &kk,dsa_key[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,
- "DSA sign failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
- BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
- : "%ld %d bit DSA signs in %.2fs\n",
- count,dsa_bits[j],d);
- dsa_results[j][0]=d/(double)count;
- rsa_count=count;
- }
-
- ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
- kk,dsa_key[j]);
- if (ret <= 0)
- {
- BIO_printf(bio_err,"DSA verify failure. No DSA verify will be done.\n");
- ERR_print_errors(bio_err);
- dsa_doit[j] = 0;
- }
- else
- {
- pkey_print_message("verify","dsa",
- dsa_c[j][1],dsa_bits[j],
- DSA_SECONDS);
- Time_F(START);
- for (count=0,run=1; COND(dsa_c[j][1]); count++)
- {
- ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
- kk,dsa_key[j]);
- if (ret <= 0)
- {
- BIO_printf(bio_err,
- "DSA verify failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
- BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
- : "%ld %d bit DSA verify in %.2fs\n",
- count,dsa_bits[j],d);
- dsa_results[j][1]=d/(double)count;
- }
-
- if (rsa_count <= 1)
- {
- /* if longer than 10s, don't do any more */
- for (j++; j<DSA_NUM; j++)
- dsa_doit[j]=0;
- }
- }
- if (rnd_fake) RAND_cleanup();
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
- if (RAND_status() != 1)
- {
- RAND_seed(rnd_seed, sizeof rnd_seed);
- rnd_fake = 1;
- }
- for (j=0; j<EC_NUM; j++)
- {
- int ret;
-
- if (!ecdsa_doit[j]) continue; /* Ignore Curve */
- ecdsa[j] = EC_KEY_new_by_curve_name(test_curves[j]);
- if (ecdsa[j] == NULL)
- {
- BIO_printf(bio_err,"ECDSA failure.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
-#if 1
- EC_KEY_precompute_mult(ecdsa[j], NULL);
-#endif
- /* Perform ECDSA signature test */
- EC_KEY_generate_key(ecdsa[j]);
- ret = ECDSA_sign(0, buf, 20, ecdsasig,
- &ecdsasiglen, ecdsa[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err,"ECDSA sign failure. No ECDSA sign will be done.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- pkey_print_message("sign","ecdsa",
- ecdsa_c[j][0],
- test_curves_bits[j],
- ECDSA_SECONDS);
-
- Time_F(START);
- for (count=0,run=1; COND(ecdsa_c[j][0]);
- count++)
- {
- ret=ECDSA_sign(0, buf, 20,
- ecdsasig, &ecdsasiglen,
- ecdsa[j]);
- if (ret == 0)
- {
- BIO_printf(bio_err, "ECDSA sign failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
-
- BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
- "%ld %d bit ECDSA signs in %.2fs \n",
- count, test_curves_bits[j], d);
- ecdsa_results[j][0]=d/(double)count;
- rsa_count=count;
- }
-
- /* Perform ECDSA verification test */
- ret=ECDSA_verify(0, buf, 20, ecdsasig,
- ecdsasiglen, ecdsa[j]);
- if (ret != 1)
- {
- BIO_printf(bio_err,"ECDSA verify failure. No ECDSA verify will be done.\n");
- ERR_print_errors(bio_err);
- ecdsa_doit[j] = 0;
- }
- else
- {
- pkey_print_message("verify","ecdsa",
- ecdsa_c[j][1],
- test_curves_bits[j],
- ECDSA_SECONDS);
- Time_F(START);
- for (count=0,run=1; COND(ecdsa_c[j][1]); count++)
- {
- ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
- if (ret != 1)
- {
- BIO_printf(bio_err, "ECDSA verify failure\n");
- ERR_print_errors(bio_err);
- count=1;
- break;
- }
- }
- d=Time_F(STOP);
- BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
- : "%ld %d bit ECDSA verify in %.2fs\n",
- count, test_curves_bits[j], d);
- ecdsa_results[j][1]=d/(double)count;
- }
-
- if (rsa_count <= 1)
- {
- /* if longer than 10s, don't do any more */
- for (j++; j<EC_NUM; j++)
- ecdsa_doit[j]=0;
- }
- }
- }
- if (rnd_fake) RAND_cleanup();
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- if (RAND_status() != 1)
- {
- RAND_seed(rnd_seed, sizeof rnd_seed);
- rnd_fake = 1;
- }
- for (j=0; j<EC_NUM; j++)
- {
- if (!ecdh_doit[j]) continue;
- ecdh_a[j] = EC_KEY_new_by_curve_name(test_curves[j]);
- ecdh_b[j] = EC_KEY_new_by_curve_name(test_curves[j]);
- if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))
- {
- BIO_printf(bio_err,"ECDH failure.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- /* generate two ECDH key pairs */
- if (!EC_KEY_generate_key(ecdh_a[j]) ||
- !EC_KEY_generate_key(ecdh_b[j]))
- {
- BIO_printf(bio_err,"ECDH key generation failure.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
- else
- {
- /* If field size is not more than 24 octets, then use SHA-1 hash of result;
- * otherwise, use result (see section 4.8 of draft-ietf-tls-ecc-03.txt).
- */
- int field_size, outlen;
- void *(*kdf)(const void *in, size_t inlen, void *out, size_t *xoutlen);
- field_size = EC_GROUP_get_degree(EC_KEY_get0_group(ecdh_a[j]));
- if (field_size <= 24 * 8)
- {
- outlen = KDF1_SHA1_len;
- kdf = KDF1_SHA1;
- }
- else
- {
- outlen = (field_size+7)/8;
- kdf = NULL;
- }
- secret_size_a = ECDH_compute_key(secret_a, outlen,
- EC_KEY_get0_public_key(ecdh_b[j]),
- ecdh_a[j], kdf);
- secret_size_b = ECDH_compute_key(secret_b, outlen,
- EC_KEY_get0_public_key(ecdh_a[j]),
- ecdh_b[j], kdf);
- if (secret_size_a != secret_size_b)
- ecdh_checks = 0;
- else
- ecdh_checks = 1;
-
- for (secret_idx = 0;
- (secret_idx < secret_size_a)
- && (ecdh_checks == 1);
- secret_idx++)
- {
- if (secret_a[secret_idx] != secret_b[secret_idx])
- ecdh_checks = 0;
- }
-
- if (ecdh_checks == 0)
- {
- BIO_printf(bio_err,"ECDH computations don't match.\n");
- ERR_print_errors(bio_err);
- rsa_count=1;
- }
-
- pkey_print_message("","ecdh",
- ecdh_c[j][0],
- test_curves_bits[j],
- ECDH_SECONDS);
- Time_F(START);
- for (count=0,run=1; COND(ecdh_c[j][0]); count++)
- {
- ECDH_compute_key(secret_a, outlen,
- EC_KEY_get0_public_key(ecdh_b[j]),
- ecdh_a[j], kdf);
- }
- d=Time_F(STOP);
- BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
- count, test_curves_bits[j], d);
- ecdh_results[j][0]=d/(double)count;
- rsa_count=count;
- }
- }
-
-
- if (rsa_count <= 1)
- {
- /* if longer than 10s, don't do any more */
- for (j++; j<EC_NUM; j++)
- ecdh_doit[j]=0;
- }
- }
- if (rnd_fake) RAND_cleanup();
-#endif
-#ifdef HAVE_FORK
-show_res:
-#endif
- if(!mr)
- {
- fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
- fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON));
- printf("options:");
- printf("%s ",BN_options());
-#ifndef OPENSSL_NO_MD2
- printf("%s ",MD2_options());
-#endif
-#ifndef OPENSSL_NO_RC4
- printf("%s ",RC4_options());
-#endif
-#ifndef OPENSSL_NO_DES
- printf("%s ",DES_options());
-#endif
-#ifndef OPENSSL_NO_AES
- printf("%s ",AES_options());
-#endif
-#ifndef OPENSSL_NO_IDEA
- printf("%s ",idea_options());
-#endif
-#ifndef OPENSSL_NO_BF
- printf("%s ",BF_options());
-#endif
- fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
- printf("available timing options: ");
-#ifdef TIMES
- printf("TIMES ");
-#endif
-#ifdef TIMEB
- printf("TIMEB ");
-#endif
-#ifdef USE_TOD
- printf("USE_TOD ");
-#endif
-#ifdef HZ
-#define as_string(s) (#s)
- {
- double dbl = HZ;
- printf("HZ=%g", dbl);
- }
-# ifdef _SC_CLK_TCK
- printf(" [sysconf value]");
-# endif
-#endif
- printf("\n");
- printf("timing function used: %s%s%s%s%s%s%s\n",
- (ftime_used ? "ftime" : ""),
- (ftime_used + times_used > 1 ? "," : ""),
- (times_used ? "times" : ""),
- (ftime_used + times_used + gettimeofday_used > 1 ? "," : ""),
- (gettimeofday_used ? "gettimeofday" : ""),
- (ftime_used + times_used + gettimeofday_used + getrusage_used > 1 ? "," : ""),
- (getrusage_used ? "getrusage" : ""));
- }
-
- if (pr_header)
- {
- if(mr)
- fprintf(stdout,"+H");
- else
- {
- fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n");
- fprintf(stdout,"type ");
- }
- for (j=0; j<SIZE_NUM; j++)
- fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);
- fprintf(stdout,"\n");
- }
-
- for (k=0; k<ALGOR_NUM; k++)
- {
- if (!doit[k]) continue;
- if(mr)
- fprintf(stdout,"+F:%d:%s",k,names[k]);
- else
- fprintf(stdout,"%-13s",names[k]);
- for (j=0; j<SIZE_NUM; j++)
- {
- if (results[k][j] > 10000 && !mr)
- fprintf(stdout," %11.2fk",results[k][j]/1e3);
- else
- fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
- }
- fprintf(stdout,"\n");
- }
-#ifndef OPENSSL_NO_RSA
- j=1;
- for (k=0; k<RSA_NUM; k++)
- {
- if (!rsa_doit[k]) continue;
- if (j && !mr)
- {
- printf("%18ssign verify sign/s verify/s\n"," ");
- j=0;
- }
- if(mr)
- fprintf(stdout,"+F2:%u:%u:%f:%f\n",
- k,rsa_bits[k],rsa_results[k][0],
- rsa_results[k][1]);
- else
- fprintf(stdout,"rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
- rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
- 1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
- }
-#endif
-#ifndef OPENSSL_NO_DSA
- j=1;
- for (k=0; k<DSA_NUM; k++)
- {
- if (!dsa_doit[k]) continue;
- if (j && !mr)
- {
- printf("%18ssign verify sign/s verify/s\n"," ");
- j=0;
- }
- if(mr)
- fprintf(stdout,"+F3:%u:%u:%f:%f\n",
- k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
- else
- fprintf(stdout,"dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
- dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
- 1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
- }
-#endif
-#ifndef OPENSSL_NO_ECDSA
- j=1;
- for (k=0; k<EC_NUM; k++)
- {
- if (!ecdsa_doit[k]) continue;
- if (j && !mr)
- {
- printf("%30ssign verify sign/s verify/s\n"," ");
- j=0;
- }
-
- if (mr)
- fprintf(stdout,"+F4:%u:%u:%f:%f\n",
- k, test_curves_bits[k],
- ecdsa_results[k][0],ecdsa_results[k][1]);
- else
- fprintf(stdout,
- "%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
- test_curves_bits[k],
- test_curves_names[k],
- ecdsa_results[k][0],ecdsa_results[k][1],
- 1.0/ecdsa_results[k][0],1.0/ecdsa_results[k][1]);
- }
-#endif
-
-
-#ifndef OPENSSL_NO_ECDH
- j=1;
- for (k=0; k<EC_NUM; k++)
- {
- if (!ecdh_doit[k]) continue;
- if (j && !mr)
- {
- printf("%30sop op/s\n"," ");
- j=0;
- }
- if (mr)
- fprintf(stdout,"+F5:%u:%u:%f:%f\n",
- k, test_curves_bits[k],
- ecdh_results[k][0], 1.0/ecdh_results[k][0]);
-
- else
- fprintf(stdout,"%4u bit ecdh (%s) %8.4fs %8.1f\n",
- test_curves_bits[k],
- test_curves_names[k],
- ecdh_results[k][0], 1.0/ecdh_results[k][0]);
- }
-#endif
-
- mret=0;
-
-end:
- ERR_print_errors(bio_err);
- if (buf != NULL) OPENSSL_free(buf);
- if (buf2 != NULL) OPENSSL_free(buf2);
-#ifndef OPENSSL_NO_RSA
- for (i=0; i<RSA_NUM; i++)
- if (rsa_key[i] != NULL)
- RSA_free(rsa_key[i]);
-#endif
-#ifndef OPENSSL_NO_DSA
- for (i=0; i<DSA_NUM; i++)
- if (dsa_key[i] != NULL)
- DSA_free(dsa_key[i]);
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
- for (i=0; i<EC_NUM; i++)
- if (ecdsa[i] != NULL)
- EC_KEY_free(ecdsa[i]);
-#endif
-#ifndef OPENSSL_NO_ECDH
- for (i=0; i<EC_NUM; i++)
- {
- if (ecdh_a[i] != NULL)
- EC_KEY_free(ecdh_a[i]);
- if (ecdh_b[i] != NULL)
- EC_KEY_free(ecdh_b[i]);
- }
-#endif
-
- apps_shutdown();
- OPENSSL_EXIT(mret);
- }
-
-static void print_message(const char *s, long num, int length)
- {
-#ifdef SIGALRM
- BIO_printf(bio_err,mr ? "+DT:%s:%d:%d\n"
- : "Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
- (void)BIO_flush(bio_err);
- alarm(SECONDS);
-#else
- BIO_printf(bio_err,mr ? "+DN:%s:%ld:%d\n"
- : "Doing %s %ld times on %d size blocks: ",s,num,length);
- (void)BIO_flush(bio_err);
-#endif
-#ifdef LINT
- num=num;
-#endif
- }
-
-static void pkey_print_message(const char *str, const char *str2, long num,
- int bits, int tm)
- {
-#ifdef SIGALRM
- BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n"
- : "Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
- (void)BIO_flush(bio_err);
- alarm(RSA_SECONDS);
-#else
- BIO_printf(bio_err,mr ? "+DNP:%ld:%d:%s:%s\n"
- : "Doing %ld %d bit %s %s's: ",num,bits,str,str2);
- (void)BIO_flush(bio_err);
-#endif
-#ifdef LINT
- num=num;
-#endif
- }
-
-static void print_result(int alg,int run_no,int count,double time_used)
- {
- BIO_printf(bio_err,mr ? "+R:%d:%s:%f\n"
- : "%d %s's in %.2fs\n",count,names[alg],time_used);
- results[alg][run_no]=((double)count)/time_used*lengths[run_no];
- }
-
-#ifdef HAVE_FORK
-static char *sstrsep(char **string, const char *delim)
- {
- char isdelim[256];
- char *token = *string;
-
- if (**string == 0)
- return NULL;
-
- memset(isdelim, 0, sizeof isdelim);
- isdelim[0] = 1;
-
- while (*delim)
- {
- isdelim[(unsigned char)(*delim)] = 1;
- delim++;
- }
-
- while (!isdelim[(unsigned char)(**string)])
- {
- (*string)++;
- }
-
- if (**string)
- {
- **string = 0;
- (*string)++;
- }
-
- return token;
- }
-
-static int do_multi(int multi)
- {
- int n;
- int fd[2];
- int *fds;
- static char sep[]=":";
-
- fds=malloc(multi*sizeof *fds);
- for(n=0 ; n < multi ; ++n)
- {
- pipe(fd);
- if(fork())
- {
- close(fd[1]);
- fds[n]=fd[0];
- }
- else
- {
- close(fd[0]);
- close(1);
- dup(fd[1]);
- close(fd[1]);
- mr=1;
- usertime=0;
- return 0;
- }
- printf("Forked child %d\n",n);
- }
-
- /* for now, assume the pipe is long enough to take all the output */
- for(n=0 ; n < multi ; ++n)
- {
- FILE *f;
- char buf[1024];
- char *p;
-
- f=fdopen(fds[n],"r");
- while(fgets(buf,sizeof buf,f))
- {
- p=strchr(buf,'\n');
- if(p)
- *p='\0';
- if(buf[0] != '+')
- {
- fprintf(stderr,"Don't understand line '%s' from child %d\n",
- buf,n);
- continue;
- }
- printf("Got: %s from %d\n",buf,n);
- if(!strncmp(buf,"+F:",3))
- {
- int alg;
- int j;
-
- p=buf+3;
- alg=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
- for(j=0 ; j < SIZE_NUM ; ++j)
- results[alg][j]+=atof(sstrsep(&p,sep));
- }
- else if(!strncmp(buf,"+F2:",4))
- {
- int k;
- double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
- else
- rsa_results[k][0]=d;
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
- else
- rsa_results[k][1]=d;
- }
- else if(!strncmp(buf,"+F2:",4))
- {
- int k;
- double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
- else
- rsa_results[k][0]=d;
-
- d=atof(sstrsep(&p,sep));
- if(n)
- rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
- else
- rsa_results[k][1]=d;
- }
- else if(!strncmp(buf,"+F3:",4))
- {
- int k;
- double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d);
- else
- dsa_results[k][0]=d;
-
- d=atof(sstrsep(&p,sep));
- if(n)
- dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);
- else
- dsa_results[k][1]=d;
- }
-#ifndef OPENSSL_NO_ECDSA
- else if(!strncmp(buf,"+F4:",4))
- {
- int k;
- double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- ecdsa_results[k][0]=1/(1/ecdsa_results[k][0]+1/d);
- else
- ecdsa_results[k][0]=d;
-
- d=atof(sstrsep(&p,sep));
- if(n)
- ecdsa_results[k][1]=1/(1/ecdsa_results[k][1]+1/d);
- else
- ecdsa_results[k][1]=d;
- }
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- else if(!strncmp(buf,"+F5:",4))
- {
- int k;
- double d;
-
- p=buf+4;
- k=atoi(sstrsep(&p,sep));
- sstrsep(&p,sep);
-
- d=atof(sstrsep(&p,sep));
- if(n)
- ecdh_results[k][0]=1/(1/ecdh_results[k][0]+1/d);
- else
- ecdh_results[k][0]=d;
-
- }
-#endif
-
- else if(!strncmp(buf,"+H:",3))
- {
- }
- else
- fprintf(stderr,"Unknown type '%s' from child %d\n",buf,n);
- }
- }
- return 1;
- }
-#endif
-#endif
diff --git a/crypto/openssl/apps/spkac.c b/crypto/openssl/apps/spkac.c
deleted file mode 100644
index 0191d0a..0000000
--- a/crypto/openssl/apps/spkac.c
+++ /dev/null
@@ -1,308 +0,0 @@
-/* apps/spkac.c */
-
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999. Based on an original idea by Massimiliano Pala
- * (madwolf@openca.org).
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/conf.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/lhash.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG spkac_main
-
-/* -in arg - input file - default stdin
- * -out arg - output file - default stdout
- */
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- int i,badops=0, ret = 1;
- BIO *in = NULL,*out = NULL;
- int verify=0,noout=0,pubkey=0;
- char *infile = NULL,*outfile = NULL,*prog;
- char *passargin = NULL, *passin = NULL;
- const char *spkac = "SPKAC", *spksect = "default";
- char *spkstr = NULL;
- char *challenge = NULL, *keyfile = NULL;
- CONF *conf = NULL;
- NETSCAPE_SPKI *spki = NULL;
- EVP_PKEY *pkey = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- apps_startup();
-
- if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- prog=argv[0];
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- keyfile= *(++argv);
- }
- else if (strcmp(*argv,"-challenge") == 0)
- {
- if (--argc < 1) goto bad;
- challenge= *(++argv);
- }
- else if (strcmp(*argv,"-spkac") == 0)
- {
- if (--argc < 1) goto bad;
- spkac= *(++argv);
- }
- else if (strcmp(*argv,"-spksect") == 0)
- {
- if (--argc < 1) goto bad;
- spksect= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-noout") == 0)
- noout=1;
- else if (strcmp(*argv,"-pubkey") == 0)
- pubkey=1;
- else if (strcmp(*argv,"-verify") == 0)
- verify=1;
- else badops = 1;
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- BIO_printf(bio_err,"%s [options]\n",prog);
- BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -key arg create SPKAC using private key\n");
- BIO_printf(bio_err," -passin arg input file pass phrase source\n");
- BIO_printf(bio_err," -challenge arg challenge string\n");
- BIO_printf(bio_err," -spkac arg alternative SPKAC name\n");
- BIO_printf(bio_err," -noout don't print SPKAC\n");
- BIO_printf(bio_err," -pubkey output public key\n");
- BIO_printf(bio_err," -verify verify SPKAC signature\n");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
-#endif
- goto end;
- }
-
- ERR_load_crypto_strings();
- if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if(keyfile) {
- pkey = load_key(bio_err,
- strcmp(keyfile, "-") ? keyfile : NULL,
- FORMAT_PEM, 1, passin, e, "private key");
- if(!pkey) {
- goto end;
- }
- spki = NETSCAPE_SPKI_new();
- if(challenge) ASN1_STRING_set(spki->spkac->challenge,
- challenge, (int)strlen(challenge));
- NETSCAPE_SPKI_set_pubkey(spki, pkey);
- NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
- spkstr = NETSCAPE_SPKI_b64_encode(spki);
-
- if (outfile) out = BIO_new_file(outfile, "w");
- else {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
-
- if(!out) {
- BIO_printf(bio_err, "Error opening output file\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- BIO_printf(out, "SPKAC=%s\n", spkstr);
- OPENSSL_free(spkstr);
- ret = 0;
- goto end;
- }
-
-
-
- if (infile) in = BIO_new_file(infile, "r");
- else in = BIO_new_fp(stdin, BIO_NOCLOSE);
-
- if(!in) {
- BIO_printf(bio_err, "Error opening input file\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- conf = NCONF_new(NULL);
- i = NCONF_load_bio(conf, in, NULL);
-
- if(!i) {
- BIO_printf(bio_err, "Error parsing config file\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- spkstr = NCONF_get_string(conf, spksect, spkac);
-
- if(!spkstr) {
- BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
- ERR_print_errors(bio_err);
- goto end;
- }
-
- spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
-
- if(!spki) {
- BIO_printf(bio_err, "Error loading SPKAC\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (outfile) out = BIO_new_file(outfile, "w");
- else {
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
-
- if(!out) {
- BIO_printf(bio_err, "Error opening output file\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if(!noout) NETSCAPE_SPKI_print(out, spki);
- pkey = NETSCAPE_SPKI_get_pubkey(spki);
- if(verify) {
- i = NETSCAPE_SPKI_verify(spki, pkey);
- if(i) BIO_printf(bio_err, "Signature OK\n");
- else {
- BIO_printf(bio_err, "Signature Failure\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- }
- if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
-
- ret = 0;
-
-end:
- NCONF_free(conf);
- NETSCAPE_SPKI_free(spki);
- BIO_free(in);
- BIO_free_all(out);
- EVP_PKEY_free(pkey);
- if(passin) OPENSSL_free(passin);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
diff --git a/crypto/openssl/apps/testCA.pem b/crypto/openssl/apps/testCA.pem
deleted file mode 100644
index dcb710a..0000000
--- a/crypto/openssl/apps/testCA.pem
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBBzCBsgIBADBNMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEX
-MBUGA1UEChMOTWluY29tIFB0eSBMdGQxEDAOBgNVBAMTB1RFU1QgQ0EwXDANBgkq
-hkiG9w0BAQEFAANLADBIAkEAzW9brgA8efT2ODB+NrsflJZj3KKqKsm4OrXTRqfL
-VETj1ws/zCXl42XJAxdWQMCP0liKfc9Ut4xi1qCVI7N07wIDAQABoAAwDQYJKoZI
-hvcNAQEEBQADQQBjZZ42Det9Uw0AFwJy4ufUEy5Cv74pxBp5SZnljgHY+Az0Hs2S
-uNkIegr2ITX5azKi9nOkg9ZmsmGG13FIjiC/
------END CERTIFICATE REQUEST-----
diff --git a/crypto/openssl/apps/testdsa.h b/crypto/openssl/apps/testdsa.h
deleted file mode 100644
index 9e84e31..0000000
--- a/crypto/openssl/apps/testdsa.h
+++ /dev/null
@@ -1,217 +0,0 @@
-/* NOCW */
-/* used by apps/speed.c */
-DSA *get_dsa512(void );
-DSA *get_dsa1024(void );
-DSA *get_dsa2048(void );
-static unsigned char dsa512_priv[] = {
- 0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c,
- 0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2,
- };
-static unsigned char dsa512_pub[] = {
- 0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07,
- 0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a,
- 0x27,0xb3,0xec,0x49,0xfd,0x08,0x43,0x3d,0x7e,0xa8,0x2c,0x5e,
- 0x7b,0xbb,0xfc,0xf4,0x6e,0xeb,0x6c,0xb0,0x6e,0xf8,0x02,0x12,
- 0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84,
- 0xbe,0xba,0x0a,0x6b,0xc8,
- };
-static unsigned char dsa512_p[]={
- 0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
- 0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
- 0x62,0x50,0x33,0x4B,0x02,0x3C,0x52,0x30,0x03,0x8B,0x3B,0xF9,
- 0x5F,0xD1,0x24,0x06,0x4F,0x7B,0x4C,0xBA,0xAA,0x40,0x9B,0xFD,
- 0x96,0xE4,0x37,0x33,0xBB,0x2D,0x5A,0xD7,0x5A,0x11,0x40,0x66,
- 0xA2,0x76,0x7D,0x31,
- };
-static unsigned char dsa512_q[]={
- 0xFB,0x53,0xEF,0x50,0xB4,0x40,0x92,0x31,0x56,0x86,0x53,0x7A,
- 0xE8,0x8B,0x22,0x9A,0x49,0xFB,0x71,0x8F,
- };
-static unsigned char dsa512_g[]={
- 0x83,0x3E,0x88,0xE5,0xC5,0x89,0x73,0xCE,0x3B,0x6C,0x01,0x49,
- 0xBF,0xB3,0xC7,0x9F,0x0A,0xEA,0x44,0x91,0xE5,0x30,0xAA,0xD9,
- 0xBE,0x5B,0x5F,0xB7,0x10,0xD7,0x89,0xB7,0x8E,0x74,0xFB,0xCF,
- 0x29,0x1E,0xEB,0xA8,0x2C,0x54,0x51,0xB8,0x10,0xDE,0xA0,0xCE,
- 0x2F,0xCC,0x24,0x6B,0x90,0x77,0xDE,0xA2,0x68,0xA6,0x52,0x12,
- 0xA2,0x03,0x9D,0x20,
- };
-
-DSA *get_dsa512()
- {
- DSA *dsa;
-
- if ((dsa=DSA_new()) == NULL) return(NULL);
- dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL);
- dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL);
- dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
- dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
- dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
- if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
- (dsa->q == NULL) || (dsa->g == NULL))
- return(NULL);
- return(dsa);
- }
-
-static unsigned char dsa1024_priv[]={
- 0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8,
- 0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18,
- };
-static unsigned char dsa1024_pub[]={
- 0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63,
- 0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50,
- 0x7d,0x9c,0x8f,0x8c,0x8a,0x51,0xd6,0x11,0x2b,0x99,0xaf,0x1e,
- 0x90,0x97,0xb5,0xd3,0xa6,0x20,0x25,0xd6,0xfe,0x43,0x02,0xd5,
- 0x91,0x7d,0xa7,0x8c,0xdb,0xc9,0x85,0xa3,0x36,0x48,0xf7,0x68,
- 0xaa,0x60,0xb1,0xf7,0x05,0x68,0x3a,0xa3,0x3f,0xd3,0x19,0x82,
- 0xd8,0x82,0x7a,0x77,0xfb,0xef,0xf4,0x15,0x0a,0xeb,0x06,0x04,
- 0x7f,0x53,0x07,0x0c,0xbc,0xcb,0x2d,0x83,0xdb,0x3e,0xd1,0x28,
- 0xa5,0xa1,0x31,0xe0,0x67,0xfa,0x50,0xde,0x9b,0x07,0x83,0x7e,
- 0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97,
- 0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b
- };
-static unsigned char dsa1024_p[]={
- 0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
- 0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
- 0x86,0x96,0xB3,0x15,0xE0,0x53,0x2E,0x8F,0xE0,0x59,0x82,0x73,
- 0x90,0x3E,0x75,0x31,0x99,0x47,0x7A,0x52,0xFB,0x85,0xE4,0xD9,
- 0xA6,0x7B,0x38,0x9B,0x68,0x8A,0x84,0x9B,0x87,0xC6,0x1E,0xB5,
- 0x7E,0x86,0x4B,0x53,0x5B,0x59,0xCF,0x71,0x65,0x19,0x88,0x6E,
- 0xCE,0x66,0xAE,0x6B,0x88,0x36,0xFB,0xEC,0x28,0xDC,0xC2,0xD7,
- 0xA5,0xBB,0xE5,0x2C,0x39,0x26,0x4B,0xDA,0x9A,0x70,0x18,0x95,
- 0x37,0x95,0x10,0x56,0x23,0xF6,0x15,0xED,0xBA,0x04,0x5E,0xDE,
- 0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80,
- 0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49,
- };
-static unsigned char dsa1024_q[]={
- 0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C,
- 0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F,
- };
-static unsigned char dsa1024_g[]={
- 0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46,
- 0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D,
- 0x98,0xBB,0x28,0x86,0x48,0xFC,0xDE,0x99,0x04,0x3F,0x5F,0x88,
- 0x0C,0x9C,0x73,0x24,0x0D,0x20,0x5D,0xB9,0x2A,0x9A,0x3F,0x18,
- 0x96,0x27,0xE4,0x62,0x87,0xC1,0x7B,0x74,0x62,0x53,0xFC,0x61,
- 0x27,0xA8,0x7A,0x91,0x09,0x9D,0xB6,0xF1,0x4D,0x9C,0x54,0x0F,
- 0x58,0x06,0xEE,0x49,0x74,0x07,0xCE,0x55,0x7E,0x23,0xCE,0x16,
- 0xF6,0xCA,0xDC,0x5A,0x61,0x01,0x7E,0xC9,0x71,0xB5,0x4D,0xF6,
- 0xDC,0x34,0x29,0x87,0x68,0xF6,0x5E,0x20,0x93,0xB3,0xDB,0xF5,
- 0xE4,0x09,0x6C,0x41,0x17,0x95,0x92,0xEB,0x01,0xB5,0x73,0xA5,
- 0x6A,0x7E,0xD8,0x32,0xED,0x0E,0x02,0xB8,
- };
-
-DSA *get_dsa1024()
- {
- DSA *dsa;
-
- if ((dsa=DSA_new()) == NULL) return(NULL);
- dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL);
- dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL);
- dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
- dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
- dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
- if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
- (dsa->q == NULL) || (dsa->g == NULL))
- return(NULL);
- return(dsa);
- }
-
-static unsigned char dsa2048_priv[]={
- 0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45,
- 0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7,
- };
-static unsigned char dsa2048_pub[]={
- 0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0,
- 0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd,
- 0xe0,0x61,0x88,0x88,0x21,0xcc,0x74,0x5d,0xce,0x4c,0x51,0x47,
- 0xf0,0xc5,0x5c,0x4c,0x82,0x7a,0xaf,0x72,0xad,0xb9,0xe0,0x53,
- 0xf2,0x78,0xb7,0xf0,0xb5,0x48,0x7f,0x8a,0x3a,0x18,0xd1,0x9f,
- 0x8b,0x7d,0xa5,0x47,0xb7,0x95,0xab,0x98,0xf8,0x7b,0x74,0x50,
- 0x56,0x8e,0x57,0xf0,0xee,0xf5,0xb7,0xba,0xab,0x85,0x86,0xf9,
- 0x2b,0xef,0x41,0x56,0xa0,0xa4,0x9f,0xb7,0x38,0x00,0x46,0x0a,
- 0xa6,0xf1,0xfc,0x1f,0xd8,0x4e,0x85,0x44,0x92,0x43,0x21,0x5d,
- 0x6e,0xcc,0xc2,0xcb,0x26,0x31,0x0d,0x21,0xc4,0xbd,0x8d,0x24,
- 0xbc,0xd9,0x18,0x19,0xd7,0xdc,0xf1,0xe7,0x93,0x50,0x48,0x03,
- 0x2c,0xae,0x2e,0xe7,0x49,0x88,0x5f,0x93,0x57,0x27,0x99,0x36,
- 0xb4,0x20,0xab,0xfc,0xa7,0x2b,0xf2,0xd9,0x98,0xd7,0xd4,0x34,
- 0x9d,0x96,0x50,0x58,0x9a,0xea,0x54,0xf3,0xee,0xf5,0x63,0x14,
- 0xee,0x85,0x83,0x74,0x76,0xe1,0x52,0x95,0xc3,0xf7,0xeb,0x04,
- 0x04,0x7b,0xa7,0x28,0x1b,0xcc,0xea,0x4a,0x4e,0x84,0xda,0xd8,
- 0x9c,0x79,0xd8,0x9b,0x66,0x89,0x2f,0xcf,0xac,0xd7,0x79,0xf9,
- 0xa9,0xd8,0x45,0x13,0x78,0xb9,0x00,0x14,0xc9,0x7e,0x22,0x51,
- 0x86,0x67,0xb0,0x9f,0x26,0x11,0x23,0xc8,0x38,0xd7,0x70,0x1d,
- 0x15,0x8e,0x4d,0x4f,0x95,0x97,0x40,0xa1,0xc2,0x7e,0x01,0x18,
- 0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33,
- 0x8b,0x33,0xb7,0xce,
- };
-static unsigned char dsa2048_p[]={
- 0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
- 0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
- 0xEB,0xF8,0xC4,0x13,0xD9,0xA0,0x5D,0x8B,0x5C,0x8E,0xDC,0xC2,
- 0x1D,0x0B,0x41,0x32,0xB0,0x1F,0xFE,0xEF,0x0C,0xC2,0xA2,0x7E,
- 0x68,0x5C,0x28,0x21,0xE9,0xF5,0xB1,0x58,0x12,0x63,0x4C,0x19,
- 0x4E,0xFF,0x02,0x4B,0x92,0xED,0xD2,0x07,0x11,0x4D,0x8C,0x58,
- 0x16,0x5C,0x55,0x8E,0xAD,0xA3,0x67,0x7D,0xB9,0x86,0x6E,0x0B,
- 0xE6,0x54,0x6F,0x40,0xAE,0x0E,0x67,0x4C,0xF9,0x12,0x5B,0x3C,
- 0x08,0x7A,0xF7,0xFC,0x67,0x86,0x69,0xE7,0x0A,0x94,0x40,0xBF,
- 0x8B,0x76,0xFE,0x26,0xD1,0xF2,0xA1,0x1A,0x84,0xA1,0x43,0x56,
- 0x28,0xBC,0x9A,0x5F,0xD7,0x3B,0x69,0x89,0x8A,0x36,0x2C,0x51,
- 0xDF,0x12,0x77,0x2F,0x57,0x7B,0xA0,0xAA,0xDD,0x7F,0xA1,0x62,
- 0x3B,0x40,0x7B,0x68,0x1A,0x8F,0x0D,0x38,0xBB,0x21,0x5D,0x18,
- 0xFC,0x0F,0x46,0xF7,0xA3,0xB0,0x1D,0x23,0xC3,0xD2,0xC7,0x72,
- 0x51,0x18,0xDF,0x46,0x95,0x79,0xD9,0xBD,0xB5,0x19,0x02,0x2C,
- 0x87,0xDC,0xE7,0x57,0x82,0x7E,0xF1,0x8B,0x06,0x3D,0x00,0xA5,
- 0x7B,0x6B,0x26,0x27,0x91,0x0F,0x6A,0x77,0xE4,0xD5,0x04,0xE4,
- 0x12,0x2C,0x42,0xFF,0xD2,0x88,0xBB,0xD3,0x92,0xA0,0xF9,0xC8,
- 0x51,0x64,0x14,0x5C,0xD8,0xF9,0x6C,0x47,0x82,0xB4,0x1C,0x7F,
- 0x09,0xB8,0xF0,0x25,0x83,0x1D,0x3F,0x3F,0x05,0xB3,0x21,0x0A,
- 0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE,
- 0xF8,0x68,0xCF,0x9B,
- };
-static unsigned char dsa2048_q[]={
- 0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6,
- 0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B,
- };
-static unsigned char dsa2048_g[]={
- 0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5,
- 0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E,
- 0x90,0xBF,0x96,0xA6,0xAE,0x25,0x90,0x72,0xF5,0x8E,0x80,0x0C,
- 0x39,0x1C,0xD9,0xEC,0xBA,0x90,0x5B,0x3A,0xE8,0x58,0x6C,0x9E,
- 0x30,0x42,0x37,0x02,0x31,0x82,0xBC,0x6A,0xDF,0x6A,0x09,0x29,
- 0xE3,0xC0,0x46,0xD1,0xCB,0x85,0xEC,0x0C,0x30,0x5E,0xEA,0xC8,
- 0x39,0x8E,0x22,0x9F,0x22,0x10,0xD2,0x34,0x61,0x68,0x37,0x3D,
- 0x2E,0x4A,0x5B,0x9A,0xF5,0xC1,0x48,0xC6,0xF6,0xDC,0x63,0x1A,
- 0xD3,0x96,0x64,0xBA,0x34,0xC9,0xD1,0xA0,0xD1,0xAE,0x6C,0x2F,
- 0x48,0x17,0x93,0x14,0x43,0xED,0xF0,0x21,0x30,0x19,0xC3,0x1B,
- 0x5F,0xDE,0xA3,0xF0,0x70,0x78,0x18,0xE1,0xA8,0xE4,0xEE,0x2E,
- 0x00,0xA5,0xE4,0xB3,0x17,0xC8,0x0C,0x7D,0x6E,0x42,0xDC,0xB7,
- 0x46,0x00,0x36,0x4D,0xD4,0x46,0xAA,0x3D,0x3C,0x46,0x89,0x40,
- 0xBF,0x1D,0x84,0x77,0x0A,0x75,0xF3,0x87,0x1D,0x08,0x4C,0xA6,
- 0xD1,0xA9,0x1C,0x1E,0x12,0x1E,0xE1,0xC7,0x30,0x28,0x76,0xA5,
- 0x7F,0x6C,0x85,0x96,0x2B,0x6F,0xDB,0x80,0x66,0x26,0xAE,0xF5,
- 0x93,0xC7,0x8E,0xAE,0x9A,0xED,0xE4,0xCA,0x04,0xEA,0x3B,0x72,
- 0xEF,0xDC,0x87,0xED,0x0D,0xA5,0x4C,0x4A,0xDD,0x71,0x22,0x64,
- 0x59,0x69,0x4E,0x8E,0xBF,0x43,0xDC,0xAB,0x8E,0x66,0xBB,0x01,
- 0xB6,0xF4,0xE7,0xFD,0xD2,0xAD,0x9F,0x36,0xC1,0xA0,0x29,0x99,
- 0xD1,0x96,0x70,0x59,0x06,0x78,0x35,0xBD,0x65,0x55,0x52,0x9E,
- 0xF8,0xB2,0xE5,0x38,
- };
-
-DSA *get_dsa2048()
- {
- DSA *dsa;
-
- if ((dsa=DSA_new()) == NULL) return(NULL);
- dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL);
- dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL);
- dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
- dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
- dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
- if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
- (dsa->q == NULL) || (dsa->g == NULL))
- return(NULL);
- return(dsa);
- }
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-static int rnd_fake = 0;
diff --git a/crypto/openssl/apps/testrsa.h b/crypto/openssl/apps/testrsa.h
deleted file mode 100644
index 3007d79..0000000
--- a/crypto/openssl/apps/testrsa.h
+++ /dev/null
@@ -1,518 +0,0 @@
-/* apps/testrsa.h */
-/* used by apps/speed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-static unsigned char test512[]={
- 0x30,0x82,0x01,0x3a,0x02,0x01,0x00,0x02,0x41,0x00,
- 0xd6,0x33,0xb9,0xc8,0xfb,0x4f,0x3c,0x7d,0xc0,0x01,
- 0x86,0xd0,0xe7,0xa0,0x55,0xf2,0x95,0x93,0xcc,0x4f,
- 0xb7,0x5b,0x67,0x5b,0x94,0x68,0xc9,0x34,0x15,0xde,
- 0xa5,0x2e,0x1c,0x33,0xc2,0x6e,0xfc,0x34,0x5e,0x71,
- 0x13,0xb7,0xd6,0xee,0xd8,0xa5,0x65,0x05,0x72,0x87,
- 0xa8,0xb0,0x77,0xfe,0x57,0xf5,0xfc,0x5f,0x55,0x83,
- 0x87,0xdd,0x57,0x49,0x02,0x03,0x01,0x00,0x01,0x02,
- 0x41,0x00,0xa7,0xf7,0x91,0xc5,0x0f,0x84,0x57,0xdc,
- 0x07,0xf7,0x6a,0x7f,0x60,0x52,0xb3,0x72,0xf1,0x66,
- 0x1f,0x7d,0x97,0x3b,0x9e,0xb6,0x0a,0x8f,0x8c,0xcf,
- 0x42,0x23,0x00,0x04,0xd4,0x28,0x0e,0x1c,0x90,0xc4,
- 0x11,0x25,0x25,0xa5,0x93,0xa5,0x2f,0x70,0x02,0xdf,
- 0x81,0x9c,0x49,0x03,0xa0,0xf8,0x6d,0x54,0x2e,0x26,
- 0xde,0xaa,0x85,0x59,0xa8,0x31,0x02,0x21,0x00,0xeb,
- 0x47,0xd7,0x3b,0xf6,0xc3,0xdd,0x5a,0x46,0xc5,0xb9,
- 0x2b,0x9a,0xa0,0x09,0x8f,0xa6,0xfb,0xf3,0x78,0x7a,
- 0x33,0x70,0x9d,0x0f,0x42,0x6b,0x13,0x68,0x24,0xd3,
- 0x15,0x02,0x21,0x00,0xe9,0x10,0xb0,0xb3,0x0d,0xe2,
- 0x82,0x68,0x77,0x8a,0x6e,0x7c,0xda,0xbc,0x3e,0x53,
- 0x83,0xfb,0xd6,0x22,0xe7,0xb5,0xae,0x6e,0x80,0xda,
- 0x00,0x55,0x97,0xc1,0xd0,0x65,0x02,0x20,0x4c,0xf8,
- 0x73,0xb1,0x6a,0x49,0x29,0x61,0x1f,0x46,0x10,0x0d,
- 0xf3,0xc7,0xe7,0x58,0xd7,0x88,0x15,0x5e,0x94,0x9b,
- 0xbf,0x7b,0xa2,0x42,0x58,0x45,0x41,0x0c,0xcb,0x01,
- 0x02,0x20,0x12,0x11,0xba,0x31,0x57,0x9d,0x3d,0x11,
- 0x0e,0x5b,0x8c,0x2f,0x5f,0xe2,0x02,0x4f,0x05,0x47,
- 0x8c,0x15,0x8e,0xb3,0x56,0x3f,0xb8,0xfb,0xad,0xd4,
- 0xf4,0xfc,0x10,0xc5,0x02,0x20,0x18,0xa1,0x29,0x99,
- 0x5b,0xd9,0xc8,0xd4,0xfc,0x49,0x7a,0x2a,0x21,0x2c,
- 0x49,0xe4,0x4f,0xeb,0xef,0x51,0xf1,0xab,0x6d,0xfb,
- 0x4b,0x14,0xe9,0x4b,0x52,0xb5,0x82,0x2c,
- };
-
-static unsigned char test1024[]={
- 0x30,0x82,0x02,0x5c,0x02,0x01,0x00,0x02,0x81,0x81,
- 0x00,0xdc,0x98,0x43,0xe8,0x3d,0x43,0x5b,0xe4,0x05,
- 0xcd,0xd0,0xa9,0x3e,0xcb,0x83,0x75,0xf6,0xb5,0xa5,
- 0x9f,0x6b,0xe9,0x34,0x41,0x29,0x18,0xfa,0x6a,0x55,
- 0x4d,0x70,0xfc,0xec,0xae,0x87,0x38,0x0a,0x20,0xa9,
- 0xc0,0x45,0x77,0x6e,0x57,0x60,0x57,0xf4,0xed,0x96,
- 0x22,0xcb,0x8f,0xe1,0x33,0x3a,0x17,0x1f,0xed,0x37,
- 0xa5,0x6f,0xeb,0xa6,0xbc,0x12,0x80,0x1d,0x53,0xbd,
- 0x70,0xeb,0x21,0x76,0x3e,0xc9,0x2f,0x1a,0x45,0x24,
- 0x82,0xff,0xcd,0x59,0x32,0x06,0x2e,0x12,0x3b,0x23,
- 0x78,0xed,0x12,0x3d,0xe0,0x8d,0xf9,0x67,0x4f,0x37,
- 0x4e,0x47,0x02,0x4c,0x2d,0xc0,0x4f,0x1f,0xb3,0x94,
- 0xe1,0x41,0x2e,0x2d,0x90,0x10,0xfc,0x82,0x91,0x8b,
- 0x0f,0x22,0xd4,0xf2,0xfc,0x2c,0xab,0x53,0x55,0x02,
- 0x03,0x01,0x00,0x01,0x02,0x81,0x80,0x2b,0xcc,0x3f,
- 0x8f,0x58,0xba,0x8b,0x00,0x16,0xf6,0xea,0x3a,0xf0,
- 0x30,0xd0,0x05,0x17,0xda,0xb0,0xeb,0x9a,0x2d,0x4f,
- 0x26,0xb0,0xd6,0x38,0xc1,0xeb,0xf5,0xd8,0x3d,0x1f,
- 0x70,0xf7,0x7f,0xf4,0xe2,0xcf,0x51,0x51,0x79,0x88,
- 0xfa,0xe8,0x32,0x0e,0x7b,0x2d,0x97,0xf2,0xfa,0xba,
- 0x27,0xc5,0x9c,0xd9,0xc5,0xeb,0x8a,0x79,0x52,0x3c,
- 0x64,0x34,0x7d,0xc2,0xcf,0x28,0xc7,0x4e,0xd5,0x43,
- 0x0b,0xd1,0xa6,0xca,0x6d,0x03,0x2d,0x72,0x23,0xbc,
- 0x6d,0x05,0xfa,0x16,0x09,0x2f,0x2e,0x5c,0xb6,0xee,
- 0x74,0xdd,0xd2,0x48,0x8e,0x36,0x0c,0x06,0x3d,0x4d,
- 0xe5,0x10,0x82,0xeb,0x6a,0xf3,0x4b,0x9f,0xd6,0xed,
- 0x11,0xb1,0x6e,0xec,0xf4,0xfe,0x8e,0x75,0x94,0x20,
- 0x2f,0xcb,0xac,0x46,0xf1,0x02,0x41,0x00,0xf9,0x8c,
- 0xa3,0x85,0xb1,0xdd,0x29,0xaf,0x65,0xc1,0x33,0xf3,
- 0x95,0xc5,0x52,0x68,0x0b,0xd4,0xf1,0xe5,0x0e,0x02,
- 0x9f,0x4f,0xfa,0x77,0xdc,0x46,0x9e,0xc7,0xa6,0xe4,
- 0x16,0x29,0xda,0xb0,0x07,0xcf,0x5b,0xa9,0x12,0x8a,
- 0xdd,0x63,0x0a,0xde,0x2e,0x8c,0x66,0x8b,0x8c,0xdc,
- 0x19,0xa3,0x7e,0xf4,0x3b,0xd0,0x1a,0x8c,0xa4,0xc2,
- 0xe1,0xd3,0x02,0x41,0x00,0xe2,0x4c,0x05,0xf2,0x04,
- 0x86,0x4e,0x61,0x43,0xdb,0xb0,0xb9,0x96,0x86,0x52,
- 0x2c,0xca,0x8d,0x7b,0xab,0x0b,0x13,0x0d,0x7e,0x38,
- 0x5b,0xe2,0x2e,0x7b,0x0e,0xe7,0x19,0x99,0x38,0xe7,
- 0xf2,0x21,0xbd,0x85,0x85,0xe3,0xfd,0x28,0x77,0x20,
- 0x31,0x71,0x2c,0xd0,0xff,0xfb,0x2e,0xaf,0x85,0xb4,
- 0x86,0xca,0xf3,0xbb,0xca,0xaa,0x0f,0x95,0x37,0x02,
- 0x40,0x0e,0x41,0x9a,0x95,0xe8,0xb3,0x59,0xce,0x4b,
- 0x61,0xde,0x35,0xec,0x38,0x79,0x9c,0xb8,0x10,0x52,
- 0x41,0x63,0xab,0x82,0xae,0x6f,0x00,0xa9,0xf4,0xde,
- 0xdd,0x49,0x0b,0x7e,0xb8,0xa5,0x65,0xa9,0x0c,0x8f,
- 0x8f,0xf9,0x1f,0x35,0xc6,0x92,0xb8,0x5e,0xb0,0x66,
- 0xab,0x52,0x40,0xc0,0xb6,0x36,0x6a,0x7d,0x80,0x46,
- 0x04,0x02,0xe5,0x9f,0x41,0x02,0x41,0x00,0xc0,0xad,
- 0xcc,0x4e,0x21,0xee,0x1d,0x24,0x91,0xfb,0xa7,0x80,
- 0x8d,0x9a,0xb6,0xb3,0x2e,0x8f,0xc2,0xe1,0x82,0xdf,
- 0x69,0x18,0xb4,0x71,0xff,0xa6,0x65,0xde,0xed,0x84,
- 0x8d,0x42,0xb7,0xb3,0x21,0x69,0x56,0x1c,0x07,0x60,
- 0x51,0x29,0x04,0xff,0x34,0x06,0xdd,0xb9,0x67,0x2c,
- 0x7c,0x04,0x93,0x0e,0x46,0x15,0xbb,0x2a,0xb7,0x1b,
- 0xe7,0x87,0x02,0x40,0x78,0xda,0x5d,0x07,0x51,0x0c,
- 0x16,0x7a,0x9f,0x29,0x20,0x84,0x0d,0x42,0xfa,0xd7,
- 0x00,0xd8,0x77,0x7e,0xb0,0xb0,0x6b,0xd6,0x5b,0x53,
- 0xb8,0x9b,0x7a,0xcd,0xc7,0x2b,0xb8,0x6a,0x63,0xa9,
- 0xfb,0x6f,0xa4,0x72,0xbf,0x4c,0x5d,0x00,0x14,0xba,
- 0xfa,0x59,0x88,0xed,0xe4,0xe0,0x8c,0xa2,0xec,0x14,
- 0x7e,0x2d,0xe2,0xf0,0x46,0x49,0x95,0x45,
- };
-
-static unsigned char test2048[]={
- 0x30,0x82,0x04,0xa3,0x02,0x01,0x00,0x02,0x82,0x01,
- 0x01,0x00,0xc0,0xc0,0xce,0x3e,0x3c,0x53,0x67,0x3f,
- 0x4f,0xc5,0x2f,0xa4,0xc2,0x5a,0x2f,0x58,0xfd,0x27,
- 0x52,0x6a,0xe8,0xcf,0x4a,0x73,0x47,0x8d,0x25,0x0f,
- 0x5f,0x03,0x26,0x78,0xef,0xf0,0x22,0x12,0xd3,0xde,
- 0x47,0xb2,0x1c,0x0b,0x38,0x63,0x1a,0x6c,0x85,0x7a,
- 0x80,0xc6,0x8f,0xa0,0x41,0xaf,0x62,0xc4,0x67,0x32,
- 0x88,0xf8,0xa6,0x9c,0xf5,0x23,0x1d,0xe4,0xac,0x3f,
- 0x29,0xf9,0xec,0xe1,0x8b,0x26,0x03,0x2c,0xb2,0xab,
- 0xf3,0x7d,0xb5,0xca,0x49,0xc0,0x8f,0x1c,0xdf,0x33,
- 0x3a,0x60,0xda,0x3c,0xb0,0x16,0xf8,0xa9,0x12,0x8f,
- 0x64,0xac,0x23,0x0c,0x69,0x64,0x97,0x5d,0x99,0xd4,
- 0x09,0x83,0x9b,0x61,0xd3,0xac,0xf0,0xde,0xdd,0x5e,
- 0x9f,0x44,0x94,0xdb,0x3a,0x4d,0x97,0xe8,0x52,0x29,
- 0xf7,0xdb,0x94,0x07,0x45,0x90,0x78,0x1e,0x31,0x0b,
- 0x80,0xf7,0x57,0xad,0x1c,0x79,0xc5,0xcb,0x32,0xb0,
- 0xce,0xcd,0x74,0xb3,0xe2,0x94,0xc5,0x78,0x2f,0x34,
- 0x1a,0x45,0xf7,0x8c,0x52,0xa5,0xbc,0x8d,0xec,0xd1,
- 0x2f,0x31,0x3b,0xf0,0x49,0x59,0x5e,0x88,0x9d,0x15,
- 0x92,0x35,0x32,0xc1,0xe7,0x61,0xec,0x50,0x48,0x7c,
- 0xba,0x05,0xf9,0xf8,0xf8,0xa7,0x8c,0x83,0xe8,0x66,
- 0x5b,0xeb,0xfe,0xd8,0x4f,0xdd,0x6d,0x36,0xc0,0xb2,
- 0x90,0x0f,0xb8,0x52,0xf9,0x04,0x9b,0x40,0x2c,0x27,
- 0xd6,0x36,0x8e,0xc2,0x1b,0x44,0xf3,0x92,0xd5,0x15,
- 0x9e,0x9a,0xbc,0xf3,0x7d,0x03,0xd7,0x02,0x14,0x20,
- 0xe9,0x10,0x92,0xfd,0xf9,0xfc,0x8f,0xe5,0x18,0xe1,
- 0x95,0xcc,0x9e,0x60,0xa6,0xfa,0x38,0x4d,0x02,0x03,
- 0x01,0x00,0x01,0x02,0x82,0x01,0x00,0x00,0xc3,0xc3,
- 0x0d,0xb4,0x27,0x90,0x8d,0x4b,0xbf,0xb8,0x84,0xaa,
- 0xd0,0xb8,0xc7,0x5d,0x99,0xbe,0x55,0xf6,0x3e,0x7c,
- 0x49,0x20,0xcb,0x8a,0x8e,0x19,0x0e,0x66,0x24,0xac,
- 0xaf,0x03,0x33,0x97,0xeb,0x95,0xd5,0x3b,0x0f,0x40,
- 0x56,0x04,0x50,0xd1,0xe6,0xbe,0x84,0x0b,0x25,0xd3,
- 0x9c,0xe2,0x83,0x6c,0xf5,0x62,0x5d,0xba,0x2b,0x7d,
- 0x3d,0x7a,0x6c,0xe1,0xd2,0x0e,0x54,0x93,0x80,0x01,
- 0x91,0x51,0x09,0xe8,0x5b,0x8e,0x47,0xbd,0x64,0xe4,
- 0x0e,0x03,0x83,0x55,0xcf,0x5a,0x37,0xf0,0x25,0xb5,
- 0x7d,0x21,0xd7,0x69,0xdf,0x6f,0xc2,0xcf,0x10,0xc9,
- 0x8a,0x40,0x9f,0x7a,0x70,0xc0,0xe8,0xe8,0xc0,0xe6,
- 0x9a,0x15,0x0a,0x8d,0x4e,0x46,0xcb,0x7a,0xdb,0xb3,
- 0xcb,0x83,0x02,0xc4,0xf0,0xab,0xeb,0x02,0x01,0x0e,
- 0x23,0xfc,0x1d,0xc4,0xbd,0xd4,0xaa,0x5d,0x31,0x46,
- 0x99,0xce,0x9e,0xf8,0x04,0x75,0x10,0x67,0xc4,0x53,
- 0x47,0x44,0xfa,0xc2,0x25,0x73,0x7e,0xd0,0x8e,0x59,
- 0xd1,0xb2,0x5a,0xf4,0xc7,0x18,0x92,0x2f,0x39,0xab,
- 0xcd,0xa3,0xb5,0xc2,0xb9,0xc7,0xb9,0x1b,0x9f,0x48,
- 0xfa,0x13,0xc6,0x98,0x4d,0xca,0x84,0x9c,0x06,0xca,
- 0xe7,0x89,0x01,0x04,0xc4,0x6c,0xfd,0x29,0x59,0x35,
- 0xe7,0xf3,0xdd,0xce,0x64,0x59,0xbf,0x21,0x13,0xa9,
- 0x9f,0x0e,0xc5,0xff,0xbd,0x33,0x00,0xec,0xac,0x6b,
- 0x11,0xef,0x51,0x5e,0xad,0x07,0x15,0xde,0xb8,0x5f,
- 0xc6,0xb9,0xa3,0x22,0x65,0x46,0x83,0x14,0xdf,0xd0,
- 0xf1,0x44,0x8a,0xe1,0x9c,0x23,0x33,0xb4,0x97,0x33,
- 0xe6,0x6b,0x81,0x02,0x81,0x81,0x00,0xec,0x12,0xa7,
- 0x59,0x74,0x6a,0xde,0x3e,0xad,0xd8,0x36,0x80,0x50,
- 0xa2,0xd5,0x21,0x81,0x07,0xf1,0xd0,0x91,0xf2,0x6c,
- 0x12,0x2f,0x9d,0x1a,0x26,0xf8,0x30,0x65,0xdf,0xe8,
- 0xc0,0x9b,0x6a,0x30,0x98,0x82,0x87,0xec,0xa2,0x56,
- 0x87,0x62,0x6f,0xe7,0x9f,0xf6,0x56,0xe6,0x71,0x8f,
- 0x49,0x86,0x93,0x5a,0x4d,0x34,0x58,0xfe,0xd9,0x04,
- 0x13,0xaf,0x79,0xb7,0xad,0x11,0xd1,0x30,0x9a,0x14,
- 0x06,0xa0,0xfa,0xb7,0x55,0xdc,0x6c,0x5a,0x4c,0x2c,
- 0x59,0x56,0xf6,0xe8,0x9d,0xaf,0x0a,0x78,0x99,0x06,
- 0x06,0x9e,0xe7,0x9c,0x51,0x55,0x43,0xfc,0x3b,0x6c,
- 0x0b,0xbf,0x2d,0x41,0xa7,0xaf,0xb7,0xe0,0xe8,0x28,
- 0x18,0xb4,0x13,0xd1,0xe6,0x97,0xd0,0x9f,0x6a,0x80,
- 0xca,0xdd,0x1a,0x7e,0x15,0x02,0x81,0x81,0x00,0xd1,
- 0x06,0x0c,0x1f,0xe3,0xd0,0xab,0xd6,0xca,0x7c,0xbc,
- 0x7d,0x13,0x35,0xce,0x27,0xcd,0xd8,0x49,0x51,0x63,
- 0x64,0x0f,0xca,0x06,0x12,0xfc,0x07,0x3e,0xaf,0x61,
- 0x6d,0xe2,0x53,0x39,0x27,0xae,0xc3,0x11,0x9e,0x94,
- 0x01,0x4f,0xe3,0xf3,0x67,0xf9,0x77,0xf9,0xe7,0x95,
- 0x3a,0x6f,0xe2,0x20,0x73,0x3e,0xa4,0x7a,0x28,0xd4,
- 0x61,0x97,0xf6,0x17,0xa0,0x23,0x10,0x2b,0xce,0x84,
- 0x57,0x7e,0x25,0x1f,0xf4,0xa8,0x54,0xd2,0x65,0x94,
- 0xcc,0x95,0x0a,0xab,0x30,0xc1,0x59,0x1f,0x61,0x8e,
- 0xb9,0x6b,0xd7,0x4e,0xb9,0x83,0x43,0x79,0x85,0x11,
- 0xbc,0x0f,0xae,0x25,0x20,0x05,0xbc,0xd2,0x48,0xa1,
- 0x68,0x09,0x84,0xf6,0x12,0x9a,0x66,0xb9,0x2b,0xbb,
- 0x76,0x03,0x17,0x46,0x4e,0x97,0x59,0x02,0x81,0x80,
- 0x09,0x4c,0xfa,0xd6,0xe5,0x65,0x48,0x78,0x43,0xb5,
- 0x1f,0x00,0x93,0x2c,0xb7,0x24,0xe8,0xc6,0x7d,0x5a,
- 0x70,0x45,0x92,0xc8,0x6c,0xa3,0xcd,0xe1,0xf7,0x29,
- 0x40,0xfa,0x3f,0x5b,0x47,0x44,0x39,0xc1,0xe8,0x72,
- 0x9e,0x7a,0x0e,0xda,0xaa,0xa0,0x2a,0x09,0xfd,0x54,
- 0x93,0x23,0xaa,0x37,0x85,0x5b,0xcc,0xd4,0xf9,0xd8,
- 0xff,0xc1,0x61,0x0d,0xbd,0x7e,0x18,0x24,0x73,0x6d,
- 0x40,0x72,0xf1,0x93,0x09,0x48,0x97,0x6c,0x84,0x90,
- 0xa8,0x46,0x14,0x01,0x39,0x11,0xe5,0x3c,0x41,0x27,
- 0x32,0x75,0x24,0xed,0xa1,0xd9,0x12,0x29,0x8a,0x28,
- 0x71,0x89,0x8d,0xca,0x30,0xb0,0x01,0xc4,0x2f,0x82,
- 0x19,0x14,0x4c,0x70,0x1c,0xb8,0x23,0x2e,0xe8,0x90,
- 0x49,0x97,0x92,0x97,0x6b,0x7a,0x9d,0xb9,0x02,0x81,
- 0x80,0x0f,0x0e,0xa1,0x76,0xf6,0xa1,0x44,0x8f,0xaf,
- 0x7c,0x76,0xd3,0x87,0xbb,0xbb,0x83,0x10,0x88,0x01,
- 0x18,0x14,0xd1,0xd3,0x75,0x59,0x24,0xaa,0xf5,0x16,
- 0xa5,0xe9,0x9d,0xd1,0xcc,0xee,0xf4,0x15,0xd9,0xc5,
- 0x7e,0x27,0xe9,0x44,0x49,0x06,0x72,0xb9,0xfc,0xd3,
- 0x8a,0xc4,0x2c,0x36,0x7d,0x12,0x9b,0x5a,0xaa,0xdc,
- 0x85,0xee,0x6e,0xad,0x54,0xb3,0xf4,0xfc,0x31,0xa1,
- 0x06,0x3a,0x70,0x57,0x0c,0xf3,0x95,0x5b,0x3e,0xe8,
- 0xfd,0x1a,0x4f,0xf6,0x78,0x93,0x46,0x6a,0xd7,0x31,
- 0xb4,0x84,0x64,0x85,0x09,0x38,0x89,0x92,0x94,0x1c,
- 0xbf,0xe2,0x3c,0x2a,0xe0,0xff,0x99,0xa3,0xf0,0x2b,
- 0x31,0xc2,0x36,0xcd,0x60,0xbf,0x9d,0x2d,0x74,0x32,
- 0xe8,0x9c,0x93,0x6e,0xbb,0x91,0x7b,0xfd,0xd9,0x02,
- 0x81,0x81,0x00,0xa2,0x71,0x25,0x38,0xeb,0x2a,0xe9,
- 0x37,0xcd,0xfe,0x44,0xce,0x90,0x3f,0x52,0x87,0x84,
- 0x52,0x1b,0xae,0x8d,0x22,0x94,0xce,0x38,0xe6,0x04,
- 0x88,0x76,0x85,0x9a,0xd3,0x14,0x09,0xe5,0x69,0x9a,
- 0xff,0x58,0x92,0x02,0x6a,0x7d,0x7c,0x1e,0x2c,0xfd,
- 0xa8,0xca,0x32,0x14,0x4f,0x0d,0x84,0x0d,0x37,0x43,
- 0xbf,0xe4,0x5d,0x12,0xc8,0x24,0x91,0x27,0x8d,0x46,
- 0xd9,0x54,0x53,0xe7,0x62,0x71,0xa8,0x2b,0x71,0x41,
- 0x8d,0x75,0xf8,0x3a,0xa0,0x61,0x29,0x46,0xa6,0xe5,
- 0x82,0xfa,0x3a,0xd9,0x08,0xfa,0xfc,0x63,0xfd,0x6b,
- 0x30,0xbc,0xf4,0x4e,0x9e,0x8c,0x25,0x0c,0xb6,0x55,
- 0xe7,0x3c,0xd4,0x4e,0x0b,0xfd,0x8b,0xc3,0x0e,0x1d,
- 0x9c,0x44,0x57,0x8f,0x1f,0x86,0xf7,0xd5,0x1b,0xe4,
- 0x95,
- };
-
-static unsigned char test4096[]={
- 0x30,0x82,0x09,0x29,0x02,0x01,0x00,0x02,0x82,0x02,
- 0x01,0x00,0xc0,0x71,0xac,0x1a,0x13,0x88,0x82,0x43,
- 0x3b,0x51,0x57,0x71,0x8d,0xb6,0x2b,0x82,0x65,0x21,
- 0x53,0x5f,0x28,0x29,0x4f,0x8d,0x7c,0x8a,0xb9,0x44,
- 0xb3,0x28,0x41,0x4f,0xd3,0xfa,0x6a,0xf8,0xb9,0x28,
- 0x50,0x39,0x67,0x53,0x2c,0x3c,0xd7,0xcb,0x96,0x41,
- 0x40,0x32,0xbb,0xeb,0x70,0xae,0x1f,0xb0,0x65,0xf7,
- 0x3a,0xd9,0x22,0xfd,0x10,0xae,0xbd,0x02,0xe2,0xdd,
- 0xf3,0xc2,0x79,0x3c,0xc6,0xfc,0x75,0xbb,0xaf,0x4e,
- 0x3a,0x36,0xc2,0x4f,0xea,0x25,0xdf,0x13,0x16,0x4b,
- 0x20,0xfe,0x4b,0x69,0x16,0xc4,0x7f,0x1a,0x43,0xa6,
- 0x17,0x1b,0xb9,0x0a,0xf3,0x09,0x86,0x28,0x89,0xcf,
- 0x2c,0xd0,0xd4,0x81,0xaf,0xc6,0x6d,0xe6,0x21,0x8d,
- 0xee,0xef,0xea,0xdc,0xb7,0xc6,0x3b,0x63,0x9f,0x0e,
- 0xad,0x89,0x78,0x23,0x18,0xbf,0x70,0x7e,0x84,0xe0,
- 0x37,0xec,0xdb,0x8e,0x9c,0x3e,0x6a,0x19,0xcc,0x99,
- 0x72,0xe6,0xb5,0x7d,0x6d,0xfa,0xe5,0xd3,0xe4,0x90,
- 0xb5,0xb2,0xb2,0x12,0x70,0x4e,0xca,0xf8,0x10,0xf8,
- 0xa3,0x14,0xc2,0x48,0x19,0xeb,0x60,0x99,0xbb,0x2a,
- 0x1f,0xb1,0x7a,0xb1,0x3d,0x24,0xfb,0xa0,0x29,0xda,
- 0xbd,0x1b,0xd7,0xa4,0xbf,0xef,0x60,0x2d,0x22,0xca,
- 0x65,0x98,0xf1,0xc4,0xe1,0xc9,0x02,0x6b,0x16,0x28,
- 0x2f,0xa1,0xaa,0x79,0x00,0xda,0xdc,0x7c,0x43,0xf7,
- 0x42,0x3c,0xa0,0xef,0x68,0xf7,0xdf,0xb9,0x69,0xfb,
- 0x8e,0x01,0xed,0x01,0x42,0xb5,0x4e,0x57,0xa6,0x26,
- 0xb8,0xd0,0x7b,0x56,0x6d,0x03,0xc6,0x40,0x8c,0x8c,
- 0x2a,0x55,0xd7,0x9c,0x35,0x00,0x94,0x93,0xec,0x03,
- 0xeb,0x22,0xef,0x77,0xbb,0x79,0x13,0x3f,0x15,0xa1,
- 0x8f,0xca,0xdf,0xfd,0xd3,0xb8,0xe1,0xd4,0xcc,0x09,
- 0x3f,0x3c,0x2c,0xdb,0xd1,0x49,0x7f,0x38,0x07,0x83,
- 0x6d,0xeb,0x08,0x66,0xe9,0x06,0x44,0x12,0xac,0x95,
- 0x22,0x90,0x23,0x67,0xd4,0x08,0xcc,0xf4,0xb7,0xdc,
- 0xcc,0x87,0xd4,0xac,0x69,0x35,0x4c,0xb5,0x39,0x36,
- 0xcd,0xa4,0xd2,0x95,0xca,0x0d,0xc5,0xda,0xc2,0xc5,
- 0x22,0x32,0x28,0x08,0xe3,0xd2,0x8b,0x38,0x30,0xdc,
- 0x8c,0x75,0x4f,0x6a,0xec,0x7a,0xac,0x16,0x3e,0xa8,
- 0xd4,0x6a,0x45,0xe1,0xa8,0x4f,0x2e,0x80,0x34,0xaa,
- 0x54,0x1b,0x02,0x95,0x7d,0x8a,0x6d,0xcc,0x79,0xca,
- 0xf2,0xa4,0x2e,0x8d,0xfb,0xfe,0x15,0x51,0x10,0x0e,
- 0x4d,0x88,0xb1,0xc7,0xf4,0x79,0xdb,0xf0,0xb4,0x56,
- 0x44,0x37,0xca,0x5a,0xc1,0x8c,0x48,0xac,0xae,0x48,
- 0x80,0x83,0x01,0x3f,0xde,0xd9,0xd3,0x2c,0x51,0x46,
- 0xb1,0x41,0xb6,0xc6,0x91,0x72,0xf9,0x83,0x55,0x1b,
- 0x8c,0xba,0xf3,0x73,0xe5,0x2c,0x74,0x50,0x3a,0xbe,
- 0xc5,0x2f,0xa7,0xb2,0x6d,0x8c,0x9e,0x13,0x77,0xa3,
- 0x13,0xcd,0x6d,0x8c,0x45,0xe1,0xfc,0x0b,0xb7,0x69,
- 0xe9,0x27,0xbc,0x65,0xc3,0xfa,0x9b,0xd0,0xef,0xfe,
- 0xe8,0x1f,0xb3,0x5e,0x34,0xf4,0x8c,0xea,0xfc,0xd3,
- 0x81,0xbf,0x3d,0x30,0xb2,0xb4,0x01,0xe8,0x43,0x0f,
- 0xba,0x02,0x23,0x42,0x76,0x82,0x31,0x73,0x91,0xed,
- 0x07,0x46,0x61,0x0d,0x39,0x83,0x40,0xce,0x7a,0xd4,
- 0xdb,0x80,0x2c,0x1f,0x0d,0xd1,0x34,0xd4,0x92,0xe3,
- 0xd4,0xf1,0xc2,0x01,0x02,0x03,0x01,0x00,0x01,0x02,
- 0x82,0x02,0x01,0x00,0x97,0x6c,0xda,0x6e,0xea,0x4f,
- 0xcf,0xaf,0xf7,0x4c,0xd9,0xf1,0x90,0x00,0x77,0xdb,
- 0xf2,0x97,0x76,0x72,0xb9,0xb7,0x47,0xd1,0x9c,0xdd,
- 0xcb,0x4a,0x33,0x6e,0xc9,0x75,0x76,0xe6,0xe4,0xa5,
- 0x31,0x8c,0x77,0x13,0xb4,0x29,0xcd,0xf5,0x52,0x17,
- 0xef,0xf3,0x08,0x00,0xe3,0xbd,0x2e,0xbc,0xd4,0x52,
- 0x88,0xe9,0x30,0x75,0x0b,0x02,0xf5,0xcd,0x89,0x0c,
- 0x6c,0x57,0x19,0x27,0x3d,0x1e,0x85,0xb4,0xc1,0x2f,
- 0x1d,0x92,0x00,0x5c,0x76,0x29,0x4b,0xa4,0xe1,0x12,
- 0xb3,0xc8,0x09,0xfe,0x0e,0x78,0x72,0x61,0xcb,0x61,
- 0x6f,0x39,0x91,0x95,0x4e,0xd5,0x3e,0xc7,0x8f,0xb8,
- 0xf6,0x36,0xfe,0x9c,0x93,0x9a,0x38,0x25,0x7a,0xf4,
- 0x4a,0x12,0xd4,0xa0,0x13,0xbd,0xf9,0x1d,0x12,0x3e,
- 0x21,0x39,0xfb,0x72,0xe0,0x05,0x3d,0xc3,0xe5,0x50,
- 0xa8,0x5d,0x85,0xa3,0xea,0x5f,0x1c,0xb2,0x3f,0xea,
- 0x6d,0x03,0x91,0x55,0xd8,0x19,0x0a,0x21,0x12,0x16,
- 0xd9,0x12,0xc4,0xe6,0x07,0x18,0x5b,0x26,0xa4,0xae,
- 0xed,0x2b,0xb7,0xa6,0xed,0xf8,0xad,0xec,0x77,0xe6,
- 0x7f,0x4f,0x76,0x00,0xc0,0xfa,0x15,0x92,0xb4,0x2c,
- 0x22,0xc2,0xeb,0x6a,0xad,0x14,0x05,0xb2,0xe5,0x8a,
- 0x9e,0x85,0x83,0xcc,0x04,0xf1,0x56,0x78,0x44,0x5e,
- 0xde,0xe0,0x60,0x1a,0x65,0x79,0x31,0x23,0x05,0xbb,
- 0x01,0xff,0xdd,0x2e,0xb7,0xb3,0xaa,0x74,0xe0,0xa5,
- 0x94,0xaf,0x4b,0xde,0x58,0x0f,0x55,0xde,0x33,0xf6,
- 0xe3,0xd6,0x34,0x36,0x57,0xd6,0x79,0x91,0x2e,0xbe,
- 0x3b,0xd9,0x4e,0xb6,0x9d,0x21,0x5c,0xd3,0x48,0x14,
- 0x7f,0x4a,0xc4,0x60,0xa9,0x29,0xf8,0x53,0x7f,0x88,
- 0x11,0x2d,0xb5,0xc5,0x2d,0x6f,0xee,0x85,0x0b,0xf7,
- 0x8d,0x9a,0xbe,0xb0,0x42,0xf2,0x2e,0x71,0xaf,0x19,
- 0x31,0x6d,0xec,0xcd,0x6f,0x2b,0x23,0xdf,0xb4,0x40,
- 0xaf,0x2c,0x0a,0xc3,0x1b,0x7d,0x7d,0x03,0x1d,0x4b,
- 0xf3,0xb5,0xe0,0x85,0xd8,0xdf,0x91,0x6b,0x0a,0x69,
- 0xf7,0xf2,0x69,0x66,0x5b,0xf1,0xcf,0x46,0x7d,0xe9,
- 0x70,0xfa,0x6d,0x7e,0x75,0x4e,0xa9,0x77,0xe6,0x8c,
- 0x02,0xf7,0x14,0x4d,0xa5,0x41,0x8f,0x3f,0xc1,0x62,
- 0x1e,0x71,0x5e,0x38,0xb4,0xd6,0xe6,0xe1,0x4b,0xc2,
- 0x2c,0x30,0x83,0x81,0x6f,0x49,0x2e,0x96,0xe6,0xc9,
- 0x9a,0xf7,0x5d,0x09,0xa0,0x55,0x02,0xa5,0x3a,0x25,
- 0x23,0xd0,0x92,0xc3,0xa3,0xe3,0x0e,0x12,0x2f,0x4d,
- 0xef,0xf3,0x55,0x5a,0xbe,0xe6,0x19,0x86,0x31,0xab,
- 0x75,0x9a,0xd3,0xf0,0x2c,0xc5,0x41,0x92,0xd9,0x1f,
- 0x5f,0x11,0x8c,0x75,0x1c,0x63,0xd0,0x02,0x80,0x2c,
- 0x68,0xcb,0x93,0xfb,0x51,0x73,0x49,0xb4,0x60,0xda,
- 0xe2,0x26,0xaf,0xa9,0x46,0x12,0xb8,0xec,0x50,0xdd,
- 0x12,0x06,0x5f,0xce,0x59,0xe6,0xf6,0x1c,0xe0,0x54,
- 0x10,0xad,0xf6,0xcd,0x98,0xcc,0x0f,0xfb,0xcb,0x41,
- 0x14,0x9d,0xed,0xe4,0xb4,0x74,0x5f,0x09,0x60,0xc7,
- 0x12,0xf6,0x7b,0x3c,0x8f,0xa7,0x20,0xbc,0xe4,0xb1,
- 0xef,0xeb,0xa4,0x93,0xc5,0x06,0xca,0x9a,0x27,0x9d,
- 0x87,0xf3,0xde,0xca,0xe5,0xe7,0xf6,0x1c,0x01,0x65,
- 0x5b,0xfb,0x19,0x79,0x6e,0x08,0x26,0xc5,0xc8,0x28,
- 0x0e,0xb6,0x3b,0x07,0x08,0xc1,0x02,0x82,0x01,0x01,
- 0x00,0xe8,0x1c,0x73,0xa6,0xb8,0xe0,0x0e,0x6d,0x8d,
- 0x1b,0xb9,0x53,0xed,0x58,0x94,0xe6,0x1d,0x60,0x14,
- 0x5c,0x76,0x43,0xc4,0x58,0x19,0xc4,0x24,0xe8,0xbc,
- 0x1b,0x3b,0x0b,0x13,0x24,0x45,0x54,0x0e,0xcc,0x37,
- 0xf0,0xe0,0x63,0x7d,0xc3,0xf7,0xfb,0x81,0x74,0x81,
- 0xc4,0x0f,0x1a,0x21,0x48,0xaf,0xce,0xc1,0xc4,0x94,
- 0x18,0x06,0x44,0x8d,0xd3,0xd2,0x22,0x2d,0x2d,0x3e,
- 0x5a,0x31,0xdc,0x95,0x8e,0xf4,0x41,0xfc,0x58,0xc9,
- 0x40,0x92,0x17,0x5f,0xe3,0xda,0xac,0x9e,0x3f,0x1c,
- 0x2a,0x6b,0x58,0x5f,0x48,0x78,0x20,0xb1,0xaf,0x24,
- 0x9b,0x3c,0x20,0x8b,0x93,0x25,0x9e,0xe6,0x6b,0xbc,
- 0x13,0x42,0x14,0x6c,0x36,0x31,0xff,0x7a,0xd1,0xc1,
- 0x1a,0x26,0x14,0x7f,0xa9,0x76,0xa7,0x0c,0xf8,0xcc,
- 0xed,0x07,0x6a,0xd2,0xdf,0x62,0xee,0x0a,0x7c,0x84,
- 0xcb,0x49,0x90,0xb2,0x03,0x0d,0xa2,0x82,0x06,0x77,
- 0xf1,0xcd,0x67,0xf2,0x47,0x21,0x02,0x3f,0x43,0x21,
- 0xf0,0x46,0x30,0x62,0x51,0x72,0xb1,0xe7,0x48,0xc6,
- 0x67,0x12,0xcd,0x9e,0xd6,0x15,0xe5,0x21,0xed,0xfa,
- 0x8f,0x30,0xa6,0x41,0xfe,0xb6,0xfa,0x8f,0x34,0x14,
- 0x19,0xe8,0x11,0xf7,0xa5,0x77,0x3e,0xb7,0xf9,0x39,
- 0x07,0x8c,0x67,0x2a,0xab,0x7b,0x08,0xf8,0xb0,0x06,
- 0xa8,0xea,0x2f,0x8f,0xfa,0xcc,0xcc,0x40,0xce,0xf3,
- 0x70,0x4f,0x3f,0x7f,0xe2,0x0c,0xea,0x76,0x4a,0x35,
- 0x4e,0x47,0xad,0x2b,0xa7,0x97,0x5d,0x74,0x43,0x97,
- 0x90,0xd2,0xfb,0xd9,0xf9,0x96,0x01,0x33,0x05,0xed,
- 0x7b,0x03,0x05,0xad,0xf8,0x49,0x03,0x02,0x82,0x01,
- 0x01,0x00,0xd4,0x40,0x17,0x66,0x10,0x92,0x95,0xc8,
- 0xec,0x62,0xa9,0x7a,0xcb,0x93,0x8e,0xe6,0x53,0xd4,
- 0x80,0x48,0x27,0x4b,0x41,0xce,0x61,0xdf,0xbf,0x94,
- 0xa4,0x3d,0x71,0x03,0x0b,0xed,0x25,0x71,0x98,0xa4,
- 0xd6,0xd5,0x4a,0x57,0xf5,0x6c,0x1b,0xda,0x21,0x7d,
- 0x35,0x45,0xb3,0xf3,0x6a,0xd9,0xd3,0x43,0xe8,0x5c,
- 0x54,0x1c,0x83,0x1b,0xb4,0x5f,0xf2,0x97,0x24,0x2e,
- 0xdc,0x40,0xde,0x92,0x23,0x59,0x8e,0xbc,0xd2,0xa1,
- 0xf2,0xe0,0x4c,0xdd,0x0b,0xd1,0xe7,0xae,0x65,0xbc,
- 0xb5,0xf5,0x5b,0x98,0xe9,0xd7,0xc2,0xb7,0x0e,0x55,
- 0x71,0x0e,0x3c,0x0a,0x24,0x6b,0xa6,0xe6,0x14,0x61,
- 0x11,0xfd,0x33,0x42,0x99,0x2b,0x84,0x77,0x74,0x92,
- 0x91,0xf5,0x79,0x79,0xcf,0xad,0x8e,0x04,0xef,0x80,
- 0x1e,0x57,0xf4,0x14,0xf5,0x35,0x09,0x74,0xb2,0x13,
- 0x71,0x58,0x6b,0xea,0x32,0x5d,0xf3,0xd3,0x76,0x48,
- 0x39,0x10,0x23,0x84,0x9d,0xbe,0x92,0x77,0x4a,0xed,
- 0x70,0x3e,0x1a,0xa2,0x6c,0xb3,0x81,0x00,0xc3,0xc9,
- 0xe4,0x52,0xc8,0x24,0x88,0x0c,0x41,0xad,0x87,0x5a,
- 0xea,0xa3,0x7a,0x85,0x1c,0x5e,0x31,0x7f,0xc3,0x35,
- 0xc6,0xfa,0x10,0xc8,0x75,0x10,0xc4,0x96,0x99,0xe7,
- 0xfe,0x01,0xb4,0x74,0xdb,0xb4,0x11,0xc3,0xc8,0x8c,
- 0xf6,0xf7,0x3b,0x66,0x50,0xfc,0xdb,0xeb,0xca,0x47,
- 0x85,0x89,0xe1,0x65,0xd9,0x62,0x34,0x3c,0x70,0xd8,
- 0x2e,0xb4,0x2f,0x65,0x3c,0x4a,0xa6,0x2a,0xe7,0xc7,
- 0xd8,0x41,0x8f,0x8a,0x43,0xbf,0x42,0xf2,0x4d,0xbc,
- 0xfc,0x9e,0x27,0x95,0xfb,0x75,0xff,0xab,0x02,0x82,
- 0x01,0x00,0x41,0x2f,0x44,0x57,0x6d,0x12,0x17,0x5b,
- 0x32,0xc6,0xb7,0x6c,0x57,0x7a,0x8a,0x0e,0x79,0xef,
- 0x72,0xa8,0x68,0xda,0x2d,0x38,0xe4,0xbb,0x8d,0xf6,
- 0x02,0x65,0xcf,0x56,0x13,0xe1,0x1a,0xcb,0x39,0x80,
- 0xa6,0xb1,0x32,0x03,0x1e,0xdd,0xbb,0x35,0xd9,0xac,
- 0x43,0x89,0x31,0x08,0x90,0x92,0x5e,0x35,0x3d,0x7b,
- 0x9c,0x6f,0x86,0xcb,0x17,0xdd,0x85,0xe4,0xed,0x35,
- 0x08,0x8e,0xc1,0xf4,0x05,0xd8,0x68,0xc6,0x63,0x3c,
- 0xf7,0xff,0xf7,0x47,0x33,0x39,0xc5,0x3e,0xb7,0x0e,
- 0x58,0x35,0x9d,0x81,0xea,0xf8,0x6a,0x2c,0x1c,0x5a,
- 0x68,0x78,0x64,0x11,0x6b,0xc1,0x3e,0x4e,0x7a,0xbd,
- 0x84,0xcb,0x0f,0xc2,0xb6,0x85,0x1d,0xd3,0x76,0xc5,
- 0x93,0x6a,0x69,0x89,0x56,0x34,0xdc,0x4a,0x9b,0xbc,
- 0xff,0xa8,0x0d,0x6e,0x35,0x9c,0x60,0xa7,0x23,0x30,
- 0xc7,0x06,0x64,0x39,0x8b,0x94,0x89,0xee,0xba,0x7f,
- 0x60,0x8d,0xfa,0xb6,0x97,0x76,0xdc,0x51,0x4a,0x3c,
- 0xeb,0x3a,0x14,0x2c,0x20,0x60,0x69,0x4a,0x86,0xfe,
- 0x8c,0x21,0x84,0x49,0x54,0xb3,0x20,0xe1,0x01,0x7f,
- 0x58,0xdf,0x7f,0xb5,0x21,0x51,0x8c,0x47,0x9f,0x91,
- 0xeb,0x97,0x3e,0xf2,0x54,0xcf,0x16,0x46,0xf9,0xd9,
- 0xb6,0xe7,0x64,0xc9,0xd0,0x54,0xea,0x2f,0xa1,0xcf,
- 0xa5,0x7f,0x28,0x8d,0x84,0xec,0xd5,0x39,0x03,0x76,
- 0x5b,0x2d,0x8e,0x43,0xf2,0x01,0x24,0xc9,0x6f,0xc0,
- 0xf5,0x69,0x6f,0x7d,0xb5,0x85,0xd2,0x5f,0x7f,0x78,
- 0x40,0x07,0x7f,0x09,0x15,0xb5,0x1f,0x28,0x65,0x10,
- 0xe4,0x19,0xa8,0xc6,0x9e,0x8d,0xdc,0xcb,0x02,0x82,
- 0x01,0x00,0x13,0x01,0xee,0x56,0x80,0x93,0x70,0x00,
- 0x7f,0x52,0xd2,0x94,0xa1,0x98,0x84,0x4a,0x92,0x25,
- 0x4c,0x9b,0xa9,0x91,0x2e,0xc2,0x79,0xb7,0x5c,0xe3,
- 0xc5,0xd5,0x8e,0xc2,0x54,0x16,0x17,0xad,0x55,0x9b,
- 0x25,0x76,0x12,0x63,0x50,0x22,0x2f,0x58,0x58,0x79,
- 0x6b,0x04,0xe3,0xf9,0x9f,0x8f,0x04,0x41,0x67,0x94,
- 0xa5,0x1f,0xac,0x8a,0x15,0x9c,0x26,0x10,0x6c,0xf8,
- 0x19,0x57,0x61,0xd7,0x3a,0x7d,0x31,0xb0,0x2d,0x38,
- 0xbd,0x94,0x62,0xad,0xc4,0xfa,0x36,0x42,0x42,0xf0,
- 0x24,0x67,0x65,0x9d,0x8b,0x0b,0x7c,0x6f,0x82,0x44,
- 0x1a,0x8c,0xc8,0xc9,0xab,0xbb,0x4c,0x45,0xfc,0x7b,
- 0x38,0xee,0x30,0xe1,0xfc,0xef,0x8d,0xbc,0x58,0xdf,
- 0x2b,0x5d,0x0d,0x54,0xe0,0x49,0x4d,0x97,0x99,0x8f,
- 0x22,0xa8,0x83,0xbe,0x40,0xbb,0x50,0x2e,0x78,0x28,
- 0x0f,0x95,0x78,0x8c,0x8f,0x98,0x24,0x56,0xc2,0x97,
- 0xf3,0x2c,0x43,0xd2,0x03,0x82,0x66,0x81,0x72,0x5f,
- 0x53,0x16,0xec,0xb1,0xb1,0x04,0x5e,0x40,0x20,0x48,
- 0x7b,0x3f,0x02,0x97,0x6a,0xeb,0x96,0x12,0x21,0x35,
- 0xfe,0x1f,0x47,0xc0,0x95,0xea,0xc5,0x8a,0x08,0x84,
- 0x4f,0x5e,0x63,0x94,0x60,0x0f,0x71,0x5b,0x7f,0x4a,
- 0xec,0x4f,0x60,0xc6,0xba,0x4a,0x24,0xf1,0x20,0x8b,
- 0xa7,0x2e,0x3a,0xce,0x8d,0xe0,0x27,0x1d,0xb5,0x8e,
- 0xb4,0x21,0xc5,0xe2,0xa6,0x16,0x0a,0x51,0x83,0x55,
- 0x88,0xd1,0x30,0x11,0x63,0xd5,0xd7,0x8d,0xae,0x16,
- 0x12,0x82,0xc4,0x85,0x00,0x4e,0x27,0x83,0xa5,0x7c,
- 0x90,0x2e,0xe5,0xa2,0xa3,0xd3,0x4c,0x63,0x02,0x82,
- 0x01,0x01,0x00,0x86,0x08,0x98,0x98,0xa5,0x00,0x05,
- 0x39,0x77,0xd9,0x66,0xb3,0xcf,0xca,0xa0,0x71,0xb3,
- 0x50,0xce,0x3d,0xb1,0x93,0x95,0x35,0xc4,0xd4,0x2e,
- 0x90,0xdf,0x0f,0xfc,0x60,0xc1,0x94,0x68,0x61,0x43,
- 0xca,0x9a,0x23,0x4a,0x1e,0x45,0x72,0x99,0xb5,0x1e,
- 0x61,0x8d,0x77,0x0f,0xa0,0xbb,0xd7,0x77,0xb4,0x2a,
- 0x15,0x11,0x88,0x2d,0xb3,0x56,0x61,0x5e,0x6a,0xed,
- 0xa4,0x46,0x4a,0x3f,0x50,0x11,0xd6,0xba,0xb6,0xd7,
- 0x95,0x65,0x53,0xc3,0xa1,0x8f,0xe0,0xa3,0xf5,0x1c,
- 0xfd,0xaf,0x6e,0x43,0xd7,0x17,0xa7,0xd3,0x81,0x1b,
- 0xa4,0xdf,0xe0,0x97,0x8a,0x46,0x03,0xd3,0x46,0x0e,
- 0x83,0x48,0x4e,0xd2,0x02,0xcb,0xc0,0xad,0x79,0x95,
- 0x8c,0x96,0xba,0x40,0x34,0x11,0x71,0x5e,0xe9,0x11,
- 0xf9,0xc5,0x4a,0x5e,0x91,0x9d,0xf5,0x92,0x4f,0xeb,
- 0xc6,0x70,0x02,0x2d,0x3d,0x04,0xaa,0xe9,0x3a,0x8e,
- 0xd5,0xa8,0xad,0xf7,0xce,0x0d,0x16,0xb2,0xec,0x0a,
- 0x9c,0xf5,0x94,0x39,0xb9,0x8a,0xfc,0x1e,0xf9,0xcc,
- 0xf2,0x5f,0x21,0x31,0x74,0x72,0x6b,0x64,0xae,0x35,
- 0x61,0x8d,0x0d,0xcb,0xe7,0xda,0x39,0xca,0xf3,0x21,
- 0x66,0x0b,0x95,0xd7,0x0a,0x7c,0xca,0xa1,0xa9,0x5a,
- 0xe8,0xac,0xe0,0x71,0x54,0xaf,0x28,0xcf,0xd5,0x70,
- 0x89,0xe0,0xf3,0x9e,0x43,0x6c,0x8d,0x7b,0x99,0x01,
- 0x68,0x4d,0xa1,0x45,0x46,0x0c,0x43,0xbc,0xcc,0x2c,
- 0xdd,0xc5,0x46,0xc8,0x4e,0x0e,0xbe,0xed,0xb9,0x26,
- 0xab,0x2e,0xdb,0xeb,0x8f,0xff,0xdb,0xb0,0xc6,0x55,
- 0xaf,0xf8,0x2a,0x91,0x9d,0x50,0x44,0x21,0x17,
- };
diff --git a/crypto/openssl/apps/timeouts.h b/crypto/openssl/apps/timeouts.h
deleted file mode 100644
index 89b5dc7..0000000
--- a/crypto/openssl/apps/timeouts.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/* apps/timeouts.h */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef INCLUDED_TIMEOUTS_H
-#define INCLUDED_TIMEOUTS_H
-
-/* numbers in us */
-#define DGRAM_RCV_TIMEOUT 250000
-#define DGRAM_SND_TIMEOUT 250000
-
-#endif /* ! INCLUDED_TIMEOUTS_H */
diff --git a/crypto/openssl/apps/verify.c b/crypto/openssl/apps/verify.c
deleted file mode 100644
index 9ff32cb..0000000
--- a/crypto/openssl/apps/verify.c
+++ /dev/null
@@ -1,370 +0,0 @@
-/* apps/verify.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/pem.h>
-
-#undef PROG
-#define PROG verify_main
-
-static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e);
-static STACK_OF(X509) *load_untrusted(char *file);
-static int v_verbose=0, vflags = 0;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- int i,ret=1, badarg = 0;
- int purpose = -1;
- char *CApath=NULL,*CAfile=NULL;
- char *untfile = NULL, *trustfile = NULL;
- STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
- X509_STORE *cert_ctx=NULL;
- X509_LOOKUP *lookup=NULL;
- X509_VERIFY_PARAM *vpm = NULL;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- cert_ctx=X509_STORE_new();
- if (cert_ctx == NULL) goto end;
- X509_STORE_set_verify_cb_func(cert_ctx,cb);
-
- ERR_load_crypto_strings();
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (!load_config(bio_err, NULL))
- goto end;
-
- argc--;
- argv++;
- for (;;)
- {
- if (argc >= 1)
- {
- if (strcmp(*argv,"-CApath") == 0)
- {
- if (argc-- < 1) goto end;
- CApath= *(++argv);
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (argc-- < 1) goto end;
- CAfile= *(++argv);
- }
- else if (args_verify(&argv, &argc, &badarg, bio_err,
- &vpm))
- {
- if (badarg)
- goto end;
- continue;
- }
- else if (strcmp(*argv,"-untrusted") == 0)
- {
- if (argc-- < 1) goto end;
- untfile= *(++argv);
- }
- else if (strcmp(*argv,"-trusted") == 0)
- {
- if (argc-- < 1) goto end;
- trustfile= *(++argv);
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto end;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-help") == 0)
- goto end;
- else if (strcmp(*argv,"-verbose") == 0)
- v_verbose=1;
- else if (argv[0][0] == '-')
- goto end;
- else
- break;
- argc--;
- argv++;
- }
- else
- break;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (vpm)
- X509_STORE_set1_param(cert_ctx, vpm);
-
- lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
- if (lookup == NULL) abort();
- if (CAfile) {
- i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM);
- if(!i) {
- BIO_printf(bio_err, "Error loading file %s\n", CAfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
- if (lookup == NULL) abort();
- if (CApath) {
- i=X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM);
- if(!i) {
- BIO_printf(bio_err, "Error loading directory %s\n", CApath);
- ERR_print_errors(bio_err);
- goto end;
- }
- } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-
- ERR_clear_error();
-
- if(untfile) {
- if(!(untrusted = load_untrusted(untfile))) {
- BIO_printf(bio_err, "Error loading untrusted file %s\n", untfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if(trustfile) {
- if(!(trusted = load_untrusted(trustfile))) {
- BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile);
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
- if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e);
- else
- for (i=0; i<argc; i++)
- check(cert_ctx,argv[i], untrusted, trusted, purpose, e);
- ret=0;
-end:
- if (ret == 1) {
- BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
-#ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," [-engine e]");
-#endif
- BIO_printf(bio_err," cert1 cert2 ...\n");
- BIO_printf(bio_err,"recognized usages:\n");
- for(i = 0; i < X509_PURPOSE_get_count(); i++) {
- X509_PURPOSE *ptmp;
- ptmp = X509_PURPOSE_get0(i);
- BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp),
- X509_PURPOSE_get0_name(ptmp));
- }
- }
- if (vpm) X509_VERIFY_PARAM_free(vpm);
- if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
- sk_X509_pop_free(untrusted, X509_free);
- sk_X509_pop_free(trusted, X509_free);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)
- {
- X509 *x=NULL;
- int i=0,ret=0;
- X509_STORE_CTX *csc;
-
- x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
- if (x == NULL)
- goto end;
- fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);
-
- csc = X509_STORE_CTX_new();
- if (csc == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- X509_STORE_set_flags(ctx, vflags);
- if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
- if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
- i=X509_verify_cert(csc);
- X509_STORE_CTX_free(csc);
-
- ret=0;
-end:
- if (i)
- {
- fprintf(stdout,"OK\n");
- ret=1;
- }
- else
- ERR_print_errors(bio_err);
- if (x != NULL) X509_free(x);
-
- return(ret);
- }
-
-static STACK_OF(X509) *load_untrusted(char *certfile)
-{
- STACK_OF(X509_INFO) *sk=NULL;
- STACK_OF(X509) *stack=NULL, *ret=NULL;
- BIO *in=NULL;
- X509_INFO *xi;
-
- if(!(stack = sk_X509_new_null())) {
- BIO_printf(bio_err,"memory allocation failure\n");
- goto end;
- }
-
- if(!(in=BIO_new_file(certfile, "r"))) {
- BIO_printf(bio_err,"error opening the file, %s\n",certfile);
- goto end;
- }
-
- /* This loads from a file, a stack of x509/crl/pkey sets */
- if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL))) {
- BIO_printf(bio_err,"error reading the file, %s\n",certfile);
- goto end;
- }
-
- /* scan over it and pull out the certs */
- while (sk_X509_INFO_num(sk))
- {
- xi=sk_X509_INFO_shift(sk);
- if (xi->x509 != NULL)
- {
- sk_X509_push(stack,xi->x509);
- xi->x509=NULL;
- }
- X509_INFO_free(xi);
- }
- if(!sk_X509_num(stack)) {
- BIO_printf(bio_err,"no certificates in file, %s\n",certfile);
- sk_X509_free(stack);
- goto end;
- }
- ret=stack;
-end:
- BIO_free(in);
- sk_X509_INFO_free(sk);
- return(ret);
- }
-
-static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
- {
- char buf[256];
-
- if (!ok)
- {
- if (ctx->current_cert)
- {
- X509_NAME_oneline(
- X509_get_subject_name(ctx->current_cert),buf,
- sizeof buf);
- printf("%s\n",buf);
- }
- printf("error %d at %d depth lookup:%s\n",ctx->error,
- ctx->error_depth,
- X509_verify_cert_error_string(ctx->error));
- if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) ok=1;
- /* since we are just checking the certificates, it is
- * ok if they are self signed. But we should still warn
- * the user.
- */
- if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
- /* Continue after extension errors too */
- if (ctx->error == X509_V_ERR_INVALID_CA) ok=1;
- if (ctx->error == X509_V_ERR_INVALID_NON_CA) ok=1;
- if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
- if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
- if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
- if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
- if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
- if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
-
- if (ctx->error == X509_V_ERR_NO_EXPLICIT_POLICY)
- policies_print(NULL, ctx);
- return ok;
-
- }
- if ((ctx->error == X509_V_OK) && (ok == 2))
- policies_print(NULL, ctx);
- if (!v_verbose)
- ERR_clear_error();
- return(ok);
- }
-
diff --git a/crypto/openssl/apps/version.c b/crypto/openssl/apps/version.c
deleted file mode 100644
index 69ef3e1..0000000
--- a/crypto/openssl/apps/version.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/* apps/version.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "apps.h"
-#include <openssl/evp.h>
-#include <openssl/crypto.h>
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_MD2
-# include <openssl/md2.h>
-#endif
-#ifndef OPENSSL_NO_RC4
-# include <openssl/rc4.h>
-#endif
-#ifndef OPENSSL_NO_DES
-# include <openssl/des.h>
-#endif
-#ifndef OPENSSL_NO_IDEA
-# include <openssl/idea.h>
-#endif
-#ifndef OPENSSL_NO_BF
-# include <openssl/blowfish.h>
-#endif
-
-#undef PROG
-#define PROG version_main
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- int i,ret=0;
- int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
- if (argc == 1) version=1;
- for (i=1; i<argc; i++)
- {
- if (strcmp(argv[i],"-v") == 0)
- version=1;
- else if (strcmp(argv[i],"-b") == 0)
- date=1;
- else if (strcmp(argv[i],"-f") == 0)
- cflags=1;
- else if (strcmp(argv[i],"-o") == 0)
- options=1;
- else if (strcmp(argv[i],"-p") == 0)
- platform=1;
- else if (strcmp(argv[i],"-d") == 0)
- dir=1;
- else if (strcmp(argv[i],"-a") == 0)
- date=version=cflags=options=platform=dir=1;
- else
- {
- BIO_printf(bio_err,"usage:version -[avbofp]\n");
- ret=1;
- goto end;
- }
- }
-
- if (version)
- {
- if (SSLeay() == SSLEAY_VERSION_NUMBER)
- {
- printf("%s\n",SSLeay_version(SSLEAY_VERSION));
- }
- else
- {
- printf("%s (Library: %s)\n",
- OPENSSL_VERSION_TEXT,
- SSLeay_version(SSLEAY_VERSION));
- }
- }
- if (date) printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
- if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
- if (options)
- {
- printf("options: ");
- printf("%s ",BN_options());
-#ifndef OPENSSL_NO_MD2
- printf("%s ",MD2_options());
-#endif
-#ifndef OPENSSL_NO_RC4
- printf("%s ",RC4_options());
-#endif
-#ifndef OPENSSL_NO_DES
- printf("%s ",DES_options());
-#endif
-#ifndef OPENSSL_NO_IDEA
- printf("%s ",idea_options());
-#endif
-#ifndef OPENSSL_NO_BF
- printf("%s ",BF_options());
-#endif
- printf("\n");
- }
- if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
- if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR));
-end:
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
diff --git a/crypto/openssl/apps/winrand.c b/crypto/openssl/apps/winrand.c
deleted file mode 100644
index 59bede3..0000000
--- a/crypto/openssl/apps/winrand.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/* apps/winrand.c */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* Usage: winrand [filename]
- *
- * Collects entropy from mouse movements and other events and writes
- * random data to filename or .rnd
- */
-
-#include <windows.h>
-#include <openssl/opensslv.h>
-#include <openssl/rand.h>
-
-LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
-const char *filename;
-
-int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
- PSTR cmdline, int iCmdShow)
- {
- static char appname[] = "OpenSSL";
- HWND hwnd;
- MSG msg;
- WNDCLASSEX wndclass;
- char buffer[200];
-
- if (cmdline[0] == '\0')
- filename = RAND_file_name(buffer, sizeof buffer);
- else
- filename = cmdline;
-
- RAND_load_file(filename, -1);
-
- wndclass.cbSize = sizeof(wndclass);
- wndclass.style = CS_HREDRAW | CS_VREDRAW;
- wndclass.lpfnWndProc = WndProc;
- wndclass.cbClsExtra = 0;
- wndclass.cbWndExtra = 0;
- wndclass.hInstance = hInstance;
- wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
- wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
- wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
- wndclass.lpszMenuName = NULL;
- wndclass.lpszClassName = appname;
- wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
- RegisterClassEx(&wndclass);
-
- hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
- WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
- CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance, NULL);
-
- ShowWindow(hwnd, iCmdShow);
- UpdateWindow(hwnd);
-
-
- while (GetMessage(&msg, NULL, 0, 0))
- {
- TranslateMessage(&msg);
- DispatchMessage(&msg);
- }
-
- return msg.wParam;
- }
-
-LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
- {
- HDC hdc;
- PAINTSTRUCT ps;
- RECT rect;
- static int seeded = 0;
-
- switch (iMsg)
- {
- case WM_PAINT:
- hdc = BeginPaint(hwnd, &ps);
- GetClientRect(hwnd, &rect);
- DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
- &rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
- EndPaint(hwnd, &ps);
- return 0;
-
- case WM_DESTROY:
- PostQuitMessage(0);
- return 0;
- }
-
- if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0)
- {
- seeded = 1;
- if (RAND_write_file(filename) <= 0)
- MessageBox(hwnd, "Couldn't write random file!",
- "OpenSSL", MB_OK | MB_ICONERROR);
- PostQuitMessage(0);
- }
-
- return DefWindowProc(hwnd, iMsg, wParam, lParam);
- }
diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c
deleted file mode 100644
index 5f61eb5..0000000
--- a/crypto/openssl/apps/x509.c
+++ /dev/null
@@ -1,1278 +0,0 @@
-/* apps/x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#ifdef OPENSSL_NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include <openssl/bio.h>
-#include <openssl/asn1.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/objects.h>
-#include <openssl/pem.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-
-#undef PROG
-#define PROG x509_main
-
-#undef POSTFIX
-#define POSTFIX ".srl"
-#define DEF_DAYS 30
-
-static const char *x509_usage[]={
-"usage: x509 args\n",
-" -inform arg - input format - default PEM (one of DER, NET or PEM)\n",
-" -outform arg - output format - default PEM (one of DER, NET or PEM)\n",
-" -keyform arg - private key format - default PEM\n",
-" -CAform arg - CA format - default PEM\n",
-" -CAkeyform arg - CA key format - default PEM\n",
-" -in arg - input file - default stdin\n",
-" -out arg - output file - default stdout\n",
-" -passin arg - private key password source\n",
-" -serial - print serial number value\n",
-" -subject_hash - print subject hash value\n",
-" -issuer_hash - print issuer hash value\n",
-" -hash - synonym for -subject_hash\n",
-" -subject - print subject DN\n",
-" -issuer - print issuer DN\n",
-" -email - print email address(es)\n",
-" -startdate - notBefore field\n",
-" -enddate - notAfter field\n",
-" -purpose - print out certificate purposes\n",
-" -dates - both Before and After dates\n",
-" -modulus - print the RSA key modulus\n",
-" -pubkey - output the public key\n",
-" -fingerprint - print the certificate fingerprint\n",
-" -alias - output certificate alias\n",
-" -noout - no certificate output\n",
-" -ocspid - print OCSP hash values for the subject name and public key\n",
-" -trustout - output a \"trusted\" certificate\n",
-" -clrtrust - clear all trusted purposes\n",
-" -clrreject - clear all rejected purposes\n",
-" -addtrust arg - trust certificate for a given purpose\n",
-" -addreject arg - reject certificate for a given purpose\n",
-" -setalias arg - set certificate alias\n",
-" -days arg - How long till expiry of a signed certificate - def 30 days\n",
-" -checkend arg - check whether the cert expires in the next arg seconds\n",
-" exit 1 if so, 0 if not\n",
-" -signkey arg - self sign cert with arg\n",
-" -x509toreq - output a certification request object\n",
-" -req - input is a certificate request, sign and output.\n",
-" -CA arg - set the CA certificate, must be PEM format.\n",
-" -CAkey arg - set the CA key, must be PEM format\n",
-" missing, it is assumed to be in the CA file.\n",
-" -CAcreateserial - create serial number file if it does not exist\n",
-" -CAserial arg - serial file\n",
-" -set_serial - serial number to use\n",
-" -text - print the certificate in text form\n",
-" -C - print out C code forms\n",
-" -md2/-md5/-sha1/-mdc2 - digest to use\n",
-" -extfile - configuration file with X509V3 extensions to add\n",
-" -extensions - section from config file with X509V3 extensions to add\n",
-" -clrext - delete extensions before signing and input certificate\n",
-" -nameopt arg - various certificate name options\n",
-#ifndef OPENSSL_NO_ENGINE
-" -engine e - use engine e, possibly a hardware device.\n",
-#endif
-" -certopt arg - various certificate text options\n",
-NULL
-};
-
-static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
-static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
- CONF *conf, char *section);
-static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
- X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
- int create,int days, int clrext, CONF *conf, char *section,
- ASN1_INTEGER *sno);
-static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
-static int reqfile=0;
-
-int MAIN(int, char **);
-
-int MAIN(int argc, char **argv)
- {
- ENGINE *e = NULL;
- int ret=1;
- X509_REQ *req=NULL;
- X509 *x=NULL,*xca=NULL;
- ASN1_OBJECT *objtmp;
- EVP_PKEY *Upkey=NULL,*CApkey=NULL;
- ASN1_INTEGER *sno = NULL;
- int i,num,badops=0;
- BIO *out=NULL;
- BIO *STDout=NULL;
- STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
- int informat,outformat,keyformat,CAformat,CAkeyformat;
- char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
- char *CAkeyfile=NULL,*CAserial=NULL;
- char *alias=NULL;
- int text=0,serial=0,subject=0,issuer=0,startdate=0,enddate=0;
- int next_serial=0;
- int subject_hash=0,issuer_hash=0,ocspid=0;
- int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
- int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
- int C=0;
- int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
- int pprint = 0;
- const char **pp;
- X509_STORE *ctx=NULL;
- X509_REQ *rq=NULL;
- int fingerprint=0;
- char buf[256];
- const EVP_MD *md_alg,*digest=EVP_sha1();
- CONF *extconf = NULL;
- char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
- int need_rand = 0;
- int checkend=0,checkoffset=0;
- unsigned long nmflag = 0, certflag = 0;
-#ifndef OPENSSL_NO_ENGINE
- char *engine=NULL;
-#endif
-
- reqfile=0;
-
- apps_startup();
-
- if (bio_err == NULL)
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
- if (!load_config(bio_err, NULL))
- goto end;
- STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- STDout = BIO_push(tmpbio, STDout);
- }
-#endif
-
- informat=FORMAT_PEM;
- outformat=FORMAT_PEM;
- keyformat=FORMAT_PEM;
- CAformat=FORMAT_PEM;
- CAkeyformat=FORMAT_PEM;
-
- ctx=X509_STORE_new();
- if (ctx == NULL) goto end;
- X509_STORE_set_verify_cb_func(ctx,callb);
-
- argc--;
- argv++;
- num=0;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-inform") == 0)
- {
- if (--argc < 1) goto bad;
- informat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-outform") == 0)
- {
- if (--argc < 1) goto bad;
- outformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-keyform") == 0)
- {
- if (--argc < 1) goto bad;
- keyformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-req") == 0)
- {
- reqfile=1;
- need_rand = 1;
- }
- else if (strcmp(*argv,"-CAform") == 0)
- {
- if (--argc < 1) goto bad;
- CAformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-CAkeyform") == 0)
- {
- if (--argc < 1) goto bad;
- CAkeyformat=str2fmt(*(++argv));
- }
- else if (strcmp(*argv,"-days") == 0)
- {
- if (--argc < 1) goto bad;
- days=atoi(*(++argv));
- if (days == 0)
- {
- BIO_printf(STDout,"bad number of days\n");
- goto bad;
- }
- }
- else if (strcmp(*argv,"-passin") == 0)
- {
- if (--argc < 1) goto bad;
- passargin= *(++argv);
- }
- else if (strcmp(*argv,"-extfile") == 0)
- {
- if (--argc < 1) goto bad;
- extfile= *(++argv);
- }
- else if (strcmp(*argv,"-extensions") == 0)
- {
- if (--argc < 1) goto bad;
- extsect= *(++argv);
- }
- else if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- infile= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outfile= *(++argv);
- }
- else if (strcmp(*argv,"-signkey") == 0)
- {
- if (--argc < 1) goto bad;
- keyfile= *(++argv);
- sign_flag= ++num;
- need_rand = 1;
- }
- else if (strcmp(*argv,"-CA") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
- CA_flag= ++num;
- need_rand = 1;
- }
- else if (strcmp(*argv,"-CAkey") == 0)
- {
- if (--argc < 1) goto bad;
- CAkeyfile= *(++argv);
- }
- else if (strcmp(*argv,"-CAserial") == 0)
- {
- if (--argc < 1) goto bad;
- CAserial= *(++argv);
- }
- else if (strcmp(*argv,"-set_serial") == 0)
- {
- if (--argc < 1) goto bad;
- if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
- goto bad;
- }
- else if (strcmp(*argv,"-addtrust") == 0)
- {
- if (--argc < 1) goto bad;
- if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
- {
- BIO_printf(bio_err,
- "Invalid trust object value %s\n", *argv);
- goto bad;
- }
- if (!trust) trust = sk_ASN1_OBJECT_new_null();
- sk_ASN1_OBJECT_push(trust, objtmp);
- trustout = 1;
- }
- else if (strcmp(*argv,"-addreject") == 0)
- {
- if (--argc < 1) goto bad;
- if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
- {
- BIO_printf(bio_err,
- "Invalid reject object value %s\n", *argv);
- goto bad;
- }
- if (!reject) reject = sk_ASN1_OBJECT_new_null();
- sk_ASN1_OBJECT_push(reject, objtmp);
- trustout = 1;
- }
- else if (strcmp(*argv,"-setalias") == 0)
- {
- if (--argc < 1) goto bad;
- alias= *(++argv);
- trustout = 1;
- }
- else if (strcmp(*argv,"-certopt") == 0)
- {
- if (--argc < 1) goto bad;
- if (!set_cert_ex(&certflag, *(++argv))) goto bad;
- }
- else if (strcmp(*argv,"-nameopt") == 0)
- {
- if (--argc < 1) goto bad;
- if (!set_name_ex(&nmflag, *(++argv))) goto bad;
- }
-#ifndef OPENSSL_NO_ENGINE
- else if (strcmp(*argv,"-engine") == 0)
- {
- if (--argc < 1) goto bad;
- engine= *(++argv);
- }
-#endif
- else if (strcmp(*argv,"-C") == 0)
- C= ++num;
- else if (strcmp(*argv,"-email") == 0)
- email= ++num;
- else if (strcmp(*argv,"-serial") == 0)
- serial= ++num;
- else if (strcmp(*argv,"-next_serial") == 0)
- next_serial= ++num;
- else if (strcmp(*argv,"-modulus") == 0)
- modulus= ++num;
- else if (strcmp(*argv,"-pubkey") == 0)
- pubkey= ++num;
- else if (strcmp(*argv,"-x509toreq") == 0)
- x509req= ++num;
- else if (strcmp(*argv,"-text") == 0)
- text= ++num;
- else if (strcmp(*argv,"-hash") == 0
- || strcmp(*argv,"-subject_hash") == 0)
- subject_hash= ++num;
- else if (strcmp(*argv,"-issuer_hash") == 0)
- issuer_hash= ++num;
- else if (strcmp(*argv,"-subject") == 0)
- subject= ++num;
- else if (strcmp(*argv,"-issuer") == 0)
- issuer= ++num;
- else if (strcmp(*argv,"-fingerprint") == 0)
- fingerprint= ++num;
- else if (strcmp(*argv,"-dates") == 0)
- {
- startdate= ++num;
- enddate= ++num;
- }
- else if (strcmp(*argv,"-purpose") == 0)
- pprint= ++num;
- else if (strcmp(*argv,"-startdate") == 0)
- startdate= ++num;
- else if (strcmp(*argv,"-enddate") == 0)
- enddate= ++num;
- else if (strcmp(*argv,"-checkend") == 0)
- {
- if (--argc < 1) goto bad;
- checkoffset=atoi(*(++argv));
- checkend=1;
- }
- else if (strcmp(*argv,"-noout") == 0)
- noout= ++num;
- else if (strcmp(*argv,"-trustout") == 0)
- trustout= 1;
- else if (strcmp(*argv,"-clrtrust") == 0)
- clrtrust= ++num;
- else if (strcmp(*argv,"-clrreject") == 0)
- clrreject= ++num;
- else if (strcmp(*argv,"-alias") == 0)
- aliasout= ++num;
- else if (strcmp(*argv,"-CAcreateserial") == 0)
- CA_createserial= ++num;
- else if (strcmp(*argv,"-clrext") == 0)
- clrext = 1;
-#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */
- else if (strcmp(*argv,"-crlext") == 0)
- {
- BIO_printf(bio_err,"use -clrext instead of -crlext\n");
- clrext = 1;
- }
-#endif
- else if (strcmp(*argv,"-ocspid") == 0)
- ocspid= ++num;
- else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
- {
- /* ok */
- digest=md_alg;
- }
- else
- {
- BIO_printf(bio_err,"unknown option %s\n",*argv);
- badops=1;
- break;
- }
- argc--;
- argv++;
- }
-
- if (badops)
- {
-bad:
- for (pp=x509_usage; (*pp != NULL); pp++)
- BIO_printf(bio_err,"%s",*pp);
- goto end;
- }
-
-#ifndef OPENSSL_NO_ENGINE
- e = setup_engine(bio_err, engine, 0);
-#endif
-
- if (need_rand)
- app_RAND_load_file(NULL, bio_err, 0);
-
- ERR_load_crypto_strings();
-
- if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
- {
- BIO_printf(bio_err, "Error getting password\n");
- goto end;
- }
-
- if (!X509_STORE_set_default_paths(ctx))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM))
- { CAkeyfile=CAfile; }
- else if ((CA_flag) && (CAkeyfile == NULL))
- {
- BIO_printf(bio_err,"need to specify a CAkey if using the CA command\n");
- goto end;
- }
-
- if (extfile)
- {
- long errorline = -1;
- X509V3_CTX ctx2;
- extconf = NCONF_new(NULL);
- if (!NCONF_load(extconf, extfile,&errorline))
- {
- if (errorline <= 0)
- BIO_printf(bio_err,
- "error loading the config file '%s'\n",
- extfile);
- else
- BIO_printf(bio_err,
- "error on line %ld of config file '%s'\n"
- ,errorline,extfile);
- goto end;
- }
- if (!extsect)
- {
- extsect = NCONF_get_string(extconf, "default", "extensions");
- if (!extsect)
- {
- ERR_clear_error();
- extsect = "default";
- }
- }
- X509V3_set_ctx_test(&ctx2);
- X509V3_set_nconf(&ctx2, extconf);
- if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
- {
- BIO_printf(bio_err,
- "Error Loading extension section %s\n",
- extsect);
- ERR_print_errors(bio_err);
- goto end;
- }
- }
-
-
- if (reqfile)
- {
- EVP_PKEY *pkey;
- X509_CINF *ci;
- BIO *in;
-
- if (!sign_flag && !CA_flag)
- {
- BIO_printf(bio_err,"We need a private key to sign with\n");
- goto end;
- }
- in=BIO_new(BIO_s_file());
- if (in == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (infile == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE|BIO_FP_TEXT);
- else
- {
- if (BIO_read_filename(in,infile) <= 0)
- {
- perror(infile);
- BIO_free(in);
- goto end;
- }
- }
- req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
- BIO_free(in);
-
- if (req == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if ( (req->req_info == NULL) ||
- (req->req_info->pubkey == NULL) ||
- (req->req_info->pubkey->public_key == NULL) ||
- (req->req_info->pubkey->public_key->data == NULL))
- {
- BIO_printf(bio_err,"The certificate request appears to corrupted\n");
- BIO_printf(bio_err,"It does not contain a public key\n");
- goto end;
- }
- if ((pkey=X509_REQ_get_pubkey(req)) == NULL)
- {
- BIO_printf(bio_err,"error unpacking public key\n");
- goto end;
- }
- i=X509_REQ_verify(req,pkey);
- EVP_PKEY_free(pkey);
- if (i < 0)
- {
- BIO_printf(bio_err,"Signature verification error\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- if (i == 0)
- {
- BIO_printf(bio_err,"Signature did not match the certificate request\n");
- goto end;
- }
- else
- BIO_printf(bio_err,"Signature ok\n");
-
- print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
-
- if ((x=X509_new()) == NULL) goto end;
- ci=x->cert_info;
-
- if (sno == NULL)
- {
- sno = ASN1_INTEGER_new();
- if (!sno || !rand_serial(NULL, sno))
- goto end;
- if (!X509_set_serialNumber(x, sno))
- goto end;
- ASN1_INTEGER_free(sno);
- sno = NULL;
- }
- else if (!X509_set_serialNumber(x, sno))
- goto end;
-
- if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
- if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
-
- X509_gmtime_adj(X509_get_notBefore(x),0);
- X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
-
- pkey = X509_REQ_get_pubkey(req);
- X509_set_pubkey(x,pkey);
- EVP_PKEY_free(pkey);
- }
- else
- x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
-
- if (x == NULL) goto end;
- if (CA_flag)
- {
- xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");
- if (xca == NULL) goto end;
- }
-
- if (!noout || text || next_serial)
- {
- OBJ_create("2.99999.3",
- "SET.ex3","SET x509v3 extension 3");
-
- out=BIO_new(BIO_s_file());
- if (out == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (outfile == NULL)
- {
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
-#ifdef OPENSSL_SYS_VMS
- {
- BIO *tmpbio = BIO_new(BIO_f_linebuffer());
- out = BIO_push(tmpbio, out);
- }
-#endif
- }
- else
- {
- if (BIO_write_filename(out,outfile) <= 0)
- {
- perror(outfile);
- goto end;
- }
- }
- }
-
- if (alias) X509_alias_set1(x, (unsigned char *)alias, -1);
-
- if (clrtrust) X509_trust_clear(x);
- if (clrreject) X509_reject_clear(x);
-
- if (trust)
- {
- for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
- {
- objtmp = sk_ASN1_OBJECT_value(trust, i);
- X509_add1_trust_object(x, objtmp);
- }
- }
-
- if (reject)
- {
- for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
- {
- objtmp = sk_ASN1_OBJECT_value(reject, i);
- X509_add1_reject_object(x, objtmp);
- }
- }
-
- if (num)
- {
- for (i=1; i<=num; i++)
- {
- if (issuer == i)
- {
- print_name(STDout, "issuer= ",
- X509_get_issuer_name(x), nmflag);
- }
- else if (subject == i)
- {
- print_name(STDout, "subject= ",
- X509_get_subject_name(x), nmflag);
- }
- else if (serial == i)
- {
- BIO_printf(STDout,"serial=");
- i2a_ASN1_INTEGER(STDout,
- X509_get_serialNumber(x));
- BIO_printf(STDout,"\n");
- }
- else if (next_serial == i)
- {
- BIGNUM *bnser;
- ASN1_INTEGER *ser;
- ser = X509_get_serialNumber(x);
- bnser = ASN1_INTEGER_to_BN(ser, NULL);
- if (!bnser)
- goto end;
- if (!BN_add_word(bnser, 1))
- goto end;
- ser = BN_to_ASN1_INTEGER(bnser, NULL);
- if (!ser)
- goto end;
- BN_free(bnser);
- i2a_ASN1_INTEGER(out, ser);
- ASN1_INTEGER_free(ser);
- BIO_puts(out, "\n");
- }
- else if (email == i)
- {
- int j;
- STACK *emlst;
- emlst = X509_get1_email(x);
- for (j = 0; j < sk_num(emlst); j++)
- BIO_printf(STDout, "%s\n", sk_value(emlst, j));
- X509_email_free(emlst);
- }
- else if (aliasout == i)
- {
- unsigned char *alstr;
- alstr = X509_alias_get0(x, NULL);
- if (alstr) BIO_printf(STDout,"%s\n", alstr);
- else BIO_puts(STDout,"<No Alias>\n");
- }
- else if (subject_hash == i)
- {
- BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
- }
- else if (issuer_hash == i)
- {
- BIO_printf(STDout,"%08lx\n",X509_issuer_name_hash(x));
- }
- else if (pprint == i)
- {
- X509_PURPOSE *ptmp;
- int j;
- BIO_printf(STDout, "Certificate purposes:\n");
- for (j = 0; j < X509_PURPOSE_get_count(); j++)
- {
- ptmp = X509_PURPOSE_get0(j);
- purpose_print(STDout, x, ptmp);
- }
- }
- else
- if (modulus == i)
- {
- EVP_PKEY *pkey;
-
- pkey=X509_get_pubkey(x);
- if (pkey == NULL)
- {
- BIO_printf(bio_err,"Modulus=unavailable\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- BIO_printf(STDout,"Modulus=");
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- BN_print(STDout,pkey->pkey.rsa->n);
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- BN_print(STDout,pkey->pkey.dsa->pub_key);
- else
-#endif
- BIO_printf(STDout,"Wrong Algorithm type");
- BIO_printf(STDout,"\n");
- EVP_PKEY_free(pkey);
- }
- else
- if (pubkey == i)
- {
- EVP_PKEY *pkey;
-
- pkey=X509_get_pubkey(x);
- if (pkey == NULL)
- {
- BIO_printf(bio_err,"Error getting public key\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- PEM_write_bio_PUBKEY(STDout, pkey);
- EVP_PKEY_free(pkey);
- }
- else
- if (C == i)
- {
- unsigned char *d;
- char *m;
- int y,z;
-
- X509_NAME_oneline(X509_get_subject_name(x),
- buf,sizeof buf);
- BIO_printf(STDout,"/* subject:%s */\n",buf);
- m=X509_NAME_oneline(
- X509_get_issuer_name(x),buf,
- sizeof buf);
- BIO_printf(STDout,"/* issuer :%s */\n",buf);
-
- z=i2d_X509(x,NULL);
- m=OPENSSL_malloc(z);
-
- d=(unsigned char *)m;
- z=i2d_X509_NAME(X509_get_subject_name(x),&d);
- BIO_printf(STDout,"unsigned char XXX_subject_name[%d]={\n",z);
- d=(unsigned char *)m;
- for (y=0; y<z; y++)
- {
- BIO_printf(STDout,"0x%02X,",d[y]);
- if ((y & 0x0f) == 0x0f) BIO_printf(STDout,"\n");
- }
- if (y%16 != 0) BIO_printf(STDout,"\n");
- BIO_printf(STDout,"};\n");
-
- z=i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x),&d);
- BIO_printf(STDout,"unsigned char XXX_public_key[%d]={\n",z);
- d=(unsigned char *)m;
- for (y=0; y<z; y++)
- {
- BIO_printf(STDout,"0x%02X,",d[y]);
- if ((y & 0x0f) == 0x0f)
- BIO_printf(STDout,"\n");
- }
- if (y%16 != 0) BIO_printf(STDout,"\n");
- BIO_printf(STDout,"};\n");
-
- z=i2d_X509(x,&d);
- BIO_printf(STDout,"unsigned char XXX_certificate[%d]={\n",z);
- d=(unsigned char *)m;
- for (y=0; y<z; y++)
- {
- BIO_printf(STDout,"0x%02X,",d[y]);
- if ((y & 0x0f) == 0x0f)
- BIO_printf(STDout,"\n");
- }
- if (y%16 != 0) BIO_printf(STDout,"\n");
- BIO_printf(STDout,"};\n");
-
- OPENSSL_free(m);
- }
- else if (text == i)
- {
- X509_print_ex(out,x,nmflag, certflag);
- }
- else if (startdate == i)
- {
- BIO_puts(STDout,"notBefore=");
- ASN1_TIME_print(STDout,X509_get_notBefore(x));
- BIO_puts(STDout,"\n");
- }
- else if (enddate == i)
- {
- BIO_puts(STDout,"notAfter=");
- ASN1_TIME_print(STDout,X509_get_notAfter(x));
- BIO_puts(STDout,"\n");
- }
- else if (fingerprint == i)
- {
- int j;
- unsigned int n;
- unsigned char md[EVP_MAX_MD_SIZE];
-
- if (!X509_digest(x,digest,md,&n))
- {
- BIO_printf(bio_err,"out of memory\n");
- goto end;
- }
- BIO_printf(STDout,"%s Fingerprint=",
- OBJ_nid2sn(EVP_MD_type(digest)));
- for (j=0; j<(int)n; j++)
- {
- BIO_printf(STDout,"%02X%c",md[j],
- (j+1 == (int)n)
- ?'\n':':');
- }
- }
-
- /* should be in the library */
- else if ((sign_flag == i) && (x509req == 0))
- {
- BIO_printf(bio_err,"Getting Private key\n");
- if (Upkey == NULL)
- {
- Upkey=load_key(bio_err,
- keyfile, keyformat, 0,
- passin, e, "Private key");
- if (Upkey == NULL) goto end;
- }
-#ifndef OPENSSL_NO_DSA
- if (Upkey->type == EVP_PKEY_DSA)
- digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (Upkey->type == EVP_PKEY_EC)
- digest=EVP_ecdsa();
-#endif
-
- assert(need_rand);
- if (!sign(x,Upkey,days,clrext,digest,
- extconf, extsect)) goto end;
- }
- else if (CA_flag == i)
- {
- BIO_printf(bio_err,"Getting CA Private Key\n");
- if (CAkeyfile != NULL)
- {
- CApkey=load_key(bio_err,
- CAkeyfile, CAkeyformat,
- 0, passin, e,
- "CA Private Key");
- if (CApkey == NULL) goto end;
- }
-#ifndef OPENSSL_NO_DSA
- if (CApkey->type == EVP_PKEY_DSA)
- digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (CApkey->type == EVP_PKEY_EC)
- digest = EVP_ecdsa();
-#endif
-
- assert(need_rand);
- if (!x509_certify(ctx,CAfile,digest,x,xca,
- CApkey, CAserial,CA_createserial,days, clrext,
- extconf, extsect, sno))
- goto end;
- }
- else if (x509req == i)
- {
- EVP_PKEY *pk;
-
- BIO_printf(bio_err,"Getting request Private Key\n");
- if (keyfile == NULL)
- {
- BIO_printf(bio_err,"no request key file specified\n");
- goto end;
- }
- else
- {
- pk=load_key(bio_err,
- keyfile, FORMAT_PEM, 0,
- passin, e, "request key");
- if (pk == NULL) goto end;
- }
-
- BIO_printf(bio_err,"Generating certificate request\n");
-
-#ifndef OPENSSL_NO_DSA
- if (pk->type == EVP_PKEY_DSA)
- digest=EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pk->type == EVP_PKEY_EC)
- digest=EVP_ecdsa();
-#endif
-
- rq=X509_to_X509_REQ(x,pk,digest);
- EVP_PKEY_free(pk);
- if (rq == NULL)
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (!noout)
- {
- X509_REQ_print(out,rq);
- PEM_write_bio_X509_REQ(out,rq);
- }
- noout=1;
- }
- else if (ocspid == i)
- {
- X509_ocspid_print(out, x);
- }
- }
- }
-
- if (checkend)
- {
- time_t tcheck=time(NULL) + checkoffset;
-
- if (X509_cmp_time(X509_get_notAfter(x), &tcheck) < 0)
- {
- BIO_printf(out,"Certificate will expire\n");
- ret=1;
- }
- else
- {
- BIO_printf(out,"Certificate will not expire\n");
- ret=0;
- }
- goto end;
- }
-
- if (noout)
- {
- ret=0;
- goto end;
- }
-
- if (outformat == FORMAT_ASN1)
- i=i2d_X509_bio(out,x);
- else if (outformat == FORMAT_PEM)
- {
- if (trustout) i=PEM_write_bio_X509_AUX(out,x);
- else i=PEM_write_bio_X509(out,x);
- }
- else if (outformat == FORMAT_NETSCAPE)
- {
- ASN1_HEADER ah;
- ASN1_OCTET_STRING os;
-
- os.data=(unsigned char *)NETSCAPE_CERT_HDR;
- os.length=strlen(NETSCAPE_CERT_HDR);
- ah.header= &os;
- ah.data=(char *)x;
- ah.meth=X509_asn1_meth();
-
- i=ASN1_i2d_bio_of(ASN1_HEADER,i2d_ASN1_HEADER,out,&ah);
- }
- else {
- BIO_printf(bio_err,"bad output format specified for outfile\n");
- goto end;
- }
- if (!i)
- {
- BIO_printf(bio_err,"unable to write certificate\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- ret=0;
-end:
- if (need_rand)
- app_RAND_write_file(NULL, bio_err);
- OBJ_cleanup();
- NCONF_free(extconf);
- BIO_free_all(out);
- BIO_free_all(STDout);
- X509_STORE_free(ctx);
- X509_REQ_free(req);
- X509_free(x);
- X509_free(xca);
- EVP_PKEY_free(Upkey);
- EVP_PKEY_free(CApkey);
- X509_REQ_free(rq);
- ASN1_INTEGER_free(sno);
- sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
- sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
- if (passin) OPENSSL_free(passin);
- apps_shutdown();
- OPENSSL_EXIT(ret);
- }
-
-static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, int create)
- {
- char *buf = NULL, *p;
- ASN1_INTEGER *bs = NULL;
- BIGNUM *serial = NULL;
- size_t len;
-
- len = ((serialfile == NULL)
- ?(strlen(CAfile)+strlen(POSTFIX)+1)
- :(strlen(serialfile)))+1;
- buf=OPENSSL_malloc(len);
- if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
- if (serialfile == NULL)
- {
- BUF_strlcpy(buf,CAfile,len);
- for (p=buf; *p; p++)
- if (*p == '.')
- {
- *p='\0';
- break;
- }
- BUF_strlcat(buf,POSTFIX,len);
- }
- else
- BUF_strlcpy(buf,serialfile,len);
-
- serial = load_serial(buf, create, NULL);
- if (serial == NULL) goto end;
-
- if (!BN_add_word(serial,1))
- { BIO_printf(bio_err,"add_word failure\n"); goto end; }
-
- if (!save_serial(buf, NULL, serial, &bs)) goto end;
-
- end:
- if (buf) OPENSSL_free(buf);
- BN_free(serial);
- return bs;
- }
-
-static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
- X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
- int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
- {
- int ret=0;
- ASN1_INTEGER *bs=NULL;
- X509_STORE_CTX xsc;
- EVP_PKEY *upkey;
-
- upkey = X509_get_pubkey(xca);
- EVP_PKEY_copy_parameters(upkey,pkey);
- EVP_PKEY_free(upkey);
-
- if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL))
- {
- BIO_printf(bio_err,"Error initialising X509 store\n");
- goto end;
- }
- if (sno) bs = sno;
- else if (!(bs = x509_load_serial(CAfile, serialfile, create)))
- goto end;
-
-/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/
-
- /* NOTE: this certificate can/should be self signed, unless it was
- * a certificate request in which case it is not. */
- X509_STORE_CTX_set_cert(&xsc,x);
- if (!reqfile && !X509_verify_cert(&xsc))
- goto end;
-
- if (!X509_check_private_key(xca,pkey))
- {
- BIO_printf(bio_err,"CA certificate and CA private key do not match\n");
- goto end;
- }
-
- if (!X509_set_issuer_name(x,X509_get_subject_name(xca))) goto end;
- if (!X509_set_serialNumber(x,bs)) goto end;
-
- if (X509_gmtime_adj(X509_get_notBefore(x),0L) == NULL)
- goto end;
-
- /* hardwired expired */
- if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
- goto end;
-
- if (clrext)
- {
- while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
- }
-
- if (conf)
- {
- X509V3_CTX ctx2;
- X509_set_version(x,2); /* version 3 certificate */
- X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
- X509V3_set_nconf(&ctx2, conf);
- if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
- }
-
- if (!X509_sign(x,pkey,digest)) goto end;
- ret=1;
-end:
- X509_STORE_CTX_cleanup(&xsc);
- if (!ret)
- ERR_print_errors(bio_err);
- if (!sno) ASN1_INTEGER_free(bs);
- return ret;
- }
-
-static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
- {
- int err;
- X509 *err_cert;
-
- /* it is ok to use a self signed certificate
- * This case will catch both the initial ok == 0 and the
- * final ok == 1 calls to this function */
- err=X509_STORE_CTX_get_error(ctx);
- if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
- return 1;
-
- /* BAD we should have gotten an error. Normally if everything
- * worked X509_STORE_CTX_get_error(ctx) will still be set to
- * DEPTH_ZERO_SELF_.... */
- if (ok)
- {
- BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
- return 0;
- }
- else
- {
- err_cert=X509_STORE_CTX_get_current_cert(ctx);
- print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
- BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
- err,X509_STORE_CTX_get_error_depth(ctx),
- X509_verify_cert_error_string(err));
- return 1;
- }
- }
-
-/* self sign */
-static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest,
- CONF *conf, char *section)
- {
-
- EVP_PKEY *pktmp;
-
- pktmp = X509_get_pubkey(x);
- EVP_PKEY_copy_parameters(pktmp,pkey);
- EVP_PKEY_save_parameters(pktmp,1);
- EVP_PKEY_free(pktmp);
-
- if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
- if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;
-
- /* Lets just make it 12:00am GMT, Jan 1 1970 */
- /* memcpy(x->cert_info->validity->notBefore,"700101120000Z",13); */
- /* 28 days to be certified */
-
- if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
- goto err;
-
- if (!X509_set_pubkey(x,pkey)) goto err;
- if (clrext)
- {
- while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
- }
- if (conf)
- {
- X509V3_CTX ctx;
- X509_set_version(x,2); /* version 3 certificate */
- X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
- X509V3_set_nconf(&ctx, conf);
- if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
- }
- if (!X509_sign(x,pkey,digest)) goto err;
- return 1;
-err:
- ERR_print_errors(bio_err);
- return 0;
- }
-
-static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
-{
- int id, i, idret;
- char *pname;
- id = X509_PURPOSE_get_id(pt);
- pname = X509_PURPOSE_get0_name(pt);
- for (i = 0; i < 2; i++)
- {
- idret = X509_check_purpose(cert, id, i);
- BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
- if (idret == 1) BIO_printf(bio, "Yes\n");
- else if (idret == 0) BIO_printf(bio, "No\n");
- else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
- }
- return 1;
-}
diff --git a/crypto/openssl/bugs/MS b/crypto/openssl/bugs/MS
deleted file mode 100644
index a1dcfb9..0000000
--- a/crypto/openssl/bugs/MS
+++ /dev/null
@@ -1,7 +0,0 @@
-If you use the function that does an fopen inside the DLL, it's malloc
-will be used and when the function is then written inside, more
-hassles
-....
-
-
-think about it.
diff --git a/crypto/openssl/bugs/SSLv3 b/crypto/openssl/bugs/SSLv3
deleted file mode 100644
index a75a165..0000000
--- a/crypto/openssl/bugs/SSLv3
+++ /dev/null
@@ -1,49 +0,0 @@
-So far...
-
-ssl3.netscape.com:443 does not support client side dynamic
-session-renegotiation.
-
-ssl3.netscape.com:444 (asks for client cert) sends out all the CA RDN
-in an invalid format (the outer sequence is removed).
-
-Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
-challenge but then appears to only use 16 bytes when generating the
-encryption keys. Using 16 bytes is ok but it should be ok to use 32.
-According to the SSLv3 spec, one should use 32 bytes for the challenge
-when opperating in SSLv2/v3 compatablity mode, but as mentioned above,
-this breaks this server so 16 bytes is the way to go.
-
-www.microsoft.com - when talking SSLv2, if session-id reuse is
-performed, the session-id passed back in the server-finished message
-is different from the one decided upon.
-
-ssl3.netscape.com:443, first a connection is established with RC4-MD5.
-If it is then resumed, we end up using DES-CBC3-SHA. It should be
-RC4-MD5 according to 7.6.1.3, 'cipher_suite'.
-Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug.
-It only really shows up when connecting via SSLv2/v3 then reconnecting
-via SSLv3. The cipher list changes....
-NEW INFORMATION. Try connecting with a cipher list of just
-DES-CBC-SHA:RC4-MD5. For some weird reason, each new connection uses
-RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when
-doing a re-connect, always takes the first cipher in the cipher list.
-
-If we accept a netscape connection, demand a client cert, have a
-non-self-signed CA which does not have it's CA in netscape, and the
-browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
-
-Netscape browsers do not really notice the server sending a
-close notify message. I was sending one, and then some invalid data.
-netscape complained of an invalid mac. (a fork()ed child doing a
-SSL_shutdown() and still sharing the socket with its parent).
-
-Netscape, when using export ciphers, will accept a 1024 bit temporary
-RSA key. It is supposed to only accept 512.
-
-If Netscape connects to a server which requests a client certificate
-it will frequently hang after the user has selected one and never
-complete the connection. Hitting "Stop" and reload fixes this and
-all subsequent connections work fine. This appears to be because
-Netscape wont read any new records in when it is awaiting a server
-done message at this point. The fix is to send the certificate request
-and server done messages in one record.
diff --git a/crypto/openssl/bugs/VC16.bug b/crypto/openssl/bugs/VC16.bug
deleted file mode 100644
index 7815bb5..0000000
--- a/crypto/openssl/bugs/VC16.bug
+++ /dev/null
@@ -1,18 +0,0 @@
-Microsoft (R) C/C++ Optimizing Compiler Version 8.00c
-
-Compile with /O2 chokes the compiler on these files
-
-crypto\md\md5_dgst.c warning '@(#)reg86.c:1.26', line 1110
-crypto\des\ofb64ede.c warning '@(#)grammar.c:1.147', line 168
-crypto\des\ofb64enc.c warning '@(#)grammar.c:1.147', line 168
-crypto\des\qud_cksm.c warning '@(#)grammar.c:1.147', line 168
-crypto\rc2\rc2ofb64.c warning '@(#)grammar.c:1.147', line 168
-crypto\objects\obj_dat.c warning '@(#)grammar.c:1.147', line 168
- fatal '@(#)grammar.c:1.147', line 168
-crypto\objects\obj_lib.c warning '@(#)grammar.c:1.147', line 168
- fatal '@(#)grammar.c:1.147', line 168
-ssl\ssl_auth.c warning '@(#)grammar.c:1.147', line 168
- fatal '@(#)grammar.c:1.147', line 168
-
-Turning on /G3 with build flags that worked fine for /G2 came up with
-divide by zero errors in 'normal' code in speed.c :-(
diff --git a/crypto/openssl/bugs/alpha.c b/crypto/openssl/bugs/alpha.c
deleted file mode 100644
index 701d6a7..0000000
--- a/crypto/openssl/bugs/alpha.c
+++ /dev/null
@@ -1,91 +0,0 @@
-/* bugs/alpha.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* while not exactly a bug (ASN1 C leaves this undefined) it is
- * something to watch out for. This was fine on linux/NT/Solaris but not
- * Alpha */
-
-/* it is basically an example of
- * func(*(a++),*(a++))
- * which parameter is evaluated first? It is not defined in ASN1 C.
- */
-
-#include <stdio.h>
-
-#define TYPE unsigned int
-
-void func(a,b)
-TYPE *a;
-TYPE b;
- {
- printf("%ld -1 == %ld\n",a[0],b);
- }
-
-main()
- {
- TYPE data[5]={1L,2L,3L,4L,5L};
- TYPE *p;
- int i;
-
- p=data;
-
- for (i=0; i<4; i++)
- {
- func(p,*(p++));
- }
- }
diff --git a/crypto/openssl/bugs/dggccbug.c b/crypto/openssl/bugs/dggccbug.c
deleted file mode 100644
index 30e07a6..0000000
--- a/crypto/openssl/bugs/dggccbug.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/* NOCW */
-/* dggccbug.c */
-/* bug found by Eric Young (eay@cryptsoft.com) - May 1995 */
-
-#include <stdio.h>
-
-/* There is a bug in
- * gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14 1994)
- * as shipped with DGUX 5.4R3.10 that can be bypassed by defining
- * DG_GCC_BUG in my code.
- * The bug manifests itself by the vaule of a pointer that is
- * used only by reference, not having it's value change when it is used
- * to check for exiting the loop. Probably caused by there being 2
- * copies of the valiable, one in a register and one being an address
- * that is passed. */
-
-/* compare the out put from
- * gcc dggccbug.c; ./a.out
- * and
- * gcc -O dggccbug.c; ./a.out
- * compile with -DFIXBUG to remove the bug when optimising.
- */
-
-void inc(a)
-int *a;
- {
- (*a)++;
- }
-
-main()
- {
- int p=0;
-#ifdef FIXBUG
- int dummy;
-#endif
-
- while (p<3)
- {
- fprintf(stderr,"%08X\n",p);
- inc(&p);
-#ifdef FIXBUG
- dummy+=p;
-#endif
- }
- }
diff --git a/crypto/openssl/bugs/sgiccbug.c b/crypto/openssl/bugs/sgiccbug.c
deleted file mode 100644
index 178239d..0000000
--- a/crypto/openssl/bugs/sgiccbug.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/* NOCW */
-/* sgibug.c */
-/* bug found by Eric Young (eay@mincom.oz.au) May 95 */
-
-#include <stdio.h>
-
-/* This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are
- * the only versions of IRIX I have access to.
- * defining FIXBUG removes the bug.
- * (bug is still present in IRIX 6.3 according to
- * Gage <agage@forgetmenot.Mines.EDU>
- */
-
-/* Compare the output from
- * cc sgiccbug.c; ./a.out
- * and
- * cc -O sgiccbug.c; ./a.out
- */
-
-static unsigned long a[4]={0x01234567,0x89ABCDEF,0xFEDCBA98,0x76543210};
-static unsigned long b[4]={0x89ABCDEF,0xFEDCBA98,0x76543210,0x01234567};
-static unsigned long c[4]={0x77777778,0x8ACF1357,0x88888888,0x7530ECA9};
-
-main()
- {
- unsigned long r[4];
- sub(r,a,b);
- fprintf(stderr,"input a= %08X %08X %08X %08X\n",a[3],a[2],a[1],a[0]);
- fprintf(stderr,"input b= %08X %08X %08X %08X\n",b[3],b[2],b[1],b[0]);
- fprintf(stderr,"output = %08X %08X %08X %08X\n",r[3],r[2],r[1],r[0]);
- fprintf(stderr,"correct= %08X %08X %08X %08X\n",c[3],c[2],c[1],c[0]);
- }
-
-int sub(r,a,b)
-unsigned long *r,*a,*b;
- {
- register unsigned long t1,t2,*ap,*bp,*rp;
- int i,carry;
-#ifdef FIXBUG
- unsigned long dummy;
-#endif
-
- ap=a;
- bp=b;
- rp=r;
- carry=0;
- for (i=0; i<4; i++)
- {
- t1= *(ap++);
- t2= *(bp++);
- t1=(t1-t2);
-#ifdef FIXBUG
- dummy=t1;
-#endif
- *(rp++)=t1&0xffffffff;
- }
- }
diff --git a/crypto/openssl/bugs/sslref.dif b/crypto/openssl/bugs/sslref.dif
deleted file mode 100644
index 0aa92bf..0000000
--- a/crypto/openssl/bugs/sslref.dif
+++ /dev/null
@@ -1,26 +0,0 @@
-The February 9th, 1995 version of the SSL document differs from
-https://www.netscape.com in the following ways.
-=====
-The key material for generating a SSL_CK_DES_64_CBC_WITH_MD5 key is
-KEY-MATERIAL-0 = MD5[MASTER-KEY,"0",CHALLENGE,CONNECTION-ID]
-not
-KEY-MATERIAL-0 = MD5[MASTER-KEY,CHALLENGE,CONNECTION-ID]
-as specified in the documentation.
-=====
-From the section 2.6 Server Only Protocol Messages
-
-If the SESSION-ID-HIT flag is non-zero then the CERTIFICATE-TYPE,
-CERTIFICATE-LENGTH and CIPHER-SPECS-LENGTH fields will be zero.
-
-This is not true for https://www.netscape.com. The CERTIFICATE-TYPE
-is returned as 1.
-=====
-I have not tested the following but it is reported by holtzman@mit.edu.
-
-SSLref clients wait to recieve a server-verify before they send a
-client-finished. Besides this not being evident from the examples in
-2.2.1, it makes more sense to always send all packets you can before
-reading. SSLeay was waiting in the server to recieve a client-finish
-before sending the server-verify :-). I have changed SSLeay to send a
-server-verify before trying to read the client-finished.
-
diff --git a/crypto/openssl/bugs/stream.c b/crypto/openssl/bugs/stream.c
deleted file mode 100644
index c3b5e86..0000000
--- a/crypto/openssl/bugs/stream.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/* bugs/stream.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/rc4.h>
-#ifdef OPENSSL_NO_DES
-#include <des.h>
-#else
-#include <openssl/des.h>
-#endif
-
-/* show how stream ciphers are not very good. The mac has no affect
- * on RC4 while it does for cfb DES
- */
-
-main()
- {
- fprintf(stderr,"rc4\n");
- rc4();
- fprintf(stderr,"cfb des\n");
- des();
- }
-
-int des()
- {
- des_key_schedule ks;
- des_cblock iv,key;
- int num;
- static char *keystr="01234567";
- static char *in1="0123456789ABCEDFdata 12345";
- static char *in2="9876543210abcdefdata 12345";
- unsigned char out[100];
- int i;
-
- des_set_key((des_cblock *)keystr,ks);
-
- num=0;
- memset(iv,0,8);
- des_cfb64_encrypt(in1,out,26,ks,(des_cblock *)iv,&num,1);
- for (i=0; i<26; i++)
- fprintf(stderr,"%02X ",out[i]);
- fprintf(stderr,"\n");
-
- num=0;
- memset(iv,0,8);
- des_cfb64_encrypt(in2,out,26,ks,(des_cblock *)iv,&num,1);
- for (i=0; i<26; i++)
- fprintf(stderr,"%02X ",out[i]);
- fprintf(stderr,"\n");
- }
-
-int rc4()
- {
- static char *keystr="0123456789abcdef";
- RC4_KEY key;
- unsigned char in[100],out[100];
- int i;
-
- RC4_set_key(&key,16,keystr);
- in[0]='\0';
- strcpy(in,"0123456789ABCEDFdata 12345");
- RC4(key,26,in,out);
-
- for (i=0; i<26; i++)
- fprintf(stderr,"%02X ",out[i]);
- fprintf(stderr,"\n");
-
- RC4_set_key(&key,16,keystr);
- in[0]='\0';
- strcpy(in,"9876543210abcdefdata 12345");
- RC4(key,26,in,out);
-
- for (i=0; i<26; i++)
- fprintf(stderr,"%02X ",out[i]);
- fprintf(stderr,"\n");
- }
diff --git a/crypto/openssl/bugs/ultrixcc.c b/crypto/openssl/bugs/ultrixcc.c
deleted file mode 100644
index 7ba75b1..0000000
--- a/crypto/openssl/bugs/ultrixcc.c
+++ /dev/null
@@ -1,45 +0,0 @@
-#include <stdio.h>
-
-/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
- * What happens is that the compiler, due to the (a)&7,
- * does
- * i=a&7;
- * i--;
- * i*=4;
- * Then uses i as the offset into a jump table.
- * The problem is that a value of 0 generates an offset of
- * 0xfffffffc.
- */
-
-main()
- {
- f(5);
- f(0);
- }
-
-int f(a)
-int a;
- {
- switch(a&7)
- {
- case 7:
- printf("7\n");
- case 6:
- printf("6\n");
- case 5:
- printf("5\n");
- case 4:
- printf("4\n");
- case 3:
- printf("3\n");
- case 2:
- printf("2\n");
- case 1:
- printf("1\n");
-#ifdef FIX_BUG
- case 0:
- ;
-#endif
- }
- }
-
diff --git a/crypto/openssl/certs/ICE-CA.pem b/crypto/openssl/certs/ICE-CA.pem
deleted file mode 100644
index 7565236..0000000
--- a/crypto/openssl/certs/ICE-CA.pem
+++ /dev/null
@@ -1,59 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
- Validity
- Not Before: Apr 2 17:35:53 1997 GMT
- Not After : Apr 2 17:35:53 1998 GMT
- Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
- Subject Public Key Info:
- Public Key Algorithm: rsa
- RSA Public Key: (512 bit)
- Modulus (512 bit):
- 00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
- 8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
- 44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
- e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
- 49:11:a5:c9:45
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Authority Key Identifier:
- 0.........z.."p......e..
- X509v3 Subject Key Identifier:
- ..~r..:..B.44fu......3
- X509v3 Key Usage: critical
- ....
- X509v3 Certificate Policies: critical
- 0.0...*...
- X509v3 Subject Alternative Name:
- 0!..secude-support@darmstadt.gmd.de
- X509v3 Issuer Alternative Name:
- 0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
- X509v3 Basic Constraints: critical
- 0....
- X509v3 CRL Distribution Points:
- 0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
- Signature Algorithm: md5WithRSAEncryption
- 17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
- 69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
- 98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
- 88:73:cd:60:28:79:a3:fc:48:7a
------BEGIN CERTIFICATE-----
-MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
-cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
-A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
-AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
-BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
-IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
-NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
-MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
-VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
-LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
-/zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
-aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
-7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/ICE-root.pem b/crypto/openssl/certs/ICE-root.pem
deleted file mode 100644
index fa99159..0000000
--- a/crypto/openssl/certs/ICE-root.pem
+++ /dev/null
@@ -1,48 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
- Validity
- Not Before: Apr 2 17:33:36 1997 GMT
- Not After : Apr 2 17:33:36 1998 GMT
- Subject: O=European ICE-TEL project, OU=V3-Certification Authority
- Subject Public Key Info:
- Public Key Algorithm: rsa
- RSA Public Key: (512 bit)
- Modulus (512 bit):
- 00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
- 82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
- 13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
- 9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
- e7:c7:9f:41:cd
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- ........z.."p......e..
- X509v3 Key Usage: critical
- ....
- X509v3 Subject Alternative Name:
- 0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
- X509v3 Basic Constraints: critical
- 0....
- Signature Algorithm: md5WithRSAEncryption
- 76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
- 03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
- f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
- 7e:22:9f:25:06:60:bd:79:30:3d
------BEGIN CERTIFICATE-----
-MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
-cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
-A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
-EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
-0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
-ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
-dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
-LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
-iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
-fiKfJQZgvXkwPQ==
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/ICE-user.pem b/crypto/openssl/certs/ICE-user.pem
deleted file mode 100644
index 28065fd..0000000
--- a/crypto/openssl/certs/ICE-user.pem
+++ /dev/null
@@ -1,63 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
- Validity
- Not Before: Apr 2 17:35:59 1997 GMT
- Not After : Apr 2 17:35:59 1998 GMT
- Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
- Subject Public Key Info:
- Public Key Algorithm: rsa
- RSA Public Key: (512 bit)
- Modulus (512 bit):
- 00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
- de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
- 31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
- b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
- be:3e:a4:61:8b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Authority Key Identifier:
- 0...~r..:..B.44fu......3
- X509v3 Subject Key Identifier:
- ...... .*...1.*.......
- X509v3 Key Usage: critical
- ....
- X509v3 Certificate Policies: critical
- 0.0...*...0.......
- X509v3 Subject Alternative Name:
- 0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
- X509v3 Issuer Alternative Name:
- 0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
-..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
- X509v3 Basic Constraints: critical
- 0.
- X509v3 CRL Distribution Points:
- 0.0.......gmdca@gmd.de
- Signature Algorithm: md5WithRSAEncryption
- 69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
- 4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
- c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
- 9a:f7:6f:63:9b:94:99:83:d6:a4
------BEGIN CERTIFICATE-----
-MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
-cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
-OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
-Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
-EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
-qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
-BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
-nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
-A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
-HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
-YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
-dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
-VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
-Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
-ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
-DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/ICE.crl b/crypto/openssl/certs/ICE.crl
deleted file mode 100644
index 21939e8..0000000
--- a/crypto/openssl/certs/ICE.crl
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN X509 CRL-----
-MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut
-VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05
-NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0
-WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/
-i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO
-KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1
-mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh
------END X509 CRL-----
diff --git a/crypto/openssl/certs/RegTP-4R.pem b/crypto/openssl/certs/RegTP-4R.pem
deleted file mode 100644
index 6f2c6ab..0000000
--- a/crypto/openssl/certs/RegTP-4R.pem
+++ /dev/null
@@ -1,19 +0,0 @@
-issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
-notBefore=Jan 21 16:04:53 1999 GMT
-notAfter=Jan 21 16:04:53 2004 GMT
-subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
------BEGIN CERTIFICATE-----
-MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
-MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
-dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO
-MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT
-AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
-dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB
-IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso
-aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs
-jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h
-5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr
-JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX
-Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re
-JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w==
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/RegTP-5R.pem b/crypto/openssl/certs/RegTP-5R.pem
deleted file mode 100644
index 9eb79aa..0000000
--- a/crypto/openssl/certs/RegTP-5R.pem
+++ /dev/null
@@ -1,19 +0,0 @@
-issuer= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
-notBefore=Mar 22 08:55:51 2000 GMT
-notAfter=Mar 22 08:55:51 2005 GMT
-subject= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
------BEGIN CERTIFICATE-----
-MIICaDCCAdSgAwIBAgIDDIOqMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
-OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
-aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4w
-IhgPMjAwMDAzMjIwODU1NTFaGA8yMDA1MDMyMjA4NTU1MVowbzELMAkGA1UEBhMC
-REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
-bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNVItQ0Eg
-MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAih5BUycfBpqKhU8RDsaS
-vV5AtzWeXQRColL9CH3t0DKnhjKAlJ8iccFtJNv+d3bh8bb9sh0maRSo647xP7hs
-HTjKgTE4zM5BYNfXvST79OtcMgAzrnDiGjQIIWv8xbfV1MqxxdtZJygrwzRMb9jG
-CAGoJEymoyzAMNG7tSdBWnUCBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
-KyQDAwECBQADgYEAOaK8ihVSBUcL2IdVBxZYYUKwMz5m7H3zqhN8W9w+iafWudH6
-b+aahkbENEwzg3C3v5g8nze7v7ssacQze657LHjP+e7ksUDIgcS4R1pU2eN16bjS
-P/qGPF3rhrIEHoK5nJULkjkZYTtNiOvmQ/+G70TXDi3Os/TwLlWRvu+7YLM=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/RegTP-6R.pem b/crypto/openssl/certs/RegTP-6R.pem
deleted file mode 100644
index 4d79c74..0000000
--- a/crypto/openssl/certs/RegTP-6R.pem
+++ /dev/null
@@ -1,19 +0,0 @@
-issuer= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
-notBefore=Feb 1 09:52:17 2001 GMT
-notAfter=Jun 1 09:52:17 2005 GMT
-subject= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
------BEGIN CERTIFICATE-----
-MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
-OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
-aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w
-IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC
-REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
-bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg
-MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2
-wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf
-mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P
-ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
-KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe
-IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn
-XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/aol1.pem b/crypto/openssl/certs/aol1.pem
deleted file mode 100644
index d683745..0000000
--- a/crypto/openssl/certs/aol1.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDpDCCAoygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
-bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyODA2
-MDAwMFoXDTM3MTExOTIwNDMwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
-ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAKgv6KRpBgNHw+kqmP8ZonCaxlCyfqXfaE0bfA+2l2h9LaaLl+lk
-hsmj76CGv2BlnEtUiMJIxUo5vxTjWVXlGbR0yLQFOVwWpeKVBeASrlmLojNoWBym
-1BW32J/X3HGrfpq/m44zDyL9Hy7nBzbvYjnF3cu6JRQj3gzGPTzOggjmZj7aUTsW
-OqMFf6Dch9Wc/HKpoH145LcxVR5lu9RhsCFg7RAycsWSJR74kEoYeEfffjA3PlAb
-2xzTa5qGUwew76wGePiEmf4hjUyAtgyC9mZweRrTT6PP8c9GsEsPPt2IYriMqQko
-O3rHl+Ee5fSfwMCuJKDIodkP1nsmgmkyPacCAwEAAaNjMGEwDwYDVR0TAQH/BAUw
-AwEB/zAdBgNVHQ4EFgQUAK3Zo/Z59m50qX8zPYEX10zPM94wHwYDVR0jBBgwFoAU
-AK3Zo/Z59m50qX8zPYEX10zPM94wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
-BQUAA4IBAQB8itEfGDeC4Liwo+1WlchiYZwFos3CYiZhzRAW18y0ZTTQEYqtqKkF
-Zu90821fnZmv9ov761KyBZiibyrFVL0lvV+uyIbqRizBs73B6UlwGBaXCBOMIOAb
-LjpHyx7kADCVW/RFo8AasAFOq73AI25jP4BKxQft3OJvx8Fi8eNy1gTIdGcL+oir
-oQHIb/AUr9KZzVGTfu0uOMe9zkZQPXLjeSWdm4grECDdpbgyn43gKd8hdIaC2y+C
-MMbHNYaz+ZZfRtsMRf3zUMNvxsNIrUam4SdHCh0Om7bCd39j8uB9Gr784N/Xx6ds
-sPmuujz9dLQR6FgNgLzTqIA6me11zEZ7
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/aol2.pem b/crypto/openssl/certs/aol2.pem
deleted file mode 100644
index 492d55a..0000000
--- a/crypto/openssl/certs/aol2.pem
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFpDCCA4ygAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEc
-MBoGA1UEChMTQW1lcmljYSBPbmxpbmUgSW5jLjE2MDQGA1UEAxMtQW1lcmljYSBP
-bmxpbmUgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyODA2
-MDAwMFoXDTM3MDkyOTE0MDgwMFowYzELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE0Ft
-ZXJpY2EgT25saW5lIEluYy4xNjA0BgNVBAMTLUFtZXJpY2EgT25saW5lIFJvb3Qg
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-ADCCAgoCggIBAMxBRR3pPU0Q9oyxQcngXssNt79Hc9PwVU3dxgz6sWYFas14tNwC
-206B89enfHG8dWOgXeMHDEjsJcQDIPT/DjsS/5uN4cbVG7RtIuOx238hZK+GvFci
-KtZHgVdEglZTvYYUAQv8f3SkWq7xuhG1m1hagLQ3eAkzfDJHA1zEpYNI9FdWboE2
-JxhP7JsowtS013wMPgwr38oE18aO6lhOqKSlGBxsRZijQdEt0sdtjRnxrXm3gT+9
-BoInLRBYBbV4Bbkv2wxrkJB+FFk4u5QkE+XRnRTf04JNRvCAOVIyD+OEsnpD8l7e
-Xz8d3eOyG6ChKiMDbi4BFYdcpnV1x5dhvt6G3NRI270qv0pV2uh9UPu0gBe4lL8B
-PeraunzgWGcXuVjgiIZGZ2ydEEdYMtA1fHkqkKJaEBEjNa0vzORKW6fIJ/KD3l67
-Xnfn6KVuY8INXWHQjNJsWiEOyiijzirplcdIz5ZvHZIlyMbGwcEMBawmxNJ10uEq
-Z8A9W6Wa6897GqidFEXlD6CaZd4vKL3Ob5Rmg0gp2OpljK+T2WSfVVcmv2/LNzGZ
-o2C7HK2JNDJiuEMhBnIMoVxtRsX6Kc8w3onccVvdtjc+31D1uAclJuW8tf48ArO3
-+L5DwYcRlJ4jbBeKuIonDFRH8KmzwICMoCfrHRnjB453cMor9H124HhnAgMBAAGj
-YzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFE1FwWg4u3OpaaEg5+31IqEj
-FNeeMB8GA1UdIwQYMBaAFE1FwWg4u3OpaaEg5+31IqEjFNeeMA4GA1UdDwEB/wQE
-AwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAZ2sGuV9FOypLM7PmG2tZTiLMubekJcmn
-xPBUlgtk87FYT15R/LKXeydlwuXK5w0MJXti4/qftIe3RUavg6WXSIylvfEWK5t2
-LHo1YGwRgJfMqZJS5ivmae2p+DYtLHe/YUjRYwu5W1LtGLBDQiKmsXeu3mnFzccc
-obGlHBD7GL4acN3Bkku+KVqdPzW+5X1R+FXgJXUjhx5c3LqdsKyzadsXg8n33gy8
-CNyRnqjQ1xU3c6U1uPx+xURABsPr+CKAXEfOAuMRn0T//ZoyzH1kUQ7rVyZ2OuMe
-IjzCpjbdGe+n/BLzJsBZMYVMnNjP36TMzCmT/5RtdlwTCJfy7aULTd3oyWgOZtMA
-DjMSW7yV5TKQqLPGbIOtd+6Lfn6xqavT4fG2wLHqiMDn05DpKJKUe2h7lyoKZy2F
-AjgQ5ANh1NolNscIWC2hp1GvMApJ9aZphwctREZ2jirlmjvXGKL8nDgQzMY70rUX
-Om/9riW99XJZZLF0KjhfGEzfz3EEWjbUvy+ZnOjZurGV5gJLIaFb1cFPj65pbVPb
-AZO1XB4Y3WRayhgoPmMEEf0cjQAPuDffZ4qdZqkCapH/E8ovXYO8h5Ns3CRRFgQl
-Zvqz2cK6Kb6aSDiCmfS/O0oxGfm/jiEzFMpPVF/7zvuPcX/9XhmgD0uRuMRUvAaw
-RY8mkaKO/qk=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/aoltw1.pem b/crypto/openssl/certs/aoltw1.pem
deleted file mode 100644
index eeb0942..0000000
--- a/crypto/openssl/certs/aoltw1.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID5jCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
-HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
-IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eSAxMB4XDTAyMDUyOTA2MDAwMFoXDTM3MTEyMDE1
-MDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
-SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
-IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnej8Mlo2k06AX3dLm/WpcZuS+U
-0pPlLYnKhHw/EEMbjIt8hFj4JHxIzyr9wBXZGH6EGhfT257XyuTZ16pYUYfw8ItI
-TuLCxFlpMGK2MKKMCxGZYTVtfu/FsRkGIBKOQuHfD5YQUqjPnF+VFNivO3ULMSAf
-RC+iYkGzuxgh28pxPIzstrkNn+9R7017EvILDOGsQI93f7DKeHEMXRZxcKLXwjqF
-zQ6axOAAsNUl6twr5JQtOJyJQVdkKGUZHLZEtMgxa44Be3ZZJX8VHIQIfHNlIAqh
-BC4aMqiaILGcLCFZ5/vP7nAtCMpjPiybkxlqpMKX/7eGV4iFbJ4VFitNLLMCAwEA
-AaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoTYwFsuGkABFgFOxj8jY
-PXy+XxIwHwYDVR0jBBgwFoAUoTYwFsuGkABFgFOxj8jYPXy+XxIwDgYDVR0PAQH/
-BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQCKIBilvrMvtKaEAEAwKfq0FHNMeUWn
-9nDg6H5kHgqVfGphwu9OH77/yZkfB2FK4V1Mza3u0FIy2VkyvNp5ctZ7CegCgTXT
-Ct8RHcl5oIBN/lrXVtbtDyqvpxh1MwzqwWEFT2qaifKNuZ8u77BfWgDrvq2g+EQF
-Z7zLBO+eZMXpyD8Fv8YvBxzDNnGGyjhmSs3WuEvGbKeXO/oTLW4jYYehY0KswsuX
-n2Fozy1MBJ3XJU8KDk2QixhWqJNIV9xvrr2eZ1d3iVCzvhGbRWeDhhmH05i9CBoW
-H1iCC+GWaQVLjuyDUTEH1dSf/1l7qG6Fz9NLqUmwX7A5KGgOc90lmt4S
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/aoltw2.pem b/crypto/openssl/certs/aoltw2.pem
deleted file mode 100644
index ad10ad7..0000000
--- a/crypto/openssl/certs/aoltw2.pem
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF5jCCA86gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBgzELMAkGA1UEBhMCVVMx
-HTAbBgNVBAoTFEFPTCBUaW1lIFdhcm5lciBJbmMuMRwwGgYDVQQLExNBbWVyaWNh
-IE9ubGluZSBJbmMuMTcwNQYDVQQDEy5BT0wgVGltZSBXYXJuZXIgUm9vdCBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eSAyMB4XDTAyMDUyOTA2MDAwMFoXDTM3MDkyODIz
-NDMwMFowgYMxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBT0wgVGltZSBXYXJuZXIg
-SW5jLjEcMBoGA1UECxMTQW1lcmljYSBPbmxpbmUgSW5jLjE3MDUGA1UEAxMuQU9M
-IFRpbWUgV2FybmVyIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCAiIw
-DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALQ3WggWmRToVbEbJGv8x4vmh6mJ
-7ouZzU9AhqS2TcnZsdw8TQ2FTBVsRotSeJ/4I/1n9SQ6aF3Q92RhQVSji6UI0ilb
-m2BPJoPRYxJWSXakFsKlnUWsi4SVqBax7J/qJBrvuVdcmiQhLE0OcR+mrF1FdAOY
-xFSMFkpBd4aVdQxHAWZg/BXxD+r1FHjHDtdugRxev17nOirYlxcwfACtCJ0zr7iZ
-YYCLqJV+FNwSbKTQ2O9ASQI2+W6p1h2WVgSysy0WVoaP2SBXgM1nEG2wTPDaRrbq
-JS5Gr42whTg0ixQmgiusrpkLjhTXUr2eacOGAgvqdnUxCc4zGSGFQ+aJLZ8lN2fx
-I2rSAG2X+Z/nKcrdH9cG6rjJuQkhn8g/BsXS6RJGAE57COtCPStIbp1n3UsC5ETz
-kxmlJ85per5n0/xQpCyrw2u544BMzwVhSyvcG7mm0tCq9Stz+86QNZ8MUhy/XCFh
-EVsVS6kkUfykXPcXnbDS+gfpj1bkGoxoigTTfFrjnqKhynFbotSg5ymFXQNoKk/S
-Btc9+cMDLz9l+WceR0DTYw/j1Y75hauXTLPXJuuWCpTehTacyH+BCQJJKg71ZDIM
-gtG6aoIbs0t0EfOMd9afv9w3pKdVBC/UMejTRrkDfNoSTllkt1ExMVCgyhwn2RAu
-rda9EGYrw7AiShJbAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
-FE9pbQN+nZ8HGEO8txBO1b+pxCAoMB8GA1UdIwQYMBaAFE9pbQN+nZ8HGEO8txBO
-1b+pxCAoMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQUFAAOCAgEAO/Ouyugu
-h4X7ZVnnrREUpVe8WJ8kEle7+z802u6teio0cnAxa8cZmIDJgt43d15Ui47y6mdP
-yXSEkVYJ1eV6moG2gcKtNuTxVBFT8zRFASbI5Rq8NEQh3q0l/HYWdyGQgJhXnU7q
-7C+qPBR7V8F+GBRn7iTGvboVsNIYvbdVgaxTwOjdaRITQrcCtQVBynlQboIOcXKT
-RuidDV29rs4prWPVVRaAMCf/drr3uNZK49m1+VLQTkCpx+XCMseqdiThawVQ68W/
-ClTluUI8JPu3B5wwn3la5uBAUhX0/Kr0VvlEl4ftDmVyXr4m+02kLQgH3thcoNyB
-M5kYJRF3p+v9WAksmWsbivNSPxpNSGDxoPYzAlOL7SUJuA0t7Zdz7NeWH45gDtoQ
-my8YJPamTQr5O8t1wswvziRpyQoijlmn94IM19drNZxDAGrElWe6nEXLuA4399xO
-AU++CrYD062KRffaJ00psUjf5BHklka9bAI+1lHIlRcBFanyqqryvy9lG2/QuRqT
-9Y41xICHPpQvZuTpqP9BnHAqTyo5GJUefvthATxRCC4oGKQWDzH9OmwjkyB24f0H
-hdFbP9IcczLd+rn4jM8Ch3qaluTtT4mNU0OrDhPAARW0eTjb/G49nlG2uBOLZ8/5
-fNkiHfZdxRwBL5joeiQYvITX+txyW/fBOmg=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/argena.pem b/crypto/openssl/certs/argena.pem
deleted file mode 100644
index db730e3..0000000
--- a/crypto/openssl/certs/argena.pem
+++ /dev/null
@@ -1,39 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIG0zCCBbugAwIBAgIBADANBgkqhkiG9w0BAQUFADCBzDELMAkGA1UEBhMCQVQx
-EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTE6MDgGA1UEChMxQVJH
-RSBEQVRFTiAtIEF1c3RyaWFuIFNvY2lldHkgZm9yIERhdGEgUHJvdGVjdGlvbjEl
-MCMGA1UECxMcQS1DRVJUIENlcnRpZmljYXRpb24gU2VydmljZTEYMBYGA1UEAxMP
-QS1DRVJUIEFEVkFOQ0VEMR0wGwYJKoZIhvcNAQkBFg5pbmZvQGEtY2VydC5hdDAe
-Fw0wNDEwMjMxNDE0MTRaFw0xMTEwMjMxNDE0MTRaMIHMMQswCQYDVQQGEwJBVDEQ
-MA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQKEzFBUkdF
-IERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0aW9uMSUw
-IwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYDVQQDEw9B
-LUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0LmF0MIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3euXIy+mnf6BYKbK+QH5k679
-tUFqeT8jlZxMew8eNiHuw9KoxWBzL6KksK+5uK7Gatw+sbAYntEGE80P+Jg1hADM
-e+Fr5V0bc6QS3gkVtfUCW/RIvfMM39oxvmqJmOgPnJU7H6+nmLtsq61tv9kVJi/2
-4Y5wXW3odet72sF57EoG6s78w0BUVLNcMngS9bZZzmdG3/d6JbkGgoNF/8DcgCBJ
-W/t0JrcIzyppXIOVtUzzOrrU86zuUgT3Rtkl5kjG7DEHpFb9H0fTOY1v8+gRoaO6
-2gA0PCiysgVZjwgVeYe3KAg11nznyleDv198uK3Dc1oXIGYjJx2FpKWUvAuAEwID
-AQABo4ICvDCCArgwHQYDVR0OBBYEFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYMIH5BgNV
-HSMEgfEwge6AFDd/Pj6ZcWDKJNSRE3nQdCm0qCTYoYHSpIHPMIHMMQswCQYDVQQG
-EwJBVDEQMA4GA1UECBMHQXVzdHJpYTEPMA0GA1UEBxMGVmllbm5hMTowOAYDVQQK
-EzFBUkdFIERBVEVOIC0gQXVzdHJpYW4gU29jaWV0eSBmb3IgRGF0YSBQcm90ZWN0
-aW9uMSUwIwYDVQQLExxBLUNFUlQgQ2VydGlmaWNhdGlvbiBTZXJ2aWNlMRgwFgYD
-VQQDEw9BLUNFUlQgQURWQU5DRUQxHTAbBgkqhkiG9w0BCQEWDmluZm9AYS1jZXJ0
-LmF0ggEAMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgHmMEcGA1UdJQRAMD4G
-CCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcD
-CAYKKwYBBAGCNwoDBDARBglghkgBhvhCAQEEBAMCAP8wUQYDVR0gBEowSDBGBggq
-KAAYAQEBAzA6MDgGCCsGAQUFBwIBFixodHRwOi8vd3d3LmEtY2VydC5hdC9jZXJ0
-aWZpY2F0ZS1wb2xpY3kuaHRtbDA7BglghkgBhvhCAQgELhYsaHR0cDovL3d3dy5h
-LWNlcnQuYXQvY2VydGlmaWNhdGUtcG9saWN5Lmh0bWwwGQYDVR0RBBIwEIEOaW5m
-b0BhLWNlcnQuYXQwLwYDVR0SBCgwJoEOaW5mb0BhLWNlcnQuYXSGFGh0dHA6Ly93
-d3cuYS1jZXJ0LmF0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHBzOi8vc2VjdXJlLmEt
-Y2VydC5hdC9jZ2ktYmluL2EtY2VydC1hZHZhbmNlZC5jZ2kwDQYJKoZIhvcNAQEF
-BQADggEBACX1IvgfdG2rvfv35O48vSEvcVaEdlN8USFBHWz3JRAozgzvaBtwHkjK
-Zwt5l/BWOtjbvHfRjDt7ijlBEcxOOrNC1ffyMHwHrXpvff6YpQ5wnxmIYEQcURiG
-HMqruEX0WkuDNgSKwefsgXs27eeBauHgNGVcTYH1rmHu/ZyLpLxOyJQ2PCzA1DzW
-3rWkIX92ogJ7lTRdWrbxwUL1XGinxnnaQ74+/y0pI9JNEv7ic2tpkweRMpkedaLW
-msC1+orfKTebsg69aMaCx7o6jNONRmR/7TVaPf8/k6g52cHZ9YWjQvup22b5rWxG
-J5r5LZ4vCPmF4+T4lutjUYAa/lGuQTg=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/argeng.pem b/crypto/openssl/certs/argeng.pem
deleted file mode 100644
index 621e30e..0000000
--- a/crypto/openssl/certs/argeng.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDwzCCAyygAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCQVQx
-EDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAGA1UEChM5QXJn
-ZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBmdWVyIERhdGVu
-c2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVuLmF0MB4XDTAx
-MDIxMjExMzAzMFoXDTA5MDIxMjExMzAzMFowgZgxCzAJBgNVBAYTAkFUMRAwDgYD
-VQQIEwdBdXN0cmlhMQ8wDQYDVQQHEwZWaWVubmExQjBABgNVBAoTOUFyZ2UgRGF0
-ZW4gT2VzdGVycmVpY2hpc2NoZSBHZXNlbGxzY2hhZnQgZnVlciBEYXRlbnNjaHV0
-ejEiMCAGCSqGSIb3DQEJARYTYS1jZXJ0QGFyZ2VkYXRlbi5hdDCBnzANBgkqhkiG
-9w0BAQEFAAOBjQAwgYkCgYEAwgsHqoNtmmrJ86+e1I4hOVBaL4kokqKN2IPOIL+1
-XwY8vfOOUfPEdhWpaC0ldt7VYrksgDiUccgH0FROANWK2GkfKMDzjjXHysR04uEb
-Om7Kqjqn0nproOGkFG+QvBZgs+Ws+HXNFJA6V76fU4+JXq4452LSK4Lr5YcBquu3
-NJECAwEAAaOCARkwggEVMB0GA1UdDgQWBBQ0j59zH/G31zRjgK1y2P//tSAWZjCB
-xQYDVR0jBIG9MIG6gBQ0j59zH/G31zRjgK1y2P//tSAWZqGBnqSBmzCBmDELMAkG
-A1UEBhMCQVQxEDAOBgNVBAgTB0F1c3RyaWExDzANBgNVBAcTBlZpZW5uYTFCMEAG
-A1UEChM5QXJnZSBEYXRlbiBPZXN0ZXJyZWljaGlzY2hlIEdlc2VsbHNjaGFmdCBm
-dWVyIERhdGVuc2NodXR6MSIwIAYJKoZIhvcNAQkBFhNhLWNlcnRAYXJnZWRhdGVu
-LmF0ggEAMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQE
-AwICBDANBgkqhkiG9w0BAQQFAAOBgQBFuJYncqMYB6gXQS3eDOI90BEHfFTKy/dV
-AV+K7QdAYikWmqgBheRdPKddJdccPy/Zl/p3ZT7GhDyC5f3wZjcuu8AJ27BNwbCA
-x54dgxgCNcyPm79nY8MRtEdEpoRGdSsFKJemz6hpXM++MWFciyrRWIIA44XB0Gv3
-US0spjsDPQ==
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/ca-cert.pem b/crypto/openssl/certs/ca-cert.pem
deleted file mode 100644
index bcba68a..0000000
--- a/crypto/openssl/certs/ca-cert.pem
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC5TCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
-HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzODUxWhcN
-MDUwNzEwMjEzODUxWjBbMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
-ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxGzAZBgNVBAMTElRlc3QgQ0Eg
-KDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo7ujy3XXpU/p
-yDJtOxkMJmGv3mdiVm7JrdoKLUgqjO2rBaeNuYMUiuI6oYU+tlD6agwRML0Pn2JF
-b90VdK/UXrmRr9djaEuH17EIKjte5RwOzndCndsjcCYyoeODMTyg7dqPIkDMmRNM
-5R5xBTabD+Aji0wzQupYxBLuW5PLj7ECAwEAAaOBtzCBtDAdBgNVHQ4EFgQU1WWA
-U42mkhi3ecgey1dsJjU61+UwgYQGA1UdIwR9MHuAFE0RaEcrj18q1dw+G6nJbsTW
-R213oWCkXjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
-A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0
-IGJpdCmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBb39BRphHL
-6aRAQyymsvBvPSCiG9+kR0R1L23aTpNbhXp2BebyFjbEQYZc2kWGiKKcHkNECA35
-3d4LoqUlVey8DFyafOIJd9hxdZfg+rxlHMxnL7uCJRmx9+xB411Jtsol9/wg1uCK
-sleGpgB4j8cG2SVCz7V2MNZNK+d5QCnR7A==
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
-gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
-2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
-AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
-hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
-J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
-HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
-21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
-nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
-MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
-pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
-KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
-XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/certs/demo/ca-cert.pem b/crypto/openssl/certs/demo/ca-cert.pem
deleted file mode 100644
index bcba68a..0000000
--- a/crypto/openssl/certs/demo/ca-cert.pem
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC5TCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
-HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzODUxWhcN
-MDUwNzEwMjEzODUxWjBbMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
-ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxGzAZBgNVBAMTElRlc3QgQ0Eg
-KDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo7ujy3XXpU/p
-yDJtOxkMJmGv3mdiVm7JrdoKLUgqjO2rBaeNuYMUiuI6oYU+tlD6agwRML0Pn2JF
-b90VdK/UXrmRr9djaEuH17EIKjte5RwOzndCndsjcCYyoeODMTyg7dqPIkDMmRNM
-5R5xBTabD+Aji0wzQupYxBLuW5PLj7ECAwEAAaOBtzCBtDAdBgNVHQ4EFgQU1WWA
-U42mkhi3ecgey1dsJjU61+UwgYQGA1UdIwR9MHuAFE0RaEcrj18q1dw+G6nJbsTW
-R213oWCkXjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
-A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0
-IGJpdCmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBb39BRphHL
-6aRAQyymsvBvPSCiG9+kR0R1L23aTpNbhXp2BebyFjbEQYZc2kWGiKKcHkNECA35
-3d4LoqUlVey8DFyafOIJd9hxdZfg+rxlHMxnL7uCJRmx9+xB411Jtsol9/wg1uCK
-sleGpgB4j8cG2SVCz7V2MNZNK+d5QCnR7A==
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
-gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
-2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
-AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
-hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
-J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
-HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
-21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
-nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
-MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
-pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
-KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
-XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/certs/demo/dsa-ca.pem b/crypto/openssl/certs/demo/dsa-ca.pem
deleted file mode 100644
index 9eb08f3..0000000
--- a/crypto/openssl/certs/demo/dsa-ca.pem
+++ /dev/null
@@ -1,43 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
-
-svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
-Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
-Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
-par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
-zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
-uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
-rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
-1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
-HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
-MVqOsYxGCb+kez0FoDSTgw==
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE REQUEST-----
-MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
-ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
-sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
-rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
-cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
-bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
-CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
-F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
-vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
-AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
-3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
-AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
------END CERTIFICATE REQUEST-----
------BEGIN CERTIFICATE-----
-MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
-CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
-ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
-AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
-ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
-MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
-MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
-C1Q=
------END CERTIFICATE-----
-
diff --git a/crypto/openssl/certs/demo/dsa-pca.pem b/crypto/openssl/certs/demo/dsa-pca.pem
deleted file mode 100644
index e3641ad..0000000
--- a/crypto/openssl/certs/demo/dsa-pca.pem
+++ /dev/null
@@ -1,49 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
-
-GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
-mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
-of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
-FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
-RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
-qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
-diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
-V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
-hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
-dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE REQUEST-----
-MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
-MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
-lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
-Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
-5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
-aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
-kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
-QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
-6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
-yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
-z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
-nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
------END CERTIFICATE REQUEST-----
------BEGIN CERTIFICATE-----
-MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
-CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
-ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
-ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
-R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
-JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
-BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
-mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
-VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
-uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
-umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
-29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
-AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
-5rKUjNBhSg==
------END CERTIFICATE-----
-
diff --git a/crypto/openssl/certs/demo/nortelCA.pem b/crypto/openssl/certs/demo/nortelCA.pem
deleted file mode 100644
index 207f34a..0000000
--- a/crypto/openssl/certs/demo/nortelCA.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
-BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
-HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
-IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
-MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
-aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
-GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
-ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
-zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
-YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
-hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
-cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
-YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
------END CERTIFICATE-----
-
diff --git a/crypto/openssl/certs/demo/pca-cert.pem b/crypto/openssl/certs/demo/pca-cert.pem
deleted file mode 100644
index 9d754d4..0000000
--- a/crypto/openssl/certs/demo/pca-cert.pem
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
-HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN
-MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
-ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB
-ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy
-V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6
-JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S
-S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R
-aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E
-1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
-NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho
-+Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ
-JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0
-Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw=
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
-wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
-vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
-AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
-z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
-xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
-HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
-yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
-xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
-7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
-h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
-QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
-hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/certs/demo/timCA.pem b/crypto/openssl/certs/demo/timCA.pem
deleted file mode 100644
index 9c8d5bf..0000000
--- a/crypto/openssl/certs/demo/timCA.pem
+++ /dev/null
@@ -1,16 +0,0 @@
-Tims test GCI CA
-
------BEGIN CERTIFICATE-----
-MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
-cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
-cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
-gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
-cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
-dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
-AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
-OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
-AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
-TfdbFZtAAD2Hx9jUtY3tfdrJOb8=
------END CERTIFICATE-----
-
diff --git a/crypto/openssl/certs/demo/tjhCA.pem b/crypto/openssl/certs/demo/tjhCA.pem
deleted file mode 100644
index 67bee1b..0000000
--- a/crypto/openssl/certs/demo/tjhCA.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
-cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
-IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
-VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
-NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
-I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
-RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
-KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
-Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
-9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
-WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/demo/vsigntca.pem b/crypto/openssl/certs/demo/vsigntca.pem
deleted file mode 100644
index 05acf76..0000000
--- a/crypto/openssl/certs/demo/vsigntca.pem
+++ /dev/null
@@ -1,18 +0,0 @@
-subject=/O=VeriSign, Inc/OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD./OU=For VeriSign authorized testing only. No assurances (C)VS1997
-notBefore=Mar 4 00:00:00 1997 GMT
-notAfter=Mar 4 23:59:59 2025 GMT
------BEGIN CERTIFICATE-----
-MIICTTCCAfcCEEdoCqpuXxnoK27q7d58Qc4wDQYJKoZIhvcNAQEEBQAwgakxFjAU
-BgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52ZXJpc2lnbi5jb20v
-cmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBMaWFiLiBMVEQuMUYw
-RAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0aW5nIG9ubHkuIE5v
-IGFzc3VyYW5jZXMgKEMpVlMxOTk3MB4XDTk3MDMwNDAwMDAwMFoXDTI1MDMwNDIz
-NTk1OVowgakxFjAUBgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52
-ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBM
-aWFiLiBMVEQuMUYwRAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0
-aW5nIG9ubHkuIE5vIGFzc3VyYW5jZXMgKEMpVlMxOTk3MFwwDQYJKoZIhvcNAQEB
-BQADSwAwSAJBAMak6xImJx44jMKcbkACy5/CyMA2fqXK4PlzTtCxRq5tFkDzne7s
-cI8oFK/J+gFZNE3bjidDxf07O3JOYG9RGx8CAwEAATANBgkqhkiG9w0BAQQFAANB
-ADT523tENOKrEheZFpsJx1UUjPrG7TwYc/C4NBHrZI4gZJcKVFIfNulftVS6UMYW
-ToLEMaUojc3DuNXHG21PDG8=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/dsa-ca.pem b/crypto/openssl/certs/dsa-ca.pem
deleted file mode 100644
index 9eb08f3..0000000
--- a/crypto/openssl/certs/dsa-ca.pem
+++ /dev/null
@@ -1,43 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
-
-svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
-Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
-Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
-par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
-zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
-uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
-rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
-1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
-HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
-MVqOsYxGCb+kez0FoDSTgw==
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE REQUEST-----
-MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
-ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
-sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
-rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
-cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
-bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
-CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
-F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
-vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
-AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
-3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
-AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
------END CERTIFICATE REQUEST-----
------BEGIN CERTIFICATE-----
-MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
-CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
-ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
-AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
-ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
-MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
-MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
-C1Q=
------END CERTIFICATE-----
-
diff --git a/crypto/openssl/certs/dsa-pca.pem b/crypto/openssl/certs/dsa-pca.pem
deleted file mode 100644
index e3641ad..0000000
--- a/crypto/openssl/certs/dsa-pca.pem
+++ /dev/null
@@ -1,49 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
-
-GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
-mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
-of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
-FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
-RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
-qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
-diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
-V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
-hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
-dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE REQUEST-----
-MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
-MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
-lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
-Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
-5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
-aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
-kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
-QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
-6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
-yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
-z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
-nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
------END CERTIFICATE REQUEST-----
------BEGIN CERTIFICATE-----
-MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
-CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
-ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
-ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
-R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
-JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
-BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
-mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
-VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
-uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
-umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
-29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
-AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
-5rKUjNBhSg==
------END CERTIFICATE-----
-
diff --git a/crypto/openssl/certs/eng1.pem b/crypto/openssl/certs/eng1.pem
deleted file mode 100644
index 7ed8b1b..0000000
--- a/crypto/openssl/certs/eng1.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9CYW5rRW5n
-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
-aW9uMRMwEQYDVQQDEwpiYW5rZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBiYW5r
-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
-BAoTD0JhbmtFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmJhbmtlbmdpbmUxIDAeBgkqhkiG9w0B
-CQEWEWNhQGJhbmtlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA14LoTUAl1/hEy+Kh1kLHiBdW2zD3V4IhM7xxTVKsYsIH56nr69ATTIxU
-P36eRzeZ137qt1AxHFjDCidk3m1Ul6l59ProPexdslLLM2npM3f2cteg+toyiYiS
-EJKjyzIu1xF1j9qzGkymSY/4DsXLZNk9FaczxMk/Ooc6Os1M3AverL4VG4rYIb6f
-eR32cIKJ9Q1fGuyKk7ipq1XQfPW8a8TgZdbHbe7U9Gk3iasGMHHvpR9Ep3mGbgdT
-uQ98SBEuIwe1BUCGg/MXpVy48MNXfAMotBgGw4pl9yqSjMni2FB+E9Q9DHFs2RgX
-MqzKuo8zcPxKx2kZ6Arj8+27dw2clQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4IBAQBauupHX9EhpC/r57d6b5kkeWvognxIP9//TO4iw3qb
-zIXEkPXmJmwVzlzoKJWqiya+aw19SP0+G6CzsFOBo/9ehmz+hZ8bhYX4MjlWzX5u
-Tnkhz172j9fOBUmrTVPkcRIs6zjCD5PQAGoBPP1/Zdy2N36lZ0U7lg07Opirj/yJ
-PSJeM2j0fwIFAroiVckvdT0BVwB6S/cPaAQGPghbbr1YGSmYrMriSv825ILJUfxz
-rJYunGR9FiY9Ob7+jwJwiZMS4CxSPktutxr/3hOvr1+ALS7IcVakhhA3PuZAJbdH
-FRclR9qMM8aBnBZmf+Uv3K3uhT+UBzzY654U9Yi1JYnA
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/eng2.pem b/crypto/openssl/certs/eng2.pem
deleted file mode 100644
index 7306630..0000000
--- a/crypto/openssl/certs/eng2.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9DZXJ0RW5n
-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
-aW9uMRMwEQYDVQQDEwpjZXJ0ZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBjZXJ0
-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
-BAoTD0NlcnRFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmNlcnRlbmdpbmUxIDAeBgkqhkiG9w0B
-CQEWEWNhQGNlcnRlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA7aTXURShaeVt9u/dP3Q2dVib3jTCZvEyc6yfpGgaYWewXWuP4HOSfI4h
-GZblbpl+dzJc6RjhR+pguIRtbT5FJB8SJGjRqoujBEOQOxtVtc2fjM9Dqh0iOvMW
-WS6buxHG55GVrHAQaO5HXEScKQBa9ZyNmpSXPTEBrDMej1OAGOkc524/TZrgFPF4
-AiJLLkxCcP8NuzUKlW3WzNMSSoCtjkUKy4wjSLlAWCFM0T9Df6/+Z8ZUQTzHoKCD
-ncH5Qnynd7DlOwKQ2JwwxRhYGiGVTUN0GUq7qA11kW3+vnbFesKQXoF6o2PVx9s2
-YXviI2NXXUjZ0pVnsnFCc45Pm8XojwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4IBAQBP/aHOKJ00Akzc9HWM1X30hlWZFBaQi4pqD4Uhk8+p
-KzzwFP5DRLBOz8TYBbtdXrS6hxVMr2sqWmhVkuyepWhHZazKGyHY/y0FbOXsewAV
-1QxxSyx7ve89pCKv4/w0rQcP916iHc8Y/TCpmz7eITa3GId+8H/XTaBi8GBp9X9O
-w8m25FmEB1NT+eJwefvfdKowjy4tSorKdW/eJspxNuTSRGmUy8G71W5dYvgpAlx6
-mdnHyzxEGvRYNNI2bS0ifXgbEFNWqSas9q34ea5KOpkJu8T/KyXfSb6rPOsBSb0t
-wMowwGtCVH2C4Lw/8zo0EjhMpTOsPaub408PrZ+NQ2bl
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/eng3.pem b/crypto/openssl/certs/eng3.pem
deleted file mode 100644
index 28bcce2..0000000
--- a/crypto/openssl/certs/eng3.pem
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF3TCCA8WgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9Gb3J0RW5n
-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
-aW9uMRMwEQYDVQQDEwpmb3J0ZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBmb3J0
-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
-BAoTD0ZvcnRFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCmZvcnRlbmdpbmUxIDAeBgkqhkiG9w0B
-CQEWEWNhQGZvcnRlbmdpbmUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
-CgKCAgEAyr7GbpwDxx1v3EYbo0gcO+ligEhlDqG2e7u/AbWGoVAqc8+q6auUJUtz
-4i7oh0yNadu1o9kpXW+znkgO0zlrgjGskqqMO1ooppzTJdFy/P8gR6x1Iuv3kWtX
-OuzwPPEjv09LWlhyJsN+oU4ztTVf07I0Q9zYupcoDQ58XKRheI9KdDB2DYSmxywA
-WSLQwIeG0Qa7gvokeQlpkgkEC7viEecJ3752KXBJHnh7As51mxnlpmG6sDy67Eli
-HDw5tHETRqbtnscGBjskGQBqR5xt7+QnnthZrN8HJHDoa9zgGephwizhkL44lXLF
-YK9W5XhFbblw2c+mAcHkokRiwD7CPeIoyD2a/Jcw3n5hegKTlNhd4BFGVF6JR7gF
-OFk2QfHXit5uthsij9Xhl7WAgQUqLgggD9MphqPf4nY66OZUJV9ZsmB+Qfp8UizB
-0WAOegactKVyRqHtRa+KIEXQXNtZgjcmMk9CYkP0nIbKtgKXaH6+9VMHNOryCnFE
-7pSsuPUkypncFWCHGSeiFO3w4w4J4csltxBADQzxfRu5KZnlToQN7bVpI/Q31tVX
-E5bjrJcq6Oj/OTqZ3ID+OqbkUdAg0ggjRKcTgxnLHd/AbMzJ6PsclDDf7cLs0WSl
-xMxQR/z5bNST1rNtT9rsiv2TOhfvCBxO9AOjBioO8PLO032HTNECAwEAAaMQMA4w
-DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAgEAVyBpPWfT2VOyvVpslGKx
-8h0+CWP8cilygGRtZJ5dAJzc//1REAHdvK+TgZ4Foz3dqHhXI+RNN0FpzuWaYMjW
-ZTS0kAmcOQuGY1Oo4PGlPHI21pNz29oFDTJr0ZmLBJ4JKVsE2soJg55jdk9MZHA7
-K//7HH9RsmrWZOE5DZDlrxp6+naixhMwnlPKKisIy9GNZUPqGdUWABMdB/BUVVNl
-NU5TtWpIXUClMd8a+eoKcItBeYXowkHOBpinPkDX3clFDIUfWiw0Ro08s8SrrFqR
-8Szwbrj52Xv1RM56oGqCjnkvJctxihODV7NcpxoAFjIZokDom0q6zPrrTUsLFQov
-Plovc3w5hmALiDMshaTvE1nm3Psn4yQ+FlRE8epTZrQiIGypZkZC6lcz0mYawueW
-cThYWGFhVG4ktQzOjjNRsNxopW+W7cF1zQTxiWUDnxIKSj7gtdQ2jiubxEEhfVag
-r8DMtAccNVTZVURpGi56TptOOuotrTqqC+2GviW4hlxvdvmuQN0OlXlUwzz2Trxc
-FamNnuA54lZw/8arLtxsFmHrcnPw53+1spumLD0S5UkxHNu40h6LIVpZz3H+0rLz
-uFofTfiyMjcfK2AyHQTgUCbsrvgNuLDQUbyFGVchdFUkhztX3DhEVnxnnrpY4BVj
-QdTqWIvw7lGlSuDCjxEQAOc=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/eng4.pem b/crypto/openssl/certs/eng4.pem
deleted file mode 100644
index 9a7b156..0000000
--- a/crypto/openssl/certs/eng4.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRgwFgYDVQQKEw9NYWlsRW5n
-aW5lIEluYy4xKTAnBgNVBAsTIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IERpdmlz
-aW9uMRMwEQYDVQQDEwptYWlsZW5naW5lMSAwHgYJKoZIhvcNAQkBFhFjYUBtYWls
-ZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBaMIGoMQsw
-CQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8xGDAWBgNV
-BAoTD01haWxFbmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkgRGl2aXNpb24xEzARBgNVBAMTCm1haWxlbmdpbmUxIDAeBgkqhkiG9w0B
-CQEWEWNhQG1haWxlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAqXmfsU+lx+NFmn6tN17RTOyaddHqLnr/3rzEDIyT9TN+tF9TG7jmK7lJ
-Jrj5arQ3nTFaLF8JuND2U1z/cLPw6/TX+1tE3v3CNUDSjaisyUDiUyp3TE8hMMMz
-zfZQn0JsGgNhhWxqyzjhRQGtKL4+xtn8VsF/8zGgZYke7nlmVKz/FslDFTnNoodL
-BAEGiu9JQS9qqpbSs20NdZ6LXPL2A4iTjnsNFBW3jIMVIn/JVVyaycU7ue2oFviD
-vLNpkVZcR7A+jjIdIumOc5VSF0y7y74cQC5YwkR2mLK7UBYDK6NCY3ta/C4M8NsM
-0FpmvRl0+A1ivZtVwqI98dxDtp7HeQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4IBAQAjfNn5BCzxylBDakFQGWKE/P43PRibMOEzfd7+DzbY
-WIekoz3i00DwoH3b6j4gwlDJRAOq4dF6/Pt/uBOHDo/op+ef+9ErmKPd+ehXN9h3
-7QbccTgz7DtVwA4iRlDRLru+JuXzT+OsCHuFZMOLJ+KD2JAGh3W68JjdcLkrlcpt
-AU0wc5aOHPPfEBdIah8y8QtNzXRVzoBt8zzvgCARkXxTS2u/9QaXR1hML0JtDgQS
-SdZ6Kd8SN6yzqxD+buYD5sOfJmjBF/n3lqFHNMHnnGXy2TAXZtIAWzffU3A0cGPB
-N6FZ026a86HbF1X4k+xszhbJu/ikczyuWnCJIg3fTYSD
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/eng5.pem b/crypto/openssl/certs/eng5.pem
deleted file mode 100644
index 3416cca..0000000
--- a/crypto/openssl/certs/eng5.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID6TCCAtGgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBrjELMAkGA1UEBhMCQ0Ex
-CzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMRowGAYDVQQKExFUcmFkZXJF
-bmdpbmUgSW5jLjEpMCcGA1UECxMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgRGl2
-aXNpb24xFTATBgNVBAMTDHRyYWRlcmVuZ2luZTEiMCAGCSqGSIb3DQEJARYTY2FA
-dHJhZGVyZW5naW5lLmNvbTAeFw05ODAxMDEwMDAwMDBaFw0zODAxMTcwMDAwMDBa
-MIGuMQswCQYDVQQGEwJDQTELMAkGA1UECBMCT04xEDAOBgNVBAcTB1Rvcm9udG8x
-GjAYBgNVBAoTEVRyYWRlckVuZ2luZSBJbmMuMSkwJwYDVQQLEyBDZXJ0aWZpY2F0
-aW9uIEF1dGhvcml0eSBEaXZpc2lvbjEVMBMGA1UEAxMMdHJhZGVyZW5naW5lMSIw
-IAYJKoZIhvcNAQkBFhNjYUB0cmFkZXJlbmdpbmUuY29tMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAzyX5QE+5SN+zgNn1v3zp9HmP4hQOWW8WuEVItZVP
-9bt/xj5NeJd1kyPL/SqnF2qHcL3o/74r0Ga55aKHniwKYgQTlp5ELGfQ568QQeN9
-xNIHtUXeStI9zCNZyZC+4YqObdMR/ivKA/WsLfUVMl2lV5JzJJz1BOE0gKEYiEyz
-gIq5oLzkP/mOXoHRvWSZD2D0eHYIO7ovV2epVFK7g7p+dC4QoeIUEli+GF/Myg88
-dV/qmi+Sybck2RLPXa8Nh27/ETVQ7kE1Eafmx7EyCqIhG+5lwJAy3HwHUBwAYuzj
-iuZz5lD8aQmr8SKuvy3eOH9SVN5wh3YBlrNGwTStkESVLwIDAQABoxAwDjAMBgNV
-HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAWOPAUhZd3x9EQiFJcuxFTMd9q
-axgcriCzJsM6D96sYGko9xTeLhX/lr1bliVYI5AlupoLXAdMzGHJkOgaTirKjQXr
-F9nymDdUWKe3TmwGob5016nQlH7qRKvGO3hka0rOGRK2U/2JT/4Qp8iH/DFi6cyM
-uP0q8n64SAkxZXLzUuFQXqf7U/SNjzb9XJQEIAdjp7eYd3Qb4jDsDcX0FrKMF1aV
-r0dCDnS7am7WTXPYCDGdSkPgEHEtLYIYH3lZp5sKdVZ9wl4F0WNFkRWRUr7AXPjw
-50uLmUNmKCd8JZLMGA1TRNSTi7U9EcrWt0OkMWm74T2WVnAgNsDv2WrWsGfj
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/expired/ICE-CA.pem b/crypto/openssl/certs/expired/ICE-CA.pem
deleted file mode 100644
index 7565236..0000000
--- a/crypto/openssl/certs/expired/ICE-CA.pem
+++ /dev/null
@@ -1,59 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
- Validity
- Not Before: Apr 2 17:35:53 1997 GMT
- Not After : Apr 2 17:35:53 1998 GMT
- Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
- Subject Public Key Info:
- Public Key Algorithm: rsa
- RSA Public Key: (512 bit)
- Modulus (512 bit):
- 00:82:75:ba:f6:d1:60:b5:f9:15:b3:6a:dd:29:8f:
- 8b:a4:6f:1a:88:e0:50:43:40:0b:79:41:d5:d3:16:
- 44:7d:74:65:17:42:06:52:0b:e9:50:c8:10:cd:24:
- e2:ae:8d:22:30:73:e6:b4:b7:93:1f:e5:6e:a2:ae:
- 49:11:a5:c9:45
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Authority Key Identifier:
- 0.........z.."p......e..
- X509v3 Subject Key Identifier:
- ..~r..:..B.44fu......3
- X509v3 Key Usage: critical
- ....
- X509v3 Certificate Policies: critical
- 0.0...*...
- X509v3 Subject Alternative Name:
- 0!..secude-support@darmstadt.gmd.de
- X509v3 Issuer Alternative Name:
- 0I..ice-tel-ca@darmstadt.gmd.de.*http://www.darmstadt.gmd.de/ice-tel/euroca
- X509v3 Basic Constraints: critical
- 0....
- X509v3 CRL Distribution Points:
- 0200...,.*http://www.darmstadt.gmd.de/ice-tel/euroca
- Signature Algorithm: md5WithRSAEncryption
- 17:a2:88:b7:99:5a:05:41:e4:13:34:67:e6:1f:3e:26:ec:4b:
- 69:f9:3e:28:22:be:9d:1c:ab:41:6f:0c:00:85:fe:45:74:f6:
- 98:f0:ce:9b:65:53:4a:50:42:c7:d4:92:bd:d7:a2:a8:3d:98:
- 88:73:cd:60:28:79:a3:fc:48:7a
------BEGIN CERTIFICATE-----
-MIICzDCCAnagAwIBAgIBATANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
-cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzU1M1oXDTk4MDQwMjE3MzU1M1owXDEhMB8G
-A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTESMBAGA1UEBxMJRGFybXN0YWR0MFkwCgYEVQgB
-AQICAgADSwAwSAJBAIJ1uvbRYLX5FbNq3SmPi6RvGojgUENAC3lB1dMWRH10ZRdC
-BlIL6VDIEM0k4q6NIjBz5rS3kx/lbqKuSRGlyUUCAwEAAaOCATgwggE0MB8GA1Ud
-IwQYMBaAFIr3yNUOx3ro1yJw4AuJ1bbsZbzPMB0GA1UdDgQWBBR+cvL4OoacQog0
-NGZ1w9T80aIRMzAOBgNVHQ8BAf8EBAMCAfYwFAYDVR0gAQH/BAowCDAGBgQqAwQF
-MCoGA1UdEQQjMCGBH3NlY3VkZS1zdXBwb3J0QGRhcm1zdGFkdC5nbWQuZGUwUgYD
-VR0SBEswSYEbaWNlLXRlbC1jYUBkYXJtc3RhZHQuZ21kLmRlhipodHRwOi8vd3d3
-LmRhcm1zdGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2EwDwYDVR0TAQH/BAUwAwEB
-/zA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vd3d3LmRhcm1zdGFkdC5nbWQuZGUv
-aWNlLXRlbC9ldXJvY2EwDQYJKoZIhvcNAQEEBQADQQAXooi3mVoFQeQTNGfmHz4m
-7Etp+T4oIr6dHKtBbwwAhf5FdPaY8M6bZVNKUELH1JK916KoPZiIc81gKHmj/Eh6
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/expired/ICE-root.pem b/crypto/openssl/certs/expired/ICE-root.pem
deleted file mode 100644
index fa99159..0000000
--- a/crypto/openssl/certs/expired/ICE-root.pem
+++ /dev/null
@@ -1,48 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: O=European ICE-TEL project, OU=V3-Certification Authority
- Validity
- Not Before: Apr 2 17:33:36 1997 GMT
- Not After : Apr 2 17:33:36 1998 GMT
- Subject: O=European ICE-TEL project, OU=V3-Certification Authority
- Subject Public Key Info:
- Public Key Algorithm: rsa
- RSA Public Key: (512 bit)
- Modulus (512 bit):
- 00:80:3e:eb:ae:47:a9:fe:10:54:0b:81:8b:9c:2b:
- 82:ab:3a:61:36:65:8b:f3:73:9f:ac:ac:7a:15:a7:
- 13:8f:b4:c4:ba:a3:0f:bc:a5:58:8d:cc:b1:93:31:
- 9e:81:9e:8c:19:61:86:fa:52:73:54:d1:97:76:22:
- e7:c7:9f:41:cd
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- ........z.."p......e..
- X509v3 Key Usage: critical
- ....
- X509v3 Subject Alternative Name:
- 0I.*http://www.darmstadt.gmd.de/ice-tel/euroca..ice-tel-ca@darmstadt.gmd.de
- X509v3 Basic Constraints: critical
- 0....
- Signature Algorithm: md5WithRSAEncryption
- 76:69:61:db:b7:cf:8b:06:9e:d8:8c:96:53:d2:4d:a8:23:a6:
- 03:44:e8:8f:24:a5:c0:84:a8:4b:77:d4:2d:2b:7d:37:91:67:
- f2:2c:ce:02:31:4c:6b:cc:ce:f2:68:a6:11:11:ab:7d:88:b8:
- 7e:22:9f:25:06:60:bd:79:30:3d
------BEGIN CERTIFICATE-----
-MIICFjCCAcCgAwIBAgIBADANBgkqhkiG9w0BAQQFADBIMSEwHwYDVQQKExhFdXJv
-cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MB4XDTk3MDQwMjE3MzMzNloXDTk4MDQwMjE3MzMzNlowSDEhMB8G
-A1UEChMYRXVyb3BlYW4gSUNFLVRFTCBwcm9qZWN0MSMwIQYDVQQLExpWMy1DZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTBZMAoGBFUIAQECAgIAA0sAMEgCQQCAPuuuR6n+
-EFQLgYucK4KrOmE2ZYvzc5+srHoVpxOPtMS6ow+8pViNzLGTMZ6BnowZYYb6UnNU
-0Zd2IufHn0HNAgMBAAGjgZcwgZQwHQYDVR0OBBYEFIr3yNUOx3ro1yJw4AuJ1bbs
-ZbzPMA4GA1UdDwEB/wQEAwIB9jBSBgNVHREESzBJhipodHRwOi8vd3d3LmRhcm1z
-dGFkdC5nbWQuZGUvaWNlLXRlbC9ldXJvY2GBG2ljZS10ZWwtY2FAZGFybXN0YWR0
-LmdtZC5kZTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBAUAA0EAdmlh27fP
-iwae2IyWU9JNqCOmA0TojySlwISoS3fULSt9N5Fn8izOAjFMa8zO8mimERGrfYi4
-fiKfJQZgvXkwPQ==
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/expired/ICE-user.pem b/crypto/openssl/certs/expired/ICE-user.pem
deleted file mode 100644
index 28065fd..0000000
--- a/crypto/openssl/certs/expired/ICE-user.pem
+++ /dev/null
@@ -1,63 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt
- Validity
- Not Before: Apr 2 17:35:59 1997 GMT
- Not After : Apr 2 17:35:59 1998 GMT
- Subject: O=European ICE-TEL project, OU=V3-Certification Authority, L=Darmstadt, CN=USER
- Subject Public Key Info:
- Public Key Algorithm: rsa
- RSA Public Key: (512 bit)
- Modulus (512 bit):
- 00:a8:a8:53:63:49:1b:93:c3:c3:0b:6c:88:11:55:
- de:7e:6a:e2:f9:52:a0:dc:69:25:c4:c8:bf:55:e1:
- 31:a8:ce:e4:a9:29:85:99:8a:15:9a:de:f6:2f:e1:
- b4:50:5f:5e:04:75:a6:f4:76:dc:3c:0e:39:dc:3a:
- be:3e:a4:61:8b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Authority Key Identifier:
- 0...~r..:..B.44fu......3
- X509v3 Subject Key Identifier:
- ...... .*...1.*.......
- X509v3 Key Usage: critical
- ....
- X509v3 Certificate Policies: critical
- 0.0...*...0.......
- X509v3 Subject Alternative Name:
- 0:..user@darmstadt.gmd.de.!http://www.darmstadt.gmd.de/~user
- X509v3 Issuer Alternative Name:
- 0....gmdca@gmd.de..http://www.gmd.de..saturn.darmstadt.gmd.de.\1!0...U.
-..European ICE-TEL project1#0!..U....V3-Certification Authority1.0...U....Darmstadt..141.12.62.26
- X509v3 Basic Constraints: critical
- 0.
- X509v3 CRL Distribution Points:
- 0.0.......gmdca@gmd.de
- Signature Algorithm: md5WithRSAEncryption
- 69:0c:e1:b7:a7:f2:d8:fb:e8:69:c0:13:cd:37:ad:21:06:22:
- 4d:e8:c6:db:f1:04:0b:b7:e0:b3:d6:0c:81:03:ce:c3:6a:3e:
- c7:e7:24:24:a4:92:64:c2:83:83:06:42:53:0e:6f:09:1e:84:
- 9a:f7:6f:63:9b:94:99:83:d6:a4
------BEGIN CERTIFICATE-----
-MIIDTzCCAvmgAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMSEwHwYDVQQKExhFdXJv
-cGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24g
-QXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHQwHhcNOTcwNDAyMTczNTU5WhcN
-OTgwNDAyMTczNTU5WjBrMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2pl
-Y3QxIzAhBgNVBAsTGlYzLUNlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQH
-EwlEYXJtc3RhZHQxDTALBgNVBAMTBFVTRVIwWTAKBgRVCAEBAgICAANLADBIAkEA
-qKhTY0kbk8PDC2yIEVXefmri+VKg3GklxMi/VeExqM7kqSmFmYoVmt72L+G0UF9e
-BHWm9HbcPA453Dq+PqRhiwIDAQABo4IBmDCCAZQwHwYDVR0jBBgwFoAUfnLy+DqG
-nEKINDRmdcPU/NGiETMwHQYDVR0OBBYEFJfc4B8gjSoRmLUx4Sq/ucIYiMrPMA4G
-A1UdDwEB/wQEAwIB8DAcBgNVHSABAf8EEjAQMAYGBCoDBAUwBgYECQgHBjBDBgNV
-HREEPDA6gRV1c2VyQGRhcm1zdGFkdC5nbWQuZGWGIWh0dHA6Ly93d3cuZGFybXN0
-YWR0LmdtZC5kZS9+dXNlcjCBsQYDVR0SBIGpMIGmgQxnbWRjYUBnbWQuZGWGEWh0
-dHA6Ly93d3cuZ21kLmRlghdzYXR1cm4uZGFybXN0YWR0LmdtZC5kZaRcMSEwHwYD
-VQQKExhFdXJvcGVhbiBJQ0UtVEVMIHByb2plY3QxIzAhBgNVBAsTGlYzLUNlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQHEwlEYXJtc3RhZHSHDDE0MS4xMi42
-Mi4yNjAMBgNVHRMBAf8EAjAAMB0GA1UdHwQWMBQwEqAQoA6BDGdtZGNhQGdtZC5k
-ZTANBgkqhkiG9w0BAQQFAANBAGkM4ben8tj76GnAE803rSEGIk3oxtvxBAu34LPW
-DIEDzsNqPsfnJCSkkmTCg4MGQlMObwkehJr3b2OblJmD1qQ=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/expired/ICE.crl b/crypto/openssl/certs/expired/ICE.crl
deleted file mode 100644
index 21939e8..0000000
--- a/crypto/openssl/certs/expired/ICE.crl
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN X509 CRL-----
-MIIBNDCBnjANBgkqhkiG9w0BAQIFADBFMSEwHwYDVQQKExhFdXJvcGVhbiBJQ0Ut
-VEVMIFByb2plY3QxIDAeBgNVBAsTF0NlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05
-NzA2MDkxNDQyNDNaFw05NzA3MDkxNDQyNDNaMCgwEgIBChcNOTcwMzAzMTQ0MjU0
-WjASAgEJFw05NjEwMDIxMjI5MjdaMA0GCSqGSIb3DQEBAgUAA4GBAH4vgWo2Tej/
-i7kbiw4Imd30If91iosjClNpBFwvwUDBclPEeMuYimHbLOk4H8Nofc0fw11+U/IO
-KSNouUDcqG7B64oY7c4SXKn+i1MWOb5OJiWeodX3TehHjBlyWzoNMWCnYA8XqFP1
-mOKp8Jla1BibEZf14+/HqCi2hnZUiEXh
------END X509 CRL-----
diff --git a/crypto/openssl/certs/expired/RegTP-4R.pem b/crypto/openssl/certs/expired/RegTP-4R.pem
deleted file mode 100644
index 6f2c6ab..0000000
--- a/crypto/openssl/certs/expired/RegTP-4R.pem
+++ /dev/null
@@ -1,19 +0,0 @@
-issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
-notBefore=Jan 21 16:04:53 1999 GMT
-notAfter=Jan 21 16:04:53 2004 GMT
-subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
------BEGIN CERTIFICATE-----
-MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
-MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
-dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO
-MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT
-AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
-dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB
-IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso
-aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs
-jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h
-5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr
-JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX
-Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re
-JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w==
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/expired/factory.pem b/crypto/openssl/certs/expired/factory.pem
deleted file mode 100644
index 8e28b39..0000000
--- a/crypto/openssl/certs/expired/factory.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
-MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
-DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
-CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
-amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
-iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
-U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
-zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
-BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
-/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
-lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
-S7ELuYGtmYgYm9NZOIr7yU0=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/expired/rsa-cca.pem b/crypto/openssl/certs/expired/rsa-cca.pem
deleted file mode 100644
index 69f5c1c..0000000
--- a/crypto/openssl/certs/expired/rsa-cca.pem
+++ /dev/null
@@ -1,19 +0,0 @@
-subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
-issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
-notBefore=941104185834Z
-notAfter =991103185834Z
------BEGIN X509 CERTIFICATE-----
-
-MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
-Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
-OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
-ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
-975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
-touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
-7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
-9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
-0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
-MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
------END X509 CERTIFICATE-----
diff --git a/crypto/openssl/certs/expired/rsa-ssca.pem b/crypto/openssl/certs/expired/rsa-ssca.pem
deleted file mode 100644
index c940321..0000000
--- a/crypto/openssl/certs/expired/rsa-ssca.pem
+++ /dev/null
@@ -1,19 +0,0 @@
-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-notBefore=941109235417Z
-notAfter =991231235417Z
------BEGIN X509 CERTIFICATE-----
-
-MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
-IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
-Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
-YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
-roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
-aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
-HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
-iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
-suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
-cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
------END X509 CERTIFICATE-----
diff --git a/crypto/openssl/certs/expired/vsign2.pem b/crypto/openssl/certs/expired/vsign2.pem
deleted file mode 100644
index d8bdd8c..0000000
--- a/crypto/openssl/certs/expired/vsign2.pem
+++ /dev/null
@@ -1,18 +0,0 @@
-subject=/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
-notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Jan 7 23:59:59 2004 GMT
------BEGIN CERTIFICATE-----
-MIICPTCCAaYCEQC6WslMBTuS1qe2307QU5INMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
-c3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
-NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAtlqLow1qI4OAa885h/QhEzMGTCWi7VUSl8WngLn6g8EgoPovFQ18
-oWBrfnks+gYPOq72G2+x0v8vKFJfg31LxHq3+GYfgFT8t8KOWUoUV0bRmpO+QZED
-uxWAk1zr58wIbD8+s0r8/0tsI9VQgiZEGY4jw3HqGSRHBJ51v8imAB8CAwEAATAN
-BgkqhkiG9w0BAQIFAAOBgQC2AB+TV6QHp0DOZUA/VV7t7/pUSaUw1iF8YYfug5ML
-v7Qz8pisnwa/TqjOFIFMywROWMPPX+5815pvy0GKt3+BuP+EYcYnQ2UdDOyxAArd
-G6S7x3ggKLKi3TaVLuFUT79guXdoEZkj6OpS6KoATmdOu5C1RZtG644W78QzWzM9
-1Q==
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/expired/vsign3.pem b/crypto/openssl/certs/expired/vsign3.pem
deleted file mode 100644
index aa5bb4c..0000000
--- a/crypto/openssl/certs/expired/vsign3.pem
+++ /dev/null
@@ -1,18 +0,0 @@
-subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
-notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Jan 7 23:59:59 2004 GMT
------BEGIN CERTIFICATE-----
-MIICPTCCAaYCEQDknv3zOugOz6URPhmkJAIyMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
-c3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
-NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAyVxZnvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqo
-RAWq7AMfeH+ek7maAKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4
-rCNfcCk2pMmG57GaIMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATAN
-BgkqhkiG9w0BAQIFAAOBgQBhcOwvP579K+ZoVCGwZ3kIDCCWMYoNer62Jt95LCJp
-STbjl3diYaIy13pUITa6Ask05yXaRDWw0lyAXbOU+Pms7qRgdSoflUkjsUp89LNH
-ciFbfperVKxi513srpvSybIk+4Kt6WcVS7qqpvCXoPawl1cAyAw8CaCCBLpB2veZ
-pA==
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/factory.pem b/crypto/openssl/certs/factory.pem
deleted file mode 100644
index 8e28b39..0000000
--- a/crypto/openssl/certs/factory.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
-MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
-DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
-CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
-amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
-iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
-U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
-zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
-BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
-/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
-lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
-S7ELuYGtmYgYm9NZOIr7yU0=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/nortelCA.pem b/crypto/openssl/certs/nortelCA.pem
deleted file mode 100644
index 207f34a..0000000
--- a/crypto/openssl/certs/nortelCA.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
-BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
-HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
-IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
-MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
-aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
-GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
-ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
-zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
-YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
-hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
-cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
-YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
------END CERTIFICATE-----
-
diff --git a/crypto/openssl/certs/pca-cert.pem b/crypto/openssl/certs/pca-cert.pem
deleted file mode 100644
index 9d754d4..0000000
--- a/crypto/openssl/certs/pca-cert.pem
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
-HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN
-MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
-ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB
-ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy
-V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6
-JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S
-S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R
-aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E
-1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
-NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho
-+Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ
-JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0
-Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw=
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
-wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
-vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
-AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
-z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
-xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
-HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
-yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
-xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
-7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
-h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
-QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
-hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/certs/rsa-cca.pem b/crypto/openssl/certs/rsa-cca.pem
deleted file mode 100644
index 69f5c1c..0000000
--- a/crypto/openssl/certs/rsa-cca.pem
+++ /dev/null
@@ -1,19 +0,0 @@
-subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
-issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
-notBefore=941104185834Z
-notAfter =991103185834Z
------BEGIN X509 CERTIFICATE-----
-
-MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
-Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
-OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
-ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
-975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
-touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
-7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
-9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
-0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
-MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
------END X509 CERTIFICATE-----
diff --git a/crypto/openssl/certs/thawteCb.pem b/crypto/openssl/certs/thawteCb.pem
deleted file mode 100644
index 27df192..0000000
--- a/crypto/openssl/certs/thawteCb.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDEzCCAnygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBxDELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
-VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
-biBTZXJ2aWNlcyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEm
-MCQGCSqGSIb3DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wHhcNOTYwODAx
-MDAwMDAwWhcNMjAxMjMxMjM1OTU5WjCBxDELMAkGA1UEBhMCWkExFTATBgNVBAgT
-DFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3
-dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
-cyBEaXZpc2lvbjEZMBcGA1UEAxMQVGhhd3RlIFNlcnZlciBDQTEmMCQGCSqGSIb3
-DQEJARYXc2VydmVyLWNlcnRzQHRoYXd0ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQAD
-gY0AMIGJAoGBANOkUG7I/1Zr5s9dtuoMaHVHoqrC2oQl/Kj0R1HahbUgdJSGHg91
-yekIYfUGbTBuFRkC6VLAYttNmZ7iagxEOM3+vuNkCXDF/rFrKbYvScg71CcEJRCX
-L+eQbcAoQpnXTEPew/UhbVSfXcNY4cDk2VuwuNy0e982OsK1ZiIS1ocNAgMBAAGj
-EzARMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAB/pMaVz7lcxG
-7oWDTSEwjsrZqG9JGubaUeNgcGyEYRGhGshIPllDfU+VPaGLtwtimHp1it2ITk6e
-QNuozDJ0uW8NxuOzRAvZim+aKZuZGCg70eNAKJpaPNW15yAbi8qkq43pUdniTCxZ
-qdq5snUb9kLy78fyGPmJvKP/iiMucEc=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/thawteCp.pem b/crypto/openssl/certs/thawteCp.pem
deleted file mode 100644
index 51285e3..0000000
--- a/crypto/openssl/certs/thawteCp.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDJzCCApCgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkEx
-FTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYD
-VQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlv
-biBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2Vy
-dmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29t
-MB4XDTk2MDgwMTAwMDAwMFoXDTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpB
-MRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsG
-A1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRp
-b24gU2VydmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNl
-cnZlciBDQTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNv
-bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkE
-VdbQ7xwblRZH7xhINTpS9CtqBo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQ
-ug2SBhRz1JPLlyoAnFxODLz6FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMR
-uHM/qgeN9EJN50CdHDcCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQQFAAOBgQAmSCwWwlj66BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUI
-hfzJATj/Tb7yFkJD57taRvvBxhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JM
-pAwSremkrj/xw0llmozFyD4lt5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQg==
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/timCA.pem b/crypto/openssl/certs/timCA.pem
deleted file mode 100644
index 9c8d5bf..0000000
--- a/crypto/openssl/certs/timCA.pem
+++ /dev/null
@@ -1,16 +0,0 @@
-Tims test GCI CA
-
------BEGIN CERTIFICATE-----
-MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
-cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
-cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
-gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
-cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
-dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
-AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
-OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
-AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
-TfdbFZtAAD2Hx9jUtY3tfdrJOb8=
------END CERTIFICATE-----
-
diff --git a/crypto/openssl/certs/tjhCA.pem b/crypto/openssl/certs/tjhCA.pem
deleted file mode 100644
index 67bee1b..0000000
--- a/crypto/openssl/certs/tjhCA.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
-cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
-IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
-VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
-NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
-I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
-RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
-KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
-Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
-9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
-WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/vsign1.pem b/crypto/openssl/certs/vsign1.pem
deleted file mode 100644
index 277894d..0000000
--- a/crypto/openssl/certs/vsign1.pem
+++ /dev/null
@@ -1,17 +0,0 @@
-subject=/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority
-notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Jan 7 23:59:59 2020 GMT
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCEDJQM89Q0VbzXIGtZVxPyCUwDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTIwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0f
-zGVuDLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHi
-TkVWaR94AoDa3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0G
-CSqGSIb3DQEBAgUAA4GBAEtEZmBoZOSYG/OwcuaViXzde7OVwB0u2NgZ0C00PcZQ
-mhCGjKo/O6gE/DdSlcPZydvN8oYGxLEb8IKIMEKOF1AcZHq4PplJdJf8rAJD+5YM
-VgQlDHx8h50kp9jwMim1pN9dokzFFjKoQvZFprY2ueC/ZTaTwtLXa9zeWdaiNfhF
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/vsign2.pem b/crypto/openssl/certs/vsign2.pem
deleted file mode 100644
index d8bdd8c..0000000
--- a/crypto/openssl/certs/vsign2.pem
+++ /dev/null
@@ -1,18 +0,0 @@
-subject=/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
-notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Jan 7 23:59:59 2004 GMT
------BEGIN CERTIFICATE-----
-MIICPTCCAaYCEQC6WslMBTuS1qe2307QU5INMA0GCSqGSIb3DQEBAgUAMF8xCzAJ
-BgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xh
-c3MgMiBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05
-NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYD
-VQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMiBQdWJsaWMgUHJp
-bWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOB
-jQAwgYkCgYEAtlqLow1qI4OAa885h/QhEzMGTCWi7VUSl8WngLn6g8EgoPovFQ18
-oWBrfnks+gYPOq72G2+x0v8vKFJfg31LxHq3+GYfgFT8t8KOWUoUV0bRmpO+QZED
-uxWAk1zr58wIbD8+s0r8/0tsI9VQgiZEGY4jw3HqGSRHBJ51v8imAB8CAwEAATAN
-BgkqhkiG9w0BAQIFAAOBgQC2AB+TV6QHp0DOZUA/VV7t7/pUSaUw1iF8YYfug5ML
-v7Qz8pisnwa/TqjOFIFMywROWMPPX+5815pvy0GKt3+BuP+EYcYnQ2UdDOyxAArd
-G6S7x3ggKLKi3TaVLuFUT79guXdoEZkj6OpS6KoATmdOu5C1RZtG644W78QzWzM9
-1Q==
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/vsign3.pem b/crypto/openssl/certs/vsign3.pem
deleted file mode 100644
index 4b8c025..0000000
--- a/crypto/openssl/certs/vsign3.pem
+++ /dev/null
@@ -1,17 +0,0 @@
-subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
-notBefore=Jan 29 00:00:00 1996 GMT
-notAfter=Aug 1 23:59:59 2028 GMT
------BEGIN CERTIFICATE-----
-MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz
-cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2
-MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV
-BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN
-ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE
-BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is
-I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G
-CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do
-lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc
-AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/vsignss.pem b/crypto/openssl/certs/vsignss.pem
deleted file mode 100644
index 5de48bf..0000000
--- a/crypto/openssl/certs/vsignss.pem
+++ /dev/null
@@ -1,17 +0,0 @@
-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-notBefore=Nov 9 00:00:00 1994 GMT
-notAfter=Jan 7 23:59:59 2010 GMT
------BEGIN CERTIFICATE-----
-MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
-MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
-BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
-dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
-ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
-0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
-uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
-hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
-YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
-1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/vsigntca.pem b/crypto/openssl/certs/vsigntca.pem
deleted file mode 100644
index 05acf76..0000000
--- a/crypto/openssl/certs/vsigntca.pem
+++ /dev/null
@@ -1,18 +0,0 @@
-subject=/O=VeriSign, Inc/OU=www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD./OU=For VeriSign authorized testing only. No assurances (C)VS1997
-notBefore=Mar 4 00:00:00 1997 GMT
-notAfter=Mar 4 23:59:59 2025 GMT
------BEGIN CERTIFICATE-----
-MIICTTCCAfcCEEdoCqpuXxnoK27q7d58Qc4wDQYJKoZIhvcNAQEEBQAwgakxFjAU
-BgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52ZXJpc2lnbi5jb20v
-cmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBMaWFiLiBMVEQuMUYw
-RAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0aW5nIG9ubHkuIE5v
-IGFzc3VyYW5jZXMgKEMpVlMxOTk3MB4XDTk3MDMwNDAwMDAwMFoXDTI1MDMwNDIz
-NTk1OVowgakxFjAUBgNVBAoTDVZlcmlTaWduLCBJbmMxRzBFBgNVBAsTPnd3dy52
-ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9UZXN0Q1BTIEluY29ycC4gQnkgUmVmLiBM
-aWFiLiBMVEQuMUYwRAYDVQQLEz1Gb3IgVmVyaVNpZ24gYXV0aG9yaXplZCB0ZXN0
-aW5nIG9ubHkuIE5vIGFzc3VyYW5jZXMgKEMpVlMxOTk3MFwwDQYJKoZIhvcNAQEB
-BQADSwAwSAJBAMak6xImJx44jMKcbkACy5/CyMA2fqXK4PlzTtCxRq5tFkDzne7s
-cI8oFK/J+gFZNE3bjidDxf07O3JOYG9RGx8CAwEAATANBgkqhkiG9w0BAQQFAANB
-ADT523tENOKrEheZFpsJx1UUjPrG7TwYc/C4NBHrZI4gZJcKVFIfNulftVS6UMYW
-ToLEMaUojc3DuNXHG21PDG8=
------END CERTIFICATE-----
diff --git a/crypto/openssl/certs/wellsfgo.pem b/crypto/openssl/certs/wellsfgo.pem
deleted file mode 100644
index 2ba88cd..0000000
--- a/crypto/openssl/certs/wellsfgo.pem
+++ /dev/null
@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID5TCCAs2gAwIBAgIEOeSXnjANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMC
-VVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSwwKgYDVQQLEyNXZWxscyBGYXJnbyBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0GA1UEAxMmV2VsbHMgRmFyZ28gUm9v
-dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDAxMDExMTY0MTI4WhcNMjEwMTE0
-MTY0MTI4WjCBgjELMAkGA1UEBhMCVVMxFDASBgNVBAoTC1dlbGxzIEZhcmdvMSww
-KgYDVQQLEyNXZWxscyBGYXJnbyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEvMC0G
-A1UEAxMmV2VsbHMgRmFyZ28gUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVqDM7Jvk0/82bfuUER84A4n13
-5zHCLielTWi5MbqNQ1mXx3Oqfz1cQJ4F5aHiidlMuD+b+Qy0yGIZLEWukR5zcUHE
-SxP9cMIlrCL1dQu3U+SlK93OvRw6esP3E48mVJwWa2uv+9iWsWCaSOAlIiR5NM4O
-JgALTqv9i86C1y8IcGjBqAr5dE8Hq6T54oN+J3N0Prj5OEL8pahbSCOz6+MlsoCu
-ltQKnMJ4msZoGK43YjdeUXWoWGPAUe5AeH6orxqg4bB4nVCMe+ez/I4jsNtlAHCE
-AQgAFG5Uhpq6zPk3EPbg3oQtnaSFN9OH4xXQwReQfhkhahKpdv0SAulPIV4XAgMB
-AAGjYTBfMA8GA1UdEwEB/wQFMAMBAf8wTAYDVR0gBEUwQzBBBgtghkgBhvt7hwcB
-CzAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LndlbGxzZmFyZ28uY29tL2NlcnRw
-b2xpY3kwDQYJKoZIhvcNAQEFBQADggEBANIn3ZwKdyu7IvICtUpKkfnRLb7kuxpo
-7w6kAOnu5+/u9vnldKTC2FJYxHT7zmu1Oyl5GFrvm+0fazbuSCUlFLZWohDo7qd/
-0D+j0MNdJu4HzMPBJCGHHt8qElNvQRbn7a6U+oxy+hNH8Dx+rn0ROhPs7fpvcmR7
-nX1/Jv16+yWt6j4pf0zjAFcysLPp7VMX2YuyFA4w6OXVE8Zkr8QA1dhYJPz1j+zx
-x32l2w8n0cbyQIjmH/ZhqPRCyLk306m+LFZ4wnKbWV01QIroTmMatukgalHizqSQ
-33ZwmVxwQ023tqcZZE6St8WRPH9IFmV7Fv3L/PvZ1dZPIWU7Sn9Ho/s=
------END CERTIFICATE-----
diff --git a/crypto/openssl/comm.txt b/crypto/openssl/comm.txt
deleted file mode 100644
index b0741fb..0000000
--- a/crypto/openssl/comm.txt
+++ /dev/null
@@ -1 +0,0 @@
-New dev version.
diff --git a/crypto/openssl/comms.txt b/crypto/openssl/comms.txt
deleted file mode 100644
index 464a608..0000000
--- a/crypto/openssl/comms.txt
+++ /dev/null
@@ -1 +0,0 @@
-Fix for ASN1 parsing bugs.
diff --git a/crypto/openssl/config b/crypto/openssl/config
deleted file mode 100755
index d7724a5..0000000
--- a/crypto/openssl/config
+++ /dev/null
@@ -1,881 +0,0 @@
-#!/bin/sh
-#
-# OpenSSL config: determine the operating system and run ./Configure
-#
-# "config -h" for usage information.
-#
-# this is a merge of minarch and GuessOS from the Apache Group.
-# Originally written by Tim Hudson <tjh@cryptsoft.com>.
-
-# Original Apache Group comments on GuessOS
-
-# Simple OS/Platform guesser. Similar to config.guess but
-# much, much smaller. Since it was developed for use with
-# Apache, it follows under Apache's regular licensing
-# with one specific addition: Any changes or additions
-# to this script should be Emailed to the Apache
-# group (apache@apache.org) in general and to
-# Jim Jagielski (jim@jaguNET.com) in specific.
-#
-# Be as similar to the output of config.guess/config.sub
-# as possible.
-
-PREFIX=""
-SUFFIX=""
-TEST="false"
-EXE=""
-
-# pick up any command line args to config
-for i
-do
-case "$i" in
--d*) PREFIX="debug-";;
--t*) TEST="true";;
--h*) TEST="true"; cat <<EOF
-Usage: config [options]
- -d Add a debug- prefix to machine choice.
- -t Test mode, do not run the Configure perl script.
- -h This help.
-
-Any other text will be passed to the Configure perl script.
-See INSTALL for instructions.
-
-EOF
-;;
-*) options=$options" $i" ;;
-esac
-done
-
-# First get uname entries that we use below
-
-MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
-RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
-SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown"
-VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
-
-
-# Now test for ISC and SCO, since it is has a braindamaged uname.
-#
-# We need to work around FreeBSD 1.1.5.1
-(
-XREL=`uname -X 2>/dev/null | grep "^Release" | awk '{print $3}'`
-if [ "x$XREL" != "x" ]; then
- if [ -f /etc/kconfig ]; then
- case "$XREL" in
- 4.0|4.1)
- echo "${MACHINE}-whatever-isc4"; exit 0
- ;;
- esac
- else
- case "$XREL" in
- 3.2v4.2)
- echo "whatever-whatever-sco3"; exit 0
- ;;
- 3.2v5.0*)
- echo "whatever-whatever-sco5"; exit 0
- ;;
- 4.2MP)
- case "x${VERSION}" in
- x2.0*) echo "whatever-whatever-unixware20"; exit 0 ;;
- x2.1*) echo "whatever-whatever-unixware21"; exit 0 ;;
- x2*) echo "whatever-whatever-unixware2"; exit 0 ;;
- esac
- ;;
- 4.2)
- echo "whatever-whatever-unixware1"; exit 0
- ;;
- 5*)
- case "x${VERSION}" in
- # We hardcode i586 in place of ${MACHINE} for the
- # following reason. The catch is that even though Pentium
- # is minimum requirement for platforms in question,
- # ${MACHINE} gets always assigned to i386. Now, problem
- # with i386 is that it makes ./config pass 386 to
- # ./Configure, which in turn makes make generate
- # inefficient SHA-1 (for this moment) code.
- x[678]*) echo "i586-sco-unixware7"; exit 0 ;;
- esac
- ;;
- esac
- fi
-fi
-# Now we simply scan though... In most cases, the SYSTEM info is enough
-#
-case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
- MPE/iX:*)
- MACHINE=`echo "$MACHINE" | sed -e 's/-/_/g'`
- echo "parisc-hp-MPE/iX"; exit 0
- ;;
- A/UX:*)
- echo "m68k-apple-aux3"; exit 0
- ;;
-
- AIX:[3-9]:4:*)
- echo "${MACHINE}-ibm-aix"; exit 0
- ;;
-
- AIX:*:[5-9]:*)
- echo "${MACHINE}-ibm-aix"; exit 0
- ;;
-
- AIX:*)
- echo "${MACHINE}-ibm-aix3"; exit 0
- ;;
-
- dgux:*)
- echo "${MACHINE}-dg-dgux"; exit 0
- ;;
-
- HI-UX:*)
- echo "${MACHINE}-hi-hiux"; exit 0
- ;;
-
- HP-UX:*)
- HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
- case "$HPUXVER" in
- 1[0-9].*) # HPUX 10 and 11 targets are unified
- echo "${MACHINE}-hp-hpux1x"; exit 0
- ;;
- *)
- echo "${MACHINE}-hp-hpux"; exit 0
- ;;
- esac
- ;;
-
- IRIX:5.*)
- echo "mips2-sgi-irix"; exit 0
- ;;
-
- IRIX:6.*)
- echo "mips3-sgi-irix"; exit 0
- ;;
-
- IRIX64:*)
- echo "mips4-sgi-irix64"; exit 0
- ;;
-
- Linux:[2-9].*)
- echo "${MACHINE}-whatever-linux2"; exit 0
- ;;
-
- Linux:1.*)
- echo "${MACHINE}-whatever-linux1"; exit 0
- ;;
-
- GNU*)
- echo "hurd-x86"; exit 0;
- ;;
-
- LynxOS:*)
- echo "${MACHINE}-lynx-lynxos"; exit 0
- ;;
-
- BSD/OS:4.*) # BSD/OS always says 386
- echo "i486-whatever-bsdi4"; exit 0
- ;;
-
- BSD/386:*:*:*486*|BSD/OS:*:*:*:*486*)
- case `/sbin/sysctl -n hw.model` in
- Pentium*)
- echo "i586-whatever-bsdi"; exit 0
- ;;
- *)
- echo "i386-whatever-bsdi"; exit 0
- ;;
- esac;
- ;;
-
- BSD/386:*|BSD/OS:*)
- echo "${MACHINE}-whatever-bsdi"; exit 0
- ;;
-
- FreeBSD:*:*:*386*)
- VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
- MACH=`sysctl -n hw.model`
- ARCH='whatever'
- case ${MACH} in
- *386* ) MACH="i386" ;;
- *486* ) MACH="i486" ;;
- Pentium\ II*) MACH="i686" ;;
- Pentium* ) MACH="i586" ;;
- * ) MACH="$MACHINE" ;;
- esac
- case ${MACH} in
- i[0-9]86 ) ARCH="pc" ;;
- esac
- echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0
- ;;
-
- FreeBSD:*)
- echo "${MACHINE}-whatever-freebsd"; exit 0
- ;;
-
- NetBSD:*:*:*386*)
- echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
- ;;
-
- NetBSD:*)
- echo "${MACHINE}-whatever-netbsd"; exit 0
- ;;
-
- OpenBSD:*)
- echo "${MACHINE}-whatever-openbsd"; exit 0
- ;;
-
- OpenUNIX:*)
- echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
- ;;
-
- OSF1:*:*:*alpha*)
- OSFMAJOR=`echo ${RELEASE}| sed -e 's/^V\([0-9]*\)\..*$/\1/'`
- case "$OSFMAJOR" in
- 4|5)
- echo "${MACHINE}-dec-tru64"; exit 0
- ;;
- 1|2|3)
- echo "${MACHINE}-dec-osf"; exit 0
- ;;
- *)
- echo "${MACHINE}-dec-osf"; exit 0
- ;;
- esac
- ;;
-
- QNX:*)
- case "$RELEASE" in
- 4*)
- echo "${MACHINE}-whatever-qnx4"
- ;;
- 6*)
- echo "${MACHINE}-whatever-qnx6"
- ;;
- *)
- echo "${MACHINE}-whatever-qnx"
- ;;
- esac
- exit 0
- ;;
-
- Paragon*:*:*:*)
- echo "i860-intel-osf1"; exit 0
- ;;
-
- Rhapsody:*)
- echo "ppc-apple-rhapsody"; exit 0
- ;;
-
- Darwin:*)
- case "$MACHINE" in
- Power*)
- echo "ppc-apple-darwin${VERSION}"
- ;;
- *)
- echo "i386-apple-darwin${VERSION}"
- ;;
- esac
- exit 0
- ;;
-
- SunOS:5.*)
- echo "${MACHINE}-whatever-solaris2"; exit 0
- ;;
-
- SunOS:*)
- echo "${MACHINE}-sun-sunos4"; exit 0
- ;;
-
- UNIX_System_V:4.*:*)
- echo "${MACHINE}-whatever-sysv4"; exit 0
- ;;
-
- VOS:*:*:i786)
- echo "i386-stratus-vos"; exit 0
- ;;
-
- VOS:*:*:*)
- echo "hppa1.1-stratus-vos"; exit 0
- ;;
-
- *:4*:R4*:m88k)
- echo "${MACHINE}-whatever-sysv4"; exit 0
- ;;
-
- DYNIX/ptx:4*:*)
- echo "${MACHINE}-whatever-sysv4"; exit 0
- ;;
-
- *:4.0:3.0:3[34]?? | *:4.0:3.0:3[34]??,*)
- echo "i486-ncr-sysv4"; exit 0
- ;;
-
- ULTRIX:*)
- echo "${MACHINE}-unknown-ultrix"; exit 0
- ;;
-
- SINIX*|ReliantUNIX*)
- echo "${MACHINE}-siemens-sysv4"; exit 0
- ;;
-
- POSIX-BC*)
- echo "${MACHINE}-siemens-sysv4"; exit 0 # Here, $MACHINE == "BS2000"
- ;;
-
- machten:*)
- echo "${MACHINE}-tenon-${SYSTEM}"; exit 0;
- ;;
-
- library:*)
- echo "${MACHINE}-ncr-sysv4"; exit 0
- ;;
-
- ConvexOS:*:11.0:*)
- echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
- ;;
-
- NEWS-OS:4.*)
- echo "mips-sony-newsos4"; exit 0;
- ;;
-
- MINGW*)
- echo "${MACHINE}-whatever-mingw"; exit 0;
- ;;
- CYGWIN*)
- case "$RELEASE" in
- [bB]*|1.0|1.[12].*)
- echo "${MACHINE}-whatever-cygwin_pre1.3"
- ;;
- *)
- echo "${MACHINE}-whatever-cygwin"
- ;;
- esac
- exit 0
- ;;
-
- *"CRAY T3E")
- echo "t3e-cray-unicosmk"; exit 0;
- ;;
-
- *CRAY*)
- echo "j90-cray-unicos"; exit 0;
- ;;
-
- NONSTOP_KERNEL*)
- echo "nsr-tandem-nsk"; exit 0;
- ;;
-esac
-
-#
-# Ugg. These are all we can determine by what we know about
-# the output of uname. Be more creative:
-#
-
-# Do the Apollo stuff first. Here, we just simply assume
-# that the existance of the /usr/apollo directory is proof
-# enough
-if [ -d /usr/apollo ]; then
- echo "whatever-apollo-whatever"
- exit 0
-fi
-
-# Now NeXT
-ISNEXT=`hostinfo 2>/dev/null`
-case "$ISNEXT" in
- *'NeXT Mach 3.3'*)
- echo "whatever-next-nextstep3.3"; exit 0
- ;;
- *NeXT*)
- echo "whatever-next-nextstep"; exit 0
- ;;
-esac
-
-# At this point we gone through all the one's
-# we know of: Punt
-
-echo "${MACHINE}-whatever-${SYSTEM}"
-exit 0
-) 2>/dev/null | (
-
-# ---------------------------------------------------------------------------
-# this is where the translation occurs into SSLeay terms
-# ---------------------------------------------------------------------------
-
-# figure out if gcc is available and if so we use it otherwise
-# we fallback to whatever cc does on the system
-GCCVER=`(gcc -dumpversion) 2>/dev/null`
-if [ "$GCCVER" != "" ]; then
- CC=gcc
- # then strip off whatever prefix egcs prepends the number with...
- # Hopefully, this will work for any future prefixes as well.
- GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
- # Since gcc 3.1 gcc --version behaviour has changed. gcc -dumpversion
- # does give us what we want though, so we use that. We just just the
- # major and minor version numbers.
- # peak single digit before and after first dot, e.g. 2.95.1 gives 29
- GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
-else
- CC=cc
-fi
-GCCVER=${GCCVER:-0}
-if [ "$SYSTEM" = "HP-UX" ];then
- # By default gcc is a ILP32 compiler (with long long == 64).
- GCC_BITS="32"
- if [ $GCCVER -ge 30 ]; then
- # PA64 support only came in with gcc 3.0.x.
- # We check if the preprocessor symbol __LP64__ is defined...
- if echo "__LP64__" | gcc -v -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null; then
- : # __LP64__ has slipped through, it therefore is not defined
- else
- GCC_BITS="64"
- fi
- fi
-fi
-if [ "$SYSTEM" = "SunOS" ]; then
- if [ $GCCVER -ge 30 ]; then
- # 64-bit ABI isn't officially supported in gcc 3.0, but it appears
- # to be working, at the very least 'make test' passes...
- if gcc -v -E -x c /dev/null 2>&1 | grep __arch64__ > /dev/null; then
- GCC_ARCH="-m64"
- else
- GCC_ARCH="-m32"
- fi
- fi
- # check for WorkShop C, expected output is "cc: blah-blah C x.x"
- CCVER=`(cc -V 2>&1) 2>/dev/null | \
- egrep -e '^cc: .* C [0-9]\.[0-9]' | \
- sed 's/.* C \([0-9]\)\.\([0-9]\).*/\1\2/'`
- CCVER=${CCVER:-0}
- if [ $MACHINE != i86pc -a $CCVER -gt 40 ]; then
- CC=cc # overrides gcc!!!
- if [ $CCVER -eq 50 ]; then
- echo "WARNING! Detected WorkShop C 5.0. Do make sure you have"
- echo " patch #107357-01 or later applied."
- sleep 5
- fi
- fi
-fi
-
-if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then
- # check for Compaq C, expected output is "blah-blah C Vx.x"
- CCCVER=`(ccc -V 2>&1) 2>/dev/null | \
- egrep -e '.* C V[0-9]\.[0-9]' | \
- sed 's/.* C V\([0-9]\)\.\([0-9]\).*/\1\2/'`
- CCCVER=${CCCVER:-0}
- if [ $CCCVER -gt 60 ]; then
- CC=ccc # overrides gcc!!! well, ccc outperforms inoticeably
- # only on hash routines and des, otherwise gcc (2.95)
- # keeps along rather tight...
- fi
-fi
-
-if [ "${SYSTEM}" = "AIX" ]; then # favor vendor cc over gcc
- (cc) 2>&1 | grep -iv "not found" > /dev/null && CC=cc
-fi
-
-CCVER=${CCVER:-0}
-
-# read the output of the embedded GuessOS
-read GUESSOS
-
-echo Operating system: $GUESSOS
-
-# now map the output into SSLeay terms ... really should hack into the
-# script above so we end up with values in vars but that would take
-# more time that I want to waste at the moment
-case "$GUESSOS" in
- mips2-sgi-irix)
- CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
- CPU=${CPU:-0}
- if [ $CPU -ge 4000 ]; then
- options="$options -mips2"
- fi
- OUT="irix-$CC"
- ;;
- mips3-sgi-irix)
- #CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
- #CPU=${CPU:-0}
- #if [ $CPU -ge 5000 ]; then
- # options="$options -mips4"
- #else
- # options="$options -mips3"
- #fi
- OUT="irix-mips3-$CC"
- ;;
- mips4-sgi-irix64)
- echo "WARNING! If you wish to build 64-bit library, then you have to"
- echo " invoke './Configure irix64-mips4-$CC' *manually*."
- if [ "$TEST" = "false" -a -t 1 ]; then
- echo " You have about 5 seconds to press Ctrl-C to abort."
- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
- fi
- #CPU=`(hinv -t cpu) 2>/dev/null | head -1 | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
- #CPU=${CPU:-0}
- #if [ $CPU -ge 5000 ]; then
- # options="$options -mips4"
- #else
- # options="$options -mips3"
- #fi
- OUT="irix-mips3-$CC"
- ;;
- ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
- ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
- i386-apple-darwin*) OUT="darwin-i386-cc" ;;
- alpha-*-linux2)
- ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
- case ${ISA:-generic} in
- *[678]) OUT="linux-alpha+bwx-$CC" ;;
- *) OUT="linux-alpha-$CC" ;;
- esac
- if [ "$CC" = "gcc" ]; then
- case ${ISA:-generic} in
- EV5|EV45) options="$options -march=ev5";;
- EV56|PCA56) options="$options -march=ev56";;
- *) options="$options -march=ev6";;
- esac
- fi
- ;;
- ppc64-*-linux2)
- echo "WARNING! If you wish to build 64-bit library, then you have to"
- echo " invoke './Configure linux-ppc64' *manually*."
- if [ "$TEST" = "false" -a -t 1 ]; then
- echo " You have about 5 seconds to press Ctrl-C to abort."
- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
- fi
- OUT="linux-ppc"
- ;;
- ppc-*-linux2) OUT="linux-ppc" ;;
- ia64-*-linux?) OUT="linux-ia64" ;;
- sparc64-*-linux2)
- echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
- echo " and wish to build 64-bit library, then you have to"
- echo " invoke './Configure linux64-sparcv9' *manually*."
- if [ "$TEST" = "false" -a -t 1 ]; then
- echo " You have about 5 seconds to press Ctrl-C to abort."
- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
- fi
- OUT="linux-sparcv9" ;;
- sparc-*-linux2)
- KARCH=`awk '/^type/{print$3;exit(0);}' /proc/cpuinfo`
- case ${KARCH:-sun4} in
- sun4u*) OUT="linux-sparcv9" ;;
- sun4m) OUT="linux-sparcv8" ;;
- sun4d) OUT="linux-sparcv8" ;;
- *) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
- esac ;;
- parisc*-*-linux2)
- # 64-bit builds under parisc64 linux are not supported and
- # compiler is expected to generate 32-bit objects...
- CPUARCH=`awk '/cpu family/{print substr($5,1,3); exit(0);}' /proc/cpuinfo`
- CPUSCHEDULE=`awk '/^cpu.[ ]*: PA/{print substr($3,3); exit(0);}' /proc/cpuinfo`
-
- # ??TODO ?? Model transformations
- # 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off
- # assuming no further arch. identification will ever be used by GCC.
- # 1. I'm most concerned about whether is a 7300LC is closer to a 7100 versus a 7100LC.
- # 2. The variant 64-bit processors cause concern should GCC support explicit schedulers
- # for these chips in the future.
- # PA7300LC -> 7100LC (1.1)
- # PA8200 -> 8000 (2.0)
- # PA8500 -> 8000 (2.0)
- # PA8600 -> 8000 (2.0)
-
- CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8.00/8000/'`
- # Finish Model transformations
-
- options="$options -DB_ENDIAN -mschedule=$CPUSCHEDULE -march=$CPUARCH"
- OUT="linux-generic32" ;;
- arm*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
- arm*l-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
- sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
- sh*-*-linux2) OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
- m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
- s390*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN -DNO_ASM" ;;
- x86_64-*-linux?) OUT="linux-x86_64" ;;
- *86-*-linux2) OUT="linux-elf"
- if [ "$GCCVER" -gt 28 ]; then
- if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then
- options="$options -march=pentium"
- fi
- if grep '^model.*Pentium Pro' /proc/cpuinfo >/dev/null ; then
- options="$options -march=pentiumpro"
- fi
- if grep '^model.*K6' /proc/cpuinfo >/dev/null ; then
- options="$options -march=k6"
- fi
- fi ;;
- *-*-linux1) OUT="linux-aout" ;;
- *-*-linux2) OUT="linux-generic32" ;;
- sun4u*-*-solaris2)
- OUT="solaris-sparcv9-$CC"
- ISA64=`(isalist) 2>/dev/null | grep sparcv9`
- if [ "$ISA64" != "" ]; then
- if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
- echo "WARNING! If you wish to build 64-bit library, then you have to"
- echo " invoke './Configure solaris64-sparcv9-cc' *manually*."
- if [ "$TEST" = "false" -a -t 1 ]; then
- echo " You have about 5 seconds to press Ctrl-C to abort."
- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
- fi
- elif [ "$CC" = "gcc" -a "$GCC_ARCH" = "-m64" ]; then
- # $GCC_ARCH denotes default ABI chosen by compiler driver
- # (first one found on the $PATH). I assume that user
- # expects certain consistency with the rest of his builds
- # and therefore switch over to 64-bit. <appro>
- OUT="solaris64-sparcv9-gcc"
- echo "WARNING! If you wish to build 32-bit library, then you have to"
- echo " invoke './Configure solaris-sparcv9-gcc' *manually*."
- if [ "$TEST" = "false" -a -t 1 ]; then
- echo " You have about 5 seconds to press Ctrl-C to abort."
- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
- fi
- elif [ "$GCC_ARCH" = "-m32" ]; then
- echo "NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI"
- echo " and wish to build 64-bit library, then you have to"
- echo " invoke './Configure solaris64-sparcv9-gcc' *manually*."
- if [ "$TEST" = "false" -a -t 1 ]; then
- echo " You have about 5 seconds to press Ctrl-C to abort."
- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
- fi
- fi
- fi
- ;;
- sun4m-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
- sun4d-*-solaris2) OUT="solaris-sparcv8-$CC" ;;
- sun4*-*-solaris2) OUT="solaris-sparcv7-$CC" ;;
- *86*-*-solaris2)
- ISA64=`(isalist) 2>/dev/null | grep amd64`
- if [ "$ISA64" != "" ]; then
- OUT="solaris64-x86_64-$CC"
- else
- OUT="solaris-x86-$CC"
- if [ `uname -r | sed -e 's/5\.//'` -lt 10 ]; then
- options="$options no-sse2"
- fi
- fi
- ;;
- *-*-sunos4) OUT="sunos-$CC" ;;
-
- *86*-*-bsdi4) OUT="BSD-x86-elf"; options="$options no-sse2 -ldl" ;;
- alpha*-*-*bsd*) OUT="BSD-generic64; options="$options -DL_ENDIAN" ;;
- powerpc64-*-*bsd*) OUT="BSD-generic64; options="$options -DB_ENDIAN" ;;
- sparc64-*-*bsd*) OUT="BSD-sparc64" ;;
- ia64-*-*bsd*) OUT="BSD-ia64" ;;
- amd64-*-*bsd*) OUT="BSD-x86_64" ;;
- *86*-*-*bsd*) # mimic ld behaviour when it's looking for libc...
- if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD
- libc=/usr/lib/libc.so
- else # OpenBSD
- # ld searches for highest libc.so.* and so do we
- libc=`(ls /usr/lib/libc.so.* | tail -1) 2>/dev/null`
- fi
- case "`(file -L $libc) 2>/dev/null`" in
- *ELF*) OUT="BSD-x86-elf" ;;
- *) OUT="BSD-x86"; options="$options no-sse2" ;;
- esac ;;
- *-*-*bsd*) OUT="BSD-generic32" ;;
-
- *-*-osf) OUT="osf1-alpha-cc" ;;
- *-*-tru64) OUT="tru64-alpha-cc" ;;
- *-*-[Uu]nix[Ww]are7)
- if [ "$CC" = "gcc" ]; then
- OUT="unixware-7-gcc" ; options="$options no-sse2"
- else
- OUT="unixware-7" ; options="$options no-sse2 -D__i386__"
- fi
- ;;
- *-*-[Uu]nix[Ww]are20*) OUT="unixware-2.0"; options="$options no-sse2 no-sha512" ;;
- *-*-[Uu]nix[Ww]are21*) OUT="unixware-2.1"; options="$options no-sse2 no-sha512" ;;
- *-*-vos)
- options="$options no-threads no-shared no-asm no-dso"
- EXE=".pm"
- OUT="vos-$CC" ;;
- BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
- RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
- *-siemens-sysv4) OUT="SINIX" ;;
- *-hpux1*)
- if [ $CC = "gcc" -a $GCC_BITS = "64" ]; then
- OUT="hpux64-parisc2-gcc"
- fi
- KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
- KERNEL_BITS=${KERNEL_BITS:-32}
- CPU_VERSION=`(getconf CPU_VERSION) 2>/dev/null`
- CPU_VERSION=${CPU_VERSION:-0}
- # See <sys/unistd.h> for further info on CPU_VERSION.
- if [ $CPU_VERSION -ge 768 ]; then # IA-64 CPU
- echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
- echo " If you wish to build 32-bit library, the you have to"
- echo " invoke './Configure hpux-ia64-cc' *manually*."
- if [ "$TEST" = "false" -a -t 1 ]; then
- echo " You have about 5 seconds to press Ctrl-C to abort."
- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
- fi
- OUT="hpux64-ia64-cc"
- elif [ $CPU_VERSION -ge 532 ]; then # PA-RISC 2.x CPU
- OUT=${OUT:-"hpux-parisc2-${CC}"}
- if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
- echo "WARNING! If you wish to build 64-bit library then you have to"
- echo " invoke './Configure hpux64-parisc2-cc' *manually*."
- if [ "$TEST" = "false" -a -t 1 ]; then
- echo " You have about 5 seconds to press Ctrl-C to abort."
- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
- fi
- fi
- elif [ $CPU_VERSION -ge 528 ]; then # PA-RISC 1.1+ CPU
- OUT="hpux-parisc-${CC}"
- elif [ $CPU_VERSION -ge 523 ]; then # PA-RISC 1.0 CPU
- OUT="hpux-parisc-${CC}"
- else # Motorola(?) CPU
- OUT="hpux-$CC"
- fi
- options="$options -D_REENTRANT" ;;
- *-hpux) OUT="hpux-parisc-$CC" ;;
- *-aix)
- KERNEL_BITS=`(getconf KERNEL_BITMODE) 2>/dev/null`
- KERNEL_BITS=${KERNEL_BITS:-32}
- OBJECT_MODE=${OBJECT_MODE:-32}
- if [ "$CC" = "gcc" ]; then
- OUT="aix-gcc"
- elif [ $OBJECT_MODE -eq 64 ]; then
- echo 'Your $OBJECT_MODE was found to be set to 64'
- OUT="aix64-cc"
- else
- OUT="aix-cc"
- if [ $KERNEL_BITS -eq 64 ]; then
- echo "WARNING! If you wish to build 64-bit kit, then you have to"
- echo " invoke './Configure aix64-cc' *manually*."
- if [ "$TEST" = "false" -a -t 1 ]; then
- echo " You have ~5 seconds to press Ctrl-C to abort."
- (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
- fi
- fi
- fi
- if (lsattr -E -O -l proc0 | grep -i powerpc) >/dev/null 2>&1; then
- : # this applies even to Power3 and later, as they return PowerPC_POWER[345]
- else
- options="$options no-asm"
- fi
- ;;
- # these are all covered by the catchall below
- # *-dgux) OUT="dgux" ;;
- mips-sony-newsos4) OUT="newsos4-gcc" ;;
- *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
- *-*-cygwin) OUT="Cygwin" ;;
- t3e-cray-unicosmk) OUT="cray-t3e" ;;
- j90-cray-unicos) OUT="cray-j90" ;;
- nsr-tandem-nsk) OUT="tandem-c89" ;;
- *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
-esac
-
-# NB: This atalla support has been superceded by the ENGINE support
-# That contains its own header and definitions anyway. Support can
-# be enabled or disabled on any supported platform without external
-# headers, eg. by adding the "hw-atalla" switch to ./config or
-# perl Configure
-#
-# See whether we can compile Atalla support
-#if [ -f /usr/include/atasi.h ]
-#then
-# options="$options -DATALLA"
-#fi
-
-# gcc < 2.8 does not support -march=ultrasparc
-if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
-then
- echo "WARNING! Falling down to 'solaris-sparcv8-gcc'."
- echo " Upgrade to gcc-2.8 or later."
- sleep 5
- OUT=solaris-sparcv8-gcc
-fi
-if [ "$OUT" = "linux-sparcv9" -a $GCCVER -lt 28 ]
-then
- echo "WARNING! Falling down to 'linux-sparcv8'."
- echo " Upgrade to gcc-2.8 or later."
- sleep 5
- OUT=linux-sparcv8
-fi
-
-case "$GUESSOS" in
- i386-*) options="$options 386" ;;
-esac
-
-for i in aes bf camellia cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
-do
- if [ ! -d crypto/$i ]
- then
- options="$options no-$i"
- fi
-done
-
-# Discover Kerberos 5 (since it's still a prototype, we don't
-# do any guesses yet, that's why this section is commented away.
-#if [ -d /usr/kerberos ]; then
-# krb5_dir=/usr/kerberos
-# if [ \( -f $krb5_dir/lib/libgssapi_krb5.a -o -f $krb5_dir/lib/libgssapi_krb5.so* \)\
-# -a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
-# -a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
-# -a \( -f $krb5_dir/lib/libk5crypto.a -o -f $krb5_dir/lib/libk5crypto.so* \)\
-# -a \( -f $krb5_dir/include/krb5.h \) ]; then
-# options="$options --with-krb5-flavor=MIT"
-# fi
-#elif [ -d /usr/heimdal ]; then
-# krb5_dir=/usr/heimdal
-# if [ \( -f $krb5_dir/lib/libgssapi.a -o -f $krb5_dir/lib/libgssapi.so* \)\
-# -a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
-# -a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
-# -a \( -f $krb5_dir/include/krb5.h \) ]; then
-# options="$options --with-krb5-flavor=Heimdal"
-# fi
-#fi
-
-if [ -z "$OUT" ]; then
- OUT="$CC"
-fi
-
-if [ ".$PERL" = . ] ; then
- for i in . `echo $PATH | sed 's/:/ /g'`; do
- if [ -f "$i/perl5$EXE" ] ; then
- PERL="$i/perl5$EXE"
- break;
- fi;
- done
-fi
-
-if [ ".$PERL" = . ] ; then
- for i in . `echo $PATH | sed 's/:/ /g'`; do
- if [ -f "$i/perl$EXE" ] ; then
- if "$i/perl$EXE" -e 'exit($]<5.0)'; then
- PERL="$i/perl$EXE"
- break;
- fi;
- fi;
- done
-fi
-
-if [ ".$PERL" = . ] ; then
- echo "You need Perl 5."
- exit 1
-fi
-
-# run Configure to check to see if we need to specify the
-# compiler for the platform ... in which case we add it on
-# the end ... otherwise we leave it off
-
-$PERL ./Configure LIST | grep "$OUT-$CC" > /dev/null
-if [ $? = "0" ]; then
- OUT="$OUT-$CC"
-fi
-
-OUT="$PREFIX$OUT"
-
-$PERL ./Configure LIST | grep "$OUT" > /dev/null
-if [ $? = "0" ]; then
- echo Configuring for $OUT
-
- if [ "$TEST" = "true" ]; then
- echo $PERL ./Configure $OUT $options
- else
- $PERL ./Configure $OUT $options
- fi
-else
- echo "This system ($OUT) is not supported. See file INSTALL for details."
-fi
-)
diff --git a/crypto/openssl/demos/README b/crypto/openssl/demos/README
deleted file mode 100644
index d2155ef..0000000
--- a/crypto/openssl/demos/README
+++ /dev/null
@@ -1,9 +0,0 @@
-NOTE: Don't expect any of these programs to work with current
-OpenSSL releases, or even with later SSLeay releases.
-
-Original README:
-=============================================================================
-
-Some demo programs sent to me by various people
-
-eric
diff --git a/crypto/openssl/demos/asn1/README.ASN1 b/crypto/openssl/demos/asn1/README.ASN1
deleted file mode 100644
index ac497be..0000000
--- a/crypto/openssl/demos/asn1/README.ASN1
+++ /dev/null
@@ -1,7 +0,0 @@
-This is a demo of the new ASN1 code. Its an OCSP ASN1 module. Doesn't
-do much yet other than demonstrate what the new ASN1 modules might look
-like.
-
-It wont even compile yet: the new code isn't in place.
-
-
diff --git a/crypto/openssl/demos/asn1/ocsp.c b/crypto/openssl/demos/asn1/ocsp.c
deleted file mode 100644
index 0199fe1..0000000
--- a/crypto/openssl/demos/asn1/ocsp.c
+++ /dev/null
@@ -1,366 +0,0 @@
-/* ocsp.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-
-
-
-/* Example of new ASN1 code, OCSP request
-
- OCSPRequest ::= SEQUENCE {
- tbsRequest TBSRequest,
- optionalSignature [0] EXPLICIT Signature OPTIONAL }
-
- TBSRequest ::= SEQUENCE {
- version [0] EXPLICIT Version DEFAULT v1,
- requestorName [1] EXPLICIT GeneralName OPTIONAL,
- requestList SEQUENCE OF Request,
- requestExtensions [2] EXPLICIT Extensions OPTIONAL }
-
- Signature ::= SEQUENCE {
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING,
- certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
-
- Version ::= INTEGER { v1(0) }
-
- Request ::= SEQUENCE {
- reqCert CertID,
- singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
-
- CertID ::= SEQUENCE {
- hashAlgorithm AlgorithmIdentifier,
- issuerNameHash OCTET STRING, -- Hash of Issuer's DN
- issuerKeyHash OCTET STRING, -- Hash of Issuers public key
- serialNumber CertificateSerialNumber }
-
- OCSPResponse ::= SEQUENCE {
- responseStatus OCSPResponseStatus,
- responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
-
- OCSPResponseStatus ::= ENUMERATED {
- successful (0), --Response has valid confirmations
- malformedRequest (1), --Illegal confirmation request
- internalError (2), --Internal error in issuer
- tryLater (3), --Try again later
- --(4) is not used
- sigRequired (5), --Must sign the request
- unauthorized (6) --Request unauthorized
- }
-
- ResponseBytes ::= SEQUENCE {
- responseType OBJECT IDENTIFIER,
- response OCTET STRING }
-
- BasicOCSPResponse ::= SEQUENCE {
- tbsResponseData ResponseData,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING,
- certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
-
- ResponseData ::= SEQUENCE {
- version [0] EXPLICIT Version DEFAULT v1,
- responderID ResponderID,
- producedAt GeneralizedTime,
- responses SEQUENCE OF SingleResponse,
- responseExtensions [1] EXPLICIT Extensions OPTIONAL }
-
- ResponderID ::= CHOICE {
- byName [1] Name, --EXPLICIT
- byKey [2] KeyHash }
-
- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
- --(excluding the tag and length fields)
-
- SingleResponse ::= SEQUENCE {
- certID CertID,
- certStatus CertStatus,
- thisUpdate GeneralizedTime,
- nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
- singleExtensions [1] EXPLICIT Extensions OPTIONAL }
-
- CertStatus ::= CHOICE {
- good [0] IMPLICIT NULL,
- revoked [1] IMPLICIT RevokedInfo,
- unknown [2] IMPLICIT UnknownInfo }
-
- RevokedInfo ::= SEQUENCE {
- revocationTime GeneralizedTime,
- revocationReason [0] EXPLICIT CRLReason OPTIONAL }
-
- UnknownInfo ::= NULL -- this can be replaced with an enumeration
-
- ArchiveCutoff ::= GeneralizedTime
-
- AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
-
- ServiceLocator ::= SEQUENCE {
- issuer Name,
- locator AuthorityInfoAccessSyntax }
-
- -- Object Identifiers
-
- id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
- id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
- id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
- id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
- id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
- id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
- id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
- id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
- id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
-
-*/
-
-/* Request Structures */
-
-DECLARE_STACK_OF(Request)
-
-typedef struct {
- ASN1_INTEGER *version;
- GENERAL_NAME *requestorName;
- STACK_OF(Request) *requestList;
- STACK_OF(X509_EXTENSION) *requestExtensions;
-} TBSRequest;
-
-typedef struct {
- X509_ALGOR *signatureAlgorithm;
- ASN1_BIT_STRING *signature;
- STACK_OF(X509) *certs;
-} Signature;
-
-typedef struct {
- TBSRequest *tbsRequest;
- Signature *optionalSignature;
-} OCSPRequest;
-
-typedef struct {
- X509_ALGOR *hashAlgorithm;
- ASN1_OCTET_STRING *issuerNameHash;
- ASN1_OCTET_STRING *issuerKeyHash;
- ASN1_INTEGER *certificateSerialNumber;
-} CertID;
-
-typedef struct {
- CertID *reqCert;
- STACK_OF(X509_EXTENSION) *singleRequestExtensions;
-} Request;
-
-/* Response structures */
-
-typedef struct {
- ASN1_OBJECT *responseType;
- ASN1_OCTET_STRING *response;
-} ResponseBytes;
-
-typedef struct {
- ASN1_ENUMERATED *responseStatus;
- ResponseBytes *responseBytes;
-} OCSPResponse;
-
-typedef struct {
- int type;
- union {
- X509_NAME *byName;
- ASN1_OCTET_STRING *byKey;
- }d;
-} ResponderID;
-
-typedef struct {
- ASN1_INTEGER *version;
- ResponderID *responderID;
- ASN1_GENERALIZEDTIME *producedAt;
- STACK_OF(SingleResponse) *responses;
- STACK_OF(X509_EXTENSION) *responseExtensions;
-} ResponseData;
-
-typedef struct {
- ResponseData *tbsResponseData;
- X509_ALGOR *signatureAlgorithm;
- ASN1_BIT_STRING *signature;
- STACK_OF(X509) *certs;
-} BasicOCSPResponse;
-
-typedef struct {
- ASN1_GENERALIZEDTIME *revocationTime;
- ASN1_ENUMERATED * revocationReason;
-} RevokedInfo;
-
-typedef struct {
- int type;
- union {
- ASN1_NULL *good;
- RevokedInfo *revoked;
- ASN1_NULL *unknown;
- } d;
-} CertStatus;
-
-typedef struct {
- CertID *certID;
- CertStatus *certStatus;
- ASN1_GENERALIZEDTIME *thisUpdate;
- ASN1_GENERALIZEDTIME *nextUpdate;
- STACK_OF(X509_EXTENSION) *singleExtensions;
-} SingleResponse;
-
-
-typedef struct {
- X509_NAME *issuer;
- STACK_OF(ACCESS_DESCRIPTION) *locator;
-} ServiceLocator;
-
-
-/* Now the ASN1 templates */
-
-IMPLEMENT_COMPAT_ASN1(X509);
-IMPLEMENT_COMPAT_ASN1(X509_ALGOR);
-//IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
-IMPLEMENT_COMPAT_ASN1(GENERAL_NAME);
-IMPLEMENT_COMPAT_ASN1(X509_NAME);
-
-ASN1_SEQUENCE(X509_EXTENSION) = {
- ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
- ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
- ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(X509_EXTENSION);
-
-
-ASN1_SEQUENCE(Signature) = {
- ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),
- ASN1_SEQUENCE_OF(Signature, certs, X509)
-} ASN1_SEQUENCE_END(Signature);
-
-ASN1_SEQUENCE(CertID) = {
- ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
- ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
- ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(CertID);
-
-ASN1_SEQUENCE(Request) = {
- ASN1_SIMPLE(Request, reqCert, CertID),
- ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)
-} ASN1_SEQUENCE_END(Request);
-
-ASN1_SEQUENCE(TBSRequest) = {
- ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),
- ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),
- ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),
- ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)
-} ASN1_SEQUENCE_END(TBSRequest);
-
-ASN1_SEQUENCE(OCSPRequest) = {
- ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),
- ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)
-} ASN1_SEQUENCE_END(OCSPRequest);
-
-
-/* Response templates */
-
-ASN1_SEQUENCE(ResponseBytes) = {
- ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
- ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(ResponseBytes);
-
-ASN1_SEQUENCE(OCSPResponse) = {
- ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
- ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
-} ASN1_SEQUENCE_END(OCSPResponse);
-
-ASN1_CHOICE(ResponderID) = {
- ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),
- ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)
-} ASN1_CHOICE_END(ResponderID);
-
-ASN1_SEQUENCE(RevokedInfo) = {
- ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
- ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
-} ASN1_SEQUENCE_END(RevokedInfo);
-
-ASN1_CHOICE(CertStatus) = {
- ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),
- ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),
- ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)
-} ASN1_CHOICE_END(CertStatus);
-
-ASN1_SEQUENCE(SingleResponse) = {
- ASN1_SIMPLE(SingleResponse, certID, CertID),
- ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
- ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
- ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
- ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END(SingleResponse);
-
-ASN1_SEQUENCE(ResponseData) = {
- ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
- ASN1_SIMPLE(ResponseData, responderID, ResponderID),
- ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
- ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
- ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END(ResponseData);
-
-ASN1_SEQUENCE(BasicOCSPResponse) = {
- ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
- ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
- ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
-} ASN1_SEQUENCE_END(BasicOCSPResponse);
-
diff --git a/crypto/openssl/demos/b64.c b/crypto/openssl/demos/b64.c
deleted file mode 100644
index efdd444..0000000
--- a/crypto/openssl/demos/b64.c
+++ /dev/null
@@ -1,268 +0,0 @@
-/* demos/b64.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "../apps/apps.h"
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#undef SIZE
-#undef BSIZE
-#undef PROG
-
-#define SIZE (512)
-#define BSIZE (8*1024)
-#define PROG enc_main
-
-int main(argc,argv)
-int argc;
-char **argv;
- {
- char *strbuf=NULL;
- unsigned char *buff=NULL,*bufsize=NULL;
- int bsize=BSIZE,verbose=0;
- int ret=1,inl;
- char *str=NULL;
- char *hkey=NULL,*hiv=NULL;
- int enc=1,printkey=0,i,base64=0;
- int debug=0;
- EVP_CIPHER *cipher=NULL,*c;
- char *inf=NULL,*outf=NULL;
- BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
-#define PROG_NAME_SIZE 39
-
-
- apps_startup();
-
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
-
- base64=1;
-
- argc--;
- argv++;
- while (argc >= 1)
- {
- if (strcmp(*argv,"-e") == 0)
- enc=1;
- if (strcmp(*argv,"-in") == 0)
- {
- if (--argc < 1) goto bad;
- inf= *(++argv);
- }
- else if (strcmp(*argv,"-out") == 0)
- {
- if (--argc < 1) goto bad;
- outf= *(++argv);
- }
- else if (strcmp(*argv,"-d") == 0)
- enc=0;
- else if (strcmp(*argv,"-v") == 0)
- verbose=1;
- else if (strcmp(*argv,"-debug") == 0)
- debug=1;
- else if (strcmp(*argv,"-bufsize") == 0)
- {
- if (--argc < 1) goto bad;
- bufsize=(unsigned char *)*(++argv);
- }
- else
- {
- BIO_printf(bio_err,"unknown option '%s'\n",*argv);
-bad:
- BIO_printf(bio_err,"options are\n");
- BIO_printf(bio_err,"%-14s input file\n","-in <file>");
- BIO_printf(bio_err,"%-14s output file\n","-out <file>");
- BIO_printf(bio_err,"%-14s encode\n","-e");
- BIO_printf(bio_err,"%-14s decode\n","-d");
- BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
-
- goto end;
- }
- argc--;
- argv++;
- }
-
- if (bufsize != NULL)
- {
- int i;
- unsigned long n;
-
- for (n=0; *bufsize; bufsize++)
- {
- i= *bufsize;
- if ((i <= '9') && (i >= '0'))
- n=n*10+i-'0';
- else if (i == 'k')
- {
- n*=1024;
- bufsize++;
- break;
- }
- }
- if (*bufsize != '\0')
- {
- BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
- goto end;
- }
-
- /* It must be large enough for a base64 encoded line */
- if (n < 80) n=80;
-
- bsize=(int)n;
- if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
- }
-
- strbuf=OPENSSL_malloc(SIZE);
- buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
- if ((buff == NULL) || (strbuf == NULL))
- {
- BIO_printf(bio_err,"OPENSSL_malloc failure\n");
- goto end;
- }
-
- in=BIO_new(BIO_s_file());
- out=BIO_new(BIO_s_file());
- if ((in == NULL) || (out == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
- if (debug)
- {
- BIO_set_callback(in,BIO_debug_callback);
- BIO_set_callback(out,BIO_debug_callback);
- BIO_set_callback_arg(in,bio_err);
- BIO_set_callback_arg(out,bio_err);
- }
-
- if (inf == NULL)
- BIO_set_fp(in,stdin,BIO_NOCLOSE);
- else
- {
- if (BIO_read_filename(in,inf) <= 0)
- {
- perror(inf);
- goto end;
- }
- }
-
- if (outf == NULL)
- BIO_set_fp(out,stdout,BIO_NOCLOSE);
- else
- {
- if (BIO_write_filename(out,outf) <= 0)
- {
- perror(outf);
- goto end;
- }
- }
-
- rbio=in;
- wbio=out;
-
- if (base64)
- {
- if ((b64=BIO_new(BIO_f_base64())) == NULL)
- goto end;
- if (debug)
- {
- BIO_set_callback(b64,BIO_debug_callback);
- BIO_set_callback_arg(b64,bio_err);
- }
- if (enc)
- wbio=BIO_push(b64,wbio);
- else
- rbio=BIO_push(b64,rbio);
- }
-
- for (;;)
- {
- inl=BIO_read(rbio,(char *)buff,bsize);
- if (inl <= 0) break;
- if (BIO_write(wbio,(char *)buff,inl) != inl)
- {
- BIO_printf(bio_err,"error writing output file\n");
- goto end;
- }
- }
- BIO_flush(wbio);
-
- ret=0;
- if (verbose)
- {
- BIO_printf(bio_err,"bytes read :%8ld\n",BIO_number_read(in));
- BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
- }
-end:
- if (strbuf != NULL) OPENSSL_free(strbuf);
- if (buff != NULL) OPENSSL_free(buff);
- if (in != NULL) BIO_free(in);
- if (out != NULL) BIO_free(out);
- if (benc != NULL) BIO_free(benc);
- if (b64 != NULL) BIO_free(b64);
- EXIT(ret);
- }
-
diff --git a/crypto/openssl/demos/b64.pl b/crypto/openssl/demos/b64.pl
deleted file mode 100644
index 8aa5fb4..0000000
--- a/crypto/openssl/demos/b64.pl
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/usr/local/bin/perl
-
-#
-# Make PEM encoded data have lines of 64 bytes of data
-#
-
-while (<>)
- {
- if (/^-----BEGIN/ .. /^-----END/)
- {
- if (/^-----BEGIN/) { $first=$_; next; }
- if (/^-----END/) { $last=$_; next; }
- $out.=$_;
- }
- }
-$out =~ s/\s//g;
-$out =~ s/(.{64})/$1\n/g;
-print "$first$out\n$last\n";
-
-
diff --git a/crypto/openssl/demos/bio/Makefile b/crypto/openssl/demos/bio/Makefile
deleted file mode 100644
index 4351540..0000000
--- a/crypto/openssl/demos/bio/Makefile
+++ /dev/null
@@ -1,16 +0,0 @@
-CC=cc
-CFLAGS= -g -I../../include
-LIBS= -L../.. ../../libssl.a ../../libcrypto.a
-EXAMPLES=saccept sconnect
-
-all: $(EXAMPLES)
-
-saccept: saccept.o
- $(CC) -o saccept saccept.o $(LIBS)
-
-sconnect: sconnect.o
- $(CC) -o sconnect sconnect.o $(LIBS)
-
-clean:
- rm -f $(EXAMPLES) *.o
-
diff --git a/crypto/openssl/demos/bio/README b/crypto/openssl/demos/bio/README
deleted file mode 100644
index 0b24e5b..0000000
--- a/crypto/openssl/demos/bio/README
+++ /dev/null
@@ -1,3 +0,0 @@
-This directory contains some simple examples of the use of BIO's
-to simplify socket programming.
-
diff --git a/crypto/openssl/demos/bio/saccept.c b/crypto/openssl/demos/bio/saccept.c
deleted file mode 100644
index 40cd4da..0000000
--- a/crypto/openssl/demos/bio/saccept.c
+++ /dev/null
@@ -1,112 +0,0 @@
-/* NOCW */
-/* demos/bio/saccept.c */
-
-/* A minimal program to server an SSL connection.
- * It uses blocking.
- * saccept host:port
- * host is the interface IP to use. If any interface, use *:port
- * The default it *:4433
- *
- * cc -I../../include saccept.c -L../.. -lssl -lcrypto
- */
-
-#include <stdio.h>
-#include <signal.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-#define CERT_FILE "server.pem"
-
-BIO *in=NULL;
-
-void close_up()
- {
- if (in != NULL)
- BIO_free(in);
- }
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- char *port=NULL;
- BIO *ssl_bio,*tmp;
- SSL_CTX *ctx;
- SSL *ssl;
- char buf[512];
- int ret=1,i;
-
- if (argc <= 1)
- port="*:4433";
- else
- port=argv[1];
-
- signal(SIGINT,close_up);
-
- SSL_load_error_strings();
-
-#ifdef WATT32
- dbug_init();
- sock_init();
-#endif
-
- /* Add ciphers and message digests */
- OpenSSL_add_ssl_algorithms();
-
- ctx=SSL_CTX_new(SSLv23_server_method());
- if (!SSL_CTX_use_certificate_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
- goto err;
- if (!SSL_CTX_use_PrivateKey_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
- goto err;
- if (!SSL_CTX_check_private_key(ctx))
- goto err;
-
- /* Setup server side SSL bio */
- ssl=SSL_new(ctx);
- ssl_bio=BIO_new_ssl(ctx,0);
-
- if ((in=BIO_new_accept(port)) == NULL) goto err;
-
- /* This means that when a new connection is acceptede on 'in',
- * The ssl_bio will be 'dupilcated' and have the new socket
- * BIO push into it. Basically it means the SSL BIO will be
- * automatically setup */
- BIO_set_accept_bios(in,ssl_bio);
-
-again:
- /* The first call will setup the accept socket, and the second
- * will get a socket. In this loop, the first actual accept
- * will occur in the BIO_read() function. */
-
- if (BIO_do_accept(in) <= 0) goto err;
-
- for (;;)
- {
- i=BIO_read(in,buf,512);
- if (i == 0)
- {
- /* If we have finished, remove the underlying
- * BIO stack so the next time we call any function
- * for this BIO, it will attempt to do an
- * accept */
- printf("Done\n");
- tmp=BIO_pop(in);
- BIO_free_all(tmp);
- goto again;
- }
- if (i < 0) goto err;
- fwrite(buf,1,i,stdout);
- fflush(stdout);
- }
-
- ret=0;
-err:
- if (ret)
- {
- ERR_print_errors_fp(stderr);
- }
- if (in != NULL) BIO_free(in);
- exit(ret);
- return(!ret);
- }
-
diff --git a/crypto/openssl/demos/bio/sconnect.c b/crypto/openssl/demos/bio/sconnect.c
deleted file mode 100644
index 880344e..0000000
--- a/crypto/openssl/demos/bio/sconnect.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* NOCW */
-/* demos/bio/sconnect.c */
-
-/* A minimal program to do SSL to a passed host and port.
- * It is actually using non-blocking IO but in a very simple manner
- * sconnect host:port - it does a 'GET / HTTP/1.0'
- *
- * cc -I../../include sconnect.c -L../.. -lssl -lcrypto
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-extern int errno;
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- char *host;
- BIO *out;
- char buf[1024*10],*p;
- SSL_CTX *ssl_ctx=NULL;
- SSL *ssl;
- BIO *ssl_bio;
- int i,len,off,ret=1;
-
- if (argc <= 1)
- host="localhost:4433";
- else
- host=argv[1];
-
-#ifdef WATT32
- dbug_init();
- sock_init();
-#endif
-
- /* Lets get nice error messages */
- SSL_load_error_strings();
-
- /* Setup all the global SSL stuff */
- OpenSSL_add_ssl_algorithms();
- ssl_ctx=SSL_CTX_new(SSLv23_client_method());
-
- /* Lets make a SSL structure */
- ssl=SSL_new(ssl_ctx);
- SSL_set_connect_state(ssl);
-
- /* Use it inside an SSL BIO */
- ssl_bio=BIO_new(BIO_f_ssl());
- BIO_set_ssl(ssl_bio,ssl,BIO_CLOSE);
-
- /* Lets use a connect BIO under the SSL BIO */
- out=BIO_new(BIO_s_connect());
- BIO_set_conn_hostname(out,host);
- BIO_set_nbio(out,1);
- out=BIO_push(ssl_bio,out);
-
- p="GET / HTTP/1.0\r\n\r\n";
- len=strlen(p);
-
- off=0;
- for (;;)
- {
- i=BIO_write(out,&(p[off]),len);
- if (i <= 0)
- {
- if (BIO_should_retry(out))
- {
- fprintf(stderr,"write DELAY\n");
- sleep(1);
- continue;
- }
- else
- {
- goto err;
- }
- }
- off+=i;
- len-=i;
- if (len <= 0) break;
- }
-
- for (;;)
- {
- i=BIO_read(out,buf,sizeof(buf));
- if (i == 0) break;
- if (i < 0)
- {
- if (BIO_should_retry(out))
- {
- fprintf(stderr,"read DELAY\n");
- sleep(1);
- continue;
- }
- goto err;
- }
- fwrite(buf,1,i,stdout);
- }
-
- ret=1;
-
- if (0)
- {
-err:
- if (ERR_peek_error() == 0) /* system call error */
- {
- fprintf(stderr,"errno=%d ",errno);
- perror("error");
- }
- else
- ERR_print_errors_fp(stderr);
- }
- BIO_free_all(out);
- if (ssl_ctx != NULL) SSL_CTX_free(ssl_ctx);
- exit(!ret);
- return(ret);
- }
-
diff --git a/crypto/openssl/demos/bio/server.pem b/crypto/openssl/demos/bio/server.pem
deleted file mode 100644
index 5cf1387..0000000
--- a/crypto/openssl/demos/bio/server.pem
+++ /dev/null
@@ -1,30 +0,0 @@
-subject=/C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-issuer= /C=AU/SP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
------BEGIN X509 CERTIFICATE-----
-
-MIIBgjCCASwCAQQwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
-BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MTAwOTIz
-MzIwNVoXDTk4MDcwNTIzMzIwNVowYDELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
-RDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRkLjELMAkGA1UECxMCQ1MxGzAZBgNV
-BAMTElNTTGVheSBkZW1vIHNlcnZlcjBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQC3
-LCXcScWua0PFLkHBLm2VejqpA1F4RQ8q0VjRiPafjx/Z/aWH3ipdMVvuJGa/wFXb
-/nDFLDlfWp+oCPwhBtVPAgMBAAEwDQYJKoZIhvcNAQEEBQADQQArNFsihWIjBzb0
-DCsU0BvL2bvSwJrPEqFlkDq3F4M6EGutL9axEcANWgbbEdAvNJD1dmEmoWny27Pn
-IMs6ZOZB
------END X509 CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-
-MIIBPAIBAAJBALcsJdxJxa5rQ8UuQcEubZV6OqkDUXhFDyrRWNGI9p+PH9n9pYfe
-Kl0xW+4kZr/AVdv+cMUsOV9an6gI/CEG1U8CAwEAAQJAXJMBZ34ZXHd1vtgL/3hZ
-hexKbVTx/djZO4imXO/dxPGRzG2ylYZpHmG32/T1kaHpZlCHoEPgHoSzmxYXfxjG
-sQIhAPmZ/bQOjmRUHM/VM2X5zrjjM6z18R1P6l3ObFwt9FGdAiEAu943Yh9SqMRw
-tL0xHGxKmM/YJueUw1gB6sLkETN71NsCIQCeT3RhoqXfrpXDoEcEU+gwzjI1bpxq
-agiNTOLfqGoA5QIhAIQFYjgzONxex7FLrsKBm16N2SFl5pXsN9SpRqqL2n63AiEA
-g9VNIQ3xwpw7og3IbONifeku+J9qGMGQJMKwSTwrFtI=
------END RSA PRIVATE KEY-----
-
------BEGIN DH PARAMETERS-----
-MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn
-a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC
------END DH PARAMETERS-----
-
diff --git a/crypto/openssl/demos/easy_tls/Makefile b/crypto/openssl/demos/easy_tls/Makefile
deleted file mode 100644
index 2080700..0000000
--- a/crypto/openssl/demos/easy_tls/Makefile
+++ /dev/null
@@ -1,123 +0,0 @@
-# Makefile for easy-tls example application (rudimentary client and server)
-# $Id: Makefile,v 1.2 2001/09/18 09:15:40 bodo Exp $
-
-SOLARIS_CFLAGS=-Wall -pedantic -g -O2
-SOLARIS_LIBS=-lxnet
-
-LINUX_CFLAGS=-Wall -pedantic -g -O2
-LINUX_LIBS=
-
-
-auto-all:
- case `uname -s` in \
- SunOS) echo Using SunOS configuration; \
- make SYSCFLAGS="$(SOLARIS_CFLAGS)" SYSLIBS="$(SOLARIS_LIBS)" all;; \
- Linux) echo Using Linux configuration; \
- make SYSCFLAGS="$(LINUX_CFLAGS)" SYSLIBS="$(LINUX_LIBS)" all;; \
- *) echo "unknown system"; exit 1;; \
- esac
-
-all: test TAGS
-
-# For adapting this Makefile to a different system, only the following
-# definitions should need customizing:
-
-OPENSSLDIR=../..
-CC=gcc
-
-SYSCFLAGS=whatever
-SYSLIBS=whatever
-
-
-#############################################################################
-#
-# SSLeay/OpenSSL imports
-#
-# OPENSSLDIR (set above) can be either the directory where OpenSSL is
-# installed or the directory where it was compiled.
-
-# We rely on having a new OpenSSL release where include files
-# have names like <openssl/ssl.h> (not just <ssl.h>).
-OPENSSLINCLUDES=-I$(OPENSSLDIR)/include
-
-# libcrypto.a and libssl.a are directly in $(OPENSSLDIR) if this is
-# the compile directory, or in $(OPENSSLDIR)/lib if we use an installed
-# library. With the following definition, we can handle either case.
-OPENSSLLIBS=-L$(OPENSSLDIR) -L$(OPENSSLDIR)/lib -lssl -lcrypto
-
-
-#############################################################################
-#
-# Stuff for handling the source files
-#
-
-SOURCES=easy-tls.c test.c
-HEADERS=easy-tls.h test.h
-DOCSandEXAMPLESetc=Makefile cert.pem cacerts.pem
-EVERYTHING=$(SOURCES) $(HEADERS) $(DOCSandEXAMPLESetc)
-
-ls: ls-l
-ls-l:
- ls -l $(EVERYTHING)
-# For RCS:
-tag:
- -rcs -n_`date +%y%m%d`: $(EVERYTHING)
- rcs -nMYTAG $(EVERYTHING)
- rcs -nMYTAG: $(EVERYTHING)
-diff:
- -rcsdiff -rMYTAG -u $(EVERYTHING)
-today:
- -rcsdiff -r_`date +%y%m%d` -u $(EVERYTHING)
-ident:
- for a in $(EVERYTHING); do ident $$a; done
-
-# Distribution .tar:
-easy-tls.tar.gz: $(EVERYTHING)
- tar cvf - $(EVERYTHING) | \
- gzip -9 > easy-tls.tar.gz
-
-# Working .tar:
-tls.tgz: $(EVERYTHING)
- tar cfv - `find . -type f -a ! -name '*.tgz' -a ! -name '*.tar.gz'` | \
- gzip -9 > tls.tgz
-
-# For emacs:
-etags: TAGS
-TAGS: $(SOURCES) $(HEADERS)
- -etags $(SOURCES) $(HEADERS)
-
-
-#############################################################################
-#
-# Compilation
-#
-# The following definitions are system dependent (and hence defined
-# at the beginning of this Makefile, where they are more easily found):
-
-### CC=gcc
-### SYSCFLAGS=-Wall -pedantic -g -O2
-### SYSLIBS=-lxnet
-
-EXTRACFLAGS=-DTLS_APP=\"test.h\"
-# EXTRACFLAGS=-DTLS_APP=\"test.h\" -DDEBUG_TLS
-
-#
-# The rest shouldn't need to be touched.
-#
-LDFLAGS=$(SYSLIBS) $(OPENSSLLIBS)
-INCLUDES=$(OPENSSLINCLUDES)
-CFLAGS=$(SYSCFLAGS) $(EXTRACFLAGS) $(INCLUDES)
-
-OBJS=easy-tls.o test.o
-
-clean:
- @rm -f test
- @rm -f TAGS
- @rm -f *.o
- @rm -f core
-
-test: $(OBJS)
- $(CC) $(OBJS) $(LDFLAGS) -o test
-
-test.o: $(HEADERS)
-easy-tls.o: $(HEADERS)
diff --git a/crypto/openssl/demos/easy_tls/README b/crypto/openssl/demos/easy_tls/README
deleted file mode 100644
index 816a580..0000000
--- a/crypto/openssl/demos/easy_tls/README
+++ /dev/null
@@ -1,65 +0,0 @@
-easy_tls - generic SSL/TLS proxy
-========
-
-(... and example for non-blocking SSL/TLS I/O multiplexing.)
-
-
- easy_tls.c, easy_tls.h:
-
- Small generic SSL/TLS proxy library: With a few function calls,
- an application socket will be replaced by a pipe handled by a
- separate SSL/TLS proxy process. This allows easily adding
- SSL/TLS support to many programs not originally designed for it.
-
- [Actually easy_tls.c is not a proper library: Customization
- requires defining preprocessor macros while compiling it.
- This is quite confusing, so I'll probably change it.]
-
- These files may be used under the OpenSSL license.
-
-
-
- test.c, test.h, Makefile, cert.pem, cacerts.pem:
-
- Rudimentary example program using the easy_tls library, and
- example key and certificates for it. Usage examples:
-
- $ ./test 8443 # create server listening at port 8443
- $ ./test 127.0.0.1 8443 # create client, connect to port 8443
- # at IP address 127.0.0.1
-
- 'test' will not automatically do SSL/TLS, or even read or write
- data -- it must be told to do so on input lines starting
- with a command letter. 'W' means write a line, 'R' means
- read a line, 'C' means close the connection, 'T' means
- start an SSL/TLS proxy. E.g. (user input tagged with '*'):
-
- * R
- <<< 220 mail.example.net
- * WSTARTTLS
- >>> STARTTLS
- * R
- <<< 220 Ready to start TLS
- * T
- test_process_init(fd = 3, client_p = 1, apparg = (nil))
- +++ `E:self signed certificate in certificate chain'
- +++ `<... certificate info ...>'
- * WHELO localhost
- >>> HELO localhost
- R
- <<< 250 mail.example.net
-
- You can even do SSL/TLS over SSL/TLS over SSL/TLS ... by using
- 'T' multiple times. I have no idea why you would want to though.
-
-
-This code is rather old. When I find time I will update anything that
-should be changed, and improve code comments. To compile the sample
-program 'test' on platforms other then Linux or Solaris, you will have
-to edit the Makefile.
-
-As noted above, easy_tls.c will be changed to become a library one
-day, which means that future revisions will not be fully compatible to
-the current version.
-
-Bodo Möller <bodo@openssl.org>
diff --git a/crypto/openssl/demos/easy_tls/cacerts.pem b/crypto/openssl/demos/easy_tls/cacerts.pem
deleted file mode 100644
index acc70ba..0000000
--- a/crypto/openssl/demos/easy_tls/cacerts.pem
+++ /dev/null
@@ -1,18 +0,0 @@
-$Id: cacerts.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $
-
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
------BEGIN CERTIFICATE-----
-MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
-OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
-IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
-DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
-1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
-mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
-hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
-YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
-q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
------END CERTIFICATE-----
diff --git a/crypto/openssl/demos/easy_tls/cert.pem b/crypto/openssl/demos/easy_tls/cert.pem
deleted file mode 100644
index 364fe10..0000000
--- a/crypto/openssl/demos/easy_tls/cert.pem
+++ /dev/null
@@ -1,31 +0,0 @@
-$Id: cert.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $
-
-Example certificate and key.
-
------BEGIN CERTIFICATE-----
-MIIB1jCCAT8CAQEwDQYJKoZIhvcNAQEEBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
-ZDAeFw05OTA1MDEwMTI2MzVaFw05OTA1MzEwMTI2MzVaMCIxCzAJBgNVBAYTAkRF
-MRMwEQYDVQQDEwpUZXN0c2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68/8MbT3ou0pdF
-AcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2ai7emdjMjXVL
-tzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQABMA0GCSqGSIb3
-DQEBBAUAA4GBAMgM+sbAk8DfjSfa+Rf2gcGXmbrvZAzKzC+5RU3kaq/NyxIXAGco
-9dZjozzWfN/xuGup5boFk+KrP+xdgsaqGHsyzlgEoqz4ekqLjQeVbnoj339hVFU9
-MhPi6JULPxjXKumjfX2LLNkikW5puz8Df3UiX0EiaJvd7EwP8J75tiUT
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68
-/8MbT3ou0pdFAcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2
-ai7emdjMjXVLtzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQAB
-AoGANST8c1etf1MU19oIO5aqaE19OCXIG7oakNLCCtVTPMfvnE+vffBJH7BPIUuU
-4BBzwRv1nQrkvk72TPjVjOAu81B1SStKQueun2flVuYxp9NyupNWCBley4QdohlP
-I92ml2tzTSPmNIoA6jdGyNzFcGchapRRmejsC39F1RUbHQECQQD9KX81Wt8ZOrri
-dWiEXja1L3X8Bkb9vvUjVMQDTJJPxBJjehC6eurgE6PP6SJD5p/f3RHPCcLr8tSM
-D4P/OpKhAkEA/PFNlhIZUDKK6aTvG2mn7qQ5phbadOoyN1Js3ttWG5OMOZ6b/QlC
-Wvp84h44506BIlv+Tg2YAI0AdBUrf7oEowJAM4joAVd/ROaEtqbJ4PBA2L9RmD06
-5FqkEk4mHLnQqvYx/BgUIbH18ClvVlqSBBqFfw/EmU3WZSuogt6Bs0ocIQJBAOxB
-AoPiYcxbeQ5kZIVJOXaX49SzUdaUDNVJYrEBUzsspHQJJo/Avz606kJVkjbSR6Ft
-JWmIHuqcyMikIV4KxFsCQQCU2evoVjVsqkkbHi7W28f73PGBsyu0KIwlK7nu4h08
-Daf7TAI+A6jW/WRUsJ6dFhUYi7/Jvkcdrlnbgm2fxziX
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/demos/easy_tls/easy-tls.c b/crypto/openssl/demos/easy_tls/easy-tls.c
deleted file mode 100644
index 9cd8314..0000000
--- a/crypto/openssl/demos/easy_tls/easy-tls.c
+++ /dev/null
@@ -1,1240 +0,0 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
-/*
- * easy-tls.c -- generic TLS proxy.
- * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $
- */
-/*
- (c) Copyright 1999 Bodo Moeller. All rights reserved.
-
- This is free software; you can redistributed and/or modify it
- unter the terms of either
- - the GNU General Public License as published by the
- Free Software Foundation, version 1, or (at your option)
- any later version,
- or
- - the following license:
-*/
-/*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that each of the following
- * conditions is met:
- *
- * 1. Redistributions qualify as "freeware" or "Open Source Software" under
- * one of the following terms:
- *
- * (a) Redistributions are made at no charge beyond the reasonable cost of
- * materials and delivery.
- *
- * (b) Redistributions are accompanied by a copy of the Source Code
- * or by an irrevocable offer to provide a copy of the Source Code
- * for up to three years at the cost of materials and delivery.
- * Such redistributions must allow further use, modification, and
- * redistribution of the Source Code under substantially the same
- * terms as this license.
- *
- * 2. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 3. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 4. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by Bodo Moeller."
- * (If available, substitute umlauted o for oe.)
- *
- * 5. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Bodo Moeller."
- *
- * THIS SOFTWARE IS PROVIDED BY BODO MOELLER ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BODO MOELLER OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-/*
- * Attribution for OpenSSL library:
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- * This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)
- */
-
-static char const rcsid[] =
-"$Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $";
-
-#include <assert.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <limits.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/select.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <sys/types.h>
-#include <sys/utsname.h>
-#include <unistd.h>
-
-#include <openssl/crypto.h>
-#include <openssl/dh.h>
-#include <openssl/dsa.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/opensslv.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#ifndef NO_RSA
- #include <openssl/rsa.h>
-#endif
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-#include <openssl/x509_vfy.h>
-
-#if OPENSSL_VERSION_NUMBER < 0x00904000L /* 0.9.4-dev */
-# error "This program needs OpenSSL 0.9.4 or later."
-#endif
-
-#include "easy-tls.h" /* include after <openssl/ssl.h> if both are needed */
-
-#if TLS_INFO_SIZE > PIPE_BUF
-# if PIPE_BUF < 512
-# error "PIPE_BUF < 512" /* non-POSIX */
-# endif
-# error "TLS_INFO_SIZE > PIPE_BUF"
-#endif
-
-/*****************************************************************************/
-
-#ifdef TLS_APP
-# include TLS_APP
-#endif
-
-/* Applications can define:
- * TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg)
- * TLS_CUMULATE_ERRORS
- * TLS_ERROR_BUFSIZ
- * TLS_APP_ERRFLUSH -- void ...(int child_p, char *, size_t, void *apparg)
- */
-
-#ifndef TLS_APP_PROCESS_INIT
-# define TLS_APP_PROCESS_INIT(fd, client_p, apparg) ((void) 0)
-#endif
-
-#ifndef TLS_ERROR_BUFSIZ
-# define TLS_ERROR_BUFSIZ (10*160)
-#endif
-#if TLS_ERROR_BUFSIZ < 2 /* {'\n',0} */
-# error "TLS_ERROR_BUFSIZE is too small."
-#endif
-
-#ifndef TLS_APP_ERRFLUSH
-# define TLS_APP_ERRFLUSH tls_app_errflush
-static void
-tls_app_errflush(int child_p, char *errbuf, size_t num, void *apparg)
-{
- fputs(errbuf, stderr);
-}
-#endif
-
-/*****************************************************************************/
-
-#ifdef DEBUG_TLS
-# define DEBUG_MSG(x) fprintf(stderr," %s\n",x)
-# define DEBUG_MSG2(x,y) fprintf(stderr, " %s: %d\n",x,y)
-static int tls_loop_count = 0;
-static int tls_select_count = 0;
-#else
-# define DEBUG_MSG(x) (void)0
-# define DEBUG_MSG2(x,y) (void)0
-#endif
-
-static void tls_rand_seed_uniquely(void);
-static void tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p);
-static int tls_socket_nonblocking(int fd);
-
-static int tls_child_p = 0;
-static void *tls_child_apparg;
-
-
-struct tls_start_proxy_args
-tls_start_proxy_defaultargs(void)
-{
- struct tls_start_proxy_args ret;
-
- ret.fd = -1;
- ret.client_p = -1;
- ret.ctx = NULL;
- ret.pid = NULL;
- ret.infofd = NULL;
-
- return ret;
-}
-
-/* Slice in TLS proxy process at fd.
- * Return value:
- * 0 ok (*pid is set to child's PID if pid != NULL),
- * < 0 look at errno
- * > 0 other error
- * (return value encodes place of error)
- *
- */
-int
-tls_start_proxy(struct tls_start_proxy_args a, void *apparg)
-{
- int fds[2] = {-1, -1};
- int infofds[2] = {-1, -1};
- int r, getfd, getfl;
- int ret;
-
- DEBUG_MSG2("tls_start_proxy fd", a.fd);
- DEBUG_MSG2("tls_start_proxy client_p", a.client_p);
-
- if (a.fd == -1 || a.client_p == -1 || a.ctx == NULL)
- return 1;
-
- if (a.pid != NULL) {
- *a.pid = 0;
- }
- if (a.infofd != NULL) {
- *a.infofd = -1;
- }
-
- r = socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
- if (r == -1)
- return -1;
- if (a.fd >= FD_SETSIZE || fds[0] >= FD_SETSIZE) {
- ret = 2;
- goto err;
- }
- if (a.infofd != NULL) {
- r = pipe(infofds);
- if (r == -1) {
- ret = -3;
- goto err;
- }
- }
-
- r = fork();
- if (r == -1) {
- ret = -4;
- goto err;
- }
- if (r == 0) {
- DEBUG_MSG("fork");
- tls_child_p = 1;
- tls_child_apparg = apparg;
- close(fds[1]);
- if (infofds[0] != -1)
- close(infofds[0]);
- TLS_APP_PROCESS_INIT(a.fd, a.client_p, apparg);
- DEBUG_MSG("TLS_APP_PROCESS_INIT");
- tls_proxy(fds[0], a.fd, infofds[1], a.ctx, a.client_p);
- exit(0);
- }
- if (a.pid != NULL)
- *a.pid = r;
- if (infofds[1] != -1) {
- close(infofds[1]);
- infofds[1] = -1;
- }
- /* install fds[1] in place of fd: */
- close(fds[0]);
- fds[0] = -1;
- getfd = fcntl(a.fd, F_GETFD);
- getfl = fcntl(a.fd, F_GETFL);
- r = dup2(fds[1], a.fd);
- close(fds[1]);
- fds[1] = -1;
- if (r == -1) {
- ret = -5;
- goto err;
- }
- if (getfd != 1)
- fcntl(a.fd, F_SETFD, getfd);
- if (getfl & O_NONBLOCK)
- (void)tls_socket_nonblocking(a.fd);
- if (a.infofd != NULL)
- *a.infofd = infofds[0];
- return 0;
-
- err:
- if (fds[0] != -1)
- close(fds[0]);
- if (fds[1] != -1)
- close(fds[1]);
- if (infofds[0] != -1)
- close(infofds[0]);
- if (infofds[1] != -1)
- close(infofds[1]);
- return ret;
-}
-
-/*****************************************************************************/
-
-static char errbuf[TLS_ERROR_BUFSIZ];
-static size_t errbuf_i = 0;
-
-static void
-tls_errflush(void *apparg)
-{
- if (errbuf_i == 0)
- return;
-
- assert(errbuf_i < sizeof errbuf);
- assert(errbuf[errbuf_i] == 0);
- if (errbuf_i == sizeof errbuf - 1) {
- /* make sure we have a newline, even if string has been truncated */
- errbuf[errbuf_i - 1] = '\n';
- }
-
- /* TLS_APP_ERRFLUSH may modify the string as needed,
- * e.g. substitute other characters for \n for convenience */
- TLS_APP_ERRFLUSH(tls_child_p, errbuf, errbuf_i, apparg);
-
- errbuf_i = 0;
-}
-
-static void
-tls_errprintf(int flush, void *apparg, const char *fmt, ...)
-{
- va_list args;
- int r;
-
- if (errbuf_i < sizeof errbuf - 1) {
- size_t n;
-
- va_start(args, fmt);
- n = (sizeof errbuf) - errbuf_i;
- r = vsnprintf(errbuf + errbuf_i, n, fmt, args);
- if (r >= n)
- r = n - 1;
- if (r >= 0) {
- errbuf_i += r;
- } else {
- errbuf_i = sizeof errbuf - 1;
- errbuf[errbuf_i] = '\0';
- }
- assert(errbuf_i < sizeof errbuf);
- assert(errbuf[errbuf_i] == 0);
- }
-#ifndef TLS_CUMULATE_ERRORS
- tls_errflush(apparg);
-#else
- if (flush)
- tls_errflush(apparg);
-#endif
-}
-
-/* app_prefix.. are for additional information provided by caller.
- * If OpenSSL error queue is empty, print default_text ("???" if NULL).
- */
-static char *
-tls_openssl_errors(const char *app_prefix_1, const char *app_prefix_2, const char *default_text, void *apparg)
-{
- static char reasons[255];
- size_t reasons_i;
- unsigned long err;
- const char *file;
- int line;
- const char *data;
- int flags;
- char *errstring;
- int printed_something = 0;
-
- reasons_i = 0;
-
- assert(app_prefix_1 != NULL);
- assert(app_prefix_2 != NULL);
-
- if (default_text == NULL)
- default_text = "?""?""?";
-
- while ((err = ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) {
- if (reasons_i < sizeof reasons) {
- size_t n;
- int r;
-
- n = (sizeof reasons) - reasons_i;
- r = snprintf(reasons + reasons_i, n, "%s%s", (reasons_i > 0 ? ", " : ""), ERR_reason_error_string(err));
- if (r >= n)
- r = n - 1;
- if (r >= 0) {
- reasons_i += r;
- } else {
- reasons_i = sizeof reasons;
- }
- assert(reasons_i <= sizeof reasons);
- }
-
- errstring = ERR_error_string(err, NULL);
- assert(errstring != NULL);
- tls_errprintf(0, apparg, "OpenSSL error%s%s: %s:%s:%d:%s\n", app_prefix_1, app_prefix_2, errstring, file, line, (flags & ERR_TXT_STRING) ? data : "");
- printed_something = 1;
- }
-
- if (!printed_something) {
- assert(reasons_i == 0);
- snprintf(reasons, sizeof reasons, "%s", default_text);
- tls_errprintf(0, apparg, "OpenSSL error%s%s: %s\n", app_prefix_1, app_prefix_2, default_text);
- }
-
-#ifdef TLS_CUMULATE_ERRORS
- tls_errflush(apparg);
-#endif
- assert(errbuf_i == 0);
-
- return reasons;
-}
-
-/*****************************************************************************/
-
-static int tls_init_done = 0;
-
-static int
-tls_init(void *apparg)
-{
- if (tls_init_done)
- return 0;
-
- SSL_load_error_strings();
- if (!SSL_library_init() /* aka SSLeay_add_ssl_algorithms() */ ) {
- tls_errprintf(1, apparg, "SSL_library_init failed.\n");
- return -1;
- }
- tls_init_done = 1;
- tls_rand_seed();
- return 0;
-}
-
-/*****************************************************************************/
-
-static void
-tls_rand_seed_uniquely(void)
-{
- struct {
- pid_t pid;
- time_t time;
- void *stack;
- } data;
-
- data.pid = getpid();
- data.time = time(NULL);
- data.stack = (void *)&data;
-
- RAND_seed((const void *)&data, sizeof data);
-}
-
-void
-tls_rand_seed(void)
-{
- struct {
- struct utsname uname;
- int uname_1;
- int uname_2;
- uid_t uid;
- uid_t euid;
- gid_t gid;
- gid_t egid;
- } data;
-
- data.uname_1 = uname(&data.uname);
- data.uname_2 = errno; /* Let's hope that uname fails randomly :-) */
-
- data.uid = getuid();
- data.euid = geteuid();
- data.gid = getgid();
- data.egid = getegid();
-
- RAND_seed((const void *)&data, sizeof data);
- tls_rand_seed_uniquely();
-}
-
-static int tls_rand_seeded_p = 0;
-
-#define my_MIN_SEED_BYTES 256 /* struct stat can be larger than 128 */
-int
-tls_rand_seed_from_file(const char *filename, size_t n, void *apparg)
-{
- /* Seed OpenSSL's random number generator from file.
- Try to read n bytes if n > 0, whole file if n == 0. */
-
- int r;
-
- if (tls_init(apparg) == -1)
- return -1;
- tls_rand_seed();
-
- r = RAND_load_file(filename, (n > 0 && n < LONG_MAX) ? (long)n : LONG_MAX);
- /* r is the number of bytes filled into the random number generator,
- * which are taken from "stat(filename, ...)" in addition to the
- * file contents.
- */
- assert(1 < my_MIN_SEED_BYTES);
- /* We need to detect at least those cases when the file does not exist
- * at all. With current versions of OpenSSL, this should do it: */
- if (n == 0)
- n = my_MIN_SEED_BYTES;
- if (r < n) {
- tls_errprintf(1, apparg, "rand_seed_from_file: could not read %d bytes from %s.\n", n, filename);
- return -1;
- } else {
- tls_rand_seeded_p = 1;
- return 0;
- }
-}
-
-void
-tls_rand_seed_from_memory(const void *buf, size_t n)
-{
- size_t i = 0;
-
- while (i < n) {
- size_t rest = n - i;
- int chunk = rest < INT_MAX ? (int)rest : INT_MAX;
- RAND_seed((const char *)buf + i, chunk);
- i += chunk;
- }
- tls_rand_seeded_p = 1;
-}
-
-
-/*****************************************************************************/
-
-struct tls_x509_name_string {
- char str[100];
-};
-
-static void
-tls_get_x509_subject_name_oneline(X509 *cert, struct tls_x509_name_string *namestring)
-{
- X509_NAME *name;
-
- if (cert == NULL) {
- namestring->str[0] = '\0';
- return;
- }
-
- name = X509_get_subject_name(cert); /* does not increment any reference counter */
-
- assert(sizeof namestring->str >= 4); /* "?" or "...", plus 0 */
-
- if (name == NULL) {
- namestring->str[0] = '?';
- namestring->str[1] = 0;
- } else {
- size_t len;
-
- X509_NAME_oneline(name, namestring->str, sizeof namestring->str);
- len = strlen(namestring->str);
- assert(namestring->str[len] == 0);
- assert(len < sizeof namestring->str);
-
- if (len+1 == sizeof namestring->str) {
- /* (Probably something was cut off.)
- * Does not really work -- X509_NAME_oneline truncates after
- * name components, we cannot tell from the result whether
- * anything is missing. */
-
- assert(namestring->str[len] == 0);
- namestring->str[--len] = '.';
- namestring->str[--len] = '.';
- namestring->str[--len] = '.';
- }
- }
-}
-
-/*****************************************************************************/
-
-/* to hinder OpenSSL from asking for passphrases */
-static int
-no_passphrase_callback(char *buf, int num, int w, void *arg)
-{
- return -1;
-}
-
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
-static int
-verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg)
-#else
-static int
-verify_dont_fail_cb(X509_STORE_CTX *c)
-#endif
-{
- int i;
-
- i = X509_verify_cert(c); /* sets c->error */
-#if OPENSSL_VERSION_NUMBER >= 0x00905000L /* don't allow unverified
- * certificates -- they could
- * survive session reuse, but
- * OpenSSL < 0.9.5-dev does not
- * preserve their verify_result */
- if (i == 0)
- return 1;
- else
-#endif
- return i;
-}
-
-static DH *tls_dhe1024 = NULL; /* generating these takes a while, so do it just once */
-
-void
-tls_set_dhe1024(int i, void *apparg)
-{
- DSA *dsaparams;
- DH *dhparams;
- const char *seed[] = { ";-) :-( :-) :-( ",
- ";-) :-( :-) :-( ",
- "Random String no. 12",
- ";-) :-( :-) :-( ",
- "hackers have even mo", /* from jargon file */
- };
- unsigned char seedbuf[20];
-
- tls_init(apparg);
- if (i >= 0) {
- i %= sizeof seed / sizeof seed[0];
- assert(strlen(seed[i]) == 20);
- memcpy(seedbuf, seed[i], 20);
- dsaparams = DSA_generate_parameters(1024, seedbuf, 20, NULL, NULL, 0, NULL);
- } else {
- /* random parameters (may take a while) */
- dsaparams = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
- }
-
- if (dsaparams == NULL) {
- tls_openssl_errors("", "", NULL, apparg);
- return;
- }
- dhparams = DSA_dup_DH(dsaparams);
- DSA_free(dsaparams);
- if (dhparams == NULL) {
- tls_openssl_errors("", "", NULL, apparg);
- return;
- }
- if (tls_dhe1024 != NULL)
- DH_free(tls_dhe1024);
- tls_dhe1024 = dhparams;
-}
-
-struct tls_create_ctx_args
-tls_create_ctx_defaultargs(void)
-{
- struct tls_create_ctx_args ret;
-
- ret.client_p = 0;
- ret.certificate_file = NULL;
- ret.key_file = NULL;
- ret.ca_file = NULL;
- ret.verify_depth = -1;
- ret.fail_unless_verified = 0;
- ret.export_p = 0;
-
- return ret;
-}
-
-SSL_CTX *
-tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
-{
- int r;
- static long context_num = 0;
- SSL_CTX *ret;
- const char *err_pref_1 = "", *err_pref_2 = "";
-
- if (tls_init(apparg) == -1)
- return NULL;
-
- ret = SSL_CTX_new((a.client_p? SSLv23_client_method:SSLv23_server_method)());
-
- if (ret == NULL)
- goto err;
-
- SSL_CTX_set_default_passwd_cb(ret, no_passphrase_callback);
- SSL_CTX_set_mode(ret, SSL_MODE_ENABLE_PARTIAL_WRITE);
-
- if ((a.certificate_file != NULL) || (a.key_file != NULL)) {
- if (a.key_file == NULL) {
- tls_errprintf(1, apparg, "Need a key file.\n");
- goto err_return;
- }
- if (a.certificate_file == NULL) {
- tls_errprintf(1, apparg, "Need a certificate chain file.\n");
- goto err_return;
- }
-
- if (!SSL_CTX_use_PrivateKey_file(ret, a.key_file, SSL_FILETYPE_PEM))
- goto err;
- if (!tls_rand_seeded_p) {
- /* particularly paranoid people may not like this --
- * so provide your own random seeding before calling this */
- if (tls_rand_seed_from_file(a.key_file, 0, apparg) == -1)
- goto err_return;
- }
- if (!SSL_CTX_use_certificate_chain_file(ret, a.certificate_file))
- goto err;
- if (!SSL_CTX_check_private_key(ret)) {
- tls_errprintf(1, apparg, "Private key \"%s\" does not match certificate \"%s\".\n", a.key_file, a.certificate_file);
- goto err_peek;
- }
- }
-
- if ((a.ca_file != NULL) || (a.verify_depth > 0)) {
- context_num++;
- r = SSL_CTX_set_session_id_context(ret, (const void *)&context_num, (unsigned int)sizeof context_num);
- if (!r)
- goto err;
-
- SSL_CTX_set_verify(ret, SSL_VERIFY_PEER | (a.fail_unless_verified ? SSL_VERIFY_FAIL_IF_NO_PEER_CERT : 0), 0);
- if (!a.fail_unless_verified)
- SSL_CTX_set_cert_verify_callback(ret, verify_dont_fail_cb, NULL);
-
- if (a.verify_depth > 0)
- SSL_CTX_set_verify_depth(ret, a.verify_depth);
-
- if (a.ca_file != NULL) {
- r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL /* no CA-directory */); /* does not report failure if file does not exist ... */
- if (!r) {
- err_pref_1 = " while processing certificate file ";
- err_pref_2 = a.ca_file;
- goto err;
- }
-
- if (!a.client_p) {
- /* SSL_load_client_CA_file is a misnomer, it just creates a list of CNs. */
- SSL_CTX_set_client_CA_list(ret, SSL_load_client_CA_file(a.ca_file));
- /* SSL_CTX_set_client_CA_list does not have a return value;
- * it does not really need one, but make sure
- * (we really test if SSL_load_client_CA_file worked) */
- if (SSL_CTX_get_client_CA_list(ret) == NULL) {
- tls_errprintf(1, apparg, "Could not set client CA list from \"%s\".\n", a.ca_file);
- goto err_peek;
- }
- }
- }
- }
-
- if (!a.client_p) {
- if (tls_dhe1024 == NULL) {
- int i;
-
- RAND_bytes((unsigned char *) &i, sizeof i);
- /* make sure that i is non-negative -- pick one of the provided
- * seeds */
- if (i < 0)
- i = -i;
- if (i < 0)
- i = 0;
- tls_set_dhe1024(i, apparg);
- if (tls_dhe1024 == NULL)
- goto err_return;
- }
-
- if (!SSL_CTX_set_tmp_dh(ret, tls_dhe1024))
- goto err;
-
- /* avoid small subgroup attacks: */
- SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE);
- }
-
-#ifndef NO_RSA
- if (!a.client_p && a.export_p) {
- RSA *tmpkey;
-
- tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL);
- if (tmpkey == NULL)
- goto err;
- if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) {
- RSA_free(tmpkey);
- goto err;
- }
- RSA_free(tmpkey); /* SSL_CTX_set_tmp_rsa uses a duplicate. */
- }
-#endif
-
- return ret;
-
- err_peek:
- if (!ERR_peek_error())
- goto err_return;
- err:
- tls_openssl_errors(err_pref_1, err_pref_2, NULL, apparg);
- err_return:
- if (ret != NULL)
- SSL_CTX_free(ret);
- return NULL;
-}
-
-
-/*****************************************************************************/
-
-static int
-tls_socket_nonblocking(int fd)
-{
- int v, r;
-
- v = fcntl(fd, F_GETFL, 0);
- if (v == -1) {
- if (errno == EINVAL)
- return 0; /* already shut down -- ignore */
- return -1;
- }
- r = fcntl(fd, F_SETFL, v | O_NONBLOCK);
- if (r == -1) {
- if (errno == EINVAL)
- return 0; /* already shut down -- ignore */
- return -1;
- }
- return 0;
-}
-
-static int
-max(int a, int b)
-{
- return a > b ? a : b;
-}
-
-static void
-tls_sockets_select(int read_select_1, int read_select_2, int write_select_1, int write_select_2, int seconds /* timeout, -1 means no timeout */)
-{
- int maxfd, n;
- fd_set reads, writes;
- struct timeval timeout;
- struct timeval *timeout_p;
-
- assert(read_select_1 >= -1 && read_select_2 >= -1 && write_select_1 >= -1 && write_select_2 >= -1);
- assert(read_select_1 < FD_SETSIZE && read_select_2 < FD_SETSIZE -1 && write_select_1 < FD_SETSIZE -1 && write_select_2 < FD_SETSIZE -1);
-
- maxfd = max(max(read_select_1, read_select_2), max(write_select_1, write_select_2));
- assert(maxfd >= 0);
-
- FD_ZERO(&reads);
- FD_ZERO(&writes);
-
- for(n = 0; n < 4; ++n) {
- int i = n % 2;
- int w = n >= 2;
- /* loop over all (i, w) in {0,1}x{0,1} */
- int fd;
-
- if (i == 0 && w == 0)
- fd = read_select_1;
- else if (i == 1 && w == 0)
- fd = read_select_2;
- else if (i == 0 && w == 1)
- fd = write_select_1;
- else {
- assert(i == 1 && w == 1);
- fd = write_select_2;
- }
-
- if (fd >= 0) {
- if (w == 0)
- FD_SET(fd, &reads);
- else /* w == 1 */
- FD_SET(fd, &writes);
- }
- }
-
- if (seconds >= 0) {
- timeout.tv_sec = seconds;
- timeout.tv_usec = 0;
- timeout_p = &timeout;
- } else
- timeout_p = NULL;
-
- DEBUG_MSG2("select no.", ++tls_select_count);
- select(maxfd + 1, &reads, &writes, (fd_set *) NULL, timeout_p);
- DEBUG_MSG("cont.");
-}
-
-/*****************************************************************************/
-
-#define TUNNELBUFSIZE (16*1024)
-struct tunnelbuf {
- char buf[TUNNELBUFSIZE];
- size_t len;
- size_t offset;
-};
-
-static int tls_connect_attempt(SSL *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
-
-static int tls_accept_attempt(SSL *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
-
-static int tls_write_attempt(SSL *, struct tunnelbuf *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
-
-static int tls_read_attempt(SSL *, struct tunnelbuf *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
-
-static int write_attempt(int fd, struct tunnelbuf *, int *select, int *closed, int *progress);
-
-static int read_attempt(int fd, struct tunnelbuf *, int *select, int *closed, int *progress);
-
-static void write_info(SSL *ssl, int *info_fd)
-{
- if (*info_fd != -1) {
- long v;
- int v_ok;
- struct tls_x509_name_string peer;
- char infobuf[TLS_INFO_SIZE];
- int r;
-
- DEBUG_MSG("write_info");
- v = SSL_get_verify_result(ssl);
- v_ok = (v == X509_V_OK) ? 'A' : 'E'; /* Auth./Error */
- {
- X509 *peercert;
-
- peercert = SSL_get_peer_certificate(ssl);
- tls_get_x509_subject_name_oneline(peercert, &peer);
- if (peercert != NULL)
- X509_free(peercert);
- }
- if (peer.str[0] == '\0')
- v_ok = '0'; /* no cert at all */
- else
- if (strchr(peer.str, '\n')) {
- /* should not happen, but make sure */
- *strchr(peer.str, '\n') = '\0';
- }
- r = snprintf(infobuf, sizeof infobuf, "%c:%s\n%s\n", v_ok, X509_verify_cert_error_string(v), peer.str);
- DEBUG_MSG2("snprintf", r);
- if (r == -1 || r >= sizeof infobuf)
- r = sizeof infobuf - 1;
- write(*info_fd, infobuf, r);
- close (*info_fd);
- *info_fd = -1;
- }
-}
-
-
-/* tls_proxy expects that all fds are closed after return */
-static void
-tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p)
-{
- struct tunnelbuf clear_to_tls, tls_to_clear;
- SSL *ssl;
- BIO *rbio, *wbio;
- int closed, in_handshake;
- const char *err_pref_1 = "", *err_pref_2 = "";
- const char *err_def = NULL;
-
- assert(clear_fd != -1);
- assert(tls_fd != -1);
- assert(clear_fd < FD_SETSIZE);
- assert(tls_fd < FD_SETSIZE);
- /* info_fd may be -1 */
- assert(ctx != NULL);
-
- tls_rand_seed_uniquely();
-
- tls_socket_nonblocking(clear_fd);
- DEBUG_MSG2("clear_fd", clear_fd);
- tls_socket_nonblocking(tls_fd);
- DEBUG_MSG2("tls_fd", tls_fd);
-
- ssl = SSL_new(ctx);
- if (ssl == NULL)
- goto err;
- DEBUG_MSG("SSL_new");
- if (!SSL_set_fd(ssl, tls_fd))
- goto err;
- rbio = SSL_get_rbio(ssl);
- wbio = SSL_get_wbio(ssl); /* should be the same, but who cares */
- assert(rbio != NULL);
- assert(wbio != NULL);
- if (client_p)
- SSL_set_connect_state(ssl);
- else
- SSL_set_accept_state(ssl);
-
- closed = 0;
- in_handshake = 1;
- tls_to_clear.len = 0;
- tls_to_clear.offset = 0;
- clear_to_tls.len = 0;
- clear_to_tls.offset = 0;
-
- err_def = "I/O error";
-
- /* loop finishes as soon as we detect that one side closed;
- * when all (program and OS) buffers have enough space,
- * the data from the last succesful read in each direction is transferred
- * before close */
- do {
- int clear_read_select = 0, clear_write_select = 0,
- tls_read_select = 0, tls_write_select = 0,
- progress = 0;
- int r;
- unsigned long num_read = BIO_number_read(rbio),
- num_written = BIO_number_written(wbio);
-
- DEBUG_MSG2("loop iteration", ++tls_loop_count);
-
- if (in_handshake) {
- DEBUG_MSG("in_handshake");
- if (client_p)
- r = tls_connect_attempt(ssl, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
- else
- r = tls_accept_attempt(ssl, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
- if (r != 0) {
- write_info(ssl, &info_fd);
- goto err;
- }
- if (closed)
- goto err_return;
- if (!SSL_in_init(ssl)) {
- in_handshake = 0;
- write_info(ssl, &info_fd);
- }
- }
-
- if (clear_to_tls.len != 0 && !in_handshake) {
- assert(!closed);
-
- r = tls_write_attempt(ssl, &clear_to_tls, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
- if (r != 0)
- goto err;
- if (closed) {
- assert(progress);
- tls_to_clear.offset = 0;
- tls_to_clear.len = 0;
- }
- }
-
- if (tls_to_clear.len != 0) {
- assert(!closed);
-
- r = write_attempt(clear_fd, &tls_to_clear, &clear_write_select, &closed, &progress);
- if (r != 0)
- goto err_return;
- if (closed) {
- assert(progress);
- clear_to_tls.offset = 0;
- clear_to_tls.len = 0;
- }
- }
-
- if (!closed) {
- if (clear_to_tls.offset + clear_to_tls.len < sizeof clear_to_tls.buf) {
- r = read_attempt(clear_fd, &clear_to_tls, &clear_read_select, &closed, &progress);
- if (r != 0)
- goto err_return;
- if (closed) {
- r = SSL_shutdown(ssl);
- DEBUG_MSG2("SSL_shutdown", r);
- }
- }
- }
-
- if (!closed && !in_handshake) {
- if (tls_to_clear.offset + tls_to_clear.len < sizeof tls_to_clear.buf) {
- r = tls_read_attempt(ssl, &tls_to_clear, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
- if (r != 0)
- goto err;
- if (closed) {
- r = SSL_shutdown(ssl);
- DEBUG_MSG2("SSL_shutdown", r);
- }
- }
- }
-
- if (!progress) {
- DEBUG_MSG("!progress?");
- if (num_read != BIO_number_read(rbio) || num_written != BIO_number_written(wbio))
- progress = 1;
-
- if (!progress) {
- DEBUG_MSG("!progress");
- assert(clear_read_select || tls_read_select || clear_write_select || tls_write_select);
- tls_sockets_select(clear_read_select ? clear_fd : -1, tls_read_select ? tls_fd : -1, clear_write_select ? clear_fd : -1, tls_write_select ? tls_fd : -1, -1);
- }
- }
- } while (!closed);
- return;
-
- err:
- tls_openssl_errors(err_pref_1, err_pref_2, err_def, tls_child_apparg);
- err_return:
- return;
-}
-
-
-static int
-tls_get_error(SSL *ssl, int r, int *write_select, int *read_select, int *closed, int *progress)
-{
- int err = SSL_get_error(ssl, r);
-
- if (err == SSL_ERROR_NONE) {
- assert(r > 0);
- *progress = 1;
- return 0;
- }
-
- assert(r <= 0);
-
- switch (err) {
- case SSL_ERROR_ZERO_RETURN:
- assert(r == 0);
- *closed = 1;
- *progress = 1;
- return 0;
-
- case SSL_ERROR_WANT_WRITE:
- *write_select = 1;
- return 0;
-
- case SSL_ERROR_WANT_READ:
- *read_select = 1;
- return 0;
- }
-
- return -1;
-}
-
-static int
-tls_connect_attempt(SSL *ssl, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
-{
- int n, r;
-
- DEBUG_MSG("tls_connect_attempt");
- n = SSL_connect(ssl);
- DEBUG_MSG2("SSL_connect",n);
- r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
- if (r == -1)
- *err_pref = " during SSL_connect";
- return r;
-}
-
-static int
-tls_accept_attempt(SSL *ssl, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
-{
- int n, r;
-
- DEBUG_MSG("tls_accept_attempt");
- n = SSL_accept(ssl);
- DEBUG_MSG2("SSL_accept",n);
- r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
- if (r == -1)
- *err_pref = " during SSL_accept";
- return r;
-}
-
-static int
-tls_write_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
-{
- int n, r;
-
- DEBUG_MSG("tls_write_attempt");
- n = SSL_write(ssl, buf->buf + buf->offset, buf->len);
- DEBUG_MSG2("SSL_write",n);
- r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
- if (n > 0) {
- buf->len -= n;
- assert(buf->len >= 0);
- if (buf->len == 0)
- buf->offset = 0;
- else
- buf->offset += n;
- }
- if (r == -1)
- *err_pref = " during SSL_write";
- return r;
-}
-
-static int
-tls_read_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
-{
- int n, r;
- size_t total;
-
- DEBUG_MSG("tls_read_attempt");
- total = buf->offset + buf->len;
- assert(total < sizeof buf->buf);
- n = SSL_read(ssl, buf->buf + total, (sizeof buf->buf) - total);
- DEBUG_MSG2("SSL_read",n);
- r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
- if (n > 0) {
- buf->len += n;
- assert(buf->offset + buf->len <= sizeof buf->buf);
- }
- if (r == -1)
- *err_pref = " during SSL_read";
- return r;
-}
-
-static int
-get_error(int r, int *select, int *closed, int *progress)
-{
- if (r >= 0) {
- *progress = 1;
- if (r == 0)
- *closed = 1;
- return 0;
- } else {
- assert(r == -1);
- if (errno == EAGAIN || errno == EWOULDBLOCK) {
- *select = 1;
- return 0;
- } else if (errno == EPIPE) {
- *progress = 1;
- *closed = 1;
- return 0;
- } else
- return -1;
- }
-}
-
-static int write_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, int *progress)
-{
- int n, r;
-
- DEBUG_MSG("write_attempt");
- n = write(fd, buf->buf + buf->offset, buf->len);
- DEBUG_MSG2("write",n);
- r = get_error(n, select, closed, progress);
- if (n > 0) {
- buf->len -= n;
- assert(buf->len >= 0);
- if (buf->len == 0)
- buf->offset = 0;
- else
- buf->offset += n;
- }
- if (r == -1)
- tls_errprintf(1, tls_child_apparg, "write error: %s\n", strerror(errno));
- return r;
-}
-
-static int
-read_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, int *progress)
-{
- int n, r;
- size_t total;
-
- DEBUG_MSG("read_attempt");
- total = buf->offset + buf->len;
- assert(total < sizeof buf->buf);
- n = read(fd, buf->buf + total, (sizeof buf->buf) - total);
- DEBUG_MSG2("read",n);
- r = get_error(n, select, closed, progress);
- if (n > 0) {
- buf->len += n;
- assert(buf->offset + buf->len <= sizeof buf->buf);
- }
- if (r == -1)
- tls_errprintf(1, tls_child_apparg, "read error: %s\n", strerror(errno));
- return r;
-}
diff --git a/crypto/openssl/demos/easy_tls/easy-tls.h b/crypto/openssl/demos/easy_tls/easy-tls.h
deleted file mode 100644
index 52b298e..0000000
--- a/crypto/openssl/demos/easy_tls/easy-tls.h
+++ /dev/null
@@ -1,57 +0,0 @@
-/* -*- Mode: C; c-file-style: "bsd" -*- */
-/*
- * easy-tls.h -- generic TLS proxy.
- * $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
- */
-/*
- * (c) Copyright 1999 Bodo Moeller. All rights reserved.
- */
-
-#ifndef HEADER_TLS_H
-#define HEADER_TLS_H
-
-#ifndef HEADER_SSL_H
-typedef struct ssl_ctx_st SSL_CTX;
-#endif
-
-#define TLS_INFO_SIZE 512 /* max. # of bytes written to infofd */
-
-void tls_set_dhe1024(int i, void* apparg);
-/* Generate DHE parameters:
- * i >= 0 deterministic (i selects seed), i < 0 random (may take a while).
- * tls_create_ctx calls this with random non-negative i if the application
- * has never called it.*/
-
-void tls_rand_seed(void);
-int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg);
-void tls_rand_seed_from_memory(const void *buf, size_t n);
-
-struct tls_create_ctx_args
-{
- int client_p;
- const char *certificate_file;
- const char *key_file;
- const char *ca_file;
- int verify_depth;
- int fail_unless_verified;
- int export_p;
-};
-struct tls_create_ctx_args tls_create_ctx_defaultargs(void);
-/* struct tls_create_ctx_args is similar to a conventional argument list,
- * but it can provide default values and allows for future extension. */
-SSL_CTX *tls_create_ctx(struct tls_create_ctx_args, void *apparg);
-
-struct tls_start_proxy_args
-{
- int fd;
- int client_p;
- SSL_CTX *ctx;
- pid_t *pid;
- int *infofd;
-};
-struct tls_start_proxy_args tls_start_proxy_defaultargs(void);
-/* tls_start_proxy return value *MUST* be checked!
- * 0 means ok, otherwise we've probably run out of some resources. */
-int tls_start_proxy(struct tls_start_proxy_args, void *apparg);
-
-#endif
diff --git a/crypto/openssl/demos/easy_tls/test.c b/crypto/openssl/demos/easy_tls/test.c
deleted file mode 100644
index 21f679a..0000000
--- a/crypto/openssl/demos/easy_tls/test.c
+++ /dev/null
@@ -1,244 +0,0 @@
-/* test.c */
-/* $Id: test.c,v 1.1 2001/09/17 19:06:59 bodo Exp $ */
-
-#define L_PORT 9999
-#define C_PORT 443
-
-#include <arpa/inet.h>
-#include <assert.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/select.h>
-#include <sys/socket.h>
-#include <unistd.h>
-
-#include "test.h"
-#include "easy-tls.h"
-
-void
-test_process_init(int fd, int client_p, void *apparg)
-{
- fprintf(stderr, "test_process_init(fd = %d, client_p = %d, apparg = %p)\n", fd, client_p, apparg);
-}
-
-void
-test_errflush(int child_p, char *errbuf, size_t num, void *apparg)
-{
- fputs(errbuf, stderr);
-}
-
-
-int
-main(int argc, char *argv[])
-{
- int s, fd, r;
- FILE *conn_in;
- FILE *conn_out;
- char buf[256];
- SSL_CTX *ctx;
- int client_p = 0;
- int port;
- int tls = 0;
- char infobuf[TLS_INFO_SIZE + 1];
-
- if (argc > 1 && argv[1][0] == '-') {
- fputs("Usage: test [port] -- server\n"
- " test num.num.num.num [port] -- client\n",
- stderr);
- exit(1);
- }
-
- if (argc > 1) {
- if (strchr(argv[1], '.')) {
- client_p = 1;
- }
- }
-
- fputs(client_p ? "Client\n" : "Server\n", stderr);
-
- {
- struct tls_create_ctx_args a = tls_create_ctx_defaultargs();
- a.client_p = client_p;
- a.certificate_file = "cert.pem";
- a.key_file = "cert.pem";
- a.ca_file = "cacerts.pem";
-
- ctx = tls_create_ctx(a, NULL);
- if (ctx == NULL)
- exit(1);
- }
-
- s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
- if (s == -1) {
- perror("socket");
- exit(1);
- }
-
- if (client_p) {
- struct sockaddr_in addr;
- size_t addr_len = sizeof addr;
-
- addr.sin_family = AF_INET;
- assert(argc > 1);
- if (argc > 2)
- sscanf(argv[2], "%d", &port);
- else
- port = C_PORT;
- addr.sin_port = htons(port);
- addr.sin_addr.s_addr = inet_addr(argv[1]);
-
- r = connect(s, &addr, addr_len);
- if (r != 0) {
- perror("connect");
- exit(1);
- }
- fd = s;
- fprintf(stderr, "Connect (fd = %d).\n", fd);
- } else {
- /* server */
- {
- int i = 1;
-
- r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *) &i, sizeof i);
- if (r == -1) {
- perror("setsockopt");
- exit(1);
- }
- }
-
- {
- struct sockaddr_in addr;
- size_t addr_len = sizeof addr;
-
- if (argc > 1)
- sscanf(argv[1], "%d", &port);
- else
- port = L_PORT;
- addr.sin_family = AF_INET;
- addr.sin_port = htons(port);
- addr.sin_addr.s_addr = INADDR_ANY;
-
- r = bind(s, &addr, addr_len);
- if (r != 0) {
- perror("bind");
- exit(1);
- }
- }
-
- r = listen(s, 1);
- if (r == -1) {
- perror("listen");
- exit(1);
- }
-
- fprintf(stderr, "Listening at port %i.\n", port);
-
- fd = accept(s, NULL, 0);
- if (fd == -1) {
- perror("accept");
- exit(1);
- }
-
- fprintf(stderr, "Accept (fd = %d).\n", fd);
- }
-
- conn_in = fdopen(fd, "r");
- if (conn_in == NULL) {
- perror("fdopen");
- exit(1);
- }
- conn_out = fdopen(fd, "w");
- if (conn_out == NULL) {
- perror("fdopen");
- exit(1);
- }
-
- setvbuf(conn_in, NULL, _IOLBF, 256);
- setvbuf(conn_out, NULL, _IOLBF, 256);
-
- while (fgets(buf, sizeof buf, stdin) != NULL) {
- if (buf[0] == 'W') {
- fprintf(conn_out, "%.*s\r\n", (int)(strlen(buf + 1) - 1), buf + 1);
- fprintf(stderr, ">>> %.*s\n", (int)(strlen(buf + 1) - 1), buf + 1);
- } else if (buf[0] == 'C') {
- fprintf(stderr, "Closing.\n");
- fclose(conn_in);
- fclose(conn_out);
- exit(0);
- } else if (buf[0] == 'R') {
- int lines = 0;
-
- sscanf(buf + 1, "%d", &lines);
- do {
- if (fgets(buf, sizeof buf, conn_in) == NULL) {
- if (ferror(conn_in)) {
- fprintf(stderr, "ERROR\n");
- exit(1);
- }
- fprintf(stderr, "CLOSED\n");
- return 0;
- }
- fprintf(stderr, "<<< %s", buf);
- } while (--lines > 0);
- } else if (buf[0] == 'T') {
- int infofd;
-
- tls++;
- {
- struct tls_start_proxy_args a = tls_start_proxy_defaultargs();
- a.fd = fd;
- a.client_p = client_p;
- a.ctx = ctx;
- a.infofd = &infofd;
- r = tls_start_proxy(a, NULL);
- }
- assert(r != 1);
- if (r != 0) {
- fprintf(stderr, "tls_start_proxy failed: %d\n", r);
- switch (r) {
- case -1:
- fputs("socketpair", stderr); break;
- case 2:
- fputs("FD_SETSIZE exceeded", stderr); break;
- case -3:
- fputs("pipe", stderr); break;
- case -4:
- fputs("fork", stderr); break;
- case -5:
- fputs("dup2", stderr); break;
- default:
- fputs("?", stderr);
- }
- if (r < 0)
- perror("");
- else
- fputc('\n', stderr);
- exit(1);
- }
-
- r = read(infofd, infobuf, sizeof infobuf - 1);
- if (r > 0) {
- const char *info = infobuf;
- const char *eol;
-
- infobuf[r] = '\0';
- while ((eol = strchr(info, '\n')) != NULL) {
- fprintf(stderr, "+++ `%.*s'\n", eol - info, info);
- info = eol+1;
- }
- close (infofd);
- }
- } else {
- fprintf(stderr, "W... write line to network\n"
- "R[n] read line (n lines) from network\n"
- "C close\n"
- "T start %sTLS proxy\n", tls ? "another " : "");
- }
- }
- return 0;
-}
diff --git a/crypto/openssl/demos/easy_tls/test.h b/crypto/openssl/demos/easy_tls/test.h
deleted file mode 100644
index dda6678..0000000
--- a/crypto/openssl/demos/easy_tls/test.h
+++ /dev/null
@@ -1,11 +0,0 @@
-/* test.h */
-/* $Id: test.h,v 1.1 2001/09/17 19:07:00 bodo Exp $ */
-
-
-void test_process_init(int fd, int client_p, void *apparg);
-#define TLS_APP_PROCESS_INIT test_process_init
-
-#undef TLS_CUMULATE_ERRORS
-
-void test_errflush(int child_p, char *errbuf, size_t num, void *apparg);
-#define TLS_APP_ERRFLUSH test_errflush
diff --git a/crypto/openssl/demos/eay/Makefile b/crypto/openssl/demos/eay/Makefile
deleted file mode 100644
index 2d22eac..0000000
--- a/crypto/openssl/demos/eay/Makefile
+++ /dev/null
@@ -1,24 +0,0 @@
-CC=cc
-CFLAGS= -g -I../../include
-#LIBS= -L../.. -lcrypto -lssl
-LIBS= -L../.. ../../libssl.a ../../libcrypto.a
-
-# the file conn.c requires a file "proxy.h" which I couldn't find...
-#EXAMPLES=base64 conn loadrsa
-EXAMPLES=base64 loadrsa
-
-all: $(EXAMPLES)
-
-base64: base64.o
- $(CC) -o base64 base64.o $(LIBS)
-#
-# sorry... can't find "proxy.h"
-#conn: conn.o
-# $(CC) -o conn conn.o $(LIBS)
-
-loadrsa: loadrsa.o
- $(CC) -o loadrsa loadrsa.o $(LIBS)
-
-clean:
- rm -f $(EXAMPLES) *.o
-
diff --git a/crypto/openssl/demos/eay/base64.c b/crypto/openssl/demos/eay/base64.c
deleted file mode 100644
index 4b8b062..0000000
--- a/crypto/openssl/demos/eay/base64.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/* This is a simple example of using the base64 BIO to a memory BIO and then
- * getting the data.
- */
-#include <stdio.h>
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-
-main()
- {
- int i;
- BIO *mbio,*b64bio,*bio;
- char buf[512];
- char *p;
-
- mbio=BIO_new(BIO_s_mem());
- b64bio=BIO_new(BIO_f_base64());
-
- bio=BIO_push(b64bio,mbio);
- /* We now have bio pointing at b64->mem, the base64 bio encodes on
- * write and decodes on read */
-
- for (;;)
- {
- i=fread(buf,1,512,stdin);
- if (i <= 0) break;
- BIO_write(bio,buf,i);
- }
- /* We need to 'flush' things to push out the encoding of the
- * last few bytes. There is special encoding if it is not a
- * multiple of 3
- */
- BIO_flush(bio);
-
- printf("We have %d bytes available\n",BIO_pending(mbio));
-
- /* We will now get a pointer to the data and the number of elements. */
- /* hmm... this one was not defined by a macro in bio.h, it will be for
- * 0.9.1. The other option is too just read from the memory bio.
- */
- i=(int)BIO_ctrl(mbio,BIO_CTRL_INFO,0,(char *)&p);
-
- printf("%d\n",i);
- fwrite("---\n",1,4,stdout);
- fwrite(p,1,i,stdout);
- fwrite("---\n",1,4,stdout);
-
- /* This call will walk the chain freeing all the BIOs */
- BIO_free_all(bio);
- }
diff --git a/crypto/openssl/demos/eay/conn.c b/crypto/openssl/demos/eay/conn.c
deleted file mode 100644
index c4b8f51..0000000
--- a/crypto/openssl/demos/eay/conn.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/* NOCW */
-/* demos/eay/conn.c */
-
-/* A minimal program to connect to a port using the sock4a protocol.
- *
- * cc -I../../include conn.c -L../.. -lcrypto
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/err.h>
-#include <openssl/bio.h>
-/* #include "proxy.h" */
-
-extern int errno;
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- PROXY *pxy;
- char *host;
- char buf[1024*10],*p;
- BIO *bio;
- int i,len,off,ret=1;
-
- if (argc <= 1)
- host="localhost:4433";
- else
- host=argv[1];
-
- /* Lets get nice error messages */
- ERR_load_crypto_strings();
-
- /* First, configure proxy settings */
- pxy=PROXY_new();
- PROXY_add_server(pxy,PROXY_PROTOCOL_SOCKS,"gromit:1080");
-
- bio=BIO_new(BIO_s_socks4a_connect());
-
- BIO_set_conn_hostname(bio,host);
- BIO_set_proxies(bio,pxy);
- BIO_set_socks_userid(bio,"eay");
- BIO_set_nbio(bio,1);
-
- p="GET / HTTP/1.0\r\n\r\n";
- len=strlen(p);
-
- off=0;
- for (;;)
- {
- i=BIO_write(bio,&(p[off]),len);
- if (i <= 0)
- {
- if (BIO_should_retry(bio))
- {
- fprintf(stderr,"write DELAY\n");
- sleep(1);
- continue;
- }
- else
- {
- goto err;
- }
- }
- off+=i;
- len-=i;
- if (len <= 0) break;
- }
-
- for (;;)
- {
- i=BIO_read(bio,buf,sizeof(buf));
- if (i == 0) break;
- if (i < 0)
- {
- if (BIO_should_retry(bio))
- {
- fprintf(stderr,"read DELAY\n");
- sleep(1);
- continue;
- }
- goto err;
- }
- fwrite(buf,1,i,stdout);
- }
-
- ret=1;
-
- if (0)
- {
-err:
- if (ERR_peek_error() == 0) /* system call error */
- {
- fprintf(stderr,"errno=%d ",errno);
- perror("error");
- }
- else
- ERR_print_errors_fp(stderr);
- }
- BIO_free_all(bio);
- if (pxy != NULL) PROXY_free(pxy);
- exit(!ret);
- return(ret);
- }
-
diff --git a/crypto/openssl/demos/eay/loadrsa.c b/crypto/openssl/demos/eay/loadrsa.c
deleted file mode 100644
index 79f1885..0000000
--- a/crypto/openssl/demos/eay/loadrsa.c
+++ /dev/null
@@ -1,53 +0,0 @@
-#include <stdio.h>
-#include <openssl/rsa.h>
-
-/* This is a simple program to generate an RSA private key. It then
- * saves both the public and private key into a char array, then
- * re-reads them. It saves them as DER encoded binary data.
- */
-
-void callback(stage,count,arg)
-int stage,count;
-char *arg;
- {
- FILE *out;
-
- out=(FILE *)arg;
- fprintf(out,"%d",stage);
- if (stage == 3)
- fprintf(out,"\n");
- fflush(out);
- }
-
-main()
- {
- RSA *rsa,*pub_rsa,*priv_rsa;
- int len;
- unsigned char buf[1024],*p;
-
- rsa=RSA_generate_key(512,RSA_F4,callback,(char *)stdout);
-
- p=buf;
-
- /* Save the public key into buffer, we know it will be big enough
- * but we should really check how much space we need by calling the
- * i2d functions with a NULL second parameter */
- len=i2d_RSAPublicKey(rsa,&p);
- len+=i2d_RSAPrivateKey(rsa,&p);
-
- printf("The public and private key are now both in a char array\n");
- printf("and are taking up %d bytes\n",len);
-
- RSA_free(rsa);
-
- p=buf;
- pub_rsa=d2i_RSAPublicKey(NULL,&p,(long)len);
- len-=(p-buf);
- priv_rsa=d2i_RSAPrivateKey(NULL,&p,(long)len);
-
- if ((pub_rsa == NULL) || (priv_rsa == NULL))
- ERR_print_errors_fp(stderr);
-
- RSA_free(pub_rsa);
- RSA_free(priv_rsa);
- }
diff --git a/crypto/openssl/demos/engines/cluster_labs/Makefile b/crypto/openssl/demos/engines/cluster_labs/Makefile
deleted file mode 100644
index 956193f..0000000
--- a/crypto/openssl/demos/engines/cluster_labs/Makefile
+++ /dev/null
@@ -1,114 +0,0 @@
-LIBNAME= libclabs
-SRC= hw_cluster_labs.c
-OBJ= hw_cluster_labs.o
-HEADER= hw_cluster_labs.h
-
-CC= gcc
-PIC= -fPIC
-CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
-AR= ar r
-RANLIB= ranlib
-
-LIB= $(LIBNAME).a
-SHLIB= $(LIBNAME).so
-
-all:
- @echo 'Please choose a system to build on:'
- @echo ''
- @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
- @echo 'solaris: Solaris'
- @echo 'irix: IRIX'
- @echo 'hpux32: 32-bit HP/UX'
- @echo 'hpux64: 64-bit HP/UX'
- @echo 'aix: AIX'
- @echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
- @echo ''
-
-FORCE.update:
-update: FORCE.update
- perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
- -nostatic -staticloader -write hw_cluster_labs.c
-
-gnu: $(SHLIB).gnu
-tru64: $(SHLIB).tru64
-solaris: $(SHLIB).solaris
-irix: $(SHLIB).irix
-hpux32: $(SHLIB).hpux32
-hpux64: $(SHLIB).hpux64
-aix: $(SHLIB).aix
-
-$(LIB): $(OBJ)
- $(AR) $(LIB) $(OBJ)
- - $(RANLIB) $(LIB)
-
-LINK_SO= \
- ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
- (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
- $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
-
-$(SHLIB).gnu: $(LIB)
- ALLSYMSFLAGS='--whole-archive' \
- SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).gnu
-$(SHLIB).tru64: $(LIB)
- ALLSYMSFLAGS='-all' \
- SHAREDFLAGS='-shared' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).tru64
-$(SHLIB).solaris: $(LIB)
- ALLSYMSFLAGS='-z allextract' \
- SHAREDFLAGS='-G -h $(SHLIB)' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).solaris
-$(SHLIB).irix: $(LIB)
- ALLSYMSFLAGS='-all' \
- SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).irix
-$(SHLIB).hpux32: $(LIB)
- ALLSYMSFLAGS='-Fl' \
- SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
- SHAREDCMD='/usr/ccs/bin/ld'; \
- $(LINK_SO)
- touch $(SHLIB).hpux32
-$(SHLIB).hpux64: $(LIB)
- ALLSYMSFLAGS='+forceload' \
- SHAREDFLAGS='-b -z +h $(SHLIB)' \
- SHAREDCMD='/usr/ccs/bin/ld'; \
- $(LINK_SO)
- touch $(SHLIB).hpux64
-$(SHLIB).aix: $(LIB)
- ALLSYMSFLAGS='-bnogc' \
- SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).aix
-
-depend:
- sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
- echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
- gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
- perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
- rm -f Makefile.tmp Makefile
- mv Makefile.new Makefile
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
-rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
-rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
-rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
-rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
-rsaref.o: ../../../include/openssl/opensslconf.h
-rsaref.o: ../../../include/openssl/opensslv.h
-rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
-rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
-rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
-rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
-rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
-rsaref.o: source/rsaref.h
diff --git a/crypto/openssl/demos/engines/cluster_labs/cluster_labs.h b/crypto/openssl/demos/engines/cluster_labs/cluster_labs.h
deleted file mode 100644
index d092679..0000000
--- a/crypto/openssl/demos/engines/cluster_labs/cluster_labs.h
+++ /dev/null
@@ -1,35 +0,0 @@
-typedef int cl_engine_init(void);
-typedef int cl_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *cgx);
-typedef int cl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
- const BIGNUM *iqmp, BN_CTX *ctx);
-typedef int cl_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
-typedef int cl_rsa_pub_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-typedef int cl_rsa_pub_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-typedef int cl_rsa_priv_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-typedef int cl_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-typedef int cl_rand_bytes(unsigned char *buf, int num);
-typedef DSA_SIG *cl_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-typedef int cl_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-
-
-static const char *CLUSTER_LABS_LIB_NAME = "cluster_labs";
-static const char *CLUSTER_LABS_F1 = "hw_engine_init";
-static const char *CLUSTER_LABS_F2 = "hw_mod_exp";
-static const char *CLUSTER_LABS_F3 = "hw_mod_exp_crt";
-static const char *CLUSTER_LABS_F4 = "hw_rsa_mod_exp";
-static const char *CLUSTER_LABS_F5 = "hw_rsa_priv_enc";
-static const char *CLUSTER_LABS_F6 = "hw_rsa_priv_dec";
-static const char *CLUSTER_LABS_F7 = "hw_rsa_pub_enc";
-static const char *CLUSTER_LABS_F8 = "hw_rsa_pub_dec";
-static const char *CLUSTER_LABS_F20 = "hw_rand_bytes";
-static const char *CLUSTER_LABS_F30 = "hw_dsa_sign";
-static const char *CLUSTER_LABS_F31 = "hw_dsa_verify";
-
-
diff --git a/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.c b/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.c
deleted file mode 100644
index 036f48b..0000000
--- a/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.c
+++ /dev/null
@@ -1,721 +0,0 @@
-/* crypto/engine/hw_cluster_labs.c */
-/* Written by Jan Tschirschwitz (jan.tschirschwitz@cluster-labs.com
- * for the OpenSSL project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#define MSC_VER /* only used cryptic.h */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include <openssl/dso.h>
-#include <openssl/des.h>
-#include <openssl/engine.h>
-
-#ifndef NO_HW
-#ifndef NO_HW_CLUSTER_LABS
-
-#ifdef FLAT_INC
-#include "cluster_labs.h"
-#else
-#include "vendor_defns/cluster_labs.h"
-#endif
-
-#define CL_LIB_NAME "cluster_labs engine"
-#include "hw_cluster_labs_err.c"
-
-
-static int cluster_labs_destroy(ENGINE *e);
-static int cluster_labs_init(ENGINE *e);
-static int cluster_labs_finish(ENGINE *e);
-static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
-
-
-/* BIGNUM stuff */
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
-/* RSA stuff */
-#ifndef OPENSSL_NO_RSA
-static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
-#endif
-
-/* DSA stuff */
-#ifndef OPENSSL_NO_DSA
-static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
-static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-#endif
-
-/* DH stuff */
-#ifndef OPENSSL_NO_DH
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-/* RANDOM stuff */
-static int cluster_labs_rand_bytes(unsigned char *buf, int num);
-
-/* The definitions for control commands specific to this engine */
-#define CLUSTER_LABS_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN cluster_labs_cmd_defns[] =
- {
- { CLUSTER_LABS_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'cluster labs' shared library",
- ENGINE_CMD_FLAG_STRING
- },
- {0, NULL, NULL, 0}
- };
-
-/* Our internal RSA_METHOD that we provide pointers to */
-#ifndef OPENSSL_NO_RSA
-static RSA_METHOD cluster_labs_rsa =
- {
- "Cluster Labs RSA method",
- cluster_labs_rsa_pub_enc, /* rsa_pub_enc */
- cluster_labs_rsa_pub_dec, /* rsa_pub_dec */
- cluster_labs_rsa_priv_enc, /* rsa_priv_enc */
- cluster_labs_rsa_priv_dec, /* rsa_priv_dec */
- cluster_labs_rsa_mod_exp, /* rsa_mod_exp */
- cluster_labs_mod_exp_mont, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* apps_data */
- NULL, /* rsa_sign */
- NULL /* rsa_verify */
- };
-#endif
-
-/* Our internal DSA_METHOD that we provide pointers to */
-#ifndef OPENSSL_NO_DSA
-static DSA_METHOD cluster_labs_dsa =
- {
- "Cluster Labs DSA method",
- cluster_labs_dsa_sign, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- cluster_labs_dsa_verify, /* dsa_do_verify */
- cluster_labs_dsa_mod_exp, /* dsa_mod_exp */
- cluster_labs_mod_exp_dsa, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL /* app_data */
- };
-#endif
-
-/* Our internal DH_METHOD that we provide pointers to */
-#ifndef OPENSSL_NO_DH
-static DH_METHOD cluster_labs_dh =
- {
- "Cluster Labs DH method",
- NULL, /* generate key */
- NULL, /* compute key */
- cluster_labs_mod_exp_dh, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL /* app_data */
- };
-#endif
-
-static RAND_METHOD cluster_labs_rand =
- {
- /* "Cluster Labs RAND method", */
- NULL, /* seed */
- cluster_labs_rand_bytes, /* bytes */
- NULL, /* cleanup */
- NULL, /* add */
- cluster_labs_rand_bytes, /* pseudorand */
- NULL, /* status */
- };
-
-static const char *engine_cluster_labs_id = "cluster_labs";
-static const char *engine_cluster_labs_name = "Cluster Labs hardware engine support";
-
-/* engine implementation */
-/*-----------------------*/
-static int bind_helper(ENGINE *e)
- {
-
- if(!ENGINE_set_id(e, engine_cluster_labs_id) ||
- !ENGINE_set_name(e, engine_cluster_labs_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &cluster_labs_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &cluster_labs_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &cluster_labs_dh) ||
-#endif
- !ENGINE_set_RAND(e, &cluster_labs_rand) ||
- !ENGINE_set_destroy_function(e, cluster_labs_destroy) ||
- !ENGINE_set_init_function(e, cluster_labs_init) ||
- !ENGINE_set_finish_function(e, cluster_labs_finish) ||
- !ENGINE_set_ctrl_function(e, cluster_labs_ctrl) ||
- !ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns))
- return 0;
- /* Ensure the error handling is set up */
- ERR_load_CL_strings();
- return 1;
- }
-
-#ifndef ENGINE_DYNAMIC_SUPPORT
-static ENGINE *engine_cluster_labs(void)
- {
- ENGINE *ret = ENGINE_new();
-
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static
-#endif
-void ENGINE_load_cluster_labs(void)
- {
-
- ENGINE *cluster_labs = engine_cluster_labs();
-
- if(!cluster_labs) return;
- ENGINE_add(cluster_labs);
- ENGINE_free(cluster_labs);
- ERR_clear_error();
- }
-#endif /* !ENGINE_DYNAMIC_SUPPORT */
-
-static int cluster_labs_destroy(ENGINE *e)
- {
-
- ERR_unload_CL_strings();
- return 1;
- }
-
-
-
-/* This is a process-global DSO handle used for loading and unloading
- * the Cluster Labs library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-static DSO *cluster_labs_dso = NULL;
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-static cl_engine_init *p_cl_engine_init = NULL;
-static cl_mod_exp *p_cl_mod_exp = NULL;
-static cl_mod_exp_crt *p_cl_mod_exp_crt = NULL;
-static cl_rsa_mod_exp *p_cl_rsa_mod_exp = NULL;
-static cl_rsa_priv_enc *p_cl_rsa_priv_enc = NULL;
-static cl_rsa_priv_dec *p_cl_rsa_priv_dec = NULL;
-static cl_rsa_pub_enc *p_cl_rsa_pub_enc = NULL;
-static cl_rsa_pub_dec *p_cl_rsa_pub_dec = NULL;
-static cl_rand_bytes *p_cl_rand_bytes = NULL;
-static cl_dsa_sign *p_cl_dsa_sign = NULL;
-static cl_dsa_verify *p_cl_dsa_verify = NULL;
-
-
-int cluster_labs_init(ENGINE *e)
- {
-
- cl_engine_init *p1;
- cl_mod_exp *p2;
- cl_mod_exp_crt *p3;
- cl_rsa_mod_exp *p4;
- cl_rsa_priv_enc *p5;
- cl_rsa_priv_dec *p6;
- cl_rsa_pub_enc *p7;
- cl_rsa_pub_dec *p8;
- cl_rand_bytes *p20;
- cl_dsa_sign *p30;
- cl_dsa_verify *p31;
-
- /* engine already loaded */
- if(cluster_labs_dso != NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_ALREADY_LOADED);
- goto err;
- }
- /* try to load engine */
- cluster_labs_dso = DSO_load(NULL, CLUSTER_LABS_LIB_NAME, NULL,0);
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);
- goto err;
- }
- /* bind functions */
- if( !(p1 = (cl_engine_init *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F1)) ||
- !(p2 = (cl_mod_exp *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F2)) ||
- !(p3 = (cl_mod_exp_crt *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F3)) ||
- !(p4 = (cl_rsa_mod_exp *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F4)) ||
- !(p5 = (cl_rsa_priv_enc *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F5)) ||
- !(p6 = (cl_rsa_priv_dec *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F6)) ||
- !(p7 = (cl_rsa_pub_enc *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F7)) ||
- !(p8 = (cl_rsa_pub_dec *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F8)) ||
- !(p20= (cl_rand_bytes *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F20)) ||
- !(p30= (cl_dsa_sign *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F30)) ||
- !(p31= (cl_dsa_verify *)DSO_bind_func(
- cluster_labs_dso, CLUSTER_LABS_F31)))
- {
- CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);
- goto err;
- }
-
- /* copy function pointers */
- p_cl_engine_init = p1;
- p_cl_mod_exp = p2;
- p_cl_mod_exp_crt = p3;
- p_cl_rsa_mod_exp = p4;
- p_cl_rsa_priv_enc = p5;
- p_cl_rsa_priv_dec = p6;
- p_cl_rsa_pub_enc = p7;
- p_cl_rsa_pub_dec = p8;
- p_cl_rand_bytes = p20;
- p_cl_dsa_sign = p30;
- p_cl_dsa_verify = p31;
-
-
-
- /* cluster labs engine init */
- if(p_cl_engine_init()== 0){
- CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_INIT_FAILED);
- goto err;
- }
-
- return(1);
-
-err:
- /* reset all pointers */
- if(cluster_labs_dso)
- DSO_free(cluster_labs_dso);
-
- cluster_labs_dso = NULL;
- p_cl_engine_init = NULL;
- p_cl_mod_exp = NULL;
- p_cl_mod_exp_crt = NULL;
- p_cl_rsa_mod_exp = NULL;
- p_cl_rsa_priv_enc = NULL;
- p_cl_rsa_priv_dec = NULL;
- p_cl_rsa_pub_enc = NULL;
- p_cl_rsa_pub_dec = NULL;
- p_cl_rand_bytes = NULL;
- p_cl_dsa_sign = NULL;
- p_cl_dsa_verify = NULL;
-
- return(0);
- }
-
-
-static int cluster_labs_finish(ENGINE *e)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(cluster_labs_dso))
- {
- CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_DSO_FAILURE);
- return 0;
- }
-
- cluster_labs_dso = NULL;
- p_cl_engine_init = NULL;
- p_cl_mod_exp = NULL;
- p_cl_rsa_mod_exp = NULL;
- p_cl_mod_exp_crt = NULL;
- p_cl_rsa_priv_enc = NULL;
- p_cl_rsa_priv_dec = NULL;
- p_cl_rsa_pub_enc = NULL;
- p_cl_rsa_pub_dec = NULL;
- p_cl_rand_bytes = NULL;
- p_cl_dsa_sign = NULL;
- p_cl_dsa_verify = NULL;
-
- return(1);
-
- }
-
-static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
- {
- int initialised = ((cluster_labs_dso == NULL) ? 0 : 1);
-
- switch(cmd)
- {
- case CLUSTER_LABS_CMD_SO_PATH:
- if(p == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_ALREADY_LOADED);
- return 0;
- }
- CLUSTER_LABS_LIB_NAME = (const char *)p;
- return 1;
- default:
- break;
- }
- CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-
-static int cluster_labs_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_mod_exp == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_mod_exp(r, a, p, m, ctx);
-
- }
-
-static int cluster_labs_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
- const BIGNUM *iqmp, BN_CTX *ctx)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_mod_exp_crt == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_mod_exp_crt(r, a, p, q,dmp1, dmq1, iqmp, ctx);
-
- }
-
-static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_rsa_mod_exp == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_rsa_mod_exp(r0, I, rsa);
-
- }
-
-static DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_dsa_sign == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_dsa_sign(dgst, dlen, dsa);
-
- }
-
-static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_NOT_LOADED);
- return 0;
- }
-
- if(p_cl_dsa_verify == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_dsa_verify(dgst, dgst_len, sig, dsa);
-
- }
-
-static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int status = 0;
-
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!cluster_labs_mod_exp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!cluster_labs_mod_exp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- status = 1;
-end:
- BN_free(&t);
-
- return(1);
-
- }
-
-static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return cluster_labs_mod_exp(r, a, p, m, ctx);
- }
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return cluster_labs_mod_exp(r, a, p, m, ctx);
- }
-
-
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return cluster_labs_mod_exp(r, a, p, m, ctx);
- }
-
-
-static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_rsa_priv_enc == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_rsa_pub_enc(flen, from, to, rsa, padding);
-
- }
-
-static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_rsa_priv_enc == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_rsa_pub_dec(flen, from, to, rsa, padding);
-
- }
-
-
-static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_NOT_LOADED);
- return 0;
- }
-
- if(p_cl_rsa_priv_enc == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_rsa_priv_enc(flen, from, to, rsa, padding);
-
- }
-
-static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
- {
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_rsa_priv_dec == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_rsa_priv_dec(flen, from, to, rsa, padding);
-
- }
-
-/************************************************************************************
-* Symmetric algorithms
-************************************************************************************/
-/* this will be come soon! */
-
-/************************************************************************************
-* Random generator
-************************************************************************************/
-
-static int cluster_labs_rand_bytes(unsigned char *buf, int num){
-
- if(cluster_labs_dso == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_NOT_LOADED);
- return 0;
- }
- if(p_cl_mod_exp_crt == NULL)
- {
- CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_FUNCTION_NOT_BINDED);
- return 0;
- }
-
- return p_cl_rand_bytes(buf, num);
-
-}
-
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static int bind_fn(ENGINE *e, const char *id)
- {
- fprintf(stderr, "bind_fn CLUSTER_LABS\n");
- if(id && (strcmp(id, engine_cluster_labs_id) != 0)) {
- fprintf(stderr, "bind_fn return(0) first\n");
- return 0;
- }
- if(!bind_helper(e)) {
- fprintf(stderr, "bind_fn return(1) first\n");
- return 0;
- }
- fprintf(stderr, "bind_fn return(1)\n");
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* ENGINE_DYNAMIC_SUPPORT */
-
-#endif /* !NO_HW_CLUSTER_LABS */
-#endif /* !NO_HW */
-
diff --git a/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.ec b/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.ec
deleted file mode 100644
index 1f64786..0000000
--- a/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs.ec
+++ /dev/null
@@ -1,8 +0,0 @@
-# configuration file for util/mkerr.pl
-#
-# use like this:
-#
-# perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
-# -nostatic -staticloader -write *.c
-
-L CL hw_cluster_labs_err.h hw_cluster_labs_err.c
diff --git a/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.c b/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.c
deleted file mode 100644
index a7fa408..0000000
--- a/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/* hw_cluster_labs_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "hw_cluster_labs_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-static ERR_STRING_DATA CL_str_functs[]=
- {
-{ERR_PACK(0,CL_F_CLUSTER_LABS_CTRL,0), "CLUSTER_LABS_CTRL"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_SIGN,0), "CLUSTER_LABS_DSA_SIGN"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_VERIFY,0), "CLUSTER_LABS_DSA_VERIFY"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_FINISH,0), "CLUSTER_LABS_FINISH"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_INIT,0), "CLUSTER_LABS_INIT"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP,0), "CLUSTER_LABS_MOD_EXP"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP_CRT,0), "CLUSTER_LABS_MOD_EXP_CRT"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_RAND_BYTES,0), "CLUSTER_LABS_RAND_BYTES"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_MOD_EXP,0), "CLUSTER_LABS_RSA_MOD_EXP"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_DEC,0), "CLUSTER_LABS_RSA_PRIV_DEC"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_ENC,0), "CLUSTER_LABS_RSA_PRIV_ENC"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_DEC,0), "CLUSTER_LABS_RSA_PUB_DEC"},
-{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_ENC,0), "CLUSTER_LABS_RSA_PUB_ENC"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA CL_str_reasons[]=
- {
-{CL_R_ALREADY_LOADED ,"already loaded"},
-{CL_R_COMMAND_NOT_IMPLEMENTED ,"command not implemented"},
-{CL_R_DSO_FAILURE ,"dso failure"},
-{CL_R_FUNCTION_NOT_BINDED ,"function not binded"},
-{CL_R_INIT_FAILED ,"init failed"},
-{CL_R_NOT_LOADED ,"not loaded"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef CL_LIB_NAME
-static ERR_STRING_DATA CL_lib_name[]=
- {
-{0 ,CL_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int CL_lib_error_code=0;
-static int CL_error_init=1;
-
-static void ERR_load_CL_strings(void)
- {
- if (CL_lib_error_code == 0)
- CL_lib_error_code=ERR_get_next_error_library();
-
- if (CL_error_init)
- {
- CL_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(CL_lib_error_code,CL_str_functs);
- ERR_load_strings(CL_lib_error_code,CL_str_reasons);
-#endif
-
-#ifdef CL_LIB_NAME
- CL_lib_name->error = ERR_PACK(CL_lib_error_code,0,0);
- ERR_load_strings(0,CL_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_CL_strings(void)
- {
- if (CL_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(CL_lib_error_code,CL_str_functs);
- ERR_unload_strings(CL_lib_error_code,CL_str_reasons);
-#endif
-
-#ifdef CL_LIB_NAME
- ERR_unload_strings(0,CL_lib_name);
-#endif
- CL_error_init=1;
- }
- }
-
-static void ERR_CL_error(int function, int reason, char *file, int line)
- {
- if (CL_lib_error_code == 0)
- CL_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(CL_lib_error_code,function,reason,file,line);
- }
diff --git a/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h b/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h
deleted file mode 100644
index afc175b..0000000
--- a/crypto/openssl/demos/engines/cluster_labs/hw_cluster_labs_err.h
+++ /dev/null
@@ -1,95 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_CL_ERR_H
-#define HEADER_CL_ERR_H
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_CL_strings(void);
-static void ERR_unload_CL_strings(void);
-static void ERR_CL_error(int function, int reason, char *file, int line);
-#define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the CL functions. */
-
-/* Function codes. */
-#define CL_F_CLUSTER_LABS_CTRL 100
-#define CL_F_CLUSTER_LABS_DSA_SIGN 101
-#define CL_F_CLUSTER_LABS_DSA_VERIFY 102
-#define CL_F_CLUSTER_LABS_FINISH 103
-#define CL_F_CLUSTER_LABS_INIT 104
-#define CL_F_CLUSTER_LABS_MOD_EXP 105
-#define CL_F_CLUSTER_LABS_MOD_EXP_CRT 106
-#define CL_F_CLUSTER_LABS_RAND_BYTES 107
-#define CL_F_CLUSTER_LABS_RSA_MOD_EXP 108
-#define CL_F_CLUSTER_LABS_RSA_PRIV_DEC 109
-#define CL_F_CLUSTER_LABS_RSA_PRIV_ENC 110
-#define CL_F_CLUSTER_LABS_RSA_PUB_DEC 111
-#define CL_F_CLUSTER_LABS_RSA_PUB_ENC 112
-
-/* Reason codes. */
-#define CL_R_ALREADY_LOADED 100
-#define CL_R_COMMAND_NOT_IMPLEMENTED 101
-#define CL_R_DSO_FAILURE 102
-#define CL_R_FUNCTION_NOT_BINDED 103
-#define CL_R_INIT_FAILED 104
-#define CL_R_NOT_LOADED 105
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/demos/engines/ibmca/Makefile b/crypto/openssl/demos/engines/ibmca/Makefile
deleted file mode 100644
index 72f3546..0000000
--- a/crypto/openssl/demos/engines/ibmca/Makefile
+++ /dev/null
@@ -1,114 +0,0 @@
-LIBNAME= libibmca
-SRC= hw_ibmca.c
-OBJ= hw_ibmca.o
-HEADER= hw_ibmca.h
-
-CC= gcc
-PIC= -fPIC
-CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
-AR= ar r
-RANLIB= ranlib
-
-LIB= $(LIBNAME).a
-SHLIB= $(LIBNAME).so
-
-all:
- @echo 'Please choose a system to build on:'
- @echo ''
- @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
- @echo 'solaris: Solaris'
- @echo 'irix: IRIX'
- @echo 'hpux32: 32-bit HP/UX'
- @echo 'hpux64: 64-bit HP/UX'
- @echo 'aix: AIX'
- @echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
- @echo ''
-
-FORCE.update:
-update: FORCE.update
- perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
- -nostatic -staticloader -write hw_ibmca.c
-
-gnu: $(SHLIB).gnu
-tru64: $(SHLIB).tru64
-solaris: $(SHLIB).solaris
-irix: $(SHLIB).irix
-hpux32: $(SHLIB).hpux32
-hpux64: $(SHLIB).hpux64
-aix: $(SHLIB).aix
-
-$(LIB): $(OBJ)
- $(AR) $(LIB) $(OBJ)
- - $(RANLIB) $(LIB)
-
-LINK_SO= \
- ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
- (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
- $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
-
-$(SHLIB).gnu: $(LIB)
- ALLSYMSFLAGS='--whole-archive' \
- SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).gnu
-$(SHLIB).tru64: $(LIB)
- ALLSYMSFLAGS='-all' \
- SHAREDFLAGS='-shared' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).tru64
-$(SHLIB).solaris: $(LIB)
- ALLSYMSFLAGS='-z allextract' \
- SHAREDFLAGS='-G -h $(SHLIB)' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).solaris
-$(SHLIB).irix: $(LIB)
- ALLSYMSFLAGS='-all' \
- SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).irix
-$(SHLIB).hpux32: $(LIB)
- ALLSYMSFLAGS='-Fl' \
- SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
- SHAREDCMD='/usr/ccs/bin/ld'; \
- $(LINK_SO)
- touch $(SHLIB).hpux32
-$(SHLIB).hpux64: $(LIB)
- ALLSYMSFLAGS='+forceload' \
- SHAREDFLAGS='-b -z +h $(SHLIB)' \
- SHAREDCMD='/usr/ccs/bin/ld'; \
- $(LINK_SO)
- touch $(SHLIB).hpux64
-$(SHLIB).aix: $(LIB)
- ALLSYMSFLAGS='-bnogc' \
- SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).aix
-
-depend:
- sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
- echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
- gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
- perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
- rm -f Makefile.tmp Makefile
- mv Makefile.new Makefile
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
-rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
-rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
-rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
-rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
-rsaref.o: ../../../include/openssl/opensslconf.h
-rsaref.o: ../../../include/openssl/opensslv.h
-rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
-rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
-rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
-rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
-rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
-rsaref.o: source/rsaref.h
diff --git a/crypto/openssl/demos/engines/ibmca/hw_ibmca.c b/crypto/openssl/demos/engines/ibmca/hw_ibmca.c
deleted file mode 100644
index 0c2c39b..0000000
--- a/crypto/openssl/demos/engines/ibmca/hw_ibmca.c
+++ /dev/null
@@ -1,920 +0,0 @@
-/* crypto/engine/hw_ibmca.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* (C) COPYRIGHT International Business Machines Corp. 2001 */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_IBMCA
-
-#ifdef FLAT_INC
-#include "ica_openssl_api.h"
-#else
-#include "vendor_defns/ica_openssl_api.h"
-#endif
-
-#define IBMCA_LIB_NAME "ibmca engine"
-#include "hw_ibmca_err.c"
-
-static int ibmca_destroy(ENGINE *e);
-static int ibmca_init(ENGINE *e);
-static int ibmca_finish(ENGINE *e);
-static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
-
-static const char *IBMCA_F1 = "icaOpenAdapter";
-static const char *IBMCA_F2 = "icaCloseAdapter";
-static const char *IBMCA_F3 = "icaRsaModExpo";
-static const char *IBMCA_F4 = "icaRandomNumberGenerate";
-static const char *IBMCA_F5 = "icaRsaCrt";
-
-ICA_ADAPTER_HANDLE handle=0;
-
-/* BIGNUM stuff */
-static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-
-static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
- const BIGNUM *iqmp, BN_CTX *ctx);
-
-#ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
-#endif
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
-#ifndef OPENSSL_NO_DSA
-/* DSA stuff */
-static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
-static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* DH stuff */
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int ibmca_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-/* RAND stuff */
-static int ibmca_rand_bytes(unsigned char *buf, int num);
-static int ibmca_rand_status(void);
-
-
-/* WJH - check for more commands, like in nuron */
-
-/* The definitions for control commands specific to this engine */
-#define IBMCA_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN ibmca_cmd_defns[] = {
- {IBMCA_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'atasi' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD ibmca_rsa =
- {
- "Ibmca RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- ibmca_rsa_mod_exp,
- ibmca_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD ibmca_dsa =
- {
- "Ibmca DSA method",
- NULL, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- NULL, /* dsa_do_verify */
- ibmca_dsa_mod_exp, /* dsa_mod_exp */
- ibmca_mod_exp_dsa, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL /* app_data */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD ibmca_dh =
- {
- "Ibmca DH method",
- NULL,
- NULL,
- ibmca_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL
- };
-#endif
-
-static RAND_METHOD ibmca_rand =
- {
- /* "IBMCA RAND method", */
- NULL,
- ibmca_rand_bytes,
- NULL,
- NULL,
- ibmca_rand_bytes,
- ibmca_rand_status,
- };
-
-/* Constants used when creating the ENGINE */
-static const char *engine_ibmca_id = "ibmca";
-static const char *engine_ibmca_name = "Ibmca hardware engine support";
-
-/* This internal function is used by ENGINE_ibmca() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth2;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth3;
-#endif
- if(!ENGINE_set_id(e, engine_ibmca_id) ||
- !ENGINE_set_name(e, engine_ibmca_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &ibmca_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &ibmca_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &ibmca_dh) ||
-#endif
- !ENGINE_set_RAND(e, &ibmca_rand) ||
- !ENGINE_set_destroy_function(e, ibmca_destroy) ||
- !ENGINE_set_init_function(e, ibmca_init) ||
- !ENGINE_set_finish_function(e, ibmca_finish) ||
- !ENGINE_set_ctrl_function(e, ibmca_ctrl) ||
- !ENGINE_set_cmd_defns(e, ibmca_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the ibmca-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- ibmca_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- ibmca_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- ibmca_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- ibmca_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DSA
- /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
- * bits. */
- meth2 = DSA_OpenSSL();
- ibmca_dsa.dsa_do_sign = meth2->dsa_do_sign;
- ibmca_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
- ibmca_dsa.dsa_do_verify = meth2->dsa_do_verify;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth3 = DH_OpenSSL();
- ibmca_dh.generate_key = meth3->generate_key;
- ibmca_dh.compute_key = meth3->compute_key;
-#endif
-
- /* Ensure the ibmca error handling is set up */
- ERR_load_IBMCA_strings();
- return 1;
- }
-
-static ENGINE *engine_ibmca(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static
-#endif
-void ENGINE_load_ibmca(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_ibmca();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-
-/* Destructor (complements the "ENGINE_ibmca()" constructor) */
-static int ibmca_destroy(ENGINE *e)
- {
- /* Unload the ibmca error strings so any error state including our
- * functs or reasons won't lead to a segfault (they simply get displayed
- * without corresponding string data because none will be found). */
- ERR_unload_IBMCA_strings();
- return 1;
- }
-
-
-/* This is a process-global DSO handle used for loading and unloading
- * the Ibmca library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-
-static DSO *ibmca_dso = NULL;
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-
-static unsigned int (ICA_CALL *p_icaOpenAdapter)();
-static unsigned int (ICA_CALL *p_icaCloseAdapter)();
-static unsigned int (ICA_CALL *p_icaRsaModExpo)();
-static unsigned int (ICA_CALL *p_icaRandomNumberGenerate)();
-static unsigned int (ICA_CALL *p_icaRsaCrt)();
-
-/* utility function to obtain a context */
-static int get_context(ICA_ADAPTER_HANDLE *p_handle)
- {
- unsigned int status=0;
-
- status = p_icaOpenAdapter(0, p_handle);
- if(status != 0)
- return 0;
- return 1;
- }
-
-/* similarly to release one. */
-static void release_context(ICA_ADAPTER_HANDLE handle)
- {
- p_icaCloseAdapter(handle);
- }
-
-/* (de)initialisation functions. */
-static int ibmca_init(ENGINE *e)
- {
-
- void (*p1)();
- void (*p2)();
- void (*p3)();
- void (*p4)();
- void (*p5)();
-
- if(ibmca_dso != NULL)
- {
- IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
- * changed unfortunately because the Ibmca drivers don't have
- * standard library names that can be platform-translated well. */
- /* TODO: Work out how to actually map to the names the Ibmca
- * drivers really use - for now a symbollic link needs to be
- * created on the host system from libatasi.so to atasi.so on
- * unix variants. */
-
- /* WJH XXX check name translation */
-
- ibmca_dso = DSO_load(NULL, IBMCA_LIBNAME, NULL,
- /* DSO_FLAG_NAME_TRANSLATION */ 0);
- if(ibmca_dso == NULL)
- {
- IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);
- goto err;
- }
-
- if(!(p1 = DSO_bind_func(
- ibmca_dso, IBMCA_F1)) ||
- !(p2 = DSO_bind_func(
- ibmca_dso, IBMCA_F2)) ||
- !(p3 = DSO_bind_func(
- ibmca_dso, IBMCA_F3)) ||
- !(p4 = DSO_bind_func(
- ibmca_dso, IBMCA_F4)) ||
- !(p5 = DSO_bind_func(
- ibmca_dso, IBMCA_F5)))
- {
- IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);
- goto err;
- }
-
- /* Copy the pointers */
-
- p_icaOpenAdapter = (unsigned int (ICA_CALL *)())p1;
- p_icaCloseAdapter = (unsigned int (ICA_CALL *)())p2;
- p_icaRsaModExpo = (unsigned int (ICA_CALL *)())p3;
- p_icaRandomNumberGenerate = (unsigned int (ICA_CALL *)())p4;
- p_icaRsaCrt = (unsigned int (ICA_CALL *)())p5;
-
- if(!get_context(&handle))
- {
- IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_UNIT_FAILURE);
- goto err;
- }
-
- return 1;
- err:
- if(ibmca_dso)
- DSO_free(ibmca_dso);
-
- p_icaOpenAdapter = NULL;
- p_icaCloseAdapter = NULL;
- p_icaRsaModExpo = NULL;
- p_icaRandomNumberGenerate = NULL;
-
- return 0;
- }
-
-static int ibmca_finish(ENGINE *e)
- {
- if(ibmca_dso == NULL)
- {
- IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_NOT_LOADED);
- return 0;
- }
- release_context(handle);
- if(!DSO_free(ibmca_dso))
- {
- IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_DSO_FAILURE);
- return 0;
- }
- ibmca_dso = NULL;
-
- return 1;
- }
-
-static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
- {
- int initialised = ((ibmca_dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case IBMCA_CMD_SO_PATH:
- if(p == NULL)
- {
- IBMCAerr(IBMCA_F_IBMCA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_ALREADY_LOADED);
- return 0;
- }
- IBMCA_LIBNAME = (const char *)p;
- return 1;
- default:
- break;
- }
- IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-
-static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- /* I need somewhere to store temporary serialised values for
- * use with the Ibmca API calls. A neat cheat - I'll use
- * BIGNUMs from the BN_CTX but access their arrays directly as
- * byte arrays <grin>. This way I don't have to clean anything
- * up. */
-
- BIGNUM *argument=NULL;
- BIGNUM *result=NULL;
- BIGNUM *key=NULL;
- int to_return;
- int inLen, outLen, tmpLen;
-
-
- ICA_KEY_RSA_MODEXPO *publKey=NULL;
- unsigned int rc;
-
- to_return = 0; /* expect failure */
-
- if(!ibmca_dso)
- {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_NOT_LOADED);
- goto err;
- }
- /* Prepare the params */
- BN_CTX_start(ctx);
- argument = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- key = BN_CTX_get(ctx);
-
- if( !argument || !result || !key)
- {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_CTX_FULL);
- goto err;
- }
-
-
- if(!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top) ||
- !bn_wexpand(key, sizeof(*publKey)/BN_BYTES))
-
- {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- publKey = (ICA_KEY_RSA_MODEXPO *)key->d;
-
- if (publKey == NULL)
- {
- goto err;
- }
- memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO));
-
- publKey->keyType = CORRECT_ENDIANNESS(ME_KEY_TYPE);
- publKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO));
- publKey->expOffset = (char *) publKey->keyRecord - (char *) publKey;
-
- /* A quirk of the card: the exponent length has to be the same
- as the modulus (key) length */
-
- outLen = BN_num_bytes(m);
-
-/* check for modulus length SAB*/
- if (outLen > 256 ) {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_MEXP_LENGTH_TO_LARGE);
- goto err;
- }
-/* check for modulus length SAB*/
-
-
- publKey->expLength = publKey->nLength = outLen;
-/* SAB Check for underflow condition
- the size of the exponent is less than the size of the parameter
- then we have a big problem and will underflow the keyRecord
- buffer. Bad stuff could happen then
-*/
-if (outLen < BN_num_bytes(p)){
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_UNDERFLOW_KEYRECORD);
- goto err;
-}
-/* SAB End check for underflow */
-
-
- BN_bn2bin(p, &publKey->keyRecord[publKey->expLength -
- BN_num_bytes(p)]);
- BN_bn2bin(m, &publKey->keyRecord[publKey->expLength]);
-
-
-
- publKey->modulusBitLength = CORRECT_ENDIANNESS(publKey->nLength * 8);
- publKey->nOffset = CORRECT_ENDIANNESS(publKey->expOffset +
- publKey->expLength);
-
- publKey->expOffset = CORRECT_ENDIANNESS((char *) publKey->keyRecord -
- (char *) publKey);
-
- tmpLen = outLen;
- publKey->expLength = publKey->nLength = CORRECT_ENDIANNESS(tmpLen);
-
- /* Prepare the argument */
-
- memset(argument->d, 0, outLen);
- BN_bn2bin(a, (unsigned char *)argument->d + outLen -
- BN_num_bytes(a));
-
- inLen = outLen;
-
- /* Perform the operation */
-
- if( (rc = p_icaRsaModExpo(handle, inLen,(unsigned char *)argument->d,
- publKey, &outLen, (unsigned char *)result->d))
- !=0 )
-
- {
- printf("rc = %d\n", rc);
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_REQUEST_FAILED);
- goto err;
- }
-
-
- /* Convert the response */
- BN_bin2bn((unsigned char *)result->d, outLen, r);
- to_return = 1;
- err:
- BN_CTX_end(ctx);
- return to_return;
- }
-
-#ifndef OPENSSL_NO_RSA
-static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
- {
- BN_CTX *ctx;
- int to_return = 0;
-
- if((ctx = BN_CTX_new()) == NULL)
- goto err;
- if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
- {
- if(!rsa->d || !rsa->n)
- {
- IBMCAerr(IBMCA_F_IBMCA_RSA_MOD_EXP,
- IBMCA_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
- to_return = ibmca_mod_exp(r0, I, rsa->d, rsa->n, ctx);
- }
- else
- {
- to_return = ibmca_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
- rsa->dmq1, rsa->iqmp, ctx);
- }
- err:
- if(ctx)
- BN_CTX_free(ctx);
- return to_return;
- }
-#endif
-
-/* Ein kleines chinesisches "Restessen" */
-static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1,
- const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
- {
-
- BIGNUM *argument = NULL;
- BIGNUM *result = NULL;
- BIGNUM *key = NULL;
-
- int to_return = 0; /* expect failure */
-
- char *pkey=NULL;
- ICA_KEY_RSA_CRT *privKey=NULL;
- int inLen, outLen;
-
- int rc;
- unsigned int offset, pSize, qSize;
-/* SAB New variables */
- unsigned int keyRecordSize;
- unsigned int pbytes = BN_num_bytes(p);
- unsigned int qbytes = BN_num_bytes(q);
- unsigned int dmp1bytes = BN_num_bytes(dmp1);
- unsigned int dmq1bytes = BN_num_bytes(dmq1);
- unsigned int iqmpbytes = BN_num_bytes(iqmp);
-
- /* Prepare the params */
-
- BN_CTX_start(ctx);
- argument = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- key = BN_CTX_get(ctx);
-
- if(!argument || !result || !key)
- {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_CTX_FULL);
- goto err;
- }
-
- if(!bn_wexpand(argument, p->top + q->top) ||
- !bn_wexpand(result, p->top + q->top) ||
- !bn_wexpand(key, sizeof(*privKey)/BN_BYTES ))
- {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_EXPAND_FAIL);
- goto err;
- }
-
-
- privKey = (ICA_KEY_RSA_CRT *)key->d;
-/* SAB Add check for total size in bytes of the parms does not exceed
- the buffer space we have
- do this first
-*/
- keyRecordSize = pbytes+qbytes+dmp1bytes+dmq1bytes+iqmpbytes;
- if ( keyRecordSize > sizeof(privKey->keyRecord )) {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
- goto err;
- }
-
- if ( (qbytes + dmq1bytes) > 256 ){
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
- goto err;
- }
-
- if ( pbytes + dmp1bytes > 256 ) {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);
- goto err;
- }
-
-/* end SAB additions */
-
- memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT));
- privKey->keyType = CORRECT_ENDIANNESS(CRT_KEY_TYPE);
- privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT));
- privKey->modulusBitLength =
- CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8);
-
- /*
- * p,dp & qInv are 1 QWORD Larger
- */
- privKey->pLength = CORRECT_ENDIANNESS(BN_num_bytes(p)+8);
- privKey->qLength = CORRECT_ENDIANNESS(BN_num_bytes(q));
- privKey->dpLength = CORRECT_ENDIANNESS(BN_num_bytes(dmp1)+8);
- privKey->dqLength = CORRECT_ENDIANNESS(BN_num_bytes(dmq1));
- privKey->qInvLength = CORRECT_ENDIANNESS(BN_num_bytes(iqmp)+8);
-
- offset = (char *) privKey->keyRecord
- - (char *) privKey;
-
- qSize = BN_num_bytes(q);
- pSize = qSize + 8; /* 1 QWORD larger */
-
-
-/* SAB probably aittle redundant, but we'll verify that each of the
- components which make up a key record sent ot the card does not exceed
- the space that is allocated for it. this handles the case where even if
- the total length does not exceed keyrecord zied, if the operands are funny sized
-they could cause potential side affects on either the card or the result */
-
- if ( (pbytes > pSize) || (dmp1bytes > pSize) ||
- (iqmpbytes > pSize) || ( qbytes >qSize) ||
- (dmq1bytes > qSize) ) {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);
- goto err;
-
- }
-
-
- privKey->dpOffset = CORRECT_ENDIANNESS(offset);
-
- offset += pSize;
- privKey->dqOffset = CORRECT_ENDIANNESS(offset);
-
- offset += qSize;
- privKey->pOffset = CORRECT_ENDIANNESS(offset);
-
- offset += pSize;
- privKey->qOffset = CORRECT_ENDIANNESS(offset);
-
- offset += qSize;
- privKey->qInvOffset = CORRECT_ENDIANNESS(offset);
-
- pkey = (char *) privKey->keyRecord;
-
-
-/* SAB first check that we don;t under flow the buffer */
- if ( pSize < pbytes ) {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION);
- goto err;
- }
-
- /* pkey += pSize - BN_num_bytes(p); WROING this should be dmp1) */
- pkey += pSize - BN_num_bytes(dmp1);
- BN_bn2bin(dmp1, pkey);
- pkey += BN_num_bytes(dmp1); /* move the pointer */
-
- BN_bn2bin(dmq1, pkey); /* Copy over dmq1 */
-
- pkey += qSize; /* move pointer */
- pkey += pSize - BN_num_bytes(p); /* set up for zero padding of next field */
-
- BN_bn2bin(p, pkey);
- pkey += BN_num_bytes(p); /* increment pointer by number of bytes moved */
-
- BN_bn2bin(q, pkey);
- pkey += qSize ; /* move the pointer */
- pkey += pSize - BN_num_bytes(iqmp); /* Adjust for padding */
- BN_bn2bin(iqmp, pkey);
-
- /* Prepare the argument and response */
-
- outLen = CORRECT_ENDIANNESS(privKey->qLength) * 2; /* Correct endianess is used
- because the fields were converted above */
-
- if (outLen > 256) {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OUTLEN_TO_LARGE);
- goto err;
- }
-
- /* SAB check for underflow here on the argeument */
- if ( outLen < BN_num_bytes(a)) {
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_UNDERFLOW_CONDITION);
- goto err;
- }
-
- BN_bn2bin(a, (unsigned char *)argument->d + outLen -
- BN_num_bytes(a));
- inLen = outLen;
-
- memset(result->d, 0, outLen);
-
- /* Perform the operation */
-
- if ( (rc = p_icaRsaCrt(handle, inLen, (unsigned char *)argument->d,
- privKey, &outLen, (unsigned char *)result->d)) != 0)
- {
- printf("rc = %d\n", rc);
- IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_REQUEST_FAILED);
- goto err;
- }
-
- /* Convert the response */
-
- BN_bin2bn((unsigned char *)result->d, outLen, r);
- to_return = 1;
-
- err:
- BN_CTX_end(ctx);
- return to_return;
-
- }
-
-#ifndef OPENSSL_NO_DSA
-/* This code was liberated and adapted from the commented-out code in
- * dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration
- * (it doesn't have a CRT form for RSA), this function means that an
- * Ibmca system running with a DSA server certificate can handshake
- * around 5 or 6 times faster/more than an equivalent system running with
- * RSA. Just check out the "signs" statistics from the RSA and DSA parts
- * of "openssl speed -engine ibmca dsa1024 rsa1024". */
-static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int to_return = 0;
-
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!ibmca_mod_exp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!ibmca_mod_exp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- to_return = 1;
- end:
- BN_free(&t);
- return to_return;
- }
-
-
-static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return ibmca_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return ibmca_mod_exp(r, a, p, m, ctx);
- }
-
-#ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int ibmca_mod_exp_dh(DH const *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return ibmca_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-/* Random bytes are good */
-static int ibmca_rand_bytes(unsigned char *buf, int num)
- {
- int to_return = 0; /* assume failure */
- unsigned int ret;
-
-
- if(handle == 0)
- {
- IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_NOT_INITIALISED);
- goto err;
- }
-
- ret = p_icaRandomNumberGenerate(handle, num, buf);
- if (ret < 0)
- {
- IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_REQUEST_FAILED);
- goto err;
- }
- to_return = 1;
- err:
- return to_return;
- }
-
-static int ibmca_rand_status(void)
- {
- return 1;
- }
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_ibmca_id) != 0)) /* WJH XXX */
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* ENGINE_DYNAMIC_SUPPORT */
-
-
-#endif /* !OPENSSL_NO_HW_IBMCA */
-#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/demos/engines/ibmca/hw_ibmca.ec b/crypto/openssl/demos/engines/ibmca/hw_ibmca.ec
deleted file mode 100644
index f68646d..0000000
--- a/crypto/openssl/demos/engines/ibmca/hw_ibmca.ec
+++ /dev/null
@@ -1,8 +0,0 @@
-# configuration file for util/mkerr.pl
-#
-# use like this:
-#
-# perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
-# -nostatic -staticloader -write *.c
-
-L IBMCA hw_ibmca_err.h hw_ibmca_err.c
diff --git a/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.c b/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.c
deleted file mode 100644
index c4053f6..0000000
--- a/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/* hw_ibmca_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "hw_ibmca_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-static ERR_STRING_DATA IBMCA_str_functs[]=
- {
-{ERR_PACK(0,IBMCA_F_IBMCA_CTRL,0), "IBMCA_CTRL"},
-{ERR_PACK(0,IBMCA_F_IBMCA_FINISH,0), "IBMCA_FINISH"},
-{ERR_PACK(0,IBMCA_F_IBMCA_INIT,0), "IBMCA_INIT"},
-{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP,0), "IBMCA_MOD_EXP"},
-{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP_CRT,0), "IBMCA_MOD_EXP_CRT"},
-{ERR_PACK(0,IBMCA_F_IBMCA_RAND_BYTES,0), "IBMCA_RAND_BYTES"},
-{ERR_PACK(0,IBMCA_F_IBMCA_RSA_MOD_EXP,0), "IBMCA_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA IBMCA_str_reasons[]=
- {
-{IBMCA_R_ALREADY_LOADED ,"already loaded"},
-{IBMCA_R_BN_CTX_FULL ,"bn ctx full"},
-{IBMCA_R_BN_EXPAND_FAIL ,"bn expand fail"},
-{IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
-{IBMCA_R_DSO_FAILURE ,"dso failure"},
-{IBMCA_R_MEXP_LENGTH_TO_LARGE ,"mexp length to large"},
-{IBMCA_R_MISSING_KEY_COMPONENTS ,"missing key components"},
-{IBMCA_R_NOT_INITIALISED ,"not initialised"},
-{IBMCA_R_NOT_LOADED ,"not loaded"},
-{IBMCA_R_OPERANDS_TO_LARGE ,"operands to large"},
-{IBMCA_R_OUTLEN_TO_LARGE ,"outlen to large"},
-{IBMCA_R_REQUEST_FAILED ,"request failed"},
-{IBMCA_R_UNDERFLOW_CONDITION ,"underflow condition"},
-{IBMCA_R_UNDERFLOW_KEYRECORD ,"underflow keyrecord"},
-{IBMCA_R_UNIT_FAILURE ,"unit failure"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef IBMCA_LIB_NAME
-static ERR_STRING_DATA IBMCA_lib_name[]=
- {
-{0 ,IBMCA_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int IBMCA_lib_error_code=0;
-static int IBMCA_error_init=1;
-
-static void ERR_load_IBMCA_strings(void)
- {
- if (IBMCA_lib_error_code == 0)
- IBMCA_lib_error_code=ERR_get_next_error_library();
-
- if (IBMCA_error_init)
- {
- IBMCA_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_functs);
- ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
-#endif
-
-#ifdef IBMCA_LIB_NAME
- IBMCA_lib_name->error = ERR_PACK(IBMCA_lib_error_code,0,0);
- ERR_load_strings(0,IBMCA_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_IBMCA_strings(void)
- {
- if (IBMCA_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_functs);
- ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
-#endif
-
-#ifdef IBMCA_LIB_NAME
- ERR_unload_strings(0,IBMCA_lib_name);
-#endif
- IBMCA_error_init=1;
- }
- }
-
-static void ERR_IBMCA_error(int function, int reason, char *file, int line)
- {
- if (IBMCA_lib_error_code == 0)
- IBMCA_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(IBMCA_lib_error_code,function,reason,file,line);
- }
diff --git a/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.h b/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.h
deleted file mode 100644
index da64bde..0000000
--- a/crypto/openssl/demos/engines/ibmca/hw_ibmca_err.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_IBMCA_ERR_H
-#define HEADER_IBMCA_ERR_H
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_IBMCA_strings(void);
-static void ERR_unload_IBMCA_strings(void);
-static void ERR_IBMCA_error(int function, int reason, char *file, int line);
-#define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the IBMCA functions. */
-
-/* Function codes. */
-#define IBMCA_F_IBMCA_CTRL 100
-#define IBMCA_F_IBMCA_FINISH 101
-#define IBMCA_F_IBMCA_INIT 102
-#define IBMCA_F_IBMCA_MOD_EXP 103
-#define IBMCA_F_IBMCA_MOD_EXP_CRT 104
-#define IBMCA_F_IBMCA_RAND_BYTES 105
-#define IBMCA_F_IBMCA_RSA_MOD_EXP 106
-
-/* Reason codes. */
-#define IBMCA_R_ALREADY_LOADED 100
-#define IBMCA_R_BN_CTX_FULL 101
-#define IBMCA_R_BN_EXPAND_FAIL 102
-#define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
-#define IBMCA_R_DSO_FAILURE 104
-#define IBMCA_R_MEXP_LENGTH_TO_LARGE 105
-#define IBMCA_R_MISSING_KEY_COMPONENTS 106
-#define IBMCA_R_NOT_INITIALISED 107
-#define IBMCA_R_NOT_LOADED 108
-#define IBMCA_R_OPERANDS_TO_LARGE 109
-#define IBMCA_R_OUTLEN_TO_LARGE 110
-#define IBMCA_R_REQUEST_FAILED 111
-#define IBMCA_R_UNDERFLOW_CONDITION 112
-#define IBMCA_R_UNDERFLOW_KEYRECORD 113
-#define IBMCA_R_UNIT_FAILURE 114
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/demos/engines/ibmca/ica_openssl_api.h b/crypto/openssl/demos/engines/ibmca/ica_openssl_api.h
deleted file mode 100644
index c77e0fd..0000000
--- a/crypto/openssl/demos/engines/ibmca/ica_openssl_api.h
+++ /dev/null
@@ -1,189 +0,0 @@
-
-#ifndef __ICA_OPENSSL_API_H__
-#define __ICA_OPENSSL_API_H__
-
-/**
- ** abstract data types for API
- **/
-
-#define ICA_ADAPTER_HANDLE int
-
-#if defined(linux) || defined (_AIX)
-#define ICA_CALL
-#endif
-
-#if defined(WIN32) || defined(_WIN32)
-#define ICA_CALL __stdcall
-#endif
-
-/*------------------------------------------------*
- | RSA defines and typedefs |
- *------------------------------------------------*/
- /*
- * All data elements of the RSA key are in big-endian format
- * Modulus-Exponent form of key
- *
- */
- #define MAX_EXP_SIZE 256
- #define MAX_MODULUS_SIZE 256
- #define MAX_MODEXP_SIZE (MAX_EXP_SIZE + MAX_MODULUS_SIZE)
-
- #define MAX_OPERAND_SIZE MAX_EXP_SIZE
-
- typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
- /*
- * All data elements of the RSA key are in big-endian format
- * Chinese Remainder Thereom(CRT) form of key
- * Used only for Decrypt, the encrypt form is typically Modulus-Exponent
- *
- */
- #define MAX_BP_SIZE 136
- #define MAX_BQ_SIZE 128
- #define MAX_NP_SIZE 136
- #define MAX_NQ_SIZE 128
- #define MAX_QINV_SIZE 136
- #define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)
-
-#define RSA_GEN_OPERAND_MAX 256 /* bytes */
-
-typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
-/*------------------------------------------------*
- | RSA key token types |
- *------------------------------------------------*/
-
-#define RSA_PUBLIC_MODULUS_EXPONENT 3
-#define RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6
-
-#define KEYTYPE_MODEXPO 1
-#define KEYTYPE_PKCSCRT 2
-
-
-/*------------------------------------------------*
- | RSA Key Token format |
- *------------------------------------------------*/
-
-/*
- * NOTE: All the fields in the ICA_KEY_RSA_MODEXPO structure
- * (lengths, offsets, exponents, modulus, etc.) are
- * stored in big-endian format
- */
-
-typedef struct _ICA_KEY_RSA_MODEXPO
-{ unsigned int keyType; /* RSA key type. */
- unsigned int keyLength; /* Total length of the token. */
- unsigned int modulusBitLength; /* Modulus n bit length. */
- /* -- Start of the data length.*/
- unsigned int nLength; /* Modulus n = p * q */
- unsigned int expLength; /* exponent (public or private)*/
- /* e = 1/d * mod(p-1)(q-1) */
- /* -- Start of the data offsets*/
- unsigned int nOffset; /* Modulus n . */
- unsigned int expOffset; /* exponent (public or private)*/
- unsigned char reserved[112]; /* reserved area */
- /* -- Start of the variable -- */
- /* -- length token data. -- */
- ICA_KEY_RSA_MODEXPO_REC keyRecord;
-} ICA_KEY_RSA_MODEXPO;
-#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
-
-/*
- * NOTE: All the fields in the ICA_KEY_RSA_CRT structure
- * (lengths, offsets, exponents, modulus, etc.) are
- * stored in big-endian format
- */
-
-typedef struct _ICA_KEY_RSA_CRT
-{ unsigned int keyType; /* RSA key type. */
- unsigned int keyLength; /* Total length of the token. */
- unsigned int modulusBitLength; /* Modulus n bit length. */
- /* -- Start of the data length.*/
-#if _AIX
- unsigned int nLength; /* Modulus n = p * q */
-#endif
- unsigned int pLength; /* Prime number p . */
- unsigned int qLength; /* Prime number q . */
- unsigned int dpLength; /* dp = d * mod(p-1) . */
- unsigned int dqLength; /* dq = d * mod(q-1) . */
- unsigned int qInvLength; /* PKCS: qInv = Ap/q */
- /* -- Start of the data offsets*/
-#if _AIX
- unsigned int nOffset; /* Modulus n . */
-#endif
- unsigned int pOffset; /* Prime number p . */
- unsigned int qOffset; /* Prime number q . */
- unsigned int dpOffset; /* dp . */
- unsigned int dqOffset; /* dq . */
- unsigned int qInvOffset; /* qInv for PKCS */
-#if _AIX
- unsigned char reserved[80]; /* reserved area */
-#else
- unsigned char reserved[88]; /* reserved area */
-#endif
- /* -- Start of the variable -- */
- /* -- length token data. -- */
- ICA_KEY_RSA_CRT_REC keyRecord;
-} ICA_KEY_RSA_CRT;
-#define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))
-
-unsigned int
-icaOpenAdapter( unsigned int adapterId,
- ICA_ADAPTER_HANDLE *pAdapterHandle );
-
-unsigned int
-icaCloseAdapter( ICA_ADAPTER_HANDLE adapterHandle );
-
-unsigned int
-icaRsaModExpo( ICA_ADAPTER_HANDLE hAdapterHandle,
- unsigned int inputDataLength,
- unsigned char *pInputData,
- ICA_KEY_RSA_MODEXPO *pKeyModExpo,
- unsigned int *pOutputDataLength,
- unsigned char *pOutputData );
-
-unsigned int
-icaRsaCrt( ICA_ADAPTER_HANDLE hAdapterHandle,
- unsigned int inputDataLength,
- unsigned char *pInputData,
- ICA_KEY_RSA_CRT *pKeyCrt,
- unsigned int *pOutputDataLength,
- unsigned char *pOutputData );
-
-unsigned int
-icaRandomNumberGenerate( ICA_ADAPTER_HANDLE hAdapterHandle,
- unsigned int outputDataLength,
- unsigned char *pOutputData );
-
-/* Specific macros and definitions to not have IFDEF;s all over the
- main code */
-
-#if (_AIX)
-static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
-#elif (WIN32)
-static const char *IBMCA_LIBNAME = "cryptica";
-#else
-static const char *IBMCA_LIBNAME = "ica";
-#endif
-
-#if (WIN32)
-/*
- The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and
- offsets must be in big-endian format.
-
-*/
-#define CORRECT_ENDIANNESS(b) ( \
- (((unsigned long) (b) & 0x000000ff) << 24) | \
- (((unsigned long) (b) & 0x0000ff00) << 8) | \
- (((unsigned long) (b) & 0x00ff0000) >> 8) | \
- (((unsigned long) (b) & 0xff000000) >> 24) \
- )
-#define CRT_KEY_TYPE RSA_PKCS_PRIVATE_CHINESE_REMAINDER
-#define ME_KEY_TYPE RSA_PUBLIC_MODULUS_EXPONENT
-#else
-#define CORRECT_ENDIANNESS(b) (b)
-#define CRT_KEY_TYPE KEYTYPE_PKCSCRT
-#define ME_KEY_TYPE KEYTYPE_MODEXPO
-#endif
-
-
-
-#endif /* __ICA_OPENSSL_API_H__ */
diff --git a/crypto/openssl/demos/engines/zencod/Makefile b/crypto/openssl/demos/engines/zencod/Makefile
deleted file mode 100644
index 5b6a339..0000000
--- a/crypto/openssl/demos/engines/zencod/Makefile
+++ /dev/null
@@ -1,114 +0,0 @@
-LIBNAME= libzencod
-SRC= hw_zencod.c
-OBJ= hw_zencod.o
-HEADER= hw_zencod.h
-
-CC= gcc
-PIC= -fPIC
-CFLAGS= -g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
-AR= ar r
-RANLIB= ranlib
-
-LIB= $(LIBNAME).a
-SHLIB= $(LIBNAME).so
-
-all:
- @echo 'Please choose a system to build on:'
- @echo ''
- @echo 'tru64: Tru64 Unix, Digital Unix, Digital OSF/1'
- @echo 'solaris: Solaris'
- @echo 'irix: IRIX'
- @echo 'hpux32: 32-bit HP/UX'
- @echo 'hpux64: 64-bit HP/UX'
- @echo 'aix: AIX'
- @echo 'gnu: Generic GNU-based system (gcc and GNU ld)'
- @echo ''
-
-FORCE.update:
-update: FORCE.update
- perl ../../../util/mkerr.pl -conf hw_zencod.ec \
- -nostatic -staticloader -write hw_zencod.c
-
-gnu: $(SHLIB).gnu
-tru64: $(SHLIB).tru64
-solaris: $(SHLIB).solaris
-irix: $(SHLIB).irix
-hpux32: $(SHLIB).hpux32
-hpux64: $(SHLIB).hpux64
-aix: $(SHLIB).aix
-
-$(LIB): $(OBJ)
- $(AR) $(LIB) $(OBJ)
- - $(RANLIB) $(LIB)
-
-LINK_SO= \
- ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
- (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
- $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
-
-$(SHLIB).gnu: $(LIB)
- ALLSYMSFLAGS='--whole-archive' \
- SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).gnu
-$(SHLIB).tru64: $(LIB)
- ALLSYMSFLAGS='-all' \
- SHAREDFLAGS='-shared' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).tru64
-$(SHLIB).solaris: $(LIB)
- ALLSYMSFLAGS='-z allextract' \
- SHAREDFLAGS='-G -h $(SHLIB)' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).solaris
-$(SHLIB).irix: $(LIB)
- ALLSYMSFLAGS='-all' \
- SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).irix
-$(SHLIB).hpux32: $(LIB)
- ALLSYMSFLAGS='-Fl' \
- SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
- SHAREDCMD='/usr/ccs/bin/ld'; \
- $(LINK_SO)
- touch $(SHLIB).hpux32
-$(SHLIB).hpux64: $(LIB)
- ALLSYMSFLAGS='+forceload' \
- SHAREDFLAGS='-b -z +h $(SHLIB)' \
- SHAREDCMD='/usr/ccs/bin/ld'; \
- $(LINK_SO)
- touch $(SHLIB).hpux64
-$(SHLIB).aix: $(LIB)
- ALLSYMSFLAGS='-bnogc' \
- SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
- SHAREDCMD='$(CC)'; \
- $(LINK_SO)
- touch $(SHLIB).aix
-
-depend:
- sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
- echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
- gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
- perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
- rm -f Makefile.tmp Makefile
- mv Makefile.new Makefile
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
-rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
-rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
-rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
-rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
-rsaref.o: ../../../include/openssl/opensslconf.h
-rsaref.o: ../../../include/openssl/opensslv.h
-rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
-rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
-rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
-rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
-rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
-rsaref.o: source/rsaref.h
diff --git a/crypto/openssl/demos/engines/zencod/hw_zencod.c b/crypto/openssl/demos/engines/zencod/hw_zencod.c
deleted file mode 100644
index 4234b93..0000000
--- a/crypto/openssl/demos/engines/zencod/hw_zencod.c
+++ /dev/null
@@ -1,1739 +0,0 @@
-/* crypto/engine/hw_zencod.c */
- /* Written by Fred Donnat (frederic.donnat@zencod.com) for "zencod"
- * engine integration in order to redirect crypto computing on a crypto
- * hardware accelerator zenssl32 ;-)
- *
- * Date : 25 jun 2002
- * Revision : 17 Ju7 2002
- * Version : zencod_engine-0.9.7
- */
-
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-/* ENGINE general include */
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_ZENCOD
-
-#ifdef FLAT_INC
-# include "hw_zencod.h"
-#else
-# include "vendor_defns/hw_zencod.h"
-#endif
-
-#define ZENCOD_LIB_NAME "zencod engine"
-#include "hw_zencod_err.c"
-
-#define FAIL_TO_SOFTWARE -15
-
-#define ZEN_LIBRARY "zenbridge"
-
-#if 0
-# define PERROR(s) perror(s)
-# define CHEESE() fputs("## [ZenEngine] ## " __FUNCTION__ "\n", stderr)
-#else
-# define PERROR(s)
-# define CHEESE()
-#endif
-
-
-/* Sorry ;) */
-#ifndef WIN32
-static inline void esrever ( unsigned char *d, int l )
-{
- for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}
-}
-
-static inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )
-{
- for(d+=l;l--;)*--d=*s++;
-}
-#else
-static __inline void esrever ( unsigned char *d, int l )
-{
- for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}
-}
-
-static __inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )
-{
- for(d+=l;l--;)*--d=*s++;
-}
-#endif
-
-
-#define BIGNUM2ZEN(n, bn) (ptr_zencod_init_number((n), \
- (unsigned long) ((bn)->top * BN_BITS2), \
- (unsigned char *) ((bn)->d)))
-
-#define ZEN_BITS(n, bytes) (ptr_zencod_bytes2bits((unsigned char *) (n), (unsigned long) (bytes)))
-#define ZEN_BYTES(bits) (ptr_zencod_bits2bytes((unsigned long) (bits)))
-
-
-/* Function for ENGINE detection and control */
-static int zencod_destroy ( ENGINE *e ) ;
-static int zencod_init ( ENGINE *e ) ;
-static int zencod_finish ( ENGINE *e ) ;
-static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () ) ;
-
-/* BIGNUM stuff */
-static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx ) ;
-
-/* RSA stuff */
-#ifndef OPENSSL_NO_RSA
-static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *I, RSA *rsa ) ;
-static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx ) ;
-#endif
-
-/* DSA stuff */
-#ifndef OPENSSL_NO_DSA
-static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx ) ;
-
-static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa ) ;
-static int DSA_zencod_do_verify ( const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
- DSA *dsa ) ;
-#endif
-
-/* DH stuff */
-#ifndef OPENSSL_NO_DH
-static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx ) ;
-static int DH_zencod_generate_key ( DH *dh ) ;
-static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh ) ;
-#endif
-
-/* Rand stuff */
-static void RAND_zencod_seed ( const void *buf, int num ) ;
-static int RAND_zencod_rand_bytes ( unsigned char *buf, int num ) ;
-static int RAND_zencod_rand_status ( void ) ;
-
-/* Digest Stuff */
-static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid ) ;
-
-/* Cipher Stuff */
-static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid ) ;
-
-
-#define ZENCOD_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN zencod_cmd_defns [ ] =
-{
- { ZENCOD_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'zenbridge' shared library",
- ENGINE_CMD_FLAG_STRING},
- { 0, NULL, NULL, 0 }
-} ;
-
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD specific to zencod ENGINE providing pointers to our function */
-static RSA_METHOD zencod_rsa =
-{
- "ZENCOD RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- RSA_zencod_rsa_mod_exp,
- RSA_zencod_bn_mod_exp,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL
-} ;
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD specific to zencod ENGINE providing pointers to our function */
-static DSA_METHOD zencod_dsa =
-{
- "ZENCOD DSA method",
- DSA_zencod_do_sign,
- NULL,
- DSA_zencod_do_verify,
- NULL,
- DSA_zencod_bn_mod_exp,
- NULL,
- NULL,
- 0,
- NULL
-} ;
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD specific to zencod ENGINE providing pointers to our function */
-static DH_METHOD zencod_dh =
-{
- "ZENCOD DH method",
- DH_zencod_generate_key,
- DH_zencod_compute_key,
- DH_zencod_bn_mod_exp,
- NULL,
- NULL,
- 0,
- NULL
-} ;
-#endif
-
-/* Our internal RAND_meth specific to zencod ZNGINE providing pointers to our function */
-static RAND_METHOD zencod_rand =
-{
- RAND_zencod_seed,
- RAND_zencod_rand_bytes,
- NULL,
- NULL,
- RAND_zencod_rand_bytes,
- RAND_zencod_rand_status
-} ;
-
-
-/* Constants used when creating the ENGINE */
-static const char *engine_zencod_id = "zencod";
-static const char *engine_zencod_name = "ZENCOD hardware engine support";
-
-
-/* This internal function is used by ENGINE_zencod () and possibly by the
- * "dynamic" ENGINE support too ;-)
- */
-static int bind_helper ( ENGINE *e )
-{
-
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth_rsa ;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth_dsa ;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth_dh ;
-#endif
-
- const RAND_METHOD *meth_rand ;
-
-
- if ( !ENGINE_set_id ( e, engine_zencod_id ) ||
- !ENGINE_set_name ( e, engine_zencod_name ) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA ( e, &zencod_rsa ) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA ( e, &zencod_dsa ) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH ( e, &zencod_dh ) ||
-#endif
- !ENGINE_set_RAND ( e, &zencod_rand ) ||
-
- !ENGINE_set_destroy_function ( e, zencod_destroy ) ||
- !ENGINE_set_init_function ( e, zencod_init ) ||
- !ENGINE_set_finish_function ( e, zencod_finish ) ||
- !ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||
- !ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||
- !ENGINE_set_digests ( e, engine_digests ) ||
- !ENGINE_set_ciphers ( e, engine_ciphers ) ) {
- return 0 ;
- }
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the Zencod-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway!
- */
- meth_rsa = RSA_PKCS1_SSLeay () ;
-
- zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;
- zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;
- zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;
- zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;
- /* meth_rsa->rsa_mod_exp */
- /* meth_rsa->bn_mod_exp */
- zencod_rsa.init = meth_rsa->init ;
- zencod_rsa.finish = meth_rsa->finish ;
-#endif
-
-#ifndef OPENSSL_NO_DSA
- /* We use OpenSSL meth to supply what we don't provide ;-*)
- */
- meth_dsa = DSA_OpenSSL () ;
-
- /* meth_dsa->dsa_do_sign */
- zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;
- /* meth_dsa->dsa_do_verify */
- zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;
- /* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
- zencod_dsa.init = meth_dsa->init ;
- zencod_dsa.finish = meth_dsa->finish ;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* We use OpenSSL meth to supply what we don't provide ;-*)
- */
- meth_dh = DH_OpenSSL () ;
-
- /* zencod_dh.generate_key = meth_dh->generate_key ; */
- /* zencod_dh.compute_key = meth_dh->compute_key ; */
- /* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
- zencod_dh.init = meth_dh->init ;
- zencod_dh.finish = meth_dh->finish ;
-
-#endif
-
- /* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
- */
- meth_rand = RAND_SSLeay () ;
-
- /* meth_rand->seed ; */
- /* zencod_rand.seed = meth_rand->seed ; */
- /* meth_rand->bytes ; */
- /* zencod_rand.bytes = meth_rand->bytes ; */
- zencod_rand.cleanup = meth_rand->cleanup ;
- zencod_rand.add = meth_rand->add ;
- /* meth_rand->pseudorand ; */
- /* zencod_rand.pseudorand = meth_rand->pseudorand ; */
- /* zencod_rand.status = meth_rand->status ; */
- /* meth_rand->status ; */
-
- /* Ensure the zencod error handling is set up */
- ERR_load_ZENCOD_strings () ;
- return 1 ;
-}
-
-
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!)
- */
-static ENGINE *ENGINE_zencod ( void )
-{
-
- ENGINE *eng = ENGINE_new () ;
-
- if ( !eng ) {
- return NULL ;
- }
- if ( !bind_helper ( eng ) ) {
- ENGINE_free ( eng ) ;
- return NULL ;
- }
-
- return eng ;
-}
-
-
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static
-#endif
-void ENGINE_load_zencod ( void )
-{
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = ENGINE_zencod ( ) ;
- if ( !toadd ) return ;
- ENGINE_add ( toadd ) ;
- ENGINE_free ( toadd ) ;
- ERR_clear_error ( ) ;
-}
-
-
-/* This is a process-global DSO handle used for loading and unloading
- * the ZENBRIDGE library.
- * NB: This is only set (or unset) during an * init () or finish () call
- * (reference counts permitting) and they're * operating with global locks,
- * so this should be thread-safe * implicitly.
- */
-static DSO *zencod_dso = NULL ;
-
-static t_zencod_test *ptr_zencod_test = NULL ;
-static t_zencod_bytes2bits *ptr_zencod_bytes2bits = NULL ;
-static t_zencod_bits2bytes *ptr_zencod_bits2bytes = NULL ;
-static t_zencod_new_number *ptr_zencod_new_number = NULL ;
-static t_zencod_init_number *ptr_zencod_init_number = NULL ;
-
-static t_zencod_rsa_mod_exp *ptr_zencod_rsa_mod_exp = NULL ;
-static t_zencod_rsa_mod_exp_crt *ptr_zencod_rsa_mod_exp_crt = NULL ;
-static t_zencod_dsa_do_sign *ptr_zencod_dsa_do_sign = NULL ;
-static t_zencod_dsa_do_verify *ptr_zencod_dsa_do_verify = NULL ;
-static t_zencod_dh_generate_key *ptr_zencod_dh_generate_key = NULL ;
-static t_zencod_dh_compute_key *ptr_zencod_dh_compute_key = NULL ;
-static t_zencod_rand_bytes *ptr_zencod_rand_bytes = NULL ;
-static t_zencod_math_mod_exp *ptr_zencod_math_mod_exp = NULL ;
-
-static t_zencod_md5_init *ptr_zencod_md5_init = NULL ;
-static t_zencod_md5_update *ptr_zencod_md5_update = NULL ;
-static t_zencod_md5_do_final *ptr_zencod_md5_do_final = NULL ;
-static t_zencod_sha1_init *ptr_zencod_sha1_init = NULL ;
-static t_zencod_sha1_update *ptr_zencod_sha1_update = NULL ;
-static t_zencod_sha1_do_final *ptr_zencod_sha1_do_final = NULL ;
-
-static t_zencod_xdes_cipher *ptr_zencod_xdes_cipher = NULL ;
-static t_zencod_rc4_cipher *ptr_zencod_rc4_cipher = NULL ;
-
-/* These are the static string constants for the DSO file name and the function
- * symbol names to bind to.
- */
-static const char *ZENCOD_LIBNAME = ZEN_LIBRARY ;
-
-static const char *ZENCOD_Fct_0 = "test_device" ;
-static const char *ZENCOD_Fct_1 = "zenbridge_bytes2bits" ;
-static const char *ZENCOD_Fct_2 = "zenbridge_bits2bytes" ;
-static const char *ZENCOD_Fct_3 = "zenbridge_new_number" ;
-static const char *ZENCOD_Fct_4 = "zenbridge_init_number" ;
-
-static const char *ZENCOD_Fct_exp_1 = "zenbridge_rsa_mod_exp" ;
-static const char *ZENCOD_Fct_exp_2 = "zenbridge_rsa_mod_exp_crt" ;
-static const char *ZENCOD_Fct_dsa_1 = "zenbridge_dsa_do_sign" ;
-static const char *ZENCOD_Fct_dsa_2 = "zenbridge_dsa_do_verify" ;
-static const char *ZENCOD_Fct_dh_1 = "zenbridge_dh_generate_key" ;
-static const char *ZENCOD_Fct_dh_2 = "zenbridge_dh_compute_key" ;
-static const char *ZENCOD_Fct_rand_1 = "zenbridge_rand_bytes" ;
-static const char *ZENCOD_Fct_math_1 = "zenbridge_math_mod_exp" ;
-
-static const char *ZENCOD_Fct_md5_1 = "zenbridge_md5_init" ;
-static const char *ZENCOD_Fct_md5_2 = "zenbridge_md5_update" ;
-static const char *ZENCOD_Fct_md5_3 = "zenbridge_md5_do_final" ;
-static const char *ZENCOD_Fct_sha1_1 = "zenbridge_sha1_init" ;
-static const char *ZENCOD_Fct_sha1_2 = "zenbridge_sha1_update" ;
-static const char *ZENCOD_Fct_sha1_3 = "zenbridge_sha1_do_final" ;
-
-static const char *ZENCOD_Fct_xdes_1 = "zenbridge_xdes_cipher" ;
-static const char *ZENCOD_Fct_rc4_1 = "zenbridge_rc4_cipher" ;
-
-/* Destructor (complements the "ENGINE_zencod ()" constructor)
- */
-static int zencod_destroy (ENGINE *e )
-{
-
- ERR_unload_ZENCOD_strings () ;
-
- return 1 ;
-}
-
-
-/* (de)initialisation functions. Control Function
- */
-static int zencod_init ( ENGINE *e )
-{
-
- t_zencod_test *ptr_0 ;
- t_zencod_bytes2bits *ptr_1 ;
- t_zencod_bits2bytes *ptr_2 ;
- t_zencod_new_number *ptr_3 ;
- t_zencod_init_number *ptr_4 ;
- t_zencod_rsa_mod_exp *ptr_exp_1 ;
- t_zencod_rsa_mod_exp_crt *ptr_exp_2 ;
- t_zencod_dsa_do_sign *ptr_dsa_1 ;
- t_zencod_dsa_do_verify *ptr_dsa_2 ;
- t_zencod_dh_generate_key *ptr_dh_1 ;
- t_zencod_dh_compute_key *ptr_dh_2 ;
- t_zencod_rand_bytes *ptr_rand_1 ;
- t_zencod_math_mod_exp *ptr_math_1 ;
- t_zencod_md5_init *ptr_md5_1 ;
- t_zencod_md5_update *ptr_md5_2 ;
- t_zencod_md5_do_final *ptr_md5_3 ;
- t_zencod_sha1_init *ptr_sha1_1 ;
- t_zencod_sha1_update *ptr_sha1_2 ;
- t_zencod_sha1_do_final *ptr_sha1_3 ;
- t_zencod_xdes_cipher *ptr_xdes_1 ;
- t_zencod_rc4_cipher *ptr_rc4_1 ;
-
- CHEESE () ;
-
- /*
- * We Should add some tests for non NULL parameters or bad value !!
- * Stuff to be done ...
- */
-
- if ( zencod_dso != NULL ) {
- ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_ALREADY_LOADED ) ;
- goto err ;
- }
- /* Trying to load the Library "cryptozen"
- */
- zencod_dso = DSO_load ( NULL, ZENCOD_LIBNAME, NULL, 0 ) ;
- if ( zencod_dso == NULL ) {
- ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;
- goto err ;
- }
-
- /* Trying to load Function from the Library
- */
- if ( ! ( ptr_1 = (t_zencod_bytes2bits*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_1 ) ) ||
- ! ( ptr_2 = (t_zencod_bits2bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_2 ) ) ||
- ! ( ptr_3 = (t_zencod_new_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_3 ) ) ||
- ! ( ptr_4 = (t_zencod_init_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_4 ) ) ||
- ! ( ptr_exp_1 = (t_zencod_rsa_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_1 ) ) ||
- ! ( ptr_exp_2 = (t_zencod_rsa_mod_exp_crt*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_2 ) ) ||
- ! ( ptr_dsa_1 = (t_zencod_dsa_do_sign*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_1 ) ) ||
- ! ( ptr_dsa_2 = (t_zencod_dsa_do_verify*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_2 ) ) ||
- ! ( ptr_dh_1 = (t_zencod_dh_generate_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_1 ) ) ||
- ! ( ptr_dh_2 = (t_zencod_dh_compute_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_2 ) ) ||
- ! ( ptr_rand_1 = (t_zencod_rand_bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rand_1 ) ) ||
- ! ( ptr_math_1 = (t_zencod_math_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_math_1 ) ) ||
- ! ( ptr_0 = (t_zencod_test *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_0 ) ) ||
- ! ( ptr_md5_1 = (t_zencod_md5_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_1 ) ) ||
- ! ( ptr_md5_2 = (t_zencod_md5_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_2 ) ) ||
- ! ( ptr_md5_3 = (t_zencod_md5_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_3 ) ) ||
- ! ( ptr_sha1_1 = (t_zencod_sha1_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_1 ) ) ||
- ! ( ptr_sha1_2 = (t_zencod_sha1_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_2 ) ) ||
- ! ( ptr_sha1_3 = (t_zencod_sha1_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_3 ) ) ||
- ! ( ptr_xdes_1 = (t_zencod_xdes_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_xdes_1 ) ) ||
- ! ( ptr_rc4_1 = (t_zencod_rc4_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rc4_1 ) ) ) {
-
- ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;
- goto err ;
- }
-
- /* The function from "cryptozen" Library have been correctly loaded so copy them
- */
- ptr_zencod_test = ptr_0 ;
- ptr_zencod_bytes2bits = ptr_1 ;
- ptr_zencod_bits2bytes = ptr_2 ;
- ptr_zencod_new_number = ptr_3 ;
- ptr_zencod_init_number = ptr_4 ;
- ptr_zencod_rsa_mod_exp = ptr_exp_1 ;
- ptr_zencod_rsa_mod_exp_crt = ptr_exp_2 ;
- ptr_zencod_dsa_do_sign = ptr_dsa_1 ;
- ptr_zencod_dsa_do_verify = ptr_dsa_2 ;
- ptr_zencod_dh_generate_key = ptr_dh_1 ;
- ptr_zencod_dh_compute_key = ptr_dh_2 ;
- ptr_zencod_rand_bytes = ptr_rand_1 ;
- ptr_zencod_math_mod_exp = ptr_math_1 ;
- ptr_zencod_test = ptr_0 ;
- ptr_zencod_md5_init = ptr_md5_1 ;
- ptr_zencod_md5_update = ptr_md5_2 ;
- ptr_zencod_md5_do_final = ptr_md5_3 ;
- ptr_zencod_sha1_init = ptr_sha1_1 ;
- ptr_zencod_sha1_update = ptr_sha1_2 ;
- ptr_zencod_sha1_do_final = ptr_sha1_3 ;
- ptr_zencod_xdes_cipher = ptr_xdes_1 ;
- ptr_zencod_rc4_cipher = ptr_rc4_1 ;
-
- /* We should peform a test to see if there is actually any unit runnig on the system ...
- * Even if the cryptozen library is loaded the module coul not be loaded on the system ...
- * For now we may just open and close the device !!
- */
-
- if ( ptr_zencod_test () != 0 ) {
- ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_UNIT_FAILURE ) ;
- goto err ;
- }
-
- return 1 ;
-err :
- if ( zencod_dso ) {
- DSO_free ( zencod_dso ) ;
- }
- zencod_dso = NULL ;
- ptr_zencod_bytes2bits = NULL ;
- ptr_zencod_bits2bytes = NULL ;
- ptr_zencod_new_number = NULL ;
- ptr_zencod_init_number = NULL ;
- ptr_zencod_rsa_mod_exp = NULL ;
- ptr_zencod_rsa_mod_exp_crt = NULL ;
- ptr_zencod_dsa_do_sign = NULL ;
- ptr_zencod_dsa_do_verify = NULL ;
- ptr_zencod_dh_generate_key = NULL ;
- ptr_zencod_dh_compute_key = NULL ;
- ptr_zencod_rand_bytes = NULL ;
- ptr_zencod_math_mod_exp = NULL ;
- ptr_zencod_test = NULL ;
- ptr_zencod_md5_init = NULL ;
- ptr_zencod_md5_update = NULL ;
- ptr_zencod_md5_do_final = NULL ;
- ptr_zencod_sha1_init = NULL ;
- ptr_zencod_sha1_update = NULL ;
- ptr_zencod_sha1_do_final = NULL ;
- ptr_zencod_xdes_cipher = NULL ;
- ptr_zencod_rc4_cipher = NULL ;
-
- return 0 ;
-}
-
-
-static int zencod_finish ( ENGINE *e )
-{
-
- CHEESE () ;
-
- /*
- * We Should add some tests for non NULL parameters or bad value !!
- * Stuff to be done ...
- */
- if ( zencod_dso == NULL ) {
- ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_NOT_LOADED ) ;
- return 0 ;
- }
- if ( !DSO_free ( zencod_dso ) ) {
- ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_DSO_FAILURE ) ;
- return 0 ;
- }
-
- zencod_dso = NULL ;
-
- ptr_zencod_bytes2bits = NULL ;
- ptr_zencod_bits2bytes = NULL ;
- ptr_zencod_new_number = NULL ;
- ptr_zencod_init_number = NULL ;
- ptr_zencod_rsa_mod_exp = NULL ;
- ptr_zencod_rsa_mod_exp_crt = NULL ;
- ptr_zencod_dsa_do_sign = NULL ;
- ptr_zencod_dsa_do_verify = NULL ;
- ptr_zencod_dh_generate_key = NULL ;
- ptr_zencod_dh_compute_key = NULL ;
- ptr_zencod_rand_bytes = NULL ;
- ptr_zencod_math_mod_exp = NULL ;
- ptr_zencod_test = NULL ;
- ptr_zencod_md5_init = NULL ;
- ptr_zencod_md5_update = NULL ;
- ptr_zencod_md5_do_final = NULL ;
- ptr_zencod_sha1_init = NULL ;
- ptr_zencod_sha1_update = NULL ;
- ptr_zencod_sha1_do_final = NULL ;
- ptr_zencod_xdes_cipher = NULL ;
- ptr_zencod_rc4_cipher = NULL ;
-
- return 1 ;
-}
-
-
-static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () )
-{
-
- int initialised = ( ( zencod_dso == NULL ) ? 0 : 1 ) ;
-
- CHEESE () ;
-
- /*
- * We Should add some tests for non NULL parameters or bad value !!
- * Stuff to be done ...
- */
- switch ( cmd ) {
- case ZENCOD_CMD_SO_PATH :
- if ( p == NULL ) {
- ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ERR_R_PASSED_NULL_PARAMETER ) ;
- return 0 ;
- }
- if ( initialised ) {
- ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_ALREADY_LOADED ) ;
- return 0 ;
- }
- ZENCOD_LIBNAME = (const char *) p ;
- return 1 ;
- default :
- break ;
- }
-
- ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ) ;
-
- return 0 ;
-}
-
-
-/* BIGNUM stuff Functions
- */
-static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx )
-{
- zen_nb_t y, x, e, n;
- int ret;
-
- CHEESE () ;
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_NOT_LOADED);
- return 0;
- }
-
- if ( !bn_wexpand(r, m->top + 1) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
- return 0;
- }
-
- memset(r->d, 0, BN_num_bytes(m));
-
- ptr_zencod_init_number ( &y, (r->dmax - 1) * sizeof (BN_ULONG) * 8, (unsigned char *) r->d ) ;
- BIGNUM2ZEN ( &x, a ) ;
- BIGNUM2ZEN ( &e, p ) ;
- BIGNUM2ZEN ( &n, m ) ;
-
- /* Must invert x and e parameter due to BN mod exp prototype ... */
- ret = ptr_zencod_math_mod_exp ( &y, &e, &x, &n ) ;
-
- if ( ret ) {
- PERROR("zenbridge_math_mod_exp");
- ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
- return 0;
- }
-
- r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
-
- return 1;
-}
-
-
-/* RSA stuff Functions
- */
-#ifndef OPENSSL_NO_RSA
-static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *i, RSA *rsa )
-{
-
- CHEESE () ;
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_NOT_LOADED);
- return 0;
- }
-
- if ( !rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp ) {
- ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BAD_KEY_COMPONENTS);
- return 0;
- }
-
- /* Do in software if argument is too large for hardware */
- if ( RSA_size(rsa) * 8 > ZENBRIDGE_MAX_KEYSIZE_RSA_CRT ) {
- const RSA_METHOD *meth;
-
- meth = RSA_PKCS1_SSLeay();
- return meth->rsa_mod_exp(r0, i, rsa);
- } else {
- zen_nb_t y, x, p, q, dmp1, dmq1, iqmp;
-
- if ( !bn_expand(r0, RSA_size(rsa) * 8) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BN_EXPAND_FAIL);
- return 0;
- }
- r0->top = (RSA_size(rsa) * 8 + BN_BITS2 - 1) / BN_BITS2;
-
- BIGNUM2ZEN ( &x, i ) ;
- BIGNUM2ZEN ( &y, r0 ) ;
- BIGNUM2ZEN ( &p, rsa->p ) ;
- BIGNUM2ZEN ( &q, rsa->q ) ;
- BIGNUM2ZEN ( &dmp1, rsa->dmp1 ) ;
- BIGNUM2ZEN ( &dmq1, rsa->dmq1 ) ;
- BIGNUM2ZEN ( &iqmp, rsa->iqmp ) ;
-
- if ( ptr_zencod_rsa_mod_exp_crt ( &y, &x, &p, &q, &dmp1, &dmq1, &iqmp ) < 0 ) {
- PERROR("zenbridge_rsa_mod_exp_crt");
- ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_REQUEST_FAILED);
- return 0;
- }
-
- return 1;
- }
-}
-
-
-/* This function is aliased to RSA_mod_exp (with the mont stuff dropped).
- */
-static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx )
-{
-
- CHEESE () ;
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_NOT_LOADED);
- return 0;
- }
-
- /* Do in software if argument is too large for hardware */
- if ( BN_num_bits(m) > ZENBRIDGE_MAX_KEYSIZE_RSA ) {
- const RSA_METHOD *meth;
-
- meth = RSA_PKCS1_SSLeay();
- return meth->bn_mod_exp(r, a, p, m, ctx, m_ctx);
- } else {
- zen_nb_t y, x, e, n;
-
- if ( !bn_expand(r, BN_num_bits(m)) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
- return 0;
- }
- r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
-
- BIGNUM2ZEN ( &x, a ) ;
- BIGNUM2ZEN ( &y, r ) ;
- BIGNUM2ZEN ( &e, p ) ;
- BIGNUM2ZEN ( &n, m ) ;
-
- if ( ptr_zencod_rsa_mod_exp ( &y, &x, &n, &e ) < 0 ) {
- PERROR("zenbridge_rsa_mod_exp");
- ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
- return 0;
- }
-
- return 1;
- }
-}
-#endif /* !OPENSSL_NO_RSA */
-
-
-#ifndef OPENSSL_NO_DSA
-/* DSA stuff Functions
- */
-static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa )
-{
- zen_nb_t p, q, g, x, y, r, s, data;
- DSA_SIG *sig;
- BIGNUM *bn_r = NULL;
- BIGNUM *bn_s = NULL;
- char msg[20];
-
- CHEESE();
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_NOT_LOADED);
- goto FAILED;
- }
-
- if ( dlen > 160 ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
- goto FAILED;
- }
-
- /* Do in software if argument is too large for hardware */
- if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
- BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
- const DSA_METHOD *meth;
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
- meth = DSA_OpenSSL();
- return meth->dsa_do_sign(dgst, dlen, dsa);
- }
-
- if ( !(bn_s = BN_new()) || !(bn_r = BN_new()) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
- goto FAILED;
- }
-
- if ( !bn_expand(bn_r, 160) || !bn_expand(bn_s, 160) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BN_EXPAND_FAIL);
- goto FAILED;
- }
-
- bn_r->top = bn_s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
- BIGNUM2ZEN ( &p, dsa->p ) ;
- BIGNUM2ZEN ( &q, dsa->q ) ;
- BIGNUM2ZEN ( &g, dsa->g ) ;
- BIGNUM2ZEN ( &x, dsa->priv_key ) ;
- BIGNUM2ZEN ( &y, dsa->pub_key ) ;
- BIGNUM2ZEN ( &r, bn_r ) ;
- BIGNUM2ZEN ( &s, bn_s ) ;
- q.len = x.len = 160;
-
- ypcmem(msg, dgst, 20);
- ptr_zencod_init_number ( &data, 160, msg ) ;
-
- if ( ptr_zencod_dsa_do_sign ( 0, &data, &y, &p, &q, &g, &x, &r, &s ) < 0 ) {
- PERROR("zenbridge_dsa_do_sign");
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
- goto FAILED;
- }
-
- if ( !( sig = DSA_SIG_new () ) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
- goto FAILED;
- }
- sig->r = bn_r;
- sig->s = bn_s;
- return sig;
-
- FAILED:
- if (bn_r)
- BN_free(bn_r);
- if (bn_s)
- BN_free(bn_s);
- return NULL;
-}
-
-
-static int DSA_zencod_do_verify ( const unsigned char *dgst, int dlen, DSA_SIG *sig, DSA *dsa )
-{
- zen_nb_t data, p, q, g, y, r, s, v;
- char msg[20];
- char v_data[20];
- int ret;
-
- CHEESE();
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_NOT_LOADED);
- return 0;
- }
-
- if ( dlen > 160 ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
- return 0;
- }
-
- /* Do in software if argument is too large for hardware */
- if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
- BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
- const DSA_METHOD *meth;
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
- meth = DSA_OpenSSL();
- return meth->dsa_do_verify(dgst, dlen, sig, dsa);
- }
-
- BIGNUM2ZEN ( &p, dsa->p ) ;
- BIGNUM2ZEN ( &q, dsa->q ) ;
- BIGNUM2ZEN ( &g, dsa->g ) ;
- BIGNUM2ZEN ( &y, dsa->pub_key ) ;
- BIGNUM2ZEN ( &r, sig->r ) ;
- BIGNUM2ZEN ( &s, sig->s ) ;
- ptr_zencod_init_number ( &v, 160, v_data ) ;
- ypcmem(msg, dgst, 20);
- ptr_zencod_init_number ( &data, 160, msg ) ;
-
- if ( ( ret = ptr_zencod_dsa_do_verify ( 0, &data, &p, &q, &g, &y, &r, &s, &v ) ) < 0 ) {
- PERROR("zenbridge_dsa_do_verify");
- ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_REQUEST_FAILED);
- return 0;
- }
-
- return ( ( ret == 0 ) ? 1 : ret ) ;
-}
-
-
-static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *m_ctx )
-{
- CHEESE () ;
-
- return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
-}
-#endif /* !OPENSSL_NO_DSA */
-
-
-#ifndef OPENSSl_NO_DH
-/* DH stuff Functions
- */
-static int DH_zencod_generate_key ( DH *dh )
-{
- BIGNUM *bn_prv = NULL;
- BIGNUM *bn_pub = NULL;
- zen_nb_t y, x, g, p;
- int generate_x;
-
- CHEESE();
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_NOT_LOADED);
- return 0;
- }
-
- /* Private key */
- if ( dh->priv_key ) {
- bn_prv = dh->priv_key;
- generate_x = 0;
- } else {
- if (!(bn_prv = BN_new())) {
- ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
- goto FAILED;
- }
- generate_x = 1;
- }
-
- /* Public key */
- if ( dh->pub_key )
- bn_pub = dh->pub_key;
- else
- if ( !( bn_pub = BN_new () ) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
- goto FAILED;
- }
-
- /* Expand */
- if ( !bn_wexpand ( bn_prv, dh->p->dmax ) ||
- !bn_wexpand ( bn_pub, dh->p->dmax ) ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
- goto FAILED;
- }
- bn_prv->top = dh->p->top;
- bn_pub->top = dh->p->top;
-
- /* Convert all keys */
- BIGNUM2ZEN ( &p, dh->p ) ;
- BIGNUM2ZEN ( &g, dh->g ) ;
- BIGNUM2ZEN ( &y, bn_pub ) ;
- BIGNUM2ZEN ( &x, bn_prv ) ;
- x.len = DH_size(dh) * 8;
-
- /* Adjust the lengths of P and G */
- p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
- g.len = ptr_zencod_bytes2bits ( g.data, ZEN_BYTES ( g.len ) ) ;
-
- /* Send the request to the driver */
- if ( ptr_zencod_dh_generate_key ( &y, &x, &g, &p, generate_x ) < 0 ) {
- perror("zenbridge_dh_generate_key");
- ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_REQUEST_FAILED);
- goto FAILED;
- }
-
- dh->priv_key = bn_prv;
- dh->pub_key = bn_pub;
-
- return 1;
-
- FAILED:
- if (!dh->priv_key && bn_prv)
- BN_free(bn_prv);
- if (!dh->pub_key && bn_pub)
- BN_free(bn_pub);
-
- return 0;
-}
-
-
-static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh )
-{
- zen_nb_t y, x, p, k;
-
- CHEESE();
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_NOT_LOADED);
- return 0;
- }
-
- if ( !dh->priv_key ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_BAD_KEY_COMPONENTS);
- return 0;
- }
-
- /* Convert all keys */
- BIGNUM2ZEN ( &y, pub_key ) ;
- BIGNUM2ZEN ( &x, dh->priv_key ) ;
- BIGNUM2ZEN ( &p, dh->p ) ;
- ptr_zencod_init_number ( &k, p.len, key ) ;
-
- /* Adjust the lengths */
- p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
- y.len = ptr_zencod_bytes2bits ( y.data, ZEN_BYTES ( y.len ) ) ;
- x.len = ptr_zencod_bytes2bits ( x.data, ZEN_BYTES ( x.len ) ) ;
-
- /* Call the hardware */
- if ( ptr_zencod_dh_compute_key ( &k, &y, &x, &p ) < 0 ) {
- ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_REQUEST_FAILED);
- return 0;
- }
-
- /* The key must be written MSB -> LSB */
- k.len = ptr_zencod_bytes2bits ( k.data, ZEN_BYTES ( k.len ) ) ;
- esrever ( key, ZEN_BYTES ( k.len ) ) ;
-
- return ZEN_BYTES ( k.len ) ;
-}
-
-
-static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx )
-{
- CHEESE () ;
-
- return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
-}
-#endif /* !OPENSSL_NO_DH */
-
-
-/* RAND stuff Functions
- */
-static void RAND_zencod_seed ( const void *buf, int num )
-{
- /* Nothing to do cause our crypto accelerator provide a true random generator */
-}
-
-
-static int RAND_zencod_rand_bytes ( unsigned char *buf, int num )
-{
- zen_nb_t r;
-
- CHEESE();
-
- if ( !zencod_dso ) {
- ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_NOT_LOADED);
- return 0;
- }
-
- ptr_zencod_init_number ( &r, num * 8, buf ) ;
-
- if ( ptr_zencod_rand_bytes ( &r, ZENBRIDGE_RNG_DIRECT ) < 0 ) {
- PERROR("zenbridge_rand_bytes");
- ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_REQUEST_FAILED);
- return 0;
- }
-
- return 1;
-}
-
-
-static int RAND_zencod_rand_status ( void )
-{
- CHEESE () ;
-
- return 1;
-}
-
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library.
- */
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static int bind_fn ( ENGINE *e, const char *id )
-{
-
- if ( id && ( strcmp ( id, engine_zencod_id ) != 0 ) ) {
- return 0 ;
- }
- if ( !bind_helper ( e ) ) {
- return 0 ;
- }
-
- return 1 ;
-}
-
-IMPLEMENT_DYNAMIC_CHECK_FN ()
-IMPLEMENT_DYNAMIC_BIND_FN ( bind_fn )
-#endif /* ENGINE_DYNAMIC_SUPPORT */
-
-
-
-
-/*
- * Adding "Digest" and "Cipher" tools ...
- * This is in development ... ;-)
- * In orfer to code this, i refer to hw_openbsd_dev_crypto and openssl engine made by Geoff Thorpe (if i'm rigth),
- * and evp, sha md5 definitions etc ...
- */
-/* First add some include ... */
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-#include <openssl/md5.h>
-#include <openssl/rc4.h>
-#include <openssl/des.h>
-
-
-/* Some variables declaration ... */
-/* DONS:
- * Disable symetric computation except DES and 3DES, but let part of the code
- */
-/* static int engine_digest_nids [ ] = { NID_sha1, NID_md5 } ; */
-static int engine_digest_nids [ ] = { } ;
-static int engine_digest_nids_num = 0 ;
-/* static int engine_cipher_nids [ ] = { NID_rc4, NID_rc4_40, NID_des_cbc, NID_des_ede3_cbc } ; */
-static int engine_cipher_nids [ ] = { NID_des_cbc, NID_des_ede3_cbc } ;
-static int engine_cipher_nids_num = 2 ;
-
-
-/* Function prototype ... */
-/* SHA stuff */
-static int engine_sha1_init ( EVP_MD_CTX *ctx ) ;
-static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
-static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;
-
-/* MD5 stuff */
-static int engine_md5_init ( EVP_MD_CTX *ctx ) ;
-static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
-static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;
-
-static int engine_md_cleanup ( EVP_MD_CTX *ctx ) ;
-static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from ) ;
-
-
-/* RC4 Stuff */
-static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
-static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;
-
-/* DES Stuff */
-static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
-static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;
-
-/* 3DES Stuff */
-static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
-static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out,const unsigned char *in, unsigned int inl ) ;
-
-static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx ) ; /* cleanup ctx */
-
-
-/* The one for SHA ... */
-static const EVP_MD engine_sha1_md =
-{
- NID_sha1,
- NID_sha1WithRSAEncryption,
- SHA_DIGEST_LENGTH,
- EVP_MD_FLAG_ONESHOT,
- /* 0, */ /* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
- * XXX: set according to device info ... */
- engine_sha1_init,
- engine_sha1_update,
- engine_sha1_final,
- engine_md_copy, /* dev_crypto_sha_copy */
- engine_md_cleanup, /* dev_crypto_sha_cleanup */
- EVP_PKEY_RSA_method,
- SHA_CBLOCK,
- /* sizeof ( EVP_MD * ) + sizeof ( SHA_CTX ) */
- sizeof ( ZEN_MD_DATA )
- /* sizeof ( MD_CTX_DATA ) The message digest data structure ... */
-} ;
-
-/* The one for MD5 ... */
-static const EVP_MD engine_md5_md =
-{
- NID_md5,
- NID_md5WithRSAEncryption,
- MD5_DIGEST_LENGTH,
- EVP_MD_FLAG_ONESHOT,
- /* 0, */ /* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
- * XXX: set according to device info ... */
- engine_md5_init,
- engine_md5_update,
- engine_md5_final,
- engine_md_copy, /* dev_crypto_md5_copy */
- engine_md_cleanup, /* dev_crypto_md5_cleanup */
- EVP_PKEY_RSA_method,
- MD5_CBLOCK,
- /* sizeof ( EVP_MD * ) + sizeof ( MD5_CTX ) */
- sizeof ( ZEN_MD_DATA )
- /* sizeof ( MD_CTX_DATA ) The message digest data structure ... */
-} ;
-
-
-/* The one for RC4 ... */
-#define EVP_RC4_KEY_SIZE 16
-
-/* Try something static ... */
-typedef struct
-{
- unsigned int len ;
- unsigned int first ;
- unsigned char rc4_state [ 260 ] ;
-} NEW_ZEN_RC4_KEY ;
-
-#define rc4_data(ctx) ( (EVP_RC4_KEY *) ( ctx )->cipher_data )
-
-static const EVP_CIPHER engine_rc4 =
-{
- NID_rc4,
- 1,
- 16, /* EVP_RC4_KEY_SIZE should be 128 bits */
- 0, /* FIXME: key should be up to 256 bytes */
- EVP_CIPH_VARIABLE_LENGTH,
- engine_rc4_init_key,
- engine_rc4_cipher,
- engine_cipher_cleanup,
- sizeof ( NEW_ZEN_RC4_KEY ),
- NULL,
- NULL,
- NULL
-} ;
-
-/* The one for RC4_40 ... */
-static const EVP_CIPHER engine_rc4_40 =
-{
- NID_rc4_40,
- 1,
- 5, /* 40 bits */
- 0,
- EVP_CIPH_VARIABLE_LENGTH,
- engine_rc4_init_key,
- engine_rc4_cipher,
- engine_cipher_cleanup,
- sizeof ( NEW_ZEN_RC4_KEY ),
- NULL,
- NULL,
- NULL
-} ;
-
-/* The one for DES ... */
-
-/* Try something static ... */
-typedef struct
-{
- unsigned char des_key [ 24 ] ;
- unsigned char des_iv [ 8 ] ;
-} ZEN_DES_KEY ;
-
-static const EVP_CIPHER engine_des_cbc =
- {
- NID_des_cbc,
- 8, 8, 8,
- 0 | EVP_CIPH_CBC_MODE,
- engine_des_init_key,
- engine_des_cbc_cipher,
- engine_cipher_cleanup,
- sizeof(ZEN_DES_KEY),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL,
- NULL
- };
-
-/* The one for 3DES ... */
-
-/* Try something static ... */
-typedef struct
-{
- unsigned char des3_key [ 24 ] ;
- unsigned char des3_iv [ 8 ] ;
-} ZEN_3DES_KEY ;
-
-#define des_data(ctx) ( (DES_EDE_KEY *) ( ctx )->cipher_data )
-
-static const EVP_CIPHER engine_des_ede3_cbc =
- {
- NID_des_ede3_cbc,
- 8, 8, 8,
- 0 | EVP_CIPH_CBC_MODE,
- engine_des_ede3_init_key,
- engine_des_ede3_cbc_cipher,
- engine_cipher_cleanup,
- sizeof(ZEN_3DES_KEY),
- EVP_CIPHER_set_asn1_iv,
- EVP_CIPHER_get_asn1_iv,
- NULL,
- NULL
- };
-
-
-/* General function cloned on hw_openbsd_dev_crypto one ... */
-static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid )
-{
-
-#ifdef DEBUG_ZENCOD_MD
- fprintf ( stderr, "\t=>Function : static int engine_digests () called !\n" ) ;
-#endif
-
- if ( !digest ) {
- /* We are returning a list of supported nids */
- *nids = engine_digest_nids ;
- return engine_digest_nids_num ;
- }
- /* We are being asked for a specific digest */
- if ( nid == NID_md5 ) {
- *digest = &engine_md5_md ;
- }
- else if ( nid == NID_sha1 ) {
- *digest = &engine_sha1_md ;
- }
- else {
- *digest = NULL ;
- return 0 ;
- }
- return 1 ;
-}
-
-
-/* SHA stuff Functions
- */
-static int engine_sha1_init ( EVP_MD_CTX *ctx )
-{
-
- int to_return = 0 ;
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_sha1_init ( (ZEN_MD_DATA *) ctx->md_data ) ;
- to_return = !to_return ;
-
- return to_return ;
-}
-
-
-static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )
-{
-
- zen_nb_t input ;
- int to_return = 0 ;
-
- /* Convert parameters ... */
- input.len = count ;
- input.data = (unsigned char *) data ;
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_sha1_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;
- to_return = !to_return ;
-
- return to_return ;
-}
-
-
-static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md )
-{
-
- zen_nb_t output ;
- int to_return = 0 ;
-
- /* Convert parameters ... */
- output.len = SHA_DIGEST_LENGTH ;
- output.data = md ;
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_sha1_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;
- to_return = !to_return ;
-
- return to_return ;
-}
-
-
-
-/* MD5 stuff Functions
- */
-static int engine_md5_init ( EVP_MD_CTX *ctx )
-{
-
- int to_return = 0 ;
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_md5_init ( (ZEN_MD_DATA *) ctx->md_data ) ;
- to_return = !to_return ;
-
- return to_return ;
-}
-
-
-static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )
-{
-
- zen_nb_t input ;
- int to_return = 0 ;
-
- /* Convert parameters ... */
- input.len = count ;
- input.data = (unsigned char *) data ;
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_md5_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;
- to_return = !to_return ;
-
- return to_return ;
-}
-
-
-static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md )
-{
-
- zen_nb_t output ;
- int to_return = 0 ;
-
- /* Convert parameters ... */
- output.len = MD5_DIGEST_LENGTH ;
- output.data = md ;
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_md5_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;
- to_return = !to_return ;
-
- return to_return ;
-}
-
-
-static int engine_md_cleanup ( EVP_MD_CTX *ctx )
-{
-
- ZEN_MD_DATA *zen_md_data = (ZEN_MD_DATA *) ctx->md_data ;
-
- if ( zen_md_data->HashBuffer != NULL ) {
- OPENSSL_free ( zen_md_data->HashBuffer ) ;
- zen_md_data->HashBufferSize = 0 ;
- ctx->md_data = NULL ;
- }
-
- return 1 ;
-}
-
-
-static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from )
-{
- const ZEN_MD_DATA *from_md = (ZEN_MD_DATA *) from->md_data ;
- ZEN_MD_DATA *to_md = (ZEN_MD_DATA *) to->md_data ;
-
- to_md->HashBuffer = OPENSSL_malloc ( from_md->HashBufferSize ) ;
- memcpy ( to_md->HashBuffer, from_md->HashBuffer, from_md->HashBufferSize ) ;
-
- return 1;
-}
-
-
-/* General function cloned on hw_openbsd_dev_crypto one ... */
-static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid )
-{
-
- if ( !cipher ) {
- /* We are returning a list of supported nids */
- *nids = engine_cipher_nids ;
- return engine_cipher_nids_num ;
- }
- /* We are being asked for a specific cipher */
- if ( nid == NID_rc4 ) {
- *cipher = &engine_rc4 ;
- }
- else if ( nid == NID_rc4_40 ) {
- *cipher = &engine_rc4_40 ;
- }
- else if ( nid == NID_des_cbc ) {
- *cipher = &engine_des_cbc ;
- }
- else if ( nid == NID_des_ede3_cbc ) {
- *cipher = &engine_des_ede3_cbc ;
- }
- else {
- *cipher = NULL ;
- return 0 ;
- }
-
- return 1 ;
-}
-
-
-static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
-{
- int to_return = 0 ;
- int i = 0 ;
- int nb = 0 ;
- NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;
-
- tmp_rc4_key = (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ;
- tmp_rc4_key->first = 0 ;
- tmp_rc4_key->len = ctx->key_len ;
- tmp_rc4_key->rc4_state [ 0 ] = 0x00 ;
- tmp_rc4_key->rc4_state [ 2 ] = 0x00 ;
- nb = 256 / ctx->key_len ;
- for ( i = 0; i < nb ; i++ ) {
- memcpy ( &( tmp_rc4_key->rc4_state [ 4 + i*ctx->key_len ] ), key, ctx->key_len ) ;
- }
-
- to_return = 1 ;
-
- return to_return ;
-}
-
-
-static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int in_len )
-{
-
- zen_nb_t output, input ;
- zen_nb_t rc4key ;
- int to_return = 0 ;
- NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;
-
- /* Convert parameters ... */
- input.len = in_len ;
- input.data = (unsigned char *) in ;
- output.len = in_len ;
- output.data = (unsigned char *) out ;
-
- tmp_rc4_key = ( (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ) ;
- rc4key.len = 260 ;
- rc4key.data = &( tmp_rc4_key->rc4_state [ 0 ] ) ;
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_rc4_cipher ( &output, &input, (const zen_nb_t *) &rc4key, &( tmp_rc4_key->rc4_state [0] ), &( tmp_rc4_key->rc4_state [3] ), !tmp_rc4_key->first ) ;
- to_return = !to_return ;
-
- /* Update encryption state ... */
- tmp_rc4_key->first = 1 ;
- tmp_rc4_key = NULL ;
-
- return to_return ;
-}
-
-
-static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
-{
-
- ZEN_DES_KEY *tmp_des_key = NULL ;
- int to_return = 0 ;
-
- tmp_des_key = (ZEN_DES_KEY *) ( ctx->cipher_data ) ;
- memcpy ( &( tmp_des_key->des_key [ 0 ] ), key, 8 ) ;
- memcpy ( &( tmp_des_key->des_key [ 8 ] ), key, 8 ) ;
- memcpy ( &( tmp_des_key->des_key [ 16 ] ), key, 8 ) ;
- memcpy ( &( tmp_des_key->des_iv [ 0 ] ), iv, 8 ) ;
-
- to_return = 1 ;
-
- return to_return ;
-}
-
-
-static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl )
-{
-
- zen_nb_t output, input ;
- zen_nb_t deskey_1, deskey_2, deskey_3, iv ;
- int to_return = 0 ;
-
- /* Convert parameters ... */
- input.len = inl ;
- input.data = (unsigned char *) in ;
- output.len = inl ;
- output.data = out ;
-
- /* Set key parameters ... */
- deskey_1.len = 8 ;
- deskey_2.len = 8 ;
- deskey_3.len = 8 ;
- deskey_1.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key ;
- deskey_2.data = (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 8 ] ;
- deskey_3.data = (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 16 ] ;
-
- /* Key correct iv ... */
- memcpy ( ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv, ctx->iv, 8 ) ;
- iv.len = 8 ;
- iv.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv ;
-
- if ( ctx->encrypt == 0 ) {
- memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;
- }
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_xdes_cipher ( &output, &input,
- (zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;
- to_return = !to_return ;
-
- /* But we need to set up the rigth iv ...
- * Test ENCRYPT or DECRYPT mode to set iv ... */
- if ( ctx->encrypt == 1 ) {
- memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;
- }
-
- return to_return ;
-}
-
-
-static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
-{
-
- ZEN_3DES_KEY *tmp_3des_key = NULL ;
- int to_return = 0 ;
-
- tmp_3des_key = (ZEN_3DES_KEY *) ( ctx->cipher_data ) ;
- memcpy ( &( tmp_3des_key->des3_key [ 0 ] ), key, 24 ) ;
- memcpy ( &( tmp_3des_key->des3_iv [ 0 ] ), iv, 8 ) ;
-
- to_return = 1;
-
- return to_return ;
-}
-
-
-static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
- unsigned int in_len )
-{
-
- zen_nb_t output, input ;
- zen_nb_t deskey_1, deskey_2, deskey_3, iv ;
- int to_return = 0 ;
-
- /* Convert parameters ... */
- input.len = in_len ;
- input.data = (unsigned char *) in ;
- output.len = in_len ;
- output.data = out ;
-
- /* Set key ... */
- deskey_1.len = 8 ;
- deskey_2.len = 8 ;
- deskey_3.len = 8 ;
- deskey_1.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key ;
- deskey_2.data = (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 8 ] ;
- deskey_3.data = (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 16 ] ;
-
- /* Key correct iv ... */
- memcpy ( ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv, ctx->iv, 8 ) ;
- iv.len = 8 ;
- iv.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv ;
-
- if ( ctx->encrypt == 0 ) {
- memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;
- }
-
- /* Test with zenbridge library ... */
- to_return = ptr_zencod_xdes_cipher ( &output, &input,
- (zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;
- to_return = !to_return ;
-
- if ( ctx->encrypt == 1 ) {
- memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;
- }
-
- return to_return ;
-}
-
-
-static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx )
-{
-
- /* Set the key pointer ... */
- if ( ctx->cipher->nid == NID_rc4 || ctx->cipher->nid == NID_rc4_40 ) {
- }
- else if ( ctx->cipher->nid == NID_des_cbc ) {
- }
- else if ( ctx->cipher->nid == NID_des_ede3_cbc ) {
- }
-
- return 1 ;
-}
-
-
-#endif /* !OPENSSL_NO_HW_ZENCOD */
-#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/demos/engines/zencod/hw_zencod.ec b/crypto/openssl/demos/engines/zencod/hw_zencod.ec
deleted file mode 100644
index 1552c79..0000000
--- a/crypto/openssl/demos/engines/zencod/hw_zencod.ec
+++ /dev/null
@@ -1,8 +0,0 @@
-# configuration file for util/mkerr.pl
-#
-# use like this:
-#
-# perl ../../../util/mkerr.pl -conf hw_zencod.ec \
-# -nostatic -staticloader -write *.c
-
-L ZENCOD hw_zencod_err.h hw_zencod_err.c
diff --git a/crypto/openssl/demos/engines/zencod/hw_zencod.h b/crypto/openssl/demos/engines/zencod/hw_zencod.h
deleted file mode 100644
index 415c9a6..0000000
--- a/crypto/openssl/demos/engines/zencod/hw_zencod.h
+++ /dev/null
@@ -1,160 +0,0 @@
-/* File : /crypto/engine/vendor_defns/hw_zencod.h */
-/* ====================================================================
- * Written by Donnat Frederic (frederic.donnat@zencod.com) from ZENCOD
- * for "zencod" ENGINE integration in OpenSSL project.
- */
-
-
- #ifndef _HW_ZENCOD_H_
-#define _HW_ZENCOD_H_
-
-#include <stdio.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-#define ZENBRIDGE_MAX_KEYSIZE_RSA 2048
-#define ZENBRIDGE_MAX_KEYSIZE_RSA_CRT 1024
-#define ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN 1024
-#define ZENBRIDGE_MAX_KEYSIZE_DSA_VRFY 1024
-
-/* Library version computation */
-#define ZENBRIDGE_VERSION_MAJOR(x) (((x) >> 16) | 0xff)
-#define ZENBRIDGE_VERSION_MINOR(x) (((x) >> 8) | 0xff)
-#define ZENBRIDGE_VERSION_PATCH(x) (((x) >> 0) | 0xff)
-#define ZENBRIDGE_VERSION(x, y, z) ((x) << 16 | (y) << 8 | (z))
-
-/*
- * Memory type
- */
-typedef struct zencod_number_s {
- unsigned long len;
- unsigned char *data;
-} zen_nb_t;
-
-#define KEY zen_nb_t
-
-
-/*
- * Misc
- */
-typedef int t_zencod_lib_version (void);
-typedef int t_zencod_hw_version (void);
-typedef int t_zencod_test (void);
-typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key);
-
-
-/*
- * Key management tools
- */
-typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data);
-typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data);
-typedef unsigned long t_zencod_bytes2bits (unsigned char *n, unsigned long bytes);
-typedef unsigned long t_zencod_bits2bytes (unsigned long bits);
-
-
-/*
- * RSA API
- */
-/* Compute modular exponential : y = x**e | n */
-typedef int t_zencod_rsa_mod_exp (KEY *y, KEY *x, KEY *n, KEY *e);
-/* Compute modular exponential : y1 = (x | p)**edp | p, y2 = (x | p)**edp | p, y = y2 + (qinv * (y1 - y2) | p) * q */
-typedef int t_zencod_rsa_mod_exp_crt (KEY *y, KEY *x, KEY *p, KEY *q,
- KEY *edp, KEY *edq, KEY *qinv);
-
-
-/*
- * DSA API
- */
-typedef int t_zencod_dsa_do_sign (unsigned int hash, KEY *data, KEY *random,
- KEY *p, KEY *q, KEY *g, KEY *x, KEY *r, KEY *s);
-typedef int t_zencod_dsa_do_verify (unsigned int hash, KEY *data,
- KEY *p, KEY *q, KEY *g, KEY *y,
- KEY *r, KEY *s, KEY *v);
-
-
-/*
- * DH API
- */
- /* Key generation : compute public value y = g**x | n */
-typedef int t_zencod_dh_generate_key (KEY *y, KEY *x, KEY *g, KEY *n, int gen_x);
-typedef int t_zencod_dh_compute_key (KEY *k, KEY *y, KEY *x, KEY *n);
-
-
-/*
- * RNG API
- */
-#define ZENBRIDGE_RNG_DIRECT 0
-#define ZENBRIDGE_RNG_SHA1 1
-typedef int t_zencod_rand_bytes (KEY *rand, unsigned int flags);
-
-
-/*
- * Math API
- */
-typedef int t_zencod_math_mod_exp (KEY *r, KEY *a, KEY *e, KEY *n);
-
-
-
-
-/*
- * Symetric API
- */
-/* Define a data structure for digests operations */
-typedef struct ZEN_data_st
-{
- unsigned int HashBufferSize ;
- unsigned char *HashBuffer ;
-} ZEN_MD_DATA ;
-
-/*
- * Functions for Digest (MD5, SHA1) stuff
- */
-/* output : output data buffer */
-/* input : input data buffer */
-/* algo : hash algorithm, MD5 or SHA1 */
-/* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
- * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
- */
-/* For now separate this stuff that mad it easier to test */
-typedef int t_zencod_md5_init ( ZEN_MD_DATA *data ) ;
-typedef int t_zencod_md5_update ( ZEN_MD_DATA *data, const KEY *input ) ;
-typedef int t_zencod_md5_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
-
-typedef int t_zencod_sha1_init ( ZEN_MD_DATA *data ) ;
-typedef int t_zencod_sha1_update ( ZEN_MD_DATA *data, const KEY *input ) ;
-typedef int t_zencod_sha1_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
-
-
-/*
- * Functions for Cipher (RC4, DES, 3DES) stuff
- */
-/* output : output data buffer */
-/* input : input data buffer */
-/* key : rc4 key data */
-/* index_1 : value of index x from RC4 key structure */
-/* index_2 : value of index y from RC4 key structure */
-/* Be carefull : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */
-typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,
- unsigned char *index_1, unsigned char *index_2, int mode ) ;
-
-/* output : output data buffer */
-/* input : input data buffer */
-/* key_1 : des first key data */
-/* key_2 : des second key data */
-/* key_3 : des third key data */
-/* iv : initial vector */
-/* mode : xdes mode (encrypt or decrypt) */
-/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
-typedef int t_zencod_xdes_cipher ( KEY *output, const KEY *input, const KEY *key_1,
- const KEY *key_2, const KEY *key_3, const KEY *iv, int mode ) ;
-
-
-#undef KEY
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
-#endif /* !_HW_ZENCOD_H_ */
diff --git a/crypto/openssl/demos/engines/zencod/hw_zencod_err.c b/crypto/openssl/demos/engines/zencod/hw_zencod_err.c
deleted file mode 100644
index 8ed0fff..0000000
--- a/crypto/openssl/demos/engines/zencod/hw_zencod_err.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/* hw_zencod_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "hw_zencod_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-static ERR_STRING_DATA ZENCOD_str_functs[]=
- {
-{ERR_PACK(0,ZENCOD_F_ZENCOD_BN_MOD_EXP,0), "ZENCOD_BN_MOD_EXP"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_CTRL,0), "ZENCOD_CTRL"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_COMPUTE,0), "ZENCOD_DH_COMPUTE"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_GENERATE,0), "ZENCOD_DH_GENERATE"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_SIGN,0), "ZENCOD_DSA_DO_SIGN"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_VERIFY,0), "ZENCOD_DSA_DO_VERIFY"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_FINISH,0), "ZENCOD_FINISH"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_INIT,0), "ZENCOD_INIT"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_RAND,0), "ZENCOD_RAND"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP,0), "ZENCOD_RSA_MOD_EXP"},
-{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT,0), "ZENCOD_RSA_MOD_EXP_CRT"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA ZENCOD_str_reasons[]=
- {
-{ZENCOD_R_ALREADY_LOADED ,"already loaded"},
-{ZENCOD_R_BAD_KEY_COMPONENTS ,"bad key components"},
-{ZENCOD_R_BN_EXPAND_FAIL ,"bn expand fail"},
-{ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"},
-{ZENCOD_R_DSO_FAILURE ,"dso failure"},
-{ZENCOD_R_NOT_LOADED ,"not loaded"},
-{ZENCOD_R_REQUEST_FAILED ,"request failed"},
-{ZENCOD_R_UNIT_FAILURE ,"unit failure"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef ZENCOD_LIB_NAME
-static ERR_STRING_DATA ZENCOD_lib_name[]=
- {
-{0 ,ZENCOD_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int ZENCOD_lib_error_code=0;
-static int ZENCOD_error_init=1;
-
-static void ERR_load_ZENCOD_strings(void)
- {
- if (ZENCOD_lib_error_code == 0)
- ZENCOD_lib_error_code=ERR_get_next_error_library();
-
- if (ZENCOD_error_init)
- {
- ZENCOD_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
- ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
-#endif
-
-#ifdef ZENCOD_LIB_NAME
- ZENCOD_lib_name->error = ERR_PACK(ZENCOD_lib_error_code,0,0);
- ERR_load_strings(0,ZENCOD_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_ZENCOD_strings(void)
- {
- if (ZENCOD_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
- ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
-#endif
-
-#ifdef ZENCOD_LIB_NAME
- ERR_unload_strings(0,ZENCOD_lib_name);
-#endif
- ZENCOD_error_init=1;
- }
- }
-
-static void ERR_ZENCOD_error(int function, int reason, char *file, int line)
- {
- if (ZENCOD_lib_error_code == 0)
- ZENCOD_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(ZENCOD_lib_error_code,function,reason,file,line);
- }
diff --git a/crypto/openssl/demos/engines/zencod/hw_zencod_err.h b/crypto/openssl/demos/engines/zencod/hw_zencod_err.h
deleted file mode 100644
index 1b5dcb5..0000000
--- a/crypto/openssl/demos/engines/zencod/hw_zencod_err.h
+++ /dev/null
@@ -1,95 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ZENCOD_ERR_H
-#define HEADER_ZENCOD_ERR_H
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_ZENCOD_strings(void);
-static void ERR_unload_ZENCOD_strings(void);
-static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
-#define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the ZENCOD functions. */
-
-/* Function codes. */
-#define ZENCOD_F_ZENCOD_BN_MOD_EXP 100
-#define ZENCOD_F_ZENCOD_CTRL 101
-#define ZENCOD_F_ZENCOD_DH_COMPUTE 102
-#define ZENCOD_F_ZENCOD_DH_GENERATE 103
-#define ZENCOD_F_ZENCOD_DSA_DO_SIGN 104
-#define ZENCOD_F_ZENCOD_DSA_DO_VERIFY 105
-#define ZENCOD_F_ZENCOD_FINISH 106
-#define ZENCOD_F_ZENCOD_INIT 107
-#define ZENCOD_F_ZENCOD_RAND 108
-#define ZENCOD_F_ZENCOD_RSA_MOD_EXP 109
-#define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT 110
-
-/* Reason codes. */
-#define ZENCOD_R_ALREADY_LOADED 100
-#define ZENCOD_R_BAD_KEY_COMPONENTS 101
-#define ZENCOD_R_BN_EXPAND_FAIL 102
-#define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
-#define ZENCOD_R_DSO_FAILURE 104
-#define ZENCOD_R_NOT_LOADED 105
-#define ZENCOD_R_REQUEST_FAILED 106
-#define ZENCOD_R_UNIT_FAILURE 107
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/demos/maurice/Makefile b/crypto/openssl/demos/maurice/Makefile
deleted file mode 100644
index f9bf622..0000000
--- a/crypto/openssl/demos/maurice/Makefile
+++ /dev/null
@@ -1,59 +0,0 @@
-CC=cc
-CFLAGS= -g -I../../include -Wall
-LIBS= -L../.. -lcrypto
-EXAMPLES=example1 example2 example3 example4
-
-all: $(EXAMPLES)
-
-example1: example1.o loadkeys.o
- $(CC) -o example1 example1.o loadkeys.o $(LIBS)
-
-example2: example2.o loadkeys.o
- $(CC) -o example2 example2.o loadkeys.o $(LIBS)
-
-example3: example3.o
- $(CC) -o example3 example3.o $(LIBS)
-
-example4: example4.o
- $(CC) -o example4 example4.o $(LIBS)
-
-clean:
- rm -f $(EXAMPLES) *.o
-
-test: all
- @echo
- @echo Example 1 Demonstrates the sealing and opening APIs
- @echo Doing the encrypt side...
- ./example1 <README >t.t
- @echo Doing the decrypt side...
- ./example1 -d <t.t >t.2
- diff t.2 README
- rm -f t.t t.2
- @echo example1 is OK
-
- @echo
- @echo Example2 Demonstrates rsa encryption and decryption
- @echo and it should just print \"This the clear text\"
- ./example2
-
- @echo
- @echo Example3 Demonstrates the use of symmetric block ciphers
- @echo in this case it uses EVP_des_ede3_cbc
- @echo i.e. triple DES in Cipher Block Chaining mode
- @echo Doing the encrypt side...
- ./example3 ThisIsThePassword <README >t.t
- @echo Doing the decrypt side...
- ./example3 -d ThisIsThePassword <t.t >t.2
- diff t.2 README
- rm -f t.t t.2
- @echo example3 is OK
-
- @echo
- @echo Example4 Demonstrates base64 encoding and decoding
- @echo Doing the encrypt side...
- ./example4 <README >t.t
- @echo Doing the decrypt side...
- ./example4 -d <t.t >t.2
- diff t.2 README
- rm -f t.t t.2
- @echo example4 is OK
diff --git a/crypto/openssl/demos/maurice/README b/crypto/openssl/demos/maurice/README
deleted file mode 100644
index 29778d5..0000000
--- a/crypto/openssl/demos/maurice/README
+++ /dev/null
@@ -1,34 +0,0 @@
-From Maurice Gittens <mgittens@gits.nl>
---
- Example programs, demonstrating some basic SSLeay crypto library
- operations, to help you not to make the same mistakes I did.
-
- The following files are present.
- - loadkeys.c Demonstrates the loading and of public and
- private keys.
- - loadkeys.h The interface for loadkeys.c
- - example1.c Demonstrates the sealing and opening API's
- - example2.c Demonstrates rsa encryption and decryption
- - example3.c Demonstrates the use of symmetric block ciphers
- - example4.c Demonstrates base64 and decoding
- - Makefile A makefile you probably will have to adjust for
- your environment
- - README this file
-
-
- The programs were written by Maurice Gittens <mgittens@gits.nl>
- with the necesary help from Eric Young <eay@cryptsoft.com>
-
- You may do as you please with these programs, but please don't
- pretend that you wrote them.
-
- To be complete: If you use these programs you acknowlegde that
- you are aware that there is NO warranty of any kind associated
- with these programs. I don't even claim that the programs work,
- they are provided AS-IS.
-
- January 1997
-
- Maurice
-
-
diff --git a/crypto/openssl/demos/maurice/cert.pem b/crypto/openssl/demos/maurice/cert.pem
deleted file mode 100644
index e31a9ae..0000000
--- a/crypto/openssl/demos/maurice/cert.pem
+++ /dev/null
@@ -1,77 +0,0 @@
-issuer :/C=NL/SP=Brabant/L=Eindhoven/O=Gittens Information Systems B.V./OU=Certification Services/CN=ca.gits.nl/Email=mgittens@gits.nl
-subject:/C=NL/SP=Brabant/O=Gittens Information Systems B.V./OU=Certification Services/CN=caleb.gits.nl/Email=mgittens@gits.nl
-serial :01
-
-Certificate:
- Data:
- Version: 0 (0x0)
- Serial Number: 1 (0x1)
- Signature Algorithm: md5withRSAEncryption
- Issuer: C=NL, SP=Brabant, L=Eindhoven, O=Gittens Information Systems B.V., OU=Certification Services, CN=ca.gits.nl/Email=mgittens@gits.nl
- Validity
- Not Before: Jan 5 13:21:16 1997 GMT
- Not After : Jul 24 13:21:16 1997 GMT
- Subject: C=NL, SP=Brabant, O=Gittens Information Systems B.V., OU=Certification Services, CN=caleb.gits.nl/Email=mgittens@gits.nl
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Modulus:
- 00:dd:82:a0:fe:a9:8d:6a:02:7e:78:d6:33:75:9b:
- 82:01:4b:12:80:ea:6b:9b:83:9e:e3:ae:dc:f3:d0:
- 71:7c:4b:ea:03:57:b4:cc:ba:44:5b:b8:4b:49:d3:
- f6:39:cc:3d:12:1f:da:58:26:27:bc:bc:ab:a4:6d:
- 62:d1:91:5a:47:9f:80:40:c1:b9:fa:e3:1e:ef:52:
- 78:46:26:43:65:1d:f2:6b:bf:ff:c0:81:66:14:cd:
- 81:32:91:f1:f8:51:7d:0e:17:1f:27:fc:c7:51:fd:
- 1c:73:41:e5:66:43:3c:67:a3:09:b9:5e:36:50:50:
- b1:e8:42:bd:5c:c6:2b:ec:a9:2c:fe:6a:fe:40:26:
- 64:9e:b9:bf:2d:1d:fb:d0:48:5b:82:2a:8e:ab:a4:
- d5:7b:5f:26:84:8a:9a:69:5e:c1:71:e2:a9:59:4c:
- 2a:76:f7:fd:f4:cf:3f:d3:ce:30:72:62:65:1c:e9:
- e9:ee:d2:fc:44:00:1e:e0:80:57:e9:41:b3:f0:44:
- e5:0f:77:3b:1a:1f:57:5e:94:1d:c3:a5:fa:af:41:
- 8c:4c:30:6b:2b:00:84:52:0c:64:0c:a8:5b:17:16:
- d1:1e:f8:ea:72:01:47:9a:b9:21:95:f9:71:ed:7c:
- d2:93:54:0c:c5:9c:e8:e5:40:28:c5:a0:ca:b1:a9:
- 20:f9
- Exponent: 65537 (0x10001)
- Signature Algorithm: md5withRSAEncryption
- 93:08:f9:e0:d4:c5:ca:95:de:4e:38:3b:28:87:e9:d3:b6:ce:
- 4f:69:2e:c9:09:57:2f:fa:e2:50:9f:39:ec:f3:84:e8:3a:8f:
- 9b:c3:06:62:90:49:93:6d:23:7a:2b:3d:7b:f9:46:32:18:d3:
- 87:44:49:f7:29:2f:f3:58:97:70:c3:45:5b:90:52:1c:df:fb:
- a8:a3:a1:29:53:a3:4c:ed:d2:51:d0:44:98:a4:14:6f:76:9d:
- 0d:03:76:e5:d3:13:21:ce:a3:4d:2a:77:fe:ad:b3:47:6d:42:
- b9:4a:0e:ff:61:f4:ec:62:b2:3b:00:9c:ac:16:a2:ec:19:c8:
- c7:3d:d7:7d:97:cd:4d:1a:d2:00:07:4e:40:3d:b9:ba:1e:e2:
- fe:81:28:57:b9:ad:2b:74:59:b0:9f:8b:a5:98:d3:75:06:67:
- 4a:04:11:b2:ea:1a:8c:e0:d4:be:c8:0c:46:76:7f:5f:5a:7b:
- 72:09:dd:b6:d3:6b:97:70:e8:7e:17:74:1c:f7:3a:5f:e3:fa:
- c2:f7:95:bd:74:5e:44:4b:9b:bd:27:de:02:7f:87:1f:68:68:
- 60:b9:f4:1d:2b:7b:ce:ef:b1:7f:3a:be:b9:66:60:54:6f:0c:
- a0:dd:8c:03:a7:f1:9f:f8:0e:8d:bb:c6:ba:77:61:f7:8e:be:
- 28:ba:d8:4f
-
------BEGIN CERTIFICATE-----
-MIIDzzCCArcCAQEwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAk5MMRAwDgYD
-VQQIEwdCcmFiYW50MRIwEAYDVQQHEwlFaW5kaG92ZW4xKTAnBgNVBAoTIEdpdHRl
-bnMgSW5mb3JtYXRpb24gU3lzdGVtcyBCLlYuMR8wHQYDVQQLExZDZXJ0aWZpY2F0
-aW9uIFNlcnZpY2VzMRMwEQYDVQQDEwpjYS5naXRzLm5sMR8wHQYJKoZIhvcNAQkB
-FhBtZ2l0dGVuc0BnaXRzLm5sMB4XDTk3MDEwNTEzMjExNloXDTk3MDcyNDEzMjEx
-NlowgaQxCzAJBgNVBAYTAk5MMRAwDgYDVQQIEwdCcmFiYW50MSkwJwYDVQQKEyBH
-aXR0ZW5zIEluZm9ybWF0aW9uIFN5c3RlbXMgQi5WLjEfMB0GA1UECxMWQ2VydGlm
-aWNhdGlvbiBTZXJ2aWNlczEWMBQGA1UEAxMNY2FsZWIuZ2l0cy5ubDEfMB0GCSqG
-SIb3DQEJARYQbWdpdHRlbnNAZ2l0cy5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAN2CoP6pjWoCfnjWM3WbggFLEoDqa5uDnuOu3PPQcXxL6gNXtMy6
-RFu4S0nT9jnMPRIf2lgmJ7y8q6RtYtGRWkefgEDBufrjHu9SeEYmQ2Ud8mu//8CB
-ZhTNgTKR8fhRfQ4XHyf8x1H9HHNB5WZDPGejCbleNlBQsehCvVzGK+ypLP5q/kAm
-ZJ65vy0d+9BIW4Iqjquk1XtfJoSKmmlewXHiqVlMKnb3/fTPP9POMHJiZRzp6e7S
-/EQAHuCAV+lBs/BE5Q93OxofV16UHcOl+q9BjEwwaysAhFIMZAyoWxcW0R746nIB
-R5q5IZX5ce180pNUDMWc6OVAKMWgyrGpIPkCAwEAATANBgkqhkiG9w0BAQQFAAOC
-AQEAkwj54NTFypXeTjg7KIfp07bOT2kuyQlXL/riUJ857POE6DqPm8MGYpBJk20j
-eis9e/lGMhjTh0RJ9ykv81iXcMNFW5BSHN/7qKOhKVOjTO3SUdBEmKQUb3adDQN2
-5dMTIc6jTSp3/q2zR21CuUoO/2H07GKyOwCcrBai7BnIxz3XfZfNTRrSAAdOQD25
-uh7i/oEoV7mtK3RZsJ+LpZjTdQZnSgQRsuoajODUvsgMRnZ/X1p7cgndttNrl3Do
-fhd0HPc6X+P6wveVvXReREubvSfeAn+HH2hoYLn0HSt7zu+xfzq+uWZgVG8MoN2M
-A6fxn/gOjbvGundh946+KLrYTw==
------END CERTIFICATE-----
-
diff --git a/crypto/openssl/demos/maurice/example1.c b/crypto/openssl/demos/maurice/example1.c
deleted file mode 100644
index 1ef8299..0000000
--- a/crypto/openssl/demos/maurice/example1.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/* NOCW */
-/*
- Please read the README file for condition of use, before
- using this software.
-
- Maurice Gittens <mgittens@gits.nl> January 1997
-*/
-
-#include <unistd.h>
-#include <stdio.h>
-#include <netinet/in.h>
-#include <fcntl.h>
-#include <strings.h>
-#include <stdlib.h>
-
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-
-#include "loadkeys.h"
-
-#define PUBFILE "cert.pem"
-#define PRIVFILE "privkey.pem"
-
-#define STDIN 0
-#define STDOUT 1
-
-void main_encrypt(void);
-void main_decrypt(void);
-
-static const char *usage = "Usage: example1 [-d]\n";
-
-int main(int argc, char *argv[])
-{
-
- ERR_load_crypto_strings();
-
- if ((argc == 1))
- {
- main_encrypt();
- }
- else if ((argc == 2) && !strcmp(argv[1],"-d"))
- {
- main_decrypt();
- }
- else
- {
- printf("%s",usage);
- exit(1);
- }
-
- return 0;
-}
-
-void main_encrypt(void)
-{
- unsigned int ebuflen;
- EVP_CIPHER_CTX ectx;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char *ekey[1];
- int readlen;
- int ekeylen, net_ekeylen;
- EVP_PKEY *pubKey[1];
- char buf[512];
- char ebuf[512];
-
- memset(iv, '\0', sizeof(iv));
-
- pubKey[0] = ReadPublicKey(PUBFILE);
-
- if(!pubKey[0])
- {
- fprintf(stderr,"Error: can't load public key");
- exit(1);
- }
-
- ekey[0] = malloc(EVP_PKEY_size(pubKey[0]));
- if (!ekey[0])
- {
- EVP_PKEY_free(pubKey[0]);
- perror("malloc");
- exit(1);
- }
-
- EVP_SealInit(&ectx,
- EVP_des_ede3_cbc(),
- ekey,
- &ekeylen,
- iv,
- pubKey,
- 1);
-
- net_ekeylen = htonl(ekeylen);
- write(STDOUT, (char*)&net_ekeylen, sizeof(net_ekeylen));
- write(STDOUT, ekey[0], ekeylen);
- write(STDOUT, iv, sizeof(iv));
-
- while(1)
- {
- readlen = read(STDIN, buf, sizeof(buf));
-
- if (readlen <= 0)
- {
- if (readlen < 0)
- perror("read");
-
- break;
- }
-
- EVP_SealUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
-
- write(STDOUT, ebuf, ebuflen);
- }
-
- EVP_SealFinal(&ectx, ebuf, &ebuflen);
-
- write(STDOUT, ebuf, ebuflen);
-
- EVP_PKEY_free(pubKey[0]);
- free(ekey[0]);
-}
-
-void main_decrypt(void)
-{
- char buf[520];
- char ebuf[512];
- unsigned int buflen;
- EVP_CIPHER_CTX ectx;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char *encryptKey;
- unsigned int ekeylen;
- EVP_PKEY *privateKey;
-
- memset(iv, '\0', sizeof(iv));
-
- privateKey = ReadPrivateKey(PRIVFILE);
- if (!privateKey)
- {
- fprintf(stderr, "Error: can't load private key");
- exit(1);
- }
-
- read(STDIN, &ekeylen, sizeof(ekeylen));
- ekeylen = ntohl(ekeylen);
-
- if (ekeylen != EVP_PKEY_size(privateKey))
- {
- EVP_PKEY_free(privateKey);
- fprintf(stderr, "keylength mismatch");
- exit(1);
- }
-
- encryptKey = malloc(sizeof(char) * ekeylen);
- if (!encryptKey)
- {
- EVP_PKEY_free(privateKey);
- perror("malloc");
- exit(1);
- }
-
- read(STDIN, encryptKey, ekeylen);
- read(STDIN, iv, sizeof(iv));
- EVP_OpenInit(&ectx,
- EVP_des_ede3_cbc(),
- encryptKey,
- ekeylen,
- iv,
- privateKey);
-
- while(1)
- {
- int readlen = read(STDIN, ebuf, sizeof(ebuf));
-
- if (readlen <= 0)
- {
- if (readlen < 0)
- perror("read");
-
- break;
- }
-
- EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen);
- write(STDOUT, buf, buflen);
- }
-
- EVP_OpenFinal(&ectx, buf, &buflen);
-
- write(STDOUT, buf, buflen);
-
- EVP_PKEY_free(privateKey);
- free(encryptKey);
-}
-
-
diff --git a/crypto/openssl/demos/maurice/example2.c b/crypto/openssl/demos/maurice/example2.c
deleted file mode 100644
index 57bce10..0000000
--- a/crypto/openssl/demos/maurice/example2.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/* NOCW */
-/*
- Please read the README file for condition of use, before
- using this software.
-
- Maurice Gittens <mgittens@gits.nl> January 1997
-*/
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <strings.h>
-
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-
-#include "loadkeys.h"
-
-#define PUBFILE "cert.pem"
-#define PRIVFILE "privkey.pem"
-#define STDIN 0
-#define STDOUT 1
-
-int main()
-{
- char *ct = "This the clear text";
- char *buf;
- char *buf2;
- EVP_PKEY *pubKey;
- EVP_PKEY *privKey;
- int len;
-
- ERR_load_crypto_strings();
-
- privKey = ReadPrivateKey(PRIVFILE);
- if (!privKey)
- {
- ERR_print_errors_fp (stderr);
- exit (1);
- }
-
- pubKey = ReadPublicKey(PUBFILE);
- if(!pubKey)
- {
- EVP_PKEY_free(privKey);
- fprintf(stderr,"Error: can't load public key");
- exit(1);
- }
-
- /* No error checking */
- buf = malloc(EVP_PKEY_size(pubKey));
- buf2 = malloc(EVP_PKEY_size(pubKey));
-
- len = RSA_public_encrypt(strlen(ct)+1, ct, buf, pubKey->pkey.rsa,RSA_PKCS1_PADDING);
-
- if (len != EVP_PKEY_size(pubKey))
- {
- fprintf(stderr,"Error: ciphertext should match length of key\n");
- exit(1);
- }
-
- RSA_private_decrypt(len, buf, buf2, privKey->pkey.rsa,RSA_PKCS1_PADDING);
-
- printf("%s\n", buf2);
-
- EVP_PKEY_free(privKey);
- EVP_PKEY_free(pubKey);
- free(buf);
- free(buf2);
- return 0;
-}
diff --git a/crypto/openssl/demos/maurice/example3.c b/crypto/openssl/demos/maurice/example3.c
deleted file mode 100644
index 03d8a20..0000000
--- a/crypto/openssl/demos/maurice/example3.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/* NOCW */
-/*
- Please read the README file for condition of use, before
- using this software.
-
- Maurice Gittens <mgittens@gits.nl> January 1997
-
-*/
-
-#include <stdio.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <openssl/evp.h>
-
-#define STDIN 0
-#define STDOUT 1
-#define BUFLEN 512
-#define INIT_VECTOR "12345678"
-#define ENCRYPT 1
-#define DECRYPT 0
-#define ALG EVP_des_ede3_cbc()
-
-static const char *usage = "Usage: example3 [-d] password\n";
-
-void do_cipher(char *,int);
-
-int main(int argc, char *argv[])
-{
- if ((argc == 2))
- {
- do_cipher(argv[1],ENCRYPT);
- }
- else if ((argc == 3) && !strcmp(argv[1],"-d"))
- {
- do_cipher(argv[2],DECRYPT);
- }
- else
- {
- fprintf(stderr,"%s", usage);
- exit(1);
- }
-
- return 0;
-}
-
-void do_cipher(char *pw, int operation)
-{
- char buf[BUFLEN];
- char ebuf[BUFLEN + 8];
- unsigned int ebuflen; /* rc; */
- unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
- /* unsigned int ekeylen, net_ekeylen; */
- EVP_CIPHER_CTX ectx;
-
- memcpy(iv, INIT_VECTOR, sizeof(iv));
-
- EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv);
-
- EVP_CIPHER_CTX_init(&ectx);
- EVP_CipherInit_ex(&ectx, ALG, NULL, key, iv, operation);
-
- while(1)
- {
- int readlen = read(STDIN, buf, sizeof(buf));
-
- if (readlen <= 0)
- {
- if (!readlen)
- break;
- else
- {
- perror("read");
- exit(1);
- }
- }
-
- EVP_CipherUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
-
- write(STDOUT, ebuf, ebuflen);
- }
-
- EVP_CipherFinal_ex(&ectx, ebuf, &ebuflen);
- EVP_CIPHER_CTX_cleanup(&ectx);
-
- write(STDOUT, ebuf, ebuflen);
-}
diff --git a/crypto/openssl/demos/maurice/example4.c b/crypto/openssl/demos/maurice/example4.c
deleted file mode 100644
index ce62984..0000000
--- a/crypto/openssl/demos/maurice/example4.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* NOCW */
-/*
- Please read the README file for condition of use, before
- using this software.
-
- Maurice Gittens <mgittens@gits.nl> January 1997
-
-*/
-
-#include <stdio.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <openssl/evp.h>
-
-#define STDIN 0
-#define STDOUT 1
-#define BUFLEN 512
-
-static const char *usage = "Usage: example4 [-d]\n";
-
-void do_encode(void);
-void do_decode(void);
-
-int main(int argc, char *argv[])
-{
- if ((argc == 1))
- {
- do_encode();
- }
- else if ((argc == 2) && !strcmp(argv[1],"-d"))
- {
- do_decode();
- }
- else
- {
- fprintf(stderr,"%s", usage);
- exit(1);
- }
-
- return 0;
-}
-
-void do_encode()
-{
- char buf[BUFLEN];
- char ebuf[BUFLEN+24];
- unsigned int ebuflen;
- EVP_ENCODE_CTX ectx;
-
- EVP_EncodeInit(&ectx);
-
- while(1)
- {
- int readlen = read(STDIN, buf, sizeof(buf));
-
- if (readlen <= 0)
- {
- if (!readlen)
- break;
- else
- {
- perror("read");
- exit(1);
- }
- }
-
- EVP_EncodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
-
- write(STDOUT, ebuf, ebuflen);
- }
-
- EVP_EncodeFinal(&ectx, ebuf, &ebuflen);
-
- write(STDOUT, ebuf, ebuflen);
-}
-
-void do_decode()
-{
- char buf[BUFLEN];
- char ebuf[BUFLEN+24];
- unsigned int ebuflen;
- EVP_ENCODE_CTX ectx;
-
- EVP_DecodeInit(&ectx);
-
- while(1)
- {
- int readlen = read(STDIN, buf, sizeof(buf));
- int rc;
-
- if (readlen <= 0)
- {
- if (!readlen)
- break;
- else
- {
- perror("read");
- exit(1);
- }
- }
-
- rc = EVP_DecodeUpdate(&ectx, ebuf, &ebuflen, buf, readlen);
- if (rc <= 0)
- {
- if (!rc)
- {
- write(STDOUT, ebuf, ebuflen);
- break;
- }
-
- fprintf(stderr, "Error: decoding message\n");
- return;
- }
-
- write(STDOUT, ebuf, ebuflen);
- }
-
- EVP_DecodeFinal(&ectx, ebuf, &ebuflen);
-
- write(STDOUT, ebuf, ebuflen);
-}
-
diff --git a/crypto/openssl/demos/maurice/loadkeys.c b/crypto/openssl/demos/maurice/loadkeys.c
deleted file mode 100644
index 82fd22a..0000000
--- a/crypto/openssl/demos/maurice/loadkeys.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/* NOCW */
-/*
- Please read the README file for condition of use, before
- using this software.
-
- Maurice Gittens <mgittens@gits.nl> January 1997
-
-*/
-
-#include <unistd.h>
-#include <stdio.h>
-#include <netinet/in.h>
-#include <fcntl.h>
-#include <strings.h>
-#include <stdlib.h>
-
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-
-EVP_PKEY * ReadPublicKey(const char *certfile)
-{
- FILE *fp = fopen (certfile, "r");
- X509 *x509;
- EVP_PKEY *pkey;
-
- if (!fp)
- return NULL;
-
- x509 = PEM_read_X509(fp, NULL, 0, NULL);
-
- if (x509 == NULL)
- {
- ERR_print_errors_fp (stderr);
- return NULL;
- }
-
- fclose (fp);
-
- pkey=X509_extract_key(x509);
-
- X509_free(x509);
-
- if (pkey == NULL)
- ERR_print_errors_fp (stderr);
-
- return pkey;
-}
-
-EVP_PKEY *ReadPrivateKey(const char *keyfile)
-{
- FILE *fp = fopen(keyfile, "r");
- EVP_PKEY *pkey;
-
- if (!fp)
- return NULL;
-
- pkey = PEM_read_PrivateKey(fp, NULL, 0, NULL);
-
- fclose (fp);
-
- if (pkey == NULL)
- ERR_print_errors_fp (stderr);
-
- return pkey;
-}
-
-
diff --git a/crypto/openssl/demos/maurice/loadkeys.h b/crypto/openssl/demos/maurice/loadkeys.h
deleted file mode 100644
index d8fde86..0000000
--- a/crypto/openssl/demos/maurice/loadkeys.h
+++ /dev/null
@@ -1,19 +0,0 @@
-/* NOCW */
-/*
- Please read the README file for condition of use, before
- using this software.
-
- Maurice Gittens <mgittens@gits.nl> January 1997
-
-*/
-
-#ifndef LOADKEYS_H_SEEN
-#define LOADKEYS_H_SEEN
-
-#include <openssl/evp.h>
-
-EVP_PKEY * ReadPublicKey(const char *certfile);
-EVP_PKEY *ReadPrivateKey(const char *keyfile);
-
-#endif
-
diff --git a/crypto/openssl/demos/maurice/privkey.pem b/crypto/openssl/demos/maurice/privkey.pem
deleted file mode 100644
index fc3554e..0000000
--- a/crypto/openssl/demos/maurice/privkey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA3YKg/qmNagJ+eNYzdZuCAUsSgOprm4Oe467c89BxfEvqA1e0
-zLpEW7hLSdP2Ocw9Eh/aWCYnvLyrpG1i0ZFaR5+AQMG5+uMe71J4RiZDZR3ya7//
-wIFmFM2BMpHx+FF9DhcfJ/zHUf0cc0HlZkM8Z6MJuV42UFCx6EK9XMYr7Kks/mr+
-QCZknrm/LR370EhbgiqOq6TVe18mhIqaaV7BceKpWUwqdvf99M8/084wcmJlHOnp
-7tL8RAAe4IBX6UGz8ETlD3c7Gh9XXpQdw6X6r0GMTDBrKwCEUgxkDKhbFxbRHvjq
-cgFHmrkhlflx7XzSk1QMxZzo5UAoxaDKsakg+QIDAQABAoIBAQC0hnh083PnuJ6g
-Flob+B+stCUhYWtPc6ZzgphaMD+9ABV4oescipWZdooNYiyikBwZgFIvUvFBtTXh
-rLBDgUVlZ81beUb7/EvC2aBh818rsotWW0Sw/ARY4d7wetcL/EWBzUA8E5vR6wlb
-uZGelR9OiyYqp2h2bj1/v5yaVnuHxBeBj5clTHtPMXc+/70iUNBDMZ0ruZTdSwll
-e0DH8pp/5USYewlrKtRIJT7elC8LFMqEz4OpNvfaR2OEY0FatYYmSvQPNwV8/Eor
-XlNzRi9qD0uXbVexaAgQZ3/KZuAzUbOgwJZZXEAOGkZ/J1n08jljPXdU0o7bHhNl
-7siHbuEBAoGBAP53IvvJkhnH8Akf6E6sXelZkPKHnwDwfywDAiIhXza9DB1DViRS
-bZUB5gzcxmLGalex5+LcwZmsqFO5NXZ8SQeE9p0YT8yJsX4J1w9JzSvsWJBS2vyW
-Kbt21oG6JAGrWSGMIfxKpuahtWLf4JpGjftti0qIVQ60GKEPc1/xE2PZAoGBAN7Y
-nRPaUaqcIwbnH9kovOKwZ/PWREy1ecr3YXj65VYTnwSJHD0+CJa/DX8eB/G4AoNA
-Y2LPbq0Xu3+7SaUsO45VkaZuJmNwheUQ4tmyd/YdnVZ0AHXx1tvpR7QeO0WjnlNK
-mR+x00fetrff2Ypahs0wtU0Xf3F8ORgVB8jnxBIhAoGAcwf0PpI+g30Im3dbEsWE
-poogpiJ81HXjZ0fs3PTtD9eh9FCOTlkcxHFZR5M980TyqbX4t2tH8WpFpaNh8a/5
-a3bF7PoiiLnuDKXyHC0mnKZ42rU53VkcgGwWSAqXYFHPNwUcD+rHTBbp4kqGQ/eF
-E5XPk9/RY5YyVAyiAUr/kvECgYBvW1Ua75SxqbZDI8mhbZ79tGMt0NtubZz/1KCL
-oOxrGAD1dkJ7Q/1svunSpMIZgvcWeV1wqfFHY72ZNZC2jiTwmkffH9nlBPyTm92Q
-JYOWo/PUmMEGLyRL3gWrtxOtV/as7nEYCndmyZ8KwTxmy5fi/z0J2f0gS5AIPbIX
-LeGnoQKBgQDapjz9K4HWR5AMxyga4eiLIrmADySP846uz3eZIvTJQZ+6TAamvnno
-KbnU21cGq5HBBtxqQvGswLPGW9rZAgykHHJmYBUp0xv4+I4qHfXyD7QNmvq+Vxjj
-V2tgIafEpaf2ZsfM7BZeZz8MzeGcDwyrHtIO1FQiYN5Qz9Hq68XmVA==
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/demos/pkcs12/README b/crypto/openssl/demos/pkcs12/README
deleted file mode 100644
index c87434b..0000000
--- a/crypto/openssl/demos/pkcs12/README
+++ /dev/null
@@ -1,3 +0,0 @@
-PKCS#12 demo applications
-
-Written by Steve Henson.
diff --git a/crypto/openssl/demos/pkcs12/pkread.c b/crypto/openssl/demos/pkcs12/pkread.c
deleted file mode 100644
index 8e1b686..0000000
--- a/crypto/openssl/demos/pkcs12/pkread.c
+++ /dev/null
@@ -1,61 +0,0 @@
-/* pkread.c */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/pkcs12.h>
-
-/* Simple PKCS#12 file reader */
-
-int main(int argc, char **argv)
-{
- FILE *fp;
- EVP_PKEY *pkey;
- X509 *cert;
- STACK_OF(X509) *ca = NULL;
- PKCS12 *p12;
- int i;
- if (argc != 4) {
- fprintf(stderr, "Usage: pkread p12file password opfile\n");
- exit (1);
- }
- SSLeay_add_all_algorithms();
- ERR_load_crypto_strings();
- if (!(fp = fopen(argv[1], "rb"))) {
- fprintf(stderr, "Error opening file %s\n", argv[1]);
- exit(1);
- }
- p12 = d2i_PKCS12_fp(fp, NULL);
- fclose (fp);
- if (!p12) {
- fprintf(stderr, "Error reading PKCS#12 file\n");
- ERR_print_errors_fp(stderr);
- exit (1);
- }
- if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {
- fprintf(stderr, "Error parsing PKCS#12 file\n");
- ERR_print_errors_fp(stderr);
- exit (1);
- }
- PKCS12_free(p12);
- if (!(fp = fopen(argv[3], "w"))) {
- fprintf(stderr, "Error opening file %s\n", argv[1]);
- exit(1);
- }
- if (pkey) {
- fprintf(fp, "***Private Key***\n");
- PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
- }
- if (cert) {
- fprintf(fp, "***User Certificate***\n");
- PEM_write_X509_AUX(fp, cert);
- }
- if (ca && sk_num(ca)) {
- fprintf(fp, "***Other Certificates***\n");
- for (i = 0; i < sk_X509_num(ca); i++)
- PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
- }
- fclose(fp);
- return 0;
-}
diff --git a/crypto/openssl/demos/pkcs12/pkwrite.c b/crypto/openssl/demos/pkcs12/pkwrite.c
deleted file mode 100644
index 15f839d..0000000
--- a/crypto/openssl/demos/pkcs12/pkwrite.c
+++ /dev/null
@@ -1,46 +0,0 @@
-/* pkwrite.c */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/pkcs12.h>
-
-/* Simple PKCS#12 file creator */
-
-int main(int argc, char **argv)
-{
- FILE *fp;
- EVP_PKEY *pkey;
- X509 *cert;
- PKCS12 *p12;
- if (argc != 5) {
- fprintf(stderr, "Usage: pkwrite infile password name p12file\n");
- exit(1);
- }
- SSLeay_add_all_algorithms();
- ERR_load_crypto_strings();
- if (!(fp = fopen(argv[1], "r"))) {
- fprintf(stderr, "Error opening file %s\n", argv[1]);
- exit(1);
- }
- cert = PEM_read_X509(fp, NULL, NULL, NULL);
- rewind(fp);
- pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
- fclose(fp);
- p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0,0,0,0,0);
- if(!p12) {
- fprintf(stderr, "Error creating PKCS#12 structure\n");
- ERR_print_errors_fp(stderr);
- exit(1);
- }
- if (!(fp = fopen(argv[4], "wb"))) {
- fprintf(stderr, "Error opening file %s\n", argv[1]);
- ERR_print_errors_fp(stderr);
- exit(1);
- }
- i2d_PKCS12_fp(fp, p12);
- PKCS12_free(p12);
- fclose(fp);
- return 0;
-}
diff --git a/crypto/openssl/demos/prime/Makefile b/crypto/openssl/demos/prime/Makefile
deleted file mode 100644
index 0166cd4..0000000
--- a/crypto/openssl/demos/prime/Makefile
+++ /dev/null
@@ -1,20 +0,0 @@
-CC=cc
-CFLAGS= -g -I../../include -Wall
-LIBS= -L../.. -lcrypto
-EXAMPLES=prime
-
-all: $(EXAMPLES)
-
-prime: prime.o
- $(CC) -o prime prime.o $(LIBS)
-
-clean:
- rm -f $(EXAMPLES) *.o
-
-test: all
- @echo Test creating a 128-bit prime
- ./prime 128
- @echo Test creating a 256-bit prime
- ./prime 256
- @echo Test creating a 512-bit prime
- ./prime 512
diff --git a/crypto/openssl/demos/prime/prime.c b/crypto/openssl/demos/prime/prime.c
deleted file mode 100644
index 103e0ef..0000000
--- a/crypto/openssl/demos/prime/prime.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/* demos/prime/prime.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/bn.h>
-
-void callback(type,num)
-int type,num;
- {
- if (type == 0)
- fprintf(stderr,".");
- else if (type == 1)
- fprintf(stderr,"+");
- else if (type == 2)
- fprintf(stderr,"*");
- fflush(stderr);
- }
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- BIGNUM *rand;
- int num=256;
-
- /* we should really call RAND_seed(char *bytes,int num);
- * to fully initalise the random number generator */
- if (argc >= 2)
- {
- num=atoi(argv[1]);
- if (num == 0) num=256;
- }
-
- fprintf(stderr,"generate a strong prime\n");
- rand=BN_generate_prime(NULL,num,1,NULL,NULL,callback,NULL);
- /* change the third parameter to 1 for a strong prime */
- fprintf(stderr,"\n");
-
- BN_print_fp(stdout,rand);
- fprintf(stdout,"\n");
- BN_free(rand);
- exit(0);
- return(0);
- }
-
diff --git a/crypto/openssl/demos/privkey.pem b/crypto/openssl/demos/privkey.pem
deleted file mode 100644
index ddae240..0000000
--- a/crypto/openssl/demos/privkey.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAN+FmbxmHVOp/RxtpMGz0DvQEBz1sDktHp19hIoMSu0YZift5MAu
-4xAEJYvWVCshDiyOTWsUBXwZkrkt87FyctkCAwEAAQJAG/vxBGpQb6IPo1iC0RF/
-F430BnwoBPCGLbeCOXpSgx5X+19vuTSdEqMgeNB6+aNb+XY/7mvVfCjyD6WZ0oxs
-JQIhAPO+uL9cP40lFs62pdL3QSWsh3VNDByvOtr9LpeaxBm/AiEA6sKVfXsDQ5hd
-SHt9U61r2r8Lcxmzi9Kw6JNqjMmzqWcCIQCKoRy+aZ8Tjdas9yDVHh+FZ90bEBkl
-b1xQFNOdEj8aTQIhAOJWrO6INYNsWTPS6+hLYZtLamyUsQj0H+B8kNQge/mtAiEA
-nBfvUl243qbqN8gF7Az1u33uc9FsPVvQPiBzLxZ4ixw=
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/demos/selfsign.c b/crypto/openssl/demos/selfsign.c
deleted file mode 100644
index 68904c6..0000000
--- a/crypto/openssl/demos/selfsign.c
+++ /dev/null
@@ -1,180 +0,0 @@
-/* NOCW */
-/* cc -o ssdemo -I../include selfsign.c ../libcrypto.a */
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <openssl/pem.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-
-int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
-
-int main()
- {
- BIO *bio_err;
- X509 *x509=NULL;
- EVP_PKEY *pkey=NULL;
-
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
-
- mkit(&x509,&pkey,512,0,365);
-
- RSA_print_fp(stdout,pkey->pkey.rsa,0);
- X509_print_fp(stdout,x509);
-
- PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
- PEM_write_X509(stdout,x509);
-
- X509_free(x509);
- EVP_PKEY_free(pkey);
-
-#ifdef CUSTOM_EXT
- /* Only needed if we add objects or custom extensions */
- X509V3_EXT_cleanup();
- OBJ_cleanup();
-#endif
-
- CRYPTO_mem_leaks(bio_err);
- BIO_free(bio_err);
- return(0);
- }
-
-#ifdef WIN16
-# define MS_CALLBACK _far _loadds
-# define MS_FAR _far
-#else
-# define MS_CALLBACK
-# define MS_FAR
-#endif
-
-static void MS_CALLBACK callback(p, n, arg)
-int p;
-int n;
-void *arg;
- {
- char c='B';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- fputc(c,stderr);
- }
-
-int mkit(x509p,pkeyp,bits,serial,days)
-X509 **x509p;
-EVP_PKEY **pkeyp;
-int bits;
-int serial;
-int days;
- {
- X509 *x;
- EVP_PKEY *pk;
- RSA *rsa;
- X509_NAME *name=NULL;
- X509_NAME_ENTRY *ne=NULL;
- X509_EXTENSION *ex=NULL;
-
-
- if ((pkeyp == NULL) || (*pkeyp == NULL))
- {
- if ((pk=EVP_PKEY_new()) == NULL)
- {
- abort();
- return(0);
- }
- }
- else
- pk= *pkeyp;
-
- if ((x509p == NULL) || (*x509p == NULL))
- {
- if ((x=X509_new()) == NULL)
- goto err;
- }
- else
- x= *x509p;
-
- rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
- if (!EVP_PKEY_assign_RSA(pk,rsa))
- {
- abort();
- goto err;
- }
- rsa=NULL;
-
- X509_set_version(x,3);
- ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
- X509_gmtime_adj(X509_get_notBefore(x),0);
- X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
- X509_set_pubkey(x,pk);
-
- name=X509_get_subject_name(x);
-
- /* This function creates and adds the entry, working out the
- * correct string type and performing checks on its length.
- * Normally we'd check the return value for errors...
- */
- X509_NAME_add_entry_by_txt(name,"C",
- MBSTRING_ASC, "UK", -1, -1, 0);
- X509_NAME_add_entry_by_txt(name,"CN",
- MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
-
- X509_set_issuer_name(x,name);
-
- /* Add extension using V3 code: we can set the config file as NULL
- * because we wont reference any other sections. We can also set
- * the context to NULL because none of these extensions below will need
- * to access it.
- */
-
- ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
- X509_add_ext(x,ex,-1);
- X509_EXTENSION_free(ex);
-
- ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment,
- "example comment extension");
- X509_add_ext(x,ex,-1);
- X509_EXTENSION_free(ex);
-
- ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,
- "www.openssl.org");
-
- X509_add_ext(x,ex,-1);
- X509_EXTENSION_free(ex);
-
-#if 0
- /* might want something like this too.... */
- ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
- "critical,CA:TRUE");
-
-
- X509_add_ext(x,ex,-1);
- X509_EXTENSION_free(ex);
-#endif
-
-#ifdef CUSTOM_EXT
- /* Maybe even add our own extension based on existing */
- {
- int nid;
- nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
- X509V3_EXT_add_alias(nid, NID_netscape_comment);
- ex = X509V3_EXT_conf_nid(NULL, NULL, nid,
- "example comment alias");
- X509_add_ext(x,ex,-1);
- X509_EXTENSION_free(ex);
- }
-#endif
-
- if (!X509_sign(x,pk,EVP_md5()))
- goto err;
-
- *x509p=x;
- *pkeyp=pk;
- return(1);
-err:
- return(0);
- }
diff --git a/crypto/openssl/demos/sign/Makefile b/crypto/openssl/demos/sign/Makefile
deleted file mode 100644
index e6d391e..0000000
--- a/crypto/openssl/demos/sign/Makefile
+++ /dev/null
@@ -1,15 +0,0 @@
-CC=cc
-CFLAGS= -g -I../../include -Wall
-LIBS= -L../.. -lcrypto
-EXAMPLES=sign
-
-all: $(EXAMPLES)
-
-sign: sign.o
- $(CC) -o sign sign.o $(LIBS)
-
-clean:
- rm -f $(EXAMPLES) *.o
-
-test: all
- ./sign
diff --git a/crypto/openssl/demos/sign/cert.pem b/crypto/openssl/demos/sign/cert.pem
deleted file mode 100644
index 9d7ac23..0000000
--- a/crypto/openssl/demos/sign/cert.pem
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
-bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
-dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
-DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
-EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
-dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
-EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
-MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
-L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
-BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
-9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
------END CERTIFICATE-----
diff --git a/crypto/openssl/demos/sign/key.pem b/crypto/openssl/demos/sign/key.pem
deleted file mode 100644
index 239ad66..0000000
--- a/crypto/openssl/demos/sign/key.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
-2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
-oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
-8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
-a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
-WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
-6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/demos/sign/sig.txt b/crypto/openssl/demos/sign/sig.txt
deleted file mode 100644
index 5613c0e..0000000
--- a/crypto/openssl/demos/sign/sig.txt
+++ /dev/null
@@ -1,158 +0,0 @@
-From ssl-lists-owner@mincom.com Mon Sep 30 02:37:40 1996
-Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11782
- (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 11:46:21 +1000
-Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id LAA18980 for ssl-users-outgoing; Mon, 30 Sep 1996 11:44:56 +1000 (EST)
-Received: from minbne.mincom.oz.au (minbne.mincom.oz.au [192.55.196.247]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id LAA18962 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 11:44:51 +1000 (EST)
-Received: by minbne.mincom.oz.au id AA22230
- (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 11:38:41 +1000
-Received: from brutus.neuronio.pt (brutus.neuronio.pt [193.126.253.2]) by bunyip.cc.uq.oz.au (8.7.6/8.7.3) with SMTP id LAA15824 for <ssl-users@mincom.com>; Mon, 30 Sep 1996 11:40:07 +1000
-Received: (from sampo@localhost) by brutus.neuronio.pt (8.6.11/8.6.11) id BAA08729; Mon, 30 Sep 1996 01:37:40 +0100
-Date: Mon, 30 Sep 1996 01:37:40 +0100
-Message-Id: <199609300037.BAA08729@brutus.neuronio.pt>
-From: Sampo Kellomaki <sampo@neuronio.pt>
-To: ssl-users@mincom.com
-Cc: sampo@brutus.neuronio.pt
-Subject: Signing with envelope routines
-Sender: ssl-lists-owner@mincom.com
-Precedence: bulk
-Status: RO
-X-Status: D
-
-
-I have been trying to figure out how to produce signatures with EVP_
-routines. I seem to be able to read in private key and sign some
-data ok, but I can't figure out how I am supposed to read in
-public key so that I could verify my signature. I use self signed
-certificate.
-
-I figured I should use
- EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
- fp, NULL, NULL);
-to read in private key and this seems to work Ok.
-
-However when I try analogous
- EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
- fp, NULL, NULL);
-the program fails with
-
-error:0D09508D:asn1 encoding routines:D2I_PUBLICKEY:unknown public key type:d2i_pu.c:93
-error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_lib.c:232
-
-I figured that the second argument to PEM_ASN1_read should match the
-name in my PEM encoded object, hence PEM_STRING_X509.
-PEM_STRING_EVP_PKEY seems to be somehow magical
-because it matches whatever private key there happens to be. I could
-not find a similar constant to use with getting the certificate, however.
-
-Is my approach of using PEM_ASN1_read correct? What should I pass in
-as name? Can I use normal (or even self signed) X509 certificate for
-verifying the signature?
-
-When will SSLeay documentation be written ;-)? If I would contribute
-comments to the code, would Eric take time to review them and include
-them in distribution?
-
-I'm using SSLeay-0.6.4. My program is included below along with the
-key and cert that I use.
-
---Sampo
-
------------------------------------
-/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
- 29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
-
-#include <stdio.h>
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "err.h"
-#include "pem.h"
-#include "ssl.h"
-
-void main ()
-{
- int err;
- int sig_len;
- unsigned char sig_buf [4096];
- const char certfile[] = "plain-cert.pem";
- const char keyfile[] = "plain-key.pem";
- const char data[] = "I owe you...";
- EVP_MD_CTX md_ctx;
- EVP_PKEY* pkey;
- FILE* fp;
-
- SSL_load_error_strings();
-
- /* Read private key */
-
- fp = fopen (keyfile, "r"); if (fp == NULL) exit (1);
- pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
- PEM_STRING_EVP_PKEY,
- fp,
- NULL, NULL);
- if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
- fclose (fp);
-
- /* Do the signature */
-
- EVP_SignInit (&md_ctx, EVP_md5());
- EVP_SignUpdate (&md_ctx, data, strlen(data));
- sig_len = sizeof(sig_buf);
- err = EVP_SignFinal (&md_ctx,
- sig_buf,
- &sig_len,
- pkey);
- if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
- EVP_PKEY_free (pkey);
-
- /* Read public key */
-
- fp = fopen (certfile, "r"); if (fp == NULL) exit (1);
- pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PublicKey,
- PEM_STRING_X509,
- fp,
- NULL, NULL);
- if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
- fclose (fp);
-
- /* Verify the signature */
-
- EVP_VerifyInit (&md_ctx, EVP_md5());
- EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
- err = EVP_VerifyFinal (&md_ctx,
- sig_buf,
- sig_len,
- pkey);
- if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
- EVP_PKEY_free (pkey);
- printf ("Signature Verified Ok.\n");
-}
-/* EOF */
---------------- plain-cert.pem -----------------
------BEGIN CERTIFICATE-----
-MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv
-bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy
-dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X
-DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw
-EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l
-dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT
-EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp
-MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw
-L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN
-BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX
-9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=
------END CERTIFICATE-----
----------------- plain-key.pem -----------------
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ
-2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF
-oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr
-8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc
-a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7
-WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA
-6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=
------END RSA PRIVATE KEY-----
-------------------------------------------------
-
diff --git a/crypto/openssl/demos/sign/sign.c b/crypto/openssl/demos/sign/sign.c
deleted file mode 100644
index a6c66e1..0000000
--- a/crypto/openssl/demos/sign/sign.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/* demos/sign/sign.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
- 29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
-
-/* converted to C - eay :-) */
-
-/* reformated a bit and converted to use the more common functions: this was
- * initially written at the dawn of time :-) - Steve.
- */
-
-#include <stdio.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-
-int main ()
-{
- int err;
- int sig_len;
- unsigned char sig_buf [4096];
- static char certfile[] = "cert.pem";
- static char keyfile[] = "key.pem";
- static char data[] = "I owe you...";
- EVP_MD_CTX md_ctx;
- EVP_PKEY * pkey;
- FILE * fp;
- X509 * x509;
-
- /* Just load the crypto library error strings,
- * SSL_load_error_strings() loads the crypto AND the SSL ones */
- /* SSL_load_error_strings();*/
- ERR_load_crypto_strings();
-
- /* Read private key */
-
- fp = fopen (keyfile, "r");
- if (fp == NULL) exit (1);
- pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
- fclose (fp);
-
- if (pkey == NULL) {
- ERR_print_errors_fp (stderr);
- exit (1);
- }
-
- /* Do the signature */
-
- EVP_SignInit (&md_ctx, EVP_sha1());
- EVP_SignUpdate (&md_ctx, data, strlen(data));
- sig_len = sizeof(sig_buf);
- err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey);
-
- if (err != 1) {
- ERR_print_errors_fp(stderr);
- exit (1);
- }
-
- EVP_PKEY_free (pkey);
-
- /* Read public key */
-
- fp = fopen (certfile, "r");
- if (fp == NULL) exit (1);
- x509 = PEM_read_X509(fp, NULL, NULL, NULL);
- fclose (fp);
-
- if (x509 == NULL) {
- ERR_print_errors_fp (stderr);
- exit (1);
- }
-
- /* Get public key - eay */
- pkey=X509_get_pubkey(x509);
- if (pkey == NULL) {
- ERR_print_errors_fp (stderr);
- exit (1);
- }
-
- /* Verify the signature */
-
- EVP_VerifyInit (&md_ctx, EVP_sha1());
- EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
- err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey);
- EVP_PKEY_free (pkey);
-
- if (err != 1) {
- ERR_print_errors_fp (stderr);
- exit (1);
- }
- printf ("Signature Verified Ok.\n");
- return(0);
-}
diff --git a/crypto/openssl/demos/sign/sign.txt b/crypto/openssl/demos/sign/sign.txt
deleted file mode 100644
index 2aa2b46..0000000
--- a/crypto/openssl/demos/sign/sign.txt
+++ /dev/null
@@ -1,170 +0,0 @@
-From ssl-lists-owner@mincom.com Mon Sep 30 22:43:15 1996
-Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA12802
- (5.65c/IDA-1.4.4 for eay); Mon, 30 Sep 1996 12:45:43 +1000
-Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id MAA25922 for ssl-users-outgoing; Mon, 30 Sep 1996 12:43:43 +1000 (EST)
-Received: from orb.mincom.oz.au (eay@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id MAA25900 for <ssl-users@listserv.mincom.oz.au>; Mon, 30 Sep 1996 12:43:39 +1000 (EST)
-Received: by orb.mincom.oz.au id AA12688
- (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Mon, 30 Sep 1996 12:43:16 +1000
-Date: Mon, 30 Sep 1996 12:43:15 +1000 (EST)
-From: Eric Young <eay@mincom.com>
-X-Sender: eay@orb
-To: Sampo Kellomaki <sampo@neuronio.pt>
-Cc: ssl-users@mincom.com, sampo@brutus.neuronio.pt
-Subject: Re: Signing with envelope routines
-In-Reply-To: <199609300037.BAA08729@brutus.neuronio.pt>
-Message-Id: <Pine.SOL.3.91.960930121504.11800Y-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Sender: ssl-lists-owner@mincom.com
-Precedence: bulk
-Status: O
-X-Status:
-
-
-On Mon, 30 Sep 1996, Sampo Kellomaki wrote:
-> I have been trying to figure out how to produce signatures with EVP_
-> routines. I seem to be able to read in private key and sign some
-> data ok, but I can't figure out how I am supposed to read in
-> public key so that I could verify my signature. I use self signed
-> certificate.
-
-hmm... a rather poorly documented are of the library at this point in time.
-
-> I figured I should use
-> EVP_PKEY* pkey = PEM_ASN1_read(d2i_PrivateKey, PEM_STRING_EVP_PKEY,
-> fp, NULL, NULL);
-> to read in private key and this seems to work Ok.
->
-> However when I try analogous
-> EVP_PKEY* pkey = PEM_ASN1_read(d2i_PublicKey, PEM_STRING_X509,
-> fp, NULL, NULL);
-
-What you should do is
- X509 *x509=PEM_read_X509(fp,NULL,NULL);
- /* which is the same as PEM_ASN1_read(d2i_X509,PEM_STRING_X509,fp,
- * NULL,NULL); */
-Then
- EVP_PKEY *pkey=X509_extract_key(x509);
-
-There is also a X509_REQ_extract_key(req);
-which gets the public key from a certificate request.
-
-I re-worked quite a bit of this when I cleaned up the dependancy on
-RSA as the private key.
-
-> I figured that the second argument to PEM_ASN1_read should match the
-> name in my PEM encoded object, hence PEM_STRING_X509.
-> PEM_STRING_EVP_PKEY seems to be somehow magical
-> because it matches whatever private key there happens to be. I could
-> not find a similar constant to use with getting the certificate, however.
-
-:-), PEM_STRING_EVP_PKEY is 'magical' :-). In theory I should be using a
-standard such as PKCS#8 to store the private key so that the type is
-encoded in the asn.1 encoding of the object.
-
-> Is my approach of using PEM_ASN1_read correct? What should I pass in
-> as name? Can I use normal (or even self signed) X509 certificate for
-> verifying the signature?
-
-The actual public key is kept in the certificate, so basically you have
-to load the certificate and then 'unpack' the public key from the
-certificate.
-
-> When will SSLeay documentation be written ;-)? If I would contribute
-> comments to the code, would Eric take time to review them and include
-> them in distribution?
-
-:-) After SSLv3 and PKCS#7 :-). I actually started doing a function list
-but what I really need to do is do quite a few 'this is how you do xyz'
-type documents. I suppose the current method is to post to ssl-users and
-I'll respond :-).
-
-I'll add a 'demo' directory for the next release, I've appended a
-modified version of your program that works, you were very close :-).
-
-eric
-
-/* sign-it.cpp - Simple test app using SSLeay envelopes to sign data
- 29.9.1996, Sampo Kellomaki <sampo@iki.fi> */
-
-/* converted to C - eay :-) */
-
-#include <stdio.h>
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "err.h"
-#include "pem.h"
-#include "ssl.h"
-
-void main ()
-{
- int err;
- int sig_len;
- unsigned char sig_buf [4096];
- static char certfile[] = "plain-cert.pem";
- static char keyfile[] = "plain-key.pem";
- static char data[] = "I owe you...";
- EVP_MD_CTX md_ctx;
- EVP_PKEY * pkey;
- FILE * fp;
- X509 * x509;
-
- /* Just load the crypto library error strings,
- * SSL_load_error_strings() loads the crypto AND the SSL ones */
- /* SSL_load_error_strings();*/
- ERR_load_crypto_strings();
-
- /* Read private key */
-
- fp = fopen (keyfile, "r"); if (fp == NULL) exit (1);
- pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
- PEM_STRING_EVP_PKEY,
- fp,
- NULL, NULL);
- if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
- fclose (fp);
-
- /* Do the signature */
-
- EVP_SignInit (&md_ctx, EVP_md5());
- EVP_SignUpdate (&md_ctx, data, strlen(data));
- sig_len = sizeof(sig_buf);
- err = EVP_SignFinal (&md_ctx,
- sig_buf,
- &sig_len,
- pkey);
- if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
- EVP_PKEY_free (pkey);
-
- /* Read public key */
-
- fp = fopen (certfile, "r"); if (fp == NULL) exit (1);
- x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
- PEM_STRING_X509,
- fp, NULL, NULL);
- if (x509 == NULL) { ERR_print_errors_fp (stderr); exit (1); }
- fclose (fp);
-
- /* Get public key - eay */
- pkey=X509_extract_key(x509);
- if (pkey == NULL) { ERR_print_errors_fp (stderr); exit (1); }
-
- /* Verify the signature */
-
- EVP_VerifyInit (&md_ctx, EVP_md5());
- EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
- err = EVP_VerifyFinal (&md_ctx,
- sig_buf,
- sig_len,
- pkey);
- if (err != 1) { ERR_print_errors_fp (stderr); exit (1); }
- EVP_PKEY_free (pkey);
- printf ("Signature Verified Ok.\n");
-}
-
-
-
-
-
diff --git a/crypto/openssl/demos/spkigen.c b/crypto/openssl/demos/spkigen.c
deleted file mode 100644
index 2cd5dfe..0000000
--- a/crypto/openssl/demos/spkigen.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/* NOCW */
-/* demos/spkigen.c
- * 18-Mar-1997 - eay - A quick hack :-)
- * version 1.1, it would probably help to save or load the
- * private key :-)
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/err.h>
-#include <openssl/asn1.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-/* The following two don't exist in SSLeay but they are in here as
- * examples */
-#define PEM_write_SPKI(fp,x) \
- PEM_ASN1_write((int (*)())i2d_NETSCAPE_SPKI,"SPKI",fp,\
- (char *)x,NULL,NULL,0,NULL)
-int SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
-
-/* These are defined in the next version of SSLeay */
-int EVP_PKEY_assign(EVP_PKEY *pkey, int type,char *key);
-#define RSA_F4 0x10001
-#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
- (char *)(rsa))
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- RSA *rsa=NULL;
- NETSCAPE_SPKI *spki=NULL;
- EVP_PKEY *pkey=NULL;
- char buf[128];
- int ok=0,i;
- FILE *fp;
-
- pkey=EVP_PKEY_new();
-
- if (argc < 2)
- {
- /* Generate an RSA key, the random state should have been seeded
- * with lots of calls to RAND_seed(....) */
- fprintf(stderr,"generating RSA key, could take some time...\n");
- if ((rsa=RSA_generate_key(512,RSA_F4,NULL)) == NULL) goto err;
- }
- else
- {
- if ((fp=fopen(argv[1],"r")) == NULL)
- { perror(argv[1]); goto err; }
- if ((rsa=PEM_read_RSAPrivateKey(fp,NULL,NULL)) == NULL)
- goto err;
- fclose(fp);
- }
-
- if (!EVP_PKEY_assign_RSA(pkey,rsa)) goto err;
- rsa=NULL;
-
- /* lets make the spki and set the public key and challenge */
- if ((spki=NETSCAPE_SPKI_new()) == NULL) goto err;
-
- if (!SPKI_set_pubkey(spki,pkey)) goto err;
-
- fprintf(stderr,"please enter challenge string:");
- fflush(stderr);
- buf[0]='\0';
- fgets(buf,sizeof buf,stdin);
- i=strlen(buf);
- if (i > 0) buf[--i]='\0';
- if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge,
- buf,i)) goto err;
-
- if (!NETSCAPE_SPKI_sign(spki,pkey,EVP_md5())) goto err;
- PEM_write_SPKI(stdout,spki);
- if (argc < 2)
- PEM_write_RSAPrivateKey(stdout,pkey->pkey.rsa,NULL,NULL,0,NULL);
-
- ok=1;
-err:
- if (!ok)
- {
- fprintf(stderr,"something bad happened....");
- ERR_print_errors_fp(stderr);
- }
- NETSCAPE_SPKI_free(spki);
- EVP_PKEY_free(pkey);
- exit(!ok);
- }
-
-/* This function is in the next version of SSLeay */
-int EVP_PKEY_assign(pkey,type,key)
-EVP_PKEY *pkey;
-int type;
-char *key;
- {
- if (pkey == NULL) return(0);
- if (pkey->pkey.ptr != NULL)
- {
- if (pkey->type == EVP_PKEY_RSA)
- RSA_free(pkey->pkey.rsa);
- /* else memory leak */
- }
- pkey->type=type;
- pkey->pkey.ptr=key;
- return(1);
- }
-
-/* While I have a
- * X509_set_pubkey() and X509_REQ_set_pubkey(), SPKI_set_pubkey() does
- * not currently exist so here is a version of it.
- * The next SSLeay release will probably have
- * X509_set_pubkey(),
- * X509_REQ_set_pubkey() and
- * NETSCAPE_SPKI_set_pubkey()
- * as macros calling the same function */
-int SPKI_set_pubkey(x,pkey)
-NETSCAPE_SPKI *x;
-EVP_PKEY *pkey;
- {
- int ok=0;
- X509_PUBKEY *pk;
- X509_ALGOR *a;
- ASN1_OBJECT *o;
- unsigned char *s,*p;
- int i;
-
- if (x == NULL) return(0);
-
- if ((pk=X509_PUBKEY_new()) == NULL) goto err;
- a=pk->algor;
-
- /* set the algorithm id */
- if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
- ASN1_OBJECT_free(a->algorithm);
- a->algorithm=o;
-
- /* Set the parameter list */
- if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL))
- {
- ASN1_TYPE_free(a->parameter);
- a->parameter=ASN1_TYPE_new();
- a->parameter->type=V_ASN1_NULL;
- }
- i=i2d_PublicKey(pkey,NULL);
- if ((s=(unsigned char *)malloc(i+1)) == NULL) goto err;
- p=s;
- i2d_PublicKey(pkey,&p);
- if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
- free(s);
-
- X509_PUBKEY_free(x->spkac->pubkey);
- x->spkac->pubkey=pk;
- pk=NULL;
- ok=1;
-err:
- if (pk != NULL) X509_PUBKEY_free(pk);
- return(ok);
- }
-
diff --git a/crypto/openssl/demos/ssl/cli.cpp b/crypto/openssl/demos/ssl/cli.cpp
deleted file mode 100644
index 49cba5d..0000000
--- a/crypto/openssl/demos/ssl/cli.cpp
+++ /dev/null
@@ -1,110 +0,0 @@
-/* cli.cpp - Minimal ssleay client for Unix
- 30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
-
-/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
- Simplified to be even more minimal
- 12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
-
-#include <stdio.h>
-#include <memory.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-
-#define CHK_NULL(x) if ((x)==NULL) exit (1)
-#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
-#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
-
-void main ()
-{
- int err;
- int sd;
- struct sockaddr_in sa;
- SSL_CTX* ctx;
- SSL* ssl;
- X509* server_cert;
- char* str;
- char buf [4096];
- SSL_METHOD *meth;
-
- SSLeay_add_ssl_algorithms();
- meth = SSLv2_client_method();
- SSL_load_error_strings();
- ctx = SSL_CTX_new (meth); CHK_NULL(ctx);
-
- CHK_SSL(err);
-
- /* ----------------------------------------------- */
- /* Create a socket and connect to server using normal socket calls. */
-
- sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket");
-
- memset (&sa, '\0', sizeof(sa));
- sa.sin_family = AF_INET;
- sa.sin_addr.s_addr = inet_addr ("127.0.0.1"); /* Server IP */
- sa.sin_port = htons (1111); /* Server Port number */
-
- err = connect(sd, (struct sockaddr*) &sa,
- sizeof(sa)); CHK_ERR(err, "connect");
-
- /* ----------------------------------------------- */
- /* Now we have TCP conncetion. Start SSL negotiation. */
-
- ssl = SSL_new (ctx); CHK_NULL(ssl);
- SSL_set_fd (ssl, sd);
- err = SSL_connect (ssl); CHK_SSL(err);
-
- /* Following two steps are optional and not required for
- data exchange to be successful. */
-
- /* Get the cipher - opt */
-
- printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
-
- /* Get server's certificate (note: beware of dynamic allocation) - opt */
-
- server_cert = SSL_get_peer_certificate (ssl); CHK_NULL(server_cert);
- printf ("Server certificate:\n");
-
- str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
- CHK_NULL(str);
- printf ("\t subject: %s\n", str);
- OPENSSL_free (str);
-
- str = X509_NAME_oneline (X509_get_issuer_name (server_cert),0,0);
- CHK_NULL(str);
- printf ("\t issuer: %s\n", str);
- OPENSSL_free (str);
-
- /* We could do all sorts of certificate verification stuff here before
- deallocating the certificate. */
-
- X509_free (server_cert);
-
- /* --------------------------------------------------- */
- /* DATA EXCHANGE - Send a message and receive a reply. */
-
- err = SSL_write (ssl, "Hello World!", strlen("Hello World!")); CHK_SSL(err);
-
- err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
- buf[err] = '\0';
- printf ("Got %d chars:'%s'\n", err, buf);
- SSL_shutdown (ssl); /* send SSL/TLS close_notify */
-
- /* Clean up. */
-
- close (sd);
- SSL_free (ssl);
- SSL_CTX_free (ctx);
-}
-/* EOF - cli.cpp */
diff --git a/crypto/openssl/demos/ssl/inetdsrv.cpp b/crypto/openssl/demos/ssl/inetdsrv.cpp
deleted file mode 100644
index efd70d2..0000000
--- a/crypto/openssl/demos/ssl/inetdsrv.cpp
+++ /dev/null
@@ -1,98 +0,0 @@
-/* inetdserv.cpp - Minimal ssleay server for Unix inetd.conf
- * 30.9.1996, Sampo Kellomaki <sampo@iki.fi>
- * From /etc/inetd.conf:
- * 1111 stream tcp nowait sampo /usr/users/sampo/demo/inetdserv inetdserv
- */
-
-#include <stdio.h>
-#include <errno.h>
-
-#include "rsa.h" /* SSLeay stuff */
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-#define HOME "/usr/users/sampo/demo/"
-#define CERTF HOME "plain-cert.pem"
-#define KEYF HOME "plain-key.pem"
-
-#define CHK_NULL(x) if ((x)==NULL) exit (1)
-#define CHK_ERR(err,s) if ((err)==-1) \
- { fprintf(log, "%s %d\n", (s), errno); exit(1); }
-#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(log); exit(2); }
-
-void main ()
-{
- int err;
- SSL_CTX* ctx;
- SSL* ssl;
- X509* client_cert;
- char* str;
- char buf [4096];
- FILE* log;
-
- log = fopen ("/dev/console", "a"); CHK_NULL(log);
- fprintf (log, "inetdserv %ld\n", (long)getpid());
-
- SSL_load_error_strings();
- ctx = SSL_CTX_new (); CHK_NULL(ctx);
-
- err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF, SSL_FILETYPE_PEM);
- CHK_SSL (err);
-
- err = SSL_CTX_use_certificate_file (ctx, CERTF, SSL_FILETYPE_PEM);
- CHK_SSL (err);
-
- /* inetd has already opened the TCP connection, so we can get right
- down to business. */
-
- ssl = SSL_new (ctx); CHK_NULL(ssl);
- SSL_set_fd (ssl, fileno(stdin));
- err = SSL_accept (ssl); CHK_SSL(err);
-
- /* Get the cipher - opt */
-
- fprintf (log, "SSL connection using %s\n", SSL_get_cipher (ssl));
-
- /* Get client's certificate (note: beware of dynamic allocation) - opt */
-
- client_cert = SSL_get_peer_certificate (ssl);
- if (client_cert != NULL) {
- fprintf (log, "Client certificate:\n");
-
- str = X509_NAME_oneline (X509_get_subject_name (client_cert));
- CHK_NULL(str);
- fprintf (log, "\t subject: %s\n", str);
- OPENSSL_free (str);
-
- str = X509_NAME_oneline (X509_get_issuer_name (client_cert));
- CHK_NULL(str);
- fprintf (log, "\t issuer: %s\n", str);
- OPENSSL_free (str);
-
- /* We could do all sorts of certificate verification stuff here before
- deallocating the certificate. */
-
- X509_free (client_cert);
- } else
- fprintf (log, "Client doe not have certificate.\n");
-
- /* ------------------------------------------------- */
- /* DATA EXCHANGE: Receive message and send reply */
-
- err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
- buf[err] = '\0';
- fprintf (log, "Got %d chars:'%s'\n", err, buf);
-
- err = SSL_write (ssl, "Loud and clear.", strlen("Loud and clear."));
- CHK_SSL(err);
-
- /* Clean up. */
-
- fclose (log);
- SSL_free (ssl);
- SSL_CTX_free (ctx);
-}
-/* EOF - inetdserv.cpp */
diff --git a/crypto/openssl/demos/ssl/serv.cpp b/crypto/openssl/demos/ssl/serv.cpp
deleted file mode 100644
index b142c75..0000000
--- a/crypto/openssl/demos/ssl/serv.cpp
+++ /dev/null
@@ -1,152 +0,0 @@
-/* serv.cpp - Minimal ssleay server for Unix
- 30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
-
-
-/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
- Simplified to be even more minimal
- 12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
-
-#include <stdio.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <memory.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-
-#include <openssl/rsa.h> /* SSLeay stuff */
-#include <openssl/crypto.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-
-/* define HOME to be dir for key and cert files... */
-#define HOME "./"
-/* Make these what you want for cert & key files */
-#define CERTF HOME "foo-cert.pem"
-#define KEYF HOME "foo-cert.pem"
-
-
-#define CHK_NULL(x) if ((x)==NULL) exit (1)
-#define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
-#define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); }
-
-void main ()
-{
- int err;
- int listen_sd;
- int sd;
- struct sockaddr_in sa_serv;
- struct sockaddr_in sa_cli;
- size_t client_len;
- SSL_CTX* ctx;
- SSL* ssl;
- X509* client_cert;
- char* str;
- char buf [4096];
- SSL_METHOD *meth;
-
- /* SSL preliminaries. We keep the certificate and key with the context. */
-
- SSL_load_error_strings();
- SSLeay_add_ssl_algorithms();
- meth = SSLv23_server_method();
- ctx = SSL_CTX_new (meth);
- if (!ctx) {
- ERR_print_errors_fp(stderr);
- exit(2);
- }
-
- if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
- ERR_print_errors_fp(stderr);
- exit(3);
- }
- if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
- ERR_print_errors_fp(stderr);
- exit(4);
- }
-
- if (!SSL_CTX_check_private_key(ctx)) {
- fprintf(stderr,"Private key does not match the certificate public key\n");
- exit(5);
- }
-
- /* ----------------------------------------------- */
- /* Prepare TCP socket for receiving connections */
-
- listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket");
-
- memset (&sa_serv, '\0', sizeof(sa_serv));
- sa_serv.sin_family = AF_INET;
- sa_serv.sin_addr.s_addr = INADDR_ANY;
- sa_serv.sin_port = htons (1111); /* Server Port number */
-
- err = bind(listen_sd, (struct sockaddr*) &sa_serv,
- sizeof (sa_serv)); CHK_ERR(err, "bind");
-
- /* Receive a TCP connection. */
-
- err = listen (listen_sd, 5); CHK_ERR(err, "listen");
-
- client_len = sizeof(sa_cli);
- sd = accept (listen_sd, (struct sockaddr*) &sa_cli, &client_len);
- CHK_ERR(sd, "accept");
- close (listen_sd);
-
- printf ("Connection from %lx, port %x\n",
- sa_cli.sin_addr.s_addr, sa_cli.sin_port);
-
- /* ----------------------------------------------- */
- /* TCP connection is ready. Do server side SSL. */
-
- ssl = SSL_new (ctx); CHK_NULL(ssl);
- SSL_set_fd (ssl, sd);
- err = SSL_accept (ssl); CHK_SSL(err);
-
- /* Get the cipher - opt */
-
- printf ("SSL connection using %s\n", SSL_get_cipher (ssl));
-
- /* Get client's certificate (note: beware of dynamic allocation) - opt */
-
- client_cert = SSL_get_peer_certificate (ssl);
- if (client_cert != NULL) {
- printf ("Client certificate:\n");
-
- str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
- CHK_NULL(str);
- printf ("\t subject: %s\n", str);
- OPENSSL_free (str);
-
- str = X509_NAME_oneline (X509_get_issuer_name (client_cert), 0, 0);
- CHK_NULL(str);
- printf ("\t issuer: %s\n", str);
- OPENSSL_free (str);
-
- /* We could do all sorts of certificate verification stuff here before
- deallocating the certificate. */
-
- X509_free (client_cert);
- } else
- printf ("Client does not have certificate.\n");
-
- /* DATA EXCHANGE - Receive message and send reply. */
-
- err = SSL_read (ssl, buf, sizeof(buf) - 1); CHK_SSL(err);
- buf[err] = '\0';
- printf ("Got %d chars:'%s'\n", err, buf);
-
- err = SSL_write (ssl, "I hear you.", strlen("I hear you.")); CHK_SSL(err);
-
- /* Clean up. */
-
- close (sd);
- SSL_free (ssl);
- SSL_CTX_free (ctx);
-}
-/* EOF - serv.cpp */
diff --git a/crypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh b/crypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh
deleted file mode 100755
index b31a4f1..0000000
--- a/crypto/openssl/demos/ssltest-ecc/ECC-RSAcertgen.sh
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/bin/sh
-
-# For a list of supported curves, use "apps/openssl ecparam -list_curves".
-
-# Path to the openssl distribution
-OPENSSL_DIR=../..
-# Path to the openssl program
-OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
-# Option to find configuration file
-OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
-# Directory where certificates are stored
-CERTS_DIR=./Certs
-# Directory where private key files are stored
-KEYS_DIR=$CERTS_DIR
-# Directory where combo files (containing a certificate and corresponding
-# private key together) are stored
-COMBO_DIR=$CERTS_DIR
-# cat command
-CAT=/bin/cat
-# rm command
-RM=/bin/rm
-# mkdir command
-MKDIR=/bin/mkdir
-# The certificate will expire these many days after the issue date.
-DAYS=1500
-TEST_CA_FILE=rsa1024TestCA
-
-TEST_SERVER_CURVE=sect163r1
-TEST_SERVER_FILE=sect163r1-rsaTestServer
-TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (sect163r1 key signed with RSA)"
-
-TEST_CLIENT_CURVE=sect163r1
-TEST_CLIENT_FILE=sect163r1-rsaTestClient
-TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (sect163r1 key signed with RSA)"
-
-# Generating an EC certificate involves the following main steps
-# 1. Generating curve parameters (if needed)
-# 2. Generating a certificate request
-# 3. Signing the certificate request
-# 4. [Optional] One can combine the cert and private key into a single
-# file and also delete the certificate request
-
-$MKDIR -p $CERTS_DIR
-$MKDIR -p $KEYS_DIR
-$MKDIR -p $COMBO_DIR
-
-echo "GENERATING A TEST SERVER CERTIFICATE (ECC key signed with RSA)"
-echo "=============================================================="
-$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem
-
-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
- -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
- -newkey ec:$TEST_SERVER_CURVE.pem -new \
- -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
-
-$OPENSSL_CMD x509 -req -days $DAYS \
- -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
- -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
- -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
- -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
-
-# Display the certificate
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
-
-# Place the certificate and key in a common file
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
- > $COMBO_DIR/$TEST_SERVER_FILE.pem
-$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
-
-# Remove the cert request file (no longer needed)
-$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
-
-echo "GENERATING A TEST CLIENT CERTIFICATE (ECC key signed with RSA)"
-echo "=============================================================="
-$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem
-
-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
- -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
- -newkey ec:$TEST_CLIENT_CURVE.pem -new \
- -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
-
-$OPENSSL_CMD x509 -req -days $DAYS \
- -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
- -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
- -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
- -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
-
-# Display the certificate
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
-
-# Place the certificate and key in a common file
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
- > $COMBO_DIR/$TEST_CLIENT_FILE.pem
-$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
-
-# Remove the cert request file (no longer needed)
-$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
-
diff --git a/crypto/openssl/demos/ssltest-ecc/ECCcertgen.sh b/crypto/openssl/demos/ssltest-ecc/ECCcertgen.sh
deleted file mode 100755
index a47b8bb..0000000
--- a/crypto/openssl/demos/ssltest-ecc/ECCcertgen.sh
+++ /dev/null
@@ -1,164 +0,0 @@
-#!/bin/sh
-
-# For a list of supported curves, use "apps/openssl ecparam -list_curves".
-
-# Path to the openssl distribution
-OPENSSL_DIR=../..
-# Path to the openssl program
-OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
-# Option to find configuration file
-OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
-# Directory where certificates are stored
-CERTS_DIR=./Certs
-# Directory where private key files are stored
-KEYS_DIR=$CERTS_DIR
-# Directory where combo files (containing a certificate and corresponding
-# private key together) are stored
-COMBO_DIR=$CERTS_DIR
-# cat command
-CAT=/bin/cat
-# rm command
-RM=/bin/rm
-# mkdir command
-MKDIR=/bin/mkdir
-# The certificate will expire these many days after the issue date.
-DAYS=1500
-TEST_CA_CURVE=secp160r1
-TEST_CA_FILE=secp160r1TestCA
-TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (Elliptic curve secp160r1)"
-
-TEST_SERVER_CURVE=secp160r2
-TEST_SERVER_FILE=secp160r2TestServer
-TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (Elliptic curve secp160r2)"
-
-TEST_CLIENT_CURVE=secp160r2
-TEST_CLIENT_FILE=secp160r2TestClient
-TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (Elliptic curve secp160r2)"
-
-# Generating an EC certificate involves the following main steps
-# 1. Generating curve parameters (if needed)
-# 2. Generating a certificate request
-# 3. Signing the certificate request
-# 4. [Optional] One can combine the cert and private key into a single
-# file and also delete the certificate request
-
-$MKDIR -p $CERTS_DIR
-$MKDIR -p $KEYS_DIR
-$MKDIR -p $COMBO_DIR
-
-echo "Generating self-signed CA certificate (on curve $TEST_CA_CURVE)"
-echo "==============================================================="
-$OPENSSL_CMD ecparam -name $TEST_CA_CURVE -out $TEST_CA_CURVE.pem
-
-# Generate a new certificate request in $TEST_CA_FILE.req.pem. A
-# new ecdsa (actually ECC) key pair is generated on the parameters in
-# $TEST_CA_CURVE.pem and the private key is saved in $TEST_CA_FILE.key.pem
-# WARNING: By using the -nodes option, we force the private key to be
-# stored in the clear (rather than encrypted with a password).
-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \
- -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \
- -newkey ec:$TEST_CA_CURVE.pem -new \
- -out $CERTS_DIR/$TEST_CA_FILE.req.pem
-
-# Sign the certificate request in $TEST_CA_FILE.req.pem using the
-# private key in $TEST_CA_FILE.key.pem and include the CA extension.
-# Make the certificate valid for 1500 days from the time of signing.
-# The certificate is written into $TEST_CA_FILE.cert.pem
-$OPENSSL_CMD x509 -req -days $DAYS \
- -in $CERTS_DIR/$TEST_CA_FILE.req.pem \
- -extfile $OPENSSL_DIR/apps/openssl.cnf \
- -extensions v3_ca \
- -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
- -out $CERTS_DIR/$TEST_CA_FILE.cert.pem
-
-# Display the certificate
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text
-
-# Place the certificate and key in a common file
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \
- > $COMBO_DIR/$TEST_CA_FILE.pem
-$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem
-
-# Remove the cert request file (no longer needed)
-$RM $CERTS_DIR/$TEST_CA_FILE.req.pem
-
-echo "GENERATING A TEST SERVER CERTIFICATE (on elliptic curve $TEST_SERVER_CURVE)"
-echo "=========================================================================="
-# Generate parameters for curve $TEST_SERVER_CURVE, if needed
-$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem
-
-# Generate a new certificate request in $TEST_SERVER_FILE.req.pem. A
-# new ecdsa (actually ECC) key pair is generated on the parameters in
-# $TEST_SERVER_CURVE.pem and the private key is saved in
-# $TEST_SERVER_FILE.key.pem
-# WARNING: By using the -nodes option, we force the private key to be
-# stored in the clear (rather than encrypted with a password).
-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
- -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
- -newkey ec:$TEST_SERVER_CURVE.pem -new \
- -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
-
-# Sign the certificate request in $TEST_SERVER_FILE.req.pem using the
-# CA certificate in $TEST_CA_FILE.cert.pem and the CA private key in
-# $TEST_CA_FILE.key.pem. Since we do not have an existing serial number
-# file for this CA, create one. Make the certificate valid for $DAYS days
-# from the time of signing. The certificate is written into
-# $TEST_SERVER_FILE.cert.pem
-$OPENSSL_CMD x509 -req -days $DAYS \
- -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
- -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
- -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
- -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
-
-# Display the certificate
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
-
-# Place the certificate and key in a common file
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
- > $COMBO_DIR/$TEST_SERVER_FILE.pem
-$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
-
-# Remove the cert request file (no longer needed)
-$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
-
-echo "GENERATING A TEST CLIENT CERTIFICATE (on elliptic curve $TEST_CLIENT_CURVE)"
-echo "=========================================================================="
-# Generate parameters for curve $TEST_CLIENT_CURVE, if needed
-$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem
-
-# Generate a new certificate request in $TEST_CLIENT_FILE.req.pem. A
-# new ecdsa (actually ECC) key pair is generated on the parameters in
-# $TEST_CLIENT_CURVE.pem and the private key is saved in
-# $TEST_CLIENT_FILE.key.pem
-# WARNING: By using the -nodes option, we force the private key to be
-# stored in the clear (rather than encrypted with a password).
-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
- -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
- -newkey ec:$TEST_CLIENT_CURVE.pem -new \
- -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
-
-# Sign the certificate request in $TEST_CLIENT_FILE.req.pem using the
-# CA certificate in $TEST_CA_FILE.cert.pem and the CA private key in
-# $TEST_CA_FILE.key.pem. Since we do not have an existing serial number
-# file for this CA, create one. Make the certificate valid for $DAYS days
-# from the time of signing. The certificate is written into
-# $TEST_CLIENT_FILE.cert.pem
-$OPENSSL_CMD x509 -req -days $DAYS \
- -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
- -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
- -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
- -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
-
-# Display the certificate
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
-
-# Place the certificate and key in a common file
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
- > $COMBO_DIR/$TEST_CLIENT_FILE.pem
-$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
-
-# Remove the cert request file (no longer needed)
-$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
-
-
-
diff --git a/crypto/openssl/demos/ssltest-ecc/README b/crypto/openssl/demos/ssltest-ecc/README
deleted file mode 100644
index 71c070a..0000000
--- a/crypto/openssl/demos/ssltest-ecc/README
+++ /dev/null
@@ -1,15 +0,0 @@
-Scripts for using ECC ciphersuites with test/testssl
-(these ciphersuites are described in the Internet Draft available at
-http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-03.txt).
-
-Use ECCcertgen.sh, RSAcertgen.sh, ECC-RSAcertgen.sh to generate
-root, client and server certs of the following types:
-
- ECC certs signed with ECDSA
- RSA certs signed with RSA
- ECC certs signed with RSA
-
-Afterwards, you can use ssltest.sh to run the various tests;
-specify one of the following options:
-
- aecdh, ecdh-ecdsa, ecdhe-ecdsa, ecdh-rsa, ecdhe-rsa
diff --git a/crypto/openssl/demos/ssltest-ecc/RSAcertgen.sh b/crypto/openssl/demos/ssltest-ecc/RSAcertgen.sh
deleted file mode 100755
index 0cb0153..0000000
--- a/crypto/openssl/demos/ssltest-ecc/RSAcertgen.sh
+++ /dev/null
@@ -1,121 +0,0 @@
-#!/bin/sh
-
-# For a list of supported curves, use "apps/openssl ecparam -list_curves".
-
-# Path to the openssl distribution
-OPENSSL_DIR=../..
-# Path to the openssl program
-OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
-# Option to find configuration file
-OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
-# Directory where certificates are stored
-CERTS_DIR=./Certs
-# Directory where private key files are stored
-KEYS_DIR=$CERTS_DIR
-# Directory where combo files (containing a certificate and corresponding
-# private key together) are stored
-COMBO_DIR=$CERTS_DIR
-# cat command
-CAT=/bin/cat
-# rm command
-RM=/bin/rm
-# mkdir command
-MKDIR=/bin/mkdir
-# The certificate will expire these many days after the issue date.
-DAYS=1500
-TEST_CA_FILE=rsa1024TestCA
-TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)"
-
-TEST_SERVER_FILE=rsa1024TestServer
-TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)"
-
-TEST_CLIENT_FILE=rsa1024TestClient
-TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)"
-
-# Generating an EC certificate involves the following main steps
-# 1. Generating curve parameters (if needed)
-# 2. Generating a certificate request
-# 3. Signing the certificate request
-# 4. [Optional] One can combine the cert and private key into a single
-# file and also delete the certificate request
-
-$MKDIR -p $CERTS_DIR
-$MKDIR -p $KEYS_DIR
-$MKDIR -p $COMBO_DIR
-
-echo "Generating self-signed CA certificate (RSA)"
-echo "==========================================="
-
-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \
- -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \
- -newkey rsa:1024 -new \
- -out $CERTS_DIR/$TEST_CA_FILE.req.pem
-
-$OPENSSL_CMD x509 -req -days $DAYS \
- -in $CERTS_DIR/$TEST_CA_FILE.req.pem \
- -extfile $OPENSSL_DIR/apps/openssl.cnf \
- -extensions v3_ca \
- -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
- -out $CERTS_DIR/$TEST_CA_FILE.cert.pem
-
-# Display the certificate
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text
-
-# Place the certificate and key in a common file
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \
- > $COMBO_DIR/$TEST_CA_FILE.pem
-$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem
-
-# Remove the cert request file (no longer needed)
-$RM $CERTS_DIR/$TEST_CA_FILE.req.pem
-
-echo "GENERATING A TEST SERVER CERTIFICATE (RSA)"
-echo "=========================================="
-
-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
- -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
- -newkey rsa:1024 -new \
- -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
-
-$OPENSSL_CMD x509 -req -days $DAYS \
- -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
- -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
- -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
- -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
-
-# Display the certificate
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
-
-# Place the certificate and key in a common file
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
- > $COMBO_DIR/$TEST_SERVER_FILE.pem
-$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
-
-# Remove the cert request file (no longer needed)
-$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
-
-echo "GENERATING A TEST CLIENT CERTIFICATE (RSA)"
-echo "=========================================="
-
-$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
- -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
- -newkey rsa:1024 -new \
- -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
-
-$OPENSSL_CMD x509 -req -days $DAYS \
- -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
- -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
- -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
- -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
-
-# Display the certificate
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
-
-# Place the certificate and key in a common file
-$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
- > $COMBO_DIR/$TEST_CLIENT_FILE.pem
-$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
-
-# Remove the cert request file (no longer needed)
-$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
-
diff --git a/crypto/openssl/demos/ssltest-ecc/ssltest.sh b/crypto/openssl/demos/ssltest-ecc/ssltest.sh
deleted file mode 100755
index 923ca43..0000000
--- a/crypto/openssl/demos/ssltest-ecc/ssltest.sh
+++ /dev/null
@@ -1,188 +0,0 @@
-#! /bin/sh
-# Tests ECC cipher suites using ssltest. Requires one argument which could
-# be aecdh or ecdh-ecdsa or ecdhe-ecdsa or ecdh-rsa or ecdhe-rsa.
-# A second optional argument can be one of ssl2 ssl3 or tls1
-
-if [ "$1" = "" ]; then
- (echo "Usage: $0 test [ protocol ]"
- echo " where test is one of aecdh, ecdh-ecdsa, ecdhe-ecdsa, ecdh-rsa, ecdhe-rsa"
- echo " and protocol (optional) is one of ssl2, ssl3, tls1"
- echo "Run RSAcertgen.sh, ECC-RSAcertgen.sh, ECCcertgen.sh first."
- ) >&2
- exit 1
-fi
-
-
-OPENSSL_DIR=../..
-CERTS_DIR=./Certs
-SSLTEST=$OPENSSL_DIR/test/ssltest
-# SSL protocol version to test (one of ssl2 ssl3 or tls1)"
-SSLVERSION=
-
-# These don't really require any certificates
-AECDH_CIPHER_LIST="AECDH-AES256-SHA AECDH-AES128-SHA AECDH-DES-CBC3-SHA AECDH-RC4-SHA AECDH-NULL-SHA"
-
-# These require ECC certificates signed with ECDSA
-# The EC public key must be authorized for key agreement.
-ECDH_ECDSA_CIPHER_LIST="ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA"
-
-# These require ECC certificates.
-# The EC public key must be authorized for digital signature.
-ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-DES-CBC3-SHA ECDHE-ECDSA-RC4-SHA ECDHE-ECDSA-NULL-SHA"
-
-# These require ECC certificates signed with RSA.
-# The EC public key must be authorized for key agreement.
-ECDH_RSA_CIPHER_LIST="ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA"
-
-# These require RSA certificates.
-# The RSA public key must be authorized for digital signature.
-ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-DES-CBC3-SHA ECDHE-RSA-RC4-SHA ECDHE-RSA-NULL-SHA"
-
-# List of Elliptic curves over which we wish to test generation of
-# ephemeral ECDH keys when using AECDH or ECDHE ciphers
-# NOTE: secp192r1 = prime192v1 and secp256r1 = prime256v1
-#ELLIPTIC_CURVE_LIST="secp112r1 sect113r2 secp128r1 sect131r1 secp160k1 sect163r2 wap-wsg-idm-ecid-wtls7 c2pnb163v3 c2pnb176v3 c2tnb191v3 secp192r1 prime192v3 sect193r2 secp224r1 wap-wsg-idm-ecid-wtls10 sect239k1 prime239v2 secp256r1 prime256v1 sect283k1 secp384r1 sect409r1 secp521r1 sect571r1"
-ELLIPTIC_CURVE_LIST="sect163k1 sect163r1 sect163r2 sect193r1 sect193r2 sect233k1 sect233r1 sect239k1 sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 secp160k1 secp160r1 secp160r2 secp192k1 prime192v1 secp224k1 secp224r1 secp256k1 prime256v1 secp384r1 secp521r1"
-
-DEFAULT_CURVE="sect163r2"
-
-if [ "$2" = "" ]; then
- if [ "$SSL_VERSION" = "" ]; then
- SSL_VERSION=""
- else
- SSL_VERSION="-$SSL_VERSION"
- fi
-else
- SSL_VERSION="-$2"
-fi
-
-#==============================================================
-# Anonymous cipher suites do not require key or certificate files
-# but ssltest expects a cert file and complains if it can't
-# open the default one.
-SERVER_PEM=$OPENSSL_DIR/apps/server.pem
-
-if [ "$1" = "aecdh" ]; then
-for cipher in $AECDH_CIPHER_LIST
-do
- echo "Testing $cipher"
- $SSLTEST $SSL_VERSION -cert $SERVER_PEM -cipher $cipher
-done
-#--------------------------------------------------------------
-for curve in $ELLIPTIC_CURVE_LIST
-do
- echo "Testing AECDH-NULL-SHA (with $curve)"
- $SSLTEST $SSL_VERSION -cert $SERVER_PEM \
- -named_curve $curve -cipher AECDH-NULL-SHA
-done
-
-for curve in $ELLIPTIC_CURVE_LIST
-do
- echo "Testing AECDH-RC4-SHA (with $curve)"
- $SSLTEST $SSL_VERSION -cert $SERVER_PEM \
- -named_curve $curve -cipher AECDH-RC4-SHA
-done
-fi
-
-#==============================================================
-# Both ECDH-ECDSA and ECDHE-ECDSA cipher suites require
-# the server to have an ECC certificate signed with ECDSA.
-CA_PEM=$CERTS_DIR/secp160r1TestCA.pem
-SERVER_PEM=$CERTS_DIR/secp160r2TestServer.pem
-CLIENT_PEM=$CERTS_DIR/secp160r2TestClient.pem
-
-if [ "$1" = "ecdh-ecdsa" ]; then
-for cipher in $ECDH_ECDSA_CIPHER_LIST
-do
- echo "Testing $cipher (with server authentication)"
- $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
- -cert $SERVER_PEM -server_auth \
- -cipher $cipher
-
- echo "Testing $cipher (with server and client authentication)"
- $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
- -cert $SERVER_PEM -server_auth \
- -c_cert $CLIENT_PEM -client_auth \
- -cipher $cipher
-done
-fi
-
-#==============================================================
-if [ "$1" = "ecdhe-ecdsa" ]; then
-for cipher in $ECDHE_ECDSA_CIPHER_LIST
-do
- echo "Testing $cipher (with server authentication)"
- $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
- -cert $SERVER_PEM -server_auth \
- -cipher $cipher -named_curve $DEFAULT_CURVE
-
- echo "Testing $cipher (with server and client authentication)"
- $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
- -cert $SERVER_PEM -server_auth \
- -c_cert $CLIENT_PEM -client_auth \
- -cipher $cipher -named_curve $DEFAULT_CURVE
-done
-
-#--------------------------------------------------------------
-for curve in $ELLIPTIC_CURVE_LIST
-do
- echo "Testing ECDHE-ECDSA-AES128-SHA (2-way auth with $curve)"
- $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
- -cert $SERVER_PEM -server_auth \
- -c_cert $CLIENT_PEM -client_auth \
- -cipher ECDHE-ECDSA-AES128-SHA -named_curve $curve
-done
-fi
-
-#==============================================================
-# ECDH-RSA cipher suites require the server to have an ECC
-# certificate signed with RSA.
-CA_PEM=$CERTS_DIR/rsa1024TestCA.pem
-SERVER_PEM=$CERTS_DIR/sect163r1-rsaTestServer.pem
-CLIENT_PEM=$CERTS_DIR/sect163r1-rsaTestClient.pem
-
-if [ "$1" = "ecdh-rsa" ]; then
-for cipher in $ECDH_RSA_CIPHER_LIST
-do
- echo "Testing $cipher (with server authentication)"
- $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
- -cert $SERVER_PEM -server_auth \
- -cipher $cipher
-
- echo "Testing $cipher (with server and client authentication)"
- $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
- -cert $SERVER_PEM -server_auth \
- -c_cert $CLIENT_PEM -client_auth \
- -cipher $cipher
-done
-fi
-
-#==============================================================
-# ECDHE-RSA cipher suites require the server to have an RSA cert.
-CA_PEM=$CERTS_DIR/rsa1024TestCA.pem
-SERVER_PEM=$CERTS_DIR/rsa1024TestServer.pem
-CLIENT_PEM=$CERTS_DIR/rsa1024TestClient.pem
-
-if [ "$1" = "ecdhe-rsa" ]; then
-for cipher in $ECDHE_RSA_CIPHER_LIST
-do
- echo "Testing $cipher (with server authentication)"
- echo $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
- -cert $SERVER_PEM -server_auth \
- -cipher $cipher -named_curve $DEFAULT_CURVE
- $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
- -cert $SERVER_PEM -server_auth \
- -cipher $cipher -named_curve $DEFAULT_CURVE
-
- echo "Testing $cipher (with server and client authentication)"
- $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
- -cert $SERVER_PEM -server_auth \
- -c_cert $CLIENT_PEM -client_auth \
- -cipher $cipher -named_curve $DEFAULT_CURVE
-done
-fi
-#==============================================================
-
-
-
-
diff --git a/crypto/openssl/demos/state_machine/Makefile b/crypto/openssl/demos/state_machine/Makefile
deleted file mode 100644
index c7a1145..0000000
--- a/crypto/openssl/demos/state_machine/Makefile
+++ /dev/null
@@ -1,9 +0,0 @@
-CFLAGS=-I../../include -Wall -Werror -g
-
-all: state_machine
-
-state_machine: state_machine.o
- $(CC) -o state_machine state_machine.o -L../.. -lssl -lcrypto
-
-test: state_machine
- ./state_machine 10000 ../../apps/server.pem ../../apps/server.pem
diff --git a/crypto/openssl/demos/state_machine/state_machine.c b/crypto/openssl/demos/state_machine/state_machine.c
deleted file mode 100644
index fef3f3e..0000000
--- a/crypto/openssl/demos/state_machine/state_machine.c
+++ /dev/null
@@ -1,416 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
- * Nuron, a leader in hardware encryption technology, generously
- * sponsored the development of this demo by Ben Laurie.
- *
- * See http://www.nuron.com/.
- */
-
-/*
- * the aim of this demo is to provide a fully working state-machine
- * style SSL implementation, i.e. one where the main loop acquires
- * some data, then converts it from or to SSL by feeding it into the
- * SSL state machine. It then does any I/O required by the state machine
- * and loops.
- *
- * In order to keep things as simple as possible, this implementation
- * listens on a TCP socket, which it expects to get an SSL connection
- * on (for example, from s_client) and from then on writes decrypted
- * data to stdout and encrypts anything arriving on stdin. Verbose
- * commentary is written to stderr.
- *
- * This implementation acts as a server, but it can also be done for a client. */
-
-#include <openssl/ssl.h>
-#include <assert.h>
-#include <unistd.h>
-#include <string.h>
-#include <openssl/err.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-
-/* die_unless is intended to work like assert, except that it happens
- always, even if NDEBUG is defined. Use assert as a stopgap. */
-
-#define die_unless(x) assert(x)
-
-typedef struct
- {
- SSL_CTX *pCtx;
- BIO *pbioRead;
- BIO *pbioWrite;
- SSL *pSSL;
- } SSLStateMachine;
-
-void SSLStateMachine_print_error(SSLStateMachine *pMachine,const char *szErr)
- {
- unsigned long l;
-
- fprintf(stderr,"%s\n",szErr);
- while((l=ERR_get_error()))
- {
- char buf[1024];
-
- ERR_error_string_n(l,buf,sizeof buf);
- fprintf(stderr,"Error %lx: %s\n",l,buf);
- }
- }
-
-SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile,
- const char *szKeyFile)
- {
- SSLStateMachine *pMachine=malloc(sizeof *pMachine);
- int n;
-
- die_unless(pMachine);
-
- pMachine->pCtx=SSL_CTX_new(SSLv23_server_method());
- die_unless(pMachine->pCtx);
-
- n=SSL_CTX_use_certificate_file(pMachine->pCtx,szCertificateFile,
- SSL_FILETYPE_PEM);
- die_unless(n > 0);
-
- n=SSL_CTX_use_PrivateKey_file(pMachine->pCtx,szKeyFile,SSL_FILETYPE_PEM);
- die_unless(n > 0);
-
- pMachine->pSSL=SSL_new(pMachine->pCtx);
- die_unless(pMachine->pSSL);
-
- pMachine->pbioRead=BIO_new(BIO_s_mem());
-
- pMachine->pbioWrite=BIO_new(BIO_s_mem());
-
- SSL_set_bio(pMachine->pSSL,pMachine->pbioRead,pMachine->pbioWrite);
-
- SSL_set_accept_state(pMachine->pSSL);
-
- return pMachine;
- }
-
-void SSLStateMachine_read_inject(SSLStateMachine *pMachine,
- const unsigned char *aucBuf,int nBuf)
- {
- int n=BIO_write(pMachine->pbioRead,aucBuf,nBuf);
- /* If it turns out this assert fails, then buffer the data here
- * and just feed it in in churn instead. Seems to me that it
- * should be guaranteed to succeed, though.
- */
- assert(n == nBuf);
- fprintf(stderr,"%d bytes of encrypted data fed to state machine\n",n);
- }
-
-int SSLStateMachine_read_extract(SSLStateMachine *pMachine,
- unsigned char *aucBuf,int nBuf)
- {
- int n;
-
- if(!SSL_is_init_finished(pMachine->pSSL))
- {
- fprintf(stderr,"Doing SSL_accept\n");
- n=SSL_accept(pMachine->pSSL);
- if(n == 0)
- fprintf(stderr,"SSL_accept returned zero\n");
- if(n < 0)
- {
- int err;
-
- if((err=SSL_get_error(pMachine->pSSL,n)) == SSL_ERROR_WANT_READ)
- {
- fprintf(stderr,"SSL_accept wants more data\n");
- return 0;
- }
-
- SSLStateMachine_print_error(pMachine,"SSL_accept error");
- exit(7);
- }
- return 0;
- }
-
- n=SSL_read(pMachine->pSSL,aucBuf,nBuf);
- if(n < 0)
- {
- int err=SSL_get_error(pMachine->pSSL,n);
-
- if(err == SSL_ERROR_WANT_READ)
- {
- fprintf(stderr,"SSL_read wants more data\n");
- return 0;
- }
-
- SSLStateMachine_print_error(pMachine,"SSL_read error");
- exit(8);
- }
-
- fprintf(stderr,"%d bytes of decrypted data read from state machine\n",n);
- return n;
- }
-
-int SSLStateMachine_write_can_extract(SSLStateMachine *pMachine)
- {
- int n=BIO_pending(pMachine->pbioWrite);
- if(n)
- fprintf(stderr,"There is encrypted data available to write\n");
- else
- fprintf(stderr,"There is no encrypted data available to write\n");
-
- return n;
- }
-
-int SSLStateMachine_write_extract(SSLStateMachine *pMachine,
- unsigned char *aucBuf,int nBuf)
- {
- int n;
-
- n=BIO_read(pMachine->pbioWrite,aucBuf,nBuf);
- fprintf(stderr,"%d bytes of encrypted data read from state machine\n",n);
- return n;
- }
-
-void SSLStateMachine_write_inject(SSLStateMachine *pMachine,
- const unsigned char *aucBuf,int nBuf)
- {
- int n=SSL_write(pMachine->pSSL,aucBuf,nBuf);
- /* If it turns out this assert fails, then buffer the data here
- * and just feed it in in churn instead. Seems to me that it
- * should be guaranteed to succeed, though.
- */
- assert(n == nBuf);
- fprintf(stderr,"%d bytes of unencrypted data fed to state machine\n",n);
- }
-
-int OpenSocket(int nPort)
- {
- int nSocket;
- struct sockaddr_in saServer;
- struct sockaddr_in saClient;
- int one=1;
- int nSize;
- int nFD;
- int nLen;
-
- nSocket=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
- if(nSocket < 0)
- {
- perror("socket");
- exit(1);
- }
-
- if(setsockopt(nSocket,SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof one) < 0)
- {
- perror("setsockopt");
- exit(2);
- }
-
- memset(&saServer,0,sizeof saServer);
- saServer.sin_family=AF_INET;
- saServer.sin_port=htons(nPort);
- nSize=sizeof saServer;
- if(bind(nSocket,(struct sockaddr *)&saServer,nSize) < 0)
- {
- perror("bind");
- exit(3);
- }
-
- if(listen(nSocket,512) < 0)
- {
- perror("listen");
- exit(4);
- }
-
- nLen=sizeof saClient;
- nFD=accept(nSocket,(struct sockaddr *)&saClient,&nLen);
- if(nFD < 0)
- {
- perror("accept");
- exit(5);
- }
-
- fprintf(stderr,"Incoming accepted on port %d\n",nPort);
-
- return nFD;
- }
-
-int main(int argc,char **argv)
- {
- SSLStateMachine *pMachine;
- int nPort;
- int nFD;
- const char *szCertificateFile;
- const char *szKeyFile;
- char rbuf[1];
- int nrbuf=0;
-
- if(argc != 4)
- {
- fprintf(stderr,"%s <port> <certificate file> <key file>\n",argv[0]);
- exit(6);
- }
-
- nPort=atoi(argv[1]);
- szCertificateFile=argv[2];
- szKeyFile=argv[3];
-
- SSL_library_init();
- OpenSSL_add_ssl_algorithms();
- SSL_load_error_strings();
- ERR_load_crypto_strings();
-
- nFD=OpenSocket(nPort);
-
- pMachine=SSLStateMachine_new(szCertificateFile,szKeyFile);
-
- for( ; ; )
- {
- fd_set rfds,wfds;
- unsigned char buf[1024];
- int n;
-
- FD_ZERO(&rfds);
- FD_ZERO(&wfds);
-
- /* Select socket for input */
- FD_SET(nFD,&rfds);
-
- /* check whether there's decrypted data */
- if(!nrbuf)
- nrbuf=SSLStateMachine_read_extract(pMachine,rbuf,1);
-
- /* if there's decrypted data, check whether we can write it */
- if(nrbuf)
- FD_SET(1,&wfds);
-
- /* Select socket for output */
- if(SSLStateMachine_write_can_extract(pMachine))
- FD_SET(nFD,&wfds);
-
- /* Select stdin for input */
- FD_SET(0,&rfds);
-
- /* Wait for something to do something */
- n=select(nFD+1,&rfds,&wfds,NULL,NULL);
- assert(n > 0);
-
- /* Socket is ready for input */
- if(FD_ISSET(nFD,&rfds))
- {
- n=read(nFD,buf,sizeof buf);
- if(n == 0)
- {
- fprintf(stderr,"Got EOF on socket\n");
- exit(0);
- }
- assert(n > 0);
-
- SSLStateMachine_read_inject(pMachine,buf,n);
- }
-
- /* stdout is ready for output (and hence we have some to send it) */
- if(FD_ISSET(1,&wfds))
- {
- assert(nrbuf == 1);
- buf[0]=rbuf[0];
- nrbuf=0;
-
- n=SSLStateMachine_read_extract(pMachine,buf+1,sizeof buf-1);
- if(n < 0)
- {
- SSLStateMachine_print_error(pMachine,"read extract failed");
- break;
- }
- assert(n >= 0);
- ++n;
- if(n > 0) /* FIXME: has to be true now */
- {
- int w;
-
- w=write(1,buf,n);
- /* FIXME: we should push back any unwritten data */
- assert(w == n);
- }
- }
-
- /* Socket is ready for output (and therefore we have output to send) */
- if(FD_ISSET(nFD,&wfds))
- {
- int w;
-
- n=SSLStateMachine_write_extract(pMachine,buf,sizeof buf);
- assert(n > 0);
-
- w=write(nFD,buf,n);
- /* FIXME: we should push back any unwritten data */
- assert(w == n);
- }
-
- /* Stdin is ready for input */
- if(FD_ISSET(0,&rfds))
- {
- n=read(0,buf,sizeof buf);
- if(n == 0)
- {
- fprintf(stderr,"Got EOF on stdin\n");
- exit(0);
- }
- assert(n > 0);
-
- SSLStateMachine_write_inject(pMachine,buf,n);
- }
- }
- /* not reached */
- return 0;
- }
diff --git a/crypto/openssl/demos/tunala/A-client.pem b/crypto/openssl/demos/tunala/A-client.pem
deleted file mode 100644
index a4caf6ef..0000000
--- a/crypto/openssl/demos/tunala/A-client.pem
+++ /dev/null
@@ -1,84 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 2 (0x2)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: C=NZ, L=Wellington, O=Really Irresponsible Authorisation Authority (RIAA), OU=Cert-stamping, CN=Jackov al-Trades/Email=none@fake.domain
- Validity
- Not Before: Jan 16 05:19:30 2002 GMT
- Not After : Jan 14 05:19:30 2012 GMT
- Subject: C=NZ, L=Auckland, O=Mordor, OU=SSL grunt things, CN=tunala-client/Email=client@fake.domain
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:b0:d3:56:5c:c8:7f:fb:f4:95:9d:04:84:4f:82:
- b7:a2:75:5c:81:48:8c:56:5d:52:ee:38:e1:5c:c8:
- 9a:70:8e:72:f2:00:1c:17:ef:df:b7:06:59:82:04:
- f1:f6:49:11:12:a6:4d:cb:1e:ed:ac:59:1c:4a:d0:
- 3d:de:e6:f2:8d:cd:39:c2:0f:e0:46:2f:db:cb:9f:
- 47:f7:56:e7:f8:16:5f:68:71:fb:3a:e3:ab:d2:e5:
- 05:b7:da:65:61:fe:6d:30:e4:12:a8:b5:c1:71:24:
- 6b:aa:80:05:41:17:a0:8b:6e:8b:e6:04:cf:85:7b:
- 2a:ac:a1:79:7d:f4:96:6e:77
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- F8:43:CB:4F:4D:4F:BC:6E:52:1A:FD:F9:7B:E1:12:3F:A7:A3:BA:93
- X509v3 Authority Key Identifier:
- keyid:49:FB:45:72:12:C4:CC:E1:45:A1:D3:08:9E:95:C4:2C:6D:55:3F:17
- DirName:/C=NZ/L=Wellington/O=Really Irresponsible Authorisation Authority (RIAA)/OU=Cert-stamping/CN=Jackov al-Trades/Email=none@fake.domain
- serial:00
-
- Signature Algorithm: md5WithRSAEncryption
- 8f:5f:0e:43:da:9d:61:43:7e:03:38:9a:e6:50:9d:42:e8:95:
- 34:49:75:ec:04:8d:5c:85:99:94:70:a0:e7:1f:1e:a0:8b:0f:
- d6:e2:cb:f7:35:d9:96:72:bd:a6:e9:8d:4e:b1:e2:ac:97:7f:
- 2f:70:01:9d:aa:04:bc:d4:01:2b:63:77:a5:de:63:3c:a8:f5:
- f2:72:af:ec:11:12:c0:d4:70:cf:71:a6:fb:e9:1d:b3:27:07:
- aa:f2:b1:f3:87:d6:ab:8b:ce:c2:08:1b:3c:f9:ba:ff:77:71:
- 86:09:ef:9e:4e:04:06:63:44:e9:93:20:90:c7:2d:50:c6:50:
- f8:66
------BEGIN CERTIFICATE-----
-MIID9TCCA16gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox
-EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp
-YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy
-dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3
-DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTE5MzBaFw0xMjAxMTQw
-NTE5MzBaMIGHMQswCQYDVQQGEwJOWjERMA8GA1UEBxMIQXVja2xhbmQxDzANBgNV
-BAoTBk1vcmRvcjEZMBcGA1UECxMQU1NMIGdydW50IHRoaW5nczEWMBQGA1UEAxMN
-dHVuYWxhLWNsaWVudDEhMB8GCSqGSIb3DQEJARYSY2xpZW50QGZha2UuZG9tYWlu
-MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw01ZcyH/79JWdBIRPgreidVyB
-SIxWXVLuOOFcyJpwjnLyABwX79+3BlmCBPH2SRESpk3LHu2sWRxK0D3e5vKNzTnC
-D+BGL9vLn0f3Vuf4Fl9ocfs646vS5QW32mVh/m0w5BKotcFxJGuqgAVBF6CLbovm
-BM+FeyqsoXl99JZudwIDAQABo4IBQDCCATwwCQYDVR0TBAIwADAsBglghkgBhvhC
-AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPhD
-y09NT7xuUhr9+XvhEj+no7qTMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzhRaHTCJ6V
-xCxtVT8XoYG6pIG3MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3Rv
-bjE8MDoGA1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBB
-dXRob3JpdHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQD
-ExBKYWNrb3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9t
-YWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAI9fDkPanWFDfgM4muZQnULolTRJdewE
-jVyFmZRwoOcfHqCLD9biy/c12ZZyvabpjU6x4qyXfy9wAZ2qBLzUAStjd6XeYzyo
-9fJyr+wREsDUcM9xpvvpHbMnB6rysfOH1quLzsIIGzz5uv93cYYJ755OBAZjROmT
-IJDHLVDGUPhm
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQCw01ZcyH/79JWdBIRPgreidVyBSIxWXVLuOOFcyJpwjnLyABwX
-79+3BlmCBPH2SRESpk3LHu2sWRxK0D3e5vKNzTnCD+BGL9vLn0f3Vuf4Fl9ocfs6
-46vS5QW32mVh/m0w5BKotcFxJGuqgAVBF6CLbovmBM+FeyqsoXl99JZudwIDAQAB
-AoGAU4chbqbPvkclPYzaq2yGLlneHrwUft+KwzlfS6L/QVgo+CQRIUWQmjaHpaGM
-YtjVFcg1S1QK1bUqZjTEZT0XKhfbYmqW8yYTfbcDEbnY7esoYlvIlW8qRlPRlTBE
-utKrtZafmVhLgoNawYGD0aLZofPqpYjbGUlrC7nrem2vNJECQQDVLD3Qb+OlEMET
-73ApnJhYsK3e+G2LTrtjrS8y5zS4+Xv61XUqvdV7ogzRl0tpvSAmMOItVyoYadkB
-S3xSIWX9AkEA1Fm1FhkQSZwGG5rf4c6gMN71jJ6JE3/kocdVa0sUjRevIupo4XQ2
-Vkykxi84MRP8cfHqyjewq7Ozv3op2MGWgwJBAKemsb66IJjzAkaBav7u70nhOf0/
-+Dc1Zl7QF2y7NVW8sGrnccx5m+ot2lMD4AV6/kvK6jaqdKrapBZGnbGiHqkCQQDI
-T1r33mqz1R8Z2S2Jtzz6/McKf930a/dC+GLGVEutkILf39lRmytKmv/wB0jtWtoO
-rlJ5sLDSNzC+1cE1u997AkEAu3IrtGmLKiuS6kDj6W47m+iiTIsuSJtTJb1SbUaK
-fIoBNFxbvJYW6rUU9+PxpMRaEhzh5s24/jBOE+mlb17mRQ==
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/demos/tunala/A-server.pem b/crypto/openssl/demos/tunala/A-server.pem
deleted file mode 100644
index e9f37b1..0000000
--- a/crypto/openssl/demos/tunala/A-server.pem
+++ /dev/null
@@ -1,84 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 1 (0x1)
- Signature Algorithm: md5WithRSAEncryption
- Issuer: C=NZ, L=Wellington, O=Really Irresponsible Authorisation Authority (RIAA), OU=Cert-stamping, CN=Jackov al-Trades/Email=none@fake.domain
- Validity
- Not Before: Jan 16 05:14:06 2002 GMT
- Not After : Jan 14 05:14:06 2012 GMT
- Subject: C=NZ, L=Wellington, O=Middle Earth, OU=SSL dev things, CN=tunala-server/Email=server@fake.domain
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:a9:3e:62:87:97:13:6b:de:8f:bc:1d:0a:3f:65:
- 0c:f9:76:a3:53:ce:97:30:27:0d:c6:df:72:1f:8d:
- 5a:ce:58:23:6a:65:e5:e3:72:1a:8d:7f:fe:90:01:
- ea:42:f1:9f:6e:7b:0a:bd:eb:52:15:7b:f4:3d:9c:
- 4e:db:74:29:2b:d1:81:9d:b9:9e:18:2b:87:e1:da:
- 50:20:3c:59:6c:c9:83:3e:2c:11:0b:78:1e:03:f4:
- 56:3a:db:95:6a:75:33:85:a9:7b:cc:3c:4a:67:96:
- f2:24:b2:a0:cb:2e:cc:52:18:16:6f:44:d9:29:64:
- 07:2e:fb:56:cc:7c:dc:a2:d7
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- 70:AC:7A:B5:6E:97:C2:82:AF:11:9E:32:CB:8D:48:49:93:B7:DC:22
- X509v3 Authority Key Identifier:
- keyid:49:FB:45:72:12:C4:CC:E1:45:A1:D3:08:9E:95:C4:2C:6D:55:3F:17
- DirName:/C=NZ/L=Wellington/O=Really Irresponsible Authorisation Authority (RIAA)/OU=Cert-stamping/CN=Jackov al-Trades/Email=none@fake.domain
- serial:00
-
- Signature Algorithm: md5WithRSAEncryption
- 2e:cb:a3:cd:6d:a8:9d:d1:dc:e5:f0:e0:27:7e:4b:5a:90:a8:
- 85:43:f0:05:f7:04:43:d7:5f:d1:a5:8f:5c:58:eb:fc:da:c6:
- 7c:e0:0b:2b:98:72:95:f6:79:48:96:7a:fa:0c:6b:09:ec:c6:
- 8c:91:74:45:9f:8f:0f:16:78:e3:66:14:fa:1e:f4:f0:23:ec:
- cd:a9:52:77:20:4d:c5:05:2c:52:b6:7b:f3:42:33:fd:90:1f:
- 3e:88:6f:9b:23:61:c8:80:3b:e6:57:84:2e:f7:26:c7:35:ed:
- 00:8b:08:30:9b:aa:21:83:b6:6d:b8:7c:8a:9b:2a:ef:79:3d:
- 96:31
------BEGIN CERTIFICATE-----
-MIID+zCCA2SgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox
-EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp
-YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy
-dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3
-DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTE0MDZaFw0xMjAxMTQw
-NTE0MDZaMIGNMQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjEVMBMG
-A1UEChMMTWlkZGxlIEVhcnRoMRcwFQYDVQQLEw5TU0wgZGV2IHRoaW5nczEWMBQG
-A1UEAxMNdHVuYWxhLXNlcnZlcjEhMB8GCSqGSIb3DQEJARYSc2VydmVyQGZha2Uu
-ZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpPmKHlxNr3o+8HQo/
-ZQz5dqNTzpcwJw3G33IfjVrOWCNqZeXjchqNf/6QAepC8Z9uewq961IVe/Q9nE7b
-dCkr0YGduZ4YK4fh2lAgPFlsyYM+LBELeB4D9FY625VqdTOFqXvMPEpnlvIksqDL
-LsxSGBZvRNkpZAcu+1bMfNyi1wIDAQABo4IBQDCCATwwCQYDVR0TBAIwADAsBglg
-hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
-BBYEFHCserVul8KCrxGeMsuNSEmTt9wiMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzh
-RaHTCJ6VxCxtVT8XoYG6pIG3MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2Vs
-bGluZ3RvbjE8MDoGA1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNh
-dGlvbiBBdXRob3JpdHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkw
-FwYDVQQDExBKYWNrb3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZh
-a2UuZG9tYWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAC7Lo81tqJ3R3OXw4Cd+S1qQ
-qIVD8AX3BEPXX9Glj1xY6/zaxnzgCyuYcpX2eUiWevoMawnsxoyRdEWfjw8WeONm
-FPoe9PAj7M2pUncgTcUFLFK2e/NCM/2QHz6Ib5sjYciAO+ZXhC73Jsc17QCLCDCb
-qiGDtm24fIqbKu95PZYx
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCpPmKHlxNr3o+8HQo/ZQz5dqNTzpcwJw3G33IfjVrOWCNqZeXj
-chqNf/6QAepC8Z9uewq961IVe/Q9nE7bdCkr0YGduZ4YK4fh2lAgPFlsyYM+LBEL
-eB4D9FY625VqdTOFqXvMPEpnlvIksqDLLsxSGBZvRNkpZAcu+1bMfNyi1wIDAQAB
-AoGANCwqHZhiAU/TyW6+WPqivEhpYw19p/dyFMuPF9DwnEmpaUROUQY8z0AUznn4
-qHhp6Jn/nrprTHowucl0ucweYIYVxZoUiUDFpxdFUbzMdFvo6HcyV1Pe4Rt81HaY
-KYWrTZ6PaPtN65hLms8NhPEdGcGAFlY1owYv4QNGq2bU1JECQQDd32LM0NSfyGmK
-4ziajqGcvzK9NO2XyV/nJsGlJZNgMh2zm1t7yR28l/6Q2uyU49cCN+2aYULZCAfs
-taNvxBspAkEAw0alNub+xj2AVQvaxOB1sGfKzsJjHCzKIxUXn/tJi3j0+2asmkBZ
-Umx1MWr9jKQBnCMciCRUbnMEZiElOxCN/wJAfAeQl6Z19gx206lJzzzEo3dOye54
-k02DSxijT8q9pBzf9bN3ZK987BybtiZr8p+bZiYVsSOF1wViSLURdD1QYQJAIaMU
-qH1n24wShBPTrmAfxbBLTgxL+Dl65Eoo1KT7iSvfv0JzbuqwuDL4iPeuD0DdCiE+
-M/FWHeRwGIuTFzaFzwJBANKwx0jZS/h093w9g0Clw6UzeA1P5VcAt9y+qMC9hO3c
-4KXwIxQAt9yRaFLpiIR9do5bjjKNnMguf3aO/XRSDQM=
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/demos/tunala/CA.pem b/crypto/openssl/demos/tunala/CA.pem
deleted file mode 100644
index 7a55b54..0000000
--- a/crypto/openssl/demos/tunala/CA.pem
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID9zCCA2CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox
-EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp
-YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy
-dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3
-DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTA5NTlaFw0xMjAxMTQw
-NTA5NTlaMIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjE8MDoG
-A1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBBdXRob3Jp
-dHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQDExBKYWNr
-b3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9tYWluMIGf
-MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7QdDfFIrJn3X24hKmpkyk3TG0Ivxd
-K2wWmDPXq1wjr8lUTwrA6hM5Ba9N36jLieWpXhviLOWu9DBza5GmtgCuXloATKTC
-94xOdKHlciTVujG3wDlLDB5e710Kar84nnj6VueL1RyZ0bmP5PANa4mbGW9Tqc7J
-CkBTTW2y9d0SgQIDAQABo4IBFTCCAREwHQYDVR0OBBYEFEn7RXISxMzhRaHTCJ6V
-xCxtVT8XMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzhRaHTCJ6VxCxtVT8XoYG6pIG3
-MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjE8MDoGA1UEChMz
-UmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBBdXRob3JpdHkgKFJJ
-QUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQDExBKYWNrb3YgYWwt
-VHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9tYWluggEAMAwGA1Ud
-EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYQo95V/NY+eKxYxkhibZiUQygph+
-gTfgbDG20MsnH6+8//w5ArHauFCgDrf0P2VyACgq+N4pBTWFGaAaLwbjKy9HCe2E
-j9C91tO1CqDS4MJkDB5AP13FTkK6fP1ZCiTQranOAp3DlGWTTWsFVyW5kVfQ9diS
-ZOyJZ9Fit5XM2X0=
------END CERTIFICATE-----
diff --git a/crypto/openssl/demos/tunala/INSTALL b/crypto/openssl/demos/tunala/INSTALL
deleted file mode 100644
index a65bbeb..0000000
--- a/crypto/openssl/demos/tunala/INSTALL
+++ /dev/null
@@ -1,107 +0,0 @@
-There are two ways to build this code;
-
-(1) Manually
-
-(2) Using all-singing all-dancing (all-confusing) autotools, ie. autoconf,
-automake, and their little friends (autoheader, etc).
-
-=================
-Building Manually
-=================
-
-There is a basic "Makefile" in this directory that gets moved out of the way and
-ignored when building with autoconf et al. This Makefile is suitable for
-building tunala on Linux using gcc. Any other platform probably requires some
-tweaking. Here are the various bits you might need to do if you want to build
-this way and the default Makefile isn't sufficient;
-
-* Compiler: Edit the "CC" definition in Makefile
-
-* Headers, features: tunala.h controls what happens in the non-autoconf world.
- It, by default, assumes the system has *everything* (except autoconf's
- "config.h") so if a target system is missing something it must define the
- appropriate "NO_***" symbols in CFLAGS. These include;
-
- - NO_HAVE_UNISTD_H, NO_HAVE_FCNTL_H, NO_HAVE_LIMITS_H
- Indicates the compiling system doesn't have (or need) these header files.
- - NO_HAVE_STRSTR, NO_HAVE_STRTOUL
- Indicates the compiling system doesn't have these functions. Replacements
- are compiled and used in breakage.c
- - NO_HAVE_SELECT, NO_HAVE_SOCKET
- Pointless symbols - these indicate select() and/or socket() are missing in
- which case the program won't compile anyway.
-
- If you want to specify any of these, add them with "-D" prefixed to each in
- the CFLAGS definition in Makefile.
-
-* Compilation flags: edit DEBUG_FLAGS and/or CFLAGS directly to control the
- flags passed to the compiler. This can also be used to change the degree of
- optimisation.
-
-* Linker flags: some systems (eg. Solaris) require extra linker flags such as;
- -ldl, -lsocket, -lnsl, etc. If unsure, bring up the man page for whichever
- function is "undefined" when the linker fails - that usually indicates what
- you need to add. Make changes to the LINK_FLAGS symbol.
-
-* Linker command: if a different linker syntax or even a different program is
- required to link, edit the linker line directly in the "tunala:" target
- definition - it currently assumes the "CC" (compiler) program is used to link.
-
-======================
-Building Automagically
-======================
-
-Automagic building is handled courtesy of autoconf, automake, etc. There are in
-fact two steps required to build, and only the first has to be done on a system
-with these tools installed (and if I was prepared to bloat out the CVS
-repository, I could store these extra files, but I'm not).
-
-First step: "autogunk.sh"
--------------------------
-
-The "./autogunk.sh" script will call all the necessary autotool commands to
-create missing files and run automake and autoconf. The result is that a
-"./configure" script should be generated and a "Makefile.in" generated from the
-supplied "Makefile.am". NB: This script also moves the "manual" Makefile (see
-above) out of the way and calls it "Makefile.plain" - the "ungunk" script
-reverses this to leave the directory it was previously.
-
-Once "ungunk" has been run, the resulting directory should be able to build on
-other systems without autoconf, automake, or libtool. Which is what the second
-step describes;
-
-Second step: "./configure"
---------------------------
-
-The second step is to run the generated "./configure" script to create a
-config.h header for your system and to generate a "Makefile" (generated from
-"Makefile.in") tweaked to compile on your system. This is the standard sort of
-thing you see in GNU packages, for example, and the standard tricks also work.
-Eg. to override "configure"'s choice of compiler, set the CC environment
-variable prior to running configure, eg.
-
- CC=gcc ./configure
-
-would cause "gcc" to be used even if there is an otherwise preferable (to
-autoconf) native compiler on your system.
-
-After this run "make" and it should build the "tunala" executable.
-
-Notes
------
-
-- Some versions of autoconf (or automake?) generate a Makefile syntax that gives
- trouble to some "make" programs on some systems (eg. OpenBSD). If this
- happens, either build 'Manually' (see above) or use "gmake" instead of "make".
- I don't like this either but like even less the idea of sifting into all the
- script magic crud that's involved.
-
-- On a solaris system I tried, the "configure" script specified some broken
- compiler flags in the resulting Makefile that don't even get echoed to
- stdout/err when the error happens (evil!). If this happens, go into the
- generated Makefile, find the two affected targets ("%.o:" and "%.lo"), and
- remove the offending hidden option in the $(COMPILE) line all the sludge after
- the two first lines of script (ie. after the "echo" and the "COMPILE" lines).
- NB: This will probably only function if "--disable-shared" was used, otherwise
- who knows what would result ...
-
diff --git a/crypto/openssl/demos/tunala/Makefile b/crypto/openssl/demos/tunala/Makefile
deleted file mode 100644
index bef1704..0000000
--- a/crypto/openssl/demos/tunala/Makefile
+++ /dev/null
@@ -1,41 +0,0 @@
-# Edit these to suit
-#
-# Oh yeah, and please read the README too.
-
-
-SSL_HOMEDIR=../..
-SSL_INCLUDEDIR=$(SSL_HOMEDIR)/include
-SSL_LIBDIR=$(SSL_HOMEDIR)
-
-RM=rm -f
-CC=gcc
-DEBUG_FLAGS=-g -ggdb3 -Wall -Wshadow
-INCLUDE_FLAGS=-I$(SSL_INCLUDEDIR)
-CFLAGS=$(DEBUG_FLAGS) $(INCLUDE_FLAGS) -DNO_CONFIG_H
-COMPILE=$(CC) $(CFLAGS) -c
-
-# Edit, particularly the "-ldl" if not building with "dlfcn" support
-LINK_FLAGS=-L$(SSL_LIBDIR) -lssl -lcrypto -ldl
-
-SRCS=buffer.c cb.c ip.c sm.c tunala.c breakage.c
-OBJS=buffer.o cb.o ip.o sm.o tunala.o breakage.o
-
-TARGETS=tunala
-
-default: $(TARGETS)
-
-clean:
- $(RM) $(OBJS) $(TARGETS) *.bak core
-
-.c.o:
- $(COMPILE) $<
-
-tunala: $(OBJS)
- $(CC) -o tunala $(OBJS) $(LINK_FLAGS)
-
-# Extra dependencies, should really use makedepend
-buffer.o: buffer.c tunala.h
-cb.o: cb.c tunala.h
-ip.o: ip.c tunala.h
-sm.o: sm.c tunala.h
-tunala.o: tunala.c tunala.h
diff --git a/crypto/openssl/demos/tunala/Makefile.am b/crypto/openssl/demos/tunala/Makefile.am
deleted file mode 100644
index 706c780..0000000
--- a/crypto/openssl/demos/tunala/Makefile.am
+++ /dev/null
@@ -1,7 +0,0 @@
-# Our includes come from the OpenSSL build-tree we're in
-INCLUDES = -I$(top_builddir)/../../include
-
-bin_PROGRAMS = tunala
-
-tunala_SOURCES = tunala.c buffer.c cb.c ip.c sm.c breakage.c
-tunala_LDADD = -L$(top_builddir)/../.. -lssl -lcrypto
diff --git a/crypto/openssl/demos/tunala/README b/crypto/openssl/demos/tunala/README
deleted file mode 100644
index 1569008..0000000
--- a/crypto/openssl/demos/tunala/README
+++ /dev/null
@@ -1,233 +0,0 @@
-This is intended to be an example of a state-machine driven SSL application. It
-acts as an SSL tunneler (functioning as either the server or client half,
-depending on command-line arguments). *PLEASE* read the comments in tunala.h
-before you treat this stuff as anything more than a curiosity - YOU HAVE BEEN
-WARNED!! There, that's the draconian bit out of the way ...
-
-
-Why "tunala"??
---------------
-
-I thought I asked you to read tunala.h?? :-)
-
-
-Show me
--------
-
-If you want to simply see it running, skip to the end and see some example
-command-line arguments to demonstrate with.
-
-
-Where to look and what to do?
------------------------------
-
-The code is split up roughly coinciding with the detaching of an "abstract" SSL
-state machine (which is the purpose of all this) and its surrounding application
-specifics. This is primarily to make it possible for me to know when I could cut
-corners and when I needed to be rigorous (or at least maintain the pretense as
-such :-).
-
-Network stuff:
-
-Basically, the network part of all this is what is supposed to be abstracted out
-of the way. The intention is to illustrate one way to stick OpenSSL's mechanisms
-inside a little memory-driven sandbox and operate it like a pure state-machine.
-So, the network code is inside both ip.c (general utility functions and gory
-IPv4 details) and tunala.c itself, which takes care of application specifics
-like the main select() loop. The connectivity between the specifics of this
-application (TCP/IP tunneling and the associated network code) and the
-underlying abstract SSL state machine stuff is through the use of the "buffer_t"
-type, declared in tunala.h and implemented in buffer.c.
-
-State machine:
-
-Which leaves us, generally speaking, with the abstract "state machine" code left
-over and this is sitting inside sm.c, with declarations inside tunala.h. As can
-be seen by the definition of the state_machine_t structure and the associated
-functions to manipulate it, there are the 3 OpenSSL "handles" plus 4 buffer_t
-structures dealing with IO on both the encrypted and unencrypted sides ("dirty"
-and "clean" respectively). The "SSL" handle is what facilitates the reading and
-writing of the unencrypted (tunneled) data. The two "BIO" handles act as the
-read and write channels for encrypted tunnel traffic - in other applications
-these are often socket BIOs so that the OpenSSL framework operates with the
-network layer directly. In this example, those two BIOs are memory BIOs
-(BIO_s_mem()) so that the sending and receiving of the tunnel traffic stays
-within the state-machine, and we can handle where this gets send to (or read
-from) ourselves.
-
-
-Why?
-----
-
-If you take a look at the "state_machine_t" section of tunala.h and the code in
-sm.c, you will notice that nothing related to the concept of 'transport' is
-involved. The binding to TCP/IP networking occurs in tunala.c, specifically
-within the "tunala_item_t" structure that associates a state_machine_t object
-with 4 file-descriptors. The way to best see where the bridge between the
-outside world (TCP/IP reads, writes, select()s, file-descriptors, etc) and the
-state machine is, is to examine the "tunala_item_io()" function in tunala.c.
-This is currently around lines 641-732 but of course could be subject to change.
-
-
-And...?
--------
-
-Well, although that function is around 90 lines of code, it could easily have
-been a lot less only I was trying to address an easily missed "gotcha" (item (2)
-below). The main() code that drives the select/accept/IO loop initialises new
-tunala_item_t structures when connections arrive, and works out which
-file-descriptors go where depending on whether we're an SSL client or server
-(client --> accepted connection is clean and proxied is dirty, server -->
-accepted connection is dirty and proxied is clean). What that tunala_item_io()
-function is attempting to do is 2 things;
-
- (1) Perform all reads and writes on the network directly into the
- state_machine_t's buffers (based on a previous select() result), and only
- then allow the abstact state_machine_t to "churn()" using those buffers.
- This will cause the SSL machine to consume as much input data from the two
- "IN" buffers as possible, and generate as much output data into the two
- "OUT" buffers as possible. Back up in the main() function, the next main
- loop loop will examine these output buffers and select() for writability
- on the corresponding sockets if the buffers are non-empty.
-
- (2) Handle the complicated tunneling-specific issue of cascading "close"s.
- This is the reason for most of the complexity in the logic - if one side
- of the tunnel is closed, you can't simply close the other side and throw
- away the whole thing - (a) there may still be outgoing data on the other
- side of the tunnel that hasn't been sent yet, (b) the close (or things
- happening during the close) may cause more data to be generated that needs
- sending on the other side. Of course, this logic is complicated yet futher
- by the fact that it's different depending on which side closes first :-)
- state_machine_close_clean() will indicate to the state machine that the
- unencrypted side of the tunnel has closed, so any existing outgoing data
- needs to be flushed, and the SSL stream needs to be closed down using the
- appropriate shutdown sequence. state_machine_close_dirty() is simpler
- because it indicates that the SSL stream has been disconnected, so all
- that remains before closing the other side is to flush out anything that
- remains and wait for it to all be sent.
-
-Anyway, with those things in mind, the code should be a little easier to follow
-in terms of "what is *this* bit supposed to achieve??!!".
-
-
-How might this help?
---------------------
-
-Well, the reason I wrote this is that there seemed to be rather a flood of
-questions of late on the openssl-dev and openssl-users lists about getting this
-whole IO logic thing sorted out, particularly by those who were trying to either
-use non-blocking IO, or wanted SSL in an environment where "something else" was
-handling the network already and they needed to operate in memory only. This
-code is loosely based on some other stuff I've been working on, although that
-stuff is far more complete, far more dependant on a whole slew of other
-network/framework code I don't want to incorporate here, and far harder to look
-at for 5 minutes and follow where everything is going. I will be trying over
-time to suck in a few things from that into this demo in the hopes it might be
-more useful, and maybe to even make this demo usable as a utility of its own.
-Possible things include:
-
- * controlling multiple processes/threads - this can be used to combat
- latencies and get passed file-descriptor limits on some systems, and it uses
- a "controller" process/thread that maintains IPC links with the
- processes/threads doing the real work.
-
- * cert verification rules - having some say over which certs get in or out :-)
-
- * control over SSL protocols and cipher suites
-
- * A few other things you can already do in s_client and s_server :-)
-
- * Support (and control over) session resuming, particularly when functioning
- as an SSL client.
-
-If you have a particular environment where this model might work to let you "do
-SSL" without having OpenSSL be aware of the transport, then you should find you
-could use the state_machine_t structure (or your own variant thereof) and hook
-it up to your transport stuff in much the way tunala.c matches it up with those
-4 file-descriptors. The state_machine_churn(), state_machine_close_clean(), and
-state_machine_close_dirty() functions are the main things to understand - after
-that's done, you just have to ensure you're feeding and bleeding the 4
-state_machine buffers in a logical fashion. This state_machine loop handles not
-only handshakes and normal streaming, but also renegotiates - there's no special
-handling required beyond keeping an eye on those 4 buffers and keeping them in
-sync with your outer "loop" logic. Ie. if one of the OUT buffers is not empty,
-you need to find an opportunity to try and forward its data on. If one of the IN
-buffers is not full, you should keep an eye out for data arriving that should be
-placed there.
-
-This approach could hopefully also allow you to run the SSL protocol in very
-different environments. As an example, you could support encrypted event-driven
-IPC where threads/processes pass messages to each other inside an SSL layer;
-each IPC-message's payload would be in fact the "dirty" content, and the "clean"
-payload coming out of the tunnel at each end would be the real intended message.
-Likewise, this could *easily* be made to work across unix domain sockets, or
-even entirely different network/comms protocols.
-
-This is also a quick and easy way to do VPN if you (and the remote network's
-gateway) support virtual network devices that are encapsulted in a single
-network connection, perhaps PPP going through an SSL tunnel?
-
-
-Suggestions
------------
-
-Please let me know if you find this useful, or if there's anything wrong or
-simply too confusing about it. Patches are also welcome, but please attach a
-description of what it changes and why, and "diff -urN" format is preferred.
-Mail to geoff@openssl.org should do the trick.
-
-
-Example
--------
-
-Here is an example of how to use "tunala" ...
-
-First, it's assumed that OpenSSL has already built, and that you are building
-inside the ./demos/tunala/ directory. If not - please correct the paths and
-flags inside the Makefile. Likewise, if you want to tweak the building, it's
-best to try and do so in the makefile (eg. removing the debug flags and adding
-optimisation flags).
-
-Secondly, this code has mostly only been tested on Linux. However, some
-autoconf/etc support has been added and the code has been compiled on openbsd
-and solaris using that.
-
-Thirdly, if you are Win32, you probably need to do some *major* rewriting of
-ip.c to stand a hope in hell. Good luck, and please mail me the diff if you do
-this, otherwise I will take a look at another time. It can certainly be done,
-but it's very non-POSIXy.
-
-See the INSTALL document for details on building.
-
-Now, if you don't have an executable "tunala" compiled, go back to "First,...".
-Rinse and repeat.
-
-Inside one console, try typing;
-
-(i) ./tunala -listen localhost:8080 -proxy localhost:8081 -cacert CA.pem \
- -cert A-client.pem -out_totals -v_peer -v_strict
-
-In another console, type;
-
-(ii) ./tunala -listen localhost:8081 -proxy localhost:23 -cacert CA.pem \
- -cert A-server.pem -server 1 -out_totals -v_peer -v_strict
-
-Now if you open another console and "telnet localhost 8080", you should be
-tunneled through to the telnet service on your local machine (if it's running -
-you could change it to port "22" and tunnel ssh instead if you so desired). When
-you logout of the telnet session, the tunnel should cleanly shutdown and show
-you some traffic stats in both consoles. Feel free to experiment. :-)
-
-Notes:
-
- - the format for the "-listen" argument can skip the host part (eg. "-listen
- 8080" is fine). If you do, the listening socket will listen on all interfaces
- so you can connect from other machines for example. Using the "localhost"
- form listens only on 127.0.0.1 so you can only connect locally (unless, of
- course, you've set up weird stuff with your networking in which case probably
- none of the above applies).
-
- - ./tunala -? gives you a list of other command-line options, but tunala.c is
- also a good place to look :-)
-
-
diff --git a/crypto/openssl/demos/tunala/autogunk.sh b/crypto/openssl/demos/tunala/autogunk.sh
deleted file mode 100755
index c9783c6..0000000
--- a/crypto/openssl/demos/tunala/autogunk.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/sh
-
-# This script tries to follow the "GNU way" w.r.t. the autobits.
-# This does of course generate a number of irritating files.
-# Try to get over it (I am getting there myself).
-
-# This should generate any missing crud, and then run autoconf which should turn
-# configure.in into a "./configure" script and "Makefile.am" into a
-# "Makefile.in". Then running "./configure" should turn "Makefile.in" into
-# "Makefile" and should generate the config.h containing your systems various
-# settings. I know ... what a hassle ...
-
-# Also, sometimes these autobits things generate bizarre output (looking like
-# errors). So I direct everything "elsewhere" ...
-
-(aclocal
-autoheader
-libtoolize --copy --force
-automake --foreign --add-missing --copy
-autoconf) 1> /dev/null 2>&1
-
-# Move the "no-autotools" Makefile out of the way
-if test ! -f Makefile.plain; then
- mv Makefile Makefile.plain
-fi
diff --git a/crypto/openssl/demos/tunala/autoungunk.sh b/crypto/openssl/demos/tunala/autoungunk.sh
deleted file mode 100755
index 0c9123b..0000000
--- a/crypto/openssl/demos/tunala/autoungunk.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/sh
-
-# This script tries to clean up as much as is possible from whatever diabolical
-# mess has been left in the directory thanks to autoconf, automake, and their
-# friends.
-
-if test -f Makefile.plain; then
- if test -f Makefile; then
- make distclean
- fi
- mv Makefile.plain Makefile
-else
- make clean
-fi
-
-rm -f aclocal.m4 config.* configure install-sh \
- missing mkinstalldirs stamp-h.* Makefile.in \
- ltconfig ltmain.sh
diff --git a/crypto/openssl/demos/tunala/breakage.c b/crypto/openssl/demos/tunala/breakage.c
deleted file mode 100644
index dcdd64b..0000000
--- a/crypto/openssl/demos/tunala/breakage.c
+++ /dev/null
@@ -1,66 +0,0 @@
-#include "tunala.h"
-
-int int_strtoul(const char *str, unsigned long *val)
-{
-#ifdef HAVE_STRTOUL
- char *tmp;
- unsigned long ret = strtoul(str, &tmp, 10);
- if((str == tmp) || (*tmp != '\0'))
- /* The value didn't parse cleanly */
- return 0;
- if(ret == ULONG_MAX)
- /* We hit a limit */
- return 0;
- *val = ret;
- return 1;
-#else
- char buf[2];
- unsigned long ret = 0;
- buf[1] = '\0';
- if(str == '\0')
- /* An empty string ... */
- return 0;
- while(*str != '\0') {
- /* We have to multiply 'ret' by 10 before absorbing the next
- * digit. If this will overflow, catch it now. */
- if(ret && (((ULONG_MAX + 10) / ret) < 10))
- return 0;
- ret *= 10;
- if(!isdigit(*str))
- return 0;
- buf[0] = *str;
- ret += atoi(buf);
- str++;
- }
- *val = ret;
- return 1;
-#endif
-}
-
-#ifndef HAVE_STRSTR
-char *int_strstr(const char *haystack, const char *needle)
-{
- const char *sub_haystack = haystack, *sub_needle = needle;
- unsigned int offset = 0;
- if(!needle)
- return haystack;
- if(!haystack)
- return NULL;
- while((*sub_haystack != '\0') && (*sub_needle != '\0')) {
- if(sub_haystack[offset] == sub_needle) {
- /* sub_haystack is still a candidate */
- offset++;
- sub_needle++;
- } else {
- /* sub_haystack is no longer a possibility */
- sub_haystack++;
- offset = 0;
- sub_needle = needle;
- }
- }
- if(*sub_haystack == '\0')
- /* Found nothing */
- return NULL;
- return sub_haystack;
-}
-#endif
diff --git a/crypto/openssl/demos/tunala/buffer.c b/crypto/openssl/demos/tunala/buffer.c
deleted file mode 100644
index c5cd004..0000000
--- a/crypto/openssl/demos/tunala/buffer.c
+++ /dev/null
@@ -1,205 +0,0 @@
-#include "tunala.h"
-
-#ifndef NO_BUFFER
-
-void buffer_init(buffer_t *buf)
-{
- buf->used = 0;
- buf->total_in = buf->total_out = 0;
-}
-
-void buffer_close(buffer_t *buf)
-{
- /* Our data is static - nothing needs "release", just reset it */
- buf->used = 0;
-}
-
-/* Code these simple ones in compact form */
-unsigned int buffer_used(buffer_t *buf) {
- return buf->used; }
-unsigned int buffer_unused(buffer_t *buf) {
- return (MAX_DATA_SIZE - buf->used); }
-int buffer_full(buffer_t *buf) {
- return (buf->used == MAX_DATA_SIZE ? 1 : 0); }
-int buffer_notfull(buffer_t *buf) {
- return (buf->used < MAX_DATA_SIZE ? 1 : 0); }
-int buffer_empty(buffer_t *buf) {
- return (buf->used == 0 ? 1 : 0); }
-int buffer_notempty(buffer_t *buf) {
- return (buf->used > 0 ? 1 : 0); }
-unsigned long buffer_total_in(buffer_t *buf) {
- return buf->total_in; }
-unsigned long buffer_total_out(buffer_t *buf) {
- return buf->total_out; }
-
-/* These 3 static (internal) functions don't adjust the "total" variables as
- * it's not sure when they're called how it should be interpreted. Only the
- * higher-level "buffer_[to|from]_[fd|SSL|BIO]" functions should alter these
- * values. */
-#if 0 /* To avoid "unused" warnings */
-static unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,
- unsigned int size)
-{
- unsigned int added = MAX_DATA_SIZE - buf->used;
- if(added > size)
- added = size;
- if(added == 0)
- return 0;
- memcpy(buf->data + buf->used, ptr, added);
- buf->used += added;
- buf->total_in += added;
- return added;
-}
-
-static unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap)
-{
- unsigned int moved, tomove = from->used;
- if((int)tomove > cap)
- tomove = cap;
- if(tomove == 0)
- return 0;
- moved = buffer_adddata(to, from->data, tomove);
- if(moved == 0)
- return 0;
- buffer_takedata(from, NULL, moved);
- return moved;
-}
-#endif
-
-static unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,
- unsigned int size)
-{
- unsigned int taken = buf->used;
- if(taken > size)
- taken = size;
- if(taken == 0)
- return 0;
- if(ptr)
- memcpy(ptr, buf->data, taken);
- buf->used -= taken;
- /* Do we have to scroll? */
- if(buf->used > 0)
- memmove(buf->data, buf->data + taken, buf->used);
- return taken;
-}
-
-#ifndef NO_IP
-
-int buffer_from_fd(buffer_t *buf, int fd)
-{
- int toread = buffer_unused(buf);
- if(toread == 0)
- /* Shouldn't be called in this case! */
- abort();
- toread = read(fd, buf->data + buf->used, toread);
- if(toread > 0) {
- buf->used += toread;
- buf->total_in += toread;
- }
- return toread;
-}
-
-int buffer_to_fd(buffer_t *buf, int fd)
-{
- int towrite = buffer_used(buf);
- if(towrite == 0)
- /* Shouldn't be called in this case! */
- abort();
- towrite = write(fd, buf->data, towrite);
- if(towrite > 0) {
- buffer_takedata(buf, NULL, towrite);
- buf->total_out += towrite;
- }
- return towrite;
-}
-
-#endif /* !defined(NO_IP) */
-
-#ifndef NO_OPENSSL
-
-static void int_ssl_check(SSL *s, int ret)
-{
- int e = SSL_get_error(s, ret);
- switch(e) {
- /* These seem to be harmless and already "dealt with" by our
- * non-blocking environment. NB: "ZERO_RETURN" is the clean
- * "error" indicating a successfully closed SSL tunnel. We let
- * this happen because our IO loop should not appear to have
- * broken on this condition - and outside the IO loop, the
- * "shutdown" state is checked. */
- case SSL_ERROR_NONE:
- case SSL_ERROR_WANT_READ:
- case SSL_ERROR_WANT_WRITE:
- case SSL_ERROR_WANT_X509_LOOKUP:
- case SSL_ERROR_ZERO_RETURN:
- return;
- /* These seem to be indications of a genuine error that should
- * result in the SSL tunnel being regarded as "dead". */
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- SSL_set_app_data(s, (char *)1);
- return;
- default:
- break;
- }
- /* For any other errors that (a) exist, and (b) crop up - we need to
- * interpret what to do with them - so "politely inform" the caller that
- * the code needs updating here. */
- abort();
-}
-
-void buffer_from_SSL(buffer_t *buf, SSL *ssl)
-{
- int ret;
- if(!ssl || buffer_full(buf))
- return;
- ret = SSL_read(ssl, buf->data + buf->used, buffer_unused(buf));
- if(ret > 0) {
- buf->used += ret;
- buf->total_in += ret;
- }
- if(ret < 0)
- int_ssl_check(ssl, ret);
-}
-
-void buffer_to_SSL(buffer_t *buf, SSL *ssl)
-{
- int ret;
- if(!ssl || buffer_empty(buf))
- return;
- ret = SSL_write(ssl, buf->data, buf->used);
- if(ret > 0) {
- buffer_takedata(buf, NULL, ret);
- buf->total_out += ret;
- }
- if(ret < 0)
- int_ssl_check(ssl, ret);
-}
-
-void buffer_from_BIO(buffer_t *buf, BIO *bio)
-{
- int ret;
- if(!bio || buffer_full(buf))
- return;
- ret = BIO_read(bio, buf->data + buf->used, buffer_unused(buf));
- if(ret > 0) {
- buf->used += ret;
- buf->total_in += ret;
- }
-}
-
-void buffer_to_BIO(buffer_t *buf, BIO *bio)
-{
- int ret;
- if(!bio || buffer_empty(buf))
- return;
- ret = BIO_write(bio, buf->data, buf->used);
- if(ret > 0) {
- buffer_takedata(buf, NULL, ret);
- buf->total_out += ret;
- }
-}
-
-#endif /* !defined(NO_OPENSSL) */
-
-#endif /* !defined(NO_BUFFER) */
diff --git a/crypto/openssl/demos/tunala/cb.c b/crypto/openssl/demos/tunala/cb.c
deleted file mode 100644
index e649838..0000000
--- a/crypto/openssl/demos/tunala/cb.c
+++ /dev/null
@@ -1,143 +0,0 @@
-#include "tunala.h"
-
-#ifndef NO_OPENSSL
-
-/* For callbacks generating output, here are their file-descriptors. */
-static FILE *fp_cb_ssl_info = NULL;
-static FILE *fp_cb_ssl_verify = NULL;
-/* Output level:
- * 0 = nothing,
- * 1 = minimal, just errors,
- * 2 = minimal, all steps,
- * 3 = detail, all steps */
-static unsigned int cb_ssl_verify_level = 1;
-
-/* Other static rubbish (to mirror s_cb.c where required) */
-static int int_verify_depth = 10;
-
-/* This function is largely borrowed from the one used in OpenSSL's "s_client"
- * and "s_server" utilities. */
-void cb_ssl_info(const SSL *s, int where, int ret)
-{
- const char *str1, *str2;
- int w;
-
- if(!fp_cb_ssl_info)
- return;
-
- w = where & ~SSL_ST_MASK;
- str1 = (w & SSL_ST_CONNECT ? "SSL_connect" : (w & SSL_ST_ACCEPT ?
- "SSL_accept" : "undefined")),
- str2 = SSL_state_string_long(s);
-
- if (where & SSL_CB_LOOP)
- fprintf(fp_cb_ssl_info, "(%s) %s\n", str1, str2);
- else if (where & SSL_CB_EXIT) {
- if (ret == 0)
- fprintf(fp_cb_ssl_info, "(%s) failed in %s\n", str1, str2);
-/* In a non-blocking model, we get a few of these "error"s simply because we're
- * calling "reads" and "writes" on the state-machine that are virtual NOPs
- * simply to avoid wasting the time seeing if we *should* call them. Removing
- * this case makes the "-out_state" output a lot easier on the eye. */
-#if 0
- else if (ret < 0)
- fprintf(fp_cb_ssl_info, "%s:error in %s\n", str1, str2);
-#endif
- }
-}
-
-void cb_ssl_info_set_output(FILE *fp)
-{
- fp_cb_ssl_info = fp;
-}
-
-static const char *int_reason_no_issuer = "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT";
-static const char *int_reason_not_yet = "X509_V_ERR_CERT_NOT_YET_VALID";
-static const char *int_reason_before = "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD";
-static const char *int_reason_expired = "X509_V_ERR_CERT_HAS_EXPIRED";
-static const char *int_reason_after = "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD";
-
-/* Stolen wholesale from apps/s_cb.c :-) And since then, mutilated ... */
-int cb_ssl_verify(int ok, X509_STORE_CTX *ctx)
-{
- char buf1[256]; /* Used for the subject name */
- char buf2[256]; /* Used for the issuer name */
- const char *reason = NULL; /* Error reason (if any) */
- X509 *err_cert;
- int err, depth;
-
- if(!fp_cb_ssl_verify || (cb_ssl_verify_level == 0))
- return ok;
- err_cert = X509_STORE_CTX_get_current_cert(ctx);
- err = X509_STORE_CTX_get_error(ctx);
- depth = X509_STORE_CTX_get_error_depth(ctx);
-
- buf1[0] = buf2[0] = '\0';
- /* Fill buf1 */
- X509_NAME_oneline(X509_get_subject_name(err_cert), buf1, 256);
- /* Fill buf2 */
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf2, 256);
- switch (ctx->error) {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- reason = int_reason_no_issuer;
- break;
- case X509_V_ERR_CERT_NOT_YET_VALID:
- reason = int_reason_not_yet;
- break;
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- reason = int_reason_before;
- break;
- case X509_V_ERR_CERT_HAS_EXPIRED:
- reason = int_reason_expired;
- break;
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- reason = int_reason_after;
- break;
- }
-
- if((cb_ssl_verify_level == 1) && ok)
- return ok;
- fprintf(fp_cb_ssl_verify, "chain-depth=%d, ", depth);
- if(reason)
- fprintf(fp_cb_ssl_verify, "error=%s\n", reason);
- else
- fprintf(fp_cb_ssl_verify, "error=%d\n", err);
- if(cb_ssl_verify_level < 3)
- return ok;
- fprintf(fp_cb_ssl_verify, "--> subject = %s\n", buf1);
- fprintf(fp_cb_ssl_verify, "--> issuer = %s\n", buf2);
- if(!ok)
- fprintf(fp_cb_ssl_verify,"--> verify error:num=%d:%s\n",err,
- X509_verify_cert_error_string(err));
- fprintf(fp_cb_ssl_verify, "--> verify return:%d\n",ok);
- return ok;
-}
-
-void cb_ssl_verify_set_output(FILE *fp)
-{
- fp_cb_ssl_verify = fp;
-}
-
-void cb_ssl_verify_set_depth(unsigned int verify_depth)
-{
- int_verify_depth = verify_depth;
-}
-
-void cb_ssl_verify_set_level(unsigned int level)
-{
- if(level < 4)
- cb_ssl_verify_level = level;
-}
-
-RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength)
-{
- /* TODO: Perhaps make it so our global key can be generated on-the-fly
- * after certain intervals? */
- static RSA *rsa_tmp = NULL;
- if(!rsa_tmp)
- rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
- return rsa_tmp;
-}
-
-#endif /* !defined(NO_OPENSSL) */
-
diff --git a/crypto/openssl/demos/tunala/configure.in b/crypto/openssl/demos/tunala/configure.in
deleted file mode 100644
index 590cdbf..0000000
--- a/crypto/openssl/demos/tunala/configure.in
+++ /dev/null
@@ -1,29 +0,0 @@
-dnl Process this file with autoconf to produce a configure script.
-AC_INIT(tunala.c)
-AM_CONFIG_HEADER(config.h)
-AM_INIT_AUTOMAKE(tunala, 0.0.1-dev)
-
-dnl Checks for programs. (Though skip libtool)
-AC_PROG_CC
-dnl AC_PROG_LIBTOOL
-dnl AM_PROG_LIBTOOL
-
-dnl Checks for libraries.
-AC_CHECK_LIB(dl, dlopen)
-AC_CHECK_LIB(z, inflate)
-AC_CHECK_LIB(socket, socket)
-AC_CHECK_LIB(nsl, gethostbyname)
-
-dnl Checks for header files.
-AC_HEADER_STDC
-AC_CHECK_HEADERS(fcntl.h limits.h unistd.h)
-
-dnl Checks for typedefs, structures, and compiler characteristics.
-AC_C_CONST
-
-dnl Checks for library functions.
-AC_CHECK_FUNCS(strstr strtoul)
-AC_CHECK_FUNCS(select socket)
-AC_CHECK_FUNCS(dlopen)
-
-AC_OUTPUT(Makefile)
diff --git a/crypto/openssl/demos/tunala/ip.c b/crypto/openssl/demos/tunala/ip.c
deleted file mode 100644
index 96ef4e6..0000000
--- a/crypto/openssl/demos/tunala/ip.c
+++ /dev/null
@@ -1,146 +0,0 @@
-#include "tunala.h"
-
-#ifndef NO_IP
-
-#define IP_LISTENER_BACKLOG 511 /* So if it gets masked by 256 or some other
- such value it'll still be respectable */
-
-/* Any IP-related initialisations. For now, this means blocking SIGPIPE */
-int ip_initialise(void)
-{
- struct sigaction sa;
-
- sa.sa_handler = SIG_IGN;
- sa.sa_flags = 0;
- sigemptyset(&sa.sa_mask);
- if(sigaction(SIGPIPE, &sa, NULL) != 0)
- return 0;
- return 1;
-}
-
-int ip_create_listener_split(const char *ip, unsigned short port)
-{
- struct sockaddr_in in_addr;
- int fd = -1;
- int reuseVal = 1;
-
- /* Create the socket */
- if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
- goto err;
- /* Set the SO_REUSEADDR flag - servers act weird without it */
- if(setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)(&reuseVal),
- sizeof(reuseVal)) != 0)
- goto err;
- /* Prepare the listen address stuff */
- in_addr.sin_family = AF_INET;
- memcpy(&in_addr.sin_addr.s_addr, ip, 4);
- in_addr.sin_port = htons(port);
- /* Bind to the required port/address/interface */
- if(bind(fd, (struct sockaddr *)&in_addr, sizeof(struct sockaddr_in)) != 0)
- goto err;
- /* Start "listening" */
- if(listen(fd, IP_LISTENER_BACKLOG) != 0)
- goto err;
- return fd;
-err:
- if(fd != -1)
- close(fd);
- return -1;
-}
-
-int ip_create_connection_split(const char *ip, unsigned short port)
-{
- struct sockaddr_in in_addr;
- int flags, fd = -1;
-
- /* Create the socket */
- if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
- goto err;
- /* Make it non-blocking */
- if(((flags = fcntl(fd, F_GETFL, 0)) < 0) ||
- (fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0))
- goto err;
- /* Prepare the connection address stuff */
- in_addr.sin_family = AF_INET;
- memcpy(&in_addr.sin_addr.s_addr, ip, 4);
- in_addr.sin_port = htons(port);
- /* Start a connect (non-blocking, in all likelihood) */
- if((connect(fd, (struct sockaddr *)&in_addr,
- sizeof(struct sockaddr_in)) != 0) &&
- (errno != EINPROGRESS))
- goto err;
- return fd;
-err:
- if(fd != -1)
- close(fd);
- return -1;
-}
-
-static char all_local_ip[] = {0x00,0x00,0x00,0x00};
-
-int ip_parse_address(const char *address, const char **parsed_ip,
- unsigned short *parsed_port, int accept_all_ip)
-{
- char buf[256];
- struct hostent *lookup;
- unsigned long port;
- const char *ptr = strstr(address, ":");
- const char *ip = all_local_ip;
-
- if(!ptr) {
- /* We assume we're listening on all local interfaces and have
- * only specified a port. */
- if(!accept_all_ip)
- return 0;
- ptr = address;
- goto determine_port;
- }
- if((ptr - address) > 255)
- return 0;
- memset(buf, 0, 256);
- memcpy(buf, address, ptr - address);
- ptr++;
- if((lookup = gethostbyname(buf)) == NULL) {
- /* Spit a message to differentiate between lookup failures and
- * bad strings. */
- fprintf(stderr, "hostname lookup for '%s' failed\n", buf);
- return 0;
- }
- ip = lookup->h_addr_list[0];
-determine_port:
- if(strlen(ptr) < 1)
- return 0;
- if(!int_strtoul(ptr, &port) || (port > 65535))
- return 0;
- *parsed_ip = ip;
- *parsed_port = (unsigned short)port;
- return 1;
-}
-
-int ip_create_listener(const char *address)
-{
- const char *ip;
- unsigned short port;
-
- if(!ip_parse_address(address, &ip, &port, 1))
- return -1;
- return ip_create_listener_split(ip, port);
-}
-
-int ip_create_connection(const char *address)
-{
- const char *ip;
- unsigned short port;
-
- if(!ip_parse_address(address, &ip, &port, 0))
- return -1;
- return ip_create_connection_split(ip, port);
-}
-
-int ip_accept_connection(int listen_fd)
-{
- return accept(listen_fd, NULL, NULL);
-}
-
-#endif /* !defined(NO_IP) */
-
diff --git a/crypto/openssl/demos/tunala/sm.c b/crypto/openssl/demos/tunala/sm.c
deleted file mode 100644
index 25359e6..0000000
--- a/crypto/openssl/demos/tunala/sm.c
+++ /dev/null
@@ -1,151 +0,0 @@
-#include "tunala.h"
-
-#ifndef NO_TUNALA
-
-void state_machine_init(state_machine_t *machine)
-{
- machine->ssl = NULL;
- machine->bio_intossl = machine->bio_fromssl = NULL;
- buffer_init(&machine->clean_in);
- buffer_init(&machine->clean_out);
- buffer_init(&machine->dirty_in);
- buffer_init(&machine->dirty_out);
-}
-
-void state_machine_close(state_machine_t *machine)
-{
- if(machine->ssl)
- SSL_free(machine->ssl);
-/* SSL_free seems to decrement the reference counts already so doing this goes
- * kaboom. */
-#if 0
- if(machine->bio_intossl)
- BIO_free(machine->bio_intossl);
- if(machine->bio_fromssl)
- BIO_free(machine->bio_fromssl);
-#endif
- buffer_close(&machine->clean_in);
- buffer_close(&machine->clean_out);
- buffer_close(&machine->dirty_in);
- buffer_close(&machine->dirty_out);
- state_machine_init(machine);
-}
-
-buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type)
-{
- switch(type) {
- case SM_CLEAN_IN:
- return &machine->clean_in;
- case SM_CLEAN_OUT:
- return &machine->clean_out;
- case SM_DIRTY_IN:
- return &machine->dirty_in;
- case SM_DIRTY_OUT:
- return &machine->dirty_out;
- default:
- break;
- }
- /* Should never get here */
- abort();
- return NULL;
-}
-
-SSL *state_machine_get_SSL(state_machine_t *machine)
-{
- return machine->ssl;
-}
-
-int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server)
-{
- if(machine->ssl)
- /* Shouldn't ever be set twice */
- abort();
- machine->ssl = ssl;
- /* Create the BIOs to handle the dirty side of the SSL */
- if((machine->bio_intossl = BIO_new(BIO_s_mem())) == NULL)
- abort();
- if((machine->bio_fromssl = BIO_new(BIO_s_mem())) == NULL)
- abort();
- /* Hook up the BIOs on the dirty side of the SSL */
- SSL_set_bio(machine->ssl, machine->bio_intossl, machine->bio_fromssl);
- if(is_server)
- SSL_set_accept_state(machine->ssl);
- else
- SSL_set_connect_state(machine->ssl);
- /* If we're the first one to generate traffic - do it now otherwise we
- * go into the next select empty-handed and our peer will not send data
- * but will similarly wait for us. */
- return state_machine_churn(machine);
-}
-
-/* Performs the data-IO loop and returns zero if the machine should close */
-int state_machine_churn(state_machine_t *machine)
-{
- unsigned int loop;
- if(machine->ssl == NULL) {
- if(buffer_empty(&machine->clean_out))
- /* Time to close this state-machine altogether */
- return 0;
- else
- /* Still buffered data on the clean side to go out */
- return 1;
- }
- /* Do this loop twice to cover any dependencies about which precise
- * order of reads and writes is required. */
- for(loop = 0; loop < 2; loop++) {
- buffer_to_SSL(&machine->clean_in, machine->ssl);
- buffer_to_BIO(&machine->dirty_in, machine->bio_intossl);
- buffer_from_SSL(&machine->clean_out, machine->ssl);
- buffer_from_BIO(&machine->dirty_out, machine->bio_fromssl);
- }
- /* We close on the SSL side if the info callback noticed some problems
- * or an SSL shutdown was underway and shutdown traffic had all been
- * sent. */
- if(SSL_get_app_data(machine->ssl) || (SSL_get_shutdown(machine->ssl) &&
- buffer_empty(&machine->dirty_out))) {
- /* Great, we can seal off the dirty side completely */
- if(!state_machine_close_dirty(machine))
- return 0;
- }
- /* Either the SSL is alive and well, or the closing process still has
- * outgoing data waiting to be sent */
- return 1;
-}
-
-/* Called when the clean side of the SSL has lost its connection */
-int state_machine_close_clean(state_machine_t *machine)
-{
- /* Well, first thing to do is null out the clean-side buffers - they're
- * no use any more. */
- buffer_close(&machine->clean_in);
- buffer_close(&machine->clean_out);
- /* And start an SSL shutdown */
- if(machine->ssl)
- SSL_shutdown(machine->ssl);
- /* This is an "event", so flush the SSL of any generated traffic */
- state_machine_churn(machine);
- if(buffer_empty(&machine->dirty_in) &&
- buffer_empty(&machine->dirty_out))
- return 0;
- return 1;
-}
-
-/* Called when the dirty side of the SSL has lost its connection. This is pretty
- * terminal as all that can be left to do is send any buffered output on the
- * clean side - after that, we're done. */
-int state_machine_close_dirty(state_machine_t *machine)
-{
- buffer_close(&machine->dirty_in);
- buffer_close(&machine->dirty_out);
- buffer_close(&machine->clean_in);
- if(machine->ssl)
- SSL_free(machine->ssl);
- machine->ssl = NULL;
- machine->bio_intossl = machine->bio_fromssl = NULL;
- if(buffer_empty(&machine->clean_out))
- return 0;
- return 1;
-}
-
-#endif /* !defined(NO_TUNALA) */
-
diff --git a/crypto/openssl/demos/tunala/test.sh b/crypto/openssl/demos/tunala/test.sh
deleted file mode 100755
index 105b447..0000000
--- a/crypto/openssl/demos/tunala/test.sh
+++ /dev/null
@@ -1,107 +0,0 @@
-#!/bin/sh
-
-HTTP="localhost:8080"
-CLIENT_PORT="9020"
-SERVER_PORT="9021"
-
-sub_test ()
-{
- echo "STARTING - $VER $CIPHER"
- ./tunala -listen localhost:$CLIENT_PORT -proxy localhost:$SERVER_PORT \
- -cacert CA.pem -cert A-client.pem -server 0 \
- -dh_special standard -v_peer -v_strict \
- $VER -cipher $CIPHER 1> tc1.txt 2> tc2.txt &
- ./tunala -listen localhost:$SERVER_PORT -proxy $HTTP \
- -cacert CA.pem -cert A-server.pem -server 1 \
- -dh_special standard -v_peer -v_strict \
- $VER -cipher $CIPHER 1> ts1.txt 2> ts2.txt &
- # Wait for the servers to be listening before starting the wget test
- DONE="no"
- while [ "$DONE" != "yes" ]; do
- L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"`
- L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"`
- if [ "x$L1" != "x" ]; then
- DONE="yes"
- elif [ "x$L2" != "x" ]; then
- DONE="yes"
- else
- sleep 1
- fi
- done
- HTML=`wget -O - -T 1 http://localhost:$CLIENT_PORT 2> /dev/null | grep "<HTML>"`
- if [ "x$HTML" != "x" ]; then
- echo "OK - $CIPHER ($VER)"
- else
- echo "FAIL - $CIPHER ($VER)"
- killall tunala
- exit 1
- fi
- killall tunala
- # Wait for the servers to stop before returning - otherwise the next
- # test my fail to start ... (fscking race conditions)
- DONE="yes"
- while [ "$DONE" != "no" ]; do
- L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"`
- L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"`
- if [ "x$L1" != "x" ]; then
- DONE="yes"
- elif [ "x$L2" != "x" ]; then
- DONE="yes"
- else
- DONE="no"
- fi
- done
- exit 0
-}
-
-run_test ()
-{
- (sub_test 1> /dev/null) || exit 1
-}
-
-run_ssl_test ()
-{
-killall tunala 1> /dev/null 2> /dev/null
-echo ""
-echo "Starting all $PRETTY tests"
-if [ "$PRETTY" != "SSLv2" ]; then
- if [ "$PRETTY" != "SSLv3" ]; then
- export VER="-no_ssl2 -no_ssl3"
- export OSSL="-tls1"
- else
- export VER="-no_ssl2 -no_tls1"
- export OSSL="-ssl3"
- fi
-else
- export VER="-no_ssl3 -no_tls1"
- export OSSL="-ssl2"
-fi
-LIST="`../../apps/openssl ciphers $OSSL | sed -e 's/:/ /g'`"
-#echo "$LIST"
-for i in $LIST; do \
- DSS=`echo "$i" | grep "DSS"`
- if [ "x$DSS" != "x" ]; then
- echo "---- skipping $i (no DSA cert/keys) ----"
- else
- export CIPHER=$i
- run_test
- echo "SUCCESS: $i"
- fi
-done;
-}
-
-# Welcome the user
-echo "Tests will assume an http server running at $HTTP"
-
-# TLSv1 test
-export PRETTY="TLSv1"
-run_ssl_test
-
-# SSLv3 test
-export PRETTY="SSLv3"
-run_ssl_test
-
-# SSLv2 test
-export PRETTY="SSLv2"
-run_ssl_test
-
diff --git a/crypto/openssl/demos/tunala/tunala.c b/crypto/openssl/demos/tunala/tunala.c
deleted file mode 100644
index e918cba..0000000
--- a/crypto/openssl/demos/tunala/tunala.c
+++ /dev/null
@@ -1,1107 +0,0 @@
-#if defined(NO_BUFFER) || defined(NO_IP) || defined(NO_OPENSSL)
-#error "Badness, NO_BUFFER, NO_IP or NO_OPENSSL is defined, turn them *off*"
-#endif
-
-/* Include our bits'n'pieces */
-#include "tunala.h"
-
-
-/********************************************/
-/* Our local types that specify our "world" */
-/********************************************/
-
-/* These represent running "tunnels". Eg. if you wanted to do SSL in a
- * "message-passing" scanario, the "int" file-descriptors might be replaced by
- * thread or process IDs, and the "select" code might be replaced by message
- * handling code. Whatever. */
-typedef struct _tunala_item_t {
- /* The underlying SSL state machine. This is a data-only processing unit
- * and we communicate with it by talking to its four "buffers". */
- state_machine_t sm;
- /* The file-descriptors for the "dirty" (encrypted) side of the SSL
- * setup. In actuality, this is typically a socket and both values are
- * identical. */
- int dirty_read, dirty_send;
- /* The file-descriptors for the "clean" (unencrypted) side of the SSL
- * setup. These could be stdin/stdout, a socket (both values the same),
- * or whatever you like. */
- int clean_read, clean_send;
-} tunala_item_t;
-
-/* This structure is used as the data for running the main loop. Namely, in a
- * network format such as this, it is stuff for select() - but as pointed out,
- * when moving the real-world to somewhere else, this might be replaced by
- * something entirely different. It's basically the stuff that controls when
- * it's time to do some "work". */
-typedef struct _select_sets_t {
- int max; /* As required as the first argument to select() */
- fd_set reads, sends, excepts; /* As passed to select() */
-} select_sets_t;
-typedef struct _tunala_selector_t {
- select_sets_t last_selected; /* Results of the last select() */
- select_sets_t next_select; /* What we'll next select on */
-} tunala_selector_t;
-
-/* This structure is *everything*. We do it to avoid the use of globals so that,
- * for example, it would be easier to shift things around between async-IO,
- * thread-based, or multi-fork()ed (or combinations thereof). */
-typedef struct _tunala_world_t {
- /* The file-descriptor we "listen" on for new connections */
- int listen_fd;
- /* The array of tunnels */
- tunala_item_t *tunnels;
- /* the number of tunnels in use and allocated, respectively */
- unsigned int tunnels_used, tunnels_size;
- /* Our outside "loop" context stuff */
- tunala_selector_t selector;
- /* Our SSL_CTX, which is configured as the SSL client or server and has
- * the various cert-settings and callbacks configured. */
- SSL_CTX *ssl_ctx;
- /* Simple flag with complex logic :-) Indicates whether we're an SSL
- * server or an SSL client. */
- int server_mode;
-} tunala_world_t;
-
-/*****************************/
-/* Internal static functions */
-/*****************************/
-
-static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
- const char *CAfile, const char *cert, const char *key,
- const char *dcert, const char *dkey, const char *cipher_list,
- const char *dh_file, const char *dh_special, int tmp_rsa,
- int ctx_options, int out_state, int out_verify, int verify_mode,
- unsigned int verify_depth);
-static void selector_init(tunala_selector_t *selector);
-static void selector_add_listener(tunala_selector_t *selector, int fd);
-static void selector_add_tunala(tunala_selector_t *selector, tunala_item_t *t);
-static int selector_select(tunala_selector_t *selector);
-/* This returns -1 for error, 0 for no new connections, or 1 for success, in
- * which case *newfd is populated. */
-static int selector_get_listener(tunala_selector_t *selector, int fd, int *newfd);
-static int tunala_world_new_item(tunala_world_t *world, int fd,
- const char *ip, unsigned short port, int flipped);
-static void tunala_world_del_item(tunala_world_t *world, unsigned int idx);
-static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item);
-
-/*********************************************/
-/* MAIN FUNCTION (and its utility functions) */
-/*********************************************/
-
-static const char *def_proxyhost = "127.0.0.1:443";
-static const char *def_listenhost = "127.0.0.1:8080";
-static int def_max_tunnels = 50;
-static const char *def_cacert = NULL;
-static const char *def_cert = NULL;
-static const char *def_key = NULL;
-static const char *def_dcert = NULL;
-static const char *def_dkey = NULL;
-static const char *def_engine_id = NULL;
-static int def_server_mode = 0;
-static int def_flipped = 0;
-static const char *def_cipher_list = NULL;
-static const char *def_dh_file = NULL;
-static const char *def_dh_special = NULL;
-static int def_tmp_rsa = 1;
-static int def_ctx_options = 0;
-static int def_verify_mode = 0;
-static unsigned int def_verify_depth = 10;
-static int def_out_state = 0;
-static unsigned int def_out_verify = 0;
-static int def_out_totals = 0;
-static int def_out_conns = 0;
-
-static const char *helpstring =
-"\n'Tunala' (A tunneler with a New Zealand accent)\n"
-"Usage: tunala [options], where options are from;\n"
-" -listen [host:]<port> (default = 127.0.0.1:8080)\n"
-" -proxy <host>:<port> (default = 127.0.0.1:443)\n"
-" -maxtunnels <num> (default = 50)\n"
-" -cacert <path|NULL> (default = NULL)\n"
-" -cert <path|NULL> (default = NULL)\n"
-" -key <path|NULL> (default = whatever '-cert' is)\n"
-" -dcert <path|NULL> (usually for DSA, default = NULL)\n"
-" -dkey <path|NULL> (usually for DSA, default = whatever '-dcert' is)\n"
-" -engine <id|NULL> (default = NULL)\n"
-" -server <0|1> (default = 0, ie. an SSL client)\n"
-" -flipped <0|1> (makes SSL servers be network clients, and vice versa)\n"
-" -cipher <list> (specifies cipher list to use)\n"
-" -dh_file <path> (a PEM file containing DH parameters to use)\n"
-" -dh_special <NULL|generate|standard> (see below: def=NULL)\n"
-" -no_tmp_rsa (don't generate temporary RSA keys)\n"
-" -no_ssl2 (disable SSLv2)\n"
-" -no_ssl3 (disable SSLv3)\n"
-" -no_tls1 (disable TLSv1)\n"
-" -v_peer (verify the peer certificate)\n"
-" -v_strict (do not continue if peer doesn't authenticate)\n"
-" -v_once (no verification in renegotiates)\n"
-" -v_depth <num> (limit certificate chain depth, default = 10)\n"
-" -out_conns (prints client connections and disconnections)\n"
-" -out_state (prints SSL handshake states)\n"
-" -out_verify <0|1|2|3> (prints certificate verification states: def=1)\n"
-" -out_totals (prints out byte-totals when a tunnel closes)\n"
-" -<h|help|?> (displays this help screen)\n"
-"Notes:\n"
-"(1) It is recommended to specify a cert+key when operating as an SSL server.\n"
-" If you only specify '-cert', the same file must contain a matching\n"
-" private key.\n"
-"(2) Either dh_file or dh_special can be used to specify where DH parameters\n"
-" will be obtained from (or '-dh_special NULL' for the default choice) but\n"
-" you cannot specify both. For dh_special, 'generate' will create new DH\n"
-" parameters on startup, and 'standard' will use embedded parameters\n"
-" instead.\n"
-"(3) Normally an ssl client connects to an ssl server - so that an 'ssl client\n"
-" tunala' listens for 'clean' client connections and proxies ssl, and an\n"
-" 'ssl server tunala' listens for ssl connections and proxies 'clean'. With\n"
-" '-flipped 1', this behaviour is reversed so that an 'ssl server tunala'\n"
-" listens for clean client connections and proxies ssl (but participating\n"
-" as an ssl *server* in the SSL/TLS protocol), and an 'ssl client tunala'\n"
-" listens for ssl connections (participating as an ssl *client* in the\n"
-" SSL/TLS protocol) and proxies 'clean' to the end destination. This can\n"
-" be useful for allowing network access to 'servers' where only the server\n"
-" needs to authenticate the client (ie. the other way is not required).\n"
-" Even with client and server authentication, this 'technique' mitigates\n"
-" some DoS (denial-of-service) potential as it will be the network client\n"
-" having to perform the first private key operation rather than the other\n"
-" way round.\n"
-"(4) The 'technique' used by setting '-flipped 1' is probably compatible with\n"
-" absolutely nothing except another complimentary instance of 'tunala'\n"
-" running with '-flipped 1'. :-)\n";
-
-/* Default DH parameters for use with "-dh_special standard" ... stolen striaght
- * from s_server. */
-static unsigned char dh512_p[]={
- 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
- 0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
- 0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
- 0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
- 0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
- 0x47,0x74,0xE8,0x33,
- };
-static unsigned char dh512_g[]={
- 0x02,
- };
-
-/* And the function that parses the above "standard" parameters, again, straight
- * out of s_server. */
-static DH *get_dh512(void)
- {
- DH *dh=NULL;
-
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- return(NULL);
- return(dh);
- }
-
-/* Various help/error messages used by main() */
-static int usage(const char *errstr, int isunknownarg)
-{
- if(isunknownarg)
- fprintf(stderr, "Error: unknown argument '%s'\n", errstr);
- else
- fprintf(stderr, "Error: %s\n", errstr);
- fprintf(stderr, "%s\n", helpstring);
- return 1;
-}
-
-static int err_str0(const char *str0)
-{
- fprintf(stderr, "%s\n", str0);
- return 1;
-}
-
-static int err_str1(const char *fmt, const char *str1)
-{
- fprintf(stderr, fmt, str1);
- fprintf(stderr, "\n");
- return 1;
-}
-
-static int parse_max_tunnels(const char *s, unsigned int *maxtunnels)
-{
- unsigned long l;
- if(!int_strtoul(s, &l) || (l < 1) || (l > 1024)) {
- fprintf(stderr, "Error, '%s' is an invalid value for "
- "maxtunnels\n", s);
- return 0;
- }
- *maxtunnels = (unsigned int)l;
- return 1;
-}
-
-static int parse_server_mode(const char *s, int *servermode)
-{
- unsigned long l;
- if(!int_strtoul(s, &l) || (l > 1)) {
- fprintf(stderr, "Error, '%s' is an invalid value for the "
- "server mode\n", s);
- return 0;
- }
- *servermode = (int)l;
- return 1;
-}
-
-static int parse_dh_special(const char *s, const char **dh_special)
-{
- if((strcmp(s, "NULL") == 0) || (strcmp(s, "generate") == 0) ||
- (strcmp(s, "standard") == 0)) {
- *dh_special = s;
- return 1;
- }
- fprintf(stderr, "Error, '%s' is an invalid value for 'dh_special'\n", s);
- return 0;
-}
-
-static int parse_verify_level(const char *s, unsigned int *verify_level)
-{
- unsigned long l;
- if(!int_strtoul(s, &l) || (l > 3)) {
- fprintf(stderr, "Error, '%s' is an invalid value for "
- "out_verify\n", s);
- return 0;
- }
- *verify_level = (unsigned int)l;
- return 1;
-}
-
-static int parse_verify_depth(const char *s, unsigned int *verify_depth)
-{
- unsigned long l;
- if(!int_strtoul(s, &l) || (l < 1) || (l > 50)) {
- fprintf(stderr, "Error, '%s' is an invalid value for "
- "verify_depth\n", s);
- return 0;
- }
- *verify_depth = (unsigned int)l;
- return 1;
-}
-
-/* Some fprintf format strings used when tunnels close */
-static const char *io_stats_dirty =
-" SSL traffic; %8lu bytes in, %8lu bytes out\n";
-static const char *io_stats_clean =
-" clear traffic; %8lu bytes in, %8lu bytes out\n";
-
-int main(int argc, char *argv[])
-{
- unsigned int loop;
- int newfd;
- tunala_world_t world;
- tunala_item_t *t_item;
- const char *proxy_ip;
- unsigned short proxy_port;
- /* Overridables */
- const char *proxyhost = def_proxyhost;
- const char *listenhost = def_listenhost;
- unsigned int max_tunnels = def_max_tunnels;
- const char *cacert = def_cacert;
- const char *cert = def_cert;
- const char *key = def_key;
- const char *dcert = def_dcert;
- const char *dkey = def_dkey;
- const char *engine_id = def_engine_id;
- int server_mode = def_server_mode;
- int flipped = def_flipped;
- const char *cipher_list = def_cipher_list;
- const char *dh_file = def_dh_file;
- const char *dh_special = def_dh_special;
- int tmp_rsa = def_tmp_rsa;
- int ctx_options = def_ctx_options;
- int verify_mode = def_verify_mode;
- unsigned int verify_depth = def_verify_depth;
- int out_state = def_out_state;
- unsigned int out_verify = def_out_verify;
- int out_totals = def_out_totals;
- int out_conns = def_out_conns;
-
-/* Parse command-line arguments */
-next_arg:
- argc--; argv++;
- if(argc > 0) {
- if(strcmp(*argv, "-listen") == 0) {
- if(argc < 2)
- return usage("-listen requires an argument", 0);
- argc--; argv++;
- listenhost = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-proxy") == 0) {
- if(argc < 2)
- return usage("-proxy requires an argument", 0);
- argc--; argv++;
- proxyhost = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-maxtunnels") == 0) {
- if(argc < 2)
- return usage("-maxtunnels requires an argument", 0);
- argc--; argv++;
- if(!parse_max_tunnels(*argv, &max_tunnels))
- return 1;
- goto next_arg;
- } else if(strcmp(*argv, "-cacert") == 0) {
- if(argc < 2)
- return usage("-cacert requires an argument", 0);
- argc--; argv++;
- if(strcmp(*argv, "NULL") == 0)
- cacert = NULL;
- else
- cacert = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-cert") == 0) {
- if(argc < 2)
- return usage("-cert requires an argument", 0);
- argc--; argv++;
- if(strcmp(*argv, "NULL") == 0)
- cert = NULL;
- else
- cert = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-key") == 0) {
- if(argc < 2)
- return usage("-key requires an argument", 0);
- argc--; argv++;
- if(strcmp(*argv, "NULL") == 0)
- key = NULL;
- else
- key = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-dcert") == 0) {
- if(argc < 2)
- return usage("-dcert requires an argument", 0);
- argc--; argv++;
- if(strcmp(*argv, "NULL") == 0)
- dcert = NULL;
- else
- dcert = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-dkey") == 0) {
- if(argc < 2)
- return usage("-dkey requires an argument", 0);
- argc--; argv++;
- if(strcmp(*argv, "NULL") == 0)
- dkey = NULL;
- else
- dkey = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-engine") == 0) {
- if(argc < 2)
- return usage("-engine requires an argument", 0);
- argc--; argv++;
- engine_id = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-server") == 0) {
- if(argc < 2)
- return usage("-server requires an argument", 0);
- argc--; argv++;
- if(!parse_server_mode(*argv, &server_mode))
- return 1;
- goto next_arg;
- } else if(strcmp(*argv, "-flipped") == 0) {
- if(argc < 2)
- return usage("-flipped requires an argument", 0);
- argc--; argv++;
- if(!parse_server_mode(*argv, &flipped))
- return 1;
- goto next_arg;
- } else if(strcmp(*argv, "-cipher") == 0) {
- if(argc < 2)
- return usage("-cipher requires an argument", 0);
- argc--; argv++;
- cipher_list = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-dh_file") == 0) {
- if(argc < 2)
- return usage("-dh_file requires an argument", 0);
- if(dh_special)
- return usage("cannot mix -dh_file with "
- "-dh_special", 0);
- argc--; argv++;
- dh_file = *argv;
- goto next_arg;
- } else if(strcmp(*argv, "-dh_special") == 0) {
- if(argc < 2)
- return usage("-dh_special requires an argument", 0);
- if(dh_file)
- return usage("cannot mix -dh_file with "
- "-dh_special", 0);
- argc--; argv++;
- if(!parse_dh_special(*argv, &dh_special))
- return 1;
- goto next_arg;
- } else if(strcmp(*argv, "-no_tmp_rsa") == 0) {
- tmp_rsa = 0;
- goto next_arg;
- } else if(strcmp(*argv, "-no_ssl2") == 0) {
- ctx_options |= SSL_OP_NO_SSLv2;
- goto next_arg;
- } else if(strcmp(*argv, "-no_ssl3") == 0) {
- ctx_options |= SSL_OP_NO_SSLv3;
- goto next_arg;
- } else if(strcmp(*argv, "-no_tls1") == 0) {
- ctx_options |= SSL_OP_NO_TLSv1;
- goto next_arg;
- } else if(strcmp(*argv, "-v_peer") == 0) {
- verify_mode |= SSL_VERIFY_PEER;
- goto next_arg;
- } else if(strcmp(*argv, "-v_strict") == 0) {
- verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
- goto next_arg;
- } else if(strcmp(*argv, "-v_once") == 0) {
- verify_mode |= SSL_VERIFY_CLIENT_ONCE;
- goto next_arg;
- } else if(strcmp(*argv, "-v_depth") == 0) {
- if(argc < 2)
- return usage("-v_depth requires an argument", 0);
- argc--; argv++;
- if(!parse_verify_depth(*argv, &verify_depth))
- return 1;
- goto next_arg;
- } else if(strcmp(*argv, "-out_state") == 0) {
- out_state = 1;
- goto next_arg;
- } else if(strcmp(*argv, "-out_verify") == 0) {
- if(argc < 2)
- return usage("-out_verify requires an argument", 0);
- argc--; argv++;
- if(!parse_verify_level(*argv, &out_verify))
- return 1;
- goto next_arg;
- } else if(strcmp(*argv, "-out_totals") == 0) {
- out_totals = 1;
- goto next_arg;
- } else if(strcmp(*argv, "-out_conns") == 0) {
- out_conns = 1;
- goto next_arg;
- } else if((strcmp(*argv, "-h") == 0) ||
- (strcmp(*argv, "-help") == 0) ||
- (strcmp(*argv, "-?") == 0)) {
- fprintf(stderr, "%s\n", helpstring);
- return 0;
- } else
- return usage(*argv, 1);
- }
- /* Run any sanity checks we want here */
- if(!cert && !dcert && server_mode)
- fprintf(stderr, "WARNING: you are running an SSL server without "
- "a certificate - this may not work!\n");
-
- /* Initialise network stuff */
- if(!ip_initialise())
- return err_str0("ip_initialise failed");
- /* Create the SSL_CTX */
- if((world.ssl_ctx = initialise_ssl_ctx(server_mode, engine_id,
- cacert, cert, key, dcert, dkey, cipher_list, dh_file,
- dh_special, tmp_rsa, ctx_options, out_state, out_verify,
- verify_mode, verify_depth)) == NULL)
- return err_str1("initialise_ssl_ctx(engine_id=%s) failed",
- (engine_id == NULL) ? "NULL" : engine_id);
- if(engine_id)
- fprintf(stderr, "Info, engine '%s' initialised\n", engine_id);
- /* Create the listener */
- if((world.listen_fd = ip_create_listener(listenhost)) == -1)
- return err_str1("ip_create_listener(%s) failed", listenhost);
- fprintf(stderr, "Info, listening on '%s'\n", listenhost);
- if(!ip_parse_address(proxyhost, &proxy_ip, &proxy_port, 0))
- return err_str1("ip_parse_address(%s) failed", proxyhost);
- fprintf(stderr, "Info, proxying to '%s' (%d.%d.%d.%d:%d)\n", proxyhost,
- (int)proxy_ip[0], (int)proxy_ip[1],
- (int)proxy_ip[2], (int)proxy_ip[3], (int)proxy_port);
- fprintf(stderr, "Info, set maxtunnels to %d\n", (int)max_tunnels);
- fprintf(stderr, "Info, set to operate as an SSL %s\n",
- (server_mode ? "server" : "client"));
- /* Initialise the rest of the stuff */
- world.tunnels_used = world.tunnels_size = 0;
- world.tunnels = NULL;
- world.server_mode = server_mode;
- selector_init(&world.selector);
-
-/* We're ready to loop */
-main_loop:
- /* Should we listen for *new* tunnels? */
- if(world.tunnels_used < max_tunnels)
- selector_add_listener(&world.selector, world.listen_fd);
- /* We should add in our existing tunnels */
- for(loop = 0; loop < world.tunnels_used; loop++)
- selector_add_tunala(&world.selector, world.tunnels + loop);
- /* Now do the select */
- switch(selector_select(&world.selector)) {
- case -1:
- if(errno != EINTR) {
- fprintf(stderr, "selector_select returned a "
- "badness error.\n");
- goto shouldnt_happen;
- }
- fprintf(stderr, "Warn, selector interrupted by a signal\n");
- goto main_loop;
- case 0:
- fprintf(stderr, "Warn, selector_select returned 0 - signal?""?\n");
- goto main_loop;
- default:
- break;
- }
- /* Accept new connection if we should and can */
- if((world.tunnels_used < max_tunnels) && (selector_get_listener(
- &world.selector, world.listen_fd,
- &newfd) == 1)) {
- /* We have a new connection */
- if(!tunala_world_new_item(&world, newfd, proxy_ip,
- proxy_port, flipped))
- fprintf(stderr, "tunala_world_new_item failed\n");
- else if(out_conns)
- fprintf(stderr, "Info, new tunnel opened, now up to "
- "%d\n", world.tunnels_used);
- }
- /* Give each tunnel its moment, note the while loop is because it makes
- * the logic easier than with "for" to deal with an array that may shift
- * because of deletes. */
- loop = 0;
- t_item = world.tunnels;
- while(loop < world.tunnels_used) {
- if(!tunala_item_io(&world.selector, t_item)) {
- /* We're closing whether for reasons of an error or a
- * natural close. Don't increment loop or t_item because
- * the next item is moving to us! */
- if(!out_totals)
- goto skip_totals;
- fprintf(stderr, "Tunnel closing, traffic stats follow\n");
- /* Display the encrypted (over the network) stats */
- fprintf(stderr, io_stats_dirty,
- buffer_total_in(state_machine_get_buffer(
- &t_item->sm,SM_DIRTY_IN)),
- buffer_total_out(state_machine_get_buffer(
- &t_item->sm,SM_DIRTY_OUT)));
- /* Display the local (tunnelled) stats. NB: Data we
- * *receive* is data sent *out* of the state_machine on
- * its 'clean' side. Hence the apparent back-to-front
- * OUT/IN mixup here :-) */
- fprintf(stderr, io_stats_clean,
- buffer_total_out(state_machine_get_buffer(
- &t_item->sm,SM_CLEAN_OUT)),
- buffer_total_in(state_machine_get_buffer(
- &t_item->sm,SM_CLEAN_IN)));
-skip_totals:
- tunala_world_del_item(&world, loop);
- if(out_conns)
- fprintf(stderr, "Info, tunnel closed, down to %d\n",
- world.tunnels_used);
- }
- else {
- /* Move to the next item */
- loop++;
- t_item++;
- }
- }
- goto main_loop;
- /* Should never get here */
-shouldnt_happen:
- abort();
- return 1;
-}
-
-/****************/
-/* OpenSSL bits */
-/****************/
-
-static int ctx_set_cert(SSL_CTX *ctx, const char *cert, const char *key)
-{
- FILE *fp = NULL;
- X509 *x509 = NULL;
- EVP_PKEY *pkey = NULL;
- int toret = 0; /* Assume an error */
-
- /* cert */
- if(cert) {
- if((fp = fopen(cert, "r")) == NULL) {
- fprintf(stderr, "Error opening cert file '%s'\n", cert);
- goto err;
- }
- if(!PEM_read_X509(fp, &x509, NULL, NULL)) {
- fprintf(stderr, "Error reading PEM cert from '%s'\n",
- cert);
- goto err;
- }
- if(!SSL_CTX_use_certificate(ctx, x509)) {
- fprintf(stderr, "Error, cert in '%s' can not be used\n",
- cert);
- goto err;
- }
- /* Clear the FILE* for reuse in the "key" code */
- fclose(fp);
- fp = NULL;
- fprintf(stderr, "Info, operating with cert in '%s'\n", cert);
- /* If a cert was given without matching key, we assume the same
- * file contains the required key. */
- if(!key)
- key = cert;
- } else {
- if(key)
- fprintf(stderr, "Error, can't specify a key without a "
- "corresponding certificate\n");
- else
- fprintf(stderr, "Error, ctx_set_cert called with "
- "NULLs!\n");
- goto err;
- }
- /* key */
- if(key) {
- if((fp = fopen(key, "r")) == NULL) {
- fprintf(stderr, "Error opening key file '%s'\n", key);
- goto err;
- }
- if(!PEM_read_PrivateKey(fp, &pkey, NULL, NULL)) {
- fprintf(stderr, "Error reading PEM key from '%s'\n",
- key);
- goto err;
- }
- if(!SSL_CTX_use_PrivateKey(ctx, pkey)) {
- fprintf(stderr, "Error, key in '%s' can not be used\n",
- key);
- goto err;
- }
- fprintf(stderr, "Info, operating with key in '%s'\n", key);
- } else
- fprintf(stderr, "Info, operating without a cert or key\n");
- /* Success */
- toret = 1; err:
- if(x509)
- X509_free(x509);
- if(pkey)
- EVP_PKEY_free(pkey);
- if(fp)
- fclose(fp);
- return toret;
-}
-
-static int ctx_set_dh(SSL_CTX *ctx, const char *dh_file, const char *dh_special)
-{
- DH *dh = NULL;
- FILE *fp = NULL;
-
- if(dh_special) {
- if(strcmp(dh_special, "NULL") == 0)
- return 1;
- if(strcmp(dh_special, "standard") == 0) {
- if((dh = get_dh512()) == NULL) {
- fprintf(stderr, "Error, can't parse 'standard'"
- " DH parameters\n");
- return 0;
- }
- fprintf(stderr, "Info, using 'standard' DH parameters\n");
- goto do_it;
- }
- if(strcmp(dh_special, "generate") != 0)
- /* This shouldn't happen - screening values is handled
- * in main(). */
- abort();
- fprintf(stderr, "Info, generating DH parameters ... ");
- fflush(stderr);
- if((dh = DH_generate_parameters(512, DH_GENERATOR_5,
- NULL, NULL)) == NULL) {
- fprintf(stderr, "error!\n");
- return 0;
- }
- fprintf(stderr, "complete\n");
- goto do_it;
- }
- /* So, we're loading dh_file */
- if((fp = fopen(dh_file, "r")) == NULL) {
- fprintf(stderr, "Error, couldn't open '%s' for DH parameters\n",
- dh_file);
- return 0;
- }
- dh = PEM_read_DHparams(fp, NULL, NULL, NULL);
- fclose(fp);
- if(dh == NULL) {
- fprintf(stderr, "Error, could not parse DH parameters from '%s'\n",
- dh_file);
- return 0;
- }
- fprintf(stderr, "Info, using DH parameters from file '%s'\n", dh_file);
-do_it:
- SSL_CTX_set_tmp_dh(ctx, dh);
- DH_free(dh);
- return 1;
-}
-
-static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
- const char *CAfile, const char *cert, const char *key,
- const char *dcert, const char *dkey, const char *cipher_list,
- const char *dh_file, const char *dh_special, int tmp_rsa,
- int ctx_options, int out_state, int out_verify, int verify_mode,
- unsigned int verify_depth)
-{
- SSL_CTX *ctx = NULL, *ret = NULL;
- SSL_METHOD *meth;
- ENGINE *e = NULL;
-
- OpenSSL_add_ssl_algorithms();
- SSL_load_error_strings();
-
- meth = (server_mode ? SSLv23_server_method() : SSLv23_client_method());
- if(meth == NULL)
- goto err;
- if(engine_id) {
- ENGINE_load_builtin_engines();
- if((e = ENGINE_by_id(engine_id)) == NULL) {
- fprintf(stderr, "Error obtaining '%s' engine, openssl "
- "errors follow\n", engine_id);
- goto err;
- }
- if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
- fprintf(stderr, "Error assigning '%s' engine, openssl "
- "errors follow\n", engine_id);
- goto err;
- }
- ENGINE_free(e);
- }
- if((ctx = SSL_CTX_new(meth)) == NULL)
- goto err;
- /* cacert */
- if(CAfile) {
- if(!X509_STORE_load_locations(SSL_CTX_get_cert_store(ctx),
- CAfile, NULL)) {
- fprintf(stderr, "Error loading CA cert(s) in '%s'\n",
- CAfile);
- goto err;
- }
- fprintf(stderr, "Info, operating with CA cert(s) in '%s'\n",
- CAfile);
- } else
- fprintf(stderr, "Info, operating without a CA cert(-list)\n");
- if(!SSL_CTX_set_default_verify_paths(ctx)) {
- fprintf(stderr, "Error setting default verify paths\n");
- goto err;
- }
-
- /* cert and key */
- if((cert || key) && !ctx_set_cert(ctx, cert, key))
- goto err;
- /* dcert and dkey */
- if((dcert || dkey) && !ctx_set_cert(ctx, dcert, dkey))
- goto err;
- /* temporary RSA key generation */
- if(tmp_rsa)
- SSL_CTX_set_tmp_rsa_callback(ctx, cb_generate_tmp_rsa);
-
- /* cipher_list */
- if(cipher_list) {
- if(!SSL_CTX_set_cipher_list(ctx, cipher_list)) {
- fprintf(stderr, "Error setting cipher list '%s'\n",
- cipher_list);
- goto err;
- }
- fprintf(stderr, "Info, set cipher list '%s'\n", cipher_list);
- } else
- fprintf(stderr, "Info, operating with default cipher list\n");
-
- /* dh_file & dh_special */
- if((dh_file || dh_special) && !ctx_set_dh(ctx, dh_file, dh_special))
- goto err;
-
- /* ctx_options */
- SSL_CTX_set_options(ctx, ctx_options);
-
- /* out_state (output of SSL handshake states to screen). */
- if(out_state)
- cb_ssl_info_set_output(stderr);
-
- /* out_verify */
- if(out_verify > 0) {
- cb_ssl_verify_set_output(stderr);
- cb_ssl_verify_set_level(out_verify);
- }
-
- /* verify_depth */
- cb_ssl_verify_set_depth(verify_depth);
-
- /* Success! (includes setting verify_mode) */
- SSL_CTX_set_info_callback(ctx, cb_ssl_info);
- SSL_CTX_set_verify(ctx, verify_mode, cb_ssl_verify);
- ret = ctx;
-err:
- if(!ret) {
- ERR_print_errors_fp(stderr);
- if(ctx)
- SSL_CTX_free(ctx);
- }
- return ret;
-}
-
-/*****************/
-/* Selector bits */
-/*****************/
-
-static void selector_sets_init(select_sets_t *s)
-{
- s->max = 0;
- FD_ZERO(&s->reads);
- FD_ZERO(&s->sends);
- FD_ZERO(&s->excepts);
-}
-static void selector_init(tunala_selector_t *selector)
-{
- selector_sets_init(&selector->last_selected);
- selector_sets_init(&selector->next_select);
-}
-
-#define SEL_EXCEPTS 0x00
-#define SEL_READS 0x01
-#define SEL_SENDS 0x02
-static void selector_add_raw_fd(tunala_selector_t *s, int fd, int flags)
-{
- FD_SET(fd, &s->next_select.excepts);
- if(flags & SEL_READS)
- FD_SET(fd, &s->next_select.reads);
- if(flags & SEL_SENDS)
- FD_SET(fd, &s->next_select.sends);
- /* Adjust "max" */
- if(s->next_select.max < (fd + 1))
- s->next_select.max = fd + 1;
-}
-
-static void selector_add_listener(tunala_selector_t *selector, int fd)
-{
- selector_add_raw_fd(selector, fd, SEL_READS);
-}
-
-static void selector_add_tunala(tunala_selector_t *s, tunala_item_t *t)
-{
- /* Set clean read if sm.clean_in is not full */
- if(t->clean_read != -1) {
- selector_add_raw_fd(s, t->clean_read,
- (buffer_full(state_machine_get_buffer(&t->sm,
- SM_CLEAN_IN)) ? SEL_EXCEPTS : SEL_READS));
- }
- /* Set clean send if sm.clean_out is not empty */
- if(t->clean_send != -1) {
- selector_add_raw_fd(s, t->clean_send,
- (buffer_empty(state_machine_get_buffer(&t->sm,
- SM_CLEAN_OUT)) ? SEL_EXCEPTS : SEL_SENDS));
- }
- /* Set dirty read if sm.dirty_in is not full */
- if(t->dirty_read != -1) {
- selector_add_raw_fd(s, t->dirty_read,
- (buffer_full(state_machine_get_buffer(&t->sm,
- SM_DIRTY_IN)) ? SEL_EXCEPTS : SEL_READS));
- }
- /* Set dirty send if sm.dirty_out is not empty */
- if(t->dirty_send != -1) {
- selector_add_raw_fd(s, t->dirty_send,
- (buffer_empty(state_machine_get_buffer(&t->sm,
- SM_DIRTY_OUT)) ? SEL_EXCEPTS : SEL_SENDS));
- }
-}
-
-static int selector_select(tunala_selector_t *selector)
-{
- memcpy(&selector->last_selected, &selector->next_select,
- sizeof(select_sets_t));
- selector_sets_init(&selector->next_select);
- return select(selector->last_selected.max,
- &selector->last_selected.reads,
- &selector->last_selected.sends,
- &selector->last_selected.excepts, NULL);
-}
-
-/* This returns -1 for error, 0 for no new connections, or 1 for success, in
- * which case *newfd is populated. */
-static int selector_get_listener(tunala_selector_t *selector, int fd, int *newfd)
-{
- if(FD_ISSET(fd, &selector->last_selected.excepts))
- return -1;
- if(!FD_ISSET(fd, &selector->last_selected.reads))
- return 0;
- if((*newfd = ip_accept_connection(fd)) == -1)
- return -1;
- return 1;
-}
-
-/************************/
-/* "Tunala" world stuff */
-/************************/
-
-static int tunala_world_make_room(tunala_world_t *world)
-{
- unsigned int newsize;
- tunala_item_t *newarray;
-
- if(world->tunnels_used < world->tunnels_size)
- return 1;
- newsize = (world->tunnels_size == 0 ? 16 :
- ((world->tunnels_size * 3) / 2));
- if((newarray = malloc(newsize * sizeof(tunala_item_t))) == NULL)
- return 0;
- memset(newarray, 0, newsize * sizeof(tunala_item_t));
- if(world->tunnels_used > 0)
- memcpy(newarray, world->tunnels,
- world->tunnels_used * sizeof(tunala_item_t));
- if(world->tunnels_size > 0)
- free(world->tunnels);
- /* migrate */
- world->tunnels = newarray;
- world->tunnels_size = newsize;
- return 1;
-}
-
-static int tunala_world_new_item(tunala_world_t *world, int fd,
- const char *ip, unsigned short port, int flipped)
-{
- tunala_item_t *item;
- int newfd;
- SSL *new_ssl = NULL;
-
- if(!tunala_world_make_room(world))
- return 0;
- if((new_ssl = SSL_new(world->ssl_ctx)) == NULL) {
- fprintf(stderr, "Error creating new SSL\n");
- ERR_print_errors_fp(stderr);
- return 0;
- }
- item = world->tunnels + (world->tunnels_used++);
- state_machine_init(&item->sm);
- item->clean_read = item->clean_send =
- item->dirty_read = item->dirty_send = -1;
- if((newfd = ip_create_connection_split(ip, port)) == -1)
- goto err;
- /* Which way round? If we're a server, "fd" is the dirty side and the
- * connection we open is the clean one. For a client, it's the other way
- * around. Unless, of course, we're "flipped" in which case everything
- * gets reversed. :-) */
- if((world->server_mode && !flipped) ||
- (!world->server_mode && flipped)) {
- item->dirty_read = item->dirty_send = fd;
- item->clean_read = item->clean_send = newfd;
- } else {
- item->clean_read = item->clean_send = fd;
- item->dirty_read = item->dirty_send = newfd;
- }
- /* We use the SSL's "app_data" to indicate a call-back induced "kill" */
- SSL_set_app_data(new_ssl, NULL);
- if(!state_machine_set_SSL(&item->sm, new_ssl, world->server_mode))
- goto err;
- return 1;
-err:
- tunala_world_del_item(world, world->tunnels_used - 1);
- return 0;
-
-}
-
-static void tunala_world_del_item(tunala_world_t *world, unsigned int idx)
-{
- tunala_item_t *item = world->tunnels + idx;
- if(item->clean_read != -1)
- close(item->clean_read);
- if(item->clean_send != item->clean_read)
- close(item->clean_send);
- item->clean_read = item->clean_send = -1;
- if(item->dirty_read != -1)
- close(item->dirty_read);
- if(item->dirty_send != item->dirty_read)
- close(item->dirty_send);
- item->dirty_read = item->dirty_send = -1;
- state_machine_close(&item->sm);
- /* OK, now we fix the item array */
- if(idx + 1 < world->tunnels_used)
- /* We need to scroll entries to the left */
- memmove(world->tunnels + idx,
- world->tunnels + (idx + 1),
- (world->tunnels_used - (idx + 1)) *
- sizeof(tunala_item_t));
- world->tunnels_used--;
-}
-
-static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item)
-{
- int c_r, c_s, d_r, d_s; /* Four boolean flags */
-
- /* Take ourselves out of the gene-pool if there was an except */
- if((item->clean_read != -1) && FD_ISSET(item->clean_read,
- &selector->last_selected.excepts))
- return 0;
- if((item->clean_send != -1) && FD_ISSET(item->clean_send,
- &selector->last_selected.excepts))
- return 0;
- if((item->dirty_read != -1) && FD_ISSET(item->dirty_read,
- &selector->last_selected.excepts))
- return 0;
- if((item->dirty_send != -1) && FD_ISSET(item->dirty_send,
- &selector->last_selected.excepts))
- return 0;
- /* Grab our 4 IO flags */
- c_r = c_s = d_r = d_s = 0;
- if(item->clean_read != -1)
- c_r = FD_ISSET(item->clean_read, &selector->last_selected.reads);
- if(item->clean_send != -1)
- c_s = FD_ISSET(item->clean_send, &selector->last_selected.sends);
- if(item->dirty_read != -1)
- d_r = FD_ISSET(item->dirty_read, &selector->last_selected.reads);
- if(item->dirty_send != -1)
- d_s = FD_ISSET(item->dirty_send, &selector->last_selected.sends);
- /* If no IO has happened for us, skip needless data looping */
- if(!c_r && !c_s && !d_r && !d_s)
- return 1;
- if(c_r)
- c_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
- SM_CLEAN_IN), item->clean_read) <= 0);
- if(c_s)
- c_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
- SM_CLEAN_OUT), item->clean_send) <= 0);
- if(d_r)
- d_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
- SM_DIRTY_IN), item->dirty_read) <= 0);
- if(d_s)
- d_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
- SM_DIRTY_OUT), item->dirty_send) <= 0);
- /* If any of the flags is non-zero, that means they need closing */
- if(c_r) {
- close(item->clean_read);
- if(item->clean_send == item->clean_read)
- item->clean_send = -1;
- item->clean_read = -1;
- }
- if(c_s && (item->clean_send != -1)) {
- close(item->clean_send);
- if(item->clean_send == item->clean_read)
- item->clean_read = -1;
- item->clean_send = -1;
- }
- if(d_r) {
- close(item->dirty_read);
- if(item->dirty_send == item->dirty_read)
- item->dirty_send = -1;
- item->dirty_read = -1;
- }
- if(d_s && (item->dirty_send != -1)) {
- close(item->dirty_send);
- if(item->dirty_send == item->dirty_read)
- item->dirty_read = -1;
- item->dirty_send = -1;
- }
- /* This function name is attributed to the term donated by David
- * Schwartz on openssl-dev, message-ID:
- * <NCBBLIEPOCNJOAEKBEAKEEDGLIAA.davids@webmaster.com>. :-) */
- if(!state_machine_churn(&item->sm))
- /* If the SSL closes, it will also zero-out the _in buffers
- * and will in future process just outgoing data. As and
- * when the outgoing data has gone, it will return zero
- * here to tell us to bail out. */
- return 0;
- /* Otherwise, we return zero if both sides are dead. */
- if(((item->clean_read == -1) || (item->clean_send == -1)) &&
- ((item->dirty_read == -1) || (item->dirty_send == -1)))
- return 0;
- /* If only one side closed, notify the SSL of this so it can take
- * appropriate action. */
- if((item->clean_read == -1) || (item->clean_send == -1)) {
- if(!state_machine_close_clean(&item->sm))
- return 0;
- }
- if((item->dirty_read == -1) || (item->dirty_send == -1)) {
- if(!state_machine_close_dirty(&item->sm))
- return 0;
- }
- return 1;
-}
-
diff --git a/crypto/openssl/demos/tunala/tunala.h b/crypto/openssl/demos/tunala/tunala.h
deleted file mode 100644
index 3a752f2..0000000
--- a/crypto/openssl/demos/tunala/tunala.h
+++ /dev/null
@@ -1,215 +0,0 @@
-/* Tunala ("Tunneler with a New Zealand accent")
- *
- * Written by Geoff Thorpe, but endorsed/supported by noone. Please use this is
- * if it's useful or informative to you, but it's only here as a scratchpad for
- * ideas about how you might (or might not) program with OpenSSL. If you deploy
- * this is in a mission-critical environment, and have not read, understood,
- * audited, and modified this code to your satisfaction, and the result is that
- * all hell breaks loose and you are looking for a new employer, then it proves
- * nothing except perhaps that Darwinism is alive and well. Let's just say, *I*
- * don't use this in a mission-critical environment, so it would be stupid for
- * anyone to assume that it is solid and/or tested enough when even its author
- * doesn't place that much trust in it. You have been warned.
- *
- * With thanks to Cryptographic Appliances, Inc.
- */
-
-#ifndef _TUNALA_H
-#define _TUNALA_H
-
-/* pull in autoconf fluff */
-#ifndef NO_CONFIG_H
-#include "config.h"
-#else
-/* We don't have autoconf, we have to set all of these unless a tweaked Makefile
- * tells us not to ... */
-/* headers */
-#ifndef NO_HAVE_SELECT
-#define HAVE_SELECT
-#endif
-#ifndef NO_HAVE_SOCKET
-#define HAVE_SOCKET
-#endif
-#ifndef NO_HAVE_UNISTD_H
-#define HAVE_UNISTD_H
-#endif
-#ifndef NO_HAVE_FCNTL_H
-#define HAVE_FCNTL_H
-#endif
-#ifndef NO_HAVE_LIMITS_H
-#define HAVE_LIMITS_H
-#endif
-/* features */
-#ifndef NO_HAVE_STRSTR
-#define HAVE_STRSTR
-#endif
-#ifndef NO_HAVE_STRTOUL
-#define HAVE_STRTOUL
-#endif
-#endif
-
-#if !defined(HAVE_SELECT) || !defined(HAVE_SOCKET)
-#error "can't build without some network basics like select() and socket()"
-#endif
-
-#include <stdlib.h>
-#ifndef NO_SYSTEM_H
-#include <string.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#endif
-#ifdef HAVE_LIMITS_H
-#include <limits.h>
-#endif
-#include <netdb.h>
-#include <signal.h>
-#include <sys/socket.h>
-#include <sys/types.h>
-#include <netinet/in.h>
-#endif /* !defined(NO_SYSTEM_H) */
-
-#ifndef NO_OPENSSL
-#include <openssl/err.h>
-#include <openssl/engine.h>
-#include <openssl/ssl.h>
-#endif /* !defined(NO_OPENSSL) */
-
-#ifndef OPENSSL_NO_BUFFER
-/* This is the generic "buffer" type that is used when feeding the
- * state-machine. It's basically a FIFO with respect to the "adddata" &
- * "takedata" type functions that operate on it. */
-#define MAX_DATA_SIZE 16384
-typedef struct _buffer_t {
- unsigned char data[MAX_DATA_SIZE];
- unsigned int used;
- /* Statistical values - counts the total number of bytes read in and
- * read out (respectively) since "buffer_init()" */
- unsigned long total_in, total_out;
-} buffer_t;
-
-/* Initialise a buffer structure before use */
-void buffer_init(buffer_t *buf);
-/* Cleanup a buffer structure - presently not needed, but if buffer_t is
- * converted to using dynamic allocation, this would be required - so should be
- * called to protect against an explosion of memory leaks later if the change is
- * made. */
-void buffer_close(buffer_t *buf);
-
-/* Basic functions to manipulate buffers */
-
-unsigned int buffer_used(buffer_t *buf); /* How much data in the buffer */
-unsigned int buffer_unused(buffer_t *buf); /* How much space in the buffer */
-int buffer_full(buffer_t *buf); /* Boolean, is it full? */
-int buffer_notfull(buffer_t *buf); /* Boolean, is it not full? */
-int buffer_empty(buffer_t *buf); /* Boolean, is it empty? */
-int buffer_notempty(buffer_t *buf); /* Boolean, is it not empty? */
-unsigned long buffer_total_in(buffer_t *buf); /* Total bytes written to buffer */
-unsigned long buffer_total_out(buffer_t *buf); /* Total bytes read from buffer */
-
-#if 0 /* Currently used only within buffer.c - better to expose only
- * higher-level functions anyway */
-/* Add data to the tail of the buffer, returns the amount that was actually
- * added (so, you need to check if return value is less than size) */
-unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,
- unsigned int size);
-
-/* Take data from the front of the buffer (and scroll the rest forward). If
- * "ptr" is NULL, this just removes data off the front of the buffer. Return
- * value is the amount actually removed (can be less than size if the buffer has
- * too little data). */
-unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,
- unsigned int size);
-
-/* Flushes as much data as possible out of the "from" buffer into the "to"
- * buffer. Return value is the amount moved. The amount moved can be restricted
- * to a maximum by specifying "cap" - setting it to -1 means no limit. */
-unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap);
-#endif
-
-#ifndef NO_IP
-/* Read or write between a file-descriptor and a buffer */
-int buffer_from_fd(buffer_t *buf, int fd);
-int buffer_to_fd(buffer_t *buf, int fd);
-#endif /* !defined(NO_IP) */
-
-#ifndef NO_OPENSSL
-/* Read or write between an SSL or BIO and a buffer */
-void buffer_from_SSL(buffer_t *buf, SSL *ssl);
-void buffer_to_SSL(buffer_t *buf, SSL *ssl);
-void buffer_from_BIO(buffer_t *buf, BIO *bio);
-void buffer_to_BIO(buffer_t *buf, BIO *bio);
-
-/* Callbacks */
-void cb_ssl_info(const SSL *s, int where, int ret);
-void cb_ssl_info_set_output(FILE *fp); /* Called if output should be sent too */
-int cb_ssl_verify(int ok, X509_STORE_CTX *ctx);
-void cb_ssl_verify_set_output(FILE *fp);
-void cb_ssl_verify_set_depth(unsigned int verify_depth);
-void cb_ssl_verify_set_level(unsigned int level);
-RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength);
-#endif /* !defined(NO_OPENSSL) */
-#endif /* !defined(OPENSSL_NO_BUFFER) */
-
-#ifndef NO_TUNALA
-#ifdef OPENSSL_NO_BUFFER
-#error "TUNALA section of tunala.h requires BUFFER support"
-#endif
-typedef struct _state_machine_t {
- SSL *ssl;
- BIO *bio_intossl;
- BIO *bio_fromssl;
- buffer_t clean_in, clean_out;
- buffer_t dirty_in, dirty_out;
-} state_machine_t;
-typedef enum {
- SM_CLEAN_IN, SM_CLEAN_OUT,
- SM_DIRTY_IN, SM_DIRTY_OUT
-} sm_buffer_t;
-void state_machine_init(state_machine_t *machine);
-void state_machine_close(state_machine_t *machine);
-buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type);
-SSL *state_machine_get_SSL(state_machine_t *machine);
-int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server);
-/* Performs the data-IO loop and returns zero if the machine should close */
-int state_machine_churn(state_machine_t *machine);
-/* Is used to handle closing conditions - namely when one side of the tunnel has
- * closed but the other should finish flushing. */
-int state_machine_close_clean(state_machine_t *machine);
-int state_machine_close_dirty(state_machine_t *machine);
-#endif /* !defined(NO_TUNALA) */
-
-#ifndef NO_IP
-/* Initialise anything related to the networking. This includes blocking pesky
- * SIGPIPE signals. */
-int ip_initialise(void);
-/* ip is the 4-byte ip address (eg. 127.0.0.1 is {0x7F,0x00,0x00,0x01}), port is
- * the port to listen on (host byte order), and the return value is the
- * file-descriptor or -1 on error. */
-int ip_create_listener_split(const char *ip, unsigned short port);
-/* Same semantics as above. */
-int ip_create_connection_split(const char *ip, unsigned short port);
-/* Converts a string into the ip/port before calling the above */
-int ip_create_listener(const char *address);
-int ip_create_connection(const char *address);
-/* Just does a string conversion on its own. NB: If accept_all_ip is non-zero,
- * then the address string could be just a port. Ie. it's suitable for a
- * listening address but not a connecting address. */
-int ip_parse_address(const char *address, const char **parsed_ip,
- unsigned short *port, int accept_all_ip);
-/* Accepts an incoming connection through the listener. Assumes selects and
- * what-not have deemed it an appropriate thing to do. */
-int ip_accept_connection(int listen_fd);
-#endif /* !defined(NO_IP) */
-
-/* These functions wrap up things that can be portability hassles. */
-int int_strtoul(const char *str, unsigned long *val);
-#ifdef HAVE_STRSTR
-#define int_strstr strstr
-#else
-char *int_strstr(const char *haystack, const char *needle);
-#endif
-
-#endif /* !defined(_TUNALA_H) */
diff --git a/crypto/openssl/demos/x509/README b/crypto/openssl/demos/x509/README
deleted file mode 100644
index 88f9d6c..0000000
--- a/crypto/openssl/demos/x509/README
+++ /dev/null
@@ -1,3 +0,0 @@
-This directory contains examples of how to contruct
-various X509 structures. Certificates, certificate requests
-and CRLs.
diff --git a/crypto/openssl/demos/x509/mkcert.c b/crypto/openssl/demos/x509/mkcert.c
deleted file mode 100644
index c5e67b8..0000000
--- a/crypto/openssl/demos/x509/mkcert.c
+++ /dev/null
@@ -1,172 +0,0 @@
-/* Certificate creation. Demonstrates some certificate related
- * operations.
- */
-
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <openssl/pem.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
-int add_ext(X509 *cert, int nid, char *value);
-
-int main(int argc, char **argv)
- {
- BIO *bio_err;
- X509 *x509=NULL;
- EVP_PKEY *pkey=NULL;
-
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
-
- mkcert(&x509,&pkey,512,0,365);
-
- RSA_print_fp(stdout,pkey->pkey.rsa,0);
- X509_print_fp(stdout,x509);
-
- PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
- PEM_write_X509(stdout,x509);
-
- X509_free(x509);
- EVP_PKEY_free(pkey);
-
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
-#endif
- CRYPTO_cleanup_all_ex_data();
-
- CRYPTO_mem_leaks(bio_err);
- BIO_free(bio_err);
- return(0);
- }
-
-static void callback(int p, int n, void *arg)
- {
- char c='B';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- fputc(c,stderr);
- }
-
-int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
- {
- X509 *x;
- EVP_PKEY *pk;
- RSA *rsa;
- X509_NAME *name=NULL;
-
- if ((pkeyp == NULL) || (*pkeyp == NULL))
- {
- if ((pk=EVP_PKEY_new()) == NULL)
- {
- abort();
- return(0);
- }
- }
- else
- pk= *pkeyp;
-
- if ((x509p == NULL) || (*x509p == NULL))
- {
- if ((x=X509_new()) == NULL)
- goto err;
- }
- else
- x= *x509p;
-
- rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
- if (!EVP_PKEY_assign_RSA(pk,rsa))
- {
- abort();
- goto err;
- }
- rsa=NULL;
-
- X509_set_version(x,2);
- ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
- X509_gmtime_adj(X509_get_notBefore(x),0);
- X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
- X509_set_pubkey(x,pk);
-
- name=X509_get_subject_name(x);
-
- /* This function creates and adds the entry, working out the
- * correct string type and performing checks on its length.
- * Normally we'd check the return value for errors...
- */
- X509_NAME_add_entry_by_txt(name,"C",
- MBSTRING_ASC, "UK", -1, -1, 0);
- X509_NAME_add_entry_by_txt(name,"CN",
- MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
-
- /* Its self signed so set the issuer name to be the same as the
- * subject.
- */
- X509_set_issuer_name(x,name);
-
- /* Add various extensions: standard extensions */
- add_ext(x, NID_basic_constraints, "critical,CA:TRUE");
- add_ext(x, NID_key_usage, "critical,keyCertSign,cRLSign");
-
- add_ext(x, NID_subject_key_identifier, "hash");
-
- /* Some Netscape specific extensions */
- add_ext(x, NID_netscape_cert_type, "sslCA");
-
- add_ext(x, NID_netscape_comment, "example comment extension");
-
-
-#ifdef CUSTOM_EXT
- /* Maybe even add our own extension based on existing */
- {
- int nid;
- nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
- X509V3_EXT_add_alias(nid, NID_netscape_comment);
- add_ext(x, nid, "example comment alias");
- }
-#endif
-
- if (!X509_sign(x,pk,EVP_md5()))
- goto err;
-
- *x509p=x;
- *pkeyp=pk;
- return(1);
-err:
- return(0);
- }
-
-/* Add extension using V3 code: we can set the config file as NULL
- * because we wont reference any other sections.
- */
-
-int add_ext(X509 *cert, int nid, char *value)
- {
- X509_EXTENSION *ex;
- X509V3_CTX ctx;
- /* This sets the 'context' of the extensions. */
- /* No configuration database */
- X509V3_set_ctx_nodb(&ctx);
- /* Issuer and subject certs: both the target since it is self signed,
- * no request and no CRL
- */
- X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
- ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
- if (!ex)
- return 0;
-
- X509_add_ext(cert,ex,-1);
- X509_EXTENSION_free(ex);
- return 1;
- }
-
diff --git a/crypto/openssl/demos/x509/mkreq.c b/crypto/openssl/demos/x509/mkreq.c
deleted file mode 100644
index 3dfc65f..0000000
--- a/crypto/openssl/demos/x509/mkreq.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/* Certificate request creation. Demonstrates some request related
- * operations.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <openssl/pem.h>
-#include <openssl/conf.h>
-#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
-int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value);
-
-int main(int argc, char **argv)
- {
- BIO *bio_err;
- X509_REQ *req=NULL;
- EVP_PKEY *pkey=NULL;
-
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
-
- mkreq(&req,&pkey,512,0,365);
-
- RSA_print_fp(stdout,pkey->pkey.rsa,0);
- X509_REQ_print_fp(stdout,req);
-
- PEM_write_X509_REQ(stdout,req);
-
- X509_REQ_free(req);
- EVP_PKEY_free(pkey);
-
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
-#endif
- CRYPTO_cleanup_all_ex_data();
-
- CRYPTO_mem_leaks(bio_err);
- BIO_free(bio_err);
- return(0);
- }
-
-static void callback(int p, int n, void *arg)
- {
- char c='B';
-
- if (p == 0) c='.';
- if (p == 1) c='+';
- if (p == 2) c='*';
- if (p == 3) c='\n';
- fputc(c,stderr);
- }
-
-int mkreq(X509_REQ **req, EVP_PKEY **pkeyp, int bits, int serial, int days)
- {
- X509_REQ *x;
- EVP_PKEY *pk;
- RSA *rsa;
- X509_NAME *name=NULL;
- STACK_OF(X509_EXTENSION) *exts = NULL;
-
- if ((pk=EVP_PKEY_new()) == NULL)
- goto err;
-
- if ((x=X509_REQ_new()) == NULL)
- goto err;
-
- rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
- if (!EVP_PKEY_assign_RSA(pk,rsa))
- goto err;
-
- rsa=NULL;
-
- X509_REQ_set_pubkey(x,pk);
-
- name=X509_REQ_get_subject_name(x);
-
- /* This function creates and adds the entry, working out the
- * correct string type and performing checks on its length.
- * Normally we'd check the return value for errors...
- */
- X509_NAME_add_entry_by_txt(name,"C",
- MBSTRING_ASC, "UK", -1, -1, 0);
- X509_NAME_add_entry_by_txt(name,"CN",
- MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
-
-#ifdef REQUEST_EXTENSIONS
- /* Certificate requests can contain extensions, which can be used
- * to indicate the extensions the requestor would like added to
- * their certificate. CAs might ignore them however or even choke
- * if they are present.
- */
-
- /* For request extensions they are all packed in a single attribute.
- * We save them in a STACK and add them all at once later...
- */
-
- exts = sk_X509_EXTENSION_new_null();
- /* Standard extenions */
-
- add_ext(exts, NID_key_usage, "critical,digitalSignature,keyEncipherment");
-
- /* This is a typical use for request extensions: requesting a value for
- * subject alternative name.
- */
-
- add_ext(exts, NID_subject_alt_name, "email:steve@openssl.org");
-
- /* Some Netscape specific extensions */
- add_ext(exts, NID_netscape_cert_type, "client,email");
-
-
-
-#ifdef CUSTOM_EXT
- /* Maybe even add our own extension based on existing */
- {
- int nid;
- nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
- X509V3_EXT_add_alias(nid, NID_netscape_comment);
- add_ext(x, nid, "example comment alias");
- }
-#endif
-
- /* Now we've created the extensions we add them to the request */
-
- X509_REQ_add_extensions(x, exts);
-
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-
-#endif
-
- if (!X509_REQ_sign(x,pk,EVP_md5()))
- goto err;
-
- *req=x;
- *pkeyp=pk;
- return(1);
-err:
- return(0);
- }
-
-/* Add extension using V3 code: we can set the config file as NULL
- * because we wont reference any other sections.
- */
-
-int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value)
- {
- X509_EXTENSION *ex;
- ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);
- if (!ex)
- return 0;
- sk_X509_EXTENSION_push(sk, ex);
-
- return 1;
- }
-
diff --git a/crypto/openssl/doc/HOWTO/certificates.txt b/crypto/openssl/doc/HOWTO/certificates.txt
deleted file mode 100644
index a8a34c7..0000000
--- a/crypto/openssl/doc/HOWTO/certificates.txt
+++ /dev/null
@@ -1,105 +0,0 @@
-<DRAFT!>
- HOWTO certificates
-
-1. Introduction
-
-How you handle certificates depend a great deal on what your role is.
-Your role can be one or several of:
-
- - User of some client software
- - User of some server software
- - Certificate authority
-
-This file is for users who wish to get a certificate of their own.
-Certificate authorities should read ca.txt.
-
-In all the cases shown below, the standard configuration file, as
-compiled into openssl, will be used. You may find it in /etc/,
-/usr/local/ssl/ or somewhere else. The name is openssl.cnf, and
-is better described in another HOWTO <config.txt?>. If you want to
-use a different configuration file, use the argument '-config {file}'
-with the command shown below.
-
-
-2. Relationship with keys
-
-Certificates are related to public key cryptography by containing a
-public key. To be useful, there must be a corresponding private key
-somewhere. With OpenSSL, public keys are easily derived from private
-keys, so before you create a certificate or a certificate request, you
-need to create a private key.
-
-Private keys are generated with 'openssl genrsa' if you want a RSA
-private key, or 'openssl gendsa' if you want a DSA private key.
-Further information on how to create private keys can be found in
-another HOWTO <keys.txt?>. The rest of this text assumes you have
-a private key in the file privkey.pem.
-
-
-3. Creating a certificate request
-
-To create a certificate, you need to start with a certificate
-request (or, as some certificate authorities like to put
-it, "certificate signing request", since that's exactly what they do,
-they sign it and give you the result back, thus making it authentic
-according to their policies). A certificate request can then be sent
-to a certificate authority to get it signed into a certificate, or if
-you have your own certificate authority, you may sign it yourself, or
-if you need a self-signed certificate (because you just want a test
-certificate or because you are setting up your own CA).
-
-The certificate request is created like this:
-
- openssl req -new -key privkey.pem -out cert.csr
-
-Now, cert.csr can be sent to the certificate authority, if they can
-handle files in PEM format. If not, use the extra argument '-outform'
-followed by the keyword for the format to use (see another HOWTO
-<formats.txt?>). In some cases, that isn't sufficient and you will
-have to be more creative.
-
-When the certificate authority has then done the checks the need to
-do (and probably gotten payment from you), they will hand over your
-new certificate to you.
-
-Section 5 will tell you more on how to handle the certificate you
-received.
-
-
-4. Creating a self-signed test certificate
-
-If you don't want to deal with another certificate authority, or just
-want to create a test certificate for yourself. This is similar to
-creating a certificate request, but creates a certificate instead of
-a certificate request. This is NOT the recommended way to create a
-CA certificate, see ca.txt.
-
- openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
-
-
-5. What to do with the certificate
-
-If you created everything yourself, or if the certificate authority
-was kind enough, your certificate is a raw DER thing in PEM format.
-Your key most definitely is if you have followed the examples above.
-However, some (most?) certificate authorities will encode them with
-things like PKCS7 or PKCS12, or something else. Depending on your
-applications, this may be perfectly OK, it all depends on what they
-know how to decode. If not, There are a number of OpenSSL tools to
-convert between some (most?) formats.
-
-So, depending on your application, you may have to convert your
-certificate and your key to various formats, most often also putting
-them together into one file. The ways to do this is described in
-another HOWTO <formats.txt?>, I will just mention the simplest case.
-In the case of a raw DER thing in PEM format, and assuming that's all
-right for yor applications, simply concatenating the certificate and
-the key into a new file and using that one should be enough. With
-some applications, you don't even have to do that.
-
-
-By now, you have your cetificate and your private key and can start
-using the software that depend on it.
-
---
-Richard Levitte
diff --git a/crypto/openssl/doc/HOWTO/keys.txt b/crypto/openssl/doc/HOWTO/keys.txt
deleted file mode 100644
index 7ae2a3a..0000000
--- a/crypto/openssl/doc/HOWTO/keys.txt
+++ /dev/null
@@ -1,73 +0,0 @@
-<DRAFT!>
- HOWTO keys
-
-1. Introduction
-
-Keys are the basis of public key algorithms and PKI. Keys usually
-come in pairs, with one half being the public key and the other half
-being the private key. With OpenSSL, the private key contains the
-public key information as well, so a public key doesn't need to be
-generated separately.
-
-Public keys come in several flavors, using different cryptographic
-algorithms. The most popular ones associated with certificates are
-RSA and DSA, and this HOWTO will show how to generate each of them.
-
-
-2. To generate a RSA key
-
-A RSA key can be used both for encryption and for signing.
-
-Generating a key for the RSA algorithm is quite easy, all you have to
-do is the following:
-
- openssl genrsa -des3 -out privkey.pem 2048
-
-With this variant, you will be prompted for a protecting password. If
-you don't want your key to be protected by a password, remove the flag
-'-des3' from the command line above.
-
- NOTE: if you intend to use the key together with a server
- certificate, it may be a good thing to avoid protecting it
- with a password, since that would mean someone would have to
- type in the password every time the server needs to access
- the key.
-
-The number 2048 is the size of the key, in bits. Today, 2048 or
-higher is recommended for RSA keys, as fewer amount of bits is
-consider insecure or to be insecure pretty soon.
-
-
-3. To generate a DSA key
-
-A DSA key can be used for signing only. This is important to keep
-in mind to know what kind of purposes a certificate request with a
-DSA key can really be used for.
-
-Generating a key for the DSA algorithm is a two-step process. First,
-you have to generate parameters from which to generate the key:
-
- openssl dsaparam -out dsaparam.pem 2048
-
-The number 2048 is the size of the key, in bits. Today, 2048 or
-higher is recommended for DSA keys, as fewer amount of bits is
-consider insecure or to be insecure pretty soon.
-
-When that is done, you can generate a key using the parameters in
-question (actually, several keys can be generated from the same
-parameters):
-
- openssl gendsa -des3 -out privkey.pem dsaparam.pem
-
-With this variant, you will be prompted for a protecting password. If
-you don't want your key to be protected by a password, remove the flag
-'-des3' from the command line above.
-
- NOTE: if you intend to use the key together with a server
- certificate, it may be a good thing to avoid protecting it
- with a password, since that would mean someone would have to
- type in the password every time the server needs to access
- the key.
-
---
-Richard Levitte
diff --git a/crypto/openssl/doc/HOWTO/proxy_certificates.txt b/crypto/openssl/doc/HOWTO/proxy_certificates.txt
deleted file mode 100644
index 3d36b02..0000000
--- a/crypto/openssl/doc/HOWTO/proxy_certificates.txt
+++ /dev/null
@@ -1,322 +0,0 @@
-<DRAFT!>
- HOWTO proxy certificates
-
-0. WARNING
-
-NONE OF THE CODE PRESENTED HERE HAVE BEEN CHECKED! They are just an
-example to show you how things can be done. There may be typos or
-type conflicts, and you will have to resolve them.
-
-1. Introduction
-
-Proxy certificates are defined in RFC 3820. They are really usual
-certificates with the mandatory extension proxyCertInfo.
-
-Proxy certificates are issued by an End Entity (typically a user),
-either directly with the EE certificate as issuing certificate, or by
-extension through an already issued proxy certificate.. They are used
-to extend rights to some other entity (a computer process, typically,
-or sometimes to the user itself), so it can perform operations in the
-name of the owner of the EE certificate.
-
-See http://www.ietf.org/rfc/rfc3820.txt for more information.
-
-
-2. A warning about proxy certificates
-
-Noone seems to have tested proxy certificates with security in mind.
-Basically, to this date, it seems that proxy certificates have only
-been used in a world that's highly aware of them. What would happen
-if an unsuspecting application is to validate a chain of certificates
-that contains proxy certificates? It would usually consider the leaf
-to be the certificate to check for authorisation data, and since proxy
-certificates are controlled by the EE certificate owner alone, it's
-would be normal to consider what the EE certificate owner could do
-with them.
-
-subjectAltName and issuerAltName are forbidden in proxy certificates,
-and this is enforced in OpenSSL. The subject must be the same as the
-issuer, with one commonName added on.
-
-Possible threats are, as far as has been imagined so far:
-
- - impersonation through commonName (think server certificates).
- - use of additional extensions, possibly non-standard ones used in
- certain environments, that would grant extra or different
- authorisation rights.
-
-For this reason, OpenSSL requires that the use of proxy certificates
-be explicitely allowed. Currently, this can be done using the
-following methods:
-
- - if the application calls X509_verify_cert() itself, it can do the
- following prior to that call (ctx is the pointer passed in the call
- to X509_verify_cert()):
-
- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
-
- - in all other cases, proxy certificate validation can be enabled
- before starting the application by setting the envirnoment variable
- OPENSSL_ALLOW_PROXY with some non-empty value.
-
-There are thoughts to allow proxy certificates with a line in the
-default openssl.cnf, but that's still in the future.
-
-
-3. How to create proxy cerificates
-
-It's quite easy to create proxy certificates, by taking advantage of
-the lack of checks of the 'openssl x509' application (*ahem*). But
-first, you need to create a configuration section that contains a
-definition of the proxyCertInfo extension, a little like this:
-
- [ v3_proxy ]
- # A proxy certificate MUST NEVER be a CA certificate.
- basicConstraints=CA:FALSE
-
- # Usual authority key ID
- authorityKeyIdentifier=keyid,issuer:always
-
- # Now, for the extension that marks this certificate as a proxy one
- proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
-
-It's also possible to give the proxy extension in a separate section:
-
- proxyCertInfo=critical,@proxy_ext
-
- [ proxy_ext ]
- language=id-ppl-anyLanguage
- pathlen=0
- policy=text:BC
-
-The policy value has a specific syntax, {syntag}:{string}, where the
-syntag determines what will be done with the string. The recognised
-syntags are as follows:
-
- text indicates that the string is simply the bytes, not
- encoded in any kind of way:
-
- policy=text:räksmörgås
-
- Previous versions of this design had a specific tag
- for UTF-8 text. However, since the bytes are copied
- as-is anyway, there's no need for it. Instead, use
- the text: tag, like this:
-
- policy=text:räksmörgås
-
- hex indicates the string is encoded in hex, with colons
- between each byte (every second hex digit):
-
- policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73
-
- Previous versions of this design had a tag to insert a
- complete DER blob. However, the only legal use for
- this would be to surround the bytes that would go with
- the hex: tag with what's needed to construct a correct
- OCTET STRING. Since hex: does that, the DER tag felt
- superfluous, and was therefore removed.
-
- file indicates that the text of the policy should really be
- taken from a file. The string is then really a file
- name. This is useful for policies that are large
- (more than a few of lines) XML documents, for example.
-
-The 'policy' setting can be split up in multiple lines like this:
-
- 0.policy=This is
- 1.polisy= a multi-
- 2.policy=line policy.
-
-NOTE: the proxy policy value is the part that determines the rights
-granted to the process using the proxy certificate. The value is
-completely dependent on the application reading and interpretting it!
-
-Now that you have created an extension section for your proxy
-certificate, you can now easily create a proxy certificate like this:
-
- openssl req -new -config openssl.cnf \
- -out proxy.req -keyout proxy.key
- openssl x509 -req -CAcreateserial -in proxy.req -days 7 \
- -out proxy.crt -CA user.crt -CAkey user.key \
- -extfile openssl.cnf -extensions v3_proxy
-
-It's just as easy to create a proxy certificate using another proxy
-certificate as issuer (note that I'm using a different configuration
-section for it):
-
- openssl req -new -config openssl.cnf \
- -out proxy2.req -keyout proxy2.key
- openssl x509 -req -CAcreateserial -in proxy2.req -days 7 \
- -out proxy2.crt -CA proxy.crt -CAkey proxy.key \
- -extfile openssl.cnf -extensions v3_proxy2
-
-
-4. How to have your application interpret the policy?
-
-The basic way to interpret proxy policies is to prepare some default
-rights, then do a check of the proxy certificate against the a chain
-of proxy certificates, user certificate and CA certificates, and see
-what rights came out by the end. Sounds easy, huh? It almost is.
-
-The slightly complicated part is how to pass data between your
-application and the certificate validation procedure.
-
-You need the following ingredients:
-
- - a callback routing that will be called for every certificate that's
- validated. It will be called several times for each certificates,
- so you must be attentive to when it's a good time to do the proxy
- policy interpretation and check, as well as to fill in the defaults
- when the EE certificate is checked.
-
- - a structure of data that's shared between your application code and
- the callback.
-
- - a wrapper function that sets it all up.
-
- - an ex_data index function that creates an index into the generic
- ex_data store that's attached to an X509 validation context.
-
-This is some cookbook code for you to fill in:
-
- /* In this example, I will use a view of granted rights as a bit
- array, one bit for each possible right. */
- typedef struct your_rights {
- unsigned char rights[total_rights / 8];
- } YOUR_RIGHTS;
-
- /* The following procedure will create an index for the ex_data
- store in the X509 validation context the first time it's called.
- Subsequent calls will return the same index. */
- static int get_proxy_auth_ex_data_idx(void)
- {
- static volatile int idx = -1;
- if (idx < 0)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
- if (idx < 0)
- {
- idx = X509_STORE_CTX_get_ex_new_index(0,
- "for verify callback",
- NULL,NULL,NULL);
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
- }
- return idx;
- }
-
- /* Callback to be given to the X509 validation procedure. */
- static int verify_callback(int ok, X509_STORE_CTX *ctx)
- {
- if (ok == 1) /* It's REALLY important you keep the proxy policy
- check within this secion. It's important to know
- that when ok is 1, the certificates are checked
- from top to bottom. You get the CA root first,
- followed by the possible chain of intermediate
- CAs, followed by the EE certificate, followed by
- the possible proxy certificates. */
- {
- X509 *xs = ctx->current_cert;
-
- if (xs->ex_flags & EXFLAG_PROXY)
- {
- YOUR_RIGHTS *rights =
- (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
- get_proxy_auth_ex_data_idx());
- PROXY_CERT_INFO_EXTENSION *pci =
- X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL);
-
- switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage))
- {
- case NID_Independent:
- /* Do whatever you need to grant explicit rights to
- this particular proxy certificate, usually by
- pulling them from some database. If there are none
- to be found, clear all rights (making this and any
- subsequent proxy certificate void of any rights).
- */
- memset(rights->rights, 0, sizeof(rights->rights));
- break;
- case NID_id_ppl_inheritAll:
- /* This is basically a NOP, we simply let the current
- rights stand as they are. */
- break;
- default:
- /* This is usually the most complex section of code.
- You really do whatever you want as long as you
- follow RFC 3820. In the example we use here, the
- simplest thing to do is to build another, temporary
- bit array and fill it with the rights granted by
- the current proxy certificate, then use it as a
- mask on the accumulated rights bit array, and
- voilà, you now have a new accumulated rights bit
- array. */
- {
- int i;
- YOUR_RIGHTS tmp_rights;
- memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights));
-
- /* process_rights() is supposed to be a procedure
- that takes a string and it's length, interprets
- it and sets the bits in the YOUR_RIGHTS pointed
- at by the third argument. */
- process_rights((char *) pci->proxyPolicy->policy->data,
- pci->proxyPolicy->policy->length,
- &tmp_rights);
-
- for(i = 0; i < total_rights / 8; i++)
- rights->rights[i] &= tmp_rights.rights[i];
- }
- break;
- }
- PROXY_CERT_INFO_EXTENSION_free(pci);
- }
- else if (!(xs->ex_flags & EXFLAG_CA))
- {
- /* We have a EE certificate, let's use it to set default!
- */
- YOUR_RIGHTS *rights =
- (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
- get_proxy_auth_ex_data_idx());
-
- /* The following procedure finds out what rights the owner
- of the current certificate has, and sets them in the
- YOUR_RIGHTS structure pointed at by the second
- argument. */
- set_default_rights(xs, rights);
- }
- }
- return ok;
- }
-
- static int my_X509_verify_cert(X509_STORE_CTX *ctx,
- YOUR_RIGHTS *needed_rights)
- {
- int i;
- int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) = ctx->verify_cb;
- YOUR_RIGHTS rights;
-
- X509_STORE_CTX_set_verify_cb(ctx, verify_callback);
- X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(), &rights);
- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
- ok = X509_verify_cert(ctx);
-
- if (ok == 1)
- {
- ok = check_needed_rights(rights, needed_rights);
- }
-
- X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb);
-
- return ok;
- }
-
-If you use SSL or TLS, you can easily set up a callback to have the
-certificates checked properly, using the code above:
-
- SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, &needed_rights);
-
-
---
-Richard Levitte
diff --git a/crypto/openssl/doc/README b/crypto/openssl/doc/README
deleted file mode 100644
index 6ecc14d..0000000
--- a/crypto/openssl/doc/README
+++ /dev/null
@@ -1,12 +0,0 @@
-
- apps/openssl.pod .... Documentation of OpenSSL `openssl' command
- crypto/crypto.pod ... Documentation of OpenSSL crypto.h+libcrypto.a
- ssl/ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a
- openssl.txt ......... Assembled documentation files for OpenSSL [not final]
- ssleay.txt .......... Assembled documentation of ancestor SSLeay [obsolete]
- standards.txt ....... Assembled pointers to standards, RFCs or internet drafts
- that are related to OpenSSL.
-
- An archive of HTML documents for the SSLeay library is available from
- http://www.columbia.edu/~ariel/ssleay/
-
diff --git a/crypto/openssl/doc/apps/CA.pl.pod b/crypto/openssl/doc/apps/CA.pl.pod
deleted file mode 100644
index ed69952..0000000
--- a/crypto/openssl/doc/apps/CA.pl.pod
+++ /dev/null
@@ -1,179 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-CA.pl - friendlier interface for OpenSSL certificate programs
-
-=head1 SYNOPSIS
-
-B<CA.pl>
-[B<-?>]
-[B<-h>]
-[B<-help>]
-[B<-newcert>]
-[B<-newreq>]
-[B<-newreq-nodes>]
-[B<-newca>]
-[B<-xsign>]
-[B<-sign>]
-[B<-signreq>]
-[B<-signcert>]
-[B<-verify>]
-[B<files>]
-
-=head1 DESCRIPTION
-
-The B<CA.pl> script is a perl script that supplies the relevant command line
-arguments to the B<openssl> command for some common certificate operations.
-It is intended to simplify the process of certificate creation and management
-by the use of some simple options.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<?>, B<-h>, B<-help>
-
-prints a usage message.
-
-=item B<-newcert>
-
-creates a new self signed certificate. The private key and certificate are
-written to the file "newreq.pem".
-
-=item B<-newreq>
-
-creates a new certificate request. The private key and request are
-written to the file "newreq.pem".
-
-=item B<-newreq-nodes>
-
-is like B<-newreq> except that the private key will not be encrypted.
-
-=item B<-newca>
-
-creates a new CA hierarchy for use with the B<ca> program (or the B<-signcert>
-and B<-xsign> options). The user is prompted to enter the filename of the CA
-certificates (which should also contain the private key) or by hitting ENTER
-details of the CA will be prompted for. The relevant files and directories
-are created in a directory called "demoCA" in the current directory.
-
-=item B<-pkcs12>
-
-create a PKCS#12 file containing the user certificate, private key and CA
-certificate. It expects the user certificate and private key to be in the
-file "newcert.pem" and the CA certificate to be in the file demoCA/cacert.pem,
-it creates a file "newcert.p12". This command can thus be called after the
-B<-sign> option. The PKCS#12 file can be imported directly into a browser.
-If there is an additional argument on the command line it will be used as the
-"friendly name" for the certificate (which is typically displayed in the browser
-list box), otherwise the name "My Certificate" is used.
-
-=item B<-sign>, B<-signreq>, B<-xsign>
-
-calls the B<ca> program to sign a certificate request. It expects the request
-to be in the file "newreq.pem". The new certificate is written to the file
-"newcert.pem" except in the case of the B<-xsign> option when it is written
-to standard output.
-
-
-=item B<-signCA>
-
-this option is the same as the B<-signreq> option except it uses the configuration
-file section B<v3_ca> and so makes the signed request a valid CA certificate. This
-is useful when creating intermediate CA from a root CA.
-
-=item B<-signcert>
-
-this option is the same as B<-sign> except it expects a self signed certificate
-to be present in the file "newreq.pem".
-
-=item B<-verify>
-
-verifies certificates against the CA certificate for "demoCA". If no certificates
-are specified on the command line it tries to verify the file "newcert.pem".
-
-=item B<files>
-
-one or more optional certificate file names for use with the B<-verify> command.
-
-=back
-
-=head1 EXAMPLES
-
-Create a CA hierarchy:
-
- CA.pl -newca
-
-Complete certificate creation example: create a CA, create a request, sign
-the request and finally create a PKCS#12 file containing it.
-
- CA.pl -newca
- CA.pl -newreq
- CA.pl -signreq
- CA.pl -pkcs12 "My Test Certificate"
-
-=head1 DSA CERTIFICATES
-
-Although the B<CA.pl> creates RSA CAs and requests it is still possible to
-use it with DSA certificates and requests using the L<req(1)|req(1)> command
-directly. The following example shows the steps that would typically be taken.
-
-Create some DSA parameters:
-
- openssl dsaparam -out dsap.pem 1024
-
-Create a DSA CA certificate and private key:
-
- openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem
-
-Create the CA directories and files:
-
- CA.pl -newca
-
-enter cacert.pem when prompted for the CA file name.
-
-Create a DSA certificate request and private key (a different set of parameters
-can optionally be created first):
-
- openssl req -out newreq.pem -newkey dsa:dsap.pem
-
-Sign the request:
-
- CA.pl -signreq
-
-=head1 NOTES
-
-Most of the filenames mentioned can be modified by editing the B<CA.pl> script.
-
-If the demoCA directory already exists then the B<-newca> command will not
-overwrite it and will do nothing. This can happen if a previous call using
-the B<-newca> option terminated abnormally. To get the correct behaviour
-delete the demoCA directory if it already exists.
-
-Under some environments it may not be possible to run the B<CA.pl> script
-directly (for example Win32) and the default configuration file location may
-be wrong. In this case the command:
-
- perl -S CA.pl
-
-can be used and the B<OPENSSL_CONF> environment variable changed to point to
-the correct path of the configuration file "openssl.cnf".
-
-The script is intended as a simple front end for the B<openssl> program for use
-by a beginner. Its behaviour isn't always what is wanted. For more control over the
-behaviour of the certificate commands call the B<openssl> command directly.
-
-=head1 ENVIRONMENT VARIABLES
-
-The variable B<OPENSSL_CONF> if defined allows an alternative configuration
-file location to be specified, it should contain the full path to the
-configuration file, not just its directory.
-
-=head1 SEE ALSO
-
-L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<req(1)|req(1)>, L<pkcs12(1)|pkcs12(1)>,
-L<config(5)|config(5)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/asn1parse.pod b/crypto/openssl/doc/apps/asn1parse.pod
deleted file mode 100644
index 542d969..0000000
--- a/crypto/openssl/doc/apps/asn1parse.pod
+++ /dev/null
@@ -1,171 +0,0 @@
-=pod
-
-=head1 NAME
-
-asn1parse - ASN.1 parsing tool
-
-=head1 SYNOPSIS
-
-B<openssl> B<asn1parse>
-[B<-inform PEM|DER>]
-[B<-in filename>]
-[B<-out filename>]
-[B<-noout>]
-[B<-offset number>]
-[B<-length number>]
-[B<-i>]
-[B<-oid filename>]
-[B<-strparse offset>]
-[B<-genstr string>]
-[B<-genconf file>]
-
-=head1 DESCRIPTION
-
-The B<asn1parse> command is a diagnostic utility that can parse ASN.1
-structures. It can also be used to extract data from ASN.1 formatted data.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-inform> B<DER|PEM>
-
-the input format. B<DER> is binary format and B<PEM> (the default) is base64
-encoded.
-
-=item B<-in filename>
-
-the input file, default is standard input
-
-=item B<-out filename>
-
-output file to place the DER encoded data into. If this
-option is not present then no data will be output. This is most useful when
-combined with the B<-strparse> option.
-
-=item B<-noout>
-
-don't output the parsed version of the input file.
-
-=item B<-offset number>
-
-starting offset to begin parsing, default is start of file.
-
-=item B<-length number>
-
-number of bytes to parse, default is until end of file.
-
-=item B<-i>
-
-indents the output according to the "depth" of the structures.
-
-=item B<-oid filename>
-
-a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this
-file is described in the NOTES section below.
-
-=item B<-strparse offset>
-
-parse the contents octets of the ASN.1 object starting at B<offset>. This
-option can be used multiple times to "drill down" into a nested structure.
-
-=item B<-genstr string>, B<-genconf file>
-
-generate encoded data based on B<string>, B<file> or both using
-ASN1_generate_nconf() format. If B<file> only is present then the string
-is obtained from the default section using the name B<asn1>. The encoded
-data is passed through the ASN1 parser and printed out as though it came
-from a file, the contents can thus be examined and written to a file
-using the B<out> option.
-
-=back
-
-=head2 OUTPUT
-
-The output will typically contain lines like this:
-
- 0:d=0 hl=4 l= 681 cons: SEQUENCE
-
-.....
-
- 229:d=3 hl=3 l= 141 prim: BIT STRING
- 373:d=2 hl=3 l= 162 cons: cont [ 3 ]
- 376:d=3 hl=3 l= 159 cons: SEQUENCE
- 379:d=4 hl=2 l= 29 cons: SEQUENCE
- 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
- 386:d=5 hl=2 l= 22 prim: OCTET STRING
- 410:d=4 hl=2 l= 112 cons: SEQUENCE
- 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
- 417:d=5 hl=2 l= 105 prim: OCTET STRING
- 524:d=4 hl=2 l= 12 cons: SEQUENCE
-
-.....
-
-This example is part of a self signed certificate. Each line starts with the
-offset in decimal. B<d=XX> specifies the current depth. The depth is increased
-within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length
-(tag and length octets) of the current type. B<l=XX> gives the length of
-the contents octets.
-
-The B<-i> option can be used to make the output more readable.
-
-Some knowledge of the ASN.1 structure is needed to interpret the output.
-
-In this example the BIT STRING at offset 229 is the certificate public key.
-The contents octets of this will contain the public key information. This can
-be examined using the option B<-strparse 229> to yield:
-
- 0:d=0 hl=3 l= 137 cons: SEQUENCE
- 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
- 135:d=1 hl=2 l= 3 prim: INTEGER :010001
-
-=head1 NOTES
-
-If an OID is not part of OpenSSL's internal table it will be represented in
-numerical form (for example 1.2.3.4). The file passed to the B<-oid> option
-allows additional OIDs to be included. Each line consists of three columns,
-the first column is the OID in numerical format and should be followed by white
-space. The second column is the "short name" which is a single word followed
-by white space. The final column is the rest of the line and is the
-"long name". B<asn1parse> displays the long name. Example:
-
-C<1.2.3.4 shortName A long name>
-
-=head1 EXAMPLES
-
-Parse a file:
-
- openssl asn1parse -in file.pem
-
-Parse a DER file:
-
- openssl asn1parse -inform DER -in file.der
-
-Generate a simple UTF8String:
-
- openssl asn1parse -genstr 'UTF8:Hello World'
-
-Generate and write out a UTF8String, don't print parsed output:
-
- openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
-
-Generate using a config file:
-
- openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
-
-Example config file:
-
- asn1=SEQUENCE:seq_sect
-
- [seq_sect]
-
- field1=BOOL:TRUE
- field2=EXP:0, UTF8:some random string
-
-
-=head1 BUGS
-
-There should be options to change the format of output lines. The output of some
-ASN.1 types is not well handled (if at all).
-
-=cut
diff --git a/crypto/openssl/doc/apps/ca.pod b/crypto/openssl/doc/apps/ca.pod
deleted file mode 100644
index 5618c2d..0000000
--- a/crypto/openssl/doc/apps/ca.pod
+++ /dev/null
@@ -1,671 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-ca - sample minimal CA application
-
-=head1 SYNOPSIS
-
-B<openssl> B<ca>
-[B<-verbose>]
-[B<-config filename>]
-[B<-name section>]
-[B<-gencrl>]
-[B<-revoke file>]
-[B<-crl_reason reason>]
-[B<-crl_hold instruction>]
-[B<-crl_compromise time>]
-[B<-crl_CA_compromise time>]
-[B<-crldays days>]
-[B<-crlhours hours>]
-[B<-crlexts section>]
-[B<-startdate date>]
-[B<-enddate date>]
-[B<-days arg>]
-[B<-md arg>]
-[B<-policy arg>]
-[B<-keyfile arg>]
-[B<-key arg>]
-[B<-passin arg>]
-[B<-cert file>]
-[B<-selfsign>]
-[B<-in file>]
-[B<-out file>]
-[B<-notext>]
-[B<-outdir dir>]
-[B<-infiles>]
-[B<-spkac file>]
-[B<-ss_cert file>]
-[B<-preserveDN>]
-[B<-noemailDN>]
-[B<-batch>]
-[B<-msie_hack>]
-[B<-extensions section>]
-[B<-extfile section>]
-[B<-engine id>]
-[B<-subj arg>]
-[B<-utf8>]
-[B<-multivalue-rdn>]
-
-=head1 DESCRIPTION
-
-The B<ca> command is a minimal CA application. It can be used
-to sign certificate requests in a variety of forms and generate
-CRLs it also maintains a text database of issued certificates
-and their status.
-
-The options descriptions will be divided into each purpose.
-
-=head1 CA OPTIONS
-
-=over 4
-
-=item B<-config filename>
-
-specifies the configuration file to use.
-
-=item B<-name section>
-
-specifies the configuration file section to use (overrides
-B<default_ca> in the B<ca> section).
-
-=item B<-in filename>
-
-an input filename containing a single certificate request to be
-signed by the CA.
-
-=item B<-ss_cert filename>
-
-a single self signed certificate to be signed by the CA.
-
-=item B<-spkac filename>
-
-a file containing a single Netscape signed public key and challenge
-and additional field values to be signed by the CA. See the B<SPKAC FORMAT>
-section for information on the required format.
-
-=item B<-infiles>
-
-if present this should be the last option, all subsequent arguments
-are assumed to the the names of files containing certificate requests.
-
-=item B<-out filename>
-
-the output file to output certificates to. The default is standard
-output. The certificate details will also be printed out to this
-file.
-
-=item B<-outdir directory>
-
-the directory to output certificates to. The certificate will be
-written to a filename consisting of the serial number in hex with
-".pem" appended.
-
-=item B<-cert>
-
-the CA certificate file.
-
-=item B<-keyfile filename>
-
-the private key to sign requests with.
-
-=item B<-key password>
-
-the password used to encrypt the private key. Since on some
-systems the command line arguments are visible (e.g. Unix with
-the 'ps' utility) this option should be used with caution.
-
-=item B<-selfsign>
-
-indicates the issued certificates are to be signed with the key
-the certificate requests were signed with (given with B<-keyfile>).
-Cerificate requests signed with a different key are ignored. If
-B<-spkac>, B<-ss_cert> or B<-gencrl> are given, B<-selfsign> is
-ignored.
-
-A consequence of using B<-selfsign> is that the self-signed
-certificate appears among the entries in the certificate database
-(see the configuration option B<database>), and uses the same
-serial number counter as all other certificates sign with the
-self-signed certificate.
-
-=item B<-passin arg>
-
-the key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-verbose>
-
-this prints extra details about the operations being performed.
-
-=item B<-notext>
-
-don't output the text form of a certificate to the output file.
-
-=item B<-startdate date>
-
-this allows the start date to be explicitly set. The format of the
-date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure).
-
-=item B<-enddate date>
-
-this allows the expiry date to be explicitly set. The format of the
-date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure).
-
-=item B<-days arg>
-
-the number of days to certify the certificate for.
-
-=item B<-md alg>
-
-the message digest to use. Possible values include md5, sha1 and mdc2.
-This option also applies to CRLs.
-
-=item B<-policy arg>
-
-this option defines the CA "policy" to use. This is a section in
-the configuration file which decides which fields should be mandatory
-or match the CA certificate. Check out the B<POLICY FORMAT> section
-for more information.
-
-=item B<-msie_hack>
-
-this is a legacy option to make B<ca> work with very old versions of
-the IE certificate enrollment control "certenr3". It used UniversalStrings
-for almost everything. Since the old control has various security bugs
-its use is strongly discouraged. The newer control "Xenroll" does not
-need this option.
-
-=item B<-preserveDN>
-
-Normally the DN order of a certificate is the same as the order of the
-fields in the relevant policy section. When this option is set the order
-is the same as the request. This is largely for compatibility with the
-older IE enrollment control which would only accept certificates if their
-DNs match the order of the request. This is not needed for Xenroll.
-
-=item B<-noemailDN>
-
-The DN of a certificate can contain the EMAIL field if present in the
-request DN, however it is good policy just having the e-mail set into
-the altName extension of the certificate. When this option is set the
-EMAIL field is removed from the certificate' subject and set only in
-the, eventually present, extensions. The B<email_in_dn> keyword can be
-used in the configuration file to enable this behaviour.
-
-=item B<-batch>
-
-this sets the batch mode. In this mode no questions will be asked
-and all certificates will be certified automatically.
-
-=item B<-extensions section>
-
-the section of the configuration file containing certificate extensions
-to be added when a certificate is issued (defaults to B<x509_extensions>
-unless the B<-extfile> option is used). If no extension section is
-present then, a V1 certificate is created. If the extension section
-is present (even if it is empty), then a V3 certificate is created.
-
-=item B<-extfile file>
-
-an additional configuration file to read certificate extensions from
-(using the default section unless the B<-extensions> option is also
-used).
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<req>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=item B<-subj arg>
-
-supersedes subject name given in the request.
-The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
-characters may be escaped by \ (backslash), no spaces are skipped.
-
-=item B<-utf8>
-
-this option causes field values to be interpreted as UTF8 strings, by
-default they are interpreted as ASCII. This means that the field
-values, whether prompted from a terminal or obtained from a
-configuration file, must be valid UTF8 strings.
-
-=item B<-multivalue-rdn>
-
-this option causes the -subj argument to be interpretedt with full
-support for multivalued RDNs. Example:
-
-I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
-
-If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>.
-
-=back
-
-=head1 CRL OPTIONS
-
-=over 4
-
-=item B<-gencrl>
-
-this option generates a CRL based on information in the index file.
-
-=item B<-crldays num>
-
-the number of days before the next CRL is due. That is the days from
-now to place in the CRL nextUpdate field.
-
-=item B<-crlhours num>
-
-the number of hours before the next CRL is due.
-
-=item B<-revoke filename>
-
-a filename containing a certificate to revoke.
-
-=item B<-crl_reason reason>
-
-revocation reason, where B<reason> is one of: B<unspecified>, B<keyCompromise>,
-B<CACompromise>, B<affiliationChanged>, B<superseded>, B<cessationOfOperation>,
-B<certificateHold> or B<removeFromCRL>. The matching of B<reason> is case
-insensitive. Setting any revocation reason will make the CRL v2.
-
-In practive B<removeFromCRL> is not particularly useful because it is only used
-in delta CRLs which are not currently implemented.
-
-=item B<-crl_hold instruction>
-
-This sets the CRL revocation reason code to B<certificateHold> and the hold
-instruction to B<instruction> which must be an OID. Although any OID can be
-used only B<holdInstructionNone> (the use of which is discouraged by RFC2459)
-B<holdInstructionCallIssuer> or B<holdInstructionReject> will normally be used.
-
-=item B<-crl_compromise time>
-
-This sets the revocation reason to B<keyCompromise> and the compromise time to
-B<time>. B<time> should be in GeneralizedTime format that is B<YYYYMMDDHHMMSSZ>.
-
-=item B<-crl_CA_compromise time>
-
-This is the same as B<crl_compromise> except the revocation reason is set to
-B<CACompromise>.
-
-=item B<-crlexts section>
-
-the section of the configuration file containing CRL extensions to
-include. If no CRL extension section is present then a V1 CRL is
-created, if the CRL extension section is present (even if it is
-empty) then a V2 CRL is created. The CRL extensions specified are
-CRL extensions and B<not> CRL entry extensions. It should be noted
-that some software (for example Netscape) can't handle V2 CRLs.
-
-=back
-
-=head1 CONFIGURATION FILE OPTIONS
-
-The section of the configuration file containing options for B<ca>
-is found as follows: If the B<-name> command line option is used,
-then it names the section to be used. Otherwise the section to
-be used must be named in the B<default_ca> option of the B<ca> section
-of the configuration file (or in the default section of the
-configuration file). Besides B<default_ca>, the following options are
-read directly from the B<ca> section:
- RANDFILE
- preserve
- msie_hack
-With the exception of B<RANDFILE>, this is probably a bug and may
-change in future releases.
-
-Many of the configuration file options are identical to command line
-options. Where the option is present in the configuration file
-and the command line the command line value is used. Where an
-option is described as mandatory then it must be present in
-the configuration file or the command line equivalent (if
-any) used.
-
-=over 4
-
-=item B<oid_file>
-
-This specifies a file containing additional B<OBJECT IDENTIFIERS>.
-Each line of the file should consist of the numerical form of the
-object identifier followed by white space then the short name followed
-by white space and finally the long name.
-
-=item B<oid_section>
-
-This specifies a section in the configuration file containing extra
-object identifiers. Each line should consist of the short name of the
-object identifier followed by B<=> and the numerical form. The short
-and long names are the same when this option is used.
-
-=item B<new_certs_dir>
-
-the same as the B<-outdir> command line option. It specifies
-the directory where new certificates will be placed. Mandatory.
-
-=item B<certificate>
-
-the same as B<-cert>. It gives the file containing the CA
-certificate. Mandatory.
-
-=item B<private_key>
-
-same as the B<-keyfile> option. The file containing the
-CA private key. Mandatory.
-
-=item B<RANDFILE>
-
-a file used to read and write random number seed information, or
-an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-
-=item B<default_days>
-
-the same as the B<-days> option. The number of days to certify
-a certificate for.
-
-=item B<default_startdate>
-
-the same as the B<-startdate> option. The start date to certify
-a certificate for. If not set the current time is used.
-
-=item B<default_enddate>
-
-the same as the B<-enddate> option. Either this option or
-B<default_days> (or the command line equivalents) must be
-present.
-
-=item B<default_crl_hours default_crl_days>
-
-the same as the B<-crlhours> and the B<-crldays> options. These
-will only be used if neither command line option is present. At
-least one of these must be present to generate a CRL.
-
-=item B<default_md>
-
-the same as the B<-md> option. The message digest to use. Mandatory.
-
-=item B<database>
-
-the text database file to use. Mandatory. This file must be present
-though initially it will be empty.
-
-=item B<unique_subject>
-
-if the value B<yes> is given, the valid certificate entries in the
-database must have unique subjects. if the value B<no> is given,
-several valid certificate entries may have the exact same subject.
-The default value is B<yes>, to be compatible with older (pre 0.9.8)
-versions of OpenSSL. However, to make CA certificate roll-over easier,
-it's recommended to use the value B<no>, especially if combined with
-the B<-selfsign> command line option.
-
-=item B<serial>
-
-a text file containing the next serial number to use in hex. Mandatory.
-This file must be present and contain a valid serial number.
-
-=item B<crlnumber>
-
-a text file containing the next CRL number to use in hex. The crl number
-will be inserted in the CRLs only if this file exists. If this file is
-present, it must contain a valid CRL number.
-
-=item B<x509_extensions>
-
-the same as B<-extensions>.
-
-=item B<crl_extensions>
-
-the same as B<-crlexts>.
-
-=item B<preserve>
-
-the same as B<-preserveDN>
-
-=item B<email_in_dn>
-
-the same as B<-noemailDN>. If you want the EMAIL field to be removed
-from the DN of the certificate simply set this to 'no'. If not present
-the default is to allow for the EMAIL filed in the certificate's DN.
-
-=item B<msie_hack>
-
-the same as B<-msie_hack>
-
-=item B<policy>
-
-the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section
-for more information.
-
-=item B<name_opt>, B<cert_opt>
-
-these options allow the format used to display the certificate details
-when asking the user to confirm signing. All the options supported by
-the B<x509> utilities B<-nameopt> and B<-certopt> switches can be used
-here, except the B<no_signame> and B<no_sigdump> are permanently set
-and cannot be disabled (this is because the certificate signature cannot
-be displayed because the certificate has not been signed at this point).
-
-For convenience the values B<ca_default> are accepted by both to produce
-a reasonable output.
-
-If neither option is present the format used in earlier versions of
-OpenSSL is used. Use of the old format is B<strongly> discouraged because
-it only displays fields mentioned in the B<policy> section, mishandles
-multicharacter string types and does not display extensions.
-
-=item B<copy_extensions>
-
-determines how extensions in certificate requests should be handled.
-If set to B<none> or this option is not present then extensions are
-ignored and not copied to the certificate. If set to B<copy> then any
-extensions present in the request that are not already present are copied
-to the certificate. If set to B<copyall> then all extensions in the
-request are copied to the certificate: if the extension is already present
-in the certificate it is deleted first. See the B<WARNINGS> section before
-using this option.
-
-The main use of this option is to allow a certificate request to supply
-values for certain extensions such as subjectAltName.
-
-=back
-
-=head1 POLICY FORMAT
-
-The policy section consists of a set of variables corresponding to
-certificate DN fields. If the value is "match" then the field value
-must match the same field in the CA certificate. If the value is
-"supplied" then it must be present. If the value is "optional" then
-it may be present. Any fields not mentioned in the policy section
-are silently deleted, unless the B<-preserveDN> option is set but
-this can be regarded more of a quirk than intended behaviour.
-
-=head1 SPKAC FORMAT
-
-The input to the B<-spkac> command line option is a Netscape
-signed public key and challenge. This will usually come from
-the B<KEYGEN> tag in an HTML form to create a new private key.
-It is however possible to create SPKACs using the B<spkac> utility.
-
-The file should contain the variable SPKAC set to the value of
-the SPKAC and also the required DN components as name value pairs.
-If you need to include the same component twice then it can be
-preceded by a number and a '.'.
-
-=head1 EXAMPLES
-
-Note: these examples assume that the B<ca> directory structure is
-already set up and the relevant files already exist. This usually
-involves creating a CA certificate and private key with B<req>, a
-serial number file and an empty index file and placing them in
-the relevant directories.
-
-To use the sample configuration file below the directories demoCA,
-demoCA/private and demoCA/newcerts would be created. The CA
-certificate would be copied to demoCA/cacert.pem and its private
-key to demoCA/private/cakey.pem. A file demoCA/serial would be
-created containing for example "01" and the empty index file
-demoCA/index.txt.
-
-
-Sign a certificate request:
-
- openssl ca -in req.pem -out newcert.pem
-
-Sign a certificate request, using CA extensions:
-
- openssl ca -in req.pem -extensions v3_ca -out newcert.pem
-
-Generate a CRL
-
- openssl ca -gencrl -out crl.pem
-
-Sign several requests:
-
- openssl ca -infiles req1.pem req2.pem req3.pem
-
-Certify a Netscape SPKAC:
-
- openssl ca -spkac spkac.txt
-
-A sample SPKAC file (the SPKAC line has been truncated for clarity):
-
- SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5
- CN=Steve Test
- emailAddress=steve@openssl.org
- 0.OU=OpenSSL Group
- 1.OU=Another Group
-
-A sample configuration file with the relevant sections for B<ca>:
-
- [ ca ]
- default_ca = CA_default # The default ca section
-
- [ CA_default ]
-
- dir = ./demoCA # top dir
- database = $dir/index.txt # index file.
- new_certs_dir = $dir/newcerts # new certs dir
-
- certificate = $dir/cacert.pem # The CA cert
- serial = $dir/serial # serial no file
- private_key = $dir/private/cakey.pem# CA private key
- RANDFILE = $dir/private/.rand # random number file
-
- default_days = 365 # how long to certify for
- default_crl_days= 30 # how long before next CRL
- default_md = md5 # md to use
-
- policy = policy_any # default policy
- email_in_dn = no # Don't add the email into cert DN
-
- name_opt = ca_default # Subject name display option
- cert_opt = ca_default # Certificate display option
- copy_extensions = none # Don't copy extensions from request
-
- [ policy_any ]
- countryName = supplied
- stateOrProvinceName = optional
- organizationName = optional
- organizationalUnitName = optional
- commonName = supplied
- emailAddress = optional
-
-=head1 FILES
-
-Note: the location of all files can change either by compile time options,
-configuration file entries, environment variables or command line options.
-The values below reflect the default values.
-
- /usr/local/ssl/lib/openssl.cnf - master configuration file
- ./demoCA - main CA directory
- ./demoCA/cacert.pem - CA certificate
- ./demoCA/private/cakey.pem - CA private key
- ./demoCA/serial - CA serial number file
- ./demoCA/serial.old - CA serial number backup file
- ./demoCA/index.txt - CA text database file
- ./demoCA/index.txt.old - CA text database backup file
- ./demoCA/certs - certificate output file
- ./demoCA/.rnd - CA random seed information
-
-=head1 ENVIRONMENT VARIABLES
-
-B<OPENSSL_CONF> reflects the location of master configuration file it can
-be overridden by the B<-config> command line option.
-
-=head1 RESTRICTIONS
-
-The text database index file is a critical part of the process and
-if corrupted it can be difficult to fix. It is theoretically possible
-to rebuild the index file from all the issued certificates and a current
-CRL: however there is no option to do this.
-
-V2 CRL features like delta CRLs are not currently supported.
-
-Although several requests can be input and handled at once it is only
-possible to include one SPKAC or self signed certificate.
-
-=head1 BUGS
-
-The use of an in memory text database can cause problems when large
-numbers of certificates are present because, as the name implies
-the database has to be kept in memory.
-
-The B<ca> command really needs rewriting or the required functionality
-exposed at either a command or interface level so a more friendly utility
-(perl script or GUI) can handle things properly. The scripts B<CA.sh> and
-B<CA.pl> help a little but not very much.
-
-Any fields in a request that are not present in a policy are silently
-deleted. This does not happen if the B<-preserveDN> option is used. To
-enforce the absence of the EMAIL field within the DN, as suggested by
-RFCs, regardless the contents of the request' subject the B<-noemailDN>
-option can be used. The behaviour should be more friendly and
-configurable.
-
-Cancelling some commands by refusing to certify a certificate can
-create an empty file.
-
-=head1 WARNINGS
-
-The B<ca> command is quirky and at times downright unfriendly.
-
-The B<ca> utility was originally meant as an example of how to do things
-in a CA. It was not supposed to be used as a full blown CA itself:
-nevertheless some people are using it for this purpose.
-
-The B<ca> command is effectively a single user command: no locking is
-done on the various files and attempts to run more than one B<ca> command
-on the same database can have unpredictable results.
-
-The B<copy_extensions> option should be used with caution. If care is
-not taken then it can be a security risk. For example if a certificate
-request contains a basicConstraints extension with CA:TRUE and the
-B<copy_extensions> value is set to B<copyall> and the user does not spot
-this when the certificate is displayed then this will hand the requestor
-a valid CA certificate.
-
-This situation can be avoided by setting B<copy_extensions> to B<copy>
-and including basicConstraints with CA:FALSE in the configuration file.
-Then if the request contains a basicConstraints extension it will be
-ignored.
-
-It is advisable to also include values for other extensions such
-as B<keyUsage> to prevent a request supplying its own values.
-
-Additional restrictions can be placed on the CA certificate itself.
-For example if the CA certificate has:
-
- basicConstraints = CA:TRUE, pathlen:0
-
-then even if a certificate is issued with CA:TRUE it will not be valid.
-
-=head1 SEE ALSO
-
-L<req(1)|req(1)>, L<spkac(1)|spkac(1)>, L<x509(1)|x509(1)>, L<CA.pl(1)|CA.pl(1)>,
-L<config(5)|config(5)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/ciphers.pod b/crypto/openssl/doc/apps/ciphers.pod
deleted file mode 100644
index e16eade..0000000
--- a/crypto/openssl/doc/apps/ciphers.pod
+++ /dev/null
@@ -1,418 +0,0 @@
-=pod
-
-=head1 NAME
-
-ciphers - SSL cipher display and cipher list tool.
-
-=head1 SYNOPSIS
-
-B<openssl> B<ciphers>
-[B<-v>]
-[B<-ssl2>]
-[B<-ssl3>]
-[B<-tls1>]
-[B<cipherlist>]
-
-=head1 DESCRIPTION
-
-The B<cipherlist> command converts OpenSSL cipher lists into ordered
-SSL cipher preference lists. It can be used as a test tool to determine
-the appropriate cipherlist.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-v>
-
-verbose option. List ciphers with a complete description of
-protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
-authentication, encryption and mac algorithms used along with any key size
-restrictions and whether the algorithm is classed as an "export" cipher.
-Note that without the B<-v> option, ciphers may seem to appear twice
-in a cipher list; this is when similar ciphers are available for
-SSL v2 and for SSL v3/TLS v1.
-
-=item B<-ssl3>
-
-only include SSL v3 ciphers.
-
-=item B<-ssl2>
-
-only include SSL v2 ciphers.
-
-=item B<-tls1>
-
-only include TLS v1 ciphers.
-
-=item B<-h>, B<-?>
-
-print a brief usage message.
-
-=item B<cipherlist>
-
-a cipher list to convert to a cipher preference list. If it is not included
-then the default cipher list will be used. The format is described below.
-
-=back
-
-=head1 CIPHER LIST FORMAT
-
-The cipher list consists of one or more I<cipher strings> separated by colons.
-Commas or spaces are also acceptable separators but colons are normally used.
-
-The actual cipher string can take several different forms.
-
-It can consist of a single cipher suite such as B<RC4-SHA>.
-
-It can represent a list of cipher suites containing a certain algorithm, or
-cipher suites of a certain type. For example B<SHA1> represents all ciphers
-suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
-algorithms.
-
-Lists of cipher suites can be combined in a single cipher string using the
-B<+> character. This is used as a logical B<and> operation. For example
-B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
-algorithms.
-
-Each cipher string can be optionally preceded by the characters B<!>,
-B<-> or B<+>.
-
-If B<!> is used then the ciphers are permanently deleted from the list.
-The ciphers deleted can never reappear in the list even if they are
-explicitly stated.
-
-If B<-> is used then the ciphers are deleted from the list, but some or
-all of the ciphers can be added again by later options.
-
-If B<+> is used then the ciphers are moved to the end of the list. This
-option doesn't add any new ciphers it just moves matching existing ones.
-
-If none of these characters is present then the string is just interpreted
-as a list of ciphers to be appended to the current preference list. If the
-list includes any ciphers already present they will be ignored: that is they
-will not moved to the end of the list.
-
-Additionally the cipher string B<@STRENGTH> can be used at any point to sort
-the current cipher list in order of encryption algorithm key length.
-
-=head1 CIPHER STRINGS
-
-The following is a list of all permitted cipher strings and their meanings.
-
-=over 4
-
-=item B<DEFAULT>
-
-the default cipher list. This is determined at compile time and is normally
-B<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string
-specified.
-
-=item B<COMPLEMENTOFDEFAULT>
-
-the ciphers included in B<ALL>, but not enabled by default. Currently
-this is B<ADH>. Note that this rule does not cover B<eNULL>, which is
-not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
-
-=item B<ALL>
-
-all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled.
-
-=item B<COMPLEMENTOFALL>
-
-the cipher suites not enabled by B<ALL>, currently being B<eNULL>.
-
-=item B<HIGH>
-
-"high" encryption cipher suites. This currently means those with key lengths larger
-than 128 bits, and some cipher suites with 128-bit keys.
-
-=item B<MEDIUM>
-
-"medium" encryption cipher suites, currently some of those using 128 bit encryption.
-
-=item B<LOW>
-
-"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
-but excluding export cipher suites.
-
-=item B<EXP>, B<EXPORT>
-
-export encryption algorithms. Including 40 and 56 bits algorithms.
-
-=item B<EXPORT40>
-
-40 bit export encryption algorithms
-
-=item B<EXPORT56>
-
-56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
-56 bit export ciphers is empty unless OpenSSL has been explicitly configured
-with support for experimental ciphers.
-
-=item B<eNULL>, B<NULL>
-
-the "NULL" ciphers that is those offering no encryption. Because these offer no
-encryption at all and are a security risk they are disabled unless explicitly
-included.
-
-=item B<aNULL>
-
-the cipher suites offering no authentication. This is currently the anonymous
-DH algorithms. These cipher suites are vulnerable to a "man in the middle"
-attack and so their use is normally discouraged.
-
-=item B<kRSA>, B<RSA>
-
-cipher suites using RSA key exchange.
-
-=item B<kEDH>
-
-cipher suites using ephemeral DH key agreement.
-
-=item B<kDHr>, B<kDHd>
-
-cipher suites using DH key agreement and DH certificates signed by CAs with RSA
-and DSS keys respectively. Not implemented.
-
-=item B<aRSA>
-
-cipher suites using RSA authentication, i.e. the certificates carry RSA keys.
-
-=item B<aDSS>, B<DSS>
-
-cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
-
-=item B<aDH>
-
-cipher suites effectively using DH authentication, i.e. the certificates carry
-DH keys. Not implemented.
-
-=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
-
-ciphers suites using FORTEZZA key exchange, authentication, encryption or all
-FORTEZZA algorithms. Not implemented.
-
-=item B<TLSv1>, B<SSLv3>, B<SSLv2>
-
-TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
-
-=item B<DH>
-
-cipher suites using DH, including anonymous DH.
-
-=item B<ADH>
-
-anonymous DH cipher suites.
-
-=item B<AES>
-
-cipher suites using AES.
-
-=item B<3DES>
-
-cipher suites using triple DES.
-
-=item B<DES>
-
-cipher suites using DES (not triple DES).
-
-=item B<RC4>
-
-cipher suites using RC4.
-
-=item B<RC2>
-
-cipher suites using RC2.
-
-=item B<IDEA>
-
-cipher suites using IDEA.
-
-=item B<MD5>
-
-cipher suites using MD5.
-
-=item B<SHA1>, B<SHA>
-
-cipher suites using SHA1.
-
-=item B<Camellia>
-
-cipher suites using Camellia.
-
-=back
-
-=head1 CIPHER SUITE NAMES
-
-The following lists give the SSL or TLS cipher suites names from the
-relevant specification and their OpenSSL equivalents. It should be noted,
-that several cipher suite names do not include the authentication used,
-e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
-
-=head2 SSL v3.0 cipher suites.
-
- SSL_RSA_WITH_NULL_MD5 NULL-MD5
- SSL_RSA_WITH_NULL_SHA NULL-SHA
- SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
- SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
- SSL_RSA_WITH_RC4_128_SHA RC4-SHA
- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
- SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
- SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
- SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
- SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
-
- SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
- SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented.
- SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
- SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
- SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented.
- SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
- SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
- SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
- SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
- SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
-
- SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
- SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
- SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
- SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
- SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
-
- SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.
- SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
- SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
-
-=head2 TLS v1.0 cipher suites.
-
- TLS_RSA_WITH_NULL_MD5 NULL-MD5
- TLS_RSA_WITH_NULL_SHA NULL-SHA
- TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
- TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
- TLS_RSA_WITH_RC4_128_SHA RC4-SHA
- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5
- TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
- TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA
- TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
-
- TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
- TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
- TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
- TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
- TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
- TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
- TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA
- TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA
- TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA
- TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA
-
- TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5
- TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
- TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA
- TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA
- TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
-
-=head2 AES ciphersuites from RFC3268, extending TLS v1.0
-
- TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
- TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
-
- TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA
- TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA
- TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA
- TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA
-
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA
-
- TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA
- TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA
-
-=head2 Camellia ciphersuites from RFC4132, extending TLS v1.0
-
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA
-
- TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA Not implemented.
- TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA Not implemented.
- TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA Not implemented.
- TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA Not implemented.
-
- TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA
- TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA
-
- TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA
- TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA
-
-=head2 Additional Export 1024 and other cipher suites
-
-Note: these ciphers can also be used in SSL v3.
-
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA
- TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
- TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA
- TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
-
-=head2 SSL v2.0 cipher suites.
-
- SSL_CK_RC4_128_WITH_MD5 RC4-MD5
- SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5
- SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5
- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5
- SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5
- SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5
-
-=head1 NOTES
-
-The non-ephemeral DH modes are currently unimplemented in OpenSSL
-because there is no support for DH certificates.
-
-Some compiled versions of OpenSSL may not include all the ciphers
-listed here because some ciphers were excluded at compile time.
-
-=head1 EXAMPLES
-
-Verbose listing of all OpenSSL ciphers including NULL ciphers:
-
- openssl ciphers -v 'ALL:eNULL'
-
-Include all ciphers except NULL and anonymous DH then sort by
-strength:
-
- openssl ciphers -v 'ALL:!ADH:@STRENGTH'
-
-Include only 3DES ciphers and then place RSA ciphers last:
-
- openssl ciphers -v '3DES:+RSA'
-
-Include all RC4 ciphers but leave out those without authentication:
-
- openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
-
-Include all chiphers with RSA authentication but leave out ciphers without
-encryption.
-
- openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
-
-=head1 SEE ALSO
-
-L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
-
-=head1 HISTORY
-
-The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were
-added in version 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/apps/config.pod b/crypto/openssl/doc/apps/config.pod
deleted file mode 100644
index ace34b6..0000000
--- a/crypto/openssl/doc/apps/config.pod
+++ /dev/null
@@ -1,279 +0,0 @@
-
-=pod
-
-=for comment openssl_manual_section:5
-
-=head1 NAME
-
-config - OpenSSL CONF library configuration files
-
-=head1 DESCRIPTION
-
-The OpenSSL CONF library can be used to read configuration files.
-It is used for the OpenSSL master configuration file B<openssl.cnf>
-and in a few other places like B<SPKAC> files and certificate extension
-files for the B<x509> utility. OpenSSL applications can also use the
-CONF library for their own purposes.
-
-A configuration file is divided into a number of sections. Each section
-starts with a line B<[ section_name ]> and ends when a new section is
-started or end of file is reached. A section name can consist of
-alphanumeric characters and underscores.
-
-The first section of a configuration file is special and is referred
-to as the B<default> section this is usually unnamed and is from the
-start of file until the first named section. When a name is being looked up
-it is first looked up in a named section (if any) and then the
-default section.
-
-The environment is mapped onto a section called B<ENV>.
-
-Comments can be included by preceding them with the B<#> character
-
-Each section in a configuration file consists of a number of name and
-value pairs of the form B<name=value>
-
-The B<name> string can contain any alphanumeric characters as well as
-a few punctuation symbols such as B<.> B<,> B<;> and B<_>.
-
-The B<value> string consists of the string following the B<=> character
-until end of line with any leading and trailing white space removed.
-
-The value string undergoes variable expansion. This can be done by
-including the form B<$var> or B<${var}>: this will substitute the value
-of the named variable in the current section. It is also possible to
-substitute a value from another section using the syntax B<$section::name>
-or B<${section::name}>. By using the form B<$ENV::name> environment
-variables can be substituted. It is also possible to assign values to
-environment variables by using the name B<ENV::name>, this will work
-if the program looks up environment variables using the B<CONF> library
-instead of calling B<getenv()> directly.
-
-It is possible to escape certain characters by using any kind of quote
-or the B<\> character. By making the last character of a line a B<\>
-a B<value> string can be spread across multiple lines. In addition
-the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized.
-
-=head1 OPENSSL LIBRARY CONFIGURATION
-
-In OpenSSL 0.9.7 and later applications can automatically configure certain
-aspects of OpenSSL using the master OpenSSL configuration file, or optionally
-an alternative configuration file. The B<openssl> utility includes this
-functionality: any sub command uses the master OpenSSL configuration file
-unless an option is used in the sub command to use an alternative configuration
-file.
-
-To enable library configuration the default section needs to contain an
-appropriate line which points to the main configuration section. The default
-name is B<openssl_conf> which is used by the B<openssl> utility. Other
-applications may use an alternative name such as B<myapplicaton_conf>.
-
-The configuration section should consist of a set of name value pairs which
-contain specific module configuration information. The B<name> represents
-the name of the I<configuration module> the meaning of the B<value> is
-module specific: it may, for example, represent a further configuration
-section containing configuration module specific information. E.g.
-
- openssl_conf = openssl_init
-
- [openssl_init]
-
- oid_section = new_oids
- engines = engine_section
-
- [new_oids]
-
- ... new oids here ...
-
- [engine_section]
-
- ... engine stuff here ...
-
-Currently there are two configuration modules. One for ASN1 objects another
-for ENGINE configuration.
-
-=head2 ASN1 OBJECT CONFIGURATION MODULE
-
-This module has the name B<oid_section>. The value of this variable points
-to a section containing name value pairs of OIDs: the name is the OID short
-and long name, the value is the numerical form of the OID. Although some of
-the B<openssl> utility sub commands already have their own ASN1 OBJECT section
-functionality not all do. By using the ASN1 OBJECT configuration module
-B<all> the B<openssl> utility sub commands can see the new objects as well
-as any compliant applications. For example:
-
- [new_oids]
-
- some_new_oid = 1.2.3.4
- some_other_oid = 1.2.3.5
-
-In OpenSSL 0.9.8 it is also possible to set the value to the long name followed
-by a comma and the numerical OID form. For example:
-
- shortName = some object long name, 1.2.3.4
-
-=head2 ENGINE CONFIGURATION MODULE
-
-This ENGINE configuration module has the name B<engines>. The value of this
-variable points to a section containing further ENGINE configuration
-information.
-
-The section pointed to by B<engines> is a table of engine names (though see
-B<engine_id> below) and further sections containing configuration informations
-specific to each ENGINE.
-
-Each ENGINE specific section is used to set default algorithms, load
-dynamic, perform initialization and send ctrls. The actual operation performed
-depends on the I<command> name which is the name of the name value pair. The
-currently supported commands are listed below.
-
-For example:
-
- [engine_section]
-
- # Configure ENGINE named "foo"
- foo = foo_section
- # Configure ENGINE named "bar"
- bar = bar_section
-
- [foo_section]
- ... foo ENGINE specific commands ...
-
- [bar_section]
- ... "bar" ENGINE specific commands ...
-
-The command B<engine_id> is used to give the ENGINE name. If used this
-command must be first. For example:
-
- [engine_section]
- # This would normally handle an ENGINE named "foo"
- foo = foo_section
-
- [foo_section]
- # Override default name and use "myfoo" instead.
- engine_id = myfoo
-
-The command B<dynamic_path> loads and adds an ENGINE from the given path. It
-is equivalent to sending the ctrls B<SO_PATH> with the path argument followed
-by B<LIST_ADD> with value 2 and B<LOAD> to the dynamic ENGINE. If this is
-not the required behaviour then alternative ctrls can be sent directly
-to the dynamic ENGINE using ctrl commands.
-
-The command B<init> determines whether to initialize the ENGINE. If the value
-is B<0> the ENGINE will not be initialized, if B<1> and attempt it made to
-initialized the ENGINE immediately. If the B<init> command is not present
-then an attempt will be made to initialize the ENGINE after all commands in
-its section have been processed.
-
-The command B<default_algorithms> sets the default algorithms an ENGINE will
-supply using the functions B<ENGINE_set_default_string()>
-
-If the name matches none of the above command names it is assumed to be a
-ctrl command which is sent to the ENGINE. The value of the command is the
-argument to the ctrl command. If the value is the string B<EMPTY> then no
-value is sent to the command.
-
-For example:
-
-
- [engine_section]
-
- # Configure ENGINE named "foo"
- foo = foo_section
-
- [foo_section]
- # Load engine from DSO
- dynamic_path = /some/path/fooengine.so
- # A foo specific ctrl.
- some_ctrl = some_value
- # Another ctrl that doesn't take a value.
- other_ctrl = EMPTY
- # Supply all default algorithms
- default_algorithms = ALL
-
-=head1 NOTES
-
-If a configuration file attempts to expand a variable that doesn't exist
-then an error is flagged and the file will not load. This can happen
-if an attempt is made to expand an environment variable that doesn't
-exist. For example in a previous version of OpenSSL the default OpenSSL
-master configuration file used the value of B<HOME> which may not be
-defined on non Unix systems and would cause an error.
-
-This can be worked around by including a B<default> section to provide
-a default value: then if the environment lookup fails the default value
-will be used instead. For this to work properly the default value must
-be defined earlier in the configuration file than the expansion. See
-the B<EXAMPLES> section for an example of how to do this.
-
-If the same variable exists in the same section then all but the last
-value will be silently ignored. In certain circumstances such as with
-DNs the same field may occur multiple times. This is usually worked
-around by ignoring any characters before an initial B<.> e.g.
-
- 1.OU="My first OU"
- 2.OU="My Second OU"
-
-=head1 EXAMPLES
-
-Here is a sample configuration file using some of the features
-mentioned above.
-
- # This is the default section.
-
- HOME=/temp
- RANDFILE= ${ENV::HOME}/.rnd
- configdir=$ENV::HOME/config
-
- [ section_one ]
-
- # We are now in section one.
-
- # Quotes permit leading and trailing whitespace
- any = " any variable name "
-
- other = A string that can \
- cover several lines \
- by including \\ characters
-
- message = Hello World\n
-
- [ section_two ]
-
- greeting = $section_one::message
-
-This next example shows how to expand environment variables safely.
-
-Suppose you want a variable called B<tmpfile> to refer to a
-temporary filename. The directory it is placed in can determined by
-the the B<TEMP> or B<TMP> environment variables but they may not be
-set to any value at all. If you just include the environment variable
-names and the variable doesn't exist then this will cause an error when
-an attempt is made to load the configuration file. By making use of the
-default section both values can be looked up with B<TEMP> taking
-priority and B</tmp> used if neither is defined:
-
- TMP=/tmp
- # The above value is used if TMP isn't in the environment
- TEMP=$ENV::TMP
- # The above value is used if TEMP isn't in the environment
- tmpfile=${ENV::TEMP}/tmp.filename
-
-=head1 BUGS
-
-Currently there is no way to include characters using the octal B<\nnn>
-form. Strings are all null terminated so nulls cannot form part of
-the value.
-
-The escaping isn't quite right: if you want to use sequences like B<\n>
-you can't use any quote escaping on the same line.
-
-Files are loaded in a single pass. This means that an variable expansion
-will only work if the variables referenced are defined earlier in the
-file.
-
-=head1 SEE ALSO
-
-L<x509(1)|x509(1)>, L<req(1)|req(1)>, L<ca(1)|ca(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/crl.pod b/crypto/openssl/doc/apps/crl.pod
deleted file mode 100644
index a40c873..0000000
--- a/crypto/openssl/doc/apps/crl.pod
+++ /dev/null
@@ -1,117 +0,0 @@
-=pod
-
-=head1 NAME
-
-crl - CRL utility
-
-=head1 SYNOPSIS
-
-B<openssl> B<crl>
-[B<-inform PEM|DER>]
-[B<-outform PEM|DER>]
-[B<-text>]
-[B<-in filename>]
-[B<-out filename>]
-[B<-noout>]
-[B<-hash>]
-[B<-issuer>]
-[B<-lastupdate>]
-[B<-nextupdate>]
-[B<-CAfile file>]
-[B<-CApath dir>]
-
-=head1 DESCRIPTION
-
-The B<crl> command processes CRL files in DER or PEM format.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-inform DER|PEM>
-
-This specifies the input format. B<DER> format is DER encoded CRL
-structure. B<PEM> (the default) is a base64 encoded version of
-the DER form with header and footer lines.
-
-=item B<-outform DER|PEM>
-
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
-
-=item B<-in filename>
-
-This specifies the input filename to read from or standard input if this
-option is not specified.
-
-=item B<-out filename>
-
-specifies the output filename to write to or standard output by
-default.
-
-=item B<-text>
-
-print out the CRL in text form.
-
-=item B<-noout>
-
-don't output the encoded version of the CRL.
-
-=item B<-hash>
-
-output a hash of the issuer name. This can be use to lookup CRLs in
-a directory by issuer name.
-
-=item B<-issuer>
-
-output the issuer name.
-
-=item B<-lastupdate>
-
-output the lastUpdate field.
-
-=item B<-nextupdate>
-
-output the nextUpdate field.
-
-=item B<-CAfile file>
-
-verify the signature on a CRL by looking up the issuing certificate in
-B<file>
-
-=item B<-CApath dir>
-
-verify the signature on a CRL by looking up the issuing certificate in
-B<dir>. This directory must be a standard certificate directory: that
-is a hash of each subject name (using B<x509 -hash>) should be linked
-to each certificate.
-
-=back
-
-=head1 NOTES
-
-The PEM CRL format uses the header and footer lines:
-
- -----BEGIN X509 CRL-----
- -----END X509 CRL-----
-
-=head1 EXAMPLES
-
-Convert a CRL file from PEM to DER:
-
- openssl crl -in crl.pem -outform DER -out crl.der
-
-Output the text form of a DER encoded certificate:
-
- openssl crl -in crl.der -text -noout
-
-=head1 BUGS
-
-Ideally it should be possible to create a CRL using appropriate options
-and files too.
-
-=head1 SEE ALSO
-
-L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/crl2pkcs7.pod b/crypto/openssl/doc/apps/crl2pkcs7.pod
deleted file mode 100644
index 3797bc0..0000000
--- a/crypto/openssl/doc/apps/crl2pkcs7.pod
+++ /dev/null
@@ -1,91 +0,0 @@
-=pod
-
-=head1 NAME
-
-crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
-
-=head1 SYNOPSIS
-
-B<openssl> B<crl2pkcs7>
-[B<-inform PEM|DER>]
-[B<-outform PEM|DER>]
-[B<-in filename>]
-[B<-out filename>]
-[B<-certfile filename>]
-[B<-nocrl>]
-
-=head1 DESCRIPTION
-
-The B<crl2pkcs7> command takes an optional CRL and one or more
-certificates and converts them into a PKCS#7 degenerate "certificates
-only" structure.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-inform DER|PEM>
-
-This specifies the CRL input format. B<DER> format is DER encoded CRL
-structure.B<PEM> (the default) is a base64 encoded version of
-the DER form with header and footer lines.
-
-=item B<-outform DER|PEM>
-
-This specifies the PKCS#7 structure output format. B<DER> format is DER
-encoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of
-the DER form with header and footer lines.
-
-=item B<-in filename>
-
-This specifies the input filename to read a CRL from or standard input if this
-option is not specified.
-
-=item B<-out filename>
-
-specifies the output filename to write the PKCS#7 structure to or standard
-output by default.
-
-=item B<-certfile filename>
-
-specifies a filename containing one or more certificates in B<PEM> format.
-All certificates in the file will be added to the PKCS#7 structure. This
-option can be used more than once to read certificates form multiple
-files.
-
-=item B<-nocrl>
-
-normally a CRL is included in the output file. With this option no CRL is
-included in the output file and a CRL is not read from the input file.
-
-=back
-
-=head1 EXAMPLES
-
-Create a PKCS#7 structure from a certificate and CRL:
-
- openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
-
-Creates a PKCS#7 structure in DER format with no CRL from several
-different certificates:
-
- openssl crl2pkcs7 -nocrl -certfile newcert.pem
- -certfile demoCA/cacert.pem -outform DER -out p7.der
-
-=head1 NOTES
-
-The output file is a PKCS#7 signed data structure containing no signers and
-just certificates and an optional CRL.
-
-This utility can be used to send certificates and CAs to Netscape as part of
-the certificate enrollment process. This involves sending the DER encoded output
-as MIME type application/x-x509-user-cert.
-
-The B<PEM> encoded form with the header and footer lines removed can be used to
-install user certificates and CAs in MSIE using the Xenroll control.
-
-=head1 SEE ALSO
-
-L<pkcs7(1)|pkcs7(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/dgst.pod b/crypto/openssl/doc/apps/dgst.pod
deleted file mode 100644
index b0d1987..0000000
--- a/crypto/openssl/doc/apps/dgst.pod
+++ /dev/null
@@ -1,110 +0,0 @@
-=pod
-
-=head1 NAME
-
-dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 - message digests
-
-=head1 SYNOPSIS
-
-B<openssl> B<dgst>
-[B<-md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1>]
-[B<-c>]
-[B<-d>]
-[B<-hex>]
-[B<-binary>]
-[B<-out filename>]
-[B<-sign filename>]
-[B<-passin arg>]
-[B<-verify filename>]
-[B<-prverify filename>]
-[B<-signature filename>]
-[B<file...>]
-
-[B<md5|md4|md2|sha1|sha|mdc2|ripemd160>]
-[B<-c>]
-[B<-d>]
-[B<file...>]
-
-=head1 DESCRIPTION
-
-The digest functions output the message digest of a supplied file or files
-in hexadecimal form. They can also be used for digital signing and verification.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-c>
-
-print out the digest in two digit groups separated by colons, only relevant if
-B<hex> format output is used.
-
-=item B<-d>
-
-print out BIO debugging information.
-
-=item B<-hex>
-
-digest is to be output as a hex dump. This is the default case for a "normal"
-digest as opposed to a digital signature.
-
-=item B<-binary>
-
-output the digest or signature in binary form.
-
-=item B<-out filename>
-
-filename to output to, or standard output by default.
-
-=item B<-sign filename>
-
-digitally sign the digest using the private key in "filename".
-
-=item B<-passin arg>
-
-the private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-verify filename>
-
-verify the signature using the the public key in "filename".
-The output is either "Verification OK" or "Verification Failure".
-
-=item B<-prverify filename>
-
-verify the signature using the the private key in "filename".
-
-=item B<-signature filename>
-
-the actual signature to verify.
-
-=item B<-rand file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=item B<file...>
-
-file or files to digest. If no files are specified then standard input is
-used.
-
-=back
-
-=head1 NOTES
-
-The digest of choice for all new applications is SHA1. Other digests are
-however still widely used.
-
-If you wish to sign or verify data using the DSA algorithm then the dss1
-digest must be used.
-
-A source of random numbers is required for certain signing algorithms, in
-particular DSA.
-
-The signing and verify options should only be used if a single file is
-being signed or verified.
-
-=cut
diff --git a/crypto/openssl/doc/apps/dhparam.pod b/crypto/openssl/doc/apps/dhparam.pod
deleted file mode 100644
index c31db95..0000000
--- a/crypto/openssl/doc/apps/dhparam.pod
+++ /dev/null
@@ -1,141 +0,0 @@
-=pod
-
-=head1 NAME
-
-dhparam - DH parameter manipulation and generation
-
-=head1 SYNOPSIS
-
-B<openssl dhparam>
-[B<-inform DER|PEM>]
-[B<-outform DER|PEM>]
-[B<-in> I<filename>]
-[B<-out> I<filename>]
-[B<-dsaparam>]
-[B<-noout>]
-[B<-text>]
-[B<-C>]
-[B<-2>]
-[B<-5>]
-[B<-rand> I<file(s)>]
-[B<-engine id>]
-[I<numbits>]
-
-=head1 DESCRIPTION
-
-This command is used to manipulate DH parameter files.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-inform DER|PEM>
-
-This specifies the input format. The B<DER> option uses an ASN1 DER encoded
-form compatible with the PKCS#3 DHparameter structure. The PEM form is the
-default format: it consists of the B<DER> format base64 encoded with
-additional header and footer lines.
-
-=item B<-outform DER|PEM>
-
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
-
-=item B<-in> I<filename>
-
-This specifies the input filename to read parameters from or standard input if
-this option is not specified.
-
-=item B<-out> I<filename>
-
-This specifies the output filename parameters to. Standard output is used
-if this option is not present. The output filename should B<not> be the same
-as the input filename.
-
-=item B<-dsaparam>
-
-If this option is used, DSA rather than DH parameters are read or created;
-they are converted to DH format. Otherwise, "strong" primes (such
-that (p-1)/2 is also prime) will be used for DH parameter generation.
-
-DH parameter generation with the B<-dsaparam> option is much faster,
-and the recommended exponent length is shorter, which makes DH key
-exchange more efficient. Beware that with such DSA-style DH
-parameters, a fresh DH key should be created for each use to
-avoid small-subgroup attacks that may be possible otherwise.
-
-=item B<-2>, B<-5>
-
-The generator to use, either 2 or 5. 2 is the default. If present then the
-input file is ignored and parameters are generated instead.
-
-=item B<-rand> I<file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=item I<numbits>
-
-this option specifies that a parameter set should be generated of size
-I<numbits>. It must be the last option. If not present then a value of 512
-is used. If this option is present then the input file is ignored and
-parameters are generated instead.
-
-=item B<-noout>
-
-this option inhibits the output of the encoded version of the parameters.
-
-=item B<-text>
-
-this option prints out the DH parameters in human readable form.
-
-=item B<-C>
-
-this option converts the parameters into C code. The parameters can then
-be loaded by calling the B<get_dh>I<numbits>B<()> function.
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<req>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=back
-
-=head1 WARNINGS
-
-The program B<dhparam> combines the functionality of the programs B<dh> and
-B<gendh> in previous versions of OpenSSL and SSLeay. The B<dh> and B<gendh>
-programs are retained for now but may have different purposes in future
-versions of OpenSSL.
-
-=head1 NOTES
-
-PEM format DH parameters use the header and footer lines:
-
- -----BEGIN DH PARAMETERS-----
- -----END DH PARAMETERS-----
-
-OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42
-DH.
-
-This program manipulates DH parameters not keys.
-
-=head1 BUGS
-
-There should be a way to generate and manipulate DH keys.
-
-=head1 SEE ALSO
-
-L<dsaparam(1)|dsaparam(1)>
-
-=head1 HISTORY
-
-The B<dhparam> command was added in OpenSSL 0.9.5.
-The B<-dsaparam> option was added in OpenSSL 0.9.6.
-
-=cut
diff --git a/crypto/openssl/doc/apps/dsa.pod b/crypto/openssl/doc/apps/dsa.pod
deleted file mode 100644
index ed06b88..0000000
--- a/crypto/openssl/doc/apps/dsa.pod
+++ /dev/null
@@ -1,158 +0,0 @@
-=pod
-
-=head1 NAME
-
-dsa - DSA key processing
-
-=head1 SYNOPSIS
-
-B<openssl> B<dsa>
-[B<-inform PEM|DER>]
-[B<-outform PEM|DER>]
-[B<-in filename>]
-[B<-passin arg>]
-[B<-out filename>]
-[B<-passout arg>]
-[B<-des>]
-[B<-des3>]
-[B<-idea>]
-[B<-text>]
-[B<-noout>]
-[B<-modulus>]
-[B<-pubin>]
-[B<-pubout>]
-[B<-engine id>]
-
-=head1 DESCRIPTION
-
-The B<dsa> command processes DSA keys. They can be converted between various
-forms and their components printed out. B<Note> This command uses the
-traditional SSLeay compatible format for private key encryption: newer
-applications should use the more secure PKCS#8 format using the B<pkcs8>
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-inform DER|PEM>
-
-This specifies the input format. The B<DER> option with a private key uses
-an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of
-version (currently zero), p, q, g, the public and private key components
-respectively as ASN.1 INTEGERs. When used with a public key it uses a
-SubjectPublicKeyInfo structure: it is an error if the key is not DSA.
-
-The B<PEM> form is the default format: it consists of the B<DER> format base64
-encoded with additional header and footer lines. In the case of a private key
-PKCS#8 format is also accepted.
-
-=item B<-outform DER|PEM>
-
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
-
-=item B<-in filename>
-
-This specifies the input filename to read a key from or standard input if this
-option is not specified. If the key is encrypted a pass phrase will be
-prompted for.
-
-=item B<-passin arg>
-
-the input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-out filename>
-
-This specifies the output filename to write a key to or standard output by
-is not specified. If any encryption options are set then a pass phrase will be
-prompted for. The output filename should B<not> be the same as the input
-filename.
-
-=item B<-passout arg>
-
-the output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-des|-des3|-idea>
-
-These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
-If none of these options is specified the key is written in plain text. This
-means that using the B<dsa> utility to read in an encrypted key with no
-encryption option can be used to remove the pass phrase from a key, or by
-setting the encryption options it can be use to add or change the pass phrase.
-These options can only be used with PEM format output files.
-
-=item B<-text>
-
-prints out the public, private key components and parameters.
-
-=item B<-noout>
-
-this option prevents output of the encoded version of the key.
-
-=item B<-modulus>
-
-this option prints out the value of the public key component of the key.
-
-=item B<-pubin>
-
-by default a private key is read from the input file: with this option a
-public key is read instead.
-
-=item B<-pubout>
-
-by default a private key is output. With this option a public
-key will be output instead. This option is automatically set if the input is
-a public key.
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<req>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=back
-
-=head1 NOTES
-
-The PEM private key format uses the header and footer lines:
-
- -----BEGIN DSA PRIVATE KEY-----
- -----END DSA PRIVATE KEY-----
-
-The PEM public key format uses the header and footer lines:
-
- -----BEGIN PUBLIC KEY-----
- -----END PUBLIC KEY-----
-
-=head1 EXAMPLES
-
-To remove the pass phrase on a DSA private key:
-
- openssl dsa -in key.pem -out keyout.pem
-
-To encrypt a private key using triple DES:
-
- openssl dsa -in key.pem -des3 -out keyout.pem
-
-To convert a private key from PEM to DER format:
-
- openssl dsa -in key.pem -outform DER -out keyout.der
-
-To print out the components of a private key to standard output:
-
- openssl dsa -in key.pem -text -noout
-
-To just output the public part of a private key:
-
- openssl dsa -in key.pem -pubout -out pubkey.pem
-
-=head1 SEE ALSO
-
-L<dsaparam(1)|dsaparam(1)>, L<gendsa(1)|gendsa(1)>, L<rsa(1)|rsa(1)>,
-L<genrsa(1)|genrsa(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/dsaparam.pod b/crypto/openssl/doc/apps/dsaparam.pod
deleted file mode 100644
index b9b1b93..0000000
--- a/crypto/openssl/doc/apps/dsaparam.pod
+++ /dev/null
@@ -1,110 +0,0 @@
-=pod
-
-=head1 NAME
-
-dsaparam - DSA parameter manipulation and generation
-
-=head1 SYNOPSIS
-
-B<openssl dsaparam>
-[B<-inform DER|PEM>]
-[B<-outform DER|PEM>]
-[B<-in filename>]
-[B<-out filename>]
-[B<-noout>]
-[B<-text>]
-[B<-C>]
-[B<-rand file(s)>]
-[B<-genkey>]
-[B<-engine id>]
-[B<numbits>]
-
-=head1 DESCRIPTION
-
-This command is used to manipulate or generate DSA parameter files.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-inform DER|PEM>
-
-This specifies the input format. The B<DER> option uses an ASN1 DER encoded
-form compatible with RFC2459 (PKIX) DSS-Parms that is a SEQUENCE consisting
-of p, q and g respectively. The PEM form is the default format: it consists
-of the B<DER> format base64 encoded with additional header and footer lines.
-
-=item B<-outform DER|PEM>
-
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
-
-=item B<-in filename>
-
-This specifies the input filename to read parameters from or standard input if
-this option is not specified. If the B<numbits> parameter is included then
-this option will be ignored.
-
-=item B<-out filename>
-
-This specifies the output filename parameters to. Standard output is used
-if this option is not present. The output filename should B<not> be the same
-as the input filename.
-
-=item B<-noout>
-
-this option inhibits the output of the encoded version of the parameters.
-
-=item B<-text>
-
-this option prints out the DSA parameters in human readable form.
-
-=item B<-C>
-
-this option converts the parameters into C code. The parameters can then
-be loaded by calling the B<get_dsaXXX()> function.
-
-=item B<-genkey>
-
-this option will generate a DSA either using the specified or generated
-parameters.
-
-=item B<-rand file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=item B<numbits>
-
-this option specifies that a parameter set should be generated of size
-B<numbits>. It must be the last option. If this option is included then
-the input file (if any) is ignored.
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<req>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=back
-
-=head1 NOTES
-
-PEM format DSA parameters use the header and footer lines:
-
- -----BEGIN DSA PARAMETERS-----
- -----END DSA PARAMETERS-----
-
-DSA parameter generation is a slow process and as a result the same set of
-DSA parameters is often used to generate several distinct keys.
-
-=head1 SEE ALSO
-
-L<gendsa(1)|gendsa(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>,
-L<rsa(1)|rsa(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/ec.pod b/crypto/openssl/doc/apps/ec.pod
deleted file mode 100644
index 1d4a36d..0000000
--- a/crypto/openssl/doc/apps/ec.pod
+++ /dev/null
@@ -1,190 +0,0 @@
-=pod
-
-=head1 NAME
-
-ec - EC key processing
-
-=head1 SYNOPSIS
-
-B<openssl> B<ec>
-[B<-inform PEM|DER>]
-[B<-outform PEM|DER>]
-[B<-in filename>]
-[B<-passin arg>]
-[B<-out filename>]
-[B<-passout arg>]
-[B<-des>]
-[B<-des3>]
-[B<-idea>]
-[B<-text>]
-[B<-noout>]
-[B<-param_out>]
-[B<-pubin>]
-[B<-pubout>]
-[B<-conv_form arg>]
-[B<-param_enc arg>]
-[B<-engine id>]
-
-=head1 DESCRIPTION
-
-The B<ec> command processes EC keys. They can be converted between various
-forms and their components printed out. B<Note> OpenSSL uses the
-private key format specified in 'SEC 1: Elliptic Curve Cryptography'
-(http://www.secg.org/). To convert a OpenSSL EC private key into the
-PKCS#8 private key format use the B<pkcs8> command.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-inform DER|PEM>
-
-This specifies the input format. The B<DER> option with a private key uses
-an ASN.1 DER encoded SEC1 private key. When used with a public key it
-uses the SubjectPublicKeyInfo structur as specified in RFC 3280.
-The B<PEM> form is the default format: it consists of the B<DER> format base64
-encoded with additional header and footer lines. In the case of a private key
-PKCS#8 format is also accepted.
-
-=item B<-outform DER|PEM>
-
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
-
-=item B<-in filename>
-
-This specifies the input filename to read a key from or standard input if this
-option is not specified. If the key is encrypted a pass phrase will be
-prompted for.
-
-=item B<-passin arg>
-
-the input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-out filename>
-
-This specifies the output filename to write a key to or standard output by
-is not specified. If any encryption options are set then a pass phrase will be
-prompted for. The output filename should B<not> be the same as the input
-filename.
-
-=item B<-passout arg>
-
-the output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-des|-des3|-idea>
-
-These options encrypt the private key with the DES, triple DES, IDEA or
-any other cipher supported by OpenSSL before outputting it. A pass phrase is
-prompted for.
-If none of these options is specified the key is written in plain text. This
-means that using the B<ec> utility to read in an encrypted key with no
-encryption option can be used to remove the pass phrase from a key, or by
-setting the encryption options it can be use to add or change the pass phrase.
-These options can only be used with PEM format output files.
-
-=item B<-text>
-
-prints out the public, private key components and parameters.
-
-=item B<-noout>
-
-this option prevents output of the encoded version of the key.
-
-=item B<-modulus>
-
-this option prints out the value of the public key component of the key.
-
-=item B<-pubin>
-
-by default a private key is read from the input file: with this option a
-public key is read instead.
-
-=item B<-pubout>
-
-by default a private key is output. With this option a public
-key will be output instead. This option is automatically set if the input is
-a public key.
-
-=item B<-conv_form>
-
-This specifies how the points on the elliptic curve are converted
-into octet strings. Possible values are: B<compressed> (the default
-value), B<uncompressed> and B<hybrid>. For more information regarding
-the point conversion forms please read the X9.62 standard.
-B<Note> Due to patent issues the B<compressed> option is disabled
-by default for binary curves and can be enabled by defining
-the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
-
-=item B<-param_enc arg>
-
-This specifies how the elliptic curve parameters are encoded.
-Possible value are: B<named_curve>, i.e. the ec parameters are
-specified by a OID, or B<explicit> where the ec parameters are
-explicitly given (see RFC 3279 for the definition of the
-EC parameters structures). The default value is B<named_curve>.
-B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
-is currently not implemented in OpenSSL.
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<req>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=back
-
-=head1 NOTES
-
-The PEM private key format uses the header and footer lines:
-
- -----BEGIN EC PRIVATE KEY-----
- -----END EC PRIVATE KEY-----
-
-The PEM public key format uses the header and footer lines:
-
- -----BEGIN PUBLIC KEY-----
- -----END PUBLIC KEY-----
-
-=head1 EXAMPLES
-
-To encrypt a private key using triple DES:
-
- openssl ec -in key.pem -des3 -out keyout.pem
-
-To convert a private key from PEM to DER format:
-
- openssl ec -in key.pem -outform DER -out keyout.der
-
-To print out the components of a private key to standard output:
-
- openssl ec -in key.pem -text -noout
-
-To just output the public part of a private key:
-
- openssl ec -in key.pem -pubout -out pubkey.pem
-
-To change the parameters encoding to B<explicit>:
-
- openssl ec -in key.pem -param_enc explicit -out keyout.pem
-
-To change the point conversion form to B<compressed>:
-
- openssl ec -in key.pem -conv_form compressed -out keyout.pem
-
-=head1 SEE ALSO
-
-L<ecparam(1)|ecparam(1)>, L<dsa(1)|dsa(1)>, L<rsa(1)|rsa(1)>
-
-=head1 HISTORY
-
-The ec command was first introduced in OpenSSL 0.9.8.
-
-=head1 AUTHOR
-
-Nils Larsch for the OpenSSL project (http://www.openssl.org).
-
-=cut
diff --git a/crypto/openssl/doc/apps/ecparam.pod b/crypto/openssl/doc/apps/ecparam.pod
deleted file mode 100644
index 1a12105..0000000
--- a/crypto/openssl/doc/apps/ecparam.pod
+++ /dev/null
@@ -1,179 +0,0 @@
-=pod
-
-=head1 NAME
-
-ecparam - EC parameter manipulation and generation
-
-=head1 SYNOPSIS
-
-B<openssl ecparam>
-[B<-inform DER|PEM>]
-[B<-outform DER|PEM>]
-[B<-in filename>]
-[B<-out filename>]
-[B<-noout>]
-[B<-text>]
-[B<-C>]
-[B<-check>]
-[B<-name arg>]
-[B<-list_curve>]
-[B<-conv_form arg>]
-[B<-param_enc arg>]
-[B<-no_seed>]
-[B<-rand file(s)>]
-[B<-genkey>]
-[B<-engine id>]
-
-=head1 DESCRIPTION
-
-This command is used to manipulate or generate EC parameter files.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-inform DER|PEM>
-
-This specifies the input format. The B<DER> option uses an ASN.1 DER encoded
-form compatible with RFC 3279 EcpkParameters. The PEM form is the default
-format: it consists of the B<DER> format base64 encoded with additional
-header and footer lines.
-
-=item B<-outform DER|PEM>
-
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
-
-=item B<-in filename>
-
-This specifies the input filename to read parameters from or standard input if
-this option is not specified.
-
-=item B<-out filename>
-
-This specifies the output filename parameters to. Standard output is used
-if this option is not present. The output filename should B<not> be the same
-as the input filename.
-
-=item B<-noout>
-
-This option inhibits the output of the encoded version of the parameters.
-
-=item B<-text>
-
-This option prints out the EC parameters in human readable form.
-
-=item B<-C>
-
-This option converts the EC parameters into C code. The parameters can then
-be loaded by calling the B<get_ec_group_XXX()> function.
-
-=item B<-check>
-
-Validate the elliptic curve parameters.
-
-=item B<-name arg>
-
-Use the EC parameters with the specified 'short' name. Use B<-list_curves>
-to get a list of all currently implemented EC parameters.
-
-=item B<-list_curves>
-
-If this options is specified B<ecparam> will print out a list of all
-currently implemented EC parameters names and exit.
-
-=item B<-conv_form>
-
-This specifies how the points on the elliptic curve are converted
-into octet strings. Possible values are: B<compressed> (the default
-value), B<uncompressed> and B<hybrid>. For more information regarding
-the point conversion forms please read the X9.62 standard.
-B<Note> Due to patent issues the B<compressed> option is disabled
-by default for binary curves and can be enabled by defining
-the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
-
-=item B<-param_enc arg>
-
-This specifies how the elliptic curve parameters are encoded.
-Possible value are: B<named_curve>, i.e. the ec parameters are
-specified by a OID, or B<explicit> where the ec parameters are
-explicitly given (see RFC 3279 for the definition of the
-EC parameters structures). The default value is B<named_curve>.
-B<Note> the B<implicitlyCA> alternative ,as specified in RFC 3279,
-is currently not implemented in OpenSSL.
-
-=item B<-no_seed>
-
-This option inhibits that the 'seed' for the parameter generation
-is included in the ECParameters structure (see RFC 3279).
-
-=item B<-genkey>
-
-This option will generate a EC private key using the specified parameters.
-
-=item B<-rand file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<req>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=back
-
-=head1 NOTES
-
-PEM format EC parameters use the header and footer lines:
-
- -----BEGIN EC PARAMETERS-----
- -----END EC PARAMETERS-----
-
-OpenSSL is currently not able to generate new groups and therefore
-B<ecparam> can only create EC parameters from known (named) curves.
-
-=head1 EXAMPLES
-
-To create EC parameters with the group 'prime192v1':
-
- openssl ecparam -out ec_param.pem -name prime192v1
-
-To create EC parameters with explicit parameters:
-
- openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
-
-To validate given EC parameters:
-
- openssl ecparam -in ec_param.pem -check
-
-To create EC parameters and a private key:
-
- openssl ecparam -out ec_key.pem -name prime192v1 -genkey
-
-To change the point encoding to 'compressed':
-
- openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
-
-To print out the EC parameters to standard output:
-
- openssl ecparam -in ec_param.pem -noout -text
-
-=head1 SEE ALSO
-
-L<ec(1)|ec(1)>, L<dsaparam(1)|dsaparam(1)>
-
-=head1 HISTORY
-
-The ecparam command was first introduced in OpenSSL 0.9.8.
-
-=head1 AUTHOR
-
-Nils Larsch for the OpenSSL project (http://www.openssl.org)
-
-=cut
diff --git a/crypto/openssl/doc/apps/enc.pod b/crypto/openssl/doc/apps/enc.pod
deleted file mode 100644
index c43da5b..0000000
--- a/crypto/openssl/doc/apps/enc.pod
+++ /dev/null
@@ -1,271 +0,0 @@
-=pod
-
-=head1 NAME
-
-enc - symmetric cipher routines
-
-=head1 SYNOPSIS
-
-B<openssl enc -ciphername>
-[B<-in filename>]
-[B<-out filename>]
-[B<-pass arg>]
-[B<-e>]
-[B<-d>]
-[B<-a>]
-[B<-A>]
-[B<-k password>]
-[B<-kfile filename>]
-[B<-K key>]
-[B<-iv IV>]
-[B<-p>]
-[B<-P>]
-[B<-bufsize number>]
-[B<-nopad>]
-[B<-debug>]
-
-=head1 DESCRIPTION
-
-The symmetric cipher commands allow data to be encrypted or decrypted
-using various block and stream ciphers using keys based on passwords
-or explicitly provided. Base64 encoding or decoding can also be performed
-either by itself or in addition to the encryption or decryption.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-in filename>
-
-the input filename, standard input by default.
-
-=item B<-out filename>
-
-the output filename, standard output by default.
-
-=item B<-pass arg>
-
-the password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-salt>
-
-use a salt in the key derivation routines. This option should B<ALWAYS>
-be used unless compatibility with previous versions of OpenSSL or SSLeay
-is required. This option is only present on OpenSSL versions 0.9.5 or
-above.
-
-=item B<-nosalt>
-
-don't use a salt in the key derivation routines. This is the default for
-compatibility with previous versions of OpenSSL and SSLeay.
-
-=item B<-e>
-
-encrypt the input data: this is the default.
-
-=item B<-d>
-
-decrypt the input data.
-
-=item B<-a>
-
-base64 process the data. This means that if encryption is taking place
-the data is base64 encoded after encryption. If decryption is set then
-the input data is base64 decoded before being decrypted.
-
-=item B<-A>
-
-if the B<-a> option is set then base64 process the data on one line.
-
-=item B<-k password>
-
-the password to derive the key from. This is for compatibility with previous
-versions of OpenSSL. Superseded by the B<-pass> argument.
-
-=item B<-kfile filename>
-
-read the password to derive the key from the first line of B<filename>.
-This is for compatibility with previous versions of OpenSSL. Superseded by
-the B<-pass> argument.
-
-=item B<-S salt>
-
-the actual salt to use: this must be represented as a string comprised only
-of hex digits.
-
-=item B<-K key>
-
-the actual key to use: this must be represented as a string comprised only
-of hex digits. If only the key is specified, the IV must additionally specified
-using the B<-iv> option. When both a key and a password are specified, the
-key given with the B<-K> option will be used and the IV generated from the
-password will be taken. It probably does not make much sense to specify
-both key and password.
-
-=item B<-iv IV>
-
-the actual IV to use: this must be represented as a string comprised only
-of hex digits. When only the key is specified using the B<-K> option, the
-IV must explicitly be defined. When a password is being specified using
-one of the other options, the IV is generated from this password.
-
-=item B<-p>
-
-print out the key and IV used.
-
-=item B<-P>
-
-print out the key and IV used then immediately exit: don't do any encryption
-or decryption.
-
-=item B<-bufsize number>
-
-set the buffer size for I/O
-
-=item B<-nopad>
-
-disable standard block padding
-
-=item B<-debug>
-
-debug the BIOs used for I/O.
-
-=back
-
-=head1 NOTES
-
-The program can be called either as B<openssl ciphername> or
-B<openssl enc -ciphername>.
-
-A password will be prompted for to derive the key and IV if necessary.
-
-The B<-salt> option should B<ALWAYS> be used if the key is being derived
-from a password unless you want compatibility with previous versions of
-OpenSSL and SSLeay.
-
-Without the B<-salt> option it is possible to perform efficient dictionary
-attacks on the password and to attack stream cipher encrypted data. The reason
-for this is that without the salt the same password always generates the same
-encryption key. When the salt is being used the first eight bytes of the
-encrypted data are reserved for the salt: it is generated at random when
-encrypting a file and read from the encrypted file when it is decrypted.
-
-Some of the ciphers do not have large keys and others have security
-implications if not used correctly. A beginner is advised to just use
-a strong block cipher in CBC mode such as bf or des3.
-
-All the block ciphers normally use PKCS#5 padding also known as standard block
-padding: this allows a rudimentary integrity or password check to be
-performed. However since the chance of random data passing the test is
-better than 1 in 256 it isn't a very good test.
-
-If padding is disabled then the input data must be a multiple of the cipher
-block length.
-
-All RC2 ciphers have the same key and effective key length.
-
-Blowfish and RC5 algorithms use a 128 bit key.
-
-=head1 SUPPORTED CIPHERS
-
- base64 Base 64
-
- bf-cbc Blowfish in CBC mode
- bf Alias for bf-cbc
- bf-cfb Blowfish in CFB mode
- bf-ecb Blowfish in ECB mode
- bf-ofb Blowfish in OFB mode
-
- cast-cbc CAST in CBC mode
- cast Alias for cast-cbc
- cast5-cbc CAST5 in CBC mode
- cast5-cfb CAST5 in CFB mode
- cast5-ecb CAST5 in ECB mode
- cast5-ofb CAST5 in OFB mode
-
- des-cbc DES in CBC mode
- des Alias for des-cbc
- des-cfb DES in CBC mode
- des-ofb DES in OFB mode
- des-ecb DES in ECB mode
-
- des-ede-cbc Two key triple DES EDE in CBC mode
- des-ede Two key triple DES EDE in ECB mode
- des-ede-cfb Two key triple DES EDE in CFB mode
- des-ede-ofb Two key triple DES EDE in OFB mode
-
- des-ede3-cbc Three key triple DES EDE in CBC mode
- des-ede3 Three key triple DES EDE in ECB mode
- des3 Alias for des-ede3-cbc
- des-ede3-cfb Three key triple DES EDE CFB mode
- des-ede3-ofb Three key triple DES EDE in OFB mode
-
- desx DESX algorithm.
-
- idea-cbc IDEA algorithm in CBC mode
- idea same as idea-cbc
- idea-cfb IDEA in CFB mode
- idea-ecb IDEA in ECB mode
- idea-ofb IDEA in OFB mode
-
- rc2-cbc 128 bit RC2 in CBC mode
- rc2 Alias for rc2-cbc
- rc2-cfb 128 bit RC2 in CFB mode
- rc2-ecb 128 bit RC2 in ECB mode
- rc2-ofb 128 bit RC2 in OFB mode
- rc2-64-cbc 64 bit RC2 in CBC mode
- rc2-40-cbc 40 bit RC2 in CBC mode
-
- rc4 128 bit RC4
- rc4-64 64 bit RC4
- rc4-40 40 bit RC4
-
- rc5-cbc RC5 cipher in CBC mode
- rc5 Alias for rc5-cbc
- rc5-cfb RC5 cipher in CFB mode
- rc5-ecb RC5 cipher in ECB mode
- rc5-ofb RC5 cipher in OFB mode
-
-=head1 EXAMPLES
-
-Just base64 encode a binary file:
-
- openssl base64 -in file.bin -out file.b64
-
-Decode the same file
-
- openssl base64 -d -in file.b64 -out file.bin
-
-Encrypt a file using triple DES in CBC mode using a prompted password:
-
- openssl des3 -salt -in file.txt -out file.des3
-
-Decrypt a file using a supplied password:
-
- openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword
-
-Encrypt a file then base64 encode it (so it can be sent via mail for example)
-using Blowfish in CBC mode:
-
- openssl bf -a -salt -in file.txt -out file.bf
-
-Base64 decode a file then decrypt it:
-
- openssl bf -d -salt -a -in file.bf -out file.txt
-
-Decrypt some data using a supplied 40 bit RC4 key:
-
- openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405
-
-=head1 BUGS
-
-The B<-A> option when used with large files doesn't work properly.
-
-There should be an option to allow an iteration count to be included.
-
-The B<enc> program only supports a fixed number of algorithms with
-certain parameters. So if, for example, you want to use RC2 with a
-76 bit key or RC4 with an 84 bit key you can't use this program.
-
-=cut
diff --git a/crypto/openssl/doc/apps/errstr.pod b/crypto/openssl/doc/apps/errstr.pod
deleted file mode 100644
index b3c6ccfc..0000000
--- a/crypto/openssl/doc/apps/errstr.pod
+++ /dev/null
@@ -1,39 +0,0 @@
-=pod
-
-=head1 NAME
-
-errstr - lookup error codes
-
-=head1 SYNOPSIS
-
-B<openssl errstr error_code>
-
-=head1 DESCRIPTION
-
-Sometimes an application will not load error message and only
-numerical forms will be available. The B<errstr> utility can be used to
-display the meaning of the hex code. The hex code is the hex digits after the
-second colon.
-
-=head1 EXAMPLE
-
-The error code:
-
- 27594:error:2006D080:lib(32):func(109):reason(128):bss_file.c:107:
-
-can be displayed with:
-
- openssl errstr 2006D080
-
-to produce the error message:
-
- error:2006D080:BIO routines:BIO_new_file:no such file
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>,
-L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
-L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
-
-
-=cut
diff --git a/crypto/openssl/doc/apps/gendsa.pod b/crypto/openssl/doc/apps/gendsa.pod
deleted file mode 100644
index 2c56cc7..0000000
--- a/crypto/openssl/doc/apps/gendsa.pod
+++ /dev/null
@@ -1,66 +0,0 @@
-=pod
-
-=head1 NAME
-
-gendsa - generate a DSA private key from a set of parameters
-
-=head1 SYNOPSIS
-
-B<openssl> B<gendsa>
-[B<-out filename>]
-[B<-des>]
-[B<-des3>]
-[B<-idea>]
-[B<-rand file(s)>]
-[B<-engine id>]
-[B<paramfile>]
-
-=head1 DESCRIPTION
-
-The B<gendsa> command generates a DSA private key from a DSA parameter file
-(which will be typically generated by the B<openssl dsaparam> command).
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-des|-des3|-idea>
-
-These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
-If none of these options is specified no encryption is used.
-
-=item B<-rand file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<req>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=item B<paramfile>
-
-This option specifies the DSA parameter file to use. The parameters in this
-file determine the size of the private key. DSA parameters can be generated
-and examined using the B<openssl dsaparam> command.
-
-=back
-
-=head1 NOTES
-
-DSA key generation is little more than random number generation so it is
-much quicker that RSA key generation for example.
-
-=head1 SEE ALSO
-
-L<dsaparam(1)|dsaparam(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>,
-L<rsa(1)|rsa(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/genrsa.pod b/crypto/openssl/doc/apps/genrsa.pod
deleted file mode 100644
index 25af4d1..0000000
--- a/crypto/openssl/doc/apps/genrsa.pod
+++ /dev/null
@@ -1,96 +0,0 @@
-=pod
-
-=head1 NAME
-
-genrsa - generate an RSA private key
-
-=head1 SYNOPSIS
-
-B<openssl> B<genrsa>
-[B<-out filename>]
-[B<-passout arg>]
-[B<-des>]
-[B<-des3>]
-[B<-idea>]
-[B<-f4>]
-[B<-3>]
-[B<-rand file(s)>]
-[B<-engine id>]
-[B<numbits>]
-
-=head1 DESCRIPTION
-
-The B<genrsa> command generates an RSA private key.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-out filename>
-
-the output filename. If this argument is not specified then standard output is
-used.
-
-=item B<-passout arg>
-
-the output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-des|-des3|-idea>
-
-These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers respectively before outputting it. If none of these options is
-specified no encryption is used. If encryption is used a pass phrase is prompted
-for if it is not supplied via the B<-passout> argument.
-
-=item B<-F4|-3>
-
-the public exponent to use, either 65537 or 3. The default is 65537.
-
-=item B<-rand file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<req>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=item B<numbits>
-
-the size of the private key to generate in bits. This must be the last option
-specified. The default is 512.
-
-=back
-
-=head1 NOTES
-
-RSA private key generation essentially involves the generation of two prime
-numbers. When generating a private key various symbols will be output to
-indicate the progress of the generation. A B<.> represents each number which
-has passed an initial sieve test, B<+> means a number has passed a single
-round of the Miller-Rabin primality test. A newline means that the number has
-passed all the prime tests (the actual number depends on the key size).
-
-Because key generation is a random process the time taken to generate a key
-may vary somewhat.
-
-=head1 BUGS
-
-A quirk of the prime generation algorithm is that it cannot generate small
-primes. Therefore the number of bits should not be less that 64. For typical
-private keys this will not matter because for security reasons they will
-be much larger (typically 1024 bits).
-
-=head1 SEE ALSO
-
-L<gendsa(1)|gendsa(1)>
-
-=cut
-
diff --git a/crypto/openssl/doc/apps/nseq.pod b/crypto/openssl/doc/apps/nseq.pod
deleted file mode 100644
index 989c310..0000000
--- a/crypto/openssl/doc/apps/nseq.pod
+++ /dev/null
@@ -1,70 +0,0 @@
-=pod
-
-=head1 NAME
-
-nseq - create or examine a netscape certificate sequence
-
-=head1 SYNOPSIS
-
-B<openssl> B<nseq>
-[B<-in filename>]
-[B<-out filename>]
-[B<-toseq>]
-
-=head1 DESCRIPTION
-
-The B<nseq> command takes a file containing a Netscape certificate
-sequence and prints out the certificates contained in it or takes a
-file of certificates and converts it into a Netscape certificate
-sequence.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-in filename>
-
-This specifies the input filename to read or standard input if this
-option is not specified.
-
-=item B<-out filename>
-
-specifies the output filename or standard output by default.
-
-=item B<-toseq>
-
-normally a Netscape certificate sequence will be input and the output
-is the certificates contained in it. With the B<-toseq> option the
-situation is reversed: a Netscape certificate sequence is created from
-a file of certificates.
-
-=back
-
-=head1 EXAMPLES
-
-Output the certificates in a Netscape certificate sequence
-
- openssl nseq -in nseq.pem -out certs.pem
-
-Create a Netscape certificate sequence
-
- openssl nseq -in certs.pem -toseq -out nseq.pem
-
-=head1 NOTES
-
-The B<PEM> encoded form uses the same headers and footers as a certificate:
-
- -----BEGIN CERTIFICATE-----
- -----END CERTIFICATE-----
-
-A Netscape certificate sequence is a Netscape specific form that can be sent
-to browsers as an alternative to the standard PKCS#7 format when several
-certificates are sent to the browser: for example during certificate enrollment.
-It is used by Netscape certificate server for example.
-
-=head1 BUGS
-
-This program needs a few more options: like allowing DER or PEM input and
-output files and allowing multiple certificate files to be used.
-
-=cut
diff --git a/crypto/openssl/doc/apps/ocsp.pod b/crypto/openssl/doc/apps/ocsp.pod
deleted file mode 100644
index 4f26605..0000000
--- a/crypto/openssl/doc/apps/ocsp.pod
+++ /dev/null
@@ -1,365 +0,0 @@
-=pod
-
-=head1 NAME
-
-ocsp - Online Certificate Status Protocol utility
-
-=head1 SYNOPSIS
-
-B<openssl> B<ocsp>
-[B<-out file>]
-[B<-issuer file>]
-[B<-cert file>]
-[B<-serial n>]
-[B<-signer file>]
-[B<-signkey file>]
-[B<-sign_other file>]
-[B<-no_certs>]
-[B<-req_text>]
-[B<-resp_text>]
-[B<-text>]
-[B<-reqout file>]
-[B<-respout file>]
-[B<-reqin file>]
-[B<-respin file>]
-[B<-nonce>]
-[B<-no_nonce>]
-[B<-url URL>]
-[B<-host host:n>]
-[B<-path>]
-[B<-CApath dir>]
-[B<-CAfile file>]
-[B<-VAfile file>]
-[B<-validity_period n>]
-[B<-status_age n>]
-[B<-noverify>]
-[B<-verify_other file>]
-[B<-trust_other>]
-[B<-no_intern>]
-[B<-no_signature_verify>]
-[B<-no_cert_verify>]
-[B<-no_chain>]
-[B<-no_cert_checks>]
-[B<-port num>]
-[B<-index file>]
-[B<-CA file>]
-[B<-rsigner file>]
-[B<-rkey file>]
-[B<-rother file>]
-[B<-resp_no_certs>]
-[B<-nmin n>]
-[B<-ndays n>]
-[B<-resp_key_id>]
-[B<-nrequest n>]
-
-=head1 DESCRIPTION
-
-The Online Certificate Status Protocol (OCSP) enables applications to
-determine the (revocation) state of an identified certificate (RFC 2560).
-
-The B<ocsp> command performs many common OCSP tasks. It can be used
-to print out requests and responses, create requests and send queries
-to an OCSP responder and behave like a mini OCSP server itself.
-
-=head1 OCSP CLIENT OPTIONS
-
-=over 4
-
-=item B<-out filename>
-
-specify output filename, default is standard output.
-
-=item B<-issuer filename>
-
-This specifies the current issuer certificate. This option can be used
-multiple times. The certificate specified in B<filename> must be in
-PEM format.
-
-=item B<-cert filename>
-
-Add the certificate B<filename> to the request. The issuer certificate
-is taken from the previous B<issuer> option, or an error occurs if no
-issuer certificate is specified.
-
-=item B<-serial num>
-
-Same as the B<cert> option except the certificate with serial number
-B<num> is added to the request. The serial number is interpreted as a
-decimal integer unless preceded by B<0x>. Negative integers can also
-be specified by preceding the value by a B<-> sign.
-
-=item B<-signer filename>, B<-signkey filename>
-
-Sign the OCSP request using the certificate specified in the B<signer>
-option and the private key specified by the B<signkey> option. If
-the B<signkey> option is not present then the private key is read
-from the same file as the certificate. If neither option is specified then
-the OCSP request is not signed.
-
-=item B<-sign_other filename>
-
-Additional certificates to include in the signed request.
-
-=item B<-nonce>, B<-no_nonce>
-
-Add an OCSP nonce extension to a request or disable OCSP nonce addition.
-Normally if an OCSP request is input using the B<respin> option no
-nonce is added: using the B<nonce> option will force addition of a nonce.
-If an OCSP request is being created (using B<cert> and B<serial> options)
-a nonce is automatically added specifying B<no_nonce> overrides this.
-
-=item B<-req_text>, B<-resp_text>, B<-text>
-
-print out the text form of the OCSP request, response or both respectively.
-
-=item B<-reqout file>, B<-respout file>
-
-write out the DER encoded certificate request or response to B<file>.
-
-=item B<-reqin file>, B<-respin file>
-
-read OCSP request or response file from B<file>. These option are ignored
-if OCSP request or response creation is implied by other options (for example
-with B<serial>, B<cert> and B<host> options).
-
-=item B<-url responder_url>
-
-specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified.
-
-=item B<-host hostname:port>, B<-path pathname>
-
-if the B<host> option is present then the OCSP request is sent to the host
-B<hostname> on port B<port>. B<path> specifies the HTTP path name to use
-or "/" by default.
-
-=item B<-CAfile file>, B<-CApath pathname>
-
-file or pathname containing trusted CA certificates. These are used to verify
-the signature on the OCSP response.
-
-=item B<-verify_other file>
-
-file containing additional certificates to search when attempting to locate
-the OCSP response signing certificate. Some responders omit the actual signer's
-certificate from the response: this option can be used to supply the necessary
-certificate in such cases.
-
-=item B<-trust_other>
-
-the certificates specified by the B<-verify_certs> option should be explicitly
-trusted and no additional checks will be performed on them. This is useful
-when the complete responder certificate chain is not available or trusting a
-root CA is not appropriate.
-
-=item B<-VAfile file>
-
-file containing explicitly trusted responder certificates. Equivalent to the
-B<-verify_certs> and B<-trust_other> options.
-
-=item B<-noverify>
-
-don't attempt to verify the OCSP response signature or the nonce values. This
-option will normally only be used for debugging since it disables all verification
-of the responders certificate.
-
-=item B<-no_intern>
-
-ignore certificates contained in the OCSP response when searching for the
-signers certificate. With this option the signers certificate must be specified
-with either the B<-verify_certs> or B<-VAfile> options.
-
-=item B<-no_signature_verify>
-
-don't check the signature on the OCSP response. Since this option tolerates invalid
-signatures on OCSP responses it will normally only be used for testing purposes.
-
-=item B<-no_cert_verify>
-
-don't verify the OCSP response signers certificate at all. Since this option allows
-the OCSP response to be signed by any certificate it should only be used for
-testing purposes.
-
-=item B<-no_chain>
-
-do not use certificates in the response as additional untrusted CA
-certificates.
-
-=item B<-no_cert_checks>
-
-don't perform any additional checks on the OCSP response signers certificate.
-That is do not make any checks to see if the signers certificate is authorised
-to provide the necessary status information: as a result this option should
-only be used for testing purposes.
-
-=item B<-validity_period nsec>, B<-status_age age>
-
-these options specify the range of times, in seconds, which will be tolerated
-in an OCSP response. Each certificate status response includes a B<notBefore> time and
-an optional B<notAfter> time. The current time should fall between these two values, but
-the interval between the two times may be only a few seconds. In practice the OCSP
-responder and clients clocks may not be precisely synchronised and so such a check
-may fail. To avoid this the B<-validity_period> option can be used to specify an
-acceptable error range in seconds, the default value is 5 minutes.
-
-If the B<notAfter> time is omitted from a response then this means that new status
-information is immediately available. In this case the age of the B<notBefore> field
-is checked to see it is not older than B<age> seconds old. By default this additional
-check is not performed.
-
-=back
-
-=head1 OCSP SERVER OPTIONS
-
-=over 4
-
-=item B<-index indexfile>
-
-B<indexfile> is a text index file in B<ca> format containing certificate revocation
-information.
-
-If the B<index> option is specified the B<ocsp> utility is in responder mode, otherwise
-it is in client mode. The request(s) the responder processes can be either specified on
-the command line (using B<issuer> and B<serial> options), supplied in a file (using the
-B<respin> option) or via external OCSP clients (if B<port> or B<url> is specified).
-
-If the B<index> option is present then the B<CA> and B<rsigner> options must also be
-present.
-
-=item B<-CA file>
-
-CA certificate corresponding to the revocation information in B<indexfile>.
-
-=item B<-rsigner file>
-
-The certificate to sign OCSP responses with.
-
-=item B<-rother file>
-
-Additional certificates to include in the OCSP response.
-
-=item B<-resp_no_certs>
-
-Don't include any certificates in the OCSP response.
-
-=item B<-resp_key_id>
-
-Identify the signer certificate using the key ID, default is to use the subject name.
-
-=item B<-rkey file>
-
-The private key to sign OCSP responses with: if not present the file specified in the
-B<rsigner> option is used.
-
-=item B<-port portnum>
-
-Port to listen for OCSP requests on. The port may also be specified using the B<url>
-option.
-
-=item B<-nrequest number>
-
-The OCSP server will exit after receiving B<number> requests, default unlimited.
-
-=item B<-nmin minutes>, B<-ndays days>
-
-Number of minutes or days when fresh revocation information is available: used in the
-B<nextUpdate> field. If neither option is present then the B<nextUpdate> field is
-omitted meaning fresh revocation information is immediately available.
-
-=back
-
-=head1 OCSP Response verification.
-
-OCSP Response follows the rules specified in RFC2560.
-
-Initially the OCSP responder certificate is located and the signature on
-the OCSP request checked using the responder certificate's public key.
-
-Then a normal certificate verify is performed on the OCSP responder certificate
-building up a certificate chain in the process. The locations of the trusted
-certificates used to build the chain can be specified by the B<CAfile>
-and B<CApath> options or they will be looked for in the standard OpenSSL
-certificates directory.
-
-If the initial verify fails then the OCSP verify process halts with an
-error.
-
-Otherwise the issuing CA certificate in the request is compared to the OCSP
-responder certificate: if there is a match then the OCSP verify succeeds.
-
-Otherwise the OCSP responder certificate's CA is checked against the issuing
-CA certificate in the request. If there is a match and the OCSPSigning
-extended key usage is present in the OCSP responder certificate then the
-OCSP verify succeeds.
-
-Otherwise the root CA of the OCSP responders CA is checked to see if it
-is trusted for OCSP signing. If it is the OCSP verify succeeds.
-
-If none of these checks is successful then the OCSP verify fails.
-
-What this effectively means if that if the OCSP responder certificate is
-authorised directly by the CA it is issuing revocation information about
-(and it is correctly configured) then verification will succeed.
-
-If the OCSP responder is a "global responder" which can give details about
-multiple CAs and has its own separate certificate chain then its root
-CA can be trusted for OCSP signing. For example:
-
- openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem
-
-Alternatively the responder certificate itself can be explicitly trusted
-with the B<-VAfile> option.
-
-=head1 NOTES
-
-As noted, most of the verify options are for testing or debugging purposes.
-Normally only the B<-CApath>, B<-CAfile> and (if the responder is a 'global
-VA') B<-VAfile> options need to be used.
-
-The OCSP server is only useful for test and demonstration purposes: it is
-not really usable as a full OCSP responder. It contains only a very
-simple HTTP request handling and can only handle the POST form of OCSP
-queries. It also handles requests serially meaning it cannot respond to
-new requests until it has processed the current one. The text index file
-format of revocation is also inefficient for large quantities of revocation
-data.
-
-It is possible to run the B<ocsp> application in responder mode via a CGI
-script using the B<respin> and B<respout> options.
-
-=head1 EXAMPLES
-
-Create an OCSP request and write it to a file:
-
- openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
-
-Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the
-response to a file and print it out in text form
-
- openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
- -url http://ocsp.myhost.com/ -resp_text -respout resp.der
-
-Read in an OCSP response and print out text form:
-
- openssl ocsp -respin resp.der -text
-
-OCSP server on port 8888 using a standard B<ca> configuration, and a separate
-responder certificate. All requests and responses are printed to a file.
-
- openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
- -text -out log.txt
-
-As above but exit after processing one request:
-
- openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
- -nrequest 1
-
-Query status information using internally generated request:
-
- openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
- -issuer demoCA/cacert.pem -serial 1
-
-Query status information using request read from a file, write response to a
-second file.
-
- openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
- -reqin req.der -respout resp.der
diff --git a/crypto/openssl/doc/apps/openssl.pod b/crypto/openssl/doc/apps/openssl.pod
deleted file mode 100644
index dc0f49d..0000000
--- a/crypto/openssl/doc/apps/openssl.pod
+++ /dev/null
@@ -1,345 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-openssl - OpenSSL command line tool
-
-=head1 SYNOPSIS
-
-B<openssl>
-I<command>
-[ I<command_opts> ]
-[ I<command_args> ]
-
-B<openssl> [ B<list-standard-commands> | B<list-message-digest-commands> | B<list-cipher-commands> ]
-
-B<openssl> B<no->I<XXX> [ I<arbitrary options> ]
-
-=head1 DESCRIPTION
-
-OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
-v2/v3) and Transport Layer Security (TLS v1) network protocols and related
-cryptography standards required by them.
-
-The B<openssl> program is a command line tool for using the various
-cryptography functions of OpenSSL's B<crypto> library from the shell.
-It can be used for
-
- o Creation of RSA, DH and DSA key parameters
- o Creation of X.509 certificates, CSRs and CRLs
- o Calculation of Message Digests
- o Encryption and Decryption with Ciphers
- o SSL/TLS Client and Server Tests
- o Handling of S/MIME signed or encrypted mail
-
-=head1 COMMAND SUMMARY
-
-The B<openssl> program provides a rich variety of commands (I<command> in the
-SYNOPSIS above), each of which often has a wealth of options and arguments
-(I<command_opts> and I<command_args> in the SYNOPSIS).
-
-The pseudo-commands B<list-standard-commands>, B<list-message-digest-commands>,
-and B<list-cipher-commands> output a list (one entry per line) of the names
-of all standard commands, message digest commands, or cipher commands,
-respectively, that are available in the present B<openssl> utility.
-
-The pseudo-command B<no->I<XXX> tests whether a command of the
-specified name is available. If no command named I<XXX> exists, it
-returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1
-and prints I<XXX>. In both cases, the output goes to B<stdout> and
-nothing is printed to B<stderr>. Additional command line arguments
-are always ignored. Since for each cipher there is a command of the
-same name, this provides an easy way for shell scripts to test for the
-availability of ciphers in the B<openssl> program. (B<no->I<XXX> is
-not able to detect pseudo-commands such as B<quit>,
-B<list->I<...>B<-commands>, or B<no->I<XXX> itself.)
-
-=head2 STANDARD COMMANDS
-
-=over 10
-
-=item L<B<asn1parse>|asn1parse(1)>
-
-Parse an ASN.1 sequence.
-
-=item L<B<ca>|ca(1)>
-
-Certificate Authority (CA) Management.
-
-=item L<B<ciphers>|ciphers(1)>
-
-Cipher Suite Description Determination.
-
-=item L<B<crl>|crl(1)>
-
-Certificate Revocation List (CRL) Management.
-
-=item L<B<crl2pkcs7>|crl2pkcs7(1)>
-
-CRL to PKCS#7 Conversion.
-
-=item L<B<dgst>|dgst(1)>
-
-Message Digest Calculation.
-
-=item B<dh>
-
-Diffie-Hellman Parameter Management.
-Obsoleted by L<B<dhparam>|dhparam(1)>.
-
-=item L<B<dsa>|dsa(1)>
-
-DSA Data Management.
-
-=item L<B<dsaparam>|dsaparam(1)>
-
-DSA Parameter Generation.
-
-=item L<B<enc>|enc(1)>
-
-Encoding with Ciphers.
-
-=item L<B<errstr>|errstr(1)>
-
-Error Number to Error String Conversion.
-
-=item L<B<dhparam>|dhparam(1)>
-
-Generation and Management of Diffie-Hellman Parameters.
-
-=item B<gendh>
-
-Generation of Diffie-Hellman Parameters.
-Obsoleted by L<B<dhparam>|dhparam(1)>.
-
-=item L<B<gendsa>|gendsa(1)>
-
-Generation of DSA Parameters.
-
-=item L<B<genrsa>|genrsa(1)>
-
-Generation of RSA Parameters.
-
-=item L<B<ocsp>|ocsp(1)>
-
-Online Certificate Status Protocol utility.
-
-=item L<B<passwd>|passwd(1)>
-
-Generation of hashed passwords.
-
-=item L<B<pkcs12>|pkcs12(1)>
-
-PKCS#12 Data Management.
-
-=item L<B<pkcs7>|pkcs7(1)>
-
-PKCS#7 Data Management.
-
-=item L<B<rand>|rand(1)>
-
-Generate pseudo-random bytes.
-
-=item L<B<req>|req(1)>
-
-X.509 Certificate Signing Request (CSR) Management.
-
-=item L<B<rsa>|rsa(1)>
-
-RSA Data Management.
-
-=item L<B<rsautl>|rsautl(1)>
-
-RSA utility for signing, verification, encryption, and decryption.
-
-=item L<B<s_client>|s_client(1)>
-
-This implements a generic SSL/TLS client which can establish a transparent
-connection to a remote server speaking SSL/TLS. It's intended for testing
-purposes only and provides only rudimentary interface functionality but
-internally uses mostly all functionality of the OpenSSL B<ssl> library.
-
-=item L<B<s_server>|s_server(1)>
-
-This implements a generic SSL/TLS server which accepts connections from remote
-clients speaking SSL/TLS. It's intended for testing purposes only and provides
-only rudimentary interface functionality but internally uses mostly all
-functionality of the OpenSSL B<ssl> library. It provides both an own command
-line oriented protocol for testing SSL functions and a simple HTTP response
-facility to emulate an SSL/TLS-aware webserver.
-
-=item L<B<s_time>|s_time(1)>
-
-SSL Connection Timer.
-
-=item L<B<sess_id>|sess_id(1)>
-
-SSL Session Data Management.
-
-=item L<B<smime>|smime(1)>
-
-S/MIME mail processing.
-
-=item L<B<speed>|speed(1)>
-
-Algorithm Speed Measurement.
-
-=item L<B<verify>|verify(1)>
-
-X.509 Certificate Verification.
-
-=item L<B<version>|version(1)>
-
-OpenSSL Version Information.
-
-=item L<B<x509>|x509(1)>
-
-X.509 Certificate Data Management.
-
-=back
-
-=head2 MESSAGE DIGEST COMMANDS
-
-=over 10
-
-=item B<md2>
-
-MD2 Digest
-
-=item B<md5>
-
-MD5 Digest
-
-=item B<mdc2>
-
-MDC2 Digest
-
-=item B<rmd160>
-
-RMD-160 Digest
-
-=item B<sha>
-
-SHA Digest
-
-=item B<sha1>
-
-SHA-1 Digest
-
-=back
-
-=head2 ENCODING AND CIPHER COMMANDS
-
-=over 10
-
-=item B<base64>
-
-Base64 Encoding
-
-=item B<bf bf-cbc bf-cfb bf-ecb bf-ofb>
-
-Blowfish Cipher
-
-=item B<cast cast-cbc>
-
-CAST Cipher
-
-=item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb>
-
-CAST5 Cipher
-
-=item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb>
-
-DES Cipher
-
-=item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb>
-
-Triple-DES Cipher
-
-=item B<idea idea-cbc idea-cfb idea-ecb idea-ofb>
-
-IDEA Cipher
-
-=item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb>
-
-RC2 Cipher
-
-=item B<rc4>
-
-RC4 Cipher
-
-=item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb>
-
-RC5 Cipher
-
-=back
-
-=head1 PASS PHRASE ARGUMENTS
-
-Several commands accept password arguments, typically using B<-passin>
-and B<-passout> for input and output passwords respectively. These allow
-the password to be obtained from a variety of sources. Both of these
-options take a single argument whose format is described below. If no
-password argument is given and a password is required then the user is
-prompted to enter one: this will typically be read from the current
-terminal with echoing turned off.
-
-=over 10
-
-=item B<pass:password>
-
-the actual password is B<password>. Since the password is visible
-to utilities (like 'ps' under Unix) this form should only be used
-where security is not important.
-
-=item B<env:var>
-
-obtain the password from the environment variable B<var>. Since
-the environment of other processes is visible on certain platforms
-(e.g. ps under certain Unix OSes) this option should be used with caution.
-
-=item B<file:pathname>
-
-the first line of B<pathname> is the password. If the same B<pathname>
-argument is supplied to B<-passin> and B<-passout> arguments then the first
-line will be used for the input password and the next line for the output
-password. B<pathname> need not refer to a regular file: it could for example
-refer to a device or named pipe.
-
-=item B<fd:number>
-
-read the password from the file descriptor B<number>. This can be used to
-send the data via a pipe for example.
-
-=item B<stdin>
-
-read the password from standard input.
-
-=back
-
-=head1 SEE ALSO
-
-L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>,
-L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkcs7(1)>, L<dgst(1)|dgst(1)>,
-L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
-L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>,
-L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
-L<passwd(1)|passwd(1)>,
-L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
-L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
-L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
-L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
-L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
-L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>,
-L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>
-
-=head1 HISTORY
-
-The openssl(1) document appeared in OpenSSL 0.9.2.
-The B<list->I<XXX>B<-commands> pseudo-commands were added in OpenSSL 0.9.3;
-the B<no->I<XXX> pseudo-commands were added in OpenSSL 0.9.5a.
-For notes on the availability of other commands, see their individual
-manual pages.
-
-=cut
diff --git a/crypto/openssl/doc/apps/passwd.pod b/crypto/openssl/doc/apps/passwd.pod
deleted file mode 100644
index f449825..0000000
--- a/crypto/openssl/doc/apps/passwd.pod
+++ /dev/null
@@ -1,82 +0,0 @@
-=pod
-
-=head1 NAME
-
-passwd - compute password hashes
-
-=head1 SYNOPSIS
-
-B<openssl passwd>
-[B<-crypt>]
-[B<-1>]
-[B<-apr1>]
-[B<-salt> I<string>]
-[B<-in> I<file>]
-[B<-stdin>]
-[B<-noverify>]
-[B<-quiet>]
-[B<-table>]
-{I<password>}
-
-=head1 DESCRIPTION
-
-The B<passwd> command computes the hash of a password typed at
-run-time or the hash of each password in a list. The password list is
-taken from the named file for option B<-in file>, from stdin for
-option B<-stdin>, or from the command line, or from the terminal otherwise.
-The Unix standard algorithm B<crypt> and the MD5-based BSD password
-algorithm B<1> and its Apache variant B<apr1> are available.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-crypt>
-
-Use the B<crypt> algorithm (default).
-
-=item B<-1>
-
-Use the MD5 based BSD password algorithm B<1>.
-
-=item B<-apr1>
-
-Use the B<apr1> algorithm (Apache variant of the BSD algorithm).
-
-=item B<-salt> I<string>
-
-Use the specified salt.
-When reading a password from the terminal, this implies B<-noverify>.
-
-=item B<-in> I<file>
-
-Read passwords from I<file>.
-
-=item B<-stdin>
-
-Read passwords from B<stdin>.
-
-=item B<-noverify>
-
-Don't verify when reading a password from the terminal.
-
-=item B<-quiet>
-
-Don't output warnings when passwords given at the command line are truncated.
-
-=item B<-table>
-
-In the output list, prepend the cleartext password and a TAB character
-to each password hash.
-
-=back
-
-=head1 EXAMPLES
-
-B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
-
-B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>.
-
-B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
-
-=cut
diff --git a/crypto/openssl/doc/apps/pkcs12.pod b/crypto/openssl/doc/apps/pkcs12.pod
deleted file mode 100644
index 7d84146..0000000
--- a/crypto/openssl/doc/apps/pkcs12.pod
+++ /dev/null
@@ -1,330 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-pkcs12 - PKCS#12 file utility
-
-=head1 SYNOPSIS
-
-B<openssl> B<pkcs12>
-[B<-export>]
-[B<-chain>]
-[B<-inkey filename>]
-[B<-certfile filename>]
-[B<-name name>]
-[B<-caname name>]
-[B<-in filename>]
-[B<-out filename>]
-[B<-noout>]
-[B<-nomacver>]
-[B<-nocerts>]
-[B<-clcerts>]
-[B<-cacerts>]
-[B<-nokeys>]
-[B<-info>]
-[B<-des>]
-[B<-des3>]
-[B<-idea>]
-[B<-nodes>]
-[B<-noiter>]
-[B<-maciter>]
-[B<-twopass>]
-[B<-descert>]
-[B<-certpbe>]
-[B<-keypbe>]
-[B<-keyex>]
-[B<-keysig>]
-[B<-password arg>]
-[B<-passin arg>]
-[B<-passout arg>]
-[B<-rand file(s)>]
-
-=head1 DESCRIPTION
-
-The B<pkcs12> command allows PKCS#12 files (sometimes referred to as
-PFX files) to be created and parsed. PKCS#12 files are used by several
-programs including Netscape, MSIE and MS Outlook.
-
-=head1 COMMAND OPTIONS
-
-There are a lot of options the meaning of some depends of whether a PKCS#12 file
-is being created or parsed. By default a PKCS#12 file is parsed a PKCS#12
-file can be created by using the B<-export> option (see below).
-
-=head1 PARSING OPTIONS
-
-=over 4
-
-=item B<-in filename>
-
-This specifies filename of the PKCS#12 file to be parsed. Standard input is used
-by default.
-
-=item B<-out filename>
-
-The filename to write certificates and private keys to, standard output by default.
-They are all written in PEM format.
-
-=item B<-pass arg>, B<-passin arg>
-
-the PKCS#12 file (i.e. input file) password source. For more information about the
-format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
-L<openssl(1)|openssl(1)>.
-
-=item B<-passout arg>
-
-pass phrase source to encrypt any outputed private keys with. For more information
-about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
-L<openssl(1)|openssl(1)>.
-
-=item B<-noout>
-
-this option inhibits output of the keys and certificates to the output file version
-of the PKCS#12 file.
-
-=item B<-clcerts>
-
-only output client certificates (not CA certificates).
-
-=item B<-cacerts>
-
-only output CA certificates (not client certificates).
-
-=item B<-nocerts>
-
-no certificates at all will be output.
-
-=item B<-nokeys>
-
-no private keys will be output.
-
-=item B<-info>
-
-output additional information about the PKCS#12 file structure, algorithms used and
-iteration counts.
-
-=item B<-des>
-
-use DES to encrypt private keys before outputting.
-
-=item B<-des3>
-
-use triple DES to encrypt private keys before outputting, this is the default.
-
-=item B<-idea>
-
-use IDEA to encrypt private keys before outputting.
-
-=item B<-nodes>
-
-don't encrypt the private keys at all.
-
-=item B<-nomacver>
-
-don't attempt to verify the integrity MAC before reading the file.
-
-=item B<-twopass>
-
-prompt for separate integrity and encryption passwords: most software
-always assumes these are the same so this option will render such
-PKCS#12 files unreadable.
-
-=back
-
-=head1 FILE CREATION OPTIONS
-
-=over 4
-
-=item B<-export>
-
-This option specifies that a PKCS#12 file will be created rather than
-parsed.
-
-=item B<-out filename>
-
-This specifies filename to write the PKCS#12 file to. Standard output is used
-by default.
-
-=item B<-in filename>
-
-The filename to read certificates and private keys from, standard input by default.
-They must all be in PEM format. The order doesn't matter but one private key and
-its corresponding certificate should be present. If additional certificates are
-present they will also be included in the PKCS#12 file.
-
-=item B<-inkey filename>
-
-file to read private key from. If not present then a private key must be present
-in the input file.
-
-=item B<-name friendlyname>
-
-This specifies the "friendly name" for the certificate and private key. This name
-is typically displayed in list boxes by software importing the file.
-
-=item B<-certfile filename>
-
-A filename to read additional certificates from.
-
-=item B<-caname friendlyname>
-
-This specifies the "friendly name" for other certificates. This option may be
-used multiple times to specify names for all certificates in the order they
-appear. Netscape ignores friendly names on other certificates whereas MSIE
-displays them.
-
-=item B<-pass arg>, B<-passout arg>
-
-the PKCS#12 file (i.e. output file) password source. For more information about
-the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
-L<openssl(1)|openssl(1)>.
-
-=item B<-passin password>
-
-pass phrase source to decrypt any input private keys with. For more information
-about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
-L<openssl(1)|openssl(1)>.
-
-=item B<-chain>
-
-if this option is present then an attempt is made to include the entire
-certificate chain of the user certificate. The standard CA store is used
-for this search. If the search fails it is considered a fatal error.
-
-=item B<-descert>
-
-encrypt the certificate using triple DES, this may render the PKCS#12
-file unreadable by some "export grade" software. By default the private
-key is encrypted using triple DES and the certificate using 40 bit RC2.
-
-=item B<-keypbe alg>, B<-certpbe alg>
-
-these options allow the algorithm used to encrypt the private key and
-certificates to be selected. Although any PKCS#5 v1.5 or PKCS#12 algorithms
-can be selected it is advisable only to use PKCS#12 algorithms. See the list
-in the B<NOTES> section for more information.
-
-=item B<-keyex|-keysig>
-
-specifies that the private key is to be used for key exchange or just signing.
-This option is only interpreted by MSIE and similar MS software. Normally
-"export grade" software will only allow 512 bit RSA keys to be used for
-encryption purposes but arbitrary length keys for signing. The B<-keysig>
-option marks the key for signing only. Signing only keys can be used for
-S/MIME signing, authenticode (ActiveX control signing) and SSL client
-authentication, however due to a bug only MSIE 5.0 and later support
-the use of signing only keys for SSL client authentication.
-
-=item B<-nomaciter>, B<-noiter>
-
-these options affect the iteration counts on the MAC and key algorithms.
-Unless you wish to produce files compatible with MSIE 4.0 you should leave
-these options alone.
-
-To discourage attacks by using large dictionaries of common passwords the
-algorithm that derives keys from passwords can have an iteration count applied
-to it: this causes a certain part of the algorithm to be repeated and slows it
-down. The MAC is used to check the file integrity but since it will normally
-have the same password as the keys and certificates it could also be attacked.
-By default both MAC and encryption iteration counts are set to 2048, using
-these options the MAC and encryption iteration counts can be set to 1, since
-this reduces the file security you should not use these options unless you
-really have to. Most software supports both MAC and key iteration counts.
-MSIE 4.0 doesn't support MAC iteration counts so it needs the B<-nomaciter>
-option.
-
-=item B<-maciter>
-
-This option is included for compatibility with previous versions, it used
-to be needed to use MAC iterations counts but they are now used by default.
-
-=item B<-rand file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=back
-
-=head1 NOTES
-
-Although there are a large number of options most of them are very rarely
-used. For PKCS#12 file parsing only B<-in> and B<-out> need to be used
-for PKCS#12 file creation B<-export> and B<-name> are also used.
-
-If none of the B<-clcerts>, B<-cacerts> or B<-nocerts> options are present
-then all certificates will be output in the order they appear in the input
-PKCS#12 files. There is no guarantee that the first certificate present is
-the one corresponding to the private key. Certain software which requires
-a private key and certificate and assumes the first certificate in the
-file is the one corresponding to the private key: this may not always
-be the case. Using the B<-clcerts> option will solve this problem by only
-outputting the certificate corresponding to the private key. If the CA
-certificates are required then they can be output to a separate file using
-the B<-nokeys -cacerts> options to just output CA certificates.
-
-The B<-keypbe> and B<-certpbe> algorithms allow the precise encryption
-algorithms for private keys and certificates to be specified. Normally
-the defaults are fine but occasionally software can't handle triple DES
-encrypted private keys, then the option B<-keypbe PBE-SHA1-RC2-40> can
-be used to reduce the private key encryption to 40 bit RC2. A complete
-description of all algorithms is contained in the B<pkcs8> manual page.
-
-=head1 EXAMPLES
-
-Parse a PKCS#12 file and output it to a file:
-
- openssl pkcs12 -in file.p12 -out file.pem
-
-Output only client certificates to a file:
-
- openssl pkcs12 -in file.p12 -clcerts -out file.pem
-
-Don't encrypt the private key:
-
- openssl pkcs12 -in file.p12 -out file.pem -nodes
-
-Print some info about a PKCS#12 file:
-
- openssl pkcs12 -in file.p12 -info -noout
-
-Create a PKCS#12 file:
-
- openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate"
-
-Include some extra certificates:
-
- openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \
- -certfile othercerts.pem
-
-=head1 BUGS
-
-Some would argue that the PKCS#12 standard is one big bug :-)
-
-Versions of OpenSSL before 0.9.6a had a bug in the PKCS#12 key generation
-routines. Under rare circumstances this could produce a PKCS#12 file encrypted
-with an invalid key. As a result some PKCS#12 files which triggered this bug
-from other implementations (MSIE or Netscape) could not be decrypted
-by OpenSSL and similarly OpenSSL could produce PKCS#12 files which could
-not be decrypted by other implementations. The chances of producing such
-a file are relatively small: less than 1 in 256.
-
-A side effect of fixing this bug is that any old invalidly encrypted PKCS#12
-files cannot no longer be parsed by the fixed version. Under such circumstances
-the B<pkcs12> utility will report that the MAC is OK but fail with a decryption
-error when extracting private keys.
-
-This problem can be resolved by extracting the private keys and certificates
-from the PKCS#12 file using an older version of OpenSSL and recreating the PKCS#12
-file from the keys and certificates using a newer version of OpenSSL. For example:
-
- old-openssl -in bad.p12 -out keycerts.pem
- openssl -in keycerts.pem -export -name "My PKCS#12 file" -out fixed.p12
-
-=head1 SEE ALSO
-
-L<pkcs8(1)|pkcs8(1)>
-
diff --git a/crypto/openssl/doc/apps/pkcs7.pod b/crypto/openssl/doc/apps/pkcs7.pod
deleted file mode 100644
index a0a6363..0000000
--- a/crypto/openssl/doc/apps/pkcs7.pod
+++ /dev/null
@@ -1,105 +0,0 @@
-=pod
-
-=head1 NAME
-
-pkcs7 - PKCS#7 utility
-
-=head1 SYNOPSIS
-
-B<openssl> B<pkcs7>
-[B<-inform PEM|DER>]
-[B<-outform PEM|DER>]
-[B<-in filename>]
-[B<-out filename>]
-[B<-print_certs>]
-[B<-text>]
-[B<-noout>]
-[B<-engine id>]
-
-=head1 DESCRIPTION
-
-The B<pkcs7> command processes PKCS#7 files in DER or PEM format.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-inform DER|PEM>
-
-This specifies the input format. B<DER> format is DER encoded PKCS#7
-v1.5 structure.B<PEM> (the default) is a base64 encoded version of
-the DER form with header and footer lines.
-
-=item B<-outform DER|PEM>
-
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
-
-=item B<-in filename>
-
-This specifies the input filename to read from or standard input if this
-option is not specified.
-
-=item B<-out filename>
-
-specifies the output filename to write to or standard output by
-default.
-
-=item B<-print_certs>
-
-prints out any certificates or CRLs contained in the file. They are
-preceded by their subject and issuer names in one line format.
-
-=item B<-text>
-
-prints out certificates details in full rather than just subject and
-issuer names.
-
-=item B<-noout>
-
-don't output the encoded version of the PKCS#7 structure (or certificates
-is B<-print_certs> is set).
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<req>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=back
-
-=head1 EXAMPLES
-
-Convert a PKCS#7 file from PEM to DER:
-
- openssl pkcs7 -in file.pem -outform DER -out file.der
-
-Output all certificates in a file:
-
- openssl pkcs7 -in file.pem -print_certs -out certs.pem
-
-=head1 NOTES
-
-The PEM PKCS#7 format uses the header and footer lines:
-
- -----BEGIN PKCS7-----
- -----END PKCS7-----
-
-For compatibility with some CAs it will also accept:
-
- -----BEGIN CERTIFICATE-----
- -----END CERTIFICATE-----
-
-=head1 RESTRICTIONS
-
-There is no option to print out all the fields of a PKCS#7 file.
-
-This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they
-cannot currently parse, for example, the new CMS as described in RFC2630.
-
-=head1 SEE ALSO
-
-L<crl2pkcs7(1)|crl2pkcs7(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/pkcs8.pod b/crypto/openssl/doc/apps/pkcs8.pod
deleted file mode 100644
index 68ecd65..0000000
--- a/crypto/openssl/doc/apps/pkcs8.pod
+++ /dev/null
@@ -1,243 +0,0 @@
-=pod
-
-=head1 NAME
-
-pkcs8 - PKCS#8 format private key conversion tool
-
-=head1 SYNOPSIS
-
-B<openssl> B<pkcs8>
-[B<-topk8>]
-[B<-inform PEM|DER>]
-[B<-outform PEM|DER>]
-[B<-in filename>]
-[B<-passin arg>]
-[B<-out filename>]
-[B<-passout arg>]
-[B<-noiter>]
-[B<-nocrypt>]
-[B<-nooct>]
-[B<-embed>]
-[B<-nsdb>]
-[B<-v2 alg>]
-[B<-v1 alg>]
-[B<-engine id>]
-
-=head1 DESCRIPTION
-
-The B<pkcs8> command processes private keys in PKCS#8 format. It can handle
-both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo
-format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-topk8>
-
-Normally a PKCS#8 private key is expected on input and a traditional format
-private key will be written. With the B<-topk8> option the situation is
-reversed: it reads a traditional format private key and writes a PKCS#8
-format key.
-
-=item B<-inform DER|PEM>
-
-This specifies the input format. If a PKCS#8 format key is expected on input
-then either a B<DER> or B<PEM> encoded version of a PKCS#8 key will be
-expected. Otherwise the B<DER> or B<PEM> format of the traditional format
-private key is used.
-
-=item B<-outform DER|PEM>
-
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
-
-=item B<-in filename>
-
-This specifies the input filename to read a key from or standard input if this
-option is not specified. If the key is encrypted a pass phrase will be
-prompted for.
-
-=item B<-passin arg>
-
-the input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-out filename>
-
-This specifies the output filename to write a key to or standard output by
-default. If any encryption options are set then a pass phrase will be
-prompted for. The output filename should B<not> be the same as the input
-filename.
-
-=item B<-passout arg>
-
-the output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-nocrypt>
-
-PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
-structures using an appropriate password based encryption algorithm. With
-this option an unencrypted PrivateKeyInfo structure is expected or output.
-This option does not encrypt private keys at all and should only be used
-when absolutely necessary. Certain software such as some versions of Java
-code signing software used unencrypted private keys.
-
-=item B<-nooct>
-
-This option generates RSA private keys in a broken format that some software
-uses. Specifically the private key should be enclosed in a OCTET STRING
-but some software just includes the structure itself without the
-surrounding OCTET STRING.
-
-=item B<-embed>
-
-This option generates DSA keys in a broken format. The DSA parameters are
-embedded inside the PrivateKey structure. In this form the OCTET STRING
-contains an ASN1 SEQUENCE consisting of two structures: a SEQUENCE containing
-the parameters and an ASN1 INTEGER containing the private key.
-
-=item B<-nsdb>
-
-This option generates DSA keys in a broken format compatible with Netscape
-private key databases. The PrivateKey contains a SEQUENCE consisting of
-the public and private keys respectively.
-
-=item B<-v2 alg>
-
-This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8
-private keys are encrypted with the password based encryption algorithm
-called B<pbeWithMD5AndDES-CBC> this uses 56 bit DES encryption but it
-was the strongest encryption algorithm supported in PKCS#5 v1.5. Using
-the B<-v2> option PKCS#5 v2.0 algorithms are used which can use any
-encryption algorithm such as 168 bit triple DES or 128 bit RC2 however
-not many implementations support PKCS#5 v2.0 yet. If you are just using
-private keys with OpenSSL then this doesn't matter.
-
-The B<alg> argument is the encryption algorithm to use, valid values include
-B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used.
-
-=item B<-v1 alg>
-
-This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
-list of possible algorithms is included below.
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<req>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=back
-
-=head1 NOTES
-
-The encrypted form of a PEM encode PKCS#8 files uses the following
-headers and footers:
-
- -----BEGIN ENCRYPTED PRIVATE KEY-----
- -----END ENCRYPTED PRIVATE KEY-----
-
-The unencrypted form uses:
-
- -----BEGIN PRIVATE KEY-----
- -----END PRIVATE KEY-----
-
-Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
-counts are more secure that those encrypted using the traditional
-SSLeay compatible formats. So if additional security is considered
-important the keys should be converted.
-
-The default encryption is only 56 bits because this is the encryption
-that most current implementations of PKCS#8 will support.
-
-Some software may use PKCS#12 password based encryption algorithms
-with PKCS#8 format private keys: these are handled automatically
-but there is no option to produce them.
-
-It is possible to write out DER encoded encrypted private keys in
-PKCS#8 format because the encryption details are included at an ASN1
-level whereas the traditional format includes them at a PEM level.
-
-=head1 PKCS#5 v1.5 and PKCS#12 algorithms.
-
-Various algorithms can be used with the B<-v1> command line option,
-including PKCS#5 v1.5 and PKCS#12. These are described in more detail
-below.
-
-=over 4
-
-=item B<PBE-MD2-DES PBE-MD5-DES>
-
-These algorithms were included in the original PKCS#5 v1.5 specification.
-They only offer 56 bits of protection since they both use DES.
-
-=item B<PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES>
-
-These algorithms are not mentioned in the original PKCS#5 v1.5 specification
-but they use the same key derivation algorithm and are supported by some
-software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or
-56 bit DES.
-
-=item B<PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40>
-
-These algorithms use the PKCS#12 password based encryption algorithm and
-allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.
-
-=back
-
-=head1 EXAMPLES
-
-Convert a private from traditional to PKCS#5 v2.0 format using triple
-DES:
-
- openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
-
-Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
-(DES):
-
- openssl pkcs8 -in key.pem -topk8 -out enckey.pem
-
-Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
-(3DES):
-
- openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
-
-Read a DER unencrypted PKCS#8 format private key:
-
- openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
-
-Convert a private key from any PKCS#8 format to traditional format:
-
- openssl pkcs8 -in pk8.pem -out key.pem
-
-=head1 STANDARDS
-
-Test vectors from this PKCS#5 v2.0 implementation were posted to the
-pkcs-tng mailing list using triple DES, DES and RC2 with high iteration
-counts, several people confirmed that they could decrypt the private
-keys produced and Therefore it can be assumed that the PKCS#5 v2.0
-implementation is reasonably accurate at least as far as these
-algorithms are concerned.
-
-The format of PKCS#8 DSA (and other) private keys is not well documented:
-it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA
-PKCS#8 private key format complies with this standard.
-
-=head1 BUGS
-
-There should be an option that prints out the encryption algorithm
-in use and other details such as the iteration count.
-
-PKCS#8 using triple DES and PKCS#5 v2.0 should be the default private
-key format for OpenSSL: for compatibility several of the utilities use
-the old format at present.
-
-=head1 SEE ALSO
-
-L<dsa(1)|dsa(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)>,
-L<gendsa(1)|gendsa(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/rand.pod b/crypto/openssl/doc/apps/rand.pod
deleted file mode 100644
index 75745ca..0000000
--- a/crypto/openssl/doc/apps/rand.pod
+++ /dev/null
@@ -1,50 +0,0 @@
-=pod
-
-=head1 NAME
-
-rand - generate pseudo-random bytes
-
-=head1 SYNOPSIS
-
-B<openssl rand>
-[B<-out> I<file>]
-[B<-rand> I<file(s)>]
-[B<-base64>]
-I<num>
-
-=head1 DESCRIPTION
-
-The B<rand> command outputs I<num> pseudo-random bytes after seeding
-the random number generator once. As in other B<openssl> command
-line tools, PRNG seeding uses the file I<$HOME/>B<.rnd> or B<.rnd>
-in addition to the files given in the B<-rand> option. A new
-I<$HOME>/B<.rnd> or B<.rnd> file will be written back if enough
-seeding was obtained from these sources.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-out> I<file>
-
-Write to I<file> instead of standard output.
-
-=item B<-rand> I<file(s)>
-
-Use specified file or files or EGD socket (see L<RAND_egd(3)|RAND_egd(3)>)
-for seeding the random number generator.
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=item B<-base64>
-
-Perform base64 encoding on the output.
-
-=back
-
-=head1 SEE ALSO
-
-L<RAND_bytes(3)|RAND_bytes(3)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/req.pod b/crypto/openssl/doc/apps/req.pod
deleted file mode 100644
index 82b565c..0000000
--- a/crypto/openssl/doc/apps/req.pod
+++ /dev/null
@@ -1,611 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-req - PKCS#10 certificate request and certificate generating utility.
-
-=head1 SYNOPSIS
-
-B<openssl> B<req>
-[B<-inform PEM|DER>]
-[B<-outform PEM|DER>]
-[B<-in filename>]
-[B<-passin arg>]
-[B<-out filename>]
-[B<-passout arg>]
-[B<-text>]
-[B<-pubkey>]
-[B<-noout>]
-[B<-verify>]
-[B<-modulus>]
-[B<-new>]
-[B<-rand file(s)>]
-[B<-newkey rsa:bits>]
-[B<-newkey dsa:file>]
-[B<-nodes>]
-[B<-key filename>]
-[B<-keyform PEM|DER>]
-[B<-keyout filename>]
-[B<-[md5|sha1|md2|mdc2]>]
-[B<-config filename>]
-[B<-subj arg>]
-[B<-multivalue-rdn>]
-[B<-x509>]
-[B<-days n>]
-[B<-set_serial n>]
-[B<-asn1-kludge>]
-[B<-newhdr>]
-[B<-extensions section>]
-[B<-reqexts section>]
-[B<-utf8>]
-[B<-nameopt>]
-[B<-batch>]
-[B<-verbose>]
-[B<-engine id>]
-
-=head1 DESCRIPTION
-
-The B<req> command primarily creates and processes certificate requests
-in PKCS#10 format. It can additionally create self signed certificates
-for use as root CAs for example.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-inform DER|PEM>
-
-This specifies the input format. The B<DER> option uses an ASN1 DER encoded
-form compatible with the PKCS#10. The B<PEM> form is the default format: it
-consists of the B<DER> format base64 encoded with additional header and
-footer lines.
-
-=item B<-outform DER|PEM>
-
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
-
-=item B<-in filename>
-
-This specifies the input filename to read a request from or standard input
-if this option is not specified. A request is only read if the creation
-options (B<-new> and B<-newkey>) are not specified.
-
-=item B<-passin arg>
-
-the input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-out filename>
-
-This specifies the output filename to write to or standard output by
-default.
-
-=item B<-passout arg>
-
-the output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-text>
-
-prints out the certificate request in text form.
-
-=item B<-pubkey>
-
-outputs the public key.
-
-=item B<-noout>
-
-this option prevents output of the encoded version of the request.
-
-=item B<-modulus>
-
-this option prints out the value of the modulus of the public key
-contained in the request.
-
-=item B<-verify>
-
-verifies the signature on the request.
-
-=item B<-new>
-
-this option generates a new certificate request. It will prompt
-the user for the relevant field values. The actual fields
-prompted for and their maximum and minimum sizes are specified
-in the configuration file and any requested extensions.
-
-If the B<-key> option is not used it will generate a new RSA private
-key using information specified in the configuration file.
-
-=item B<-rand file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=item B<-newkey arg>
-
-this option creates a new certificate request and a new private
-key. The argument takes one of two forms. B<rsa:nbits>, where
-B<nbits> is the number of bits, generates an RSA key B<nbits>
-in size. B<dsa:filename> generates a DSA key using the parameters
-in the file B<filename>.
-
-=item B<-key filename>
-
-This specifies the file to read the private key from. It also
-accepts PKCS#8 format private keys for PEM format files.
-
-=item B<-keyform PEM|DER>
-
-the format of the private key file specified in the B<-key>
-argument. PEM is the default.
-
-=item B<-keyout filename>
-
-this gives the filename to write the newly created private key to.
-If this option is not specified then the filename present in the
-configuration file is used.
-
-=item B<-nodes>
-
-if this option is specified then if a private key is created it
-will not be encrypted.
-
-=item B<-[md5|sha1|md2|mdc2]>
-
-this specifies the message digest to sign the request with. This
-overrides the digest algorithm specified in the configuration file.
-This option is ignored for DSA requests: they always use SHA1.
-
-=item B<-config filename>
-
-this allows an alternative configuration file to be specified,
-this overrides the compile time filename or any specified in
-the B<OPENSSL_CONF> environment variable.
-
-=item B<-subj arg>
-
-sets subject name for new request or supersedes the subject name
-when processing a request.
-The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
-characters may be escaped by \ (backslash), no spaces are skipped.
-
-=item B<-multivalue-rdn>
-
-this option causes the -subj argument to be interpreted with full
-support for multivalued RDNs. Example:
-
-I</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
-
-If -multi-rdn is not used then the UID value is I<123456+CN=John Doe>.
-
-=item B<-x509>
-
-this option outputs a self signed certificate instead of a certificate
-request. This is typically used to generate a test certificate or
-a self signed root CA. The extensions added to the certificate
-(if any) are specified in the configuration file. Unless specified
-using the B<set_serial> option B<0> will be used for the serial
-number.
-
-=item B<-days n>
-
-when the B<-x509> option is being used this specifies the number of
-days to certify the certificate for. The default is 30 days.
-
-=item B<-set_serial n>
-
-serial number to use when outputting a self signed certificate. This
-may be specified as a decimal value or a hex value if preceded by B<0x>.
-It is possible to use negative serial numbers but this is not recommended.
-
-=item B<-extensions section>
-
-=item B<-reqexts section>
-
-these options specify alternative sections to include certificate
-extensions (if the B<-x509> option is present) or certificate
-request extensions. This allows several different sections to
-be used in the same configuration file to specify requests for
-a variety of purposes.
-
-=item B<-utf8>
-
-this option causes field values to be interpreted as UTF8 strings, by
-default they are interpreted as ASCII. This means that the field
-values, whether prompted from a terminal or obtained from a
-configuration file, must be valid UTF8 strings.
-
-=item B<-nameopt option>
-
-option which determines how the subject or issuer names are displayed. The
-B<option> argument can be a single option or multiple options separated by
-commas. Alternatively the B<-nameopt> switch may be used more than once to
-set multiple options. See the L<x509(1)|x509(1)> manual page for details.
-
-=item B<-asn1-kludge>
-
-by default the B<req> command outputs certificate requests containing
-no attributes in the correct PKCS#10 format. However certain CAs will only
-accept requests containing no attributes in an invalid form: this
-option produces this invalid format.
-
-More precisely the B<Attributes> in a PKCS#10 certificate request
-are defined as a B<SET OF Attribute>. They are B<not OPTIONAL> so
-if no attributes are present then they should be encoded as an
-empty B<SET OF>. The invalid form does not include the empty
-B<SET OF> whereas the correct form does.
-
-It should be noted that very few CAs still require the use of this option.
-
-=item B<-newhdr>
-
-Adds the word B<NEW> to the PEM file header and footer lines on the outputed
-request. Some software (Netscape certificate server) and some CAs need this.
-
-=item B<-batch>
-
-non-interactive mode.
-
-=item B<-verbose>
-
-print extra details about the operations being performed.
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<req>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=back
-
-=head1 CONFIGURATION FILE FORMAT
-
-The configuration options are specified in the B<req> section of
-the configuration file. As with all configuration files if no
-value is specified in the specific section (i.e. B<req>) then
-the initial unnamed or B<default> section is searched too.
-
-The options available are described in detail below.
-
-=over 4
-
-=item B<input_password output_password>
-
-The passwords for the input private key file (if present) and
-the output private key file (if one will be created). The
-command line options B<passin> and B<passout> override the
-configuration file values.
-
-=item B<default_bits>
-
-This specifies the default key size in bits. If not specified then
-512 is used. It is used if the B<-new> option is used. It can be
-overridden by using the B<-newkey> option.
-
-=item B<default_keyfile>
-
-This is the default filename to write a private key to. If not
-specified the key is written to standard output. This can be
-overridden by the B<-keyout> option.
-
-=item B<oid_file>
-
-This specifies a file containing additional B<OBJECT IDENTIFIERS>.
-Each line of the file should consist of the numerical form of the
-object identifier followed by white space then the short name followed
-by white space and finally the long name.
-
-=item B<oid_section>
-
-This specifies a section in the configuration file containing extra
-object identifiers. Each line should consist of the short name of the
-object identifier followed by B<=> and the numerical form. The short
-and long names are the same when this option is used.
-
-=item B<RANDFILE>
-
-This specifies a filename in which random number seed information is
-placed and read from, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-It is used for private key generation.
-
-=item B<encrypt_key>
-
-If this is set to B<no> then if a private key is generated it is
-B<not> encrypted. This is equivalent to the B<-nodes> command line
-option. For compatibility B<encrypt_rsa_key> is an equivalent option.
-
-=item B<default_md>
-
-This option specifies the digest algorithm to use. Possible values
-include B<md5 sha1 mdc2>. If not present then MD5 is used. This
-option can be overridden on the command line.
-
-=item B<string_mask>
-
-This option masks out the use of certain string types in certain
-fields. Most users will not need to change this option.
-
-It can be set to several values B<default> which is also the default
-option uses PrintableStrings, T61Strings and BMPStrings if the
-B<pkix> value is used then only PrintableStrings and BMPStrings will
-be used. This follows the PKIX recommendation in RFC2459. If the
-B<utf8only> option is used then only UTF8Strings will be used: this
-is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr>
-option just uses PrintableStrings and T61Strings: certain software has
-problems with BMPStrings and UTF8Strings: in particular Netscape.
-
-=item B<req_extensions>
-
-this specifies the configuration file section containing a list of
-extensions to add to the certificate request. It can be overridden
-by the B<-reqexts> command line switch.
-
-=item B<x509_extensions>
-
-this specifies the configuration file section containing a list of
-extensions to add to certificate generated when the B<-x509> switch
-is used. It can be overridden by the B<-extensions> command line switch.
-
-=item B<prompt>
-
-if set to the value B<no> this disables prompting of certificate fields
-and just takes values from the config file directly. It also changes the
-expected format of the B<distinguished_name> and B<attributes> sections.
-
-=item B<utf8>
-
-if set to the value B<yes> then field values to be interpreted as UTF8
-strings, by default they are interpreted as ASCII. This means that
-the field values, whether prompted from a terminal or obtained from a
-configuration file, must be valid UTF8 strings.
-
-=item B<attributes>
-
-this specifies the section containing any request attributes: its format
-is the same as B<distinguished_name>. Typically these may contain the
-challengePassword or unstructuredName types. They are currently ignored
-by OpenSSL's request signing utilities but some CAs might want them.
-
-=item B<distinguished_name>
-
-This specifies the section containing the distinguished name fields to
-prompt for when generating a certificate or certificate request. The format
-is described in the next section.
-
-=back
-
-=head1 DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT
-
-There are two separate formats for the distinguished name and attribute
-sections. If the B<prompt> option is set to B<no> then these sections
-just consist of field names and values: for example,
-
- CN=My Name
- OU=My Organization
- emailAddress=someone@somewhere.org
-
-This allows external programs (e.g. GUI based) to generate a template file
-with all the field names and values and just pass it to B<req>. An example
-of this kind of configuration file is contained in the B<EXAMPLES> section.
-
-Alternatively if the B<prompt> option is absent or not set to B<no> then the
-file contains field prompting information. It consists of lines of the form:
-
- fieldName="prompt"
- fieldName_default="default field value"
- fieldName_min= 2
- fieldName_max= 4
-
-"fieldName" is the field name being used, for example commonName (or CN).
-The "prompt" string is used to ask the user to enter the relevant
-details. If the user enters nothing then the default value is used if no
-default value is present then the field is omitted. A field can
-still be omitted if a default value is present if the user just
-enters the '.' character.
-
-The number of characters entered must be between the fieldName_min and
-fieldName_max limits: there may be additional restrictions based
-on the field being used (for example countryName can only ever be
-two characters long and must fit in a PrintableString).
-
-Some fields (such as organizationName) can be used more than once
-in a DN. This presents a problem because configuration files will
-not recognize the same name occurring twice. To avoid this problem
-if the fieldName contains some characters followed by a full stop
-they will be ignored. So for example a second organizationName can
-be input by calling it "1.organizationName".
-
-The actual permitted field names are any object identifier short or
-long names. These are compiled into OpenSSL and include the usual
-values such as commonName, countryName, localityName, organizationName,
-organizationUnitName, stateOrProvinceName. Additionally emailAddress
-is include as well as name, surname, givenName initials and dnQualifier.
-
-Additional object identifiers can be defined with the B<oid_file> or
-B<oid_section> options in the configuration file. Any additional fields
-will be treated as though they were a DirectoryString.
-
-
-=head1 EXAMPLES
-
-Examine and verify certificate request:
-
- openssl req -in req.pem -text -verify -noout
-
-Create a private key and then generate a certificate request from it:
-
- openssl genrsa -out key.pem 1024
- openssl req -new -key key.pem -out req.pem
-
-The same but just using req:
-
- openssl req -newkey rsa:1024 -keyout key.pem -out req.pem
-
-Generate a self signed root certificate:
-
- openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem
-
-Example of a file pointed to by the B<oid_file> option:
-
- 1.2.3.4 shortName A longer Name
- 1.2.3.6 otherName Other longer Name
-
-Example of a section pointed to by B<oid_section> making use of variable
-expansion:
-
- testoid1=1.2.3.5
- testoid2=${testoid1}.6
-
-Sample configuration file prompting for field values:
-
- [ req ]
- default_bits = 1024
- default_keyfile = privkey.pem
- distinguished_name = req_distinguished_name
- attributes = req_attributes
- x509_extensions = v3_ca
-
- dirstring_type = nobmp
-
- [ req_distinguished_name ]
- countryName = Country Name (2 letter code)
- countryName_default = AU
- countryName_min = 2
- countryName_max = 2
-
- localityName = Locality Name (eg, city)
-
- organizationalUnitName = Organizational Unit Name (eg, section)
-
- commonName = Common Name (eg, YOUR name)
- commonName_max = 64
-
- emailAddress = Email Address
- emailAddress_max = 40
-
- [ req_attributes ]
- challengePassword = A challenge password
- challengePassword_min = 4
- challengePassword_max = 20
-
- [ v3_ca ]
-
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid:always,issuer:always
- basicConstraints = CA:true
-
-Sample configuration containing all field values:
-
-
- RANDFILE = $ENV::HOME/.rnd
-
- [ req ]
- default_bits = 1024
- default_keyfile = keyfile.pem
- distinguished_name = req_distinguished_name
- attributes = req_attributes
- prompt = no
- output_password = mypass
-
- [ req_distinguished_name ]
- C = GB
- ST = Test State or Province
- L = Test Locality
- O = Organization Name
- OU = Organizational Unit Name
- CN = Common Name
- emailAddress = test@email.address
-
- [ req_attributes ]
- challengePassword = A challenge password
-
-
-=head1 NOTES
-
-The header and footer lines in the B<PEM> format are normally:
-
- -----BEGIN CERTIFICATE REQUEST-----
- -----END CERTIFICATE REQUEST-----
-
-some software (some versions of Netscape certificate server) instead needs:
-
- -----BEGIN NEW CERTIFICATE REQUEST-----
- -----END NEW CERTIFICATE REQUEST-----
-
-which is produced with the B<-newhdr> option but is otherwise compatible.
-Either form is accepted transparently on input.
-
-The certificate requests generated by B<Xenroll> with MSIE have extensions
-added. It includes the B<keyUsage> extension which determines the type of
-key (signature only or general purpose) and any additional OIDs entered
-by the script in an extendedKeyUsage extension.
-
-=head1 DIAGNOSTICS
-
-The following messages are frequently asked about:
-
- Using configuration from /some/path/openssl.cnf
- Unable to load config info
-
-This is followed some time later by...
-
- unable to find 'distinguished_name' in config
- problems making Certificate Request
-
-The first error message is the clue: it can't find the configuration
-file! Certain operations (like examining a certificate request) don't
-need a configuration file so its use isn't enforced. Generation of
-certificates or requests however does need a configuration file. This
-could be regarded as a bug.
-
-Another puzzling message is this:
-
- Attributes:
- a0:00
-
-this is displayed when no attributes are present and the request includes
-the correct empty B<SET OF> structure (the DER encoding of which is 0xa0
-0x00). If you just see:
-
- Attributes:
-
-then the B<SET OF> is missing and the encoding is technically invalid (but
-it is tolerated). See the description of the command line option B<-asn1-kludge>
-for more information.
-
-=head1 ENVIRONMENT VARIABLES
-
-The variable B<OPENSSL_CONF> if defined allows an alternative configuration
-file location to be specified, it will be overridden by the B<-config> command
-line switch if it is present. For compatibility reasons the B<SSLEAY_CONF>
-environment variable serves the same purpose but its use is discouraged.
-
-=head1 BUGS
-
-OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
-treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour.
-This can cause problems if you need characters that aren't available in
-PrintableStrings and you don't want to or can't use BMPStrings.
-
-As a consequence of the T61String handling the only correct way to represent
-accented characters in OpenSSL is to use a BMPString: unfortunately Netscape
-currently chokes on these. If you have to use accented characters with Netscape
-and MSIE then you currently need to use the invalid T61String form.
-
-The current prompting is not very friendly. It doesn't allow you to confirm what
-you've just entered. Other things like extensions in certificate requests are
-statically defined in the configuration file. Some of these: like an email
-address in subjectAltName should be input by the user.
-
-=head1 SEE ALSO
-
-L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>,
-L<gendsa(1)|gendsa(1)>, L<config(5)|config(5)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/rsa.pod b/crypto/openssl/doc/apps/rsa.pod
deleted file mode 100644
index 4d76409..0000000
--- a/crypto/openssl/doc/apps/rsa.pod
+++ /dev/null
@@ -1,189 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-rsa - RSA key processing tool
-
-=head1 SYNOPSIS
-
-B<openssl> B<rsa>
-[B<-inform PEM|NET|DER>]
-[B<-outform PEM|NET|DER>]
-[B<-in filename>]
-[B<-passin arg>]
-[B<-out filename>]
-[B<-passout arg>]
-[B<-sgckey>]
-[B<-des>]
-[B<-des3>]
-[B<-idea>]
-[B<-text>]
-[B<-noout>]
-[B<-modulus>]
-[B<-check>]
-[B<-pubin>]
-[B<-pubout>]
-[B<-engine id>]
-
-=head1 DESCRIPTION
-
-The B<rsa> command processes RSA keys. They can be converted between various
-forms and their components printed out. B<Note> this command uses the
-traditional SSLeay compatible format for private key encryption: newer
-applications should use the more secure PKCS#8 format using the B<pkcs8>
-utility.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-inform DER|NET|PEM>
-
-This specifies the input format. The B<DER> option uses an ASN1 DER encoded
-form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format.
-The B<PEM> form is the default format: it consists of the B<DER> format base64
-encoded with additional header and footer lines. On input PKCS#8 format private
-keys are also accepted. The B<NET> form is a format is described in the B<NOTES>
-section.
-
-=item B<-outform DER|NET|PEM>
-
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
-
-=item B<-in filename>
-
-This specifies the input filename to read a key from or standard input if this
-option is not specified. If the key is encrypted a pass phrase will be
-prompted for.
-
-=item B<-passin arg>
-
-the input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-out filename>
-
-This specifies the output filename to write a key to or standard output if this
-option is not specified. If any encryption options are set then a pass phrase
-will be prompted for. The output filename should B<not> be the same as the input
-filename.
-
-=item B<-passout password>
-
-the output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-sgckey>
-
-use the modified NET algorithm used with some versions of Microsoft IIS and SGC
-keys.
-
-=item B<-des|-des3|-idea>
-
-These options encrypt the private key with the DES, triple DES, or the
-IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
-If none of these options is specified the key is written in plain text. This
-means that using the B<rsa> utility to read in an encrypted key with no
-encryption option can be used to remove the pass phrase from a key, or by
-setting the encryption options it can be use to add or change the pass phrase.
-These options can only be used with PEM format output files.
-
-=item B<-text>
-
-prints out the various public or private key components in
-plain text in addition to the encoded version.
-
-=item B<-noout>
-
-this option prevents output of the encoded version of the key.
-
-=item B<-modulus>
-
-this option prints out the value of the modulus of the key.
-
-=item B<-check>
-
-this option checks the consistency of an RSA private key.
-
-=item B<-pubin>
-
-by default a private key is read from the input file: with this
-option a public key is read instead.
-
-=item B<-pubout>
-
-by default a private key is output: with this option a public
-key will be output instead. This option is automatically set if
-the input is a public key.
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<req>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=back
-
-=head1 NOTES
-
-The PEM private key format uses the header and footer lines:
-
- -----BEGIN RSA PRIVATE KEY-----
- -----END RSA PRIVATE KEY-----
-
-The PEM public key format uses the header and footer lines:
-
- -----BEGIN PUBLIC KEY-----
- -----END PUBLIC KEY-----
-
-The B<NET> form is a format compatible with older Netscape servers
-and Microsoft IIS .key files, this uses unsalted RC4 for its encryption.
-It is not very secure and so should only be used when necessary.
-
-Some newer version of IIS have additional data in the exported .key
-files. To use these with the utility, view the file with a binary editor
-and look for the string "private-key", then trace back to the byte
-sequence 0x30, 0x82 (this is an ASN1 SEQUENCE). Copy all the data
-from this point onwards to another file and use that as the input
-to the B<rsa> utility with the B<-inform NET> option. If you get
-an error after entering the password try the B<-sgckey> option.
-
-=head1 EXAMPLES
-
-To remove the pass phrase on an RSA private key:
-
- openssl rsa -in key.pem -out keyout.pem
-
-To encrypt a private key using triple DES:
-
- openssl rsa -in key.pem -des3 -out keyout.pem
-
-To convert a private key from PEM to DER format:
-
- openssl rsa -in key.pem -outform DER -out keyout.der
-
-To print out the components of a private key to standard output:
-
- openssl rsa -in key.pem -text -noout
-
-To just output the public part of a private key:
-
- openssl rsa -in key.pem -pubout -out pubkey.pem
-
-=head1 BUGS
-
-The command line password arguments don't currently work with
-B<NET> format.
-
-There should be an option that automatically handles .key files,
-without having to manually edit them.
-
-=head1 SEE ALSO
-
-L<pkcs8(1)|pkcs8(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>,
-L<gendsa(1)|gendsa(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/rsautl.pod b/crypto/openssl/doc/apps/rsautl.pod
deleted file mode 100644
index a7c1681..0000000
--- a/crypto/openssl/doc/apps/rsautl.pod
+++ /dev/null
@@ -1,183 +0,0 @@
-=pod
-
-=head1 NAME
-
-rsautl - RSA utility
-
-=head1 SYNOPSIS
-
-B<openssl> B<rsautl>
-[B<-in file>]
-[B<-out file>]
-[B<-inkey file>]
-[B<-pubin>]
-[B<-certin>]
-[B<-sign>]
-[B<-verify>]
-[B<-encrypt>]
-[B<-decrypt>]
-[B<-pkcs>]
-[B<-ssl>]
-[B<-raw>]
-[B<-hexdump>]
-[B<-asn1parse>]
-
-=head1 DESCRIPTION
-
-The B<rsautl> command can be used to sign, verify, encrypt and decrypt
-data using the RSA algorithm.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-in filename>
-
-This specifies the input filename to read data from or standard input
-if this option is not specified.
-
-=item B<-out filename>
-
-specifies the output filename to write to or standard output by
-default.
-
-=item B<-inkey file>
-
-the input key file, by default it should be an RSA private key.
-
-=item B<-pubin>
-
-the input file is an RSA public key.
-
-=item B<-certin>
-
-the input is a certificate containing an RSA public key.
-
-=item B<-sign>
-
-sign the input data and output the signed result. This requires
-and RSA private key.
-
-=item B<-verify>
-
-verify the input data and output the recovered data.
-
-=item B<-encrypt>
-
-encrypt the input data using an RSA public key.
-
-=item B<-decrypt>
-
-decrypt the input data using an RSA private key.
-
-=item B<-pkcs, -oaep, -ssl, -raw>
-
-the padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
-special padding used in SSL v2 backwards compatible handshakes,
-or no padding, respectively.
-For signatures, only B<-pkcs> and B<-raw> can be used.
-
-=item B<-hexdump>
-
-hex dump the output data.
-
-=item B<-asn1parse>
-
-asn1parse the output data, this is useful when combined with the
-B<-verify> option.
-
-=back
-
-=head1 NOTES
-
-B<rsautl> because it uses the RSA algorithm directly can only be
-used to sign or verify small pieces of data.
-
-=head1 EXAMPLES
-
-Sign some data using a private key:
-
- openssl rsautl -sign -in file -inkey key.pem -out sig
-
-Recover the signed data
-
- openssl rsautl -verify -in sig -inkey key.pem
-
-Examine the raw signed data:
-
- openssl rsautl -verify -in file -inkey key.pem -raw -hexdump
-
- 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
- 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
- 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
- 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
- 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
- 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
- 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
- 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world
-
-The PKCS#1 block formatting is evident from this. If this was done using
-encrypt and decrypt the block would have been of type 2 (the second byte)
-and random padding data visible instead of the 0xff bytes.
-
-It is possible to analyse the signature of certificates using this
-utility in conjunction with B<asn1parse>. Consider the self signed
-example in certs/pca-cert.pem . Running B<asn1parse> as follows yields:
-
- openssl asn1parse -in pca-cert.pem
-
- 0:d=0 hl=4 l= 742 cons: SEQUENCE
- 4:d=1 hl=4 l= 591 cons: SEQUENCE
- 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
- 10:d=3 hl=2 l= 1 prim: INTEGER :02
- 13:d=2 hl=2 l= 1 prim: INTEGER :00
- 16:d=2 hl=2 l= 13 cons: SEQUENCE
- 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
- 29:d=3 hl=2 l= 0 prim: NULL
- 31:d=2 hl=2 l= 92 cons: SEQUENCE
- 33:d=3 hl=2 l= 11 cons: SET
- 35:d=4 hl=2 l= 9 cons: SEQUENCE
- 37:d=5 hl=2 l= 3 prim: OBJECT :countryName
- 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
- ....
- 599:d=1 hl=2 l= 13 cons: SEQUENCE
- 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
- 612:d=2 hl=2 l= 0 prim: NULL
- 614:d=1 hl=3 l= 129 prim: BIT STRING
-
-
-The final BIT STRING contains the actual signature. It can be extracted with:
-
- openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
-
-The certificate public key can be extracted with:
-
- openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem
-
-The signature can be analysed with:
-
- openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
-
- 0:d=0 hl=2 l= 32 cons: SEQUENCE
- 2:d=1 hl=2 l= 12 cons: SEQUENCE
- 4:d=2 hl=2 l= 8 prim: OBJECT :md5
- 14:d=2 hl=2 l= 0 prim: NULL
- 16:d=1 hl=2 l= 16 prim: OCTET STRING
- 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
-
-This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
-the digest used was md5. The actual part of the certificate that was signed can
-be extracted with:
-
- openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
-
-and its digest computed with:
-
- openssl md5 -c tbs
- MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
-
-which it can be seen agrees with the recovered value above.
-
-=head1 SEE ALSO
-
-L<dgst(1)|dgst(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)>
diff --git a/crypto/openssl/doc/apps/s_client.pod b/crypto/openssl/doc/apps/s_client.pod
deleted file mode 100644
index c17a83a..0000000
--- a/crypto/openssl/doc/apps/s_client.pod
+++ /dev/null
@@ -1,266 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-s_client - SSL/TLS client program
-
-=head1 SYNOPSIS
-
-B<openssl> B<s_client>
-[B<-connect host:port>]
-[B<-verify depth>]
-[B<-cert filename>]
-[B<-certform DER|PEM>]
-[B<-key filename>]
-[B<-keyform DER|PEM>]
-[B<-pass arg>]
-[B<-CApath directory>]
-[B<-CAfile filename>]
-[B<-reconnect>]
-[B<-pause>]
-[B<-showcerts>]
-[B<-debug>]
-[B<-msg>]
-[B<-nbio_test>]
-[B<-state>]
-[B<-nbio>]
-[B<-crlf>]
-[B<-ign_eof>]
-[B<-quiet>]
-[B<-ssl2>]
-[B<-ssl3>]
-[B<-tls1>]
-[B<-no_ssl2>]
-[B<-no_ssl3>]
-[B<-no_tls1>]
-[B<-bugs>]
-[B<-cipher cipherlist>]
-[B<-starttls protocol>]
-[B<-engine id>]
-[B<-rand file(s)>]
-
-=head1 DESCRIPTION
-
-The B<s_client> command implements a generic SSL/TLS client which connects
-to a remote host using SSL/TLS. It is a I<very> useful diagnostic tool for
-SSL servers.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-connect host:port>
-
-This specifies the host and optional port to connect to. If not specified
-then an attempt is made to connect to the local host on port 4433.
-
-=item B<-cert certname>
-
-The certificate to use, if one is requested by the server. The default is
-not to use a certificate.
-
-=item B<-certform format>
-
-The certificate format to use: DER or PEM. PEM is the default.
-
-=item B<-key keyfile>
-
-The private key to use. If not specified then the certificate file will
-be used.
-
-=item B<-keyform format>
-
-The private format to use: DER or PEM. PEM is the default.
-
-=item B<-pass arg>
-
-the private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-verify depth>
-
-The verify depth to use. This specifies the maximum length of the
-server certificate chain and turns on server certificate verification.
-Currently the verify operation continues after errors so all the problems
-with a certificate chain can be seen. As a side effect the connection
-will never fail due to a server certificate verify failure.
-
-=item B<-CApath directory>
-
-The directory to use for server certificate verification. This directory
-must be in "hash format", see B<verify> for more information. These are
-also used when building the client certificate chain.
-
-=item B<-CAfile file>
-
-A file containing trusted certificates to use during server authentication
-and to use when attempting to build the client certificate chain.
-
-=item B<-reconnect>
-
-reconnects to the same server 5 times using the same session ID, this can
-be used as a test that session caching is working.
-
-=item B<-pause>
-
-pauses 1 second between each read and write call.
-
-=item B<-showcerts>
-
-display the whole server certificate chain: normally only the server
-certificate itself is displayed.
-
-=item B<-prexit>
-
-print session information when the program exits. This will always attempt
-to print out information even if the connection fails. Normally information
-will only be printed out once if the connection succeeds. This option is useful
-because the cipher in use may be renegotiated or the connection may fail
-because a client certificate is required or is requested only after an
-attempt is made to access a certain URL. Note: the output produced by this
-option is not always accurate because a connection might never have been
-established.
-
-=item B<-state>
-
-prints out the SSL session states.
-
-=item B<-debug>
-
-print extensive debugging information including a hex dump of all traffic.
-
-=item B<-msg>
-
-show all protocol messages with hex dump.
-
-=item B<-nbio_test>
-
-tests non-blocking I/O
-
-=item B<-nbio>
-
-turns on non-blocking I/O
-
-=item B<-crlf>
-
-this option translated a line feed from the terminal into CR+LF as required
-by some servers.
-
-=item B<-ign_eof>
-
-inhibit shutting down the connection when end of file is reached in the
-input.
-
-=item B<-quiet>
-
-inhibit printing of session and certificate information. This implicitly
-turns on B<-ign_eof> as well.
-
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
-
-these options disable the use of certain SSL or TLS protocols. By default
-the initial handshake uses a method which should be compatible with all
-servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
-
-Unfortunately there are a lot of ancient and broken servers in use which
-cannot handle this technique and will fail to connect. Some servers only
-work if TLS is turned off with the B<-no_tls> option others will only
-support SSL v2 and may need the B<-ssl2> option.
-
-=item B<-bugs>
-
-there are several known bug in SSL and TLS implementations. Adding this
-option enables various workarounds.
-
-=item B<-cipher cipherlist>
-
-this allows the cipher list sent by the client to be modified. Although
-the server determines which cipher suite is used it should take the first
-supported cipher in the list sent by the client. See the B<ciphers>
-command for more information.
-
-=item B<-starttls protocol>
-
-send the protocol-specific message(s) to switch to TLS for communication.
-B<protocol> is a keyword for the intended protocol. Currently, the only
-supported keywords are "smtp", "pop3", "imap", and "ftp".
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<s_client>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=item B<-rand file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=back
-
-=head1 CONNECTED COMMANDS
-
-If a connection is established with an SSL server then any data received
-from the server is displayed and any key presses will be sent to the
-server. When used interactively (which means neither B<-quiet> nor B<-ign_eof>
-have been given), the session will be renegotiated if the line begins with an
-B<R>, and if the line begins with a B<Q> or if end of file is reached, the
-connection will be closed down.
-
-=head1 NOTES
-
-B<s_client> can be used to debug SSL servers. To connect to an SSL HTTP
-server the command:
-
- openssl s_client -connect servername:443
-
-would typically be used (https uses port 443). If the connection succeeds
-then an HTTP command can be given such as "GET /" to retrieve a web page.
-
-If the handshake fails then there are several possible causes, if it is
-nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
-B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried
-in case it is a buggy server. In particular you should play with these
-options B<before> submitting a bug report to an OpenSSL mailing list.
-
-A frequent problem when attempting to get client certificates working
-is that a web client complains it has no certificates or gives an empty
-list to choose from. This is normally because the server is not sending
-the clients certificate authority in its "acceptable CA list" when it
-requests a certificate. By using B<s_client> the CA list can be viewed
-and checked. However some servers only request client authentication
-after a specific URL is requested. To obtain the list in this case it
-is necessary to use the B<-prexit> option and send an HTTP request
-for an appropriate page.
-
-If a certificate is specified on the command line using the B<-cert>
-option it will not be used unless the server specifically requests
-a client certificate. Therefor merely including a client certificate
-on the command line is no guarantee that the certificate works.
-
-If there are problems verifying a server certificate then the
-B<-showcerts> option can be used to show the whole chain.
-
-=head1 BUGS
-
-Because this program has a lot of options and also because some of
-the techniques used are rather old, the C source of s_client is rather
-hard to read and not a model of how things should be done. A typical
-SSL client program would be much simpler.
-
-The B<-verify> option should really exit if the server verification
-fails.
-
-The B<-prexit> option is a bit of a hack. We should really report
-information whenever a session is renegotiated.
-
-=head1 SEE ALSO
-
-L<sess_id(1)|sess_id(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/s_server.pod b/crypto/openssl/doc/apps/s_server.pod
deleted file mode 100644
index 7c1a958..0000000
--- a/crypto/openssl/doc/apps/s_server.pod
+++ /dev/null
@@ -1,327 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-s_server - SSL/TLS server program
-
-=head1 SYNOPSIS
-
-B<openssl> B<s_server>
-[B<-accept port>]
-[B<-context id>]
-[B<-verify depth>]
-[B<-Verify depth>]
-[B<-cert filename>]
-[B<-certform DER|PEM>]
-[B<-key keyfile>]
-[B<-keyform DER|PEM>]
-[B<-pass arg>]
-[B<-dcert filename>]
-[B<-dcertform DER|PEM>]
-[B<-dkey keyfile>]
-[B<-dkeyform DER|PEM>]
-[B<-dpass arg>]
-[B<-dhparam filename>]
-[B<-nbio>]
-[B<-nbio_test>]
-[B<-crlf>]
-[B<-debug>]
-[B<-msg>]
-[B<-state>]
-[B<-CApath directory>]
-[B<-CAfile filename>]
-[B<-nocert>]
-[B<-cipher cipherlist>]
-[B<-quiet>]
-[B<-no_tmp_rsa>]
-[B<-ssl2>]
-[B<-ssl3>]
-[B<-tls1>]
-[B<-no_ssl2>]
-[B<-no_ssl3>]
-[B<-no_tls1>]
-[B<-no_dhe>]
-[B<-bugs>]
-[B<-hack>]
-[B<-www>]
-[B<-WWW>]
-[B<-HTTP>]
-[B<-engine id>]
-[B<-id_prefix arg>]
-[B<-rand file(s)>]
-
-=head1 DESCRIPTION
-
-The B<s_server> command implements a generic SSL/TLS server which listens
-for connections on a given port using SSL/TLS.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-accept port>
-
-the TCP port to listen on for connections. If not specified 4433 is used.
-
-=item B<-context id>
-
-sets the SSL context id. It can be given any string value. If this option
-is not present a default value will be used.
-
-=item B<-cert certname>
-
-The certificate to use, most servers cipher suites require the use of a
-certificate and some require a certificate with a certain public key type:
-for example the DSS cipher suites require a certificate containing a DSS
-(DSA) key. If not specified then the filename "server.pem" will be used.
-
-=item B<-certform format>
-
-The certificate format to use: DER or PEM. PEM is the default.
-
-=item B<-key keyfile>
-
-The private key to use. If not specified then the certificate file will
-be used.
-
-=item B<-keyform format>
-
-The private format to use: DER or PEM. PEM is the default.
-
-=item B<-pass arg>
-
-the private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-dcert filename>, B<-dkey keyname>
-
-specify an additional certificate and private key, these behave in the
-same manner as the B<-cert> and B<-key> options except there is no default
-if they are not specified (no additional certificate and key is used). As
-noted above some cipher suites require a certificate containing a key of
-a certain type. Some cipher suites need a certificate carrying an RSA key
-and some a DSS (DSA) key. By using RSA and DSS certificates and keys
-a server can support clients which only support RSA or DSS cipher suites
-by using an appropriate certificate.
-
-=item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
-
-addtional certificate and private key format and passphrase respectively.
-
-=item B<-nocert>
-
-if this option is set then no certificate is used. This restricts the
-cipher suites available to the anonymous ones (currently just anonymous
-DH).
-
-=item B<-dhparam filename>
-
-the DH parameter file to use. The ephemeral DH cipher suites generate keys
-using a set of DH parameters. If not specified then an attempt is made to
-load the parameters from the server certificate file. If this fails then
-a static set of parameters hard coded into the s_server program will be used.
-
-=item B<-no_dhe>
-
-if this option is set then no DH parameters will be loaded effectively
-disabling the ephemeral DH cipher suites.
-
-=item B<-no_tmp_rsa>
-
-certain export cipher suites sometimes use a temporary RSA key, this option
-disables temporary RSA key generation.
-
-=item B<-verify depth>, B<-Verify depth>
-
-The verify depth to use. This specifies the maximum length of the
-client certificate chain and makes the server request a certificate from
-the client. With the B<-verify> option a certificate is requested but the
-client does not have to send one, with the B<-Verify> option the client
-must supply a certificate or an error occurs.
-
-=item B<-CApath directory>
-
-The directory to use for client certificate verification. This directory
-must be in "hash format", see B<verify> for more information. These are
-also used when building the server certificate chain.
-
-=item B<-CAfile file>
-
-A file containing trusted certificates to use during client authentication
-and to use when attempting to build the server certificate chain. The list
-is also used in the list of acceptable client CAs passed to the client when
-a certificate is requested.
-
-=item B<-state>
-
-prints out the SSL session states.
-
-=item B<-debug>
-
-print extensive debugging information including a hex dump of all traffic.
-
-=item B<-msg>
-
-show all protocol messages with hex dump.
-
-=item B<-nbio_test>
-
-tests non blocking I/O
-
-=item B<-nbio>
-
-turns on non blocking I/O
-
-=item B<-crlf>
-
-this option translated a line feed from the terminal into CR+LF.
-
-=item B<-quiet>
-
-inhibit printing of session and certificate information.
-
-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
-
-these options disable the use of certain SSL or TLS protocols. By default
-the initial handshake uses a method which should be compatible with all
-servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
-
-=item B<-bugs>
-
-there are several known bug in SSL and TLS implementations. Adding this
-option enables various workarounds.
-
-=item B<-hack>
-
-this option enables a further workaround for some some early Netscape
-SSL code (?).
-
-=item B<-cipher cipherlist>
-
-this allows the cipher list used by the server to be modified. When
-the client sends a list of supported ciphers the first client cipher
-also included in the server list is used. Because the client specifies
-the preference order, the order of the server cipherlist irrelevant. See
-the B<ciphers> command for more information.
-
-=item B<-www>
-
-sends a status message back to the client when it connects. This includes
-lots of information about the ciphers used and various session parameters.
-The output is in HTML format so this option will normally be used with a
-web browser.
-
-=item B<-WWW>
-
-emulates a simple web server. Pages will be resolved relative to the
-current directory, for example if the URL https://myhost/page.html is
-requested the file ./page.html will be loaded.
-
-=item B<-HTTP>
-
-emulates a simple web server. Pages will be resolved relative to the
-current directory, for example if the URL https://myhost/page.html is
-requested the file ./page.html will be loaded. The files loaded are
-assumed to contain a complete and correct HTTP response (lines that
-are part of the HTTP response line and headers must end with CRLF).
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<s_server>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=item B<-id_prefix arg>
-
-generate SSL/TLS session IDs prefixed by B<arg>. This is mostly useful
-for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple
-servers, when each of which might be generating a unique range of session
-IDs (eg. with a certain prefix).
-
-=item B<-rand file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=back
-
-=head1 CONNECTED COMMANDS
-
-If a connection request is established with an SSL client and neither the
-B<-www> nor the B<-WWW> option has been used then normally any data received
-from the client is displayed and any key presses will be sent to the client.
-
-Certain single letter commands are also recognized which perform special
-operations: these are listed below.
-
-=over 4
-
-=item B<q>
-
-end the current SSL connection but still accept new connections.
-
-=item B<Q>
-
-end the current SSL connection and exit.
-
-=item B<r>
-
-renegotiate the SSL session.
-
-=item B<R>
-
-renegotiate the SSL session and request a client certificate.
-
-=item B<P>
-
-send some plain text down the underlying TCP connection: this should
-cause the client to disconnect due to a protocol violation.
-
-=item B<S>
-
-print out some session cache status information.
-
-=back
-
-=head1 NOTES
-
-B<s_server> can be used to debug SSL clients. To accept connections from
-a web browser the command:
-
- openssl s_server -accept 443 -www
-
-can be used for example.
-
-Most web browsers (in particular Netscape and MSIE) only support RSA cipher
-suites, so they cannot connect to servers which don't use a certificate
-carrying an RSA key or a version of OpenSSL with RSA disabled.
-
-Although specifying an empty list of CAs when requesting a client certificate
-is strictly speaking a protocol violation, some SSL clients interpret this to
-mean any CA is acceptable. This is useful for debugging purposes.
-
-The session parameters can printed out using the B<sess_id> program.
-
-=head1 BUGS
-
-Because this program has a lot of options and also because some of
-the techniques used are rather old, the C source of s_server is rather
-hard to read and not a model of how things should be done. A typical
-SSL server program would be much simpler.
-
-The output of common ciphers is wrong: it just gives the list of ciphers that
-OpenSSL recognizes and the client supports.
-
-There should be a way for the B<s_server> program to print out details of any
-unknown cipher suites a client says it supports.
-
-=head1 SEE ALSO
-
-L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/s_time.pod b/crypto/openssl/doc/apps/s_time.pod
deleted file mode 100644
index 5a38aa2..0000000
--- a/crypto/openssl/doc/apps/s_time.pod
+++ /dev/null
@@ -1,173 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-s_time - SSL/TLS performance timing program
-
-=head1 SYNOPSIS
-
-B<openssl> B<s_time>
-[B<-connect host:port>]
-[B<-www page>]
-[B<-cert filename>]
-[B<-key filename>]
-[B<-CApath directory>]
-[B<-CAfile filename>]
-[B<-reuse>]
-[B<-new>]
-[B<-verify depth>]
-[B<-nbio>]
-[B<-time seconds>]
-[B<-ssl2>]
-[B<-ssl3>]
-[B<-bugs>]
-[B<-cipher cipherlist>]
-
-=head1 DESCRIPTION
-
-The B<s_client> command implements a generic SSL/TLS client which connects to a
-remote host using SSL/TLS. It can request a page from the server and includes
-the time to transfer the payload data in its timing measurements. It measures
-the number of connections within a given timeframe, the amount of data
-transferred (if any), and calculates the average time spent for one connection.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-connect host:port>
-
-This specifies the host and optional port to connect to.
-
-=item B<-www page>
-
-This specifies the page to GET from the server. A value of '/' gets the
-index.htm[l] page. If this parameter is not specified, then B<s_time> will only
-perform the handshake to establish SSL connections but not transfer any
-payload data.
-
-=item B<-cert certname>
-
-The certificate to use, if one is requested by the server. The default is
-not to use a certificate. The file is in PEM format.
-
-=item B<-key keyfile>
-
-The private key to use. If not specified then the certificate file will
-be used. The file is in PEM format.
-
-=item B<-verify depth>
-
-The verify depth to use. This specifies the maximum length of the
-server certificate chain and turns on server certificate verification.
-Currently the verify operation continues after errors so all the problems
-with a certificate chain can be seen. As a side effect the connection
-will never fail due to a server certificate verify failure.
-
-=item B<-CApath directory>
-
-The directory to use for server certificate verification. This directory
-must be in "hash format", see B<verify> for more information. These are
-also used when building the client certificate chain.
-
-=item B<-CAfile file>
-
-A file containing trusted certificates to use during server authentication
-and to use when attempting to build the client certificate chain.
-
-=item B<-new>
-
-performs the timing test using a new session ID for each connection.
-If neither B<-new> nor B<-reuse> are specified, they are both on by default
-and executed in sequence.
-
-=item B<-reuse>
-
-performs the timing test using the same session ID; this can be used as a test
-that session caching is working. If neither B<-new> nor B<-reuse> are
-specified, they are both on by default and executed in sequence.
-
-=item B<-nbio>
-
-turns on non-blocking I/O.
-
-=item B<-ssl2>, B<-ssl3>
-
-these options disable the use of certain SSL or TLS protocols. By default
-the initial handshake uses a method which should be compatible with all
-servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
-The timing program is not as rich in options to turn protocols on and off as
-the L<s_client(1)|s_client(1)> program and may not connect to all servers.
-
-Unfortunately there are a lot of ancient and broken servers in use which
-cannot handle this technique and will fail to connect. Some servers only
-work if TLS is turned off with the B<-ssl3> option; others
-will only support SSL v2 and may need the B<-ssl2> option.
-
-=item B<-bugs>
-
-there are several known bug in SSL and TLS implementations. Adding this
-option enables various workarounds.
-
-=item B<-cipher cipherlist>
-
-this allows the cipher list sent by the client to be modified. Although
-the server determines which cipher suite is used it should take the first
-supported cipher in the list sent by the client.
-See the L<ciphers(1)|ciphers(1)> command for more information.
-
-=item B<-time length>
-
-specifies how long (in seconds) B<s_time> should establish connections and
-optionally transfer payload data from a server. Server and client performance
-and the link speed determine how many connections B<s_time> can establish.
-
-=back
-
-=head1 NOTES
-
-B<s_client> can be used to measure the performance of an SSL connection.
-To connect to an SSL HTTP server and get the default page the command
-
- openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3]
-
-would typically be used (https uses port 443). 'commoncipher' is a cipher to
-which both client and server can agree, see the L<ciphers(1)|ciphers(1)> command
-for details.
-
-If the handshake fails then there are several possible causes, if it is
-nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
-B<-ssl3> options can be tried
-in case it is a buggy server. In particular you should play with these
-options B<before> submitting a bug report to an OpenSSL mailing list.
-
-A frequent problem when attempting to get client certificates working
-is that a web client complains it has no certificates or gives an empty
-list to choose from. This is normally because the server is not sending
-the clients certificate authority in its "acceptable CA list" when it
-requests a certificate. By using L<s_client(1)|s_client(1)> the CA list can be
-viewed and checked. However some servers only request client authentication
-after a specific URL is requested. To obtain the list in this case it
-is necessary to use the B<-prexit> option of L<s_client(1)|s_client(1)> and
-send an HTTP request for an appropriate page.
-
-If a certificate is specified on the command line using the B<-cert>
-option it will not be used unless the server specifically requests
-a client certificate. Therefor merely including a client certificate
-on the command line is no guarantee that the certificate works.
-
-=head1 BUGS
-
-Because this program does not have all the options of the
-L<s_client(1)|s_client(1)> program to turn protocols on and off, you may not be
-able to measure the performance of all protocols with all servers.
-
-The B<-verify> option should really exit if the server verification
-fails.
-
-=head1 SEE ALSO
-
-L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/sess_id.pod b/crypto/openssl/doc/apps/sess_id.pod
deleted file mode 100644
index 9988d2c..0000000
--- a/crypto/openssl/doc/apps/sess_id.pod
+++ /dev/null
@@ -1,151 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-sess_id - SSL/TLS session handling utility
-
-=head1 SYNOPSIS
-
-B<openssl> B<sess_id>
-[B<-inform PEM|DER>]
-[B<-outform PEM|DER>]
-[B<-in filename>]
-[B<-out filename>]
-[B<-text>]
-[B<-noout>]
-[B<-context ID>]
-
-=head1 DESCRIPTION
-
-The B<sess_id> process the encoded version of the SSL session structure
-and optionally prints out SSL session details (for example the SSL session
-master key) in human readable format. Since this is a diagnostic tool that
-needs some knowledge of the SSL protocol to use properly, most users will
-not need to use it.
-
-=over 4
-
-=item B<-inform DER|PEM>
-
-This specifies the input format. The B<DER> option uses an ASN1 DER encoded
-format containing session details. The precise format can vary from one version
-to the next. The B<PEM> form is the default format: it consists of the B<DER>
-format base64 encoded with additional header and footer lines.
-
-=item B<-outform DER|PEM>
-
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
-
-=item B<-in filename>
-
-This specifies the input filename to read session information from or standard
-input by default.
-
-=item B<-out filename>
-
-This specifies the output filename to write session information to or standard
-output if this option is not specified.
-
-=item B<-text>
-
-prints out the various public or private key components in
-plain text in addition to the encoded version.
-
-=item B<-cert>
-
-if a certificate is present in the session it will be output using this option,
-if the B<-text> option is also present then it will be printed out in text form.
-
-=item B<-noout>
-
-this option prevents output of the encoded version of the session.
-
-=item B<-context ID>
-
-this option can set the session id so the output session information uses the
-supplied ID. The ID can be any string of characters. This option wont normally
-be used.
-
-=back
-
-=head1 OUTPUT
-
-Typical output:
-
- SSL-Session:
- Protocol : TLSv1
- Cipher : 0016
- Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
- Session-ID-ctx: 01000000
- Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
- Key-Arg : None
- Start Time: 948459261
- Timeout : 300 (sec)
- Verify return code 0 (ok)
-
-Theses are described below in more detail.
-
-=over 4
-
-=item B<Protocol>
-
-this is the protocol in use TLSv1, SSLv3 or SSLv2.
-
-=item B<Cipher>
-
-the cipher used this is the actual raw SSL or TLS cipher code, see the SSL
-or TLS specifications for more information.
-
-=item B<Session-ID>
-
-the SSL session ID in hex format.
-
-=item B<Session-ID-ctx>
-
-the session ID context in hex format.
-
-=item B<Master-Key>
-
-this is the SSL session master key.
-
-=item B<Key-Arg>
-
-the key argument, this is only used in SSL v2.
-
-=item B<Start Time>
-
-this is the session start time represented as an integer in standard Unix format.
-
-=item B<Timeout>
-
-the timeout in seconds.
-
-=item B<Verify return code>
-
-this is the return code when an SSL client certificate is verified.
-
-=back
-
-=head1 NOTES
-
-The PEM encoded session format uses the header and footer lines:
-
- -----BEGIN SSL SESSION PARAMETERS-----
- -----END SSL SESSION PARAMETERS-----
-
-Since the SSL session output contains the master key it is possible to read the contents
-of an encrypted session using this information. Therefore appropriate security precautions
-should be taken if the information is being output by a "real" application. This is
-however strongly discouraged and should only be used for debugging purposes.
-
-=head1 BUGS
-
-The cipher and start time should be printed out in human readable form.
-
-=head1 SEE ALSO
-
-L<ciphers(1)|ciphers(1)>, L<s_server(1)|s_server(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/smime.pod b/crypto/openssl/doc/apps/smime.pod
deleted file mode 100644
index caf2d26..0000000
--- a/crypto/openssl/doc/apps/smime.pod
+++ /dev/null
@@ -1,385 +0,0 @@
-=pod
-
-=head1 NAME
-
-smime - S/MIME utility
-
-=head1 SYNOPSIS
-
-B<openssl> B<smime>
-[B<-encrypt>]
-[B<-decrypt>]
-[B<-sign>]
-[B<-verify>]
-[B<-pk7out>]
-[B<-des>]
-[B<-des3>]
-[B<-rc2-40>]
-[B<-rc2-64>]
-[B<-rc2-128>]
-[B<-aes128>]
-[B<-aes192>]
-[B<-aes256>]
-[B<-camellia128>]
-[B<-camellia192>]
-[B<-camellia256>]
-[B<-in file>]
-[B<-certfile file>]
-[B<-signer file>]
-[B<-recip file>]
-[B<-inform SMIME|PEM|DER>]
-[B<-passin arg>]
-[B<-inkey file>]
-[B<-out file>]
-[B<-outform SMIME|PEM|DER>]
-[B<-content file>]
-[B<-to addr>]
-[B<-from ad>]
-[B<-subject s>]
-[B<-text>]
-[B<-rand file(s)>]
-[cert.pem]...
-
-=head1 DESCRIPTION
-
-The B<smime> command handles S/MIME mail. It can encrypt, decrypt, sign and
-verify S/MIME messages.
-
-=head1 COMMAND OPTIONS
-
-There are five operation options that set the type of operation to be performed.
-The meaning of the other options varies according to the operation type.
-
-=over 4
-
-=item B<-encrypt>
-
-encrypt mail for the given recipient certificates. Input file is the message
-to be encrypted. The output file is the encrypted mail in MIME format.
-
-=item B<-decrypt>
-
-decrypt mail using the supplied certificate and private key. Expects an
-encrypted mail message in MIME format for the input file. The decrypted mail
-is written to the output file.
-
-=item B<-sign>
-
-sign mail using the supplied certificate and private key. Input file is
-the message to be signed. The signed message in MIME format is written
-to the output file.
-
-=item B<-verify>
-
-verify signed mail. Expects a signed mail message on input and outputs
-the signed data. Both clear text and opaque signing is supported.
-
-=item B<-pk7out>
-
-takes an input message and writes out a PEM encoded PKCS#7 structure.
-
-=item B<-in filename>
-
-the input message to be encrypted or signed or the MIME message to
-be decrypted or verified.
-
-=item B<-inform SMIME|PEM|DER>
-
-this specifies the input format for the PKCS#7 structure. The default
-is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER>
-format change this to expect PEM and DER format PKCS#7 structures
-instead. This currently only affects the input format of the PKCS#7
-structure, if no PKCS#7 structure is being input (for example with
-B<-encrypt> or B<-sign>) this option has no effect.
-
-=item B<-out filename>
-
-the message text that has been decrypted or verified or the output MIME
-format message that has been signed or verified.
-
-=item B<-outform SMIME|PEM|DER>
-
-this specifies the output format for the PKCS#7 structure. The default
-is B<SMIME> which write an S/MIME format message. B<PEM> and B<DER>
-format change this to write PEM and DER format PKCS#7 structures
-instead. This currently only affects the output format of the PKCS#7
-structure, if no PKCS#7 structure is being output (for example with
-B<-verify> or B<-decrypt>) this option has no effect.
-
-=item B<-content filename>
-
-This specifies a file containing the detached content, this is only
-useful with the B<-verify> command. This is only usable if the PKCS#7
-structure is using the detached signature form where the content is
-not included. This option will override any content if the input format
-is S/MIME and it uses the multipart/signed MIME content type.
-
-=item B<-text>
-
-this option adds plain text (text/plain) MIME headers to the supplied
-message if encrypting or signing. If decrypting or verifying it strips
-off text headers: if the decrypted or verified message is not of MIME
-type text/plain then an error occurs.
-
-=item B<-CAfile file>
-
-a file containing trusted CA certificates, only used with B<-verify>.
-
-=item B<-CApath dir>
-
-a directory containing trusted CA certificates, only used with
-B<-verify>. This directory must be a standard certificate directory: that
-is a hash of each subject name (using B<x509 -hash>) should be linked
-to each certificate.
-
-=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128 -aes128 -aes192 -aes256 -camellia128 -camellia192 -camellia256>
-
-the encryption algorithm to use. DES (56 bits), triple DES (168 bits),
-40, 64 or 128 bit RC2, 128, 192 or 256 bit AES, or 128, 192 or 256 bit Camellia respectively. If not
-specified 40 bit RC2 is used. Only used with B<-encrypt>.
-
-=item B<-nointern>
-
-when verifying a message normally certificates (if any) included in
-the message are searched for the signing certificate. With this option
-only the certificates specified in the B<-certfile> option are used.
-The supplied certificates can still be used as untrusted CAs however.
-
-=item B<-noverify>
-
-do not verify the signers certificate of a signed message.
-
-=item B<-nochain>
-
-do not do chain verification of signers certificates: that is don't
-use the certificates in the signed message as untrusted CAs.
-
-=item B<-nosigs>
-
-don't try to verify the signatures on the message.
-
-=item B<-nocerts>
-
-when signing a message the signer's certificate is normally included
-with this option it is excluded. This will reduce the size of the
-signed message but the verifier must have a copy of the signers certificate
-available locally (passed using the B<-certfile> option for example).
-
-=item B<-noattr>
-
-normally when a message is signed a set of attributes are included which
-include the signing time and supported symmetric algorithms. With this
-option they are not included.
-
-=item B<-binary>
-
-normally the input message is converted to "canonical" format which is
-effectively using CR and LF as end of line: as required by the S/MIME
-specification. When this option is present no translation occurs. This
-is useful when handling binary data which may not be in MIME format.
-
-=item B<-nodetach>
-
-when signing a message use opaque signing: this form is more resistant
-to translation by mail relays but it cannot be read by mail agents that
-do not support S/MIME. Without this option cleartext signing with
-the MIME type multipart/signed is used.
-
-=item B<-certfile file>
-
-allows additional certificates to be specified. When signing these will
-be included with the message. When verifying these will be searched for
-the signers certificates. The certificates should be in PEM format.
-
-=item B<-signer file>
-
-the signers certificate when signing a message. If a message is
-being verified then the signers certificates will be written to this
-file if the verification was successful.
-
-=item B<-recip file>
-
-the recipients certificate when decrypting a message. This certificate
-must match one of the recipients of the message or an error occurs.
-
-=item B<-inkey file>
-
-the private key to use when signing or decrypting. This must match the
-corresponding certificate. If this option is not specified then the
-private key must be included in the certificate file specified with
-the B<-recip> or B<-signer> file.
-
-=item B<-passin arg>
-
-the private key password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-rand file(s)>
-
-a file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
-Multiple files can be specified separated by a OS-dependent character.
-The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
-all others.
-
-=item B<cert.pem...>
-
-one or more certificates of message recipients: used when encrypting
-a message.
-
-=item B<-to, -from, -subject>
-
-the relevant mail headers. These are included outside the signed
-portion of a message so they may be included manually. If signing
-then many S/MIME mail clients check the signers certificate's email
-address matches that specified in the From: address.
-
-=back
-
-=head1 NOTES
-
-The MIME message must be sent without any blank lines between the
-headers and the output. Some mail programs will automatically add
-a blank line. Piping the mail directly to sendmail is one way to
-achieve the correct format.
-
-The supplied message to be signed or encrypted must include the
-necessary MIME headers or many S/MIME clients wont display it
-properly (if at all). You can use the B<-text> option to automatically
-add plain text headers.
-
-A "signed and encrypted" message is one where a signed message is
-then encrypted. This can be produced by encrypting an already signed
-message: see the examples section.
-
-This version of the program only allows one signer per message but it
-will verify multiple signers on received messages. Some S/MIME clients
-choke if a message contains multiple signers. It is possible to sign
-messages "in parallel" by signing an already signed message.
-
-The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME
-clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7
-encrypted data is used for other purposes.
-
-=head1 EXIT CODES
-
-=over 4
-
-=item 0
-
-the operation was completely successfully.
-
-=item 1
-
-an error occurred parsing the command options.
-
-=item 2
-
-one of the input files could not be read.
-
-=item 3
-
-an error occurred creating the PKCS#7 file or when reading the MIME
-message.
-
-=item 4
-
-an error occurred decrypting or verifying the message.
-
-=item 5
-
-the message was verified correctly but an error occurred writing out
-the signers certificates.
-
-=back
-
-=head1 EXAMPLES
-
-Create a cleartext signed message:
-
- openssl smime -sign -in message.txt -text -out mail.msg \
- -signer mycert.pem
-
-Create and opaque signed message
-
- openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
- -signer mycert.pem
-
-Create a signed message, include some additional certificates and
-read the private key from another file:
-
- openssl smime -sign -in in.txt -text -out mail.msg \
- -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
-
-Send a signed message under Unix directly to sendmail, including headers:
-
- openssl smime -sign -in in.txt -text -signer mycert.pem \
- -from steve@openssl.org -to someone@somewhere \
- -subject "Signed message" | sendmail someone@somewhere
-
-Verify a message and extract the signer's certificate if successful:
-
- openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt
-
-Send encrypted mail using triple DES:
-
- openssl smime -encrypt -in in.txt -from steve@openssl.org \
- -to someone@somewhere -subject "Encrypted message" \
- -des3 user.pem -out mail.msg
-
-Sign and encrypt mail:
-
- openssl smime -sign -in ml.txt -signer my.pem -text \
- | openssl smime -encrypt -out mail.msg \
- -from steve@openssl.org -to someone@somewhere \
- -subject "Signed and Encrypted message" -des3 user.pem
-
-Note: the encryption command does not include the B<-text> option because the message
-being encrypted already has MIME headers.
-
-Decrypt mail:
-
- openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
-
-The output from Netscape form signing is a PKCS#7 structure with the
-detached signature format. You can use this program to verify the
-signature by line wrapping the base64 encoded structure and surrounding
-it with:
-
- -----BEGIN PKCS7-----
- -----END PKCS7-----
-
-and using the command,
-
- openssl smime -verify -inform PEM -in signature.pem -content content.txt
-
-alternatively you can base64 decode the signature and use
-
- openssl smime -verify -inform DER -in signature.der -content content.txt
-
-Create an encrypted message using 128 bit Camellia:
-
- openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
-
-=head1 BUGS
-
-The MIME parser isn't very clever: it seems to handle most messages that I've thrown
-at it but it may choke on others.
-
-The code currently will only write out the signer's certificate to a file: if the
-signer has a separate encryption certificate this must be manually extracted. There
-should be some heuristic that determines the correct encryption certificate.
-
-Ideally a database should be maintained of a certificates for each email address.
-
-The code doesn't currently take note of the permitted symmetric encryption
-algorithms as supplied in the SMIMECapabilities signed attribute. this means the
-user has to manually include the correct encryption algorithm. It should store
-the list of permitted ciphers in a database and only use those.
-
-No revocation checking is done on the signer's certificate.
-
-The current code can only handle S/MIME v2 messages, the more complex S/MIME v3
-structures may cause parsing errors.
-
-=cut
diff --git a/crypto/openssl/doc/apps/speed.pod b/crypto/openssl/doc/apps/speed.pod
deleted file mode 100644
index 0dcdba8..0000000
--- a/crypto/openssl/doc/apps/speed.pod
+++ /dev/null
@@ -1,59 +0,0 @@
-=pod
-
-=head1 NAME
-
-speed - test library performance
-
-=head1 SYNOPSIS
-
-B<openssl speed>
-[B<-engine id>]
-[B<md2>]
-[B<mdc2>]
-[B<md5>]
-[B<hmac>]
-[B<sha1>]
-[B<rmd160>]
-[B<idea-cbc>]
-[B<rc2-cbc>]
-[B<rc5-cbc>]
-[B<bf-cbc>]
-[B<des-cbc>]
-[B<des-ede3>]
-[B<rc4>]
-[B<rsa512>]
-[B<rsa1024>]
-[B<rsa2048>]
-[B<rsa4096>]
-[B<dsa512>]
-[B<dsa1024>]
-[B<dsa2048>]
-[B<idea>]
-[B<rc2>]
-[B<des>]
-[B<rsa>]
-[B<blowfish>]
-
-=head1 DESCRIPTION
-
-This command is used to test the performance of cryptographic algorithms.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<speed>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=item B<[zero or more test algorithms]>
-
-If any options are given, B<speed> tests those algorithms, otherwise all of
-the above are tested.
-
-=back
-
-=cut
diff --git a/crypto/openssl/doc/apps/spkac.pod b/crypto/openssl/doc/apps/spkac.pod
deleted file mode 100644
index c3f1ff9..0000000
--- a/crypto/openssl/doc/apps/spkac.pod
+++ /dev/null
@@ -1,133 +0,0 @@
-=pod
-
-=head1 NAME
-
-spkac - SPKAC printing and generating utility
-
-=head1 SYNOPSIS
-
-B<openssl> B<spkac>
-[B<-in filename>]
-[B<-out filename>]
-[B<-key keyfile>]
-[B<-passin arg>]
-[B<-challenge string>]
-[B<-pubkey>]
-[B<-spkac spkacname>]
-[B<-spksect section>]
-[B<-noout>]
-[B<-verify>]
-[B<-engine id>]
-
-=head1 DESCRIPTION
-
-The B<spkac> command processes Netscape signed public key and challenge
-(SPKAC) files. It can print out their contents, verify the signature and
-produce its own SPKACs from a supplied private key.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-in filename>
-
-This specifies the input filename to read from or standard input if this
-option is not specified. Ignored if the B<-key> option is used.
-
-=item B<-out filename>
-
-specifies the output filename to write to or standard output by
-default.
-
-=item B<-key keyfile>
-
-create an SPKAC file using the private key in B<keyfile>. The
-B<-in>, B<-noout>, B<-spksect> and B<-verify> options are ignored if
-present.
-
-=item B<-passin password>
-
-the input file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
-
-=item B<-challenge string>
-
-specifies the challenge string if an SPKAC is being created.
-
-=item B<-spkac spkacname>
-
-allows an alternative name form the variable containing the
-SPKAC. The default is "SPKAC". This option affects both
-generated and input SPKAC files.
-
-=item B<-spksect section>
-
-allows an alternative name form the section containing the
-SPKAC. The default is the default section.
-
-=item B<-noout>
-
-don't output the text version of the SPKAC (not used if an
-SPKAC is being created).
-
-=item B<-pubkey>
-
-output the public key of an SPKAC (not used if an SPKAC is
-being created).
-
-=item B<-verify>
-
-verifies the digital signature on the supplied SPKAC.
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<req>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=back
-
-=head1 EXAMPLES
-
-Print out the contents of an SPKAC:
-
- openssl spkac -in spkac.cnf
-
-Verify the signature of an SPKAC:
-
- openssl spkac -in spkac.cnf -noout -verify
-
-Create an SPKAC using the challenge string "hello":
-
- openssl spkac -key key.pem -challenge hello -out spkac.cnf
-
-Example of an SPKAC, (long lines split up for clarity):
-
- SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\
- PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\
- PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\
- 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\
- 4=
-
-=head1 NOTES
-
-A created SPKAC with suitable DN components appended can be fed into
-the B<ca> utility.
-
-SPKACs are typically generated by Netscape when a form is submitted
-containing the B<KEYGEN> tag as part of the certificate enrollment
-process.
-
-The challenge string permits a primitive form of proof of possession
-of private key. By checking the SPKAC signature and a random challenge
-string some guarantee is given that the user knows the private key
-corresponding to the public key being certified. This is important in
-some applications. Without this it is possible for a previous SPKAC
-to be used in a "replay attack".
-
-=head1 SEE ALSO
-
-L<ca(1)|ca(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/verify.pod b/crypto/openssl/doc/apps/verify.pod
deleted file mode 100644
index ea5c29c..0000000
--- a/crypto/openssl/doc/apps/verify.pod
+++ /dev/null
@@ -1,328 +0,0 @@
-=pod
-
-=head1 NAME
-
-verify - Utility to verify certificates.
-
-=head1 SYNOPSIS
-
-B<openssl> B<verify>
-[B<-CApath directory>]
-[B<-CAfile file>]
-[B<-purpose purpose>]
-[B<-untrusted file>]
-[B<-help>]
-[B<-issuer_checks>]
-[B<-verbose>]
-[B<->]
-[certificates]
-
-
-=head1 DESCRIPTION
-
-The B<verify> command verifies certificate chains.
-
-=head1 COMMAND OPTIONS
-
-=over 4
-
-=item B<-CApath directory>
-
-A directory of trusted certificates. The certificates should have names
-of the form: hash.0 or have symbolic links to them of this
-form ("hash" is the hashed certificate subject name: see the B<-hash> option
-of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
-create symbolic links to a directory of certificates.
-
-=item B<-CAfile file>
-
-A file of trusted certificates. The file should contain multiple certificates
-in PEM format concatenated together.
-
-=item B<-untrusted file>
-
-A file of untrusted certificates. The file should contain multiple certificates
-
-=item B<-purpose purpose>
-
-the intended use for the certificate. Without this option no chain verification
-will be done. Currently accepted uses are B<sslclient>, B<sslserver>,
-B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION>
-section for more information.
-
-=item B<-help>
-
-prints out a usage message.
-
-=item B<-verbose>
-
-print extra information about the operations being performed.
-
-=item B<-issuer_checks>
-
-print out diagnostics relating to searches for the issuer certificate
-of the current certificate. This shows why each candidate issuer
-certificate was rejected. However the presence of rejection messages
-does not itself imply that anything is wrong: during the normal
-verify process several rejections may take place.
-
-=item B<->
-
-marks the last option. All arguments following this are assumed to be
-certificate files. This is useful if the first certificate filename begins
-with a B<->.
-
-=item B<certificates>
-
-one or more certificates to verify. If no certificate filenames are included
-then an attempt is made to read a certificate from standard input. They should
-all be in PEM format.
-
-
-=back
-
-=head1 VERIFY OPERATION
-
-The B<verify> program uses the same functions as the internal SSL and S/MIME
-verification, therefore this description applies to these verify operations
-too.
-
-There is one crucial difference between the verify operations performed
-by the B<verify> program: wherever possible an attempt is made to continue
-after an error whereas normally the verify operation would halt on the
-first error. This allows all the problems with a certificate chain to be
-determined.
-
-The verify operation consists of a number of separate steps.
-
-Firstly a certificate chain is built up starting from the supplied certificate
-and ending in the root CA. It is an error if the whole chain cannot be built
-up. The chain is built up by looking up the issuers certificate of the current
-certificate. If a certificate is found which is its own issuer it is assumed
-to be the root CA.
-
-The process of 'looking up the issuers certificate' itself involves a number
-of steps. In versions of OpenSSL before 0.9.5a the first certificate whose
-subject name matched the issuer of the current certificate was assumed to be
-the issuers certificate. In OpenSSL 0.9.6 and later all certificates
-whose subject name matches the issuer name of the current certificate are
-subject to further tests. The relevant authority key identifier components
-of the current certificate (if present) must match the subject key identifier
-(if present) and issuer and serial number of the candidate issuer, in addition
-the keyUsage extension of the candidate issuer (if present) must permit
-certificate signing.
-
-The lookup first looks in the list of untrusted certificates and if no match
-is found the remaining lookups are from the trusted certificates. The root CA
-is always looked up in the trusted certificate list: if the certificate to
-verify is a root certificate then an exact match must be found in the trusted
-list.
-
-The second operation is to check every untrusted certificate's extensions for
-consistency with the supplied purpose. If the B<-purpose> option is not included
-then no checks are done. The supplied or "leaf" certificate must have extensions
-compatible with the supplied purpose and all other certificates must also be valid
-CA certificates. The precise extensions required are described in more detail in
-the B<CERTIFICATE EXTENSIONS> section of the B<x509> utility.
-
-The third operation is to check the trust settings on the root CA. The root
-CA should be trusted for the supplied purpose. For compatibility with previous
-versions of SSLeay and OpenSSL a certificate with no trust settings is considered
-to be valid for all purposes.
-
-The final operation is to check the validity of the certificate chain. The validity
-period is checked against the current system time and the notBefore and notAfter
-dates in the certificate. The certificate signatures are also checked at this
-point.
-
-If all operations complete successfully then certificate is considered valid. If
-any operation fails then the certificate is not valid.
-
-=head1 DIAGNOSTICS
-
-When a verify operation fails the output messages can be somewhat cryptic. The
-general form of the error message is:
-
- server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
- error 24 at 1 depth lookup:invalid CA certificate
-
-The first line contains the name of the certificate being verified followed by
-the subject name of the certificate. The second line contains the error number
-and the depth. The depth is number of the certificate being verified when a
-problem was detected starting with zero for the certificate being verified itself
-then 1 for the CA that signed the certificate and so on. Finally a text version
-of the error number is presented.
-
-An exhaustive list of the error codes and messages is shown below, this also
-includes the name of the error code as defined in the header file x509_vfy.h
-Some of the error codes are defined but never returned: these are described
-as "unused".
-
-=over 4
-
-=item B<0 X509_V_OK: ok>
-
-the operation was successful.
-
-=item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
-
-the issuer certificate could not be found: this occurs if the issuer certificate
-of an untrusted certificate cannot be found.
-
-=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate CRL>
-
-the CRL of a certificate could not be found. Unused.
-
-=item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
-
-the certificate signature could not be decrypted. This means that the actual signature value
-could not be determined rather than it not matching the expected value, this is only
-meaningful for RSA keys.
-
-=item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
-
-the CRL signature could not be decrypted: this means that the actual signature value
-could not be determined rather than it not matching the expected value. Unused.
-
-=item B<6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key>
-
-the public key in the certificate SubjectPublicKeyInfo could not be read.
-
-=item B<7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
-
-the signature of the certificate is invalid.
-
-=item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
-
-the signature of the certificate is invalid. Unused.
-
-=item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
-
-the certificate is not yet valid: the notBefore date is after the current time.
-
-=item B<10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
-
-the certificate has expired: that is the notAfter date is before the current time.
-
-=item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
-
-the CRL is not yet valid. Unused.
-
-=item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
-
-the CRL has expired. Unused.
-
-=item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
-
-the certificate notBefore field contains an invalid time.
-
-=item B<14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field>
-
-the certificate notAfter field contains an invalid time.
-
-=item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
-
-the CRL lastUpdate field contains an invalid time. Unused.
-
-=item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
-
-the CRL nextUpdate field contains an invalid time. Unused.
-
-=item B<17 X509_V_ERR_OUT_OF_MEM: out of memory>
-
-an error occurred trying to allocate memory. This should never happen.
-
-=item B<18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
-
-the passed certificate is self signed and the same certificate cannot be found in the list of
-trusted certificates.
-
-=item B<19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain>
-
-the certificate chain could be built up using the untrusted certificates but the root could not
-be found locally.
-
-=item B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
-
-the issuer certificate of a locally looked up certificate could not be found. This normally means
-the list of trusted certificates is not complete.
-
-=item B<21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
-
-no signatures could be verified because the chain contains only one certificate and it is not
-self signed.
-
-=item B<22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
-
-the certificate chain length is greater than the supplied maximum depth. Unused.
-
-=item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked>
-
-the certificate has been revoked. Unused.
-
-=item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate>
-
-a CA certificate is invalid. Either it is not a CA or its extensions are not consistent
-with the supplied purpose.
-
-=item B<25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
-
-the basicConstraints pathlength parameter has been exceeded.
-
-=item B<26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
-
-the supplied certificate cannot be used for the specified purpose.
-
-=item B<27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
-
-the root CA is not marked as trusted for the specified purpose.
-
-=item B<28 X509_V_ERR_CERT_REJECTED: certificate rejected>
-
-the root CA is marked to reject the specified purpose.
-
-=item B<29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch>
-
-the current candidate issuer certificate was rejected because its subject name
-did not match the issuer name of the current certificate. Only displayed when
-the B<-issuer_checks> option is set.
-
-=item B<30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch>
-
-the current candidate issuer certificate was rejected because its subject key
-identifier was present and did not match the authority key identifier current
-certificate. Only displayed when the B<-issuer_checks> option is set.
-
-=item B<31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch>
-
-the current candidate issuer certificate was rejected because its issuer name
-and serial number was present and did not match the authority key identifier
-of the current certificate. Only displayed when the B<-issuer_checks> option is set.
-
-=item B<32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing>
-
-the current candidate issuer certificate was rejected because its keyUsage extension
-does not permit certificate signing.
-
-=item B<50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
-
-an application specific error. Unused.
-
-=back
-
-=head1 BUGS
-
-Although the issuer checks are a considerably improvement over the old technique they still
-suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that
-trusted certificates with matching subject name must either appear in a file (as specified by the
-B<-CAfile> option) or a directory (as specified by B<-CApath>. If they occur in both then only
-the certificates in the file will be recognised.
-
-Previous versions of OpenSSL assume certificates with matching subject name are identical and
-mishandled them.
-
-=head1 SEE ALSO
-
-L<x509(1)|x509(1)>
-
-=cut
diff --git a/crypto/openssl/doc/apps/version.pod b/crypto/openssl/doc/apps/version.pod
deleted file mode 100644
index e00324c..0000000
--- a/crypto/openssl/doc/apps/version.pod
+++ /dev/null
@@ -1,64 +0,0 @@
-=pod
-
-=head1 NAME
-
-version - print OpenSSL version information
-
-=head1 SYNOPSIS
-
-B<openssl version>
-[B<-a>]
-[B<-v>]
-[B<-b>]
-[B<-o>]
-[B<-f>]
-[B<-p>]
-
-=head1 DESCRIPTION
-
-This command is used to print out version information about OpenSSL.
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<-a>
-
-all information, this is the same as setting all the other flags.
-
-=item B<-v>
-
-the current OpenSSL version.
-
-=item B<-b>
-
-the date the current version of OpenSSL was built.
-
-=item B<-o>
-
-option information: various options set when the library was built.
-
-=item B<-c>
-
-compilation flags.
-
-=item B<-p>
-
-platform setting.
-
-=item B<-d>
-
-OPENSSLDIR setting.
-
-=back
-
-=head1 NOTES
-
-The output of B<openssl version -a> would typically be used when sending
-in a bug report.
-
-=head1 HISTORY
-
-The B<-d> option was added in OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/apps/x509.pod b/crypto/openssl/doc/apps/x509.pod
deleted file mode 100644
index a925da4..0000000
--- a/crypto/openssl/doc/apps/x509.pod
+++ /dev/null
@@ -1,832 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-x509 - Certificate display and signing utility
-
-=head1 SYNOPSIS
-
-B<openssl> B<x509>
-[B<-inform DER|PEM|NET>]
-[B<-outform DER|PEM|NET>]
-[B<-keyform DER|PEM>]
-[B<-CAform DER|PEM>]
-[B<-CAkeyform DER|PEM>]
-[B<-in filename>]
-[B<-out filename>]
-[B<-serial>]
-[B<-hash>]
-[B<-subject_hash>]
-[B<-issuer_hash>]
-[B<-subject>]
-[B<-issuer>]
-[B<-nameopt option>]
-[B<-email>]
-[B<-startdate>]
-[B<-enddate>]
-[B<-purpose>]
-[B<-dates>]
-[B<-modulus>]
-[B<-fingerprint>]
-[B<-alias>]
-[B<-noout>]
-[B<-trustout>]
-[B<-clrtrust>]
-[B<-clrreject>]
-[B<-addtrust arg>]
-[B<-addreject arg>]
-[B<-setalias arg>]
-[B<-days arg>]
-[B<-set_serial n>]
-[B<-signkey filename>]
-[B<-x509toreq>]
-[B<-req>]
-[B<-CA filename>]
-[B<-CAkey filename>]
-[B<-CAcreateserial>]
-[B<-CAserial filename>]
-[B<-text>]
-[B<-C>]
-[B<-md2|-md5|-sha1|-mdc2>]
-[B<-clrext>]
-[B<-extfile filename>]
-[B<-extensions section>]
-[B<-engine id>]
-
-=head1 DESCRIPTION
-
-The B<x509> command is a multi purpose certificate utility. It can be
-used to display certificate information, convert certificates to
-various forms, sign certificate requests like a "mini CA" or edit
-certificate trust settings.
-
-Since there are a large number of options they will split up into
-various sections.
-
-=head1 OPTIONS
-
-=head2 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS
-
-=over 4
-
-=item B<-inform DER|PEM|NET>
-
-This specifies the input format normally the command will expect an X509
-certificate but this can change if other options such as B<-req> are
-present. The DER format is the DER encoding of the certificate and PEM
-is the base64 encoding of the DER encoding with header and footer lines
-added. The NET option is an obscure Netscape server format that is now
-obsolete.
-
-=item B<-outform DER|PEM|NET>
-
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
-
-=item B<-in filename>
-
-This specifies the input filename to read a certificate from or standard input
-if this option is not specified.
-
-=item B<-out filename>
-
-This specifies the output filename to write to or standard output by
-default.
-
-=item B<-md2|-md5|-sha1|-mdc2>
-
-the digest to use. This affects any signing or display option that uses a message
-digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
-specified then SHA1 is used. If the key being used to sign with is a DSA key
-then this option has no effect: SHA1 is always used with DSA keys.
-
-=item B<-engine id>
-
-specifying an engine (by it's unique B<id> string) will cause B<req>
-to attempt to obtain a functional reference to the specified engine,
-thus initialising it if needed. The engine will then be set as the default
-for all available algorithms.
-
-=back
-
-=head2 DISPLAY OPTIONS
-
-Note: the B<-alias> and B<-purpose> options are also display options
-but are described in the B<TRUST SETTINGS> section.
-
-=over 4
-
-=item B<-text>
-
-prints out the certificate in text form. Full details are output including the
-public key, signature algorithms, issuer and subject names, serial number
-any extensions present and any trust settings.
-
-=item B<-certopt option>
-
-customise the output format used with B<-text>. The B<option> argument can be
-a single option or multiple options separated by commas. The B<-certopt> switch
-may be also be used more than once to set multiple options. See the B<TEXT OPTIONS>
-section for more information.
-
-=item B<-noout>
-
-this option prevents output of the encoded version of the request.
-
-=item B<-modulus>
-
-this option prints out the value of the modulus of the public key
-contained in the certificate.
-
-=item B<-serial>
-
-outputs the certificate serial number.
-
-=item B<-subject_hash>
-
-outputs the "hash" of the certificate subject name. This is used in OpenSSL to
-form an index to allow certificates in a directory to be looked up by subject
-name.
-
-=item B<-issuer_hash>
-
-outputs the "hash" of the certificate issuer name.
-
-=item B<-hash>
-
-synonym for "-hash" for backward compatibility reasons.
-
-=item B<-subject>
-
-outputs the subject name.
-
-=item B<-issuer>
-
-outputs the issuer name.
-
-=item B<-nameopt option>
-
-option which determines how the subject or issuer names are displayed. The
-B<option> argument can be a single option or multiple options separated by
-commas. Alternatively the B<-nameopt> switch may be used more than once to
-set multiple options. See the B<NAME OPTIONS> section for more information.
-
-=item B<-email>
-
-outputs the email address(es) if any.
-
-=item B<-startdate>
-
-prints out the start date of the certificate, that is the notBefore date.
-
-=item B<-enddate>
-
-prints out the expiry date of the certificate, that is the notAfter date.
-
-=item B<-dates>
-
-prints out the start and expiry dates of a certificate.
-
-=item B<-fingerprint>
-
-prints out the digest of the DER encoded version of the whole certificate
-(see digest options).
-
-=item B<-C>
-
-this outputs the certificate in the form of a C source file.
-
-=back
-
-=head2 TRUST SETTINGS
-
-Please note these options are currently experimental and may well change.
-
-A B<trusted certificate> is an ordinary certificate which has several
-additional pieces of information attached to it such as the permitted
-and prohibited uses of the certificate and an "alias".
-
-Normally when a certificate is being verified at least one certificate
-must be "trusted". By default a trusted certificate must be stored
-locally and must be a root CA: any certificate chain ending in this CA
-is then usable for any purpose.
-
-Trust settings currently are only used with a root CA. They allow a finer
-control over the purposes the root CA can be used for. For example a CA
-may be trusted for SSL client but not SSL server use.
-
-See the description of the B<verify> utility for more information on the
-meaning of trust settings.
-
-Future versions of OpenSSL will recognize trust settings on any
-certificate: not just root CAs.
-
-
-=over 4
-
-=item B<-trustout>
-
-this causes B<x509> to output a B<trusted> certificate. An ordinary
-or trusted certificate can be input but by default an ordinary
-certificate is output and any trust settings are discarded. With the
-B<-trustout> option a trusted certificate is output. A trusted
-certificate is automatically output if any trust settings are modified.
-
-=item B<-setalias arg>
-
-sets the alias of the certificate. This will allow the certificate
-to be referred to using a nickname for example "Steve's Certificate".
-
-=item B<-alias>
-
-outputs the certificate alias, if any.
-
-=item B<-clrtrust>
-
-clears all the permitted or trusted uses of the certificate.
-
-=item B<-clrreject>
-
-clears all the prohibited or rejected uses of the certificate.
-
-=item B<-addtrust arg>
-
-adds a trusted certificate use. Any object name can be used here
-but currently only B<clientAuth> (SSL client use), B<serverAuth>
-(SSL server use) and B<emailProtection> (S/MIME email) are used.
-Other OpenSSL applications may define additional uses.
-
-=item B<-addreject arg>
-
-adds a prohibited use. It accepts the same values as the B<-addtrust>
-option.
-
-=item B<-purpose>
-
-this option performs tests on the certificate extensions and outputs
-the results. For a more complete description see the B<CERTIFICATE
-EXTENSIONS> section.
-
-=back
-
-=head2 SIGNING OPTIONS
-
-The B<x509> utility can be used to sign certificates and requests: it
-can thus behave like a "mini CA".
-
-=over 4
-
-=item B<-signkey filename>
-
-this option causes the input file to be self signed using the supplied
-private key.
-
-If the input file is a certificate it sets the issuer name to the
-subject name (i.e. makes it self signed) changes the public key to the
-supplied value and changes the start and end dates. The start date is
-set to the current time and the end date is set to a value determined
-by the B<-days> option. Any certificate extensions are retained unless
-the B<-clrext> option is supplied.
-
-If the input is a certificate request then a self signed certificate
-is created using the supplied private key using the subject name in
-the request.
-
-=item B<-clrext>
-
-delete any extensions from a certificate. This option is used when a
-certificate is being created from another certificate (for example with
-the B<-signkey> or the B<-CA> options). Normally all extensions are
-retained.
-
-=item B<-keyform PEM|DER>
-
-specifies the format (DER or PEM) of the private key file used in the
-B<-signkey> option.
-
-=item B<-days arg>
-
-specifies the number of days to make a certificate valid for. The default
-is 30 days.
-
-=item B<-x509toreq>
-
-converts a certificate into a certificate request. The B<-signkey> option
-is used to pass the required private key.
-
-=item B<-req>
-
-by default a certificate is expected on input. With this option a
-certificate request is expected instead.
-
-=item B<-set_serial n>
-
-specifies the serial number to use. This option can be used with either
-the B<-signkey> or B<-CA> options. If used in conjunction with the B<-CA>
-option the serial number file (as specified by the B<-CAserial> or
-B<-CAcreateserial> options) is not used.
-
-The serial number can be decimal or hex (if preceded by B<0x>). Negative
-serial numbers can also be specified but their use is not recommended.
-
-=item B<-CA filename>
-
-specifies the CA certificate to be used for signing. When this option is
-present B<x509> behaves like a "mini CA". The input file is signed by this
-CA using this option: that is its issuer name is set to the subject name
-of the CA and it is digitally signed using the CAs private key.
-
-This option is normally combined with the B<-req> option. Without the
-B<-req> option the input is a certificate which must be self signed.
-
-=item B<-CAkey filename>
-
-sets the CA private key to sign a certificate with. If this option is
-not specified then it is assumed that the CA private key is present in
-the CA certificate file.
-
-=item B<-CAserial filename>
-
-sets the CA serial number file to use.
-
-When the B<-CA> option is used to sign a certificate it uses a serial
-number specified in a file. This file consist of one line containing
-an even number of hex digits with the serial number to use. After each
-use the serial number is incremented and written out to the file again.
-
-The default filename consists of the CA certificate file base name with
-".srl" appended. For example if the CA certificate file is called
-"mycacert.pem" it expects to find a serial number file called "mycacert.srl".
-
-=item B<-CAcreateserial>
-
-with this option the CA serial number file is created if it does not exist:
-it will contain the serial number "02" and the certificate being signed will
-have the 1 as its serial number. Normally if the B<-CA> option is specified
-and the serial number file does not exist it is an error.
-
-=item B<-extfile filename>
-
-file containing certificate extensions to use. If not specified then
-no extensions are added to the certificate.
-
-=item B<-extensions section>
-
-the section to add certificate extensions from. If this option is not
-specified then the extensions should either be contained in the unnamed
-(default) section or the default section should contain a variable called
-"extensions" which contains the section to use.
-
-=back
-
-=head2 NAME OPTIONS
-
-The B<nameopt> command line switch determines how the subject and issuer
-names are displayed. If no B<nameopt> switch is present the default "oneline"
-format is used which is compatible with previous versions of OpenSSL.
-Each option is described in detail below, all options can be preceded by
-a B<-> to turn the option off. Only the first four will normally be used.
-
-=over 4
-
-=item B<compat>
-
-use the old format. This is equivalent to specifying no name options at all.
-
-=item B<RFC2253>
-
-displays names compatible with RFC2253 equivalent to B<esc_2253>, B<esc_ctrl>,
-B<esc_msb>, B<utf8>, B<dump_nostr>, B<dump_unknown>, B<dump_der>,
-B<sep_comma_plus>, B<dn_rev> and B<sname>.
-
-=item B<oneline>
-
-a oneline format which is more readable than RFC2253. It is equivalent to
-specifying the B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>,
-B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, B<space_eq> and B<sname>
-options.
-
-=item B<multiline>
-
-a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>,
-B<space_eq>, B<lname> and B<align>.
-
-=item B<esc_2253>
-
-escape the "special" characters required by RFC2253 in a field That is
-B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginning of a string
-and a space character at the beginning or end of a string.
-
-=item B<esc_ctrl>
-
-escape control characters. That is those with ASCII values less than
-0x20 (space) and the delete (0x7f) character. They are escaped using the
-RFC2253 \XX notation (where XX are two hex digits representing the
-character value).
-
-=item B<esc_msb>
-
-escape characters with the MSB set, that is with ASCII values larger than
-127.
-
-=item B<use_quote>
-
-escapes some characters by surrounding the whole string with B<"> characters,
-without the option all escaping is done with the B<\> character.
-
-=item B<utf8>
-
-convert all strings to UTF8 format first. This is required by RFC2253. If
-you are lucky enough to have a UTF8 compatible terminal then the use
-of this option (and B<not> setting B<esc_msb>) may result in the correct
-display of multibyte (international) characters. Is this option is not
-present then multibyte characters larger than 0xff will be represented
-using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits.
-Also if this option is off any UTF8Strings will be converted to their
-character form first.
-
-=item B<no_type>
-
-this option does not attempt to interpret multibyte characters in any
-way. That is their content octets are merely dumped as though one octet
-represents each character. This is useful for diagnostic purposes but
-will result in rather odd looking output.
-
-=item B<show_type>
-
-show the type of the ASN1 character string. The type precedes the
-field contents. For example "BMPSTRING: Hello World".
-
-=item B<dump_der>
-
-when this option is set any fields that need to be hexdumped will
-be dumped using the DER encoding of the field. Otherwise just the
-content octets will be displayed. Both options use the RFC2253
-B<#XXXX...> format.
-
-=item B<dump_nostr>
-
-dump non character string types (for example OCTET STRING) if this
-option is not set then non character string types will be displayed
-as though each content octet represents a single character.
-
-=item B<dump_all>
-
-dump all fields. This option when used with B<dump_der> allows the
-DER encoding of the structure to be unambiguously determined.
-
-=item B<dump_unknown>
-
-dump any field whose OID is not recognised by OpenSSL.
-
-=item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>,
-B<sep_multiline>
-
-these options determine the field separators. The first character is
-between RDNs and the second between multiple AVAs (multiple AVAs are
-very rare and their use is discouraged). The options ending in
-"space" additionally place a space after the separator to make it
-more readable. The B<sep_multiline> uses a linefeed character for
-the RDN separator and a spaced B<+> for the AVA separator. It also
-indents the fields by four characters.
-
-=item B<dn_rev>
-
-reverse the fields of the DN. This is required by RFC2253. As a side
-effect this also reverses the order of multiple AVAs but this is
-permissible.
-
-=item B<nofname>, B<sname>, B<lname>, B<oid>
-
-these options alter how the field name is displayed. B<nofname> does
-not display the field at all. B<sname> uses the "short name" form
-(CN for commonName for example). B<lname> uses the long form.
-B<oid> represents the OID in numerical form and is useful for
-diagnostic purpose.
-
-=item B<align>
-
-align field values for a more readable output. Only usable with
-B<sep_multiline>.
-
-=item B<space_eq>
-
-places spaces round the B<=> character which follows the field
-name.
-
-=back
-
-=head2 TEXT OPTIONS
-
-As well as customising the name output format, it is also possible to
-customise the actual fields printed using the B<certopt> options when
-the B<text> option is present. The default behaviour is to print all fields.
-
-=over 4
-
-=item B<compatible>
-
-use the old format. This is equivalent to specifying no output options at all.
-
-=item B<no_header>
-
-don't print header information: that is the lines saying "Certificate" and "Data".
-
-=item B<no_version>
-
-don't print out the version number.
-
-=item B<no_serial>
-
-don't print out the serial number.
-
-=item B<no_signame>
-
-don't print out the signature algorithm used.
-
-=item B<no_validity>
-
-don't print the validity, that is the B<notBefore> and B<notAfter> fields.
-
-=item B<no_subject>
-
-don't print out the subject name.
-
-=item B<no_issuer>
-
-don't print out the issuer name.
-
-=item B<no_pubkey>
-
-don't print out the public key.
-
-=item B<no_sigdump>
-
-don't give a hexadecimal dump of the certificate signature.
-
-=item B<no_aux>
-
-don't print out certificate trust information.
-
-=item B<no_extensions>
-
-don't print out any X509V3 extensions.
-
-=item B<ext_default>
-
-retain default extension behaviour: attempt to print out unsupported certificate extensions.
-
-=item B<ext_error>
-
-print an error message for unsupported certificate extensions.
-
-=item B<ext_parse>
-
-ASN1 parse unsupported extensions.
-
-=item B<ext_dump>
-
-hex dump unsupported extensions.
-
-=item B<ca_default>
-
-the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>,
-B<no_version>, B<no_sigdump> and B<no_signame>.
-
-=back
-
-=head1 EXAMPLES
-
-Note: in these examples the '\' means the example should be all on one
-line.
-
-Display the contents of a certificate:
-
- openssl x509 -in cert.pem -noout -text
-
-Display the certificate serial number:
-
- openssl x509 -in cert.pem -noout -serial
-
-Display the certificate subject name:
-
- openssl x509 -in cert.pem -noout -subject
-
-Display the certificate subject name in RFC2253 form:
-
- openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
-
-Display the certificate subject name in oneline form on a terminal
-supporting UTF8:
-
- openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
-
-Display the certificate MD5 fingerprint:
-
- openssl x509 -in cert.pem -noout -fingerprint
-
-Display the certificate SHA1 fingerprint:
-
- openssl x509 -sha1 -in cert.pem -noout -fingerprint
-
-Convert a certificate from PEM to DER format:
-
- openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
-
-Convert a certificate to a certificate request:
-
- openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
-
-Convert a certificate request into a self signed certificate using
-extensions for a CA:
-
- openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
- -signkey key.pem -out cacert.pem
-
-Sign a certificate request using the CA certificate above and add user
-certificate extensions:
-
- openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
- -CA cacert.pem -CAkey key.pem -CAcreateserial
-
-
-Set a certificate to be trusted for SSL client use and change set its alias to
-"Steve's Class 1 CA"
-
- openssl x509 -in cert.pem -addtrust clientAuth \
- -setalias "Steve's Class 1 CA" -out trust.pem
-
-=head1 NOTES
-
-The PEM format uses the header and footer lines:
-
- -----BEGIN CERTIFICATE-----
- -----END CERTIFICATE-----
-
-it will also handle files containing:
-
- -----BEGIN X509 CERTIFICATE-----
- -----END X509 CERTIFICATE-----
-
-Trusted certificates have the lines
-
- -----BEGIN TRUSTED CERTIFICATE-----
- -----END TRUSTED CERTIFICATE-----
-
-The conversion to UTF8 format used with the name options assumes that
-T61Strings use the ISO8859-1 character set. This is wrong but Netscape
-and MSIE do this as do many certificates. So although this is incorrect
-it is more likely to display the majority of certificates correctly.
-
-The B<-fingerprint> option takes the digest of the DER encoded certificate.
-This is commonly called a "fingerprint". Because of the nature of message
-digests the fingerprint of a certificate is unique to that certificate and
-two certificates with the same fingerprint can be considered to be the same.
-
-The Netscape fingerprint uses MD5 whereas MSIE uses SHA1.
-
-The B<-email> option searches the subject name and the subject alternative
-name extension. Only unique email addresses will be printed out: it will
-not print the same address more than once.
-
-=head1 CERTIFICATE EXTENSIONS
-
-The B<-purpose> option checks the certificate extensions and determines
-what the certificate can be used for. The actual checks done are rather
-complex and include various hacks and workarounds to handle broken
-certificates and software.
-
-The same code is used when verifying untrusted certificates in chains
-so this section is useful if a chain is rejected by the verify code.
-
-The basicConstraints extension CA flag is used to determine whether the
-certificate can be used as a CA. If the CA flag is true then it is a CA,
-if the CA flag is false then it is not a CA. B<All> CAs should have the
-CA flag set to true.
-
-If the basicConstraints extension is absent then the certificate is
-considered to be a "possible CA" other extensions are checked according
-to the intended use of the certificate. A warning is given in this case
-because the certificate should really not be regarded as a CA: however
-it is allowed to be a CA to work around some broken software.
-
-If the certificate is a V1 certificate (and thus has no extensions) and
-it is self signed it is also assumed to be a CA but a warning is again
-given: this is to work around the problem of Verisign roots which are V1
-self signed certificates.
-
-If the keyUsage extension is present then additional restraints are
-made on the uses of the certificate. A CA certificate B<must> have the
-keyCertSign bit set if the keyUsage extension is present.
-
-The extended key usage extension places additional restrictions on the
-certificate uses. If this extension is present (whether critical or not)
-the key can only be used for the purposes specified.
-
-A complete description of each test is given below. The comments about
-basicConstraints and keyUsage and V1 certificates above apply to B<all>
-CA certificates.
-
-
-=over 4
-
-=item B<SSL Client>
-
-The extended key usage extension must be absent or include the "web client
-authentication" OID. keyUsage must be absent or it must have the
-digitalSignature bit set. Netscape certificate type must be absent or it must
-have the SSL client bit set.
-
-=item B<SSL Client CA>
-
-The extended key usage extension must be absent or include the "web client
-authentication" OID. Netscape certificate type must be absent or it must have
-the SSL CA bit set: this is used as a work around if the basicConstraints
-extension is absent.
-
-=item B<SSL Server>
-
-The extended key usage extension must be absent or include the "web server
-authentication" and/or one of the SGC OIDs. keyUsage must be absent or it
-must have the digitalSignature, the keyEncipherment set or both bits set.
-Netscape certificate type must be absent or have the SSL server bit set.
-
-=item B<SSL Server CA>
-
-The extended key usage extension must be absent or include the "web server
-authentication" and/or one of the SGC OIDs. Netscape certificate type must
-be absent or the SSL CA bit must be set: this is used as a work around if the
-basicConstraints extension is absent.
-
-=item B<Netscape SSL Server>
-
-For Netscape SSL clients to connect to an SSL server it must have the
-keyEncipherment bit set if the keyUsage extension is present. This isn't
-always valid because some cipher suites use the key for digital signing.
-Otherwise it is the same as a normal SSL server.
-
-=item B<Common S/MIME Client Tests>
-
-The extended key usage extension must be absent or include the "email
-protection" OID. Netscape certificate type must be absent or should have the
-S/MIME bit set. If the S/MIME bit is not set in netscape certificate type
-then the SSL client bit is tolerated as an alternative but a warning is shown:
-this is because some Verisign certificates don't set the S/MIME bit.
-
-=item B<S/MIME Signing>
-
-In addition to the common S/MIME client tests the digitalSignature bit must
-be set if the keyUsage extension is present.
-
-=item B<S/MIME Encryption>
-
-In addition to the common S/MIME tests the keyEncipherment bit must be set
-if the keyUsage extension is present.
-
-=item B<S/MIME CA>
-
-The extended key usage extension must be absent or include the "email
-protection" OID. Netscape certificate type must be absent or must have the
-S/MIME CA bit set: this is used as a work around if the basicConstraints
-extension is absent.
-
-=item B<CRL Signing>
-
-The keyUsage extension must be absent or it must have the CRL signing bit
-set.
-
-=item B<CRL Signing CA>
-
-The normal CA tests apply. Except in this case the basicConstraints extension
-must be present.
-
-=back
-
-=head1 BUGS
-
-Extensions in certificates are not transferred to certificate requests and
-vice versa.
-
-It is possible to produce invalid certificates or requests by specifying the
-wrong private key or using inconsistent options in some cases: these should
-be checked.
-
-There should be options to explicitly set such things as start and end
-dates rather than an offset from the current time.
-
-The code to implement the verify behaviour described in the B<TRUST SETTINGS>
-is currently being developed. It thus describes the intended behaviour rather
-than the current behaviour. It is hoped that it will represent reality in
-OpenSSL 0.9.5 and later.
-
-=head1 SEE ALSO
-
-L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>,
-L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)>
-
-=head1 HISTORY
-
-Before OpenSSL 0.9.8, the default digest for RSA keys was MD5.
-
-=cut
diff --git a/crypto/openssl/doc/apps/x509v3_config.pod b/crypto/openssl/doc/apps/x509v3_config.pod
deleted file mode 100644
index 38c46e8..0000000
--- a/crypto/openssl/doc/apps/x509v3_config.pod
+++ /dev/null
@@ -1,456 +0,0 @@
-=pod
-
-=for comment openssl_manual_section:5
-
-=head1 NAME
-
-x509v3_config - X509 V3 certificate extension configuration format
-
-=head1 DESCRIPTION
-
-Several of the OpenSSL utilities can add extensions to a certificate or
-certificate request based on the contents of a configuration file.
-
-Typically the application will contain an option to point to an extension
-section. Each line of the extension section takes the form:
-
- extension_name=[critical,] extension_options
-
-If B<critical> is present then the extension will be critical.
-
-The format of B<extension_options> depends on the value of B<extension_name>.
-
-There are four main types of extension: I<string> extensions, I<multi-valued>
-extensions, I<raw> and I<arbitrary> extensions.
-
-String extensions simply have a string which contains either the value itself
-or how it is obtained.
-
-For example:
-
- nsComment="This is a Comment"
-
-Multi-valued extensions have a short form and a long form. The short form
-is a list of names and values:
-
- basicConstraints=critical,CA:true,pathlen:1
-
-The long form allows the values to be placed in a separate section:
-
- basicConstraints=critical,@bs_section
-
- [bs_section]
-
- CA=true
- pathlen=1
-
-Both forms are equivalent.
-
-The syntax of raw extensions is governed by the extension code: it can
-for example contain data in multiple sections. The correct syntax to
-use is defined by the extension code itself: check out the certificate
-policies extension for an example.
-
-If an extension type is unsupported then the I<arbitrary> extension syntax
-must be used, see the L<ARBITRART EXTENSIONS|/"ARBITRARY EXTENSIONS"> section for more details.
-
-=head1 STANDARD EXTENSIONS
-
-The following sections describe each supported extension in detail.
-
-=head2 Basic Constraints.
-
-This is a multi valued extension which indicates whether a certificate is
-a CA certificate. The first (mandatory) name is B<CA> followed by B<TRUE> or
-B<FALSE>. If B<CA> is B<TRUE> then an optional B<pathlen> name followed by an
-non-negative value can be included.
-
-For example:
-
- basicConstraints=CA:TRUE
-
- basicConstraints=CA:FALSE
-
- basicConstraints=critical,CA:TRUE, pathlen:0
-
-A CA certificate B<must> include the basicConstraints value with the CA field
-set to TRUE. An end user certificate must either set CA to FALSE or exclude the
-extension entirely. Some software may require the inclusion of basicConstraints
-with CA set to FALSE for end entity certificates.
-
-The pathlen parameter indicates the maximum number of CAs that can appear
-below this one in a chain. So if you have a CA with a pathlen of zero it can
-only be used to sign end user certificates and not further CAs.
-
-
-=head2 Key Usage.
-
-Key usage is a multi valued extension consisting of a list of names of the
-permitted key usages.
-
-The supporte names are: digitalSignature, nonRepudiation, keyEncipherment,
-dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly
-and decipherOnly.
-
-Examples:
-
- keyUsage=digitalSignature, nonRepudiation
-
- keyUsage=critical, keyCertSign
-
-
-=head2 Extended Key Usage.
-
-This extensions consists of a list of usages indicating purposes for which
-the certificate public key can be used for,
-
-These can either be object short names of the dotted numerical form of OIDs.
-While any OID can be used only certain values make sense. In particular the
-following PKIX, NS and MS values are meaningful:
-
- Value Meaning
- ----- -------
- serverAuth SSL/TLS Web Server Authentication.
- clientAuth SSL/TLS Web Client Authentication.
- codeSigning Code signing.
- emailProtection E-mail Protection (S/MIME).
- timeStamping Trusted Timestamping
- msCodeInd Microsoft Individual Code Signing (authenticode)
- msCodeCom Microsoft Commercial Code Signing (authenticode)
- msCTLSign Microsoft Trust List Signing
- msSGC Microsoft Server Gated Crypto
- msEFS Microsoft Encrypted File System
- nsSGC Netscape Server Gated Crypto
-
-Examples:
-
- extendedKeyUsage=critical,codeSigning,1.2.3.4
- extendedKeyUsage=nsSGC,msSGC
-
-
-=head2 Subject Key Identifier.
-
-This is really a string extension and can take two possible values. Either
-the word B<hash> which will automatically follow the guidelines in RFC3280
-or a hex string giving the extension value to include. The use of the hex
-string is strongly discouraged.
-
-Example:
-
- subjectKeyIdentifier=hash
-
-
-=head2 Authority Key Identifier.
-
-The authority key identifier extension permits two options. keyid and issuer:
-both can take the optional value "always".
-
-If the keyid option is present an attempt is made to copy the subject key
-identifier from the parent certificate. If the value "always" is present
-then an error is returned if the option fails.
-
-The issuer option copies the issuer and serial number from the issuer
-certificate. This will only be done if the keyid option fails or
-is not included unless the "always" flag will always include the value.
-
-Example:
-
- authorityKeyIdentifier=keyid,issuer
-
-
-=head2 Subject Alternative Name.
-
-The subject alternative name extension allows various literal values to be
-included in the configuration file. These include B<email> (an email address)
-B<URI> a uniform resource indicator, B<DNS> (a DNS domain name), B<RID> (a
-registered ID: OBJECT IDENTIFIER), B<IP> (an IP address), B<dirName>
-(a distinguished name) and otherName.
-
-The email option include a special 'copy' value. This will automatically
-include and email addresses contained in the certificate subject name in
-the extension.
-
-The IP address used in the B<IP> options can be in either IPv4 or IPv6 format.
-
-The value of B<dirName> should point to a section containing the distinguished
-name to use as a set of name value pairs. Multi values AVAs can be formed by
-preceeding the name with a B<+> character.
-
-otherName can include arbitrary data associated with an OID: the value
-should be the OID followed by a semicolon and the content in standard
-ASN1_generate_nconf() format.
-
-Examples:
-
- subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
- subjectAltName=IP:192.168.7.1
- subjectAltName=IP:13::17
- subjectAltName=email:my@other.address,RID:1.2.3.4
- subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
-
- subjectAltName=dirName:dir_sect
-
- [dir_sect]
- C=UK
- O=My Organization
- OU=My Unit
- CN=My Name
-
-
-=head2 Issuer Alternative Name.
-
-The issuer alternative name option supports all the literal options of
-subject alternative name. It does B<not> support the email:copy option because
-that would not make sense. It does support an additional issuer:copy option
-that will copy all the subject alternative name values from the issuer
-certificate (if possible).
-
-Example:
-
- issuserAltName = issuer:copy
-
-
-=head2 Authority Info Access.
-
-The authority information access extension gives details about how to access
-certain information relating to the CA. Its syntax is accessOID;location
-where I<location> has the same syntax as subject alternative name (except
-that email:copy is not supported). accessOID can be any valid OID but only
-certain values are meaningful, for example OCSP and caIssuers.
-
-Example:
-
- authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
- authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
-
-
-=head2 CRL distribution points.
-
-This is a multi-valued extension that supports all the literal options of
-subject alternative name. Of the few software packages that currently interpret
-this extension most only interpret the URI option.
-
-Currently each option will set a new DistributionPoint with the fullName
-field set to the given value.
-
-Other fields like cRLissuer and reasons cannot currently be set or displayed:
-at this time no examples were available that used these fields.
-
-Examples:
-
- crlDistributionPoints=URI:http://myhost.com/myca.crl
- crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl
-
-=head2 Certificate Policies.
-
-This is a I<raw> extension. All the fields of this extension can be set by
-using the appropriate syntax.
-
-If you follow the PKIX recommendations and just using one OID then you just
-include the value of that OID. Multiple OIDs can be set separated by commas,
-for example:
-
- certificatePolicies= 1.2.4.5, 1.1.3.4
-
-If you wish to include qualifiers then the policy OID and qualifiers need to
-be specified in a separate section: this is done by using the @section syntax
-instead of a literal OID value.
-
-The section referred to must include the policy OID using the name
-policyIdentifier, cPSuri qualifiers can be included using the syntax:
-
- CPS.nnn=value
-
-userNotice qualifiers can be set using the syntax:
-
- userNotice.nnn=@notice
-
-The value of the userNotice qualifier is specified in the relevant section.
-This section can include explicitText, organization and noticeNumbers
-options. explicitText and organization are text strings, noticeNumbers is a
-comma separated list of numbers. The organization and noticeNumbers options
-(if included) must BOTH be present. If you use the userNotice option with IE5
-then you need the 'ia5org' option at the top level to modify the encoding:
-otherwise it will not be interpreted properly.
-
-Example:
-
- certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
-
- [polsect]
-
- policyIdentifier = 1.3.5.8
- CPS.1="http://my.host.name/"
- CPS.2="http://my.your.name/"
- userNotice.1=@notice
-
- [notice]
-
- explicitText="Explicit Text Here"
- organization="Organisation Name"
- noticeNumbers=1,2,3,4
-
-The B<ia5org> option changes the type of the I<organization> field. In RFC2459
-it can only be of type DisplayText. In RFC3280 IA5Strring is also permissible.
-Some software (for example some versions of MSIE) may require ia5org.
-
-=head2 Policy Constraints
-
-This is a multi-valued extension which consisting of the names
-B<requireExplicitPolicy> or B<inhibitPolicyMapping> and a non negative intger
-value. At least one component must be present.
-
-Example:
-
- policyConstraints = requireExplicitPolicy:3
-
-
-=head2 Inhibit Any Policy
-
-This is a string extension whose value must be a non negative integer.
-
-Example:
-
- inhibitAnyPolicy = 2
-
-
-=head2 Name Constraints
-
-The name constraints extension is a multi-valued extension. The name should
-begin with the word B<permitted> or B<excluded> followed by a B<;>. The rest of
-the name and the value follows the syntax of subjectAltName except email:copy
-is not supported and the B<IP> form should consist of an IP addresses and
-subnet mask separated by a B</>.
-
-Examples:
-
- nameConstraints=permitted;IP:192.168.0.0/255.255.0.0
-
- nameConstraints=permitted;email:.somedomain.com
-
- nameConstraints=excluded;email:.com
-
-=head1 DEPRECATED EXTENSIONS
-
-The following extensions are non standard, Netscape specific and largely
-obsolete. Their use in new applications is discouraged.
-
-=head2 Netscape String extensions.
-
-Netscape Comment (B<nsComment>) is a string extension containing a comment
-which will be displayed when the certificate is viewed in some browsers.
-
-Example:
-
- nsComment = "Some Random Comment"
-
-Other supported extensions in this category are: B<nsBaseUrl>,
-B<nsRevocationUrl>, B<nsCaRevocationUrl>, B<nsRenewalUrl>, B<nsCaPolicyUrl>
-and B<nsSslServerName>.
-
-
-=head2 Netscape Certificate Type
-
-This is a multi-valued extensions which consists of a list of flags to be
-included. It was used to indicate the purposes for which a certificate could
-be used. The basicConstraints, keyUsage and extended key usage extensions are
-now used instead.
-
-Acceptable values for nsCertType are: B<client>, B<server>, B<email>,
-B<objsign>, B<reserved>, B<sslCA>, B<emailCA>, B<objCA>.
-
-
-=head1 ARBITRARY EXTENSIONS
-
-If an extension is not supported by the OpenSSL code then it must be encoded
-using the arbitrary extension format. It is also possible to use the arbitrary
-format for supported extensions. Extreme care should be taken to ensure that
-the data is formatted correctly for the given extension type.
-
-There are two ways to encode arbitrary extensions.
-
-The first way is to use the word ASN1 followed by the extension content
-using the same syntax as ASN1_generate_nconf(). For example:
-
- 1.2.3.4=critical,ASN1:UTF8String:Some random data
-
- 1.2.3.4=ASN1:SEQUENCE:seq_sect
-
- [seq_sect]
-
- field1 = UTF8:field1
- field2 = UTF8:field2
-
-It is also possible to use the word DER to include the raw encoded data in any
-extension.
-
- 1.2.3.4=critical,DER:01:02:03:04
- 1.2.3.4=DER:01020304
-
-The value following DER is a hex dump of the DER encoding of the extension
-Any extension can be placed in this form to override the default behaviour.
-For example:
-
- basicConstraints=critical,DER:00:01:02:03
-
-=head1 WARNING
-
-There is no guarantee that a specific implementation will process a given
-extension. It may therefore be sometimes possible to use certificates for
-purposes prohibited by their extensions because a specific application does
-not recognize or honour the values of the relevant extensions.
-
-The DER and ASN1 options should be used with caution. It is possible to create
-totally invalid extensions if they are not used carefully.
-
-
-=head1 NOTES
-
-If an extension is multi-value and a field value must contain a comma the long
-form must be used otherwise the comma would be misinterpreted as a field
-separator. For example:
-
- subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
-
-will produce an error but the equivalent form:
-
- subjectAltName=@subject_alt_section
-
- [subject_alt_section]
- subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar
-
-is valid.
-
-Due to the behaviour of the OpenSSL B<conf> library the same field name
-can only occur once in a section. This means that:
-
- subjectAltName=@alt_section
-
- [alt_section]
-
- email=steve@here
- email=steve@there
-
-will only recognize the last value. This can be worked around by using the form:
-
- [alt_section]
-
- email.1=steve@here
- email.2=steve@there
-
-=head1 HISTORY
-
-The X509v3 extension code was first added to OpenSSL 0.9.2.
-
-Policy mappings, inhibit any policy and name constraints support was added in
-OpenSSL 0.9.8
-
-The B<directoryName> and B<otherName> option as well as the B<ASN1> option
-for arbitrary extensions was added in OpenSSL 0.9.8
-
-=head1 SEE ALSO
-
-L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>
-
-
-=cut
diff --git a/crypto/openssl/doc/c-indentation.el b/crypto/openssl/doc/c-indentation.el
deleted file mode 100644
index cbf01cb..0000000
--- a/crypto/openssl/doc/c-indentation.el
+++ /dev/null
@@ -1,44 +0,0 @@
-; This Emacs Lisp file defines a C indentation style that closely
-; follows most aspects of the one that is used throughout SSLeay,
-; and hence in OpenSSL.
-;
-; This definition is for the "CC mode" package, which is the default
-; mode for editing C source files in Emacs 20, not for the older
-; c-mode.el (which was the default in less recent releaes of Emacs 19).
-;
-; Copy the definition in your .emacs file or use M-x eval-buffer.
-; To activate this indentation style, visit a C file, type
-; M-x c-set-style <RET> (or C-c . for short), and enter "eay".
-; To toggle the auto-newline feature of CC mode, type C-c C-a.
-;
-; Apparently statement blocks that are not introduced by a statement
-; such as "if" and that are not the body of a function cannot
-; be handled too well by CC mode with this indentation style,
-; so you have to indent them manually (you can use C-q tab).
-;
-; For suggesting improvements, please send e-mail to bodo@openssl.org.
-
-(c-add-style "eay"
- '((c-basic-offset . 8)
- (c-comment-only-line-offset . 0)
- (c-hanging-braces-alist)
- (c-offsets-alist . ((defun-open . +)
- (defun-block-intro . 0)
- (class-open . +)
- (class-close . +)
- (block-open . 0)
- (block-close . 0)
- (substatement-open . +)
- (statement . 0)
- (statement-block-intro . 0)
- (statement-case-open . +)
- (statement-case-intro . +)
- (case-label . -)
- (label . -)
- (arglist-cont-nonempty . +)
- (topmost-intro . -)
- (brace-list-close . 0)
- (brace-list-intro . 0)
- (brace-list-open . +)
- ))))
-
diff --git a/crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod b/crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod
deleted file mode 100644
index 51679bf..0000000
--- a/crypto/openssl/doc/crypto/ASN1_OBJECT_new.pod
+++ /dev/null
@@ -1,43 +0,0 @@
-=pod
-
-=head1 NAME
-
-ASN1_OBJECT_new, ASN1_OBJECT_free, - object allocation functions
-
-=head1 SYNOPSIS
-
- ASN1_OBJECT *ASN1_OBJECT_new(void);
- void ASN1_OBJECT_free(ASN1_OBJECT *a);
-
-=head1 DESCRIPTION
-
-The ASN1_OBJECT allocation routines, allocate and free an
-ASN1_OBJECT structure, which represents an ASN1 OBJECT IDENTIFIER.
-
-ASN1_OBJECT_new() allocates and initializes a ASN1_OBJECT structure.
-
-ASN1_OBJECT_free() frees up the B<ASN1_OBJECT> structure B<a>.
-
-=head1 NOTES
-
-Although ASN1_OBJECT_new() allocates a new ASN1_OBJECT structure it
-is almost never used in applications. The ASN1 object utility functions
-such as OBJ_nid2obj() are used instead.
-
-=head1 RETURN VALUES
-
-If the allocation fails, ASN1_OBJECT_new() returns B<NULL> and sets an error
-code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-Otherwise it returns a pointer to the newly allocated structure.
-
-ASN1_OBJECT_free() returns no value.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_ASN1_OBJECT(3)|d2i_ASN1_OBJECT(3)>
-
-=head1 HISTORY
-
-ASN1_OBJECT_new() and ASN1_OBJECT_free() are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ASN1_STRING_length.pod b/crypto/openssl/doc/crypto/ASN1_STRING_length.pod
deleted file mode 100644
index c4ec693..0000000
--- a/crypto/openssl/doc/crypto/ASN1_STRING_length.pod
+++ /dev/null
@@ -1,81 +0,0 @@
-=pod
-
-=head1 NAME
-
-ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length,
-ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data -
-ASN1_STRING utility functions
-
-=head1 SYNOPSIS
-
- int ASN1_STRING_length(ASN1_STRING *x);
- unsigned char * ASN1_STRING_data(ASN1_STRING *x);
-
- ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a);
-
- int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
-
- int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
-
- int ASN1_STRING_type(ASN1_STRING *x);
-
- int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
-
-=head1 DESCRIPTION
-
-These functions allow an B<ASN1_STRING> structure to be manipulated.
-
-ASN1_STRING_length() returns the length of the content of B<x>.
-
-ASN1_STRING_data() returns an internal pointer to the data of B<x>.
-Since this is an internal pointer it should B<not> be freed or
-modified in any way.
-
-ASN1_STRING_dup() returns a copy of the structure B<a>.
-
-ASN1_STRING_cmp() compares B<a> and B<b> returning 0 if the two
-are identical. The string types and content are compared.
-
-ASN1_STRING_set() sets the data of string B<str> to the buffer
-B<data> or length B<len>. The supplied data is copied. If B<len>
-is -1 then the length is determined by strlen(data).
-
-ASN1_STRING_type() returns the type of B<x>, using standard constants
-such as B<V_ASN1_OCTET_STRING>.
-
-ASN1_STRING_to_UTF8() converts the string B<in> to UTF8 format, the
-converted data is allocated in a buffer in B<*out>. The length of
-B<out> is returned or a negative error code. The buffer B<*out>
-should be free using OPENSSL_free().
-
-=head1 NOTES
-
-Almost all ASN1 types in OpenSSL are represented as an B<ASN1_STRING>
-structure. Other types such as B<ASN1_OCTET_STRING> are simply typedefed
-to B<ASN1_STRING> and the functions call the B<ASN1_STRING> equivalents.
-B<ASN1_STRING> is also used for some B<CHOICE> types which consist
-entirely of primitive string types such as B<DirectoryString> and
-B<Time>.
-
-These functions should B<not> be used to examine or modify B<ASN1_INTEGER>
-or B<ASN1_ENUMERATED> types: the relevant B<INTEGER> or B<ENUMERATED>
-utility functions should be used instead.
-
-In general it cannot be assumed that the data returned by ASN1_STRING_data()
-is null terminated or does not contain embedded nulls. The actual format
-of the data will depend on the actual string type itself: for example
-for and IA5String the data will be ASCII, for a BMPString two bytes per
-character in big endian format, UTF8String will be in UTF8 format.
-
-Similar care should be take to ensure the data is in the correct format
-when calling ASN1_STRING_set().
-
-=head1 RETURN VALUES
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ASN1_STRING_new.pod b/crypto/openssl/doc/crypto/ASN1_STRING_new.pod
deleted file mode 100644
index 5b1bbb7..0000000
--- a/crypto/openssl/doc/crypto/ASN1_STRING_new.pod
+++ /dev/null
@@ -1,44 +0,0 @@
-=pod
-
-=head1 NAME
-
-ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free -
-ASN1_STRING allocation functions
-
-=head1 SYNOPSIS
-
- ASN1_STRING * ASN1_STRING_new(void);
- ASN1_STRING * ASN1_STRING_type_new(int type);
- void ASN1_STRING_free(ASN1_STRING *a);
-
-=head1 DESCRIPTION
-
-ASN1_STRING_new() returns an allocated B<ASN1_STRING> structure. Its type
-is undefined.
-
-ASN1_STRING_type_new() returns an allocated B<ASN1_STRING> structure of
-type B<type>.
-
-ASN1_STRING_free() frees up B<a>.
-
-=head1 NOTES
-
-Other string types call the B<ASN1_STRING> functions. For example
-ASN1_OCTET_STRING_new() calls ASN1_STRING_type(V_ASN1_OCTET_STRING).
-
-=head1 RETURN VALUES
-
-ASN1_STRING_new() and ASN1_STRING_type_new() return a valid
-ASN1_STRING structure or B<NULL> if an error occurred.
-
-ASN1_STRING_free() does not return a value.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ASN1_STRING_print_ex.pod b/crypto/openssl/doc/crypto/ASN1_STRING_print_ex.pod
deleted file mode 100644
index 3891b88..0000000
--- a/crypto/openssl/doc/crypto/ASN1_STRING_print_ex.pod
+++ /dev/null
@@ -1,96 +0,0 @@
-=pod
-
-=head1 NAME
-
-ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp - ASN1_STRING output routines.
-
-=head1 SYNOPSIS
-
- #include <openssl/asn1.h>
-
- int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
- int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
- int ASN1_STRING_print(BIO *out, ASN1_STRING *str);
-
-
-=head1 DESCRIPTION
-
-These functions output an B<ASN1_STRING> structure. B<ASN1_STRING> is used to
-represent all the ASN1 string types.
-
-ASN1_STRING_print_ex() outputs B<str> to B<out>, the format is determined by
-the options B<flags>. ASN1_STRING_print_ex_fp() is identical except it outputs
-to B<fp> instead.
-
-ASN1_STRING_print() prints B<str> to B<out> but using a different format to
-ASN1_STRING_print_ex(). It replaces unprintable characters (other than CR, LF)
-with '.'.
-
-=head1 NOTES
-
-ASN1_STRING_print() is a legacy function which should be avoided in new applications.
-
-Although there are a large number of options frequently B<ASN1_STRFLGS_RFC2253> is
-suitable, or on UTF8 terminals B<ASN1_STRFLGS_RFC2253 & ~ASN1_STRFLGS_ESC_MSB>.
-
-The complete set of supported options for B<flags> is listed below.
-
-Various characters can be escaped. If B<ASN1_STRFLGS_ESC_2253> is set the characters
-determined by RFC2253 are escaped. If B<ASN1_STRFLGS_ESC_CTRL> is set control
-characters are escaped. If B<ASN1_STRFLGS_ESC_MSB> is set characters with the
-MSB set are escaped: this option should B<not> be used if the terminal correctly
-interprets UTF8 sequences.
-
-Escaping takes several forms.
-
-If the character being escaped is a 16 bit character then the form "\UXXXX" is used
-using exactly four characters for the hex representation. If it is 32 bits then
-"\WXXXXXXXX" is used using eight characters of its hex representation. These forms
-will only be used if UTF8 conversion is not set (see below).
-
-Printable characters are normally escaped using the backslash '\' character. If
-B<ASN1_STRFLGS_ESC_QUOTE> is set then the whole string is instead surrounded by
-double quote characters: this is arguably more readable than the backslash
-notation. Other characters use the "\XX" using exactly two characters of the hex
-representation.
-
-If B<ASN1_STRFLGS_UTF8_CONVERT> is set then characters are converted to UTF8
-format first. If the terminal supports the display of UTF8 sequences then this
-option will correctly display multi byte characters.
-
-If B<ASN1_STRFLGS_IGNORE_TYPE> is set then the string type is not interpreted at
-all: everything is assumed to be one byte per character. This is primarily for
-debugging purposes and can result in confusing output in multi character strings.
-
-If B<ASN1_STRFLGS_SHOW_TYPE> is set then the string type itself is printed out
-before its value (for example "BMPSTRING"), this actually uses ASN1_tag2str().
-
-The content of a string instead of being interpreted can be "dumped": this just
-outputs the value of the string using the form #XXXX using hex format for each
-octet.
-
-If B<ASN1_STRFLGS_DUMP_ALL> is set then any type is dumped.
-
-Normally non character string types (such as OCTET STRING) are assumed to be
-one byte per character, if B<ASN1_STRFLGS_DUMP_UNKNOWN> is set then they will
-be dumped instead.
-
-When a type is dumped normally just the content octets are printed, if
-B<ASN1_STRFLGS_DUMP_DER> is set then the complete encoding is dumped
-instead (including tag and length octets).
-
-B<ASN1_STRFLGS_RFC2253> includes all the flags required by RFC2253. It is
-equivalent to:
- ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB |
- ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER
-
-=head1 SEE ALSO
-
-L<X509_NAME_print_ex(3)|X509_NAME_print_ex(3)>,
-L<ASN1_tag2str(3)|ASN1_tag2str(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod b/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod
deleted file mode 100644
index ba6e3c2..0000000
--- a/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod
+++ /dev/null
@@ -1,253 +0,0 @@
-=pod
-
-=head1 NAME
-
-ASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation functions
-
-=head1 SYNOPSIS
-
- ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
- ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
-
-=head1 DESCRIPTION
-
-These functions generate the ASN1 encoding of a string
-in an B<ASN1_TYPE> structure.
-
-B<str> contains the string to encode B<nconf> or B<cnf> contains
-the optional configuration information where additional strings
-will be read from. B<nconf> will typically come from a config
-file wherease B<cnf> is obtained from an B<X509V3_CTX> structure
-which will typically be used by X509 v3 certificate extension
-functions. B<cnf> or B<nconf> can be set to B<NULL> if no additional
-configuration will be used.
-
-=head1 GENERATION STRING FORMAT
-
-The actual data encoded is determined by the string B<str> and
-the configuration information. The general format of the string
-is:
-
- B<[modifier,]type[:value]>
-
-That is zero or more comma separated modifiers followed by a type
-followed by an optional colon and a value. The formats of B<type>,
-B<value> and B<modifier> are explained below.
-
-=head2 SUPPORTED TYPES
-
-The supported types are listed below. Unless otherwise specified
-only the B<ASCII> format is permissible.
-
-=over 2
-
-=item B<BOOLEAN>, B<BOOL>
-
-This encodes a boolean type. The B<value> string is mandatory and
-should be B<TRUE> or B<FALSE>. Additionally B<TRUE>, B<true>, B<Y>,
-B<y>, B<YES>, B<yes>, B<FALSE>, B<false>, B<N>, B<n>, B<NO> and B<no>
-are acceptable.
-
-=item B<NULL>
-
-Encode the B<NULL> type, the B<value> string must not be present.
-
-=item B<INTEGER>, B<INT>
-
-Encodes an ASN1 B<INTEGER> type. The B<value> string represents
-the value of the integer, it can be preceeded by a minus sign and
-is normally interpreted as a decimal value unless the prefix B<0x>
-is included.
-
-=item B<ENUMERATED>, B<ENUM>
-
-Encodes the ASN1 B<ENUMERATED> type, it is otherwise identical to
-B<INTEGER>.
-
-=item B<OBJECT>, B<OID>
-
-Encodes an ASN1 B<OBJECT IDENTIFIER>, the B<value> string can be
-a short name, a long name or numerical format.
-
-=item B<UTCTIME>, B<UTC>
-
-Encodes an ASN1 B<UTCTime> structure, the value should be in
-the format B<YYMMDDHHMMSSZ>.
-
-=item B<GENERALIZEDTIME>, B<GENTIME>
-
-Encodes an ASN1 B<GeneralizedTime> structure, the value should be in
-the format B<YYYYMMDDHHMMSSZ>.
-
-=item B<OCTETSTRING>, B<OCT>
-
-Emcodes an ASN1 B<OCTET STRING>. B<value> represents the contents
-of this structure, the format strings B<ASCII> and B<HEX> can be
-used to specify the format of B<value>.
-
-=item B<BITSRING>, B<BITSTR>
-
-Emcodes an ASN1 B<BIT STRING>. B<value> represents the contents
-of this structure, the format strings B<ASCII>, B<HEX> and B<BITLIST>
-can be used to specify the format of B<value>.
-
-If the format is anything other than B<BITLIST> the number of unused
-bits is set to zero.
-
-=item B<UNIVERSALSTRING>, B<UNIV>, B<IA5>, B<IA5STRING>, B<UTF8>,
-B<UTF8String>, B<BMP>, B<BMPSTRING>, B<VISIBLESTRING>,
-B<VISIBLE>, B<PRINTABLESTRING>, B<PRINTABLE>, B<T61>,
-B<T61STRING>, B<TELETEXSTRING>, B<GeneralString>
-
-These encode the corresponding string types. B<value> represents the
-contents of this structure. The format can be B<ASCII> or B<UTF8>.
-
-=item B<SEQUENCE>, B<SEQ>, B<SET>
-
-Formats the result as an ASN1 B<SEQUENCE> or B<SET> type. B<value>
-should be a section name which will contain the contents. The
-field names in the section are ignored and the values are in the
-generated string format. If B<value> is absent then an empty SEQUENCE
-will be encoded.
-
-=back
-
-=head2 MODIFIERS
-
-Modifiers affect the following structure, they can be used to
-add EXPLICIT or IMPLICIT tagging, add wrappers or to change
-the string format of the final type and value. The supported
-formats are documented below.
-
-=over 2
-
-=item B<EXPLICIT>, B<EXP>
-
-Add an explicit tag to the following structure. This string
-should be followed by a colon and the tag value to use as a
-decimal value.
-
-By following the number with B<U>, B<A>, B<P> or B<C> UNIVERSAL,
-APPLICATION, PRIVATE or CONTEXT SPECIFIC tagging can be used,
-the default is CONTEXT SPECIFIC.
-
-=item B<IMPLICIT>, B<IMP>
-
-This is the same as B<EXPLICIT> except IMPLICIT tagging is used
-instead.
-
-=item B<OCTWRAP>, B<SEQWRAP>, B<SETWRAP>, B<BITWRAP>
-
-The following structure is surrounded by an OCTET STRING, a SEQUENCE,
-a SET or a BIT STRING respectively. For a BIT STRING the number of unused
-bits is set to zero.
-
-=item B<FORMAT>
-
-This specifies the format of the ultimate value. It should be followed
-by a colon and one of the strings B<ASCII>, B<UTF8>, B<HEX> or B<BITLIST>.
-
-If no format specifier is included then B<ASCII> is used. If B<UTF8> is specified
-then the value string must be a valid B<UTF8> string. For B<HEX> the output must
-be a set of hex digits. B<BITLIST> (which is only valid for a BIT STRING) is a
-comma separated list of set bits.
-
-=back
-
-=head1 EXAMPLES
-
-A simple IA5String:
-
- IA5STRING:Hello World
-
-An IA5String explicitly tagged:
-
- EXPLICIT:0,IA5STRING:Hello World
-
-An IA5String explicitly tagged using APPLICATION tagging:
-
- EXPLICIT:0A,IA5STRING:Hello World
-
-A more complex example using a config file to produce a
-SEQUENCE consiting of a BOOL an OID and a UTF8String:
-
-asn1 = SEQUENCE:seq_section
-
-[seq_section]
-
-field1 = BOOLEAN:TRUE
-field2 = OID:commonName
-field3 = UTF8:Third field
-
-This example produces an RSAPrivateKey structure, this is the
-key contained in the file client.pem in all OpenSSL distributions
-(note: the field names such as 'coeff' are ignored and are present just
-for clarity):
-
- asn1=SEQUENCE:private_key
- [private_key]
- version=INTEGER:0
-
- n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
- D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
-
- e=INTEGER:0x010001
-
- d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\
- F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D
-
- p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\
- D4BD57
-
- q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\
- 46EC4F
-
- exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\
- 9C0A39B9
-
- exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\
- E7B2458F
-
- coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\
- 628657053A
-
-This example is the corresponding public key in a SubjectPublicKeyInfo
-structure:
-
- # Start with a SEQUENCE
- asn1=SEQUENCE:pubkeyinfo
-
- # pubkeyinfo contains an algorithm identifier and the public key wrapped
- # in a BIT STRING
- [pubkeyinfo]
- algorithm=SEQUENCE:rsa_alg
- pubkey=BITWRAP,SEQUENCE:rsapubkey
-
- # algorithm ID for RSA is just an OID and a NULL
- [rsa_alg]
- algorithm=OID:rsaEncryption
- parameter=NULL
-
- # Actual public key: modulus and exponent
- [rsapubkey]
- n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
- D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
-
- e=INTEGER:0x010001
-
-=head1 RETURN VALUES
-
-ASN1_generate_nconf() and ASN1_generate_v3() return the encoded
-data as an B<ASN1_TYPE> structure or B<NULL> if an error occurred.
-
-The error codes that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-ASN1_generate_nconf() and ASN1_generate_v3() were added to OpenSSL 0.9.8
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BIO_ctrl.pod b/crypto/openssl/doc/crypto/BIO_ctrl.pod
deleted file mode 100644
index 722e8b8..0000000
--- a/crypto/openssl/doc/crypto/BIO_ctrl.pod
+++ /dev/null
@@ -1,128 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
-BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close,
-BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending,
-BIO_get_info_callback, BIO_set_info_callback - BIO control operations
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
- long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
- char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
- long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
-
- int BIO_reset(BIO *b);
- int BIO_seek(BIO *b, int ofs);
- int BIO_tell(BIO *b);
- int BIO_flush(BIO *b);
- int BIO_eof(BIO *b);
- int BIO_set_close(BIO *b,long flag);
- int BIO_get_close(BIO *b);
- int BIO_pending(BIO *b);
- int BIO_wpending(BIO *b);
- size_t BIO_ctrl_pending(BIO *b);
- size_t BIO_ctrl_wpending(BIO *b);
-
- int BIO_get_info_callback(BIO *b,bio_info_cb **cbp);
- int BIO_set_info_callback(BIO *b,bio_info_cb *cb);
-
- typedef void bio_info_cb(BIO *b, int oper, const char *ptr, int arg1, long arg2, long arg3);
-
-=head1 DESCRIPTION
-
-BIO_ctrl(), BIO_callback_ctrl(), BIO_ptr_ctrl() and BIO_int_ctrl()
-are BIO "control" operations taking arguments of various types.
-These functions are not normally called directly, various macros
-are used instead. The standard macros are described below, macros
-specific to a particular type of BIO are described in the specific
-BIOs manual page as well as any special features of the standard
-calls.
-
-BIO_reset() typically resets a BIO to some initial state, in the case
-of file related BIOs for example it rewinds the file pointer to the
-start of the file.
-
-BIO_seek() resets a file related BIO's (that is file descriptor and
-FILE BIOs) file position pointer to B<ofs> bytes from start of file.
-
-BIO_tell() returns the current file position of a file related BIO.
-
-BIO_flush() normally writes out any internally buffered data, in some
-cases it is used to signal EOF and that no more data will be written.
-
-BIO_eof() returns 1 if the BIO has read EOF, the precise meaning of
-"EOF" varies according to the BIO type.
-
-BIO_set_close() sets the BIO B<b> close flag to B<flag>. B<flag> can
-take the value BIO_CLOSE or BIO_NOCLOSE. Typically BIO_CLOSE is used
-in a source/sink BIO to indicate that the underlying I/O stream should
-be closed when the BIO is freed.
-
-BIO_get_close() returns the BIOs close flag.
-
-BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending()
-return the number of pending characters in the BIOs read and write buffers.
-Not all BIOs support these calls. BIO_ctrl_pending() and BIO_ctrl_wpending()
-return a size_t type and are functions, BIO_pending() and BIO_wpending() are
-macros which call BIO_ctrl().
-
-=head1 RETURN VALUES
-
-BIO_reset() normally returns 1 for success and 0 or -1 for failure. File
-BIOs are an exception, they return 0 for success and -1 for failure.
-
-BIO_seek() and BIO_tell() both return the current file position on success
-and -1 for failure, except file BIOs which for BIO_seek() always return 0
-for success and -1 for failure.
-
-BIO_flush() returns 1 for success and 0 or -1 for failure.
-
-BIO_eof() returns 1 if EOF has been reached 0 otherwise.
-
-BIO_set_close() always returns 1.
-
-BIO_get_close() returns the close flag value: BIO_CLOSE or BIO_NOCLOSE.
-
-BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending()
-return the amount of pending data.
-
-=head1 NOTES
-
-BIO_flush(), because it can write data may return 0 or -1 indicating
-that the call should be retried later in a similar manner to BIO_write().
-The BIO_should_retry() call should be used and appropriate action taken
-is the call fails.
-
-The return values of BIO_pending() and BIO_wpending() may not reliably
-determine the amount of pending data in all cases. For example in the
-case of a file BIO some data may be available in the FILE structures
-internal buffers but it is not possible to determine this in a
-portably way. For other types of BIO they may not be supported.
-
-Filter BIOs if they do not internally handle a particular BIO_ctrl()
-operation usually pass the operation to the next BIO in the chain.
-This often means there is no need to locate the required BIO for
-a particular operation, it can be called on a chain and it will
-be automatically passed to the relevant BIO. However this can cause
-unexpected results: for example no current filter BIOs implement
-BIO_seek(), but this may still succeed if the chain ends in a FILE
-or file descriptor BIO.
-
-Source/sink BIOs return an 0 if they do not recognize the BIO_ctrl()
-operation.
-
-=head1 BUGS
-
-Some of the return values are ambiguous and care should be taken. In
-particular a return value of 0 can be returned if an operation is not
-supported, if an error occurred, if EOF has not been reached and in
-the case of BIO_seek() on a file BIO for a successful operation.
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_f_base64.pod b/crypto/openssl/doc/crypto/BIO_f_base64.pod
deleted file mode 100644
index 438af3b..0000000
--- a/crypto/openssl/doc/crypto/BIO_f_base64.pod
+++ /dev/null
@@ -1,81 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_f_base64 - base64 BIO filter
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
- #include <openssl/evp.h>
-
- BIO_METHOD * BIO_f_base64(void);
-
-=head1 DESCRIPTION
-
-BIO_f_base64() returns the base64 BIO method. This is a filter
-BIO that base64 encodes any data written through it and decodes
-any data read through it.
-
-Base64 BIOs do not support BIO_gets() or BIO_puts().
-
-BIO_flush() on a base64 BIO that is being written through is
-used to signal that no more data is to be encoded: this is used
-to flush the final block through the BIO.
-
-The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags()
-to encode the data all on one line or expect the data to be all
-on one line.
-
-=head1 NOTES
-
-Because of the format of base64 encoding the end of the encoded
-block cannot always be reliably determined.
-
-=head1 RETURN VALUES
-
-BIO_f_base64() returns the base64 BIO method.
-
-=head1 EXAMPLES
-
-Base64 encode the string "Hello World\n" and write the result
-to standard output:
-
- BIO *bio, *b64;
- char message[] = "Hello World \n";
-
- b64 = BIO_new(BIO_f_base64());
- bio = BIO_new_fp(stdout, BIO_NOCLOSE);
- bio = BIO_push(b64, bio);
- BIO_write(bio, message, strlen(message));
- BIO_flush(bio);
-
- BIO_free_all(bio);
-
-Read Base64 encoded data from standard input and write the decoded
-data to standard output:
-
- BIO *bio, *b64, *bio_out;
- char inbuf[512];
- int inlen;
-
- b64 = BIO_new(BIO_f_base64());
- bio = BIO_new_fp(stdin, BIO_NOCLOSE);
- bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
- bio = BIO_push(b64, bio);
- while((inlen = BIO_read(bio, inbuf, 512)) > 0)
- BIO_write(bio_out, inbuf, inlen);
-
- BIO_free_all(bio);
-
-=head1 BUGS
-
-The ambiguity of EOF in base64 encoded data can cause additional
-data following the base64 encoded block to be misinterpreted.
-
-There should be some way of specifying a test that the BIO can perform
-to reliably determine EOF (for example a MIME boundary).
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_f_buffer.pod b/crypto/openssl/doc/crypto/BIO_f_buffer.pod
deleted file mode 100644
index c9093c6..0000000
--- a/crypto/openssl/doc/crypto/BIO_f_buffer.pod
+++ /dev/null
@@ -1,69 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_f_buffer - buffering BIO
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- BIO_METHOD * BIO_f_buffer(void);
-
- #define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
- #define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
- #define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
- #define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
- #define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
-
-=head1 DESCRIPTION
-
-BIO_f_buffer() returns the buffering BIO method.
-
-Data written to a buffering BIO is buffered and periodically written
-to the next BIO in the chain. Data read from a buffering BIO comes from
-an internal buffer which is filled from the next BIO in the chain.
-Both BIO_gets() and BIO_puts() are supported.
-
-Calling BIO_reset() on a buffering BIO clears any buffered data.
-
-BIO_get_buffer_num_lines() returns the number of lines currently buffered.
-
-BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size()
-set the read, write or both read and write buffer sizes to B<size>. The initial
-buffer size is DEFAULT_BUFFER_SIZE, currently 1024. Any attempt to reduce the
-buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared
-when the buffer is resized.
-
-BIO_set_buffer_read_data() clears the read buffer and fills it with B<num>
-bytes of B<buf>. If B<num> is larger than the current buffer size the buffer
-is expanded.
-
-=head1 NOTES
-
-Buffering BIOs implement BIO_gets() by using BIO_read() operations on the
-next BIO in the chain. By prepending a buffering BIO to a chain it is therefore
-possible to provide BIO_gets() functionality if the following BIOs do not
-support it (for example SSL BIOs).
-
-Data is only written to the next BIO in the chain when the write buffer fills
-or when BIO_flush() is called. It is therefore important to call BIO_flush()
-whenever any pending data should be written such as when removing a buffering
-BIO using BIO_pop(). BIO_flush() may need to be retried if the ultimate
-source/sink BIO is non blocking.
-
-=head1 RETURN VALUES
-
-BIO_f_buffer() returns the buffering BIO method.
-
-BIO_get_buffer_num_lines() returns the number of lines buffered (may be 0).
-
-BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size()
-return 1 if the buffer was successfully resized or 0 for failure.
-
-BIO_set_buffer_read_data() returns 1 if the data was set correctly or 0 if
-there was an error.
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_f_cipher.pod b/crypto/openssl/doc/crypto/BIO_f_cipher.pod
deleted file mode 100644
index 02439ce..0000000
--- a/crypto/openssl/doc/crypto/BIO_f_cipher.pod
+++ /dev/null
@@ -1,76 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher BIO filter
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
- #include <openssl/evp.h>
-
- BIO_METHOD * BIO_f_cipher(void);
- void BIO_set_cipher(BIO *b,const EVP_CIPHER *cipher,
- unsigned char *key, unsigned char *iv, int enc);
- int BIO_get_cipher_status(BIO *b)
- int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
-
-=head1 DESCRIPTION
-
-BIO_f_cipher() returns the cipher BIO method. This is a filter
-BIO that encrypts any data written through it, and decrypts any data
-read from it. It is a BIO wrapper for the cipher routines
-EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal().
-
-Cipher BIOs do not support BIO_gets() or BIO_puts().
-
-BIO_flush() on an encryption BIO that is being written through is
-used to signal that no more data is to be encrypted: this is used
-to flush and possibly pad the final block through the BIO.
-
-BIO_set_cipher() sets the cipher of BIO B<b> to B<cipher> using key B<key>
-and IV B<iv>. B<enc> should be set to 1 for encryption and zero for
-decryption.
-
-When reading from an encryption BIO the final block is automatically
-decrypted and checked when EOF is detected. BIO_get_cipher_status()
-is a BIO_ctrl() macro which can be called to determine whether the
-decryption operation was successful.
-
-BIO_get_cipher_ctx() is a BIO_ctrl() macro which retrieves the internal
-BIO cipher context. The retrieved context can be used in conjunction
-with the standard cipher routines to set it up. This is useful when
-BIO_set_cipher() is not flexible enough for the applications needs.
-
-=head1 NOTES
-
-When encrypting BIO_flush() B<must> be called to flush the final block
-through the BIO. If it is not then the final block will fail a subsequent
-decrypt.
-
-When decrypting an error on the final block is signalled by a zero
-return value from the read operation. A successful decrypt followed
-by EOF will also return zero for the final read. BIO_get_cipher_status()
-should be called to determine if the decrypt was successful.
-
-As always, if BIO_gets() or BIO_puts() support is needed then it can
-be achieved by preceding the cipher BIO with a buffering BIO.
-
-=head1 RETURN VALUES
-
-BIO_f_cipher() returns the cipher BIO method.
-
-BIO_set_cipher() does not return a value.
-
-BIO_get_cipher_status() returns 1 for a successful decrypt and 0
-for failure.
-
-BIO_get_cipher_ctx() currently always returns 1.
-
-=head1 EXAMPLES
-
-TBA
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_f_md.pod b/crypto/openssl/doc/crypto/BIO_f_md.pod
deleted file mode 100644
index 0d24083..0000000
--- a/crypto/openssl/doc/crypto/BIO_f_md.pod
+++ /dev/null
@@ -1,138 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
- #include <openssl/evp.h>
-
- BIO_METHOD * BIO_f_md(void);
- int BIO_set_md(BIO *b,EVP_MD *md);
- int BIO_get_md(BIO *b,EVP_MD **mdp);
- int BIO_get_md_ctx(BIO *b,EVP_MD_CTX **mdcp);
-
-=head1 DESCRIPTION
-
-BIO_f_md() returns the message digest BIO method. This is a filter
-BIO that digests any data passed through it, it is a BIO wrapper
-for the digest routines EVP_DigestInit(), EVP_DigestUpdate()
-and EVP_DigestFinal().
-
-Any data written or read through a digest BIO using BIO_read() and
-BIO_write() is digested.
-
-BIO_gets(), if its B<size> parameter is large enough finishes the
-digest calculation and returns the digest value. BIO_puts() is
-not supported.
-
-BIO_reset() reinitialises a digest BIO.
-
-BIO_set_md() sets the message digest of BIO B<b> to B<md>: this
-must be called to initialize a digest BIO before any data is
-passed through it. It is a BIO_ctrl() macro.
-
-BIO_get_md() places the a pointer to the digest BIOs digest method
-in B<mdp>, it is a BIO_ctrl() macro.
-
-BIO_get_md_ctx() returns the digest BIOs context into B<mdcp>.
-
-=head1 NOTES
-
-The context returned by BIO_get_md_ctx() can be used in calls
-to EVP_DigestFinal() and also the signature routines EVP_SignFinal()
-and EVP_VerifyFinal().
-
-The context returned by BIO_get_md_ctx() is an internal context
-structure. Changes made to this context will affect the digest
-BIO itself and the context pointer will become invalid when the digest
-BIO is freed.
-
-After the digest has been retrieved from a digest BIO it must be
-reinitialized by calling BIO_reset(), or BIO_set_md() before any more
-data is passed through it.
-
-If an application needs to call BIO_gets() or BIO_puts() through
-a chain containing digest BIOs then this can be done by prepending
-a buffering BIO.
-
-=head1 RETURN VALUES
-
-BIO_f_md() returns the digest BIO method.
-
-BIO_set_md(), BIO_get_md() and BIO_md_ctx() return 1 for success and
-0 for failure.
-
-=head1 EXAMPLES
-
-The following example creates a BIO chain containing an SHA1 and MD5
-digest BIO and passes the string "Hello World" through it. Error
-checking has been omitted for clarity.
-
- BIO *bio, *mdtmp;
- char message[] = "Hello World";
- bio = BIO_new(BIO_s_null());
- mdtmp = BIO_new(BIO_f_md());
- BIO_set_md(mdtmp, EVP_sha1());
- /* For BIO_push() we want to append the sink BIO and keep a note of
- * the start of the chain.
- */
- bio = BIO_push(mdtmp, bio);
- mdtmp = BIO_new(BIO_f_md());
- BIO_set_md(mdtmp, EVP_md5());
- bio = BIO_push(mdtmp, bio);
- /* Note: mdtmp can now be discarded */
- BIO_write(bio, message, strlen(message));
-
-The next example digests data by reading through a chain instead:
-
- BIO *bio, *mdtmp;
- char buf[1024];
- int rdlen;
- bio = BIO_new_file(file, "rb");
- mdtmp = BIO_new(BIO_f_md());
- BIO_set_md(mdtmp, EVP_sha1());
- bio = BIO_push(mdtmp, bio);
- mdtmp = BIO_new(BIO_f_md());
- BIO_set_md(mdtmp, EVP_md5());
- bio = BIO_push(mdtmp, bio);
- do {
- rdlen = BIO_read(bio, buf, sizeof(buf));
- /* Might want to do something with the data here */
- } while(rdlen > 0);
-
-This next example retrieves the message digests from a BIO chain and
-outputs them. This could be used with the examples above.
-
- BIO *mdtmp;
- unsigned char mdbuf[EVP_MAX_MD_SIZE];
- int mdlen;
- int i;
- mdtmp = bio; /* Assume bio has previously been set up */
- do {
- EVP_MD *md;
- mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
- if(!mdtmp) break;
- BIO_get_md(mdtmp, &md);
- printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
- mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
- for(i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
- printf("\n");
- mdtmp = BIO_next(mdtmp);
- } while(mdtmp);
-
- BIO_free_all(bio);
-
-=head1 BUGS
-
-The lack of support for BIO_puts() and the non standard behaviour of
-BIO_gets() could be regarded as anomalous. It could be argued that BIO_gets()
-and BIO_puts() should be passed to the next BIO in the chain and digest
-the data passed through and that digests should be retrieved using a
-separate BIO_ctrl() call.
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_f_null.pod b/crypto/openssl/doc/crypto/BIO_f_null.pod
deleted file mode 100644
index b057c18..0000000
--- a/crypto/openssl/doc/crypto/BIO_f_null.pod
+++ /dev/null
@@ -1,32 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_f_null - null filter
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- BIO_METHOD * BIO_f_null(void);
-
-=head1 DESCRIPTION
-
-BIO_f_null() returns the null filter BIO method. This is a filter BIO
-that does nothing.
-
-All requests to a null filter BIO are passed through to the next BIO in
-the chain: this means that a BIO chain containing a null filter BIO
-behaves just as though the BIO was not there.
-
-=head1 NOTES
-
-As may be apparent a null filter BIO is not particularly useful.
-
-=head1 RETURN VALUES
-
-BIO_f_null() returns the null filter BIO method.
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_f_ssl.pod b/crypto/openssl/doc/crypto/BIO_f_ssl.pod
deleted file mode 100644
index f0b7317..0000000
--- a/crypto/openssl/doc/crypto/BIO_f_ssl.pod
+++ /dev/null
@@ -1,313 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
-BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl,
-BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id,
-BIO_ssl_shutdown - SSL BIO
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
- #include <openssl/ssl.h>
-
- BIO_METHOD *BIO_f_ssl(void);
-
- #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
- #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
- #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
- #define BIO_set_ssl_renegotiate_bytes(b,num) \
- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
- #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
- BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
- #define BIO_get_num_renegotiates(b) \
- BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
-
- BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
- BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
- BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
- int BIO_ssl_copy_session_id(BIO *to,BIO *from);
- void BIO_ssl_shutdown(BIO *bio);
-
- #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
-
-=head1 DESCRIPTION
-
-BIO_f_ssl() returns the SSL BIO method. This is a filter BIO which
-is a wrapper round the OpenSSL SSL routines adding a BIO "flavour" to
-SSL I/O.
-
-I/O performed on an SSL BIO communicates using the SSL protocol with
-the SSLs read and write BIOs. If an SSL connection is not established
-then an attempt is made to establish one on the first I/O call.
-
-If a BIO is appended to an SSL BIO using BIO_push() it is automatically
-used as the SSL BIOs read and write BIOs.
-
-Calling BIO_reset() on an SSL BIO closes down any current SSL connection
-by calling SSL_shutdown(). BIO_reset() is then sent to the next BIO in
-the chain: this will typically disconnect the underlying transport.
-The SSL BIO is then reset to the initial accept or connect state.
-
-If the close flag is set when an SSL BIO is freed then the internal
-SSL structure is also freed using SSL_free().
-
-BIO_set_ssl() sets the internal SSL pointer of BIO B<b> to B<ssl> using
-the close flag B<c>.
-
-BIO_get_ssl() retrieves the SSL pointer of BIO B<b>, it can then be
-manipulated using the standard SSL library functions.
-
-BIO_set_ssl_mode() sets the SSL BIO mode to B<client>. If B<client>
-is 1 client mode is set. If B<client> is 0 server mode is set.
-
-BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count
-to B<num>. When set after every B<num> bytes of I/O (read and write)
-the SSL session is automatically renegotiated. B<num> must be at
-least 512 bytes.
-
-BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout to
-B<seconds>. When the renegotiate timeout elapses the session is
-automatically renegotiated.
-
-BIO_get_num_renegotiates() returns the total number of session
-renegotiations due to I/O or timeout.
-
-BIO_new_ssl() allocates an SSL BIO using SSL_CTX B<ctx> and using
-client mode if B<client> is non zero.
-
-BIO_new_ssl_connect() creates a new BIO chain consisting of an
-SSL BIO (using B<ctx>) followed by a connect BIO.
-
-BIO_new_buffer_ssl_connect() creates a new BIO chain consisting
-of a buffering BIO, an SSL BIO (using B<ctx>) and a connect
-BIO.
-
-BIO_ssl_copy_session_id() copies an SSL session id between
-BIO chains B<from> and B<to>. It does this by locating the
-SSL BIOs in each chain and calling SSL_copy_session_id() on
-the internal SSL pointer.
-
-BIO_ssl_shutdown() closes down an SSL connection on BIO
-chain B<bio>. It does this by locating the SSL BIO in the
-chain and calling SSL_shutdown() on its internal SSL
-pointer.
-
-BIO_do_handshake() attempts to complete an SSL handshake on the
-supplied BIO and establish the SSL connection. It returns 1
-if the connection was established successfully. A zero or negative
-value is returned if the connection could not be established, the
-call BIO_should_retry() should be used for non blocking connect BIOs
-to determine if the call should be retried. If an SSL connection has
-already been established this call has no effect.
-
-=head1 NOTES
-
-SSL BIOs are exceptional in that if the underlying transport
-is non blocking they can still request a retry in exceptional
-circumstances. Specifically this will happen if a session
-renegotiation takes place during a BIO_read() operation, one
-case where this happens is when SGC or step up occurs.
-
-In OpenSSL 0.9.6 and later the SSL flag SSL_AUTO_RETRY can be
-set to disable this behaviour. That is when this flag is set
-an SSL BIO using a blocking transport will never request a
-retry.
-
-Since unknown BIO_ctrl() operations are sent through filter
-BIOs the servers name and port can be set using BIO_set_host()
-on the BIO returned by BIO_new_ssl_connect() without having
-to locate the connect BIO first.
-
-Applications do not have to call BIO_do_handshake() but may wish
-to do so to separate the handshake process from other I/O
-processing.
-
-=head1 RETURN VALUES
-
-TBA
-
-=head1 EXAMPLE
-
-This SSL/TLS client example, attempts to retrieve a page from an
-SSL/TLS web server. The I/O routines are identical to those of the
-unencrypted example in L<BIO_s_connect(3)|BIO_s_connect(3)>.
-
- BIO *sbio, *out;
- int len;
- char tmpbuf[1024];
- SSL_CTX *ctx;
- SSL *ssl;
-
- ERR_load_crypto_strings();
- ERR_load_SSL_strings();
- OpenSSL_add_all_algorithms();
-
- /* We would seed the PRNG here if the platform didn't
- * do it automatically
- */
-
- ctx = SSL_CTX_new(SSLv23_client_method());
-
- /* We'd normally set some stuff like the verify paths and
- * mode here because as things stand this will connect to
- * any server whose certificate is signed by any CA.
- */
-
- sbio = BIO_new_ssl_connect(ctx);
-
- BIO_get_ssl(sbio, &ssl);
-
- if(!ssl) {
- fprintf(stderr, "Can't locate SSL pointer\n");
- /* whatever ... */
- }
-
- /* Don't want any retries */
- SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
-
- /* We might want to do other things with ssl here */
-
- BIO_set_conn_hostname(sbio, "localhost:https");
-
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
- if(BIO_do_connect(sbio) <= 0) {
- fprintf(stderr, "Error connecting to server\n");
- ERR_print_errors_fp(stderr);
- /* whatever ... */
- }
-
- if(BIO_do_handshake(sbio) <= 0) {
- fprintf(stderr, "Error establishing SSL connection\n");
- ERR_print_errors_fp(stderr);
- /* whatever ... */
- }
-
- /* Could examine ssl here to get connection info */
-
- BIO_puts(sbio, "GET / HTTP/1.0\n\n");
- for(;;) {
- len = BIO_read(sbio, tmpbuf, 1024);
- if(len <= 0) break;
- BIO_write(out, tmpbuf, len);
- }
- BIO_free_all(sbio);
- BIO_free(out);
-
-Here is a simple server example. It makes use of a buffering
-BIO to allow lines to be read from the SSL BIO using BIO_gets.
-It creates a pseudo web page containing the actual request from
-a client and also echoes the request to standard output.
-
- BIO *sbio, *bbio, *acpt, *out;
- int len;
- char tmpbuf[1024];
- SSL_CTX *ctx;
- SSL *ssl;
-
- ERR_load_crypto_strings();
- ERR_load_SSL_strings();
- OpenSSL_add_all_algorithms();
-
- /* Might seed PRNG here */
-
- ctx = SSL_CTX_new(SSLv23_server_method());
-
- if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM)
- || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)
- || !SSL_CTX_check_private_key(ctx)) {
-
- fprintf(stderr, "Error setting up SSL_CTX\n");
- ERR_print_errors_fp(stderr);
- return 0;
- }
-
- /* Might do other things here like setting verify locations and
- * DH and/or RSA temporary key callbacks
- */
-
- /* New SSL BIO setup as server */
- sbio=BIO_new_ssl(ctx,0);
-
- BIO_get_ssl(sbio, &ssl);
-
- if(!ssl) {
- fprintf(stderr, "Can't locate SSL pointer\n");
- /* whatever ... */
- }
-
- /* Don't want any retries */
- SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
-
- /* Create the buffering BIO */
-
- bbio = BIO_new(BIO_f_buffer());
-
- /* Add to chain */
- sbio = BIO_push(bbio, sbio);
-
- acpt=BIO_new_accept("4433");
-
- /* By doing this when a new connection is established
- * we automatically have sbio inserted into it. The
- * BIO chain is now 'swallowed' by the accept BIO and
- * will be freed when the accept BIO is freed.
- */
-
- BIO_set_accept_bios(acpt,sbio);
-
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
-
- /* Setup accept BIO */
- if(BIO_do_accept(acpt) <= 0) {
- fprintf(stderr, "Error setting up accept BIO\n");
- ERR_print_errors_fp(stderr);
- return 0;
- }
-
- /* Now wait for incoming connection */
- if(BIO_do_accept(acpt) <= 0) {
- fprintf(stderr, "Error in connection\n");
- ERR_print_errors_fp(stderr);
- return 0;
- }
-
- /* We only want one connection so remove and free
- * accept BIO
- */
-
- sbio = BIO_pop(acpt);
-
- BIO_free_all(acpt);
-
- if(BIO_do_handshake(sbio) <= 0) {
- fprintf(stderr, "Error in SSL handshake\n");
- ERR_print_errors_fp(stderr);
- return 0;
- }
-
- BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/plain\r\n\r\n");
- BIO_puts(sbio, "\r\nConnection Established\r\nRequest headers:\r\n");
- BIO_puts(sbio, "--------------------------------------------------\r\n");
-
- for(;;) {
- len = BIO_gets(sbio, tmpbuf, 1024);
- if(len <= 0) break;
- BIO_write(sbio, tmpbuf, len);
- BIO_write(out, tmpbuf, len);
- /* Look for blank line signifying end of headers*/
- if((tmpbuf[0] == '\r') || (tmpbuf[0] == '\n')) break;
- }
-
- BIO_puts(sbio, "--------------------------------------------------\r\n");
- BIO_puts(sbio, "\r\n");
-
- /* Since there is a buffering BIO present we had better flush it */
- BIO_flush(sbio);
-
- BIO_free_all(sbio);
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_find_type.pod b/crypto/openssl/doc/crypto/BIO_find_type.pod
deleted file mode 100644
index bd3b256..0000000
--- a/crypto/openssl/doc/crypto/BIO_find_type.pod
+++ /dev/null
@@ -1,98 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_find_type, BIO_next - BIO chain traversal
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- BIO * BIO_find_type(BIO *b,int bio_type);
- BIO * BIO_next(BIO *b);
-
- #define BIO_method_type(b) ((b)->method->type)
-
- #define BIO_TYPE_NONE 0
- #define BIO_TYPE_MEM (1|0x0400)
- #define BIO_TYPE_FILE (2|0x0400)
-
- #define BIO_TYPE_FD (4|0x0400|0x0100)
- #define BIO_TYPE_SOCKET (5|0x0400|0x0100)
- #define BIO_TYPE_NULL (6|0x0400)
- #define BIO_TYPE_SSL (7|0x0200)
- #define BIO_TYPE_MD (8|0x0200)
- #define BIO_TYPE_BUFFER (9|0x0200)
- #define BIO_TYPE_CIPHER (10|0x0200)
- #define BIO_TYPE_BASE64 (11|0x0200)
- #define BIO_TYPE_CONNECT (12|0x0400|0x0100)
- #define BIO_TYPE_ACCEPT (13|0x0400|0x0100)
- #define BIO_TYPE_PROXY_CLIENT (14|0x0200)
- #define BIO_TYPE_PROXY_SERVER (15|0x0200)
- #define BIO_TYPE_NBIO_TEST (16|0x0200)
- #define BIO_TYPE_NULL_FILTER (17|0x0200)
- #define BIO_TYPE_BER (18|0x0200)
- #define BIO_TYPE_BIO (19|0x0400)
-
- #define BIO_TYPE_DESCRIPTOR 0x0100
- #define BIO_TYPE_FILTER 0x0200
- #define BIO_TYPE_SOURCE_SINK 0x0400
-
-=head1 DESCRIPTION
-
-The BIO_find_type() searches for a BIO of a given type in a chain, starting
-at BIO B<b>. If B<type> is a specific type (such as BIO_TYPE_MEM) then a search
-is made for a BIO of that type. If B<type> is a general type (such as
-B<BIO_TYPE_SOURCE_SINK>) then the next matching BIO of the given general type is
-searched for. BIO_find_type() returns the next matching BIO or NULL if none is
-found.
-
-Note: not all the B<BIO_TYPE_*> types above have corresponding BIO implementations.
-
-BIO_next() returns the next BIO in a chain. It can be used to traverse all BIOs
-in a chain or used in conjunction with BIO_find_type() to find all BIOs of a
-certain type.
-
-BIO_method_type() returns the type of a BIO.
-
-=head1 RETURN VALUES
-
-BIO_find_type() returns a matching BIO or NULL for no match.
-
-BIO_next() returns the next BIO in a chain.
-
-BIO_method_type() returns the type of the BIO B<b>.
-
-=head1 NOTES
-
-BIO_next() was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a BIO
-chain or find multiple matches using BIO_find_type(). Previous versions had to
-use:
-
- next = bio->next_bio;
-
-=head1 BUGS
-
-BIO_find_type() in OpenSSL 0.9.5a and earlier could not be safely passed a
-NULL pointer for the B<b> argument.
-
-=head1 EXAMPLE
-
-Traverse a chain looking for digest BIOs:
-
- BIO *btmp;
- btmp = in_bio; /* in_bio is chain to search through */
-
- do {
- btmp = BIO_find_type(btmp, BIO_TYPE_MD);
- if(btmp == NULL) break; /* Not found */
- /* btmp is a digest BIO, do something with it ...*/
- ...
-
- btmp = BIO_next(btmp);
- } while(btmp);
-
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_new.pod b/crypto/openssl/doc/crypto/BIO_new.pod
deleted file mode 100644
index 2a245fc..0000000
--- a/crypto/openssl/doc/crypto/BIO_new.pod
+++ /dev/null
@@ -1,65 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all - BIO allocation and freeing functions
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- BIO * BIO_new(BIO_METHOD *type);
- int BIO_set(BIO *a,BIO_METHOD *type);
- int BIO_free(BIO *a);
- void BIO_vfree(BIO *a);
- void BIO_free_all(BIO *a);
-
-=head1 DESCRIPTION
-
-The BIO_new() function returns a new BIO using method B<type>.
-
-BIO_set() sets the method of an already existing BIO.
-
-BIO_free() frees up a single BIO, BIO_vfree() also frees up a single BIO
-but it does not return a value. Calling BIO_free() may also have some effect
-on the underlying I/O structure, for example it may close the file being
-referred to under certain circumstances. For more details see the individual
-BIO_METHOD descriptions.
-
-BIO_free_all() frees up an entire BIO chain, it does not halt if an error
-occurs freeing up an individual BIO in the chain.
-
-=head1 RETURN VALUES
-
-BIO_new() returns a newly created BIO or NULL if the call fails.
-
-BIO_set(), BIO_free() return 1 for success and 0 for failure.
-
-BIO_free_all() and BIO_vfree() do not return values.
-
-=head1 NOTES
-
-Some BIOs (such as memory BIOs) can be used immediately after calling
-BIO_new(). Others (such as file BIOs) need some additional initialization,
-and frequently a utility function exists to create and initialize such BIOs.
-
-If BIO_free() is called on a BIO chain it will only free one BIO resulting
-in a memory leak.
-
-Calling BIO_free_all() a single BIO has the same effect as calling BIO_free()
-on it other than the discarded return value.
-
-Normally the B<type> argument is supplied by a function which returns a
-pointer to a BIO_METHOD. There is a naming convention for such functions:
-a source/sink BIO is normally called BIO_s_*() and a filter BIO
-BIO_f_*();
-
-=head1 EXAMPLE
-
-Create a memory BIO:
-
- BIO *mem = BIO_new(BIO_s_mem());
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_push.pod b/crypto/openssl/doc/crypto/BIO_push.pod
deleted file mode 100644
index 8af1d3c..0000000
--- a/crypto/openssl/doc/crypto/BIO_push.pod
+++ /dev/null
@@ -1,69 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_push, BIO_pop - add and remove BIOs from a chain.
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- BIO * BIO_push(BIO *b,BIO *append);
- BIO * BIO_pop(BIO *b);
-
-=head1 DESCRIPTION
-
-The BIO_push() function appends the BIO B<append> to B<b>, it returns
-B<b>.
-
-BIO_pop() removes the BIO B<b> from a chain and returns the next BIO
-in the chain, or NULL if there is no next BIO. The removed BIO then
-becomes a single BIO with no association with the original chain,
-it can thus be freed or attached to a different chain.
-
-=head1 NOTES
-
-The names of these functions are perhaps a little misleading. BIO_push()
-joins two BIO chains whereas BIO_pop() deletes a single BIO from a chain,
-the deleted BIO does not need to be at the end of a chain.
-
-The process of calling BIO_push() and BIO_pop() on a BIO may have additional
-consequences (a control call is made to the affected BIOs) any effects will
-be noted in the descriptions of individual BIOs.
-
-=head1 EXAMPLES
-
-For these examples suppose B<md1> and B<md2> are digest BIOs, B<b64> is
-a base64 BIO and B<f> is a file BIO.
-
-If the call:
-
- BIO_push(b64, f);
-
-is made then the new chain will be B<b64-chain>. After making the calls
-
- BIO_push(md2, b64);
- BIO_push(md1, md2);
-
-the new chain is B<md1-md2-b64-f>. Data written to B<md1> will be digested
-by B<md1> and B<md2>, B<base64> encoded and written to B<f>.
-
-It should be noted that reading causes data to pass in the reverse
-direction, that is data is read from B<f>, base64 B<decoded> and digested
-by B<md1> and B<md2>. If the call:
-
- BIO_pop(md2);
-
-The call will return B<b64> and the new chain will be B<md1-b64-f> data can
-be written to B<md1> as before.
-
-=head1 RETURN VALUES
-
-BIO_push() returns the end of the chain, B<b>.
-
-BIO_pop() returns the next BIO in the chain, or NULL if there is no next
-BIO.
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_read.pod b/crypto/openssl/doc/crypto/BIO_read.pod
deleted file mode 100644
index b345281..0000000
--- a/crypto/openssl/doc/crypto/BIO_read.pod
+++ /dev/null
@@ -1,66 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_read, BIO_write, BIO_gets, BIO_puts - BIO I/O functions
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- int BIO_read(BIO *b, void *buf, int len);
- int BIO_gets(BIO *b,char *buf, int size);
- int BIO_write(BIO *b, const void *buf, int len);
- int BIO_puts(BIO *b,const char *buf);
-
-=head1 DESCRIPTION
-
-BIO_read() attempts to read B<len> bytes from BIO B<b> and places
-the data in B<buf>.
-
-BIO_gets() performs the BIOs "gets" operation and places the data
-in B<buf>. Usually this operation will attempt to read a line of data
-from the BIO of maximum length B<len>. There are exceptions to this
-however, for example BIO_gets() on a digest BIO will calculate and
-return the digest and other BIOs may not support BIO_gets() at all.
-
-BIO_write() attempts to write B<len> bytes from B<buf> to BIO B<b>.
-
-BIO_puts() attempts to write a null terminated string B<buf> to BIO B<b>
-
-=head1 RETURN VALUES
-
-All these functions return either the amount of data successfully read or
-written (if the return value is positive) or that no data was successfully
-read or written if the result is 0 or -1. If the return value is -2 then
-the operation is not implemented in the specific BIO type.
-
-=head1 NOTES
-
-A 0 or -1 return is not necessarily an indication of an error. In
-particular when the source/sink is non-blocking or of a certain type
-it may merely be an indication that no data is currently available and that
-the application should retry the operation later.
-
-One technique sometimes used with blocking sockets is to use a system call
-(such as select(), poll() or equivalent) to determine when data is available
-and then call read() to read the data. The equivalent with BIOs (that is call
-select() on the underlying I/O structure and then call BIO_read() to
-read the data) should B<not> be used because a single call to BIO_read()
-can cause several reads (and writes in the case of SSL BIOs) on the underlying
-I/O structure and may block as a result. Instead select() (or equivalent)
-should be combined with non blocking I/O so successive reads will request
-a retry instead of blocking.
-
-See L<BIO_should_retry(3)|BIO_should_retry(3)> for details of how to
-determine the cause of a retry and other I/O issues.
-
-If the BIO_gets() function is not supported by a BIO then it possible to
-work around this by adding a buffering BIO L<BIO_f_buffer(3)|BIO_f_buffer(3)>
-to the chain.
-
-=head1 SEE ALSO
-
-L<BIO_should_retry(3)|BIO_should_retry(3)>
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_s_accept.pod b/crypto/openssl/doc/crypto/BIO_s_accept.pod
deleted file mode 100644
index 7b63e46..0000000
--- a/crypto/openssl/doc/crypto/BIO_s_accept.pod
+++ /dev/null
@@ -1,195 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port,
-BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode,
-BIO_get_bind_mode, BIO_do_accept - accept BIO
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- BIO_METHOD *BIO_s_accept(void);
-
- long BIO_set_accept_port(BIO *b, char *name);
- char *BIO_get_accept_port(BIO *b);
-
- BIO *BIO_new_accept(char *host_port);
-
- long BIO_set_nbio_accept(BIO *b, int n);
- long BIO_set_accept_bios(BIO *b, char *bio);
-
- long BIO_set_bind_mode(BIO *b, long mode);
- long BIO_get_bind_mode(BIO *b, long dummy);
-
- #define BIO_BIND_NORMAL 0
- #define BIO_BIND_REUSEADDR_IF_UNUSED 1
- #define BIO_BIND_REUSEADDR 2
-
- int BIO_do_accept(BIO *b);
-
-=head1 DESCRIPTION
-
-BIO_s_accept() returns the accept BIO method. This is a wrapper
-round the platform's TCP/IP socket accept routines.
-
-Using accept BIOs, TCP/IP connections can be accepted and data
-transferred using only BIO routines. In this way any platform
-specific operations are hidden by the BIO abstraction.
-
-Read and write operations on an accept BIO will perform I/O
-on the underlying connection. If no connection is established
-and the port (see below) is set up properly then the BIO
-waits for an incoming connection.
-
-Accept BIOs support BIO_puts() but not BIO_gets().
-
-If the close flag is set on an accept BIO then any active
-connection on that chain is shutdown and the socket closed when
-the BIO is freed.
-
-Calling BIO_reset() on a accept BIO will close any active
-connection and reset the BIO into a state where it awaits another
-incoming connection.
-
-BIO_get_fd() and BIO_set_fd() can be called to retrieve or set
-the accept socket. See L<BIO_s_fd(3)|BIO_s_fd(3)>
-
-BIO_set_accept_port() uses the string B<name> to set the accept
-port. The port is represented as a string of the form "host:port",
-where "host" is the interface to use and "port" is the port.
-Either or both values can be "*" which is interpreted as meaning
-any interface or port respectively. "port" has the same syntax
-as the port specified in BIO_set_conn_port() for connect BIOs,
-that is it can be a numerical port string or a string to lookup
-using getservbyname() and a string table.
-
-BIO_new_accept() combines BIO_new() and BIO_set_accept_port() into
-a single call: that is it creates a new accept BIO with port
-B<host_port>.
-
-BIO_set_nbio_accept() sets the accept socket to blocking mode
-(the default) if B<n> is 0 or non blocking mode if B<n> is 1.
-
-BIO_set_accept_bios() can be used to set a chain of BIOs which
-will be duplicated and prepended to the chain when an incoming
-connection is received. This is useful if, for example, a
-buffering or SSL BIO is required for each connection. The
-chain of BIOs must not be freed after this call, they will
-be automatically freed when the accept BIO is freed.
-
-BIO_set_bind_mode() and BIO_get_bind_mode() set and retrieve
-the current bind mode. If BIO_BIND_NORMAL (the default) is set
-then another socket cannot be bound to the same port. If
-BIO_BIND_REUSEADDR is set then other sockets can bind to the
-same port. If BIO_BIND_REUSEADDR_IF_UNUSED is set then and
-attempt is first made to use BIO_BIN_NORMAL, if this fails
-and the port is not in use then a second attempt is made
-using BIO_BIND_REUSEADDR.
-
-BIO_do_accept() serves two functions. When it is first
-called, after the accept BIO has been setup, it will attempt
-to create the accept socket and bind an address to it. Second
-and subsequent calls to BIO_do_accept() will await an incoming
-connection, or request a retry in non blocking mode.
-
-=head1 NOTES
-
-When an accept BIO is at the end of a chain it will await an
-incoming connection before processing I/O calls. When an accept
-BIO is not at then end of a chain it passes I/O calls to the next
-BIO in the chain.
-
-When a connection is established a new socket BIO is created for
-the connection and appended to the chain. That is the chain is now
-accept->socket. This effectively means that attempting I/O on
-an initial accept socket will await an incoming connection then
-perform I/O on it.
-
-If any additional BIOs have been set using BIO_set_accept_bios()
-then they are placed between the socket and the accept BIO,
-that is the chain will be accept->otherbios->socket.
-
-If a server wishes to process multiple connections (as is normally
-the case) then the accept BIO must be made available for further
-incoming connections. This can be done by waiting for a connection and
-then calling:
-
- connection = BIO_pop(accept);
-
-After this call B<connection> will contain a BIO for the recently
-established connection and B<accept> will now be a single BIO
-again which can be used to await further incoming connections.
-If no further connections will be accepted the B<accept> can
-be freed using BIO_free().
-
-If only a single connection will be processed it is possible to
-perform I/O using the accept BIO itself. This is often undesirable
-however because the accept BIO will still accept additional incoming
-connections. This can be resolved by using BIO_pop() (see above)
-and freeing up the accept BIO after the initial connection.
-
-If the underlying accept socket is non-blocking and BIO_do_accept() is
-called to await an incoming connection it is possible for
-BIO_should_io_special() with the reason BIO_RR_ACCEPT. If this happens
-then it is an indication that an accept attempt would block: the application
-should take appropriate action to wait until the underlying socket has
-accepted a connection and retry the call.
-
-BIO_set_accept_port(), BIO_get_accept_port(), BIO_set_nbio_accept(),
-BIO_set_accept_bios(), BIO_set_bind_mode(), BIO_get_bind_mode() and
-BIO_do_accept() are macros.
-
-=head1 RETURN VALUES
-
-TBA
-
-=head1 EXAMPLE
-
-This example accepts two connections on port 4444, sends messages
-down each and finally closes both down.
-
- BIO *abio, *cbio, *cbio2;
- ERR_load_crypto_strings();
- abio = BIO_new_accept("4444");
-
- /* First call to BIO_accept() sets up accept BIO */
- if(BIO_do_accept(abio) <= 0) {
- fprintf(stderr, "Error setting up accept\n");
- ERR_print_errors_fp(stderr);
- exit(0);
- }
-
- /* Wait for incoming connection */
- if(BIO_do_accept(abio) <= 0) {
- fprintf(stderr, "Error accepting connection\n");
- ERR_print_errors_fp(stderr);
- exit(0);
- }
- fprintf(stderr, "Connection 1 established\n");
- /* Retrieve BIO for connection */
- cbio = BIO_pop(abio);
- BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\n");
- fprintf(stderr, "Sent out data on connection 1\n");
- /* Wait for another connection */
- if(BIO_do_accept(abio) <= 0) {
- fprintf(stderr, "Error accepting connection\n");
- ERR_print_errors_fp(stderr);
- exit(0);
- }
- fprintf(stderr, "Connection 2 established\n");
- /* Close accept BIO to refuse further connections */
- cbio2 = BIO_pop(abio);
- BIO_free(abio);
- BIO_puts(cbio2, "Connection 2: Sending out Data on second\n");
- fprintf(stderr, "Sent out data on connection 2\n");
-
- BIO_puts(cbio, "Connection 1: Second connection established\n");
- /* Close the two established connections */
- BIO_free(cbio);
- BIO_free(cbio2);
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_s_bio.pod b/crypto/openssl/doc/crypto/BIO_s_bio.pod
deleted file mode 100644
index 8d0a55a..0000000
--- a/crypto/openssl/doc/crypto/BIO_s_bio.pod
+++ /dev/null
@@ -1,182 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr,
-BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair,
-BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request,
-BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- BIO_METHOD *BIO_s_bio(void);
-
- #define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
- #define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
-
- #define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
-
- #define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
- #define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
-
- int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
-
- #define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
- size_t BIO_ctrl_get_write_guarantee(BIO *b);
-
- #define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
- size_t BIO_ctrl_get_read_request(BIO *b);
-
- int BIO_ctrl_reset_read_request(BIO *b);
-
-=head1 DESCRIPTION
-
-BIO_s_bio() returns the method for a BIO pair. A BIO pair is a pair of source/sink
-BIOs where data written to either half of the pair is buffered and can be read from
-the other half. Both halves must usually by handled by the same application thread
-since no locking is done on the internal data structures.
-
-Since BIO chains typically end in a source/sink BIO it is possible to make this
-one half of a BIO pair and have all the data processed by the chain under application
-control.
-
-One typical use of BIO pairs is to place TLS/SSL I/O under application control, this
-can be used when the application wishes to use a non standard transport for
-TLS/SSL or the normal socket routines are inappropriate.
-
-Calls to BIO_read() will read data from the buffer or request a retry if no
-data is available.
-
-Calls to BIO_write() will place data in the buffer or request a retry if the
-buffer is full.
-
-The standard calls BIO_ctrl_pending() and BIO_ctrl_wpending() can be used to
-determine the amount of pending data in the read or write buffer.
-
-BIO_reset() clears any data in the write buffer.
-
-BIO_make_bio_pair() joins two separate BIOs into a connected pair.
-
-BIO_destroy_pair() destroys the association between two connected BIOs. Freeing
-up any half of the pair will automatically destroy the association.
-
-BIO_shutdown_wr() is used to close down a BIO B<b>. After this call no further
-writes on BIO B<b> are allowed (they will return an error). Reads on the other
-half of the pair will return any pending data or EOF when all pending data has
-been read.
-
-BIO_set_write_buf_size() sets the write buffer size of BIO B<b> to B<size>.
-If the size is not initialized a default value is used. This is currently
-17K, sufficient for a maximum size TLS record.
-
-BIO_get_write_buf_size() returns the size of the write buffer.
-
-BIO_new_bio_pair() combines the calls to BIO_new(), BIO_make_bio_pair() and
-BIO_set_write_buf_size() to create a connected pair of BIOs B<bio1>, B<bio2>
-with write buffer sizes B<writebuf1> and B<writebuf2>. If either size is
-zero then the default size is used. BIO_new_bio_pair() does not check whether
-B<bio1> or B<bio2> do point to some other BIO, the values are overwritten,
-BIO_free() is not called.
-
-BIO_get_write_guarantee() and BIO_ctrl_get_write_guarantee() return the maximum
-length of data that can be currently written to the BIO. Writes larger than this
-value will return a value from BIO_write() less than the amount requested or if the
-buffer is full request a retry. BIO_ctrl_get_write_guarantee() is a function
-whereas BIO_get_write_guarantee() is a macro.
-
-BIO_get_read_request() and BIO_ctrl_get_read_request() return the
-amount of data requested, or the buffer size if it is less, if the
-last read attempt at the other half of the BIO pair failed due to an
-empty buffer. This can be used to determine how much data should be
-written to the BIO so the next read will succeed: this is most useful
-in TLS/SSL applications where the amount of data read is usually
-meaningful rather than just a buffer size. After a successful read
-this call will return zero. It also will return zero once new data
-has been written satisfying the read request or part of it.
-Note that BIO_get_read_request() never returns an amount larger
-than that returned by BIO_get_write_guarantee().
-
-BIO_ctrl_reset_read_request() can also be used to reset the value returned by
-BIO_get_read_request() to zero.
-
-=head1 NOTES
-
-Both halves of a BIO pair should be freed. That is even if one half is implicit
-freed due to a BIO_free_all() or SSL_free() call the other half needs to be freed.
-
-When used in bidirectional applications (such as TLS/SSL) care should be taken to
-flush any data in the write buffer. This can be done by calling BIO_pending()
-on the other half of the pair and, if any data is pending, reading it and sending
-it to the underlying transport. This must be done before any normal processing
-(such as calling select() ) due to a request and BIO_should_read() being true.
-
-To see why this is important consider a case where a request is sent using
-BIO_write() and a response read with BIO_read(), this can occur during an
-TLS/SSL handshake for example. BIO_write() will succeed and place data in the write
-buffer. BIO_read() will initially fail and BIO_should_read() will be true. If
-the application then waits for data to be available on the underlying transport
-before flushing the write buffer it will never succeed because the request was
-never sent!
-
-=head1 RETURN VALUES
-
-BIO_new_bio_pair() returns 1 on success, with the new BIOs available in
-B<bio1> and B<bio2>, or 0 on failure, with NULL pointers stored into the
-locations for B<bio1> and B<bio2>. Check the error stack for more information.
-
-[XXXXX: More return values need to be added here]
-
-=head1 EXAMPLE
-
-The BIO pair can be used to have full control over the network access of an
-application. The application can call select() on the socket as required
-without having to go through the SSL-interface.
-
- BIO *internal_bio, *network_bio;
- ...
- BIO_new_bio_pair(internal_bio, 0, network_bio, 0);
- SSL_set_bio(ssl, internal_bio, internal_bio);
- SSL_operations();
- ...
-
- application | TLS-engine
- | |
- +----------> SSL_operations()
- | /\ ||
- | || \/
- | BIO-pair (internal_bio)
- +----------< BIO-pair (network_bio)
- | |
- socket |
-
- ...
- SSL_free(ssl); /* implicitly frees internal_bio */
- BIO_free(network_bio);
- ...
-
-As the BIO pair will only buffer the data and never directly access the
-connection, it behaves non-blocking and will return as soon as the write
-buffer is full or the read buffer is drained. Then the application has to
-flush the write buffer and/or fill the read buffer.
-
-Use the BIO_ctrl_pending(), to find out whether data is buffered in the BIO
-and must be transfered to the network. Use BIO_ctrl_get_read_request() to
-find out, how many bytes must be written into the buffer before the
-SSL_operation() can successfully be continued.
-
-=head1 WARNING
-
-As the data is buffered, SSL_operation() may return with a ERROR_SSL_WANT_READ
-condition, but there is still data in the write buffer. An application must
-not rely on the error value of SSL_operation() but must assure that the
-write buffer is always flushed first. Otherwise a deadlock may occur as
-the peer might be waiting for the data before being able to continue.
-
-=head1 SEE ALSO
-
-L<SSL_set_bio(3)|SSL_set_bio(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
-L<BIO_should_retry(3)|BIO_should_retry(3)>, L<BIO_read(3)|BIO_read(3)>
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BIO_s_connect.pod b/crypto/openssl/doc/crypto/BIO_s_connect.pod
deleted file mode 100644
index bcf7d8d..0000000
--- a/crypto/openssl/doc/crypto/BIO_s_connect.pod
+++ /dev/null
@@ -1,192 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port,
-BIO_set_conn_ip, BIO_set_conn_int_port, BIO_get_conn_hostname,
-BIO_get_conn_port, BIO_get_conn_ip, BIO_get_conn_int_port,
-BIO_set_nbio, BIO_do_connect - connect BIO
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- BIO_METHOD * BIO_s_connect(void);
-
- BIO *BIO_new_connect(char *name);
-
- long BIO_set_conn_hostname(BIO *b, char *name);
- long BIO_set_conn_port(BIO *b, char *port);
- long BIO_set_conn_ip(BIO *b, char *ip);
- long BIO_set_conn_int_port(BIO *b, char *port);
- char *BIO_get_conn_hostname(BIO *b);
- char *BIO_get_conn_port(BIO *b);
- char *BIO_get_conn_ip(BIO *b, dummy);
- long BIO_get_conn_int_port(BIO *b, int port);
-
- long BIO_set_nbio(BIO *b, long n);
-
- int BIO_do_connect(BIO *b);
-
-=head1 DESCRIPTION
-
-BIO_s_connect() returns the connect BIO method. This is a wrapper
-round the platform's TCP/IP socket connection routines.
-
-Using connect BIOs, TCP/IP connections can be made and data
-transferred using only BIO routines. In this way any platform
-specific operations are hidden by the BIO abstraction.
-
-Read and write operations on a connect BIO will perform I/O
-on the underlying connection. If no connection is established
-and the port and hostname (see below) is set up properly then
-a connection is established first.
-
-Connect BIOs support BIO_puts() but not BIO_gets().
-
-If the close flag is set on a connect BIO then any active
-connection is shutdown and the socket closed when the BIO
-is freed.
-
-Calling BIO_reset() on a connect BIO will close any active
-connection and reset the BIO into a state where it can connect
-to the same host again.
-
-BIO_get_fd() places the underlying socket in B<c> if it is not NULL,
-it also returns the socket . If B<c> is not NULL it should be of
-type (int *).
-
-BIO_set_conn_hostname() uses the string B<name> to set the hostname.
-The hostname can be an IP address. The hostname can also include the
-port in the form hostname:port . It is also acceptable to use the
-form "hostname/any/other/path" or "hostname:port/any/other/path".
-
-BIO_set_conn_port() sets the port to B<port>. B<port> can be the
-numerical form or a string such as "http". A string will be looked
-up first using getservbyname() on the host platform but if that
-fails a standard table of port names will be used. Currently the
-list is http, telnet, socks, https, ssl, ftp, gopher and wais.
-
-BIO_set_conn_ip() sets the IP address to B<ip> using binary form,
-that is four bytes specifying the IP address in big-endian form.
-
-BIO_set_conn_int_port() sets the port using B<port>. B<port> should
-be of type (int *).
-
-BIO_get_conn_hostname() returns the hostname of the connect BIO or
-NULL if the BIO is initialized but no hostname is set.
-This return value is an internal pointer which should not be modified.
-
-BIO_get_conn_port() returns the port as a string.
-
-BIO_get_conn_ip() returns the IP address in binary form.
-
-BIO_get_conn_int_port() returns the port as an int.
-
-BIO_set_nbio() sets the non blocking I/O flag to B<n>. If B<n> is
-zero then blocking I/O is set. If B<n> is 1 then non blocking I/O
-is set. Blocking I/O is the default. The call to BIO_set_nbio()
-should be made before the connection is established because
-non blocking I/O is set during the connect process.
-
-BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into
-a single call: that is it creates a new connect BIO with B<name>.
-
-BIO_do_connect() attempts to connect the supplied BIO. It returns 1
-if the connection was established successfully. A zero or negative
-value is returned if the connection could not be established, the
-call BIO_should_retry() should be used for non blocking connect BIOs
-to determine if the call should be retried.
-
-=head1 NOTES
-
-If blocking I/O is set then a non positive return value from any
-I/O call is caused by an error condition, although a zero return
-will normally mean that the connection was closed.
-
-If the port name is supplied as part of the host name then this will
-override any value set with BIO_set_conn_port(). This may be undesirable
-if the application does not wish to allow connection to arbitrary
-ports. This can be avoided by checking for the presence of the ':'
-character in the passed hostname and either indicating an error or
-truncating the string at that point.
-
-The values returned by BIO_get_conn_hostname(), BIO_get_conn_port(),
-BIO_get_conn_ip() and BIO_get_conn_int_port() are updated when a
-connection attempt is made. Before any connection attempt the values
-returned are those set by the application itself.
-
-Applications do not have to call BIO_do_connect() but may wish to do
-so to separate the connection process from other I/O processing.
-
-If non blocking I/O is set then retries will be requested as appropriate.
-
-It addition to BIO_should_read() and BIO_should_write() it is also
-possible for BIO_should_io_special() to be true during the initial
-connection process with the reason BIO_RR_CONNECT. If this is returned
-then this is an indication that a connection attempt would block,
-the application should then take appropriate action to wait until
-the underlying socket has connected and retry the call.
-
-BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_set_conn_ip(),
-BIO_set_conn_int_port(), BIO_get_conn_hostname(), BIO_get_conn_port(),
-BIO_get_conn_ip(), BIO_get_conn_int_port(), BIO_set_nbio() and
-BIO_do_connect() are macros.
-
-=head1 RETURN VALUES
-
-BIO_s_connect() returns the connect BIO method.
-
-BIO_get_fd() returns the socket or -1 if the BIO has not
-been initialized.
-
-BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_set_conn_ip() and
-BIO_set_conn_int_port() always return 1.
-
-BIO_get_conn_hostname() returns the connected hostname or NULL is
-none was set.
-
-BIO_get_conn_port() returns a string representing the connected
-port or NULL if not set.
-
-BIO_get_conn_ip() returns a pointer to the connected IP address in
-binary form or all zeros if not set.
-
-BIO_get_conn_int_port() returns the connected port or 0 if none was
-set.
-
-BIO_set_nbio() always returns 1.
-
-BIO_do_connect() returns 1 if the connection was successfully
-established and 0 or -1 if the connection failed.
-
-=head1 EXAMPLE
-
-This is example connects to a webserver on the local host and attempts
-to retrieve a page and copy the result to standard output.
-
-
- BIO *cbio, *out;
- int len;
- char tmpbuf[1024];
- ERR_load_crypto_strings();
- cbio = BIO_new_connect("localhost:http");
- out = BIO_new_fp(stdout, BIO_NOCLOSE);
- if(BIO_do_connect(cbio) <= 0) {
- fprintf(stderr, "Error connecting to server\n");
- ERR_print_errors_fp(stderr);
- /* whatever ... */
- }
- BIO_puts(cbio, "GET / HTTP/1.0\n\n");
- for(;;) {
- len = BIO_read(cbio, tmpbuf, 1024);
- if(len <= 0) break;
- BIO_write(out, tmpbuf, len);
- }
- BIO_free(cbio);
- BIO_free(out);
-
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_s_fd.pod b/crypto/openssl/doc/crypto/BIO_s_fd.pod
deleted file mode 100644
index b1de1d1..0000000
--- a/crypto/openssl/doc/crypto/BIO_s_fd.pod
+++ /dev/null
@@ -1,89 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd - file descriptor BIO
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- BIO_METHOD * BIO_s_fd(void);
-
- #define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
- #define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
-
- BIO *BIO_new_fd(int fd, int close_flag);
-
-=head1 DESCRIPTION
-
-BIO_s_fd() returns the file descriptor BIO method. This is a wrapper
-round the platforms file descriptor routines such as read() and write().
-
-BIO_read() and BIO_write() read or write the underlying descriptor.
-BIO_puts() is supported but BIO_gets() is not.
-
-If the close flag is set then then close() is called on the underlying
-file descriptor when the BIO is freed.
-
-BIO_reset() attempts to change the file pointer to the start of file
-using lseek(fd, 0, 0).
-
-BIO_seek() sets the file pointer to position B<ofs> from start of file
-using lseek(fd, ofs, 0).
-
-BIO_tell() returns the current file position by calling lseek(fd, 0, 1).
-
-BIO_set_fd() sets the file descriptor of BIO B<b> to B<fd> and the close
-flag to B<c>.
-
-BIO_get_fd() places the file descriptor in B<c> if it is not NULL, it also
-returns the file descriptor. If B<c> is not NULL it should be of type
-(int *).
-
-BIO_new_fd() returns a file descriptor BIO using B<fd> and B<close_flag>.
-
-=head1 NOTES
-
-The behaviour of BIO_read() and BIO_write() depends on the behavior of the
-platforms read() and write() calls on the descriptor. If the underlying
-file descriptor is in a non blocking mode then the BIO will behave in the
-manner described in the L<BIO_read(3)|BIO_read(3)> and L<BIO_should_retry(3)|BIO_should_retry(3)>
-manual pages.
-
-File descriptor BIOs should not be used for socket I/O. Use socket BIOs
-instead.
-
-=head1 RETURN VALUES
-
-BIO_s_fd() returns the file descriptor BIO method.
-
-BIO_reset() returns zero for success and -1 if an error occurred.
-BIO_seek() and BIO_tell() return the current file position or -1
-is an error occurred. These values reflect the underlying lseek()
-behaviour.
-
-BIO_set_fd() always returns 1.
-
-BIO_get_fd() returns the file descriptor or -1 if the BIO has not
-been initialized.
-
-BIO_new_fd() returns the newly allocated BIO or NULL is an error
-occurred.
-
-=head1 EXAMPLE
-
-This is a file descriptor BIO version of "Hello World":
-
- BIO *out;
- out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
- BIO_printf(out, "Hello World\n");
- BIO_free(out);
-
-=head1 SEE ALSO
-
-L<BIO_seek(3)|BIO_seek(3)>, L<BIO_tell(3)|BIO_tell(3)>,
-L<BIO_reset(3)|BIO_reset(3)>, L<BIO_read(3)|BIO_read(3)>,
-L<BIO_write(3)|BIO_write(3)>, L<BIO_puts(3)|BIO_puts(3)>,
-L<BIO_gets(3)|BIO_gets(3)>, L<BIO_printf(3)|BIO_printf(3)>,
-L<BIO_set_close(3)|BIO_set_close(3)>, L<BIO_get_close(3)|BIO_get_close(3)>
diff --git a/crypto/openssl/doc/crypto/BIO_s_file.pod b/crypto/openssl/doc/crypto/BIO_s_file.pod
deleted file mode 100644
index b2a2926..0000000
--- a/crypto/openssl/doc/crypto/BIO_s_file.pod
+++ /dev/null
@@ -1,144 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp,
-BIO_read_filename, BIO_write_filename, BIO_append_filename,
-BIO_rw_filename - FILE bio
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- BIO_METHOD * BIO_s_file(void);
- BIO *BIO_new_file(const char *filename, const char *mode);
- BIO *BIO_new_fp(FILE *stream, int flags);
-
- BIO_set_fp(BIO *b,FILE *fp, int flags);
- BIO_get_fp(BIO *b,FILE **fpp);
-
- int BIO_read_filename(BIO *b, char *name)
- int BIO_write_filename(BIO *b, char *name)
- int BIO_append_filename(BIO *b, char *name)
- int BIO_rw_filename(BIO *b, char *name)
-
-=head1 DESCRIPTION
-
-BIO_s_file() returns the BIO file method. As its name implies it
-is a wrapper round the stdio FILE structure and it is a
-source/sink BIO.
-
-Calls to BIO_read() and BIO_write() read and write data to the
-underlying stream. BIO_gets() and BIO_puts() are supported on file BIOs.
-
-BIO_flush() on a file BIO calls the fflush() function on the wrapped
-stream.
-
-BIO_reset() attempts to change the file pointer to the start of file
-using fseek(stream, 0, 0).
-
-BIO_seek() sets the file pointer to position B<ofs> from start of file
-using fseek(stream, ofs, 0).
-
-BIO_eof() calls feof().
-
-Setting the BIO_CLOSE flag calls fclose() on the stream when the BIO
-is freed.
-
-BIO_new_file() creates a new file BIO with mode B<mode> the meaning
-of B<mode> is the same as the stdio function fopen(). The BIO_CLOSE
-flag is set on the returned BIO.
-
-BIO_new_fp() creates a file BIO wrapping B<stream>. Flags can be:
-BIO_CLOSE, BIO_NOCLOSE (the close flag) BIO_FP_TEXT (sets the underlying
-stream to text mode, default is binary: this only has any effect under
-Win32).
-
-BIO_set_fp() set the fp of a file BIO to B<fp>. B<flags> has the same
-meaning as in BIO_new_fp(), it is a macro.
-
-BIO_get_fp() retrieves the fp of a file BIO, it is a macro.
-
-BIO_seek() is a macro that sets the position pointer to B<offset> bytes
-from the start of file.
-
-BIO_tell() returns the value of the position pointer.
-
-BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and
-BIO_rw_filename() set the file BIO B<b> to use file B<name> for
-reading, writing, append or read write respectively.
-
-=head1 NOTES
-
-When wrapping stdout, stdin or stderr the underlying stream should not
-normally be closed so the BIO_NOCLOSE flag should be set.
-
-Because the file BIO calls the underlying stdio functions any quirks
-in stdio behaviour will be mirrored by the corresponding BIO.
-
-=head1 EXAMPLES
-
-File BIO "hello world":
-
- BIO *bio_out;
- bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
- BIO_printf(bio_out, "Hello World\n");
-
-Alternative technique:
-
- BIO *bio_out;
- bio_out = BIO_new(BIO_s_file());
- if(bio_out == NULL) /* Error ... */
- if(!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) /* Error ... */
- BIO_printf(bio_out, "Hello World\n");
-
-Write to a file:
-
- BIO *out;
- out = BIO_new_file("filename.txt", "w");
- if(!out) /* Error occurred */
- BIO_printf(out, "Hello World\n");
- BIO_free(out);
-
-Alternative technique:
-
- BIO *out;
- out = BIO_new(BIO_s_file());
- if(out == NULL) /* Error ... */
- if(!BIO_write_filename(out, "filename.txt")) /* Error ... */
- BIO_printf(out, "Hello World\n");
- BIO_free(out);
-
-=head1 RETURN VALUES
-
-BIO_s_file() returns the file BIO method.
-
-BIO_new_file() and BIO_new_fp() return a file BIO or NULL if an error
-occurred.
-
-BIO_set_fp() and BIO_get_fp() return 1 for success or 0 for failure
-(although the current implementation never return 0).
-
-BIO_seek() returns the same value as the underlying fseek() function:
-0 for success or -1 for failure.
-
-BIO_tell() returns the current file position.
-
-BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and
-BIO_rw_filename() return 1 for success or 0 for failure.
-
-=head1 BUGS
-
-BIO_reset() and BIO_seek() are implemented using fseek() on the underlying
-stream. The return value for fseek() is 0 for success or -1 if an error
-occurred this differs from other types of BIO which will typically return
-1 for success and a non positive value if an error occurred.
-
-=head1 SEE ALSO
-
-L<BIO_seek(3)|BIO_seek(3)>, L<BIO_tell(3)|BIO_tell(3)>,
-L<BIO_reset(3)|BIO_reset(3)>, L<BIO_flush(3)|BIO_flush(3)>,
-L<BIO_read(3)|BIO_read(3)>,
-L<BIO_write(3)|BIO_write(3)>, L<BIO_puts(3)|BIO_puts(3)>,
-L<BIO_gets(3)|BIO_gets(3)>, L<BIO_printf(3)|BIO_printf(3)>,
-L<BIO_set_close(3)|BIO_set_close(3)>, L<BIO_get_close(3)|BIO_get_close(3)>
diff --git a/crypto/openssl/doc/crypto/BIO_s_mem.pod b/crypto/openssl/doc/crypto/BIO_s_mem.pod
deleted file mode 100644
index 19648ac..0000000
--- a/crypto/openssl/doc/crypto/BIO_s_mem.pod
+++ /dev/null
@@ -1,115 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
-BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- BIO_METHOD * BIO_s_mem(void);
-
- BIO_set_mem_eof_return(BIO *b,int v)
- long BIO_get_mem_data(BIO *b, char **pp)
- BIO_set_mem_buf(BIO *b,BUF_MEM *bm,int c)
- BIO_get_mem_ptr(BIO *b,BUF_MEM **pp)
-
- BIO *BIO_new_mem_buf(void *buf, int len);
-
-=head1 DESCRIPTION
-
-BIO_s_mem() return the memory BIO method function.
-
-A memory BIO is a source/sink BIO which uses memory for its I/O. Data
-written to a memory BIO is stored in a BUF_MEM structure which is extended
-as appropriate to accommodate the stored data.
-
-Any data written to a memory BIO can be recalled by reading from it.
-Unless the memory BIO is read only any data read from it is deleted from
-the BIO.
-
-Memory BIOs support BIO_gets() and BIO_puts().
-
-If the BIO_CLOSE flag is set when a memory BIO is freed then the underlying
-BUF_MEM structure is also freed.
-
-Calling BIO_reset() on a read write memory BIO clears any data in it. On a
-read only BIO it restores the BIO to its original state and the read only
-data can be read again.
-
-BIO_eof() is true if no data is in the BIO.
-
-BIO_ctrl_pending() returns the number of bytes currently stored.
-
-BIO_set_mem_eof_return() sets the behaviour of memory BIO B<b> when it is
-empty. If the B<v> is zero then an empty memory BIO will return EOF (that is
-it will return zero and BIO_should_retry(b) will be false. If B<v> is non
-zero then it will return B<v> when it is empty and it will set the read retry
-flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal
-positive return value B<v> should be set to a negative value, typically -1.
-
-BIO_get_mem_data() sets B<pp> to a pointer to the start of the memory BIOs data
-and returns the total amount of data available. It is implemented as a macro.
-
-BIO_set_mem_buf() sets the internal BUF_MEM structure to B<bm> and sets the
-close flag to B<c>, that is B<c> should be either BIO_CLOSE or BIO_NOCLOSE.
-It is a macro.
-
-BIO_get_mem_ptr() places the underlying BUF_MEM structure in B<pp>. It is
-a macro.
-
-BIO_new_mem_buf() creates a memory BIO using B<len> bytes of data at B<buf>,
-if B<len> is -1 then the B<buf> is assumed to be null terminated and its
-length is determined by B<strlen>. The BIO is set to a read only state and
-as a result cannot be written to. This is useful when some data needs to be
-made available from a static area of memory in the form of a BIO. The
-supplied data is read directly from the supplied buffer: it is B<not> copied
-first, so the supplied area of memory must be unchanged until the BIO is freed.
-
-=head1 NOTES
-
-Writes to memory BIOs will always succeed if memory is available: that is
-their size can grow indefinitely.
-
-Every read from a read write memory BIO will remove the data just read with
-an internal copy operation, if a BIO contains a lots of data and it is
-read in small chunks the operation can be very slow. The use of a read only
-memory BIO avoids this problem. If the BIO must be read write then adding
-a buffering BIO to the chain will speed up the process.
-
-=head1 BUGS
-
-There should be an option to set the maximum size of a memory BIO.
-
-There should be a way to "rewind" a read write BIO without destroying
-its contents.
-
-The copying operation should not occur after every small read of a large BIO
-to improve efficiency.
-
-=head1 EXAMPLE
-
-Create a memory BIO and write some data to it:
-
- BIO *mem = BIO_new(BIO_s_mem());
- BIO_puts(mem, "Hello World\n");
-
-Create a read only memory BIO:
-
- char data[] = "Hello World";
- BIO *mem;
- mem = BIO_new_mem_buf(data, -1);
-
-Extract the BUF_MEM structure from a memory BIO and then free up the BIO:
-
- BUF_MEM *bptr;
- BIO_get_mem_ptr(mem, &bptr);
- BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
- BIO_free(mem);
-
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_s_null.pod b/crypto/openssl/doc/crypto/BIO_s_null.pod
deleted file mode 100644
index e5514f7..0000000
--- a/crypto/openssl/doc/crypto/BIO_s_null.pod
+++ /dev/null
@@ -1,37 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_s_null - null data sink
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- BIO_METHOD * BIO_s_null(void);
-
-=head1 DESCRIPTION
-
-BIO_s_null() returns the null sink BIO method. Data written to
-the null sink is discarded, reads return EOF.
-
-=head1 NOTES
-
-A null sink BIO behaves in a similar manner to the Unix /dev/null
-device.
-
-A null bio can be placed on the end of a chain to discard any data
-passed through it.
-
-A null sink is useful if, for example, an application wishes to digest some
-data by writing through a digest bio but not send the digested data anywhere.
-Since a BIO chain must normally include a source/sink BIO this can be achieved
-by adding a null sink BIO to the end of the chain
-
-=head1 RETURN VALUES
-
-BIO_s_null() returns the null sink BIO method.
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_s_socket.pod b/crypto/openssl/doc/crypto/BIO_s_socket.pod
deleted file mode 100644
index 1c8d3a9..0000000
--- a/crypto/openssl/doc/crypto/BIO_s_socket.pod
+++ /dev/null
@@ -1,63 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_s_socket, BIO_new_socket - socket BIO
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- BIO_METHOD *BIO_s_socket(void);
-
- long BIO_set_fd(BIO *b, int fd, long close_flag);
- long BIO_get_fd(BIO *b, int *c);
-
- BIO *BIO_new_socket(int sock, int close_flag);
-
-=head1 DESCRIPTION
-
-BIO_s_socket() returns the socket BIO method. This is a wrapper
-round the platform's socket routines.
-
-BIO_read() and BIO_write() read or write the underlying socket.
-BIO_puts() is supported but BIO_gets() is not.
-
-If the close flag is set then the socket is shut down and closed
-when the BIO is freed.
-
-BIO_set_fd() sets the socket of BIO B<b> to B<fd> and the close
-flag to B<close_flag>.
-
-BIO_get_fd() places the socket in B<c> if it is not NULL, it also
-returns the socket. If B<c> is not NULL it should be of type (int *).
-
-BIO_new_socket() returns a socket BIO using B<sock> and B<close_flag>.
-
-=head1 NOTES
-
-Socket BIOs also support any relevant functionality of file descriptor
-BIOs.
-
-The reason for having separate file descriptor and socket BIOs is that on some
-platforms sockets are not file descriptors and use distinct I/O routines,
-Windows is one such platform. Any code mixing the two will not work on
-all platforms.
-
-BIO_set_fd() and BIO_get_fd() are macros.
-
-=head1 RETURN VALUES
-
-BIO_s_socket() returns the socket BIO method.
-
-BIO_set_fd() always returns 1.
-
-BIO_get_fd() returns the socket or -1 if the BIO has not been
-initialized.
-
-BIO_new_socket() returns the newly allocated BIO or NULL is an error
-occurred.
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_set_callback.pod b/crypto/openssl/doc/crypto/BIO_set_callback.pod
deleted file mode 100644
index 4759556..0000000
--- a/crypto/openssl/doc/crypto/BIO_set_callback.pod
+++ /dev/null
@@ -1,108 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg,
-BIO_debug_callback - BIO callback functions
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- #define BIO_set_callback(b,cb) ((b)->callback=(cb))
- #define BIO_get_callback(b) ((b)->callback)
- #define BIO_set_callback_arg(b,arg) ((b)->cb_arg=(char *)(arg))
- #define BIO_get_callback_arg(b) ((b)->cb_arg)
-
- long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
- long argl,long ret);
-
- typedef long (*callback)(BIO *b, int oper, const char *argp,
- int argi, long argl, long retvalue);
-
-=head1 DESCRIPTION
-
-BIO_set_callback() and BIO_get_callback() set and retrieve the BIO callback,
-they are both macros. The callback is called during most high level BIO
-operations. It can be used for debugging purposes to trace operations on
-a BIO or to modify its operation.
-
-BIO_set_callback_arg() and BIO_get_callback_arg() are macros which can be
-used to set and retrieve an argument for use in the callback.
-
-BIO_debug_callback() is a standard debugging callback which prints
-out information relating to each BIO operation. If the callback
-argument is set if is interpreted as a BIO to send the information
-to, otherwise stderr is used.
-
-callback() is the callback function itself. The meaning of each
-argument is described below.
-
-The BIO the callback is attached to is passed in B<b>.
-
-B<oper> is set to the operation being performed. For some operations
-the callback is called twice, once before and once after the actual
-operation, the latter case has B<oper> or'ed with BIO_CB_RETURN.
-
-The meaning of the arguments B<argp>, B<argi> and B<argl> depends on
-the value of B<oper>, that is the operation being performed.
-
-B<retvalue> is the return value that would be returned to the
-application if no callback were present. The actual value returned
-is the return value of the callback itself. In the case of callbacks
-called before the actual BIO operation 1 is placed in retvalue, if
-the return value is not positive it will be immediately returned to
-the application and the BIO operation will not be performed.
-
-The callback should normally simply return B<retvalue> when it has
-finished processing, unless if specifically wishes to modify the
-value returned to the application.
-
-=head1 CALLBACK OPERATIONS
-
-=over 4
-
-=item B<BIO_free(b)>
-
-callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L) is called before the
-free operation.
-
-=item B<BIO_read(b, out, outl)>
-
-callback(b, BIO_CB_READ, out, outl, 0L, 1L) is called before
-the read and callback(b, BIO_CB_READ|BIO_CB_RETURN, out, outl, 0L, retvalue)
-after.
-
-=item B<BIO_write(b, in, inl)>
-
-callback(b, BIO_CB_WRITE, in, inl, 0L, 1L) is called before
-the write and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, inl, 0L, retvalue)
-after.
-
-=item B<BIO_gets(b, out, outl)>
-
-callback(b, BIO_CB_GETS, out, outl, 0L, 1L) is called before
-the operation and callback(b, BIO_CB_GETS|BIO_CB_RETURN, out, outl, 0L, retvalue)
-after.
-
-=item B<BIO_puts(b, in)>
-
-callback(b, BIO_CB_WRITE, in, 0, 0L, 1L) is called before
-the operation and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, 0, 0L, retvalue)
-after.
-
-=item B<BIO_ctrl(BIO *b, int cmd, long larg, void *parg)>
-
-callback(b,BIO_CB_CTRL,parg,cmd,larg,1L) is called before the call and
-callback(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, larg,ret) after.
-
-=back
-
-=head1 EXAMPLE
-
-The BIO_debug_callback() function is a good example, its source is
-in crypto/bio/bio_cb.c
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BIO_should_retry.pod b/crypto/openssl/doc/crypto/BIO_should_retry.pod
deleted file mode 100644
index 539c391..0000000
--- a/crypto/openssl/doc/crypto/BIO_should_retry.pod
+++ /dev/null
@@ -1,114 +0,0 @@
-=pod
-
-=head1 NAME
-
-BIO_should_retry, BIO_should_read, BIO_should_write,
-BIO_should_io_special, BIO_retry_type, BIO_should_retry,
-BIO_get_retry_BIO, BIO_get_retry_reason - BIO retry functions
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
- #define BIO_should_read(a) ((a)->flags & BIO_FLAGS_READ)
- #define BIO_should_write(a) ((a)->flags & BIO_FLAGS_WRITE)
- #define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL)
- #define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS)
- #define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY)
-
- #define BIO_FLAGS_READ 0x01
- #define BIO_FLAGS_WRITE 0x02
- #define BIO_FLAGS_IO_SPECIAL 0x04
- #define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
- #define BIO_FLAGS_SHOULD_RETRY 0x08
-
- BIO * BIO_get_retry_BIO(BIO *bio, int *reason);
- int BIO_get_retry_reason(BIO *bio);
-
-=head1 DESCRIPTION
-
-These functions determine why a BIO is not able to read or write data.
-They will typically be called after a failed BIO_read() or BIO_write()
-call.
-
-BIO_should_retry() is true if the call that produced this condition
-should then be retried at a later time.
-
-If BIO_should_retry() is false then the cause is an error condition.
-
-BIO_should_read() is true if the cause of the condition is that a BIO
-needs to read data.
-
-BIO_should_write() is true if the cause of the condition is that a BIO
-needs to read data.
-
-BIO_should_io_special() is true if some "special" condition, that is a
-reason other than reading or writing is the cause of the condition.
-
-BIO_get_retry_reason() returns a mask of the cause of a retry condition
-consisting of the values B<BIO_FLAGS_READ>, B<BIO_FLAGS_WRITE>,
-B<BIO_FLAGS_IO_SPECIAL> though current BIO types will only set one of
-these.
-
-BIO_get_retry_BIO() determines the precise reason for the special
-condition, it returns the BIO that caused this condition and if
-B<reason> is not NULL it contains the reason code. The meaning of
-the reason code and the action that should be taken depends on
-the type of BIO that resulted in this condition.
-
-BIO_get_retry_reason() returns the reason for a special condition if
-passed the relevant BIO, for example as returned by BIO_get_retry_BIO().
-
-=head1 NOTES
-
-If BIO_should_retry() returns false then the precise "error condition"
-depends on the BIO type that caused it and the return code of the BIO
-operation. For example if a call to BIO_read() on a socket BIO returns
-0 and BIO_should_retry() is false then the cause will be that the
-connection closed. A similar condition on a file BIO will mean that it
-has reached EOF. Some BIO types may place additional information on
-the error queue. For more details see the individual BIO type manual
-pages.
-
-If the underlying I/O structure is in a blocking mode almost all current
-BIO types will not request a retry, because the underlying I/O
-calls will not. If the application knows that the BIO type will never
-signal a retry then it need not call BIO_should_retry() after a failed
-BIO I/O call. This is typically done with file BIOs.
-
-SSL BIOs are the only current exception to this rule: they can request a
-retry even if the underlying I/O structure is blocking, if a handshake
-occurs during a call to BIO_read(). An application can retry the failed
-call immediately or avoid this situation by setting SSL_MODE_AUTO_RETRY
-on the underlying SSL structure.
-
-While an application may retry a failed non blocking call immediately
-this is likely to be very inefficient because the call will fail
-repeatedly until data can be processed or is available. An application
-will normally wait until the necessary condition is satisfied. How
-this is done depends on the underlying I/O structure.
-
-For example if the cause is ultimately a socket and BIO_should_read()
-is true then a call to select() may be made to wait until data is
-available and then retry the BIO operation. By combining the retry
-conditions of several non blocking BIOs in a single select() call
-it is possible to service several BIOs in a single thread, though
-the performance may be poor if SSL BIOs are present because long delays
-can occur during the initial handshake process.
-
-It is possible for a BIO to block indefinitely if the underlying I/O
-structure cannot process or return any data. This depends on the behaviour of
-the platforms I/O functions. This is often not desirable: one solution
-is to use non blocking I/O and use a timeout on the select() (or
-equivalent) call.
-
-=head1 BUGS
-
-The OpenSSL ASN1 functions cannot gracefully deal with non blocking I/O:
-that is they cannot retry after a partial read or write. This is usually
-worked around by only passing the relevant data to ASN1 functions when
-the entire structure can be read or written.
-
-=head1 SEE ALSO
-
-TBA
diff --git a/crypto/openssl/doc/crypto/BN_BLINDING_new.pod b/crypto/openssl/doc/crypto/BN_BLINDING_new.pod
deleted file mode 100644
index 7b087f7..0000000
--- a/crypto/openssl/doc/crypto/BN_BLINDING_new.pod
+++ /dev/null
@@ -1,109 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_BLINDING_new, BN_BLINDING_free, BN_BLINDING_update, BN_BLINDING_convert,
-BN_BLINDING_invert, BN_BLINDING_convert_ex, BN_BLINDING_invert_ex,
-BN_BLINDING_get_thread_id, BN_BLINDING_set_thread_id, BN_BLINDING_get_flags,
-BN_BLINDING_set_flags, BN_BLINDING_create_param - blinding related BIGNUM
-functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
- BIGNUM *mod);
- void BN_BLINDING_free(BN_BLINDING *b);
- int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
- int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
- int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
- int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
- BN_CTX *ctx);
- int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
- BN_CTX *ctx);
- unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
- void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
- unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
- void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
- BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx);
-
-=head1 DESCRIPTION
-
-BN_BLINDING_new() allocates a new B<BN_BLINDING> structure and copies
-the B<A> and B<Ai> values into the newly created B<BN_BLINDING> object.
-
-BN_BLINDING_free() frees the B<BN_BLINDING> structure.
-
-BN_BLINDING_update() updates the B<BN_BLINDING> parameters by squaring
-the B<A> and B<Ai> or, after specific number of uses and if the
-necessary parameters are set, by re-creating the blinding parameters.
-
-BN_BLINDING_convert_ex() multiplies B<n> with the blinding factor B<A>.
-If B<r> is not NULL a copy the inverse blinding factor B<Ai> will be
-returned in B<r> (this is useful if a B<RSA> object is shared amoung
-several threads). BN_BLINDING_invert_ex() multiplies B<n> with the
-inverse blinding factor B<Ai>. If B<r> is not NULL it will be used as
-the inverse blinding.
-
-BN_BLINDING_convert() and BN_BLINDING_invert() are wrapper
-functions for BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex()
-with B<r> set to NULL.
-
-BN_BLINDING_set_thread_id() and BN_BLINDING_get_thread_id()
-set and get the "thread id" value of the B<BN_BLINDING> structure,
-a field provided to users of B<BN_BLINDING> structure to help them
-provide proper locking if needed for multi-threaded use. The
-"thread id" of a newly allocated B<BN_BLINDING> structure is zero.
-
-BN_BLINDING_get_flags() returns the BN_BLINDING flags. Currently
-there are two supported flags: B<BN_BLINDING_NO_UPDATE> and
-B<BN_BLINDING_NO_RECREATE>. B<BN_BLINDING_NO_UPDATE> inhibits the
-automatic update of the B<BN_BLINDING> parameters after each use
-and B<BN_BLINDING_NO_RECREATE> inhibits the automatic re-creation
-of the B<BN_BLINDING> parameters after a fixed number of uses (currently
-32). In newly allocated B<BN_BLINDING> objects no flags are set.
-BN_BLINDING_set_flags() sets the B<BN_BLINDING> parameters flags.
-
-BN_BLINDING_create_param() creates new B<BN_BLINDING> parameters
-using the exponent B<e> and the modulus B<m>. B<bn_mod_exp> and
-B<m_ctx> can be used to pass special functions for exponentiation
-(normally BN_mod_exp_mont() and B<BN_MONT_CTX>).
-
-=head1 RETURN VALUES
-
-BN_BLINDING_new() returns the newly allocated B<BN_BLINDING> structure
-or NULL in case of an error.
-
-BN_BLINDING_update(), BN_BLINDING_convert(), BN_BLINDING_invert(),
-BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() return 1 on
-success and 0 if an error occured.
-
-BN_BLINDING_get_thread_id() returns the thread id (a B<unsigned long>
-value) or 0 if not set.
-
-BN_BLINDING_get_flags() returns the currently set B<BN_BLINDING> flags
-(a B<unsigned long> value).
-
-BN_BLINDING_create_param() returns the newly created B<BN_BLINDING>
-parameters or NULL on error.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>
-
-=head1 HISTORY
-
-BN_BLINDING_convert_ex, BN_BLINDIND_invert_ex, BN_BLINDING_get_thread_id,
-BN_BLINDING_set_thread_id, BN_BLINDING_set_flags, BN_BLINDING_get_flags
-and BN_BLINDING_create_param were first introduced in OpenSSL 0.9.8
-
-=head1 AUTHOR
-
-Nils Larsch for the OpenSSL project (http://www.openssl.org).
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_CTX_new.pod b/crypto/openssl/doc/crypto/BN_CTX_new.pod
deleted file mode 100644
index ad8d07d..0000000
--- a/crypto/openssl/doc/crypto/BN_CTX_new.pod
+++ /dev/null
@@ -1,53 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_CTX_new, BN_CTX_init, BN_CTX_free - allocate and free BN_CTX structures
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- BN_CTX *BN_CTX_new(void);
-
- void BN_CTX_init(BN_CTX *c);
-
- void BN_CTX_free(BN_CTX *c);
-
-=head1 DESCRIPTION
-
-A B<BN_CTX> is a structure that holds B<BIGNUM> temporary variables used by
-library functions. Since dynamic memory allocation to create B<BIGNUM>s
-is rather expensive when used in conjunction with repeated subroutine
-calls, the B<BN_CTX> structure is used.
-
-BN_CTX_new() allocates and initializes a B<BN_CTX>
-structure. BN_CTX_init() initializes an existing uninitialized
-B<BN_CTX>.
-
-BN_CTX_free() frees the components of the B<BN_CTX>, and if it was
-created by BN_CTX_new(), also the structure itself.
-If L<BN_CTX_start(3)|BN_CTX_start(3)> has been used on the B<BN_CTX>,
-L<BN_CTX_end(3)|BN_CTX_end(3)> must be called before the B<BN_CTX>
-may be freed by BN_CTX_free().
-
-
-=head1 RETURN VALUES
-
-BN_CTX_new() returns a pointer to the B<BN_CTX>. If the allocation fails,
-it returns B<NULL> and sets an error code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>.
-
-BN_CTX_init() and BN_CTX_free() have no return values.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
-L<BN_CTX_start(3)|BN_CTX_start(3)>
-
-=head1 HISTORY
-
-BN_CTX_new() and BN_CTX_free() are available in all versions on SSLeay
-and OpenSSL. BN_CTX_init() was added in SSLeay 0.9.1b.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_CTX_start.pod b/crypto/openssl/doc/crypto/BN_CTX_start.pod
deleted file mode 100644
index dfcefe1..0000000
--- a/crypto/openssl/doc/crypto/BN_CTX_start.pod
+++ /dev/null
@@ -1,52 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_CTX_start, BN_CTX_get, BN_CTX_end - use temporary BIGNUM variables
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- void BN_CTX_start(BN_CTX *ctx);
-
- BIGNUM *BN_CTX_get(BN_CTX *ctx);
-
- void BN_CTX_end(BN_CTX *ctx);
-
-=head1 DESCRIPTION
-
-These functions are used to obtain temporary B<BIGNUM> variables from
-a B<BN_CTX> (which can been created by using L<BN_CTX_new(3)|BN_CTX_new(3)>)
-in order to save the overhead of repeatedly creating and
-freeing B<BIGNUM>s in functions that are called from inside a loop.
-
-A function must call BN_CTX_start() first. Then, BN_CTX_get() may be
-called repeatedly to obtain temporary B<BIGNUM>s. All BN_CTX_get()
-calls must be made before calling any other functions that use the
-B<ctx> as an argument.
-
-Finally, BN_CTX_end() must be called before returning from the function.
-When BN_CTX_end() is called, the B<BIGNUM> pointers obtained from
-BN_CTX_get() become invalid.
-
-=head1 RETURN VALUES
-
-BN_CTX_start() and BN_CTX_end() return no values.
-
-BN_CTX_get() returns a pointer to the B<BIGNUM>, or B<NULL> on error.
-Once BN_CTX_get() has failed, the subsequent calls will return B<NULL>
-as well, so it is sufficient to check the return value of the last
-BN_CTX_get() call. In case of an error, an error code is set, which
-can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-
-=head1 SEE ALSO
-
-L<BN_CTX_new(3)|BN_CTX_new(3)>
-
-=head1 HISTORY
-
-BN_CTX_start(), BN_CTX_get() and BN_CTX_end() were added in OpenSSL 0.9.5.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_add.pod b/crypto/openssl/doc/crypto/BN_add.pod
deleted file mode 100644
index 88c7a79..0000000
--- a/crypto/openssl/doc/crypto/BN_add.pod
+++ /dev/null
@@ -1,126 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
-BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd -
-arithmetic operations on BIGNUMs
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-
- int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
-
- int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-
- int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
-
- int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
- BN_CTX *ctx);
-
- int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-
- int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-
- int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx);
-
- int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx);
-
- int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx);
-
- int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
-
- int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
-
- int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-
- int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-
-=head1 DESCRIPTION
-
-BN_add() adds I<a> and I<b> and places the result in I<r> (C<r=a+b>).
-I<r> may be the same B<BIGNUM> as I<a> or I<b>.
-
-BN_sub() subtracts I<b> from I<a> and places the result in I<r> (C<r=a-b>).
-
-BN_mul() multiplies I<a> and I<b> and places the result in I<r> (C<r=a*b>).
-I<r> may be the same B<BIGNUM> as I<a> or I<b>.
-For multiplication by powers of 2, use L<BN_lshift(3)|BN_lshift(3)>.
-
-BN_sqr() takes the square of I<a> and places the result in I<r>
-(C<r=a^2>). I<r> and I<a> may be the same B<BIGNUM>.
-This function is faster than BN_mul(r,a,a).
-
-BN_div() divides I<a> by I<d> and places the result in I<dv> and the
-remainder in I<rem> (C<dv=a/d, rem=a%d>). Either of I<dv> and I<rem> may
-be B<NULL>, in which case the respective value is not returned.
-The result is rounded towards zero; thus if I<a> is negative, the
-remainder will be zero or negative.
-For division by powers of 2, use BN_rshift(3).
-
-BN_mod() corresponds to BN_div() with I<dv> set to B<NULL>.
-
-BN_nnmod() reduces I<a> modulo I<m> and places the non-negative
-remainder in I<r>.
-
-BN_mod_add() adds I<a> to I<b> modulo I<m> and places the non-negative
-result in I<r>.
-
-BN_mod_sub() subtracts I<b> from I<a> modulo I<m> and places the
-non-negative result in I<r>.
-
-BN_mod_mul() multiplies I<a> by I<b> and finds the non-negative
-remainder respective to modulus I<m> (C<r=(a*b) mod m>). I<r> may be
-the same B<BIGNUM> as I<a> or I<b>. For more efficient algorithms for
-repeated computations using the same modulus, see
-L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> and
-L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>.
-
-BN_mod_sqr() takes the square of I<a> modulo B<m> and places the
-result in I<r>.
-
-BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>
-(C<r=a^p>). This function is faster than repeated applications of
-BN_mul().
-
-BN_mod_exp() computes I<a> to the I<p>-th power modulo I<m> (C<r=a^p %
-m>). This function uses less time and space than BN_exp().
-
-BN_gcd() computes the greatest common divisor of I<a> and I<b> and
-places the result in I<r>. I<r> may be the same B<BIGNUM> as I<a> or
-I<b>.
-
-For all functions, I<ctx> is a previously allocated B<BN_CTX> used for
-temporary variables; see L<BN_CTX_new(3)|BN_CTX_new(3)>.
-
-Unless noted otherwise, the result B<BIGNUM> must be different from
-the arguments.
-
-=head1 RETURN VALUES
-
-For all functions, 1 is returned for success, 0 on error. The return
-value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>).
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
-L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
-
-=head1 HISTORY
-
-BN_add(), BN_sub(), BN_sqr(), BN_div(), BN_mod(), BN_mod_mul(),
-BN_mod_exp() and BN_gcd() are available in all versions of SSLeay and
-OpenSSL. The I<ctx> argument to BN_mul() was added in SSLeay
-0.9.1b. BN_exp() appeared in SSLeay 0.9.0.
-BN_nnmod(), BN_mod_add(), BN_mod_sub(), and BN_mod_sqr() were added in
-OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_add_word.pod b/crypto/openssl/doc/crypto/BN_add_word.pod
deleted file mode 100644
index 70667d2..0000000
--- a/crypto/openssl/doc/crypto/BN_add_word.pod
+++ /dev/null
@@ -1,61 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word - arithmetic
-functions on BIGNUMs with integers
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- int BN_add_word(BIGNUM *a, BN_ULONG w);
-
- int BN_sub_word(BIGNUM *a, BN_ULONG w);
-
- int BN_mul_word(BIGNUM *a, BN_ULONG w);
-
- BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
-
- BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
-
-=head1 DESCRIPTION
-
-These functions perform arithmetic operations on BIGNUMs with unsigned
-integers. They are much more efficient than the normal BIGNUM
-arithmetic operations.
-
-BN_add_word() adds B<w> to B<a> (C<a+=w>).
-
-BN_sub_word() subtracts B<w> from B<a> (C<a-=w>).
-
-BN_mul_word() multiplies B<a> and B<w> (C<a*=w>).
-
-BN_div_word() divides B<a> by B<w> (C<a/=w>) and returns the remainder.
-
-BN_mod_word() returns the remainder of B<a> divided by B<w> (C<a%w>).
-
-For BN_div_word() and BN_mod_word(), B<w> must not be 0.
-
-=head1 RETURN VALUES
-
-BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0
-on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-BN_mod_word() and BN_div_word() return B<a>%B<w> on success and
-B<(BN_ULONG)-1> if an error occurred.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
-
-=head1 HISTORY
-
-BN_add_word() and BN_mod_word() are available in all versions of
-SSLeay and OpenSSL. BN_div_word() was added in SSLeay 0.8, and
-BN_sub_word() and BN_mul_word() in SSLeay 0.9.0.
-
-Before 0.9.8a the return value for BN_div_word() and BN_mod_word()
-in case of an error was 0.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_bn2bin.pod b/crypto/openssl/doc/crypto/BN_bn2bin.pod
deleted file mode 100644
index a4b17ca..0000000
--- a/crypto/openssl/doc/crypto/BN_bn2bin.pod
+++ /dev/null
@@ -1,95 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn,
-BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn - format conversions
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- int BN_bn2bin(const BIGNUM *a, unsigned char *to);
- BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
-
- char *BN_bn2hex(const BIGNUM *a);
- char *BN_bn2dec(const BIGNUM *a);
- int BN_hex2bn(BIGNUM **a, const char *str);
- int BN_dec2bn(BIGNUM **a, const char *str);
-
- int BN_print(BIO *fp, const BIGNUM *a);
- int BN_print_fp(FILE *fp, const BIGNUM *a);
-
- int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
- BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
-
-=head1 DESCRIPTION
-
-BN_bn2bin() converts the absolute value of B<a> into big-endian form
-and stores it at B<to>. B<to> must point to BN_num_bytes(B<a>) bytes of
-memory.
-
-BN_bin2bn() converts the positive integer in big-endian form of length
-B<len> at B<s> into a B<BIGNUM> and places it in B<ret>. If B<ret> is
-NULL, a new B<BIGNUM> is created.
-
-BN_bn2hex() and BN_bn2dec() return printable strings containing the
-hexadecimal and decimal encoding of B<a> respectively. For negative
-numbers, the string is prefaced with a leading '-'. The string must be
-freed later using OPENSSL_free().
-
-BN_hex2bn() converts the string B<str> containing a hexadecimal number
-to a B<BIGNUM> and stores it in **B<bn>. If *B<bn> is NULL, a new
-B<BIGNUM> is created. If B<bn> is NULL, it only computes the number's
-length in hexadecimal digits. If the string starts with '-', the
-number is negative. BN_dec2bn() is the same using the decimal system.
-
-BN_print() and BN_print_fp() write the hexadecimal encoding of B<a>,
-with a leading '-' for negative numbers, to the B<BIO> or B<FILE>
-B<fp>.
-
-BN_bn2mpi() and BN_mpi2bn() convert B<BIGNUM>s from and to a format
-that consists of the number's length in bytes represented as a 4-byte
-big-endian number, and the number itself in big-endian format, where
-the most significant bit signals a negative number (the representation
-of numbers with the MSB set is prefixed with null byte).
-
-BN_bn2mpi() stores the representation of B<a> at B<to>, where B<to>
-must be large enough to hold the result. The size can be determined by
-calling BN_bn2mpi(B<a>, NULL).
-
-BN_mpi2bn() converts the B<len> bytes long representation at B<s> to
-a B<BIGNUM> and stores it at B<ret>, or in a newly allocated B<BIGNUM>
-if B<ret> is NULL.
-
-=head1 RETURN VALUES
-
-BN_bn2bin() returns the length of the big-endian number placed at B<to>.
-BN_bin2bn() returns the B<BIGNUM>, NULL on error.
-
-BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL
-on error. BN_hex2bn() and BN_dec2bn() return the number's length in
-hexadecimal or decimal digits, and 0 on error.
-
-BN_print_fp() and BN_print() return 1 on success, 0 on write errors.
-
-BN_bn2mpi() returns the length of the representation. BN_mpi2bn()
-returns the B<BIGNUM>, and NULL on error.
-
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_zero(3)|BN_zero(3)>,
-L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
-L<BN_num_bytes(3)|BN_num_bytes(3)>
-
-=head1 HISTORY
-
-BN_bn2bin(), BN_bin2bn(), BN_print_fp() and BN_print() are available
-in all versions of SSLeay and OpenSSL.
-
-BN_bn2hex(), BN_bn2dec(), BN_hex2bn(), BN_dec2bn(), BN_bn2mpi() and
-BN_mpi2bn() were added in SSLeay 0.9.0.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_cmp.pod b/crypto/openssl/doc/crypto/BN_cmp.pod
deleted file mode 100644
index 23e9ed0..0000000
--- a/crypto/openssl/doc/crypto/BN_cmp.pod
+++ /dev/null
@@ -1,48 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- int BN_cmp(BIGNUM *a, BIGNUM *b);
- int BN_ucmp(BIGNUM *a, BIGNUM *b);
-
- int BN_is_zero(BIGNUM *a);
- int BN_is_one(BIGNUM *a);
- int BN_is_word(BIGNUM *a, BN_ULONG w);
- int BN_is_odd(BIGNUM *a);
-
-=head1 DESCRIPTION
-
-BN_cmp() compares the numbers B<a> and B<b>. BN_ucmp() compares their
-absolute values.
-
-BN_is_zero(), BN_is_one() and BN_is_word() test if B<a> equals 0, 1,
-or B<w> respectively. BN_is_odd() tests if a is odd.
-
-BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros.
-
-=head1 RETURN VALUES
-
-BN_cmp() returns -1 if B<a> E<lt> B<b>, 0 if B<a> == B<b> and 1 if
-B<a> E<gt> B<b>. BN_ucmp() is the same using the absolute values
-of B<a> and B<b>.
-
-BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if
-the condition is true, 0 otherwise.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>
-
-=head1 HISTORY
-
-BN_cmp(), BN_ucmp(), BN_is_zero(), BN_is_one() and BN_is_word() are
-available in all versions of SSLeay and OpenSSL.
-BN_is_odd() was added in SSLeay 0.8.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_copy.pod b/crypto/openssl/doc/crypto/BN_copy.pod
deleted file mode 100644
index 388dd7d..0000000
--- a/crypto/openssl/doc/crypto/BN_copy.pod
+++ /dev/null
@@ -1,34 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_copy, BN_dup - copy BIGNUMs
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from);
-
- BIGNUM *BN_dup(const BIGNUM *from);
-
-=head1 DESCRIPTION
-
-BN_copy() copies B<from> to B<to>. BN_dup() creates a new B<BIGNUM>
-containing the value B<from>.
-
-=head1 RETURN VALUES
-
-BN_copy() returns B<to> on success, NULL on error. BN_dup() returns
-the new B<BIGNUM>, and NULL on error. The error codes can be obtained
-by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-BN_copy() and BN_dup() are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_generate_prime.pod b/crypto/openssl/doc/crypto/BN_generate_prime.pod
deleted file mode 100644
index 7dccacb..0000000
--- a/crypto/openssl/doc/crypto/BN_generate_prime.pod
+++ /dev/null
@@ -1,102 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
- BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
-
- int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int,
- void *), BN_CTX *ctx, void *cb_arg);
-
- int BN_is_prime_fasttest(const BIGNUM *a, int checks,
- void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg,
- int do_trial_division);
-
-=head1 DESCRIPTION
-
-BN_generate_prime() generates a pseudo-random prime number of B<num>
-bits.
-If B<ret> is not B<NULL>, it will be used to store the number.
-
-If B<callback> is not B<NULL>, it is called as follows:
-
-=over 4
-
-=item *
-
-B<callback(0, i, cb_arg)> is called after generating the i-th
-potential prime number.
-
-=item *
-
-While the number is being tested for primality, B<callback(1, j,
-cb_arg)> is called as described below.
-
-=item *
-
-When a prime has been found, B<callback(2, i, cb_arg)> is called.
-
-=back
-
-The prime may have to fulfill additional requirements for use in
-Diffie-Hellman key exchange:
-
-If B<add> is not B<NULL>, the prime will fulfill the condition p % B<add>
-== B<rem> (p % B<add> == 1 if B<rem> == B<NULL>) in order to suit a given
-generator.
-
-If B<safe> is true, it will be a safe prime (i.e. a prime p so
-that (p-1)/2 is also prime).
-
-The PRNG must be seeded prior to calling BN_generate_prime().
-The prime number generation has a negligible error probability.
-
-BN_is_prime() and BN_is_prime_fasttest() test if the number B<a> is
-prime. The following tests are performed until one of them shows that
-B<a> is composite; if B<a> passes all these tests, it is considered
-prime.
-
-BN_is_prime_fasttest(), when called with B<do_trial_division == 1>,
-first attempts trial division by a number of small primes;
-if no divisors are found by this test and B<callback> is not B<NULL>,
-B<callback(1, -1, cb_arg)> is called.
-If B<do_trial_division == 0>, this test is skipped.
-
-Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
-probabilistic primality test with B<checks> iterations. If
-B<checks == BN_prime_checks>, a number of iterations is used that
-yields a false positive rate of at most 2^-80 for random input.
-
-If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
-after the j-th iteration (j = 0, 1, ...). B<ctx> is a
-pre-allocated B<BN_CTX> (to save the overhead of allocating and
-freeing the structure in a loop), or B<NULL>.
-
-=head1 RETURN VALUES
-
-BN_generate_prime() returns the prime number on success, B<NULL> otherwise.
-
-BN_is_prime() returns 0 if the number is composite, 1 if it is
-prime with an error probability of less than 0.25^B<checks>, and
--1 on error.
-
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>
-
-=head1 HISTORY
-
-The B<cb_arg> arguments to BN_generate_prime() and to BN_is_prime()
-were added in SSLeay 0.9.0. The B<ret> argument to BN_generate_prime()
-was added in SSLeay 0.9.1.
-BN_is_prime_fasttest() was added in OpenSSL 0.9.5.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_mod_inverse.pod b/crypto/openssl/doc/crypto/BN_mod_inverse.pod
deleted file mode 100644
index 3ea3975..0000000
--- a/crypto/openssl/doc/crypto/BN_mod_inverse.pod
+++ /dev/null
@@ -1,36 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_mod_inverse - compute inverse modulo n
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
- BN_CTX *ctx);
-
-=head1 DESCRIPTION
-
-BN_mod_inverse() computes the inverse of B<a> modulo B<n>
-places the result in B<r> (C<(a*r)%n==1>). If B<r> is NULL,
-a new B<BIGNUM> is created.
-
-B<ctx> is a previously allocated B<BN_CTX> used for temporary
-variables. B<r> may be the same B<BIGNUM> as B<a> or B<n>.
-
-=head1 RETURN VALUES
-
-BN_mod_inverse() returns the B<BIGNUM> containing the inverse, and
-NULL on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
-
-=head1 HISTORY
-
-BN_mod_inverse() is available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod b/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
deleted file mode 100644
index 6b16351..0000000
--- a/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
+++ /dev/null
@@ -1,101 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
-BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy,
-BN_from_montgomery, BN_to_montgomery - Montgomery multiplication
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- BN_MONT_CTX *BN_MONT_CTX_new(void);
- void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
- void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-
- int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
- BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
-
- int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
- BN_MONT_CTX *mont, BN_CTX *ctx);
-
- int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
- BN_CTX *ctx);
-
- int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
- BN_CTX *ctx);
-
-=head1 DESCRIPTION
-
-These functions implement Montgomery multiplication. They are used
-automatically when L<BN_mod_exp(3)|BN_mod_exp(3)> is called with suitable input,
-but they may be useful when several operations are to be performed
-using the same modulus.
-
-BN_MONT_CTX_new() allocates and initializes a B<BN_MONT_CTX> structure.
-BN_MONT_CTX_init() initializes an existing uninitialized B<BN_MONT_CTX>.
-
-BN_MONT_CTX_set() sets up the I<mont> structure from the modulus I<m>
-by precomputing its inverse and a value R.
-
-BN_MONT_CTX_copy() copies the B<BN_MONT_CTX> I<from> to I<to>.
-
-BN_MONT_CTX_free() frees the components of the B<BN_MONT_CTX>, and, if
-it was created by BN_MONT_CTX_new(), also the structure itself.
-
-BN_mod_mul_montgomery() computes Mont(I<a>,I<b>):=I<a>*I<b>*R^-1 and places
-the result in I<r>.
-
-BN_from_montgomery() performs the Montgomery reduction I<r> = I<a>*R^-1.
-
-BN_to_montgomery() computes Mont(I<a>,R^2), i.e. I<a>*R.
-Note that I<a> must be non-negative and smaller than the modulus.
-
-For all functions, I<ctx> is a previously allocated B<BN_CTX> used for
-temporary variables.
-
-The B<BN_MONT_CTX> structure is defined as follows:
-
- typedef struct bn_mont_ctx_st
- {
- int ri; /* number of bits in R */
- BIGNUM RR; /* R^2 (used to convert to Montgomery form) */
- BIGNUM N; /* The modulus */
- BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1
- * (Ni is only stored for bignum algorithm) */
- BN_ULONG n0; /* least significant word of Ni */
- int flags;
- } BN_MONT_CTX;
-
-BN_to_montgomery() is a macro.
-
-=head1 RETURN VALUES
-
-BN_MONT_CTX_new() returns the newly allocated B<BN_MONT_CTX>, and NULL
-on error.
-
-BN_MONT_CTX_init() and BN_MONT_CTX_free() have no return values.
-
-For the other functions, 1 is returned for success, 0 on error.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 WARNING
-
-The inputs must be reduced modulo B<m>, otherwise the result will be
-outside the expected range.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
-L<BN_CTX_new(3)|BN_CTX_new(3)>
-
-=head1 HISTORY
-
-BN_MONT_CTX_new(), BN_MONT_CTX_free(), BN_MONT_CTX_set(),
-BN_mod_mul_montgomery(), BN_from_montgomery() and BN_to_montgomery()
-are available in all versions of SSLeay and OpenSSL.
-
-BN_MONT_CTX_init() and BN_MONT_CTX_copy() were added in SSLeay 0.9.1b.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod b/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
deleted file mode 100644
index 74a216d..0000000
--- a/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
+++ /dev/null
@@ -1,81 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
-BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using
-reciprocal
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- BN_RECP_CTX *BN_RECP_CTX_new(void);
- void BN_RECP_CTX_init(BN_RECP_CTX *recp);
- void BN_RECP_CTX_free(BN_RECP_CTX *recp);
-
- int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
-
- int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp,
- BN_CTX *ctx);
-
- int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
- BN_RECP_CTX *recp, BN_CTX *ctx);
-
-=head1 DESCRIPTION
-
-BN_mod_mul_reciprocal() can be used to perform an efficient
-L<BN_mod_mul(3)|BN_mod_mul(3)> operation when the operation will be performed
-repeatedly with the same modulus. It computes B<r>=(B<a>*B<b>)%B<m>
-using B<recp>=1/B<m>, which is set as described below. B<ctx> is a
-previously allocated B<BN_CTX> used for temporary variables.
-
-BN_RECP_CTX_new() allocates and initializes a B<BN_RECP> structure.
-BN_RECP_CTX_init() initializes an existing uninitialized B<BN_RECP>.
-
-BN_RECP_CTX_free() frees the components of the B<BN_RECP>, and, if it
-was created by BN_RECP_CTX_new(), also the structure itself.
-
-BN_RECP_CTX_set() stores B<m> in B<recp> and sets it up for computing
-1/B<m> and shifting it left by BN_num_bits(B<m>)+1 to make it an
-integer. The result and the number of bits it was shifted left will
-later be stored in B<recp>.
-
-BN_div_recp() divides B<a> by B<m> using B<recp>. It places the quotient
-in B<dv> and the remainder in B<rem>.
-
-The B<BN_RECP_CTX> structure is defined as follows:
-
- typedef struct bn_recp_ctx_st
- {
- BIGNUM N; /* the divisor */
- BIGNUM Nr; /* the reciprocal */
- int num_bits;
- int shift;
- int flags;
- } BN_RECP_CTX;
-
-It cannot be shared between threads.
-
-=head1 RETURN VALUES
-
-BN_RECP_CTX_new() returns the newly allocated B<BN_RECP_CTX>, and NULL
-on error.
-
-BN_RECP_CTX_init() and BN_RECP_CTX_free() have no return values.
-
-For the other functions, 1 is returned for success, 0 on error.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
-L<BN_CTX_new(3)|BN_CTX_new(3)>
-
-=head1 HISTORY
-
-B<BN_RECP_CTX> was added in SSLeay 0.9.0. Before that, the function
-BN_reciprocal() was used instead, and the BN_mod_mul_reciprocal()
-arguments were different.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_new.pod b/crypto/openssl/doc/crypto/BN_new.pod
deleted file mode 100644
index ab7a105..0000000
--- a/crypto/openssl/doc/crypto/BN_new.pod
+++ /dev/null
@@ -1,53 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_new, BN_init, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- BIGNUM *BN_new(void);
-
- void BN_init(BIGNUM *);
-
- void BN_clear(BIGNUM *a);
-
- void BN_free(BIGNUM *a);
-
- void BN_clear_free(BIGNUM *a);
-
-=head1 DESCRIPTION
-
-BN_new() allocates and initializes a B<BIGNUM> structure. BN_init()
-initializes an existing uninitialized B<BIGNUM>.
-
-BN_clear() is used to destroy sensitive data such as keys when they
-are no longer needed. It erases the memory used by B<a> and sets it
-to the value 0.
-
-BN_free() frees the components of the B<BIGNUM>, and if it was created
-by BN_new(), also the structure itself. BN_clear_free() additionally
-overwrites the data before the memory is returned to the system.
-
-=head1 RETURN VALUES
-
-BN_new() returns a pointer to the B<BIGNUM>. If the allocation fails,
-it returns B<NULL> and sets an error code that can be obtained
-by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-BN_init(), BN_clear(), BN_free() and BN_clear_free() have no return
-values.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-BN_new(), BN_clear(), BN_free() and BN_clear_free() are available in
-all versions on SSLeay and OpenSSL. BN_init() was added in SSLeay
-0.9.1b.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_num_bytes.pod b/crypto/openssl/doc/crypto/BN_num_bytes.pod
deleted file mode 100644
index a6a2e3f..0000000
--- a/crypto/openssl/doc/crypto/BN_num_bytes.pod
+++ /dev/null
@@ -1,57 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- int BN_num_bytes(const BIGNUM *a);
-
- int BN_num_bits(const BIGNUM *a);
-
- int BN_num_bits_word(BN_ULONG w);
-
-=head1 DESCRIPTION
-
-BN_num_bytes() returns the size of a B<BIGNUM> in bytes.
-
-BN_num_bits_word() returns the number of significant bits in a word.
-If we take 0x00000432 as an example, it returns 11, not 16, not 32.
-Basically, except for a zero, it returns I<floor(log2(w))+1>.
-
-BN_num_bits() returns the number of significant bits in a B<BIGNUM>,
-following the same principle as BN_num_bits_word().
-
-BN_num_bytes() is a macro.
-
-=head1 RETURN VALUES
-
-The size.
-
-=head1 NOTES
-
-Some have tried using BN_num_bits() on individual numbers in RSA keys,
-DH keys and DSA keys, and found that they don't always come up with
-the number of bits they expected (something like 512, 1024, 2048,
-...). This is because generating a number with some specific number
-of bits doesn't always set the highest bits, thereby making the number
-of I<significant> bits a little lower. If you want to know the "key
-size" of such a key, either use functions like RSA_size(), DH_size()
-and DSA_size(), or use BN_num_bytes() and multiply with 8 (although
-there's no real guarantee that will match the "key size", just a lot
-more probability).
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<DH_size(3)|DH_size(3)>, L<DSA_size(3)|DSA_size(3)>,
-L<RSA_size(3)|RSA_size(3)>
-
-=head1 HISTORY
-
-BN_num_bytes(), BN_num_bits() and BN_num_bits_word() are available in
-all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_rand.pod b/crypto/openssl/doc/crypto/BN_rand.pod
deleted file mode 100644
index 81f93c2..0000000
--- a/crypto/openssl/doc/crypto/BN_rand.pod
+++ /dev/null
@@ -1,58 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_rand, BN_pseudo_rand - generate pseudo-random number
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
-
- int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
-
- int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
-
- int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
-
-=head1 DESCRIPTION
-
-BN_rand() generates a cryptographically strong pseudo-random number of
-B<bits> bits in length and stores it in B<rnd>. If B<top> is -1, the
-most significant bit of the random number can be zero. If B<top> is 0,
-it is set to 1, and if B<top> is 1, the two most significant bits of
-the number will be set to 1, so that the product of two such random
-numbers will always have 2*B<bits> length. If B<bottom> is true, the
-number will be odd.
-
-BN_pseudo_rand() does the same, but pseudo-random numbers generated by
-this function are not necessarily unpredictable. They can be used for
-non-cryptographic purposes and for certain purposes in cryptographic
-protocols, but usually not for key generation etc.
-
-BN_rand_range() generates a cryptographically strong pseudo-random
-number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>.
-BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
-and hence numbers generated by it are not necessarily unpredictable.
-
-The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
-
-=head1 RETURN VALUES
-
-The functions return 1 on success, 0 on error.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
-
-=head1 HISTORY
-
-BN_rand() is available in all versions of SSLeay and OpenSSL.
-BN_pseudo_rand() was added in OpenSSL 0.9.5. The B<top> == -1 case
-and the function BN_rand_range() were added in OpenSSL 0.9.6a.
-BN_pseudo_rand_range() was added in OpenSSL 0.9.6c.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_set_bit.pod b/crypto/openssl/doc/crypto/BN_set_bit.pod
deleted file mode 100644
index b7c47b9..0000000
--- a/crypto/openssl/doc/crypto/BN_set_bit.pod
+++ /dev/null
@@ -1,66 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
-BN_lshift1, BN_rshift, BN_rshift1 - bit operations on BIGNUMs
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- int BN_set_bit(BIGNUM *a, int n);
- int BN_clear_bit(BIGNUM *a, int n);
-
- int BN_is_bit_set(const BIGNUM *a, int n);
-
- int BN_mask_bits(BIGNUM *a, int n);
-
- int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
- int BN_lshift1(BIGNUM *r, BIGNUM *a);
-
- int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
- int BN_rshift1(BIGNUM *r, BIGNUM *a);
-
-=head1 DESCRIPTION
-
-BN_set_bit() sets bit B<n> in B<a> to 1 (C<a|=(1E<lt>E<lt>n)>). The
-number is expanded if necessary.
-
-BN_clear_bit() sets bit B<n> in B<a> to 0 (C<a&=~(1E<lt>E<lt>n)>). An
-error occurs if B<a> is shorter than B<n> bits.
-
-BN_is_bit_set() tests if bit B<n> in B<a> is set.
-
-BN_mask_bits() truncates B<a> to an B<n> bit number
-(C<a&=~((~0)E<gt>E<gt>n)>). An error occurs if B<a> already is
-shorter than B<n> bits.
-
-BN_lshift() shifts B<a> left by B<n> bits and places the result in
-B<r> (C<r=a*2^n>). BN_lshift1() shifts B<a> left by one and places
-the result in B<r> (C<r=2*a>).
-
-BN_rshift() shifts B<a> right by B<n> bits and places the result in
-B<r> (C<r=a/2^n>). BN_rshift1() shifts B<a> right by one and places
-the result in B<r> (C<r=a/2>).
-
-For the shift functions, B<r> and B<a> may be the same variable.
-
-=head1 RETURN VALUES
-
-BN_is_bit_set() returns 1 if the bit is set, 0 otherwise.
-
-All other functions return 1 for success, 0 on error. The error codes
-can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, L<BN_add(3)|BN_add(3)>
-
-=head1 HISTORY
-
-BN_set_bit(), BN_clear_bit(), BN_is_bit_set(), BN_mask_bits(),
-BN_lshift(), BN_lshift1(), BN_rshift(), and BN_rshift1() are available
-in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_swap.pod b/crypto/openssl/doc/crypto/BN_swap.pod
deleted file mode 100644
index 79efaa1..0000000
--- a/crypto/openssl/doc/crypto/BN_swap.pod
+++ /dev/null
@@ -1,23 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_swap - exchange BIGNUMs
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- void BN_swap(BIGNUM *a, BIGNUM *b);
-
-=head1 DESCRIPTION
-
-BN_swap() exchanges the values of I<a> and I<b>.
-
-L<bn(3)|bn(3)>
-
-=head1 HISTORY
-
-BN_swap was added in OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/BN_zero.pod b/crypto/openssl/doc/crypto/BN_zero.pod
deleted file mode 100644
index b555ec3..0000000
--- a/crypto/openssl/doc/crypto/BN_zero.pod
+++ /dev/null
@@ -1,59 +0,0 @@
-=pod
-
-=head1 NAME
-
-BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word - BIGNUM assignment
-operations
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- int BN_zero(BIGNUM *a);
- int BN_one(BIGNUM *a);
-
- const BIGNUM *BN_value_one(void);
-
- int BN_set_word(BIGNUM *a, unsigned long w);
- unsigned long BN_get_word(BIGNUM *a);
-
-=head1 DESCRIPTION
-
-BN_zero(), BN_one() and BN_set_word() set B<a> to the values 0, 1 and
-B<w> respectively. BN_zero() and BN_one() are macros.
-
-BN_value_one() returns a B<BIGNUM> constant of value 1. This constant
-is useful for use in comparisons and assignment.
-
-BN_get_word() returns B<a>, if it can be represented as an unsigned
-long.
-
-=head1 RETURN VALUES
-
-BN_get_word() returns the value B<a>, and 0xffffffffL if B<a> cannot
-be represented as an unsigned long.
-
-BN_zero(), BN_one() and BN_set_word() return 1 on success, 0 otherwise.
-BN_value_one() returns the constant.
-
-=head1 BUGS
-
-Someone might change the constant.
-
-If a B<BIGNUM> is equal to 0xffffffffL it can be represented as an
-unsigned long but this value is also returned on error.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
-
-=head1 HISTORY
-
-BN_zero(), BN_one() and BN_set_word() are available in all versions of
-SSLeay and OpenSSL. BN_value_one() and BN_get_word() were added in
-SSLeay 0.8.
-
-BN_value_one() was changed to return a true const BIGNUM * in OpenSSL
-0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/CONF_modules_free.pod b/crypto/openssl/doc/crypto/CONF_modules_free.pod
deleted file mode 100644
index 87bc7b7..0000000
--- a/crypto/openssl/doc/crypto/CONF_modules_free.pod
+++ /dev/null
@@ -1,47 +0,0 @@
-=pod
-
-=head1 NAME
-
- CONF_modules_free, CONF_modules_finish, CONF_modules_unload -
- OpenSSL configuration cleanup functions
-
-=head1 SYNOPSIS
-
- #include <openssl/conf.h>
-
- void CONF_modules_free(void);
- void CONF_modules_finish(void);
- void CONF_modules_unload(int all);
-
-=head1 DESCRIPTION
-
-CONF_modules_free() closes down and frees up all memory allocated by all
-configuration modules.
-
-CONF_modules_finish() calls each configuration modules B<finish> handler
-to free up any configuration that module may have performed.
-
-CONF_modules_unload() finishes and unloads configuration modules. If
-B<all> is set to B<0> only modules loaded from DSOs will be unloads. If
-B<all> is B<1> all modules, including builtin modules will be unloaded.
-
-=head1 NOTES
-
-Normally applications will only call CONF_modules_free() at application to
-tidy up any configuration performed.
-
-=head1 RETURN VALUE
-
-None of the functions return a value.
-
-=head1 SEE ALSO
-
-L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>,
-L<CONF_modules_load_file(3), CONF_modules_load_file(3)>
-
-=head1 HISTORY
-
-CONF_modules_free(), CONF_modules_unload(), and CONF_modules_finish()
-first appeared in OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/CONF_modules_load_file.pod b/crypto/openssl/doc/crypto/CONF_modules_load_file.pod
deleted file mode 100644
index 9965d69..0000000
--- a/crypto/openssl/doc/crypto/CONF_modules_load_file.pod
+++ /dev/null
@@ -1,60 +0,0 @@
-=pod
-
-=head1 NAME
-
- CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions
-
-=head1 SYNOPSIS
-
- #include <openssl/conf.h>
-
- int CONF_modules_load_file(const char *filename, const char *appname,
- unsigned long flags);
- int CONF_modules_load(const CONF *cnf, const char *appname,
- unsigned long flags);
-
-=head1 DESCRIPTION
-
-The function CONF_modules_load_file() configures OpenSSL using file
-B<filename> and application name B<appname>. If B<filename> is NULL
-the standard OpenSSL configuration file is used. If B<appname> is
-NULL the standard OpenSSL application name B<openssl_conf> is used.
-The behaviour can be cutomized using B<flags>.
-
-CONF_modules_load() is idential to CONF_modules_load_file() except it
-read configuration information from B<cnf>.
-
-=head1 NOTES
-
-The following B<flags> are currently recognized:
-
-B<CONF_MFLAGS_IGNORE_ERRORS> if set errors returned by individual
-configuration modules are ignored. If not set the first module error is
-considered fatal and no further modules are loads.
-
-Normally any modules errors will add error information to the error queue. If
-B<CONF_MFLAGS_SILENT> is set no error information is added.
-
-If B<CONF_MFLAGS_NO_DSO> is set configuration module loading from DSOs is
-disabled.
-
-B<CONF_MFLAGS_IGNORE_MISSING_FILE> if set will make CONF_load_modules_file()
-ignore missing configuration files. Normally a missing configuration file
-return an error.
-
-=head1 RETURN VALUE
-
-These functions return 1 for success and a zero or negative value for
-failure. If module errors are not ignored the return code will reflect the
-return value of the failing module (this will always be zero or negative).
-
-=head1 SEE ALSO
-
-L<conf(5)|conf(5)>, L<OPENSSL_config(3)|OPENSSL_config(3)>,
-L<CONF_free(3), CONF_free(3)>, L<err(3),err(3)>
-
-=head1 HISTORY
-
-CONF_modules_load_file and CONF_modules_load first appeared in OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod b/crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod
deleted file mode 100644
index 1bd5bed..0000000
--- a/crypto/openssl/doc/crypto/CRYPTO_set_ex_data.pod
+++ /dev/null
@@ -1,51 +0,0 @@
-=pod
-
-=head1 NAME
-
-CRYPTO_set_ex_data, CRYPTO_get_ex_data - internal application specific data functions
-
-=head1 SYNOPSIS
-
- int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
-
- void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
-
-=head1 DESCRIPTION
-
-Several OpenSSL structures can have application specific data attached to them.
-These functions are used internally by OpenSSL to manipulate application
-specific data attached to a specific structure.
-
-These functions should only be used by applications to manipulate
-B<CRYPTO_EX_DATA> structures passed to the B<new_func()>, B<free_func()> and
-B<dup_func()> callbacks: as passed to B<RSA_get_ex_new_index()> for example.
-
-B<CRYPTO_set_ex_data()> is used to set application specific data, the data is
-supplied in the B<arg> parameter and its precise meaning is up to the
-application.
-
-B<CRYPTO_get_ex_data()> is used to retrieve application specific data. The data
-is returned to the application, this will be the same value as supplied to
-a previous B<CRYPTO_set_ex_data()> call.
-
-=head1 RETURN VALUES
-
-B<CRYPTO_set_ex_data()> returns 1 on success or 0 on failure.
-
-B<CRYPTO_get_ex_data()> returns the application data or 0 on failure. 0 may also
-be valid application data but currently it can only fail if given an invalid B<idx>
-parameter.
-
-On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
-L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>,
-L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>
-
-=head1 HISTORY
-
-CRYPTO_set_ex_data() and CRYPTO_get_ex_data() have been available since SSLeay 0.9.0.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DH_generate_key.pod b/crypto/openssl/doc/crypto/DH_generate_key.pod
deleted file mode 100644
index 81f09fd..0000000
--- a/crypto/openssl/doc/crypto/DH_generate_key.pod
+++ /dev/null
@@ -1,50 +0,0 @@
-=pod
-
-=head1 NAME
-
-DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
-
- int DH_generate_key(DH *dh);
-
- int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
-
-=head1 DESCRIPTION
-
-DH_generate_key() performs the first step of a Diffie-Hellman key
-exchange by generating private and public DH values. By calling
-DH_compute_key(), these are combined with the other party's public
-value to compute the shared key.
-
-DH_generate_key() expects B<dh> to contain the shared parameters
-B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value
-unless B<dh-E<gt>priv_key> is already set, and computes the
-corresponding public value B<dh-E<gt>pub_key>, which can then be
-published.
-
-DH_compute_key() computes the shared secret from the private DH value
-in B<dh> and the other party's public value in B<pub_key> and stores
-it in B<key>. B<key> must point to B<DH_size(dh)> bytes of memory.
-
-=head1 RETURN VALUES
-
-DH_generate_key() returns 1 on success, 0 otherwise.
-
-DH_compute_key() returns the size of the shared secret on success, -1
-on error.
-
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
-
-=head1 HISTORY
-
-DH_generate_key() and DH_compute_key() are available in all versions
-of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DH_generate_parameters.pod b/crypto/openssl/doc/crypto/DH_generate_parameters.pod
deleted file mode 100644
index 9081e9e..0000000
--- a/crypto/openssl/doc/crypto/DH_generate_parameters.pod
+++ /dev/null
@@ -1,73 +0,0 @@
-=pod
-
-=head1 NAME
-
-DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
-
- DH *DH_generate_parameters(int prime_len, int generator,
- void (*callback)(int, int, void *), void *cb_arg);
-
- int DH_check(DH *dh, int *codes);
-
-=head1 DESCRIPTION
-
-DH_generate_parameters() generates Diffie-Hellman parameters that can
-be shared among a group of users, and returns them in a newly
-allocated B<DH> structure. The pseudo-random number generator must be
-seeded prior to calling DH_generate_parameters().
-
-B<prime_len> is the length in bits of the safe prime to be generated.
-B<generator> is a small number E<gt> 1, typically 2 or 5.
-
-A callback function may be used to provide feedback about the progress
-of the key generation. If B<callback> is not B<NULL>, it will be
-called as described in L<BN_generate_prime(3)|BN_generate_prime(3)> while a random prime
-number is generated, and when a prime has been found, B<callback(3,
-0, cb_arg)> is called.
-
-DH_check() validates Diffie-Hellman parameters. It checks that B<p> is
-a safe prime, and that B<g> is a suitable generator. In the case of an
-error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or
-DH_NOT_SUITABLE_GENERATOR are set in B<*codes>.
-DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be
-checked, i.e. it does not equal 2 or 5.
-
-=head1 RETURN VALUES
-
-DH_generate_parameters() returns a pointer to the DH structure, or
-NULL if the parameter generation fails. The error codes can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-DH_check() returns 1 if the check could be performed, 0 otherwise.
-
-=head1 NOTES
-
-DH_generate_parameters() may run for several hours before finding a
-suitable prime.
-
-The parameters generated by DH_generate_parameters() are not to be
-used in signature schemes.
-
-=head1 BUGS
-
-If B<generator> is not 2 or 5, B<dh-E<gt>g>=B<generator> is not
-a usable generator.
-
-=head1 SEE ALSO
-
-L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<DH_free(3)|DH_free(3)>
-
-=head1 HISTORY
-
-DH_check() is available in all versions of SSLeay and OpenSSL.
-The B<cb_arg> argument to DH_generate_parameters() was added in SSLeay 0.9.0.
-
-In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used
-instead of DH_CHECK_P_NOT_SAFE_PRIME.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod b/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod
deleted file mode 100644
index fa5eab2..0000000
--- a/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod
+++ /dev/null
@@ -1,36 +0,0 @@
-=pod
-
-=head1 NAME
-
-DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
-
- int DH_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
-
- int DH_set_ex_data(DH *d, int idx, void *arg);
-
- char *DH_get_ex_data(DH *d, int idx);
-
-=head1 DESCRIPTION
-
-These functions handle application specific data in DH
-structures. Their usage is identical to that of
-RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
-as described in L<RSA_get_ex_new_index(3)>.
-
-=head1 SEE ALSO
-
-L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dh(3)|dh(3)>
-
-=head1 HISTORY
-
-DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are
-available since OpenSSL 0.9.5.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DH_new.pod b/crypto/openssl/doc/crypto/DH_new.pod
deleted file mode 100644
index 60c9300..0000000
--- a/crypto/openssl/doc/crypto/DH_new.pod
+++ /dev/null
@@ -1,40 +0,0 @@
-=pod
-
-=head1 NAME
-
-DH_new, DH_free - allocate and free DH objects
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
-
- DH* DH_new(void);
-
- void DH_free(DH *dh);
-
-=head1 DESCRIPTION
-
-DH_new() allocates and initializes a B<DH> structure.
-
-DH_free() frees the B<DH> structure and its components. The values are
-erased before the memory is returned to the system.
-
-=head1 RETURN VALUES
-
-If the allocation fails, DH_new() returns B<NULL> and sets an error
-code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
-a pointer to the newly allocated structure.
-
-DH_free() returns no value.
-
-=head1 SEE ALSO
-
-L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
-L<DH_generate_key(3)|DH_generate_key(3)>
-
-=head1 HISTORY
-
-DH_new() and DH_free() are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DH_set_method.pod b/crypto/openssl/doc/crypto/DH_set_method.pod
deleted file mode 100644
index 73261fc..0000000
--- a/crypto/openssl/doc/crypto/DH_set_method.pod
+++ /dev/null
@@ -1,129 +0,0 @@
-=pod
-
-=head1 NAME
-
-DH_set_default_method, DH_get_default_method,
-DH_set_method, DH_new_method, DH_OpenSSL - select DH method
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
- #include <openssl/engine.h>
-
- void DH_set_default_method(const DH_METHOD *meth);
-
- const DH_METHOD *DH_get_default_method(void);
-
- int DH_set_method(DH *dh, const DH_METHOD *meth);
-
- DH *DH_new_method(ENGINE *engine);
-
- const DH_METHOD *DH_OpenSSL(void);
-
-=head1 DESCRIPTION
-
-A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
-operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
-important information about how these DH API functions are affected by the use
-of B<ENGINE> API calls.
-
-Initially, the default DH_METHOD is the OpenSSL internal implementation, as
-returned by DH_OpenSSL().
-
-DH_set_default_method() makes B<meth> the default method for all DH
-structures created later. B<NB>: This is true only whilst no ENGINE has been set
-as a default for DH, so this function is no longer recommended.
-
-DH_get_default_method() returns a pointer to the current default DH_METHOD.
-However, the meaningfulness of this result is dependant on whether the ENGINE
-API is being used, so this function is no longer recommended.
-
-DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
-This will replace the DH_METHOD used by the DH key and if the previous method
-was supplied by an ENGINE, the handle to that ENGINE will be released during the
-change. It is possible to have DH keys that only work with certain DH_METHOD
-implementations (eg. from an ENGINE module that supports embedded
-hardware-protected keys), and in such cases attempting to change the DH_METHOD
-for the key can have unexpected results.
-
-DH_new_method() allocates and initializes a DH structure so that B<engine> will
-be used for the DH operations. If B<engine> is NULL, the default ENGINE for DH
-operations is used, and if no default ENGINE is set, the DH_METHOD controlled by
-DH_set_default_method() is used.
-
-=head1 THE DH_METHOD STRUCTURE
-
- typedef struct dh_meth_st
- {
- /* name of the implementation */
- const char *name;
-
- /* generate private and public DH values for key agreement */
- int (*generate_key)(DH *dh);
-
- /* compute shared secret */
- int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);
-
- /* compute r = a ^ p mod m (May be NULL for some implementations) */
- int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-
- /* called at DH_new */
- int (*init)(DH *dh);
-
- /* called at DH_free */
- int (*finish)(DH *dh);
-
- int flags;
-
- char *app_data; /* ?? */
-
- } DH_METHOD;
-
-=head1 RETURN VALUES
-
-DH_OpenSSL() and DH_get_default_method() return pointers to the respective
-B<DH_METHOD>s.
-
-DH_set_default_method() returns no value.
-
-DH_set_method() returns non-zero if the provided B<meth> was successfully set as
-the method for B<dh> (including unloading the ENGINE handle if the previous
-method was supplied by an ENGINE).
-
-DH_new_method() returns NULL and sets an error code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
-returns a pointer to the newly allocated structure.
-
-=head1 NOTES
-
-As of version 0.9.7, DH_METHOD implementations are grouped together with other
-algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
-default ENGINE is specified for DH functionality using an ENGINE API function,
-that will override any DH defaults set using the DH API (ie.
-DH_set_default_method()). For this reason, the ENGINE API is the recommended way
-to control default implementations for use in DH and other cryptographic
-algorithms.
-
-=head1 SEE ALSO
-
-L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
-
-=head1 HISTORY
-
-DH_set_default_method(), DH_get_default_method(), DH_set_method(),
-DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
-
-DH_set_default_openssl_method() and DH_get_default_openssl_method() replaced
-DH_set_default_method() and DH_get_default_method() respectively, and
-DH_set_method() and DH_new_method() were altered to use B<ENGINE>s rather than
-B<DH_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
-0.9.7, the handling of defaults in the ENGINE API was restructured so that this
-change was reversed, and behaviour of the other functions resembled more closely
-the previous behaviour. The behaviour of defaults in the ENGINE API now
-transparently overrides the behaviour of defaults in the DH API without
-requiring changing these function prototypes.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DH_size.pod b/crypto/openssl/doc/crypto/DH_size.pod
deleted file mode 100644
index 97f26fd..0000000
--- a/crypto/openssl/doc/crypto/DH_size.pod
+++ /dev/null
@@ -1,33 +0,0 @@
-=pod
-
-=head1 NAME
-
-DH_size - get Diffie-Hellman prime size
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
-
- int DH_size(DH *dh);
-
-=head1 DESCRIPTION
-
-This function returns the Diffie-Hellman size in bytes. It can be used
-to determine how much memory must be allocated for the shared secret
-computed by DH_compute_key().
-
-B<dh-E<gt>p> must not be B<NULL>.
-
-=head1 RETURN VALUE
-
-The size in bytes.
-
-=head1 SEE ALSO
-
-L<dh(3)|dh(3)>, L<DH_generate_key(3)|DH_generate_key(3)>
-
-=head1 HISTORY
-
-DH_size() is available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DSA_SIG_new.pod b/crypto/openssl/doc/crypto/DSA_SIG_new.pod
deleted file mode 100644
index 3ac6140..0000000
--- a/crypto/openssl/doc/crypto/DSA_SIG_new.pod
+++ /dev/null
@@ -1,40 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- DSA_SIG *DSA_SIG_new(void);
-
- void DSA_SIG_free(DSA_SIG *a);
-
-=head1 DESCRIPTION
-
-DSA_SIG_new() allocates and initializes a B<DSA_SIG> structure.
-
-DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
-values are erased before the memory is returned to the system.
-
-=head1 RETURN VALUES
-
-If the allocation fails, DSA_SIG_new() returns B<NULL> and sets an
-error code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
-to the newly allocated structure.
-
-DSA_SIG_free() returns no value.
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<DSA_do_sign(3)|DSA_do_sign(3)>
-
-=head1 HISTORY
-
-DSA_SIG_new() and DSA_SIG_free() were added in OpenSSL 0.9.3.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DSA_do_sign.pod b/crypto/openssl/doc/crypto/DSA_do_sign.pod
deleted file mode 100644
index 5dfc733..0000000
--- a/crypto/openssl/doc/crypto/DSA_do_sign.pod
+++ /dev/null
@@ -1,47 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_do_sign, DSA_do_verify - raw DSA signature operations
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-
- int DSA_do_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-
-=head1 DESCRIPTION
-
-DSA_do_sign() computes a digital signature on the B<len> byte message
-digest B<dgst> using the private key B<dsa> and returns it in a
-newly allocated B<DSA_SIG> structure.
-
-L<DSA_sign_setup(3)|DSA_sign_setup(3)> may be used to precompute part
-of the signing operation in case signature generation is
-time-critical.
-
-DSA_do_verify() verifies that the signature B<sig> matches a given
-message digest B<dgst> of size B<len>. B<dsa> is the signer's public
-key.
-
-=head1 RETURN VALUES
-
-DSA_do_sign() returns the signature, NULL on error. DSA_do_verify()
-returns 1 for a valid signature, 0 for an incorrect signature and -1
-on error. The error codes can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
-L<DSA_sign(3)|DSA_sign(3)>
-
-=head1 HISTORY
-
-DSA_do_sign() and DSA_do_verify() were added in OpenSSL 0.9.3.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DSA_dup_DH.pod b/crypto/openssl/doc/crypto/DSA_dup_DH.pod
deleted file mode 100644
index 7f6f0d1..0000000
--- a/crypto/openssl/doc/crypto/DSA_dup_DH.pod
+++ /dev/null
@@ -1,36 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_dup_DH - create a DH structure out of DSA structure
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- DH * DSA_dup_DH(const DSA *r);
-
-=head1 DESCRIPTION
-
-DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q
-is lost during that conversion, but the resulting DH parameters
-contain its length.
-
-=head1 RETURN VALUE
-
-DSA_dup_DH() returns the new B<DH> structure, and NULL on error. The
-error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 NOTE
-
-Be careful to avoid small subgroup attacks when using this.
-
-=head1 SEE ALSO
-
-L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-DSA_dup_DH() was added in OpenSSL 0.9.4.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DSA_generate_key.pod b/crypto/openssl/doc/crypto/DSA_generate_key.pod
deleted file mode 100644
index af83ccf..0000000
--- a/crypto/openssl/doc/crypto/DSA_generate_key.pod
+++ /dev/null
@@ -1,34 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_generate_key - generate DSA key pair
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- int DSA_generate_key(DSA *a);
-
-=head1 DESCRIPTION
-
-DSA_generate_key() expects B<a> to contain DSA parameters. It generates
-a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>.
-
-The PRNG must be seeded prior to calling DSA_generate_key().
-
-=head1 RETURN VALUE
-
-DSA_generate_key() returns 1 on success, 0 otherwise.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
-
-=head1 HISTORY
-
-DSA_generate_key() is available since SSLeay 0.8.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DSA_generate_parameters.pod b/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
deleted file mode 100644
index be7c924..0000000
--- a/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
+++ /dev/null
@@ -1,105 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_generate_parameters - generate DSA parameters
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- DSA *DSA_generate_parameters(int bits, unsigned char *seed,
- int seed_len, int *counter_ret, unsigned long *h_ret,
- void (*callback)(int, int, void *), void *cb_arg);
-
-=head1 DESCRIPTION
-
-DSA_generate_parameters() generates primes p and q and a generator g
-for use in the DSA.
-
-B<bits> is the length of the prime to be generated; the DSS allows a
-maximum of 1024 bits.
-
-If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
-generated at random. Otherwise, the seed is used to generate
-them. If the given seed does not yield a prime q, a new random
-seed is chosen and placed at B<seed>.
-
-DSA_generate_parameters() places the iteration count in
-*B<counter_ret> and a counter used for finding a generator in
-*B<h_ret>, unless these are B<NULL>.
-
-A callback function may be used to provide feedback about the progress
-of the key generation. If B<callback> is not B<NULL>, it will be
-called as follows:
-
-=over 4
-
-=item *
-
-When a candidate for q is generated, B<callback(0, m++, cb_arg)> is called
-(m is 0 for the first candidate).
-
-=item *
-
-When a candidate for q has passed a test by trial division,
-B<callback(1, -1, cb_arg)> is called.
-While a candidate for q is tested by Miller-Rabin primality tests,
-B<callback(1, i, cb_arg)> is called in the outer loop
-(once for each witness that confirms that the candidate may be prime);
-i is the loop counter (starting at 0).
-
-=item *
-
-When a prime q has been found, B<callback(2, 0, cb_arg)> and
-B<callback(3, 0, cb_arg)> are called.
-
-=item *
-
-Before a candidate for p (other than the first) is generated and tested,
-B<callback(0, counter, cb_arg)> is called.
-
-=item *
-
-When a candidate for p has passed the test by trial division,
-B<callback(1, -1, cb_arg)> is called.
-While it is tested by the Miller-Rabin primality test,
-B<callback(1, i, cb_arg)> is called in the outer loop
-(once for each witness that confirms that the candidate may be prime).
-i is the loop counter (starting at 0).
-
-=item *
-
-When p has been found, B<callback(2, 1, cb_arg)> is called.
-
-=item *
-
-When the generator has been found, B<callback(3, 1, cb_arg)> is called.
-
-=back
-
-=head1 RETURN VALUE
-
-DSA_generate_parameters() returns a pointer to the DSA structure, or
-B<NULL> if the parameter generation fails. The error codes can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 BUGS
-
-Seed lengths E<gt> 20 are not supported.
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<DSA_free(3)|DSA_free(3)>
-
-=head1 HISTORY
-
-DSA_generate_parameters() appeared in SSLeay 0.8. The B<cb_arg>
-argument was added in SSLeay 0.9.0.
-In versions up to OpenSSL 0.9.4, B<callback(1, ...)> was called
-in the inner loop of the Miller-Rabin test whenever it reached the
-squaring step (the parameters to B<callback> did not reveal how many
-witnesses had been tested); since OpenSSL 0.9.5, B<callback(1, ...)>
-is called as in BN_is_prime(3), i.e. once for each witness.
-=cut
diff --git a/crypto/openssl/doc/crypto/DSA_get_ex_new_index.pod b/crypto/openssl/doc/crypto/DSA_get_ex_new_index.pod
deleted file mode 100644
index 4612e70..0000000
--- a/crypto/openssl/doc/crypto/DSA_get_ex_new_index.pod
+++ /dev/null
@@ -1,36 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specific data to DSA structures
-
-=head1 SYNOPSIS
-
- #include <openssl/DSA.h>
-
- int DSA_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
-
- int DSA_set_ex_data(DSA *d, int idx, void *arg);
-
- char *DSA_get_ex_data(DSA *d, int idx);
-
-=head1 DESCRIPTION
-
-These functions handle application specific data in DSA
-structures. Their usage is identical to that of
-RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
-as described in L<RSA_get_ex_new_index(3)>.
-
-=head1 SEE ALSO
-
-L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dsa(3)|dsa(3)>
-
-=head1 HISTORY
-
-DSA_get_ex_new_index(), DSA_set_ex_data() and DSA_get_ex_data() are
-available since OpenSSL 0.9.5.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DSA_new.pod b/crypto/openssl/doc/crypto/DSA_new.pod
deleted file mode 100644
index 48e9b82..0000000
--- a/crypto/openssl/doc/crypto/DSA_new.pod
+++ /dev/null
@@ -1,42 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_new, DSA_free - allocate and free DSA objects
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- DSA* DSA_new(void);
-
- void DSA_free(DSA *dsa);
-
-=head1 DESCRIPTION
-
-DSA_new() allocates and initializes a B<DSA> structure. It is equivalent to
-calling DSA_new_method(NULL).
-
-DSA_free() frees the B<DSA> structure and its components. The values are
-erased before the memory is returned to the system.
-
-=head1 RETURN VALUES
-
-If the allocation fails, DSA_new() returns B<NULL> and sets an error
-code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
-to the newly allocated structure.
-
-DSA_free() returns no value.
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
-L<DSA_generate_key(3)|DSA_generate_key(3)>
-
-=head1 HISTORY
-
-DSA_new() and DSA_free() are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DSA_set_method.pod b/crypto/openssl/doc/crypto/DSA_set_method.pod
deleted file mode 100644
index bc3cfb1..0000000
--- a/crypto/openssl/doc/crypto/DSA_set_method.pod
+++ /dev/null
@@ -1,143 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_set_default_method, DSA_get_default_method,
-DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
- #include <openssl/engine.h>
-
- void DSA_set_default_method(const DSA_METHOD *meth);
-
- const DSA_METHOD *DSA_get_default_method(void);
-
- int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
-
- DSA *DSA_new_method(ENGINE *engine);
-
- DSA_METHOD *DSA_OpenSSL(void);
-
-=head1 DESCRIPTION
-
-A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
-operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
-important information about how these DSA API functions are affected by the use
-of B<ENGINE> API calls.
-
-Initially, the default DSA_METHOD is the OpenSSL internal implementation,
-as returned by DSA_OpenSSL().
-
-DSA_set_default_method() makes B<meth> the default method for all DSA
-structures created later. B<NB>: This is true only whilst no ENGINE has
-been set as a default for DSA, so this function is no longer recommended.
-
-DSA_get_default_method() returns a pointer to the current default
-DSA_METHOD. However, the meaningfulness of this result is dependant on
-whether the ENGINE API is being used, so this function is no longer
-recommended.
-
-DSA_set_method() selects B<meth> to perform all operations using the key
-B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the
-previous method was supplied by an ENGINE, the handle to that ENGINE will
-be released during the change. It is possible to have DSA keys that only
-work with certain DSA_METHOD implementations (eg. from an ENGINE module
-that supports embedded hardware-protected keys), and in such cases
-attempting to change the DSA_METHOD for the key can have unexpected
-results.
-
-DSA_new_method() allocates and initializes a DSA structure so that B<engine>
-will be used for the DSA operations. If B<engine> is NULL, the default engine
-for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD
-controlled by DSA_set_default_method() is used.
-
-=head1 THE DSA_METHOD STRUCTURE
-
-struct
- {
- /* name of the implementation */
- const char *name;
-
- /* sign */
- DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
- DSA *dsa);
-
- /* pre-compute k^-1 and r */
- int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
- BIGNUM **rp);
-
- /* verify */
- int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-
- /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
- implementations) */
- int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
- BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
-
- /* compute r = a ^ p mod m (May be NULL for some implementations) */
- int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
- /* called at DSA_new */
- int (*init)(DSA *DSA);
-
- /* called at DSA_free */
- int (*finish)(DSA *DSA);
-
- int flags;
-
- char *app_data; /* ?? */
-
- } DSA_METHOD;
-
-=head1 RETURN VALUES
-
-DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective
-B<DSA_METHOD>s.
-
-DSA_set_default_method() returns no value.
-
-DSA_set_method() returns non-zero if the provided B<meth> was successfully set as
-the method for B<dsa> (including unloading the ENGINE handle if the previous
-method was supplied by an ENGINE).
-
-DSA_new_method() returns NULL and sets an error code that can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
-fails. Otherwise it returns a pointer to the newly allocated structure.
-
-=head1 NOTES
-
-As of version 0.9.7, DSA_METHOD implementations are grouped together with other
-algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
-default ENGINE is specified for DSA functionality using an ENGINE API function,
-that will override any DSA defaults set using the DSA API (ie.
-DSA_set_default_method()). For this reason, the ENGINE API is the recommended way
-to control default implementations for use in DSA and other cryptographic
-algorithms.
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
-
-=head1 HISTORY
-
-DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
-DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
-
-DSA_set_default_openssl_method() and DSA_get_default_openssl_method() replaced
-DSA_set_default_method() and DSA_get_default_method() respectively, and
-DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s rather than
-B<DSA_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
-0.9.7, the handling of defaults in the ENGINE API was restructured so that this
-change was reversed, and behaviour of the other functions resembled more closely
-the previous behaviour. The behaviour of defaults in the ENGINE API now
-transparently overrides the behaviour of defaults in the DSA API without
-requiring changing these function prototypes.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DSA_sign.pod b/crypto/openssl/doc/crypto/DSA_sign.pod
deleted file mode 100644
index 97389e8..0000000
--- a/crypto/openssl/doc/crypto/DSA_sign.pod
+++ /dev/null
@@ -1,66 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- int DSA_sign(int type, const unsigned char *dgst, int len,
- unsigned char *sigret, unsigned int *siglen, DSA *dsa);
-
- int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
- BIGNUM **rp);
-
- int DSA_verify(int type, const unsigned char *dgst, int len,
- unsigned char *sigbuf, int siglen, DSA *dsa);
-
-=head1 DESCRIPTION
-
-DSA_sign() computes a digital signature on the B<len> byte message
-digest B<dgst> using the private key B<dsa> and places its ASN.1 DER
-encoding at B<sigret>. The length of the signature is places in
-*B<siglen>. B<sigret> must point to DSA_size(B<dsa>) bytes of memory.
-
-DSA_sign_setup() may be used to precompute part of the signing
-operation in case signature generation is time-critical. It expects
-B<dsa> to contain DSA parameters. It places the precomputed values
-in newly allocated B<BIGNUM>s at *B<kinvp> and *B<rp>, after freeing
-the old ones unless *B<kinvp> and *B<rp> are NULL. These values may
-be passed to DSA_sign() in B<dsa-E<gt>kinv> and B<dsa-E<gt>r>.
-B<ctx> is a pre-allocated B<BN_CTX> or NULL.
-
-DSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
-matches a given message digest B<dgst> of size B<len>.
-B<dsa> is the signer's public key.
-
-The B<type> parameter is ignored.
-
-The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
-is called.
-
-=head1 RETURN VALUES
-
-DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
-DSA_verify() returns 1 for a valid signature, 0 for an incorrect
-signature and -1 on error. The error codes can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 CONFORMING TO
-
-US Federal Information Processing Standard FIPS 186 (Digital Signature
-Standard, DSS), ANSI X9.30
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
-L<DSA_do_sign(3)|DSA_do_sign(3)>
-
-=head1 HISTORY
-
-DSA_sign() and DSA_verify() are available in all versions of SSLeay.
-DSA_sign_setup() was added in SSLeay 0.8.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/DSA_size.pod b/crypto/openssl/doc/crypto/DSA_size.pod
deleted file mode 100644
index ba4f650..0000000
--- a/crypto/openssl/doc/crypto/DSA_size.pod
+++ /dev/null
@@ -1,33 +0,0 @@
-=pod
-
-=head1 NAME
-
-DSA_size - get DSA signature size
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
-
- int DSA_size(const DSA *dsa);
-
-=head1 DESCRIPTION
-
-This function returns the size of an ASN.1 encoded DSA signature in
-bytes. It can be used to determine how much memory must be allocated
-for a DSA signature.
-
-B<dsa-E<gt>q> must not be B<NULL>.
-
-=head1 RETURN VALUE
-
-The size in bytes.
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<DSA_sign(3)|DSA_sign(3)>
-
-=head1 HISTORY
-
-DSA_size() is available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ERR_GET_LIB.pod b/crypto/openssl/doc/crypto/ERR_GET_LIB.pod
deleted file mode 100644
index 2a129da..0000000
--- a/crypto/openssl/doc/crypto/ERR_GET_LIB.pod
+++ /dev/null
@@ -1,51 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON - get library, function and
-reason code
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- int ERR_GET_LIB(unsigned long e);
-
- int ERR_GET_FUNC(unsigned long e);
-
- int ERR_GET_REASON(unsigned long e);
-
-=head1 DESCRIPTION
-
-The error code returned by ERR_get_error() consists of a library
-number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC()
-and ERR_GET_REASON() can be used to extract these.
-
-The library number and function code describe where the error
-occurred, the reason code is the information about what went wrong.
-
-Each sub-library of OpenSSL has a unique library number; function and
-reason codes are unique within each sub-library. Note that different
-libraries may use the same value to signal different functions and
-reasons.
-
-B<ERR_R_...> reason codes such as B<ERR_R_MALLOC_FAILURE> are globally
-unique. However, when checking for sub-library specific reason codes,
-be sure to also compare the library number.
-
-ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are macros.
-
-=head1 RETURN VALUES
-
-The library number, function code and reason code respectively.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in
-all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ERR_clear_error.pod b/crypto/openssl/doc/crypto/ERR_clear_error.pod
deleted file mode 100644
index 566e1f4..0000000
--- a/crypto/openssl/doc/crypto/ERR_clear_error.pod
+++ /dev/null
@@ -1,29 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_clear_error - clear the error queue
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- void ERR_clear_error(void);
-
-=head1 DESCRIPTION
-
-ERR_clear_error() empties the current thread's error queue.
-
-=head1 RETURN VALUES
-
-ERR_clear_error() has no return value.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-ERR_clear_error() is available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ERR_error_string.pod b/crypto/openssl/doc/crypto/ERR_error_string.pod
deleted file mode 100644
index cdfa7fe..0000000
--- a/crypto/openssl/doc/crypto/ERR_error_string.pod
+++ /dev/null
@@ -1,73 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
-ERR_func_error_string, ERR_reason_error_string - obtain human-readable
-error message
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- char *ERR_error_string(unsigned long e, char *buf);
- void ERR_error_string_n(unsigned long e, char *buf, size_t len);
-
- const char *ERR_lib_error_string(unsigned long e);
- const char *ERR_func_error_string(unsigned long e);
- const char *ERR_reason_error_string(unsigned long e);
-
-=head1 DESCRIPTION
-
-ERR_error_string() generates a human-readable string representing the
-error code I<e>, and places it at I<buf>. I<buf> must be at least 120
-bytes long. If I<buf> is B<NULL>, the error string is placed in a
-static buffer.
-ERR_error_string_n() is a variant of ERR_error_string() that writes
-at most I<len> characters (including the terminating 0)
-and truncates the string if necessary.
-For ERR_error_string_n(), I<buf> may not be B<NULL>.
-
-The string will have the following format:
-
- error:[error code]:[library name]:[function name]:[reason string]
-
-I<error code> is an 8 digit hexadecimal number, I<library name>,
-I<function name> and I<reason string> are ASCII text.
-
-ERR_lib_error_string(), ERR_func_error_string() and
-ERR_reason_error_string() return the library name, function
-name and reason string respectively.
-
-The OpenSSL error strings should be loaded by calling
-L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)> or, for SSL
-applications, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
-first.
-If there is no text string registered for the given error code,
-the error string will contain the numeric code.
-
-L<ERR_print_errors(3)|ERR_print_errors(3)> can be used to print
-all error codes currently in the queue.
-
-=head1 RETURN VALUES
-
-ERR_error_string() returns a pointer to a static buffer containing the
-string if I<buf> B<== NULL>, I<buf> otherwise.
-
-ERR_lib_error_string(), ERR_func_error_string() and
-ERR_reason_error_string() return the strings, and B<NULL> if
-none is registered for the error code.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
-L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
-L<ERR_print_errors(3)|ERR_print_errors(3)>
-
-=head1 HISTORY
-
-ERR_error_string() is available in all versions of SSLeay and OpenSSL.
-ERR_error_string_n() was added in OpenSSL 0.9.6.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ERR_get_error.pod b/crypto/openssl/doc/crypto/ERR_get_error.pod
deleted file mode 100644
index 3444304..0000000
--- a/crypto/openssl/doc/crypto/ERR_get_error.pod
+++ /dev/null
@@ -1,76 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_get_error, ERR_peek_error, ERR_peek_last_error,
-ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line,
-ERR_get_error_line_data, ERR_peek_error_line_data,
-ERR_peek_last_error_line_data - obtain error code and data
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- unsigned long ERR_get_error(void);
- unsigned long ERR_peek_error(void);
- unsigned long ERR_peek_last_error(void);
-
- unsigned long ERR_get_error_line(const char **file, int *line);
- unsigned long ERR_peek_error_line(const char **file, int *line);
- unsigned long ERR_peek_last_error_line(const char **file, int *line);
-
- unsigned long ERR_get_error_line_data(const char **file, int *line,
- const char **data, int *flags);
- unsigned long ERR_peek_error_line_data(const char **file, int *line,
- const char **data, int *flags);
- unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
- const char **data, int *flags);
-
-=head1 DESCRIPTION
-
-ERR_get_error() returns the earliest error code from the thread's error
-queue and removes the entry. This function can be called repeatedly
-until there are no more error codes to return.
-
-ERR_peek_error() returns the earliest error code from the thread's
-error queue without modifying it.
-
-ERR_peek_last_error() returns the latest error code from the thread's
-error queue without modifying it.
-
-See L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> for obtaining information about
-location and reason of the error, and
-L<ERR_error_string(3)|ERR_error_string(3)> for human-readable error
-messages.
-
-ERR_get_error_line(), ERR_peek_error_line() and
-ERR_peek_last_error_line() are the same as the above, but they
-additionally store the file name and line number where
-the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
-
-ERR_get_error_line_data(), ERR_peek_error_line_data() and
-ERR_get_last_error_line_data() store additional data and flags
-associated with the error code in *B<data>
-and *B<flags>, unless these are B<NULL>. *B<data> contains a string
-if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
-*B<flags>&B<ERR_TXT_MALLOCED> is true.
-
-=head1 RETURN VALUES
-
-The error code, or 0 if there is no error in the queue.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
-L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>
-
-=head1 HISTORY
-
-ERR_get_error(), ERR_peek_error(), ERR_get_error_line() and
-ERR_peek_error_line() are available in all versions of SSLeay and
-OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data()
-were added in SSLeay 0.9.0.
-ERR_peek_last_error(), ERR_peek_last_error_line() and
-ERR_peek_last_error_line_data() were added in OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ERR_load_crypto_strings.pod b/crypto/openssl/doc/crypto/ERR_load_crypto_strings.pod
deleted file mode 100644
index 9bdec75..0000000
--- a/crypto/openssl/doc/crypto/ERR_load_crypto_strings.pod
+++ /dev/null
@@ -1,46 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings -
-load and free error strings
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- void ERR_load_crypto_strings(void);
- void ERR_free_strings(void);
-
- #include <openssl/ssl.h>
-
- void SSL_load_error_strings(void);
-
-=head1 DESCRIPTION
-
-ERR_load_crypto_strings() registers the error strings for all
-B<libcrypto> functions. SSL_load_error_strings() does the same,
-but also registers the B<libssl> error strings.
-
-One of these functions should be called before generating
-textual error messages. However, this is not required when memory
-usage is an issue.
-
-ERR_free_strings() frees all previously loaded error strings.
-
-=head1 RETURN VALUES
-
-ERR_load_crypto_strings(), SSL_load_error_strings() and
-ERR_free_strings() return no values.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>
-
-=head1 HISTORY
-
-ERR_load_error_strings(), SSL_load_error_strings() and
-ERR_free_strings() are available in all versions of SSLeay and
-OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ERR_load_strings.pod b/crypto/openssl/doc/crypto/ERR_load_strings.pod
deleted file mode 100644
index 5acdd0e..0000000
--- a/crypto/openssl/doc/crypto/ERR_load_strings.pod
+++ /dev/null
@@ -1,54 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load
-arbitrary error strings
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
-
- int ERR_get_next_error_library(void);
-
- unsigned long ERR_PACK(int lib, int func, int reason);
-
-=head1 DESCRIPTION
-
-ERR_load_strings() registers error strings for library number B<lib>.
-
-B<str> is an array of error string data:
-
- typedef struct ERR_string_data_st
- {
- unsigned long error;
- char *string;
- } ERR_STRING_DATA;
-
-The error code is generated from the library number and a function and
-reason code: B<error> = ERR_PACK(B<lib>, B<func>, B<reason>).
-ERR_PACK() is a macro.
-
-The last entry in the array is {0,0}.
-
-ERR_get_next_error_library() can be used to assign library numbers
-to user libraries at runtime.
-
-=head1 RETURN VALUE
-
-ERR_load_strings() returns no value. ERR_PACK() return the error code.
-ERR_get_next_error_library() returns a new library number.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
-
-=head1 HISTORY
-
-ERR_load_error_strings() and ERR_PACK() are available in all versions
-of SSLeay and OpenSSL. ERR_get_next_error_library() was added in
-SSLeay 0.9.0.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ERR_print_errors.pod b/crypto/openssl/doc/crypto/ERR_print_errors.pod
deleted file mode 100644
index b100a5f..0000000
--- a/crypto/openssl/doc/crypto/ERR_print_errors.pod
+++ /dev/null
@@ -1,51 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_print_errors, ERR_print_errors_fp - print error messages
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- void ERR_print_errors(BIO *bp);
- void ERR_print_errors_fp(FILE *fp);
-
-=head1 DESCRIPTION
-
-ERR_print_errors() is a convenience function that prints the error
-strings for all errors that OpenSSL has recorded to B<bp>, thus
-emptying the error queue.
-
-ERR_print_errors_fp() is the same, except that the output goes to a
-B<FILE>.
-
-
-The error strings will have the following format:
-
- [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message]
-
-I<error code> is an 8 digit hexadecimal number. I<library name>,
-I<function name> and I<reason string> are ASCII text, as is I<optional
-text message> if one was set for the respective error code.
-
-If there is no text string registered for the given error code,
-the error string will contain the numeric code.
-
-=head1 RETURN VALUES
-
-ERR_print_errors() and ERR_print_errors_fp() return no values.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
-L<ERR_get_error(3)|ERR_get_error(3)>,
-L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
-L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
-
-=head1 HISTORY
-
-ERR_print_errors() and ERR_print_errors_fp()
-are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ERR_put_error.pod b/crypto/openssl/doc/crypto/ERR_put_error.pod
deleted file mode 100644
index acd241f..0000000
--- a/crypto/openssl/doc/crypto/ERR_put_error.pod
+++ /dev/null
@@ -1,44 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_put_error, ERR_add_error_data - record an error
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- void ERR_put_error(int lib, int func, int reason, const char *file,
- int line);
-
- void ERR_add_error_data(int num, ...);
-
-=head1 DESCRIPTION
-
-ERR_put_error() adds an error code to the thread's error queue. It
-signals that the error of reason code B<reason> occurred in function
-B<func> of library B<lib>, in line number B<line> of B<file>.
-This function is usually called by a macro.
-
-ERR_add_error_data() associates the concatenation of its B<num> string
-arguments with the error code added last.
-
-L<ERR_load_strings(3)|ERR_load_strings(3)> can be used to register
-error strings so that the application can a generate human-readable
-error messages for the error code.
-
-=head1 RETURN VALUES
-
-ERR_put_error() and ERR_add_error_data() return
-no values.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
-
-=head1 HISTORY
-
-ERR_put_error() is available in all versions of SSLeay and OpenSSL.
-ERR_add_error_data() was added in SSLeay 0.9.0.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ERR_remove_state.pod b/crypto/openssl/doc/crypto/ERR_remove_state.pod
deleted file mode 100644
index 72925fb..0000000
--- a/crypto/openssl/doc/crypto/ERR_remove_state.pod
+++ /dev/null
@@ -1,34 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_remove_state - free a thread's error queue
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- void ERR_remove_state(unsigned long pid);
-
-=head1 DESCRIPTION
-
-ERR_remove_state() frees the error queue associated with thread B<pid>.
-If B<pid> == 0, the current thread will have its error queue removed.
-
-Since error queue data structures are allocated automatically for new
-threads, they must be freed when threads are terminated in order to
-avoid memory leaks.
-
-=head1 RETURN VALUE
-
-ERR_remove_state() returns no value.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>
-
-=head1 HISTORY
-
-ERR_remove_state() is available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ERR_set_mark.pod b/crypto/openssl/doc/crypto/ERR_set_mark.pod
deleted file mode 100644
index d3ca4f2..0000000
--- a/crypto/openssl/doc/crypto/ERR_set_mark.pod
+++ /dev/null
@@ -1,38 +0,0 @@
-=pod
-
-=head1 NAME
-
-ERR_set_mark, ERR_pop_to_mark - set marks and pop errors until mark
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- int ERR_set_mark(void);
-
- int ERR_pop_to_mark(void);
-
-=head1 DESCRIPTION
-
-ERR_set_mark() sets a mark on the current topmost error record if there
-is one.
-
-ERR_pop_to_mark() will pop the top of the error stack until a mark is found.
-The mark is then removed. If there is no mark, the whole stack is removed.
-
-=head1 RETURN VALUES
-
-ERR_set_mark() returns 0 if the error stack is empty, otherwise 1.
-
-ERR_pop_to_mark() returns 0 if there was no mark in the error stack, which
-implies that the stack became empty, otherwise 1.
-
-=head1 SEE ALSO
-
-L<err(3)|err(3)>
-
-=head1 HISTORY
-
-ERR_set_mark() and ERR_pop_to_mark() were added in OpenSSL 0.9.8.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/EVP_BytesToKey.pod b/crypto/openssl/doc/crypto/EVP_BytesToKey.pod
deleted file mode 100644
index d375c46..0000000
--- a/crypto/openssl/doc/crypto/EVP_BytesToKey.pod
+++ /dev/null
@@ -1,67 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_BytesToKey - password based encryption routine
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
- const unsigned char *salt,
- const unsigned char *data, int datal, int count,
- unsigned char *key,unsigned char *iv);
-
-=head1 DESCRIPTION
-
-EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
-the cipher to derive the key and IV for. B<md> is the message digest to use.
-The B<salt> paramter is used as a salt in the derivation: it should point to
-an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
-B<datal> bytes which is used to derive the keying data. B<count> is the
-iteration count to use. The derived key and IV will be written to B<key>
-and B<iv> respectively.
-
-=head1 NOTES
-
-A typical application of this function is to derive keying material for an
-encryption algorithm from a password in the B<data> parameter.
-
-Increasing the B<count> parameter slows down the algorithm which makes it
-harder for an attacker to peform a brute force attack using a large number
-of candidate passwords.
-
-If the total key and IV length is less than the digest length and
-B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5
-otherwise a non standard extension is used to derive the extra data.
-
-Newer applications should use more standard algorithms such as PKCS#5
-v2.0 for key derivation.
-
-=head1 KEY DERIVATION ALGORITHM
-
-The key and IV is derived by concatenating D_1, D_2, etc until
-enough data is available for the key and IV. D_i is defined as:
-
- D_i = HASH^count(D_(i-1) || data || salt)
-
-where || denotes concatentaion, D_0 is empty, HASH is the digest
-algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data)
-is HASH(HASH(data)) and so on.
-
-The initial bytes are used for the key and the subsequent bytes for
-the IV.
-
-=head1 RETURN VALUES
-
-EVP_BytesToKey() returns the size of the derived key in bytes.
-
-=head1 SEE ALSO
-
-L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
-
-=head1 HISTORY
-
-=cut
diff --git a/crypto/openssl/doc/crypto/EVP_DigestInit.pod b/crypto/openssl/doc/crypto/EVP_DigestInit.pod
deleted file mode 100644
index 130cd7f..0000000
--- a/crypto/openssl/doc/crypto/EVP_DigestInit.pod
+++ /dev/null
@@ -1,256 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
-EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
-EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
-EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
-EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
-EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
-EVP digest routines
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
- EVP_MD_CTX *EVP_MD_CTX_create(void);
-
- int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
- int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
- int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
- unsigned int *s);
-
- int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
- void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
-
- int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);
-
- int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
- int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
- unsigned int *s);
-
- int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);
-
- #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
-
-
- #define EVP_MD_type(e) ((e)->type)
- #define EVP_MD_pkey_type(e) ((e)->pkey_type)
- #define EVP_MD_size(e) ((e)->md_size)
- #define EVP_MD_block_size(e) ((e)->block_size)
-
- #define EVP_MD_CTX_md(e) (e)->digest)
- #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest)
- #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest)
- #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest)
-
- const EVP_MD *EVP_md_null(void);
- const EVP_MD *EVP_md2(void);
- const EVP_MD *EVP_md5(void);
- const EVP_MD *EVP_sha(void);
- const EVP_MD *EVP_sha1(void);
- const EVP_MD *EVP_dss(void);
- const EVP_MD *EVP_dss1(void);
- const EVP_MD *EVP_mdc2(void);
- const EVP_MD *EVP_ripemd160(void);
-
- const EVP_MD *EVP_get_digestbyname(const char *name);
- #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
- #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
-
-=head1 DESCRIPTION
-
-The EVP digest routines are a high level interface to message digests.
-
-EVP_MD_CTX_init() initializes digest contet B<ctx>.
-
-EVP_MD_CTX_create() allocates, initializes and returns a digest contet.
-
-EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
-B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
-function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
-If B<impl> is NULL then the default implementation of digest B<type> is used.
-
-EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
-digest context B<ctx>. This function can be called several times on the
-same B<ctx> to hash additional data.
-
-EVP_DigestFinal_ex() retrieves the digest value from B<ctx> and places
-it in B<md>. If the B<s> parameter is not NULL then the number of
-bytes of data written (i.e. the length of the digest) will be written
-to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written.
-After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate()
-can be made, but EVP_DigestInit_ex() can be called to initialize a new
-digest operation.
-
-EVP_MD_CTX_cleanup() cleans up digest context B<ctx>, it should be called
-after a digest context is no longer needed.
-
-EVP_MD_CTX_destroy() cleans up digest context B<ctx> and frees up the
-space allocated to it, it should be called only on a context created
-using EVP_MD_CTX_create().
-
-EVP_MD_CTX_copy_ex() can be used to copy the message digest state from
-B<in> to B<out>. This is useful if large amounts of data are to be
-hashed which only differ in the last few bytes. B<out> must be initialized
-before calling this function.
-
-EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except
-the passed context B<ctx> does not have to be initialized, and it always
-uses the default digest implementation.
-
-EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest
-contet B<ctx> is automatically cleaned up.
-
-EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination
-B<out> does not have to be initialized.
-
-EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest
-when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the
-hash.
-
-EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size of the
-message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure.
-
-EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDENTIFIER
-representing the given message digest when passed an B<EVP_MD> structure.
-For example EVP_MD_type(EVP_sha1()) returns B<NID_sha1>. This function is
-normally used when setting ASN1 OIDs.
-
-EVP_MD_CTX_md() returns the B<EVP_MD> structure corresponding to the passed
-B<EVP_MD_CTX>.
-
-EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated
-with this digest. For example EVP_sha1() is associated with RSA so this will
-return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
-algorithms may not be retained in future versions of OpenSSL.
-
-EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
-return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
-algorithms respectively. The associated signature algorithm is RSA in each case.
-
-EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
-algorithms but using DSS (DSA) for the signature algorithm.
-
-EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it
-returns is of zero length.
-
-EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
-return an B<EVP_MD> structure when passed a digest name, a digest NID or
-an ASN1_OBJECT structure respectively. The digest table must be initialized
-using, for example, OpenSSL_add_all_digests() for these functions to work.
-
-=head1 RETURN VALUES
-
-EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return 1 for
-success and 0 for failure.
-
-EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure.
-
-EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
-corresponding OBJECT IDENTIFIER or NID_undef if none exists.
-
-EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
-EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block
-size in bytes.
-
-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
-EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
-corresponding EVP_MD structures.
-
-EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
-return either an B<EVP_MD> structure or NULL if an error occurs.
-
-=head1 NOTES
-
-The B<EVP> interface to message digests should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
-transparent to the digest used and much more flexible.
-
-SHA1 is the digest of choice for new applications. The other digest algorithms
-are still in common use.
-
-For most applications the B<impl> parameter to EVP_DigestInit_ex() will be
-set to NULL to use the default digest implementation.
-
-The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are
-obsolete but are retained to maintain compatibility with existing code. New
-applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and
-EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context
-instead of initializing and cleaning it up on each call and allow non default
-implementations of digests to be specified.
-
-In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
-memory leaks will occur.
-
-=head1 EXAMPLE
-
-This example digests the data "Test Message\n" and "Hello World\n", using the
-digest name passed on the command line.
-
- #include <stdio.h>
- #include <openssl/evp.h>
-
- main(int argc, char *argv[])
- {
- EVP_MD_CTX mdctx;
- const EVP_MD *md;
- char mess1[] = "Test Message\n";
- char mess2[] = "Hello World\n";
- unsigned char md_value[EVP_MAX_MD_SIZE];
- int md_len, i;
-
- OpenSSL_add_all_digests();
-
- if(!argv[1]) {
- printf("Usage: mdtest digestname\n");
- exit(1);
- }
-
- md = EVP_get_digestbyname(argv[1]);
-
- if(!md) {
- printf("Unknown message digest %s\n", argv[1]);
- exit(1);
- }
-
- EVP_MD_CTX_init(&mdctx);
- EVP_DigestInit_ex(&mdctx, md, NULL);
- EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
- EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
- EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
- EVP_MD_CTX_cleanup(&mdctx);
-
- printf("Digest is: ");
- for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
- printf("\n");
- }
-
-=head1 BUGS
-
-The link between digests and signing algorithms results in a situation where
-EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS
-even though they are identical digests.
-
-=head1 SEE ALSO
-
-L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
-
-=head1 HISTORY
-
-EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are
-available in all versions of SSLeay and OpenSSL.
-
-EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(),
-EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex()
-and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
-
-EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
-EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
-changed to return truely const EVP_MD * in OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/EVP_EncryptInit.pod b/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
deleted file mode 100644
index 8271d3d..0000000
--- a/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
+++ /dev/null
@@ -1,511 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate,
-EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate,
-EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate,
-EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length,
-EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit,
-EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal,
-EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname,
-EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid,
-EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length,
-EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher,
-EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length,
-EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data,
-EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags,
-EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param,
-EVP_CIPHER_CTX_set_padding - EVP cipher routines
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
-
- int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- ENGINE *impl, unsigned char *key, unsigned char *iv);
- int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
- int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl);
-
- int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- ENGINE *impl, unsigned char *key, unsigned char *iv);
- int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
- int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
- int *outl);
-
- int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
- int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
- int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
- int *outl);
-
- int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- unsigned char *key, unsigned char *iv);
- int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl);
-
- int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- unsigned char *key, unsigned char *iv);
- int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
- int *outl);
-
- int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- unsigned char *key, unsigned char *iv, int enc);
- int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
- int *outl);
-
- int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
- int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
- int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
- int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
-
- const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
- #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
- #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
-
- #define EVP_CIPHER_nid(e) ((e)->nid)
- #define EVP_CIPHER_block_size(e) ((e)->block_size)
- #define EVP_CIPHER_key_length(e) ((e)->key_len)
- #define EVP_CIPHER_iv_length(e) ((e)->iv_len)
- #define EVP_CIPHER_flags(e) ((e)->flags)
- #define EVP_CIPHER_mode(e) ((e)->flags) & EVP_CIPH_MODE)
- int EVP_CIPHER_type(const EVP_CIPHER *ctx);
-
- #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher)
- #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid)
- #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size)
- #define EVP_CIPHER_CTX_key_length(e) ((e)->key_len)
- #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len)
- #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
- #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
- #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
- #define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags)
- #define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE)
-
- int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
- int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-
-=head1 DESCRIPTION
-
-The EVP cipher routines are a high level interface to certain
-symmetric ciphers.
-
-EVP_CIPHER_CTX_init() initializes cipher contex B<ctx>.
-
-EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption
-with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized
-before calling this function. B<type> is normally supplied
-by a function such as EVP_des_cbc(). If B<impl> is NULL then the
-default implementation is used. B<key> is the symmetric key to use
-and B<iv> is the IV to use (if necessary), the actual number of bytes
-used for the key and IV depends on the cipher. It is possible to set
-all parameters to NULL except B<type> in an initial call and supply
-the remaining parameters in subsequent calls, all of which have B<type>
-set to NULL. This is done when the default cipher parameters are not
-appropriate.
-
-EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and
-writes the encrypted version to B<out>. This function can be called
-multiple times to encrypt successive blocks of data. The amount
-of data written depends on the block alignment of the encrypted data:
-as a result the amount of data written may be anything from zero bytes
-to (inl + cipher_block_size - 1) so B<outl> should contain sufficient
-room. The actual number of bytes written is placed in B<outl>.
-
-If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts
-the "final" data, that is any data that remains in a partial block.
-It uses L<standard block padding|/NOTES> (aka PKCS padding). The encrypted
-final data is written to B<out> which should have sufficient space for
-one cipher block. The number of bytes written is placed in B<outl>. After
-this function is called the encryption operation is finished and no further
-calls to EVP_EncryptUpdate() should be made.
-
-If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more
-data and it will return an error if any data remains in a partial block:
-that is if the total data length is not a multiple of the block size.
-
-EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the
-corresponding decryption operations. EVP_DecryptFinal() will return an
-error code if padding is enabled and the final block is not correctly
-formatted. The parameters and restrictions are identical to the encryption
-operations except that if padding is enabled the decrypted data buffer B<out>
-passed to EVP_DecryptUpdate() should have sufficient room for
-(B<inl> + cipher_block_size) bytes unless the cipher block size is 1 in
-which case B<inl> bytes is sufficient.
-
-EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are
-functions that can be used for decryption or encryption. The operation
-performed depends on the value of the B<enc> parameter. It should be set
-to 1 for encryption, 0 for decryption and -1 to leave the value unchanged
-(the actual value of 'enc' being supplied in a previous call).
-
-EVP_CIPHER_CTX_cleanup() clears all information from a cipher context
-and free up any allocated memory associate with it. It should be called
-after all operations using a cipher are complete so sensitive information
-does not remain in memory.
-
-EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
-similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
-EVP_CipherInit_ex() except the B<ctx> paramter does not need to be
-initialized and they always use the default cipher implementation.
-
-EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
-similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
-EVP_CipherFinal_ex() except B<ctx> is automatically cleaned up
-after the call.
-
-EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
-return an EVP_CIPHER structure when passed a cipher name, a NID or an
-ASN1_OBJECT structure.
-
-EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when
-passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure. The actual NID
-value is an internal value which may not have a corresponding OBJECT
-IDENTIFIER.
-
-EVP_CIPHER_CTX_set_padding() enables or disables padding. By default
-encryption operations are padded using standard block padding and the
-padding is checked and removed when decrypting. If the B<pad> parameter
-is zero then no padding is performed, the total amount of data encrypted
-or decrypted must then be a multiple of the block size or an error will
-occur.
-
-EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
-length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
-structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length
-for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a
-given cipher, the value of EVP_CIPHER_CTX_key_length() may be different
-for variable key length ciphers.
-
-EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx.
-If the cipher is a fixed length cipher then attempting to set the key
-length to any value other than the fixed value is an error.
-
-EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
-length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>.
-It will return zero if the cipher does not use an IV. The constant
-B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers.
-
-EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
-size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
-structure. The constant B<EVP_MAX_IV_LENGTH> is also the maximum block
-length for all ciphers.
-
-EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed
-cipher or context. This "type" is the actual NID of the cipher OBJECT
-IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and
-128 bit RC2 have the same NID. If the cipher does not have an object
-identifier or does not have ASN1 support this function will return
-B<NID_undef>.
-
-EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed
-an B<EVP_CIPHER_CTX> structure.
-
-EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode:
-EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE or
-EVP_CIPH_OFB_MODE. If the cipher is a stream cipher then
-EVP_CIPH_STREAM_CIPHER is returned.
-
-EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based
-on the passed cipher. This will typically include any parameters and an
-IV. The cipher IV (if any) must be set when this call is made. This call
-should be made before the cipher is actually "used" (before any
-EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function
-may fail if the cipher does not have any ASN1 support.
-
-EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1
-AlgorithmIdentifier "parameter". The precise effect depends on the cipher
-In the case of RC2, for example, it will set the IV and effective key length.
-This function should be called after the base cipher type is set but before
-the key is set. For example EVP_CipherInit() will be called with the IV and
-key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally
-EVP_CipherInit() again with all parameters except the key set to NULL. It is
-possible for this function to fail if the cipher does not have any ASN1 support
-or the parameters cannot be set (for example the RC2 effective key length
-is not supported.
-
-EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined
-and set. Currently only the RC2 effective key length and the number of rounds of
-RC5 can be set.
-
-=head1 RETURN VALUES
-
-EVP_EncryptInit_ex(), EVP_EncryptUpdate() and EVP_EncryptFinal_ex()
-return 1 for success and 0 for failure.
-
-EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure.
-EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.
-
-EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure.
-EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success.
-
-EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.
-
-EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
-return an B<EVP_CIPHER> structure or NULL on error.
-
-EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.
-
-EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
-size.
-
-EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
-length.
-
-EVP_CIPHER_CTX_set_padding() always returns 1.
-
-EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
-length or zero if the cipher does not use an IV.
-
-EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's
-OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.
-
-EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure.
-
-EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for
-success or zero for failure.
-
-=head1 CIPHER LISTING
-
-All algorithms have a fixed key length unless otherwise stated.
-
-=over 4
-
-=item EVP_enc_null()
-
-Null cipher: does nothing.
-
-=item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)
-
-DES in CBC, ECB, CFB and OFB modes respectively.
-
-=item EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)
-
-Two key triple DES in CBC, ECB, CFB and OFB modes respectively.
-
-=item EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)
-
-Three key triple DES in CBC, ECB, CFB and OFB modes respectively.
-
-=item EVP_desx_cbc(void)
-
-DESX algorithm in CBC mode.
-
-=item EVP_rc4(void)
-
-RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.
-
-=item EVP_rc4_40(void)
-
-RC4 stream cipher with 40 bit key length. This is obsolete and new code should use EVP_rc4()
-and the EVP_CIPHER_CTX_set_key_length() function.
-
-=item EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)
-
-IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
-
-=item EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)
-
-RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
-length cipher with an additional parameter called "effective key bits" or "effective key length".
-By default both are set to 128 bits.
-
-=item EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)
-
-RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits.
-These are obsolete and new code should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and
-EVP_CIPHER_CTX_ctrl() to set the key length and effective key length.
-
-=item EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);
-
-Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
-length cipher.
-
-=item EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)
-
-CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
-length cipher.
-
-=item EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)
-
-RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length
-cipher with an additional "number of rounds" parameter. By default the key length is set to 128
-bits and 12 rounds.
-
-=back
-
-=head1 NOTES
-
-Where possible the B<EVP> interface to symmetric ciphers should be used in
-preference to the low level interfaces. This is because the code then becomes
-transparent to the cipher used and much more flexible.
-
-PKCS padding works by adding B<n> padding bytes of value B<n> to make the total
-length of the encrypted data a multiple of the block size. Padding is always
-added so if the data is already a multiple of the block size B<n> will equal
-the block size. For example if the block size is 8 and 11 bytes are to be
-encrypted then 5 padding bytes of value 5 will be added.
-
-When decrypting the final block is checked to see if it has the correct form.
-
-Although the decryption operation can produce an error if padding is enabled,
-it is not a strong test that the input data or key is correct. A random block
-has better than 1 in 256 chance of being of the correct format and problems with
-the input data earlier on will not produce a final decrypt error.
-
-If padding is disabled then the decryption operation will always succeed if
-the total amount of data decrypted is a multiple of the block size.
-
-The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(),
-EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for
-compatibility with existing code. New code should use EVP_EncryptInit_ex(),
-EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(),
-EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an
-existing context without allocating and freeing it up on each call.
-
-=head1 BUGS
-
-For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is
-a limitation of the current RC5 code rather than the EVP interface.
-
-EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with
-default key lengths. If custom ciphers exceed these values the results are
-unpredictable. This is because it has become standard practice to define a
-generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes.
-
-The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested
-for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.
-
-=head1 EXAMPLES
-
-Get the number of rounds used in RC5:
-
- int nrounds;
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds);
-
-Get the RC2 effective key length:
-
- int key_bits;
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits);
-
-Set the number of rounds used in RC5:
-
- int nrounds;
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL);
-
-Set the effective key length used in RC2:
-
- int key_bits;
- EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
-
-Encrypt a string using blowfish:
-
- int do_crypt(char *outfile)
- {
- unsigned char outbuf[1024];
- int outlen, tmplen;
- /* Bogus key and IV: we'd normally set these from
- * another source.
- */
- unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
- unsigned char iv[] = {1,2,3,4,5,6,7,8};
- char intext[] = "Some Crypto Text";
- EVP_CIPHER_CTX ctx;
- FILE *out;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
-
- if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext)))
- {
- /* Error */
- return 0;
- }
- /* Buffer passed to EVP_EncryptFinal() must be after data just
- * encrypted to avoid overwriting it.
- */
- if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
- {
- /* Error */
- return 0;
- }
- outlen += tmplen;
- EVP_CIPHER_CTX_cleanup(&ctx);
- /* Need binary mode for fopen because encrypted data is
- * binary data. Also cannot use strlen() on it because
- * it wont be null terminated and may contain embedded
- * nulls.
- */
- out = fopen(outfile, "wb");
- fwrite(outbuf, 1, outlen, out);
- fclose(out);
- return 1;
- }
-
-The ciphertext from the above example can be decrypted using the B<openssl>
-utility with the command line:
-
- S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d>
-
-General encryption, decryption function example using FILE I/O and RC2 with an
-80 bit key:
-
- int do_crypt(FILE *in, FILE *out, int do_encrypt)
- {
- /* Allow enough space in output buffer for additional block */
- inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
- int inlen, outlen;
- /* Bogus key and IV: we'd normally set these from
- * another source.
- */
- unsigned char key[] = "0123456789";
- unsigned char iv[] = "12345678";
- /* Don't set key or IV because we will modify the parameters */
- EVP_CIPHER_CTX_init(&ctx);
- EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);
- EVP_CIPHER_CTX_set_key_length(&ctx, 10);
- /* We finished modifying parameters so now we can set key and IV */
- EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
-
- for(;;)
- {
- inlen = fread(inbuf, 1, 1024, in);
- if(inlen <= 0) break;
- if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
- {
- /* Error */
- EVP_CIPHER_CTX_cleanup(&ctx);
- return 0;
- }
- fwrite(outbuf, 1, outlen, out);
- }
- if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
- {
- /* Error */
- EVP_CIPHER_CTX_cleanup(&ctx);
- return 0;
- }
- fwrite(outbuf, 1, outlen, out);
-
- EVP_CIPHER_CTX_cleanup(&ctx);
- return 1;
- }
-
-
-=head1 SEE ALSO
-
-L<evp(3)|evp(3)>
-
-=head1 HISTORY
-
-EVP_CIPHER_CTX_init(), EVP_EncryptInit_ex(), EVP_EncryptFinal_ex(),
-EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex(),
-EVP_CipherFinal_ex() and EVP_CIPHER_CTX_set_padding() appeared in
-OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/EVP_OpenInit.pod b/crypto/openssl/doc/crypto/EVP_OpenInit.pod
deleted file mode 100644
index 2e710da..0000000
--- a/crypto/openssl/doc/crypto/EVP_OpenInit.pod
+++ /dev/null
@@ -1,63 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
- int ekl,unsigned char *iv,EVP_PKEY *priv);
- int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
- int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl);
-
-=head1 DESCRIPTION
-
-The EVP envelope routines are a high level interface to envelope
-decryption. They decrypt a public key encrypted symmetric key and
-then decrypt data using it.
-
-EVP_OpenInit() initializes a cipher context B<ctx> for decryption
-with cipher B<type>. It decrypts the encrypted symmetric key of length
-B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
-The IV is supplied in the B<iv> parameter.
-
-EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
-as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as
-documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
-page.
-
-=head1 NOTES
-
-It is possible to call EVP_OpenInit() twice in the same way as
-EVP_DecryptInit(). The first call should have B<priv> set to NULL
-and (after setting any cipher parameters) it should be called again
-with B<type> set to NULL.
-
-If the cipher passed in the B<type> parameter is a variable length
-cipher then the key length will be set to the value of the recovered
-key length. If the cipher is a fixed length cipher then the recovered
-key length must match the fixed cipher length.
-
-=head1 RETURN VALUES
-
-EVP_OpenInit() returns 0 on error or a non zero integer (actually the
-recovered secret key size) if successful.
-
-EVP_OpenUpdate() returns 1 for success or 0 for failure.
-
-EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success.
-
-=head1 SEE ALSO
-
-L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
-L<EVP_SealInit(3)|EVP_SealInit(3)>
-
-=head1 HISTORY
-
-=cut
diff --git a/crypto/openssl/doc/crypto/EVP_PKEY_new.pod b/crypto/openssl/doc/crypto/EVP_PKEY_new.pod
deleted file mode 100644
index 10687e4..0000000
--- a/crypto/openssl/doc/crypto/EVP_PKEY_new.pod
+++ /dev/null
@@ -1,47 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_PKEY_new, EVP_PKEY_free - private key allocation functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- EVP_PKEY *EVP_PKEY_new(void);
- void EVP_PKEY_free(EVP_PKEY *key);
-
-
-=head1 DESCRIPTION
-
-The EVP_PKEY_new() function allocates an empty B<EVP_PKEY>
-structure which is used by OpenSSL to store private keys.
-
-EVP_PKEY_free() frees up the private key B<key>.
-
-=head1 NOTES
-
-The B<EVP_PKEY> structure is used by various OpenSSL functions
-which require a general private key without reference to any
-particular algorithm.
-
-The structure returned by EVP_PKEY_new() is empty. To add a
-private key to this empty structure the functions described in
-L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> should be used.
-
-=head1 RETURN VALUES
-
-EVP_PKEY_new() returns either the newly allocated B<EVP_PKEY>
-structure of B<NULL> if an error occurred.
-
-EVP_PKEY_free() does not return a value.
-
-=head1 SEE ALSO
-
-L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod b/crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod
deleted file mode 100644
index 2db692e..0000000
--- a/crypto/openssl/doc/crypto/EVP_PKEY_set1_RSA.pod
+++ /dev/null
@@ -1,80 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
-EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
-EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY,
-EVP_PKEY_type - EVP_PKEY assignment functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
- int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
- int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
- int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
-
- RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
- DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
- DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
- EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
-
- int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key);
- int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key);
- int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key);
- int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
-
- int EVP_PKEY_type(int type);
-
-=head1 DESCRIPTION
-
-EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
-EVP_PKEY_set1_EC_KEY() set the key referenced by B<pkey> to B<key>.
-
-EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
-EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
-B<NULL> if the key is not of the correct type.
-
-EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
-however these use the supplied B<key> internally and so B<key>
-will be freed when the parent B<pkey> is freed.
-
-EVP_PKEY_type() returns the type of key corresponding to the value
-B<type>. The type of a key can be obtained with
-EVP_PKEY_type(pkey->type). The return value will be EVP_PKEY_RSA,
-EVP_PKEY_DSA, EVP_PKEY_DH or EVP_PKEY_EC for the corresponding
-key types or NID_undef if the key type is unassigned.
-
-=head1 NOTES
-
-In accordance with the OpenSSL naming convention the key obtained
-from or assigned to the B<pkey> using the B<1> functions must be
-freed as well as B<pkey>.
-
-EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-EVP_PKEY_assign_EC_KEY() are implemented as macros.
-
-=head1 RETURN VALUES
-
-EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
-EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
-
-EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
-EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if
-an error occurred.
-
-EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
-and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure.
-
-=head1 SEE ALSO
-
-L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/EVP_SealInit.pod b/crypto/openssl/doc/crypto/EVP_SealInit.pod
deleted file mode 100644
index 7d793e1..0000000
--- a/crypto/openssl/doc/crypto/EVP_SealInit.pod
+++ /dev/null
@@ -1,85 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
- unsigned char **ek, int *ekl, unsigned char *iv,
- EVP_PKEY **pubk, int npubk);
- int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl, unsigned char *in, int inl);
- int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
- int *outl);
-
-=head1 DESCRIPTION
-
-The EVP envelope routines are a high level interface to envelope
-encryption. They generate a random key and IV (if required) then
-"envelope" it by using public key encryption. Data can then be
-encrypted using this key.
-
-EVP_SealInit() initializes a cipher context B<ctx> for encryption
-with cipher B<type> using a random secret key and IV. B<type> is normally
-supplied by a function such as EVP_des_cbc(). The secret key is encrypted
-using one or more public keys, this allows the same encrypted data to be
-decrypted using any of the corresponding private keys. B<ek> is an array of
-buffers where the public key encrypted secret key will be written, each buffer
-must contain enough room for the corresponding encrypted key: that is
-B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
-size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
-an array of B<npubk> public keys.
-
-The B<iv> parameter is a buffer where the generated IV is written to. It must
-contain enough room for the corresponding cipher's IV, as determined by (for
-example) EVP_CIPHER_iv_length(type).
-
-If the cipher does not require an IV then the B<iv> parameter is ignored
-and can be B<NULL>.
-
-EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
-as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as
-documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
-page.
-
-=head1 RETURN VALUES
-
-EVP_SealInit() returns 0 on error or B<npubk> if successful.
-
-EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
-failure.
-
-=head1 NOTES
-
-Because a random secret key is generated the random number generator
-must be seeded before calling EVP_SealInit().
-
-The public key must be RSA because it is the only OpenSSL public key
-algorithm that supports key transport.
-
-Envelope encryption is the usual method of using public key encryption
-on large amounts of data, this is because public key encryption is slow
-but symmetric encryption is fast. So symmetric encryption is used for
-bulk encryption and the small random symmetric key used is transferred
-using public key encryption.
-
-It is possible to call EVP_SealInit() twice in the same way as
-EVP_EncryptInit(). The first call should have B<npubk> set to 0
-and (after setting any cipher parameters) it should be called again
-with B<type> set to NULL.
-
-=head1 SEE ALSO
-
-L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
-L<EVP_OpenInit(3)|EVP_OpenInit(3)>
-
-=head1 HISTORY
-
-EVP_SealFinal() did not return a value before OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/EVP_SignInit.pod b/crypto/openssl/doc/crypto/EVP_SignInit.pod
deleted file mode 100644
index b6e62ce..0000000
--- a/crypto/openssl/doc/crypto/EVP_SignInit.pod
+++ /dev/null
@@ -1,95 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
- int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey);
-
- void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-
- int EVP_PKEY_size(EVP_PKEY *pkey);
-
-=head1 DESCRIPTION
-
-The EVP signature routines are a high level interface to digital
-signatures.
-
-EVP_SignInit_ex() sets up signing context B<ctx> to use digest
-B<type> from ENGINE B<impl>. B<ctx> must be initialized with
-EVP_MD_CTX_init() before calling this function.
-
-EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
-signature context B<ctx>. This function can be called several times on the
-same B<ctx> to include additional data.
-
-EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
-places the signature in B<sig>. The number of bytes of data written (i.e. the
-length of the signature) will be written to the integer at B<s>, at most
-EVP_PKEY_size(pkey) bytes will be written.
-
-EVP_SignInit() initializes a signing context B<ctx> to use the default
-implementation of digest B<type>.
-
-EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
-signature returned by EVP_SignFinal() may be smaller.
-
-=head1 RETURN VALUES
-
-EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1
-for success and 0 for failure.
-
-EVP_PKEY_size() returns the maximum size of a signature in bytes.
-
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 NOTES
-
-The B<EVP> interface to digital signatures should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
-transparent to the algorithm used and much more flexible.
-
-Due to the link between message digests and public key algorithms the correct
-digest algorithm must be used with the correct public key type. A list of
-algorithms and associated public key algorithms appears in
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
-
-When signing with DSA private keys the random number generator must be seeded
-or the operation will fail. The random number generator does not need to be
-seeded for RSA signatures.
-
-The call to EVP_SignFinal() internally finalizes a copy of the digest context.
-This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called
-later to digest and sign additional data.
-
-Since only a copy of the digest context is ever finalized the context must
-be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
-will occur.
-
-=head1 BUGS
-
-Older versions of this documentation wrongly stated that calls to
-EVP_SignUpdate() could not be made after calling EVP_SignFinal().
-
-=head1 SEE ALSO
-
-L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
-L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
-
-=head1 HISTORY
-
-EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are
-available in all versions of SSLeay and OpenSSL.
-
-EVP_SignInit_ex() was added in OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/EVP_VerifyInit.pod b/crypto/openssl/doc/crypto/EVP_VerifyInit.pod
deleted file mode 100644
index b6afaed..0000000
--- a/crypto/openssl/doc/crypto/EVP_VerifyInit.pod
+++ /dev/null
@@ -1,86 +0,0 @@
-=pod
-
-=head1 NAME
-
-EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
- int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
- int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
-
- int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
-
-=head1 DESCRIPTION
-
-The EVP signature verification routines are a high level interface to digital
-signatures.
-
-EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest
-B<type> from ENGINE B<impl>. B<ctx> must be initialized by calling
-EVP_MD_CTX_init() before calling this function.
-
-EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
-verification context B<ctx>. This function can be called several times on the
-same B<ctx> to include additional data.
-
-EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
-and against the B<siglen> bytes at B<sigbuf>.
-
-EVP_VerifyInit() initializes verification context B<ctx> to use the default
-implementation of digest B<type>.
-
-=head1 RETURN VALUES
-
-EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
-failure.
-
-EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some
-other error occurred.
-
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 NOTES
-
-The B<EVP> interface to digital signatures should almost always be used in
-preference to the low level interfaces. This is because the code then becomes
-transparent to the algorithm used and much more flexible.
-
-Due to the link between message digests and public key algorithms the correct
-digest algorithm must be used with the correct public key type. A list of
-algorithms and associated public key algorithms appears in
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
-
-The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
-This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called
-later to digest and verify additional data.
-
-Since only a copy of the digest context is ever finalized the context must
-be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
-will occur.
-
-=head1 BUGS
-
-Older versions of this documentation wrongly stated that calls to
-EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
-
-=head1 SEE ALSO
-
-L<evp(3)|evp(3)>,
-L<EVP_SignInit(3)|EVP_SignInit(3)>,
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
-L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
-
-=head1 HISTORY
-
-EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are
-available in all versions of SSLeay and OpenSSL.
-
-EVP_VerifyInit_ex() was added in OpenSSL 0.9.7
-
-=cut
diff --git a/crypto/openssl/doc/crypto/OBJ_nid2obj.pod b/crypto/openssl/doc/crypto/OBJ_nid2obj.pod
deleted file mode 100644
index 7dcc079..0000000
--- a/crypto/openssl/doc/crypto/OBJ_nid2obj.pod
+++ /dev/null
@@ -1,149 +0,0 @@
-=pod
-
-=head1 NAME
-
-OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
-OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup - ASN1 object utility
-functions
-
-=head1 SYNOPSIS
-
- ASN1_OBJECT * OBJ_nid2obj(int n);
- const char * OBJ_nid2ln(int n);
- const char * OBJ_nid2sn(int n);
-
- int OBJ_obj2nid(const ASN1_OBJECT *o);
- int OBJ_ln2nid(const char *ln);
- int OBJ_sn2nid(const char *sn);
-
- int OBJ_txt2nid(const char *s);
-
- ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name);
- int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
-
- int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
- ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o);
-
- int OBJ_create(const char *oid,const char *sn,const char *ln);
- void OBJ_cleanup(void);
-
-=head1 DESCRIPTION
-
-The ASN1 object utility functions process ASN1_OBJECT structures which are
-a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
-
-OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to
-an ASN1_OBJECT structure, its long name and its short name respectively,
-or B<NULL> is an error occurred.
-
-OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID
-for the object B<o>, the long name <ln> or the short name <sn> respectively
-or NID_undef if an error occurred.
-
-OBJ_txt2nid() returns NID corresponding to text string <s>. B<s> can be
-a long name, a short name or the numerical respresentation of an object.
-
-OBJ_txt2obj() converts the text string B<s> into an ASN1_OBJECT structure.
-If B<no_name> is 0 then long names and short names will be interpreted
-as well as numerical forms. If B<no_name> is 1 only the numerical form
-is acceptable.
-
-OBJ_obj2txt() converts the B<ASN1_OBJECT> B<a> into a textual representation.
-The representation is written as a null terminated string to B<buf>
-at most B<buf_len> bytes are written, truncating the result if necessary.
-The total amount of space required is returned. If B<no_name> is 0 then
-if the object has a long or short name then that will be used, otherwise
-the numerical form will be used. If B<no_name> is 1 then the numerical
-form will always be used.
-
-OBJ_cmp() compares B<a> to B<b>. If the two are identical 0 is returned.
-
-OBJ_dup() returns a copy of B<o>.
-
-OBJ_create() adds a new object to the internal table. B<oid> is the
-numerical form of the object, B<sn> the short name and B<ln> the
-long name. A new NID is returned for the created object.
-
-OBJ_cleanup() cleans up OpenSSLs internal object table: this should
-be called before an application exits if any new objects were added
-using OBJ_create().
-
-=head1 NOTES
-
-Objects in OpenSSL can have a short name, a long name and a numerical
-identifier (NID) associated with them. A standard set of objects is
-represented in an internal table. The appropriate values are defined
-in the header file B<objects.h>.
-
-For example the OID for commonName has the following definitions:
-
- #define SN_commonName "CN"
- #define LN_commonName "commonName"
- #define NID_commonName 13
-
-New objects can be added by calling OBJ_create().
-
-Table objects have certain advantages over other objects: for example
-their NIDs can be used in a C language switch statement. They are
-also static constant structures which are shared: that is there
-is only a single constant structure for each table object.
-
-Objects which are not in the table have the NID value NID_undef.
-
-Objects do not need to be in the internal tables to be processed,
-the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical
-form of an OID.
-
-=head1 EXAMPLES
-
-Create an object for B<commonName>:
-
- ASN1_OBJECT *o;
- o = OBJ_nid2obj(NID_commonName);
-
-Check if an object is B<commonName>
-
- if (OBJ_obj2nid(obj) == NID_commonName)
- /* Do something */
-
-Create a new NID and initialize an object from it:
-
- int new_nid;
- ASN1_OBJECT *obj;
- new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
-
- obj = OBJ_nid2obj(new_nid);
-
-Create a new object directly:
-
- obj = OBJ_txt2obj("1.2.3.4", 1);
-
-=head1 BUGS
-
-OBJ_obj2txt() is awkward and messy to use: it doesn't follow the
-convention of other OpenSSL functions where the buffer can be set
-to B<NULL> to determine the amount of data that should be written.
-Instead B<buf> must point to a valid buffer and B<buf_len> should
-be set to a positive value. A buffer length of 80 should be more
-than enough to handle any OID encountered in practice.
-
-=head1 RETURN VALUES
-
-OBJ_nid2obj() returns an B<ASN1_OBJECT> structure or B<NULL> is an
-error occurred.
-
-OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or B<NULL>
-on error.
-
-OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return
-a NID or B<NID_undef> on error.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/OPENSSL_Applink.pod b/crypto/openssl/doc/crypto/OPENSSL_Applink.pod
deleted file mode 100644
index e54de12..0000000
--- a/crypto/openssl/doc/crypto/OPENSSL_Applink.pod
+++ /dev/null
@@ -1,21 +0,0 @@
-=pod
-
-=head1 NAME
-
-OPENSSL_Applink - glue between OpenSSL BIO and Win32 compiler run-time
-
-=head1 SYNOPSIS
-
- __declspec(dllexport) void **OPENSSL_Applink();
-
-=head1 DESCRIPTION
-
-OPENSSL_Applink is application-side interface which provides a glue
-between OpenSSL BIO layer and Win32 compiler run-time environment.
-Even though it appears at application side, it's essentially OpenSSL
-private interface. For this reason application developers are not
-expected to implement it, but to compile provided module with
-compiler of their choice and link it into the target application.
-The referred module is available as <openssl>/ms/applink.c.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod
deleted file mode 100644
index c39ac35..0000000
--- a/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod
+++ /dev/null
@@ -1,101 +0,0 @@
-=pod
-
-=head1 NAME
-
-OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number
-
-=head1 SYNOPSIS
-
- #include <openssl/opensslv.h>
- #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
-
- #include <openssl/crypto.h>
- long SSLeay(void);
- const char *SSLeay_version(int t);
-
-=head1 DESCRIPTION
-
-OPENSSL_VERSION_NUMBER is a numeric release version identifier:
-
- MMNNFFPPS: major minor fix patch status
-
-The status nibble has one of the values 0 for development, 1 to e for betas
-1 to 14, and f for release.
-
-for example
-
- 0x000906000 == 0.9.6 dev
- 0x000906023 == 0.9.6b beta 3
- 0x00090605f == 0.9.6e release
-
-Versions prior to 0.9.3 have identifiers E<lt> 0x0930.
-Versions between 0.9.3 and 0.9.5 had a version identifier with this
-interpretation:
-
- MMNNFFRBB major minor fix final beta/patch
-
-for example
-
- 0x000904100 == 0.9.4 release
- 0x000905000 == 0.9.5 dev
-
-Version 0.9.5a had an interim interpretation that is like the current one,
-except the patch level got the highest bit set, to keep continuity. The
-number was therefore 0x0090581f.
-
-
-For backward compatibility, SSLEAY_VERSION_NUMBER is also defined.
-
-SSLeay() returns this number. The return value can be compared to the
-macro to make sure that the correct version of the library has been
-loaded, especially when using DLLs on Windows systems.
-
-SSLeay_version() returns different strings depending on B<t>:
-
-=over 4
-
-=item SSLEAY_VERSION
-
-The text variant of the version number and the release date. For example,
-"OpenSSL 0.9.5a 1 Apr 2000".
-
-=item SSLEAY_CFLAGS
-
-The compiler flags set for the compilation process in the form
-"compiler: ..." if available or "compiler: information not available"
-otherwise.
-
-=item SSLEAY_BUILT_ON
-
-The date of the build process in the form "built on: ..." if available
-or "built on: date not available" otherwise.
-
-=item SSLEAY_PLATFORM
-
-The "Configure" target of the library build in the form "platform: ..."
-if available or "platform: information not available" otherwise.
-
-=item SSLEAY_DIR
-
-The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "...""
-if available or "OPENSSLDIR: N/A" otherwise.
-
-=back
-
-For an unknown B<t>, the text "not available" is returned.
-
-=head1 RETURN VALUE
-
-The version number.
-
-=head1 SEE ALSO
-
-L<crypto(3)|crypto(3)>
-
-=head1 HISTORY
-
-SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL.
-OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL.
-B<SSLEAY_DIR> was added in OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/OPENSSL_config.pod b/crypto/openssl/doc/crypto/OPENSSL_config.pod
deleted file mode 100644
index e7bba2a..0000000
--- a/crypto/openssl/doc/crypto/OPENSSL_config.pod
+++ /dev/null
@@ -1,82 +0,0 @@
-=pod
-
-=head1 NAME
-
-OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions
-
-=head1 SYNOPSIS
-
- #include <openssl/conf.h>
-
- void OPENSSL_config(const char *config_name);
- void OPENSSL_no_config(void);
-
-=head1 DESCRIPTION
-
-OPENSSL_config() configures OpenSSL using the standard B<openssl.cnf>
-configuration file name using B<config_name>. If B<config_name> is NULL then
-the default name B<openssl_conf> will be used. Any errors are ignored. Further
-calls to OPENSSL_config() will have no effect. The configuration file format
-is documented in the L<conf(5)|conf(5)> manual page.
-
-OPENSSL_no_config() disables configuration. If called before OPENSSL_config()
-no configuration takes place.
-
-=head1 NOTES
-
-It is B<strongly> recommended that B<all> new applications call OPENSSL_config()
-or the more sophisticated functions such as CONF_modules_load() during
-initialization (that is before starting any threads). By doing this
-an application does not need to keep track of all configuration options
-and some new functionality can be supported automatically.
-
-It is also possible to automatically call OPENSSL_config() when an application
-calls OPENSSL_add_all_algorithms() by compiling an application with the
-preprocessor symbol B<OPENSSL_LOAD_CONF> #define'd. In this way configuration
-can be added without source changes.
-
-The environment variable B<OPENSSL_CONF> can be set to specify the location
-of the configuration file.
-
-Currently ASN1 OBJECTs and ENGINE configuration can be performed future
-versions of OpenSSL will add new configuration options.
-
-There are several reasons why calling the OpenSSL configuration routines is
-advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7.
-In OpenSSL 0.9.7 control functions can be supported by ENGINEs, this can be
-used (among other things) to load dynamic ENGINEs from shared libraries (DSOs).
-However very few applications currently support the control interface and so
-very few can load and use dynamic ENGINEs. Equally in future more sophisticated
-ENGINEs will require certain control operations to customize them. If an
-application calls OPENSSL_config() it doesn't need to know or care about
-ENGINE control operations because they can be performed by editing a
-configuration file.
-
-Applications should free up configuration at application closedown by calling
-CONF_modules_free().
-
-=head1 RESTRICTIONS
-
-The OPENSSL_config() function is designed to be a very simple "call it and
-forget it" function. As a result its behaviour is somewhat limited. It ignores
-all errors silently and it can only load from the standard configuration file
-location for example.
-
-It is however B<much> better than nothing. Applications which need finer
-control over their configuration functionality should use the configuration
-functions such as CONF_load_modules() directly.
-
-=head1 RETURN VALUES
-
-Neither OPENSSL_config() nor OPENSSL_no_config() return a value.
-
-=head1 SEE ALSO
-
-L<conf(5)|conf(5)>, L<CONF_load_modules_file(3)|CONF_load_modules_file(3)>,
-L<CONF_modules_free(3),CONF_modules_free(3)>
-
-=head1 HISTORY
-
-OPENSSL_config() and OPENSSL_no_config() first appeared in OpenSSL 0.9.7
-
-=cut
diff --git a/crypto/openssl/doc/crypto/OPENSSL_ia32cap.pod b/crypto/openssl/doc/crypto/OPENSSL_ia32cap.pod
deleted file mode 100644
index 121a8dd..0000000
--- a/crypto/openssl/doc/crypto/OPENSSL_ia32cap.pod
+++ /dev/null
@@ -1,35 +0,0 @@
-=pod
-
-=head1 NAME
-
-OPENSSL_ia32cap - finding the IA-32 processor capabilities
-
-=head1 SYNOPSIS
-
- unsigned long *OPENSSL_ia32cap_loc(void);
- #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
-
-=head1 DESCRIPTION
-
-Value returned by OPENSSL_ia32cap_loc() is address of a variable
-containing IA-32 processor capabilities bit vector as it appears in EDX
-register after executing CPUID instruction with EAX=1 input value (see
-Intel Application Note #241618). Naturally it's meaningful on IA-32[E]
-platforms only. The variable is normally set up automatically upon
-toolkit initialization, but can be manipulated afterwards to modify
-crypto library behaviour. For the moment of this writing three bits are
-significant, namely bit #28 denoting Hyperthreading, which is used to
-distinguish Intel P4 core, bit #26 denoting SSE2 support, and bit #4
-denoting presence of Time-Stamp Counter. Clearing bit #26 at run-time
-for example disables high-performance SSE2 code present in the crypto
-library. You might have to do this if target OpenSSL application is
-executed on SSE2 capable CPU, but under control of OS which does not
-support SSE2 extentions. Even though you can manipulate the value
-programmatically, you most likely will find it more appropriate to set
-up an environment variable with the same name prior starting target
-application, e.g. 'env OPENSSL_ia32cap=0x10 apps/openssl', to achieve
-same effect without modifying the application source code.
-Alternatively you can reconfigure the toolkit with no-sse2 option and
-recompile.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod b/crypto/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod
deleted file mode 100644
index f14dfaf..0000000
--- a/crypto/openssl/doc/crypto/OPENSSL_load_builtin_modules.pod
+++ /dev/null
@@ -1,51 +0,0 @@
-=pod
-
-=head1 NAME
-
-OPENSSL_load_builtin_modules - add standard configuration modules
-
-=head1 SYNOPSIS
-
- #include <openssl/conf.h>
-
- void OPENSSL_load_builtin_modules(void);
- void ASN1_add_oid_module(void);
- ENGINE_add_conf_module();
-
-=head1 DESCRIPTION
-
-The function OPENSSL_load_builtin_modules() adds all the standard OpenSSL
-configuration modules to the internal list. They can then be used by the
-OpenSSL configuration code.
-
-ASN1_add_oid_module() adds just the ASN1 OBJECT module.
-
-ENGINE_add_conf_module() adds just the ENGINE configuration module.
-
-=head1 NOTES
-
-If the simple configuration function OPENSSL_config() is called then
-OPENSSL_load_builtin_modules() is called automatically.
-
-Applications which use the configuration functions directly will need to
-call OPENSSL_load_builtin_modules() themselves I<before> any other
-configuration code.
-
-Applications should call OPENSSL_load_builtin_modules() to load all
-configuration modules instead of adding modules selectively: otherwise
-functionality may be missing from the application if an when new
-modules are added.
-
-=head1 RETURN VALUE
-
-None of the functions return a value.
-
-=head1 SEE ALSO
-
-L<conf(3)|conf(3)>, L<OPENSSL_config(3)|OPENSSL_config(3)>
-
-=head1 HISTORY
-
-These functions first appeared in OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod b/crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod
deleted file mode 100644
index e63411b..0000000
--- a/crypto/openssl/doc/crypto/OpenSSL_add_all_algorithms.pod
+++ /dev/null
@@ -1,66 +0,0 @@
-=pod
-
-=head1 NAME
-
-OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests -
-add algorithms to internal table
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- void OpenSSL_add_all_algorithms(void);
- void OpenSSL_add_all_ciphers(void);
- void OpenSSL_add_all_digests(void);
-
- void EVP_cleanup(void);
-
-=head1 DESCRIPTION
-
-OpenSSL keeps an internal table of digest algorithms and ciphers. It uses
-this table to lookup ciphers via functions such as EVP_get_cipher_byname().
-
-OpenSSL_add_all_digests() adds all digest algorithms to the table.
-
-OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and
-ciphers).
-
-OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including
-password based encryption algorithms.
-
-EVP_cleanup() removes all ciphers and digests from the table.
-
-=head1 RETURN VALUES
-
-None of the functions return a value.
-
-=head1 NOTES
-
-A typical application will call OpenSSL_add_all_algorithms() initially and
-EVP_cleanup() before exiting.
-
-An application does not need to add algorithms to use them explicitly, for example
-by EVP_sha1(). It just needs to add them if it (or any of the functions it calls)
-needs to lookup algorithms.
-
-The cipher and digest lookup functions are used in many parts of the library. If
-the table is not initialized several functions will misbehave and complain they
-cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries.
-This is a common query in the OpenSSL mailing lists.
-
-Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a
-statically linked executable can be quite large. If this is important it is possible
-to just add the required ciphers and digests.
-
-=head1 BUGS
-
-Although the functions do not return error codes it is possible for them to fail.
-This will only happen as a result of a memory allocation failure so this is not
-too much of a problem in practice.
-
-=head1 SEE ALSO
-
-L<evp(3)|evp(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
-
-=cut
diff --git a/crypto/openssl/doc/crypto/PKCS12_create.pod b/crypto/openssl/doc/crypto/PKCS12_create.pod
deleted file mode 100644
index de7cab2..0000000
--- a/crypto/openssl/doc/crypto/PKCS12_create.pod
+++ /dev/null
@@ -1,75 +0,0 @@
-=pod
-
-=head1 NAME
-
-PKCS12_create - create a PKCS#12 structure
-
-=head1 SYNOPSIS
-
- #include <openssl/pkcs12.h>
-
- PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca,
- int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
-
-=head1 DESCRIPTION
-
-PKCS12_create() creates a PKCS#12 structure.
-
-B<pass> is the passphrase to use. B<name> is the B<friendlyName> to use for
-the supplied certifictate and key. B<pkey> is the private key to include in
-the structure and B<cert> its corresponding certificates. B<ca>, if not B<NULL>
-is an optional set of certificates to also include in the structure.
-
-B<nid_key> and B<nid_cert> are the encryption algorithms that should be used
-for the key and certificate respectively. B<iter> is the encryption algorithm
-iteration count to use and B<mac_iter> is the MAC iteration count to use.
-B<keytype> is the type of key.
-
-=head1 NOTES
-
-The parameters B<nid_key>, B<nid_cert>, B<iter>, B<mac_iter> and B<keytype>
-can all be set to zero and sensible defaults will be used.
-
-These defaults are: 40 bit RC2 encryption for certificates, triple DES
-encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER
-(currently 2048) and a MAC iteration count of 1.
-
-The default MAC iteration count is 1 in order to retain compatibility with
-old software which did not interpret MAC iteration counts. If such compatibility
-is not required then B<mac_iter> should be set to PKCS12_DEFAULT_ITER.
-
-B<keytype> adds a flag to the store private key. This is a non standard extension
-that is only currently interpreted by MSIE. If set to zero the flag is omitted,
-if set to B<KEY_SIG> the key can be used for signing only, if set to B<KEY_EX>
-it can be used for signing and encryption. This option was useful for old
-export grade software which could use signing only keys of arbitrary size but
-had restrictions on the permissible sizes of keys which could be used for
-encryption.
-
-=head1 NEW FUNCTIONALITY IN OPENSSL 0.9.8
-
-Some additional functionality was added to PKCS12_create() in OpenSSL
-0.9.8. These extensions are detailed below.
-
-If a certificate contains an B<alias> or B<keyid> then this will be
-used for the corresponding B<friendlyName> or B<localKeyID> in the
-PKCS12 structure.
-
-Either B<pkey>, B<cert> or both can be B<NULL> to indicate that no key or
-certficate is required. In previous versions both had to be present or
-a fatal error is returned.
-
-B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption
-should be used.
-
-B<mac_iter> can be set to -1 and the MAC will then be omitted entirely.
-
-=head1 SEE ALSO
-
-L<d2i_PKCS12(3)|d2i_PKCS12(3)>
-
-=head1 HISTORY
-
-PKCS12_create was added in OpenSSL 0.9.3
-
-=cut
diff --git a/crypto/openssl/doc/crypto/PKCS12_parse.pod b/crypto/openssl/doc/crypto/PKCS12_parse.pod
deleted file mode 100644
index 51344f8..0000000
--- a/crypto/openssl/doc/crypto/PKCS12_parse.pod
+++ /dev/null
@@ -1,50 +0,0 @@
-=pod
-
-=head1 NAME
-
-PKCS12_parse - parse a PKCS#12 structure
-
-=head1 SYNOPSIS
-
- #include <openssl/pkcs12.h>
-
-int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
-
-=head1 DESCRIPTION
-
-PKCS12_parse() parses a PKCS12 structure.
-
-B<p12> is the B<PKCS12> structure to parse. B<pass> is the passphrase to use.
-If successful the private key will be written to B<*pkey>, the corresponding
-certificate to B<*cert> and any additional certificates to B<*ca>.
-
-=head1 NOTES
-
-The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL>
-in which case additional certificates will be discarded. B<*ca> can also
-be a valid STACK in which case additional certificates are appended to
-B<*ca>. If B<*ca> is B<NULL> a new STACK will be allocated.
-
-The B<friendlyName> and B<localKeyID> attributes (if present) on each certificate
-will be stored in the B<alias> and B<keyid> attributes of the B<X509> structure.
-
-=head1 BUGS
-
-Only a single private key and corresponding certificate is returned by this function.
-More complex PKCS#12 files with multiple private keys will only return the first
-match.
-
-Only B<friendlyName> and B<localKeyID> attributes are currently stored in certificates.
-Other attributes are discarded.
-
-Attributes currently cannot be store in the private key B<EVP_PKEY> structure.
-
-=head1 SEE ALSO
-
-L<d2i_PKCS12(3)|d2i_PKCS12(3)>
-
-=head1 HISTORY
-
-PKCS12_parse was added in OpenSSL 0.9.3
-
-=cut
diff --git a/crypto/openssl/doc/crypto/PKCS7_decrypt.pod b/crypto/openssl/doc/crypto/PKCS7_decrypt.pod
deleted file mode 100644
index b0ca067..0000000
--- a/crypto/openssl/doc/crypto/PKCS7_decrypt.pod
+++ /dev/null
@@ -1,53 +0,0 @@
-=pod
-
-=head1 NAME
-
-PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure
-
-=head1 SYNOPSIS
-
-int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
-
-=head1 DESCRIPTION
-
-PKCS7_decrypt() extracts and decrypts the content from a PKCS#7 envelopedData
-structure. B<pkey> is the private key of the recipient, B<cert> is the
-recipients certificate, B<data> is a BIO to write the content to and
-B<flags> is an optional set of flags.
-
-=head1 NOTES
-
-OpenSSL_add_all_algorithms() (or equivalent) should be called before using this
-function or errors about unknown algorithms will occur.
-
-Although the recipients certificate is not needed to decrypt the data it is needed
-to locate the appropriate (of possible several) recipients in the PKCS#7 structure.
-
-The following flags can be passed in the B<flags> parameter.
-
-If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
-from the content. If the content is not of type B<text/plain> then an error is
-returned.
-
-=head1 RETURN VALUES
-
-PKCS7_decrypt() returns either 1 for success or 0 for failure.
-The error can be obtained from ERR_get_error(3)
-
-=head1 BUGS
-
-PKCS7_decrypt() must be passed the correct recipient key and certificate. It would
-be better if it could look up the correct key and certificate from a database.
-
-The lack of single pass processing and need to hold all data in memory as
-mentioned in PKCS7_sign() also applies to PKCS7_verify().
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
-
-=head1 HISTORY
-
-PKCS7_decrypt() was added to OpenSSL 0.9.5
-
-=cut
diff --git a/crypto/openssl/doc/crypto/PKCS7_encrypt.pod b/crypto/openssl/doc/crypto/PKCS7_encrypt.pod
deleted file mode 100644
index 1a507b2..0000000
--- a/crypto/openssl/doc/crypto/PKCS7_encrypt.pod
+++ /dev/null
@@ -1,65 +0,0 @@
-=pod
-
-=head1 NAME
-
-PKCS7_encrypt - create a PKCS#7 envelopedData structure
-
-=head1 SYNOPSIS
-
-PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
-
-=head1 DESCRIPTION
-
-PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. B<certs>
-is a list of recipient certificates. B<in> is the content to be encrypted.
-B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
-
-=head1 NOTES
-
-Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates
-supplied to this function must all contain RSA public keys, though they do not have to
-be signed using the RSA algorithm.
-
-EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because
-most clients will support it.
-
-Some old "export grade" clients may only support weak encryption using 40 or 64 bit
-RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively.
-
-The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its
-parameters.
-
-Many browsers implement a "sign and encrypt" option which is simply an S/MIME
-envelopedData containing an S/MIME signed message. This can be readily produced
-by storing the S/MIME signed message in a memory BIO and passing it to
-PKCS7_encrypt().
-
-The following flags can be passed in the B<flags> parameter.
-
-If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
-to the data.
-
-Normally the supplied content is translated into MIME canonical format (as required
-by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
-option should be used if the supplied data is in binary format otherwise the translation
-will corrupt it. If B<PKCS7_BINARY> is set then B<PKCS7_TEXT> is ignored.
-
-=head1 RETURN VALUES
-
-PKCS7_encrypt() returns either a valid PKCS7 structure or NULL if an error occurred.
-The error can be obtained from ERR_get_error(3).
-
-=head1 BUGS
-
-The lack of single pass processing and need to hold all data in memory as
-mentioned in PKCS7_sign() also applies to PKCS7_verify().
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
-
-=head1 HISTORY
-
-PKCS7_decrypt() was added to OpenSSL 0.9.5
-
-=cut
diff --git a/crypto/openssl/doc/crypto/PKCS7_sign.pod b/crypto/openssl/doc/crypto/PKCS7_sign.pod
deleted file mode 100644
index ffd0c73..0000000
--- a/crypto/openssl/doc/crypto/PKCS7_sign.pod
+++ /dev/null
@@ -1,101 +0,0 @@
-=pod
-
-=head1 NAME
-
-PKCS7_sign - create a PKCS#7 signedData structure
-
-=head1 SYNOPSIS
-
-PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
-
-=head1 DESCRIPTION
-
-PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert>
-is the certificate to sign with, B<pkey> is the corresponsding private key.
-B<certs> is an optional additional set of certificates to include in the
-PKCS#7 structure (for example any intermediate CAs in the chain).
-
-The data to be signed is read from BIO B<data>.
-
-B<flags> is an optional set of flags.
-
-=head1 NOTES
-
-Any of the following flags (ored together) can be passed in the B<flags> parameter.
-
-Many S/MIME clients expect the signed content to include valid MIME headers. If
-the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
-to the data.
-
-If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
-PKCS7 structure, the signer's certificate must still be supplied in the B<signcert>
-parameter though. This can reduce the size of the signature if the signers certificate
-can be obtained by other means: for example a previously signed message.
-
-The data being signed is included in the PKCS7 structure, unless B<PKCS7_DETACHED>
-is set in which case it is omitted. This is used for PKCS7 detached signatures
-which are used in S/MIME plaintext signed messages for example.
-
-Normally the supplied content is translated into MIME canonical format (as required
-by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
-option should be used if the supplied data is in binary format otherwise the translation
-will corrupt it.
-
-The signedData structure includes several PKCS#7 autenticatedAttributes including
-the signing time, the PKCS#7 content type and the supported list of ciphers in
-an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no authenticatedAttributes
-will be used. If B<PKCS7_NOSMIMECAP> is set then just the SMIMECapabilities are
-omitted.
-
-If present the SMIMECapabilities attribute indicates support for the following
-algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any
-of these algorithms is disabled then it will not be included.
-
-If the flags B<PKCS7_PARTSIGN> is set then the returned B<PKCS7> structure
-is just initialized ready to perform the signing operation. The signing
-is however B<not> performed and the data to be signed is not read from
-the B<data> parameter. Signing is deferred until after the data has been
-written. In this way data can be signed in a single pass. Currently the
-flag B<PKCS7_DETACHED> B<must> also be set.
-
-=head1 NOTES
-
-Currently the flag B<PKCS7_PARTSIGN> is only supported for detached
-data. If this flag is set the returned B<PKCS7> structure is B<not>
-complete and outputting its contents via a function that does not
-properly finalize the B<PKCS7> structure will give unpredictable
-results.
-
-At present only the SMIME_write_PKCS7() function properly finalizes the
-structure.
-
-=head1 BUGS
-
-PKCS7_sign() is somewhat limited. It does not support multiple signers, some
-advanced attributes such as counter signatures are not supported.
-
-The SHA1 digest algorithm is currently always used.
-
-When the signed data is not detached it will be stored in memory within the
-B<PKCS7> structure. This effectively limits the size of messages which can be
-signed due to memory restraints. There should be a way to sign data without
-having to hold it all in memory, this would however require fairly major
-revisions of the OpenSSL ASN1 code.
-
-
-=head1 RETURN VALUES
-
-PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error occurred.
-The error can be obtained from ERR_get_error(3).
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)>
-
-=head1 HISTORY
-
-PKCS7_sign() was added to OpenSSL 0.9.5
-
-The B<PKCS7_PARTSIGN> flag was added in OpenSSL 0.9.8
-
-=cut
diff --git a/crypto/openssl/doc/crypto/PKCS7_verify.pod b/crypto/openssl/doc/crypto/PKCS7_verify.pod
deleted file mode 100644
index 3490b5d..0000000
--- a/crypto/openssl/doc/crypto/PKCS7_verify.pod
+++ /dev/null
@@ -1,116 +0,0 @@
-=pod
-
-=head1 NAME
-
-PKCS7_verify - verify a PKCS#7 signedData structure
-
-=head1 SYNOPSIS
-
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
-
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
-
-=head1 DESCRIPTION
-
-PKCS7_verify() verifies a PKCS#7 signedData structure. B<p7> is the PKCS7
-structure to verify. B<certs> is a set of certificates in which to search for
-the signer's certificate. B<store> is a trusted certficate store (used for
-chain verification). B<indata> is the signed data if the content is not
-present in B<p7> (that is it is detached). The content is written to B<out>
-if it is not NULL.
-
-B<flags> is an optional set of flags, which can be used to modify the verify
-operation.
-
-PKCS7_get0_signers() retrieves the signer's certificates from B<p7>, it does
-B<not> check their validity or whether any signatures are valid. The B<certs>
-and B<flags> parameters have the same meanings as in PKCS7_verify().
-
-=head1 VERIFY PROCESS
-
-Normally the verify process proceeds as follows.
-
-Initially some sanity checks are performed on B<p7>. The type of B<p7> must
-be signedData. There must be at least one signature on the data and if
-the content is detached B<indata> cannot be B<NULL>.
-
-An attempt is made to locate all the signer's certificates, first looking in
-the B<certs> parameter (if it is not B<NULL>) and then looking in any certificates
-contained in the B<p7> structure itself. If any signer's certificates cannot be
-located the operation fails.
-
-Each signer's certificate is chain verified using the B<smimesign> purpose and
-the supplied trusted certificate store. Any internal certificates in the message
-are used as untrusted CAs. If any chain verify fails an error code is returned.
-
-Finally the signed content is read (and written to B<out> is it is not NULL) and
-the signature's checked.
-
-If all signature's verify correctly then the function is successful.
-
-Any of the following flags (ored together) can be passed in the B<flags> parameter
-to change the default verify behaviour. Only the flag B<PKCS7_NOINTERN> is
-meaningful to PKCS7_get0_signers().
-
-If B<PKCS7_NOINTERN> is set the certificates in the message itself are not
-searched when locating the signer's certificate. This means that all the signers
-certificates must be in the B<certs> parameter.
-
-If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
-from the content. If the content is not of type B<text/plain> then an error is
-returned.
-
-If B<PKCS7_NOVERIFY> is set the signer's certificates are not chain verified.
-
-If B<PKCS7_NOCHAIN> is set then the certificates contained in the message are
-not used as untrusted CAs. This means that the whole verify chain (apart from
-the signer's certificate) must be contained in the trusted store.
-
-If B<PKCS7_NOSIGS> is set then the signatures on the data are not checked.
-
-=head1 NOTES
-
-One application of B<PKCS7_NOINTERN> is to only accept messages signed by
-a small number of certificates. The acceptable certificates would be passed
-in the B<certs> parameter. In this case if the signer is not one of the
-certificates supplied in B<certs> then the verify will fail because the
-signer cannot be found.
-
-Care should be taken when modifying the default verify behaviour, for example
-setting B<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification
-and any signed message will be considered valid. This combination is however
-useful if one merely wishes to write the content to B<out> and its validity
-is not considered important.
-
-Chain verification should arguably be performed using the signing time rather
-than the current time. However since the signing time is supplied by the
-signer it cannot be trusted without additional evidence (such as a trusted
-timestamp).
-
-=head1 RETURN VALUES
-
-PKCS7_verify() returns 1 for a successful verification and zero or a negative
-value if an error occurs.
-
-PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred.
-
-The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 BUGS
-
-The trusted certificate store is not searched for the signers certificate,
-this is primarily due to the inadequacies of the current B<X509_STORE>
-functionality.
-
-The lack of single pass processing and need to hold all data in memory as
-mentioned in PKCS7_sign() also applies to PKCS7_verify().
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>
-
-=head1 HISTORY
-
-PKCS7_verify() was added to OpenSSL 0.9.5
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RAND_add.pod b/crypto/openssl/doc/crypto/RAND_add.pod
deleted file mode 100644
index 67c66f3..0000000
--- a/crypto/openssl/doc/crypto/RAND_add.pod
+++ /dev/null
@@ -1,77 +0,0 @@
-=pod
-
-=head1 NAME
-
-RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add
-entropy to the PRNG
-
-=head1 SYNOPSIS
-
- #include <openssl/rand.h>
-
- void RAND_seed(const void *buf, int num);
-
- void RAND_add(const void *buf, int num, double entropy);
-
- int RAND_status(void);
-
- int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
- void RAND_screen(void);
-
-=head1 DESCRIPTION
-
-RAND_add() mixes the B<num> bytes at B<buf> into the PRNG state. Thus,
-if the data at B<buf> are unpredictable to an adversary, this
-increases the uncertainty about the state and makes the PRNG output
-less predictable. Suitable input comes from user interaction (random
-key presses, mouse movements) and certain hardware events. The
-B<entropy> argument is (the lower bound of) an estimate of how much
-randomness is contained in B<buf>, measured in bytes. Details about
-sources of randomness and how to estimate their entropy can be found
-in the literature, e.g. RFC 1750.
-
-RAND_add() may be called with sensitive data such as user entered
-passwords. The seed values cannot be recovered from the PRNG output.
-
-OpenSSL makes sure that the PRNG state is unique for each thread. On
-systems that provide C</dev/urandom>, the randomness device is used
-to seed the PRNG transparently. However, on all other systems, the
-application is responsible for seeding the PRNG by calling RAND_add(),
-L<RAND_egd(3)|RAND_egd(3)>
-or L<RAND_load_file(3)|RAND_load_file(3)>.
-
-RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
-
-RAND_event() collects the entropy from Windows events such as mouse
-movements and other user interaction. It should be called with the
-B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to
-the window procedure. It will estimate the entropy contained in the
-event message (if any), and add it to the PRNG. The program can then
-process the messages as usual.
-
-The RAND_screen() function is available for the convenience of Windows
-programmers. It adds the current contents of the screen to the PRNG.
-For applications that can catch Windows events, seeding the PRNG by
-calling RAND_event() is a significantly better source of
-randomness. It should be noted that both methods cannot be used on
-servers that run without user interaction.
-
-=head1 RETURN VALUES
-
-RAND_status() and RAND_event() return 1 if the PRNG has been seeded
-with enough data, 0 otherwise.
-
-The other functions do not return values.
-
-=head1 SEE ALSO
-
-L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>,
-L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
-
-=head1 HISTORY
-
-RAND_seed() and RAND_screen() are available in all versions of SSLeay
-and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL
-0.9.5, RAND_event() in OpenSSL 0.9.5a.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RAND_bytes.pod b/crypto/openssl/doc/crypto/RAND_bytes.pod
deleted file mode 100644
index ce6329c..0000000
--- a/crypto/openssl/doc/crypto/RAND_bytes.pod
+++ /dev/null
@@ -1,47 +0,0 @@
-=pod
-
-=head1 NAME
-
-RAND_bytes, RAND_pseudo_bytes - generate random data
-
-=head1 SYNOPSIS
-
- #include <openssl/rand.h>
-
- int RAND_bytes(unsigned char *buf, int num);
-
- int RAND_pseudo_bytes(unsigned char *buf, int num);
-
-=head1 DESCRIPTION
-
-RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
-into B<buf>. An error occurs if the PRNG has not been seeded with
-enough randomness to ensure an unpredictable byte sequence.
-
-RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>.
-Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be
-unique if they are of sufficient length, but are not necessarily
-unpredictable. They can be used for non-cryptographic purposes and for
-certain purposes in cryptographic protocols, but usually not for key
-generation etc.
-
-=head1 RETURN VALUES
-
-RAND_bytes() returns 1 on success, 0 otherwise. The error code can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the
-bytes generated are cryptographically strong, 0 otherwise. Both
-functions return -1 if they are not supported by the current RAND
-method.
-
-=head1 SEE ALSO
-
-L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
-L<RAND_add(3)|RAND_add(3)>
-
-=head1 HISTORY
-
-RAND_bytes() is available in all versions of SSLeay and OpenSSL. It
-has a return value since OpenSSL 0.9.5. RAND_pseudo_bytes() was added
-in OpenSSL 0.9.5.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RAND_cleanup.pod b/crypto/openssl/doc/crypto/RAND_cleanup.pod
deleted file mode 100644
index 3a8f074..0000000
--- a/crypto/openssl/doc/crypto/RAND_cleanup.pod
+++ /dev/null
@@ -1,29 +0,0 @@
-=pod
-
-=head1 NAME
-
-RAND_cleanup - erase the PRNG state
-
-=head1 SYNOPSIS
-
- #include <openssl/rand.h>
-
- void RAND_cleanup(void);
-
-=head1 DESCRIPTION
-
-RAND_cleanup() erases the memory used by the PRNG.
-
-=head1 RETURN VALUE
-
-RAND_cleanup() returns no value.
-
-=head1 SEE ALSO
-
-L<rand(3)|rand(3)>
-
-=head1 HISTORY
-
-RAND_cleanup() is available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RAND_egd.pod b/crypto/openssl/doc/crypto/RAND_egd.pod
deleted file mode 100644
index 079838e..0000000
--- a/crypto/openssl/doc/crypto/RAND_egd.pod
+++ /dev/null
@@ -1,85 +0,0 @@
-=pod
-
-=head1 NAME
-
-RAND_egd - query entropy gathering daemon
-
-=head1 SYNOPSIS
-
- #include <openssl/rand.h>
-
- int RAND_egd(const char *path);
- int RAND_egd_bytes(const char *path, int bytes);
-
- int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
-
-=head1 DESCRIPTION
-
-RAND_egd() queries the entropy gathering daemon EGD on socket B<path>.
-It queries 255 bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
-OpenSSL built-in PRNG. RAND_egd(path) is a wrapper for
-RAND_egd_bytes(path, 255);
-
-RAND_egd_bytes() queries the entropy gathering daemon EGD on socket B<path>.
-It queries B<bytes> bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
-OpenSSL built-in PRNG.
-This function is more flexible than RAND_egd().
-When only one secret key must
-be generated, it is not necessary to request the full amount 255 bytes from
-the EGD socket. This can be advantageous, since the amount of entropy
-that can be retrieved from EGD over time is limited.
-
-RAND_query_egd_bytes() performs the actual query of the EGD daemon on socket
-B<path>. If B<buf> is given, B<bytes> bytes are queried and written into
-B<buf>. If B<buf> is NULL, B<bytes> bytes are queried and used to seed the
-OpenSSL built-in PRNG using L<RAND_add(3)|RAND_add(3)>.
-
-=head1 NOTES
-
-On systems without /dev/*random devices providing entropy from the kernel,
-the EGD entropy gathering daemon can be used to collect entropy. It provides
-a socket interface through which entropy can be gathered in chunks up to
-255 bytes. Several chunks can be queried during one connection.
-
-EGD is available from http://www.lothar.com/tech/crypto/ (C<perl
-Makefile.PL; make; make install> to install). It is run as B<egd>
-I<path>, where I<path> is an absolute path designating a socket. When
-RAND_egd() is called with that path as an argument, it tries to read
-random bytes that EGD has collected. The read is performed in
-non-blocking mode.
-
-Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is
-available from
-http://prngd.sourceforge.net/ .
-PRNGD does employ an internal PRNG itself and can therefore never run
-out of entropy.
-
-OpenSSL automatically queries EGD when entropy is requested via RAND_bytes()
-or the status is checked via RAND_status() for the first time, if the socket
-is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool.
-
-=head1 RETURN VALUE
-
-RAND_egd() and RAND_egd_bytes() return the number of bytes read from the
-daemon on success, and -1 if the connection failed or the daemon did not
-return enough data to fully seed the PRNG.
-
-RAND_query_egd_bytes() returns the number of bytes read from the daemon on
-success, and -1 if the connection failed. The PRNG state is not considered.
-
-=head1 SEE ALSO
-
-L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>,
-L<RAND_cleanup(3)|RAND_cleanup(3)>
-
-=head1 HISTORY
-
-RAND_egd() is available since OpenSSL 0.9.5.
-
-RAND_egd_bytes() is available since OpenSSL 0.9.6.
-
-RAND_query_egd_bytes() is available since OpenSSL 0.9.7.
-
-The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RAND_load_file.pod b/crypto/openssl/doc/crypto/RAND_load_file.pod
deleted file mode 100644
index d8c134e..0000000
--- a/crypto/openssl/doc/crypto/RAND_load_file.pod
+++ /dev/null
@@ -1,53 +0,0 @@
-=pod
-
-=head1 NAME
-
-RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
-
-=head1 SYNOPSIS
-
- #include <openssl/rand.h>
-
- const char *RAND_file_name(char *buf, size_t num);
-
- int RAND_load_file(const char *filename, long max_bytes);
-
- int RAND_write_file(const char *filename);
-
-=head1 DESCRIPTION
-
-RAND_file_name() generates a default path for the random seed
-file. B<buf> points to a buffer of size B<num> in which to store the
-filename. The seed file is $RANDFILE if that environment variable is
-set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
-too small for the path name, an error occurs.
-
-RAND_load_file() reads a number of bytes from file B<filename> and
-adds them to the PRNG. If B<max_bytes> is non-negative,
-up to to B<max_bytes> are read; starting with OpenSSL 0.9.5,
-if B<max_bytes> is -1, the complete file is read.
-
-RAND_write_file() writes a number of random bytes (currently 1024) to
-file B<filename> which can be used to initialize the PRNG by calling
-RAND_load_file() in a later session.
-
-=head1 RETURN VALUES
-
-RAND_load_file() returns the number of bytes read.
-
-RAND_write_file() returns the number of bytes written, and -1 if the
-bytes written were generated without appropriate seed.
-
-RAND_file_name() returns a pointer to B<buf> on success, and NULL on
-error.
-
-=head1 SEE ALSO
-
-L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
-
-=head1 HISTORY
-
-RAND_load_file(), RAND_write_file() and RAND_file_name() are available in
-all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RAND_set_rand_method.pod b/crypto/openssl/doc/crypto/RAND_set_rand_method.pod
deleted file mode 100644
index c9bb6d9..0000000
--- a/crypto/openssl/doc/crypto/RAND_set_rand_method.pod
+++ /dev/null
@@ -1,83 +0,0 @@
-=pod
-
-=head1 NAME
-
-RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
-
-=head1 SYNOPSIS
-
- #include <openssl/rand.h>
-
- void RAND_set_rand_method(const RAND_METHOD *meth);
-
- const RAND_METHOD *RAND_get_rand_method(void);
-
- RAND_METHOD *RAND_SSLeay(void);
-
-=head1 DESCRIPTION
-
-A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
-generation. By modifying the method, alternative implementations such as
-hardware RNGs may be used. IMPORTANT: See the NOTES section for important
-information about how these RAND API functions are affected by the use of
-B<ENGINE> API calls.
-
-Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
-returned by RAND_SSLeay().
-
-RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
-true only whilst no ENGINE has been set as a default for RAND, so this function
-is no longer recommended.
-
-RAND_get_default_method() returns a pointer to the current RAND_METHOD.
-However, the meaningfulness of this result is dependant on whether the ENGINE
-API is being used, so this function is no longer recommended.
-
-=head1 THE RAND_METHOD STRUCTURE
-
- typedef struct rand_meth_st
- {
- void (*seed)(const void *buf, int num);
- int (*bytes)(unsigned char *buf, int num);
- void (*cleanup)(void);
- void (*add)(const void *buf, int num, int entropy);
- int (*pseudorand)(unsigned char *buf, int num);
- int (*status)(void);
- } RAND_METHOD;
-
-The components point to the implementation of RAND_seed(),
-RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
-and RAND_status().
-Each component may be NULL if the function is not implemented.
-
-=head1 RETURN VALUES
-
-RAND_set_rand_method() returns no value. RAND_get_rand_method() and
-RAND_SSLeay() return pointers to the respective methods.
-
-=head1 NOTES
-
-As of version 0.9.7, RAND_METHOD implementations are grouped together with other
-algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
-default ENGINE is specified for RAND functionality using an ENGINE API function,
-that will override any RAND defaults set using the RAND API (ie.
-RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
-to control default implementations for use in RAND and other cryptographic
-algorithms.
-
-=head1 SEE ALSO
-
-L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
-
-=head1 HISTORY
-
-RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are
-available in all versions of OpenSSL.
-
-In the engine version of version 0.9.6, RAND_set_rand_method() was altered to
-take an ENGINE pointer as its argument. As of version 0.9.7, that has been
-reverted as the ENGINE API transparently overrides RAND defaults if used,
-otherwise RAND API functions work as before. RAND_set_rand_engine() was also
-introduced in version 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RSA_blinding_on.pod b/crypto/openssl/doc/crypto/RSA_blinding_on.pod
deleted file mode 100644
index fd2c69a..0000000
--- a/crypto/openssl/doc/crypto/RSA_blinding_on.pod
+++ /dev/null
@@ -1,43 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
-
- void RSA_blinding_off(RSA *rsa);
-
-=head1 DESCRIPTION
-
-RSA is vulnerable to timing attacks. In a setup where attackers can
-measure the time of RSA decryption or signature operations, blinding
-must be used to protect the RSA operation from that attack.
-
-RSA_blinding_on() turns blinding on for key B<rsa> and generates a
-random blinding factor. B<ctx> is B<NULL> or a pre-allocated and
-initialized B<BN_CTX>. The random number generator must be seeded
-prior to calling RSA_blinding_on().
-
-RSA_blinding_off() turns blinding off and frees the memory used for
-the blinding factor.
-
-=head1 RETURN VALUES
-
-RSA_blinding_on() returns 1 on success, and 0 if an error occurred.
-
-RSA_blinding_off() returns no value.
-
-=head1 SEE ALSO
-
-L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)>
-
-=head1 HISTORY
-
-RSA_blinding_on() and RSA_blinding_off() appeared in SSLeay 0.9.0.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RSA_check_key.pod b/crypto/openssl/doc/crypto/RSA_check_key.pod
deleted file mode 100644
index a5198f3..0000000
--- a/crypto/openssl/doc/crypto/RSA_check_key.pod
+++ /dev/null
@@ -1,67 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_check_key - validate private RSA keys
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_check_key(RSA *rsa);
-
-=head1 DESCRIPTION
-
-This function validates RSA keys. It checks that B<p> and B<q> are
-in fact prime, and that B<n = p*q>.
-
-It also checks that B<d*e = 1 mod (p-1*q-1)>,
-and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
-
-As such, this function can not be used with any arbitrary RSA key object,
-even if it is otherwise fit for regular RSA operation. See B<NOTES> for more
-information.
-
-=head1 RETURN VALUE
-
-RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise.
--1 is returned if an error occurs while checking the key.
-
-If the key is invalid or an error occurred, the reason code can be
-obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 NOTES
-
-This function does not work on RSA public keys that have only the modulus
-and public exponent elements populated. It performs integrity checks on all
-the RSA key material, so the RSA key structure must contain all the private
-key data too.
-
-Unlike most other RSA functions, this function does B<not> work
-transparently with any underlying ENGINE implementation because it uses the
-key data in the RSA structure directly. An ENGINE implementation can
-override the way key data is stored and handled, and can even provide
-support for HSM keys - in which case the RSA structure may contain B<no>
-key data at all! If the ENGINE in question is only being used for
-acceleration or analysis purposes, then in all likelihood the RSA key data
-is complete and untouched, but this can't be assumed in the general case.
-
-=head1 BUGS
-
-A method of verifying the RSA key using opaque RSA API functions might need
-to be considered. Right now RSA_check_key() simply uses the RSA structure
-elements directly, bypassing the RSA_METHOD table altogether (and
-completely violating encapsulation and object-orientation in the process).
-The best fix will probably be to introduce a "check_key()" handler to the
-RSA_METHOD function table so that alternative implementations can also
-provide their own verifiers.
-
-=head1 SEE ALSO
-
-L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-RSA_check_key() appeared in OpenSSL 0.9.4.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RSA_generate_key.pod b/crypto/openssl/doc/crypto/RSA_generate_key.pod
deleted file mode 100644
index 52dbb14..0000000
--- a/crypto/openssl/doc/crypto/RSA_generate_key.pod
+++ /dev/null
@@ -1,69 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_generate_key - generate RSA key pair
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- RSA *RSA_generate_key(int num, unsigned long e,
- void (*callback)(int,int,void *), void *cb_arg);
-
-=head1 DESCRIPTION
-
-RSA_generate_key() generates a key pair and returns it in a newly
-allocated B<RSA> structure. The pseudo-random number generator must
-be seeded prior to calling RSA_generate_key().
-
-The modulus size will be B<num> bits, and the public exponent will be
-B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
-The exponent is an odd number, typically 3, 17 or 65537.
-
-A callback function may be used to provide feedback about the
-progress of the key generation. If B<callback> is not B<NULL>, it
-will be called as follows:
-
-=over 4
-
-=item *
-
-While a random prime number is generated, it is called as
-described in L<BN_generate_prime(3)|BN_generate_prime(3)>.
-
-=item *
-
-When the n-th randomly generated prime is rejected as not
-suitable for the key, B<callback(2, n, cb_arg)> is called.
-
-=item *
-
-When a random p has been found with p-1 relatively prime to B<e>,
-it is called as B<callback(3, 0, cb_arg)>.
-
-=back
-
-The process is then repeated for prime q with B<callback(3, 1, cb_arg)>.
-
-=head1 RETURN VALUE
-
-If key generation fails, RSA_generate_key() returns B<NULL>; the
-error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 BUGS
-
-B<callback(2, x, cb_arg)> is used with two different meanings.
-
-RSA_generate_key() goes into an infinite loop for illegal input values.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_free(3)|RSA_free(3)>
-
-=head1 HISTORY
-
-The B<cb_arg> argument was added in SSLeay 0.9.0.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RSA_get_ex_new_index.pod b/crypto/openssl/doc/crypto/RSA_get_ex_new_index.pod
deleted file mode 100644
index 7d0fd1f..0000000
--- a/crypto/openssl/doc/crypto/RSA_get_ex_new_index.pod
+++ /dev/null
@@ -1,120 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specific data to RSA structures
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
-
- int RSA_set_ex_data(RSA *r, int idx, void *arg);
-
- void *RSA_get_ex_data(RSA *r, int idx);
-
- typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
- typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
- typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
- int idx, long argl, void *argp);
-
-=head1 DESCRIPTION
-
-Several OpenSSL structures can have application specific data attached to them.
-This has several potential uses, it can be used to cache data associated with
-a structure (for example the hash of some part of the structure) or some
-additional data (for example a handle to the data in an external library).
-
-Since the application data can be anything at all it is passed and retrieved
-as a B<void *> type.
-
-The B<RSA_get_ex_new_index()> function is initially called to "register" some
-new application specific data. It takes three optional function pointers which
-are called when the parent structure (in this case an RSA structure) is
-initially created, when it is copied and when it is freed up. If any or all of
-these function pointer arguments are not used they should be set to NULL. The
-precise manner in which these function pointers are called is described in more
-detail below. B<RSA_get_ex_new_index()> also takes additional long and pointer
-parameters which will be passed to the supplied functions but which otherwise
-have no special meaning. It returns an B<index> which should be stored
-(typically in a static variable) and passed used in the B<idx> parameter in
-the remaining functions. Each successful call to B<RSA_get_ex_new_index()>
-will return an index greater than any previously returned, this is important
-because the optional functions are called in order of increasing index value.
-
-B<RSA_set_ex_data()> is used to set application specific data, the data is
-supplied in the B<arg> parameter and its precise meaning is up to the
-application.
-
-B<RSA_get_ex_data()> is used to retrieve application specific data. The data
-is returned to the application, this will be the same value as supplied to
-a previous B<RSA_set_ex_data()> call.
-
-B<new_func()> is called when a structure is initially allocated (for example
-with B<RSA_new()>. The parent structure members will not have any meaningful
-values at this point. This function will typically be used to allocate any
-application specific structure.
-
-B<free_func()> is called when a structure is being freed up. The dynamic parent
-structure members should not be accessed because they will be freed up when
-this function is called.
-
-B<new_func()> and B<free_func()> take the same parameters. B<parent> is a
-pointer to the parent RSA structure. B<ptr> is a the application specific data
-(this wont be of much use in B<new_func()>. B<ad> is a pointer to the
-B<CRYPTO_EX_DATA> structure from the parent RSA structure: the functions
-B<CRYPTO_get_ex_data()> and B<CRYPTO_set_ex_data()> can be called to manipulate
-it. The B<idx> parameter is the index: this will be the same value returned by
-B<RSA_get_ex_new_index()> when the functions were initially registered. Finally
-the B<argl> and B<argp> parameters are the values originally passed to the same
-corresponding parameters when B<RSA_get_ex_new_index()> was called.
-
-B<dup_func()> is called when a structure is being copied. Pointers to the
-destination and source B<CRYPTO_EX_DATA> structures are passed in the B<to> and
-B<from> parameters respectively. The B<from_d> parameter is passed a pointer to
-the source application data when the function is called, when the function returns
-the value is copied to the destination: the application can thus modify the data
-pointed to by B<from_d> and have different values in the source and destination.
-The B<idx>, B<argl> and B<argp> parameters are the same as those in B<new_func()>
-and B<free_func()>.
-
-=head1 RETURN VALUES
-
-B<RSA_get_ex_new_index()> returns a new index or -1 on failure (note 0 is a valid
-index value).
-
-B<RSA_set_ex_data()> returns 1 on success or 0 on failure.
-
-B<RSA_get_ex_data()> returns the application data or 0 on failure. 0 may also
-be valid application data but currently it can only fail if given an invalid B<idx>
-parameter.
-
-B<new_func()> and B<dup_func()> should return 0 for failure and 1 for success.
-
-On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 BUGS
-
-B<dup_func()> is currently never called.
-
-The return value of B<new_func()> is ignored.
-
-The B<new_func()> function isn't very useful because no meaningful values are
-present in the parent RSA structure when it is called.
-
-=head1 SEE ALSO
-
-L<rsa(3)|rsa(3)>, L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
-
-=head1 HISTORY
-
-RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() are
-available since SSLeay 0.9.0.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RSA_new.pod b/crypto/openssl/doc/crypto/RSA_new.pod
deleted file mode 100644
index 3d15b92..0000000
--- a/crypto/openssl/doc/crypto/RSA_new.pod
+++ /dev/null
@@ -1,41 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_new, RSA_free - allocate and free RSA objects
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- RSA * RSA_new(void);
-
- void RSA_free(RSA *rsa);
-
-=head1 DESCRIPTION
-
-RSA_new() allocates and initializes an B<RSA> structure. It is equivalent to
-calling RSA_new_method(NULL).
-
-RSA_free() frees the B<RSA> structure and its components. The key is
-erased before the memory is returned to the system.
-
-=head1 RETURN VALUES
-
-If the allocation fails, RSA_new() returns B<NULL> and sets an error
-code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
-a pointer to the newly allocated structure.
-
-RSA_free() returns no value.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_generate_key(3)|RSA_generate_key(3)>,
-L<RSA_new_method(3)|RSA_new_method(3)>
-
-=head1 HISTORY
-
-RSA_new() and RSA_free() are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
deleted file mode 100644
index b8f678f..0000000
--- a/crypto/openssl/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
+++ /dev/null
@@ -1,124 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
-RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
-RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
-RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
-RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption
-padding
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
- unsigned char *f, int fl);
-
- int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
- unsigned char *f, int fl, int rsa_len);
-
- int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
- unsigned char *f, int fl);
-
- int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
- unsigned char *f, int fl, int rsa_len);
-
- int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
- unsigned char *f, int fl, unsigned char *p, int pl);
-
- int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
- unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl);
-
- int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
- unsigned char *f, int fl);
-
- int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
- unsigned char *f, int fl, int rsa_len);
-
- int RSA_padding_add_none(unsigned char *to, int tlen,
- unsigned char *f, int fl);
-
- int RSA_padding_check_none(unsigned char *to, int tlen,
- unsigned char *f, int fl, int rsa_len);
-
-=head1 DESCRIPTION
-
-The RSA_padding_xxx_xxx() functions are called from the RSA encrypt,
-decrypt, sign and verify functions. Normally they should not be called
-from application programs.
-
-However, they can also be called directly to implement padding for other
-asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and
-RSA_padding_check_PKCS1_OAEP() may be used in an application combined
-with B<RSA_NO_PADDING> in order to implement OAEP with an encoding
-parameter.
-
-RSA_padding_add_xxx() encodes B<fl> bytes from B<f> so as to fit into
-B<tlen> bytes and stores the result at B<to>. An error occurs if B<fl>
-does not meet the size requirements of the encoding method.
-
-The following encoding methods are implemented:
-
-=over 4
-
-=item PKCS1_type_1
-
-PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures
-
-=item PKCS1_type_2
-
-PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)
-
-=item PKCS1_OAEP
-
-PKCS #1 v2.0 EME-OAEP
-
-=item SSLv23
-
-PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification
-
-=item none
-
-simply copy the data
-
-=back
-
-The random number generator must be seeded prior to calling
-RSA_padding_add_xxx().
-
-RSA_padding_check_xxx() verifies that the B<fl> bytes at B<f> contain
-a valid encoding for a B<rsa_len> byte RSA key in the respective
-encoding method and stores the recovered data of at most B<tlen> bytes
-(for B<RSA_NO_PADDING>: of size B<tlen>)
-at B<to>.
-
-For RSA_padding_xxx_OAEP(), B<p> points to the encoding parameter
-of length B<pl>. B<p> may be B<NULL> if B<pl> is 0.
-
-=head1 RETURN VALUES
-
-The RSA_padding_add_xxx() functions return 1 on success, 0 on error.
-The RSA_padding_check_xxx() functions return the length of the
-recovered data, -1 on error. Error codes can be obtained by calling
-L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
-L<RSA_private_decrypt(3)|RSA_private_decrypt(3)>,
-L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
-
-=head1 HISTORY
-
-RSA_padding_add_PKCS1_type_1(), RSA_padding_check_PKCS1_type_1(),
-RSA_padding_add_PKCS1_type_2(), RSA_padding_check_PKCS1_type_2(),
-RSA_padding_add_SSLv23(), RSA_padding_check_SSLv23(),
-RSA_padding_add_none() and RSA_padding_check_none() appeared in
-SSLeay 0.9.0.
-
-RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP() were
-added in OpenSSL 0.9.2b.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RSA_print.pod b/crypto/openssl/doc/crypto/RSA_print.pod
deleted file mode 100644
index c971e91..0000000
--- a/crypto/openssl/doc/crypto/RSA_print.pod
+++ /dev/null
@@ -1,49 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_print, RSA_print_fp,
-DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
-DHparams_print, DHparams_print_fp - print cryptographic parameters
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_print(BIO *bp, RSA *x, int offset);
- int RSA_print_fp(FILE *fp, RSA *x, int offset);
-
- #include <openssl/dsa.h>
-
- int DSAparams_print(BIO *bp, DSA *x);
- int DSAparams_print_fp(FILE *fp, DSA *x);
- int DSA_print(BIO *bp, DSA *x, int offset);
- int DSA_print_fp(FILE *fp, DSA *x, int offset);
-
- #include <openssl/dh.h>
-
- int DHparams_print(BIO *bp, DH *x);
- int DHparams_print_fp(FILE *fp, DH *x);
-
-=head1 DESCRIPTION
-
-A human-readable hexadecimal output of the components of the RSA
-key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>.
-
-The output lines are indented by B<offset> spaces.
-
-=head1 RETURN VALUES
-
-These functions return 1 on success, 0 on error.
-
-=head1 SEE ALSO
-
-L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
-
-=head1 HISTORY
-
-RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
-DH_print_fp() are available in all versions of SSLeay and OpenSSL.
-DSAparams_print() and DSAparams_print_fp() were added in SSLeay 0.8.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RSA_private_encrypt.pod b/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
deleted file mode 100644
index 746a80c..0000000
--- a/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
+++ /dev/null
@@ -1,70 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_private_encrypt, RSA_public_decrypt - low level signature operations
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_private_encrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-
- int RSA_public_decrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-
-=head1 DESCRIPTION
-
-These functions handle RSA signatures at a low level.
-
-RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a
-message digest with an algorithm identifier) using the private key
-B<rsa> and stores the signature in B<to>. B<to> must point to
-B<RSA_size(rsa)> bytes of memory.
-
-B<padding> denotes one of the following modes:
-
-=over 4
-
-=item RSA_PKCS1_PADDING
-
-PKCS #1 v1.5 padding. This function does not handle the
-B<algorithmIdentifier> specified in PKCS #1. When generating or
-verifying PKCS #1 signatures, L<RSA_sign(3)|RSA_sign(3)> and L<RSA_verify(3)|RSA_verify(3)> should be
-used.
-
-=item RSA_NO_PADDING
-
-Raw RSA signature. This mode should I<only> be used to implement
-cryptographically sound padding modes in the application code.
-Signing user data directly with RSA is insecure.
-
-=back
-
-RSA_public_decrypt() recovers the message digest from the B<flen>
-bytes long signature at B<from> using the signer's public key
-B<rsa>. B<to> must point to a memory section large enough to hold the
-message digest (which is smaller than B<RSA_size(rsa) -
-11>). B<padding> is the padding mode that was used to sign the data.
-
-=head1 RETURN VALUES
-
-RSA_private_encrypt() returns the size of the signature (i.e.,
-RSA_size(rsa)). RSA_public_decrypt() returns the size of the
-recovered message digest.
-
-On error, -1 is returned; the error codes can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
-
-=head1 HISTORY
-
-The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
-available since SSLeay 0.9.0.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RSA_public_encrypt.pod b/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
deleted file mode 100644
index ab0fe3b..0000000
--- a/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
+++ /dev/null
@@ -1,84 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_public_encrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-
- int RSA_private_decrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-
-=head1 DESCRIPTION
-
-RSA_public_encrypt() encrypts the B<flen> bytes at B<from> (usually a
-session key) using the public key B<rsa> and stores the ciphertext in
-B<to>. B<to> must point to RSA_size(B<rsa>) bytes of memory.
-
-B<padding> denotes one of the following modes:
-
-=over 4
-
-=item RSA_PKCS1_PADDING
-
-PKCS #1 v1.5 padding. This currently is the most widely used mode.
-
-=item RSA_PKCS1_OAEP_PADDING
-
-EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty
-encoding parameter. This mode is recommended for all new applications.
-
-=item RSA_SSLV23_PADDING
-
-PKCS #1 v1.5 padding with an SSL-specific modification that denotes
-that the server is SSL3 capable.
-
-=item RSA_NO_PADDING
-
-Raw RSA encryption. This mode should I<only> be used to implement
-cryptographically sound padding modes in the application code.
-Encrypting user data directly with RSA is insecure.
-
-=back
-
-B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
-based padding modes, less than RSA_size(B<rsa>) - 41 for
-RSA_PKCS1_OAEP_PADDING and exactly RSA_size(B<rsa>) for RSA_NO_PADDING.
-The random number generator must be seeded prior to calling
-RSA_public_encrypt().
-
-RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
-private key B<rsa> and stores the plaintext in B<to>. B<to> must point
-to a memory section large enough to hold the decrypted data (which is
-smaller than RSA_size(B<rsa>)). B<padding> is the padding mode that
-was used to encrypt the data.
-
-=head1 RETURN VALUES
-
-RSA_public_encrypt() returns the size of the encrypted data (i.e.,
-RSA_size(B<rsa>)). RSA_private_decrypt() returns the size of the
-recovered plaintext.
-
-On error, -1 is returned; the error codes can be
-obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 CONFORMING TO
-
-SSL, PKCS #1 v2.0
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
-L<RSA_size(3)|RSA_size(3)>
-
-=head1 HISTORY
-
-The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
-available since SSLeay 0.9.0, OAEP was added in OpenSSL 0.9.2b.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RSA_set_method.pod b/crypto/openssl/doc/crypto/RSA_set_method.pod
deleted file mode 100644
index 0a305f6..0000000
--- a/crypto/openssl/doc/crypto/RSA_set_method.pod
+++ /dev/null
@@ -1,202 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_set_default_method, RSA_get_default_method, RSA_set_method,
-RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags,
-RSA_new_method - select RSA method
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- void RSA_set_default_method(const RSA_METHOD *meth);
-
- RSA_METHOD *RSA_get_default_method(void);
-
- int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
-
- RSA_METHOD *RSA_get_method(const RSA *rsa);
-
- RSA_METHOD *RSA_PKCS1_SSLeay(void);
-
- RSA_METHOD *RSA_null_method(void);
-
- int RSA_flags(const RSA *rsa);
-
- RSA *RSA_new_method(RSA_METHOD *method);
-
-=head1 DESCRIPTION
-
-An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
-operations. By modifying the method, alternative implementations such as
-hardware accelerators may be used. IMPORTANT: See the NOTES section for
-important information about how these RSA API functions are affected by the
-use of B<ENGINE> API calls.
-
-Initially, the default RSA_METHOD is the OpenSSL internal implementation,
-as returned by RSA_PKCS1_SSLeay().
-
-RSA_set_default_method() makes B<meth> the default method for all RSA
-structures created later. B<NB>: This is true only whilst no ENGINE has
-been set as a default for RSA, so this function is no longer recommended.
-
-RSA_get_default_method() returns a pointer to the current default
-RSA_METHOD. However, the meaningfulness of this result is dependant on
-whether the ENGINE API is being used, so this function is no longer
-recommended.
-
-RSA_set_method() selects B<meth> to perform all operations using the key
-B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the
-previous method was supplied by an ENGINE, the handle to that ENGINE will
-be released during the change. It is possible to have RSA keys that only
-work with certain RSA_METHOD implementations (eg. from an ENGINE module
-that supports embedded hardware-protected keys), and in such cases
-attempting to change the RSA_METHOD for the key can have unexpected
-results.
-
-RSA_get_method() returns a pointer to the RSA_METHOD being used by B<rsa>.
-This method may or may not be supplied by an ENGINE implementation, but if
-it is, the return value can only be guaranteed to be valid as long as the
-RSA key itself is valid and does not have its implementation changed by
-RSA_set_method().
-
-RSA_flags() returns the B<flags> that are set for B<rsa>'s current
-RSA_METHOD. See the BUGS section.
-
-RSA_new_method() allocates and initializes an RSA structure so that
-B<engine> will be used for the RSA operations. If B<engine> is NULL, the
-default ENGINE for RSA operations is used, and if no default ENGINE is set,
-the RSA_METHOD controlled by RSA_set_default_method() is used.
-
-RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
-
-RSA_new_method() allocates and initializes an B<RSA> structure so that
-B<method> will be used for the RSA operations. If B<method> is B<NULL>,
-the default method is used.
-
-=head1 THE RSA_METHOD STRUCTURE
-
- typedef struct rsa_meth_st
- {
- /* name of the implementation */
- const char *name;
-
- /* encrypt */
- int (*rsa_pub_enc)(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-
- /* verify arbitrary data */
- int (*rsa_pub_dec)(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-
- /* sign arbitrary data */
- int (*rsa_priv_enc)(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-
- /* decrypt */
- int (*rsa_priv_dec)(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
-
- /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some
- implementations) */
- int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
-
- /* compute r = a ^ p mod m (May be NULL for some implementations) */
- int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
- /* called at RSA_new */
- int (*init)(RSA *rsa);
-
- /* called at RSA_free */
- int (*finish)(RSA *rsa);
-
- /* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key
- * operations, even if p,q,dmp1,dmq1,iqmp
- * are NULL
- * RSA_FLAG_SIGN_VER - enable rsa_sign and rsa_verify
- * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
- */
- int flags;
-
- char *app_data; /* ?? */
-
- /* sign. For backward compatibility, this is used only
- * if (flags & RSA_FLAG_SIGN_VER)
- */
- int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-
- /* verify. For backward compatibility, this is used only
- * if (flags & RSA_FLAG_SIGN_VER)
- */
- int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
- unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
- } RSA_METHOD;
-
-=head1 RETURN VALUES
-
-RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_method()
-and RSA_get_method() return pointers to the respective RSA_METHODs.
-
-RSA_set_default_method() returns no value.
-
-RSA_set_method() returns a pointer to the old RSA_METHOD implementation
-that was replaced. However, this return value should probably be ignored
-because if it was supplied by an ENGINE, the pointer could be invalidated
-at any time if the ENGINE is unloaded (in fact it could be unloaded as a
-result of the RSA_set_method() function releasing its handle to the
-ENGINE). For this reason, the return type may be replaced with a B<void>
-declaration in a future release.
-
-RSA_new_method() returns NULL and sets an error code that can be obtained
-by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
-it returns a pointer to the newly allocated structure.
-
-=head1 NOTES
-
-As of version 0.9.7, RSA_METHOD implementations are grouped together with
-other algorithmic APIs (eg. DSA_METHOD, EVP_CIPHER, etc) into B<ENGINE>
-modules. If a default ENGINE is specified for RSA functionality using an
-ENGINE API function, that will override any RSA defaults set using the RSA
-API (ie. RSA_set_default_method()). For this reason, the ENGINE API is the
-recommended way to control default implementations for use in RSA and other
-cryptographic algorithms.
-
-=head1 BUGS
-
-The behaviour of RSA_flags() is a mis-feature that is left as-is for now
-to avoid creating compatibility problems. RSA functionality, such as the
-encryption functions, are controlled by the B<flags> value in the RSA key
-itself, not by the B<flags> value in the RSA_METHOD attached to the RSA key
-(which is what this function returns). If the flags element of an RSA key
-is changed, the changes will be honoured by RSA functionality but will not
-be reflected in the return value of the RSA_flags() function - in effect
-RSA_flags() behaves more like an RSA_default_flags() function (which does
-not currently exist).
-
-=head1 SEE ALSO
-
-L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)>
-
-=head1 HISTORY
-
-RSA_new_method() and RSA_set_default_method() appeared in SSLeay 0.8.
-RSA_get_default_method(), RSA_set_method() and RSA_get_method() as
-well as the rsa_sign and rsa_verify components of RSA_METHOD were
-added in OpenSSL 0.9.4.
-
-RSA_set_default_openssl_method() and RSA_get_default_openssl_method()
-replaced RSA_set_default_method() and RSA_get_default_method()
-respectively, and RSA_set_method() and RSA_new_method() were altered to use
-B<ENGINE>s rather than B<RSA_METHOD>s during development of the engine
-version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the ENGINE
-API was restructured so that this change was reversed, and behaviour of the
-other functions resembled more closely the previous behaviour. The
-behaviour of defaults in the ENGINE API now transparently overrides the
-behaviour of defaults in the RSA API without requiring changing these
-function prototypes.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RSA_sign.pod b/crypto/openssl/doc/crypto/RSA_sign.pod
deleted file mode 100644
index 8553be8..0000000
--- a/crypto/openssl/doc/crypto/RSA_sign.pod
+++ /dev/null
@@ -1,62 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_sign, RSA_verify - RSA signatures
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-
- int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
-=head1 DESCRIPTION
-
-RSA_sign() signs the message digest B<m> of size B<m_len> using the
-private key B<rsa> as specified in PKCS #1 v2.0. It stores the
-signature in B<sigret> and the signature size in B<siglen>. B<sigret>
-must point to RSA_size(B<rsa>) bytes of memory.
-
-B<type> denotes the message digest algorithm that was used to generate
-B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>;
-see L<objects(3)|objects(3)> for details. If B<type> is B<NID_md5_sha1>,
-an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding
-and no algorithm identifier) is created.
-
-RSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
-matches a given message digest B<m> of size B<m_len>. B<type> denotes
-the message digest algorithm that was used to generate the signature.
-B<rsa> is the signer's public key.
-
-=head1 RETURN VALUES
-
-RSA_sign() returns 1 on success, 0 otherwise. RSA_verify() returns 1
-on successful verification, 0 otherwise.
-
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 BUGS
-
-Certain signatures with an improper algorithm identifier are accepted
-for compatibility with SSLeay 0.4.5 :-)
-
-=head1 CONFORMING TO
-
-SSL, PKCS #1 v2.0
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
-L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
-L<RSA_public_decrypt(3)|RSA_public_decrypt(3)>
-
-=head1 HISTORY
-
-RSA_sign() and RSA_verify() are available in all versions of SSLeay
-and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
deleted file mode 100644
index e70380b..0000000
--- a/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
+++ /dev/null
@@ -1,59 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
- unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
- RSA *rsa);
-
- int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
- unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
- RSA *rsa);
-
-=head1 DESCRIPTION
-
-RSA_sign_ASN1_OCTET_STRING() signs the octet string B<m> of size
-B<m_len> using the private key B<rsa> represented in DER using PKCS #1
-padding. It stores the signature in B<sigret> and the signature size
-in B<siglen>. B<sigret> must point to B<RSA_size(rsa)> bytes of
-memory.
-
-B<dummy> is ignored.
-
-The random number generator must be seeded prior to calling RSA_sign_ASN1_OCTET_STRING().
-
-RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf>
-of size B<siglen> is the DER representation of a given octet string
-B<m> of size B<m_len>. B<dummy> is ignored. B<rsa> is the signer's
-public key.
-
-=head1 RETURN VALUES
-
-RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise.
-RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0
-otherwise.
-
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 BUGS
-
-These functions serve no recognizable purpose.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
-L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
-L<RSA_verify(3)|RSA_verify(3)>
-
-=head1 HISTORY
-
-RSA_sign_ASN1_OCTET_STRING() and RSA_verify_ASN1_OCTET_STRING() were
-added in SSLeay 0.8.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/RSA_size.pod b/crypto/openssl/doc/crypto/RSA_size.pod
deleted file mode 100644
index 5b7f835..0000000
--- a/crypto/openssl/doc/crypto/RSA_size.pod
+++ /dev/null
@@ -1,33 +0,0 @@
-=pod
-
-=head1 NAME
-
-RSA_size - get RSA modulus size
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
-
- int RSA_size(const RSA *rsa);
-
-=head1 DESCRIPTION
-
-This function returns the RSA modulus size in bytes. It can be used to
-determine how much memory must be allocated for an RSA encrypted
-value.
-
-B<rsa-E<gt>n> must not be B<NULL>.
-
-=head1 RETURN VALUE
-
-The size in bytes.
-
-=head1 SEE ALSO
-
-L<rsa(3)|rsa(3)>
-
-=head1 HISTORY
-
-RSA_size() is available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod b/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod
deleted file mode 100644
index ffafa37..0000000
--- a/crypto/openssl/doc/crypto/SMIME_read_PKCS7.pod
+++ /dev/null
@@ -1,71 +0,0 @@
-=pod
-
-=head1 NAME
-
-SMIME_read_PKCS7 - parse S/MIME message.
-
-=head1 SYNOPSIS
-
-PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
-
-=head1 DESCRIPTION
-
-SMIME_read_PKCS7() parses a message in S/MIME format.
-
-B<in> is a BIO to read the message from.
-
-If cleartext signing is used then the content is saved in
-a memory bio which is written to B<*bcont>, otherwise
-B<*bcont> is set to B<NULL>.
-
-The parsed PKCS#7 structure is returned or B<NULL> if an
-error occurred.
-
-=head1 NOTES
-
-If B<*bcont> is not B<NULL> then the message is clear text
-signed. B<*bcont> can then be passed to PKCS7_verify() with
-the B<PKCS7_DETACHED> flag set.
-
-Otherwise the type of the returned structure can be determined
-using PKCS7_type().
-
-To support future functionality if B<bcont> is not B<NULL>
-B<*bcont> should be initialized to B<NULL>. For example:
-
- BIO *cont = NULL;
- PKCS7 *p7;
-
- p7 = SMIME_read_PKCS7(in, &cont);
-
-=head1 BUGS
-
-The MIME parser used by SMIME_read_PKCS7() is somewhat primitive.
-While it will handle most S/MIME messages more complex compound
-formats may not work.
-
-The parser assumes that the PKCS7 structure is always base64
-encoded and will not handle the case where it is in binary format
-or uses quoted printable format.
-
-The use of a memory BIO to hold the signed content limits the size
-of message which can be processed due to memory restraints: a
-streaming single pass option should be available.
-
-=head1 RETURN VALUES
-
-SMIME_read_PKCS7() returns a valid B<PKCS7> structure or B<NULL>
-is an error occurred. The error can be obtained from ERR_get_error(3).
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_type(3)|PKCS7_type(3)>
-L<SMIME_read_PKCS7(3)|SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
-L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
-L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
-
-=head1 HISTORY
-
-SMIME_read_PKCS7() was added to OpenSSL 0.9.5
-
-=cut
diff --git a/crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod b/crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod
deleted file mode 100644
index 61945b3..0000000
--- a/crypto/openssl/doc/crypto/SMIME_write_PKCS7.pod
+++ /dev/null
@@ -1,61 +0,0 @@
-=pod
-
-=head1 NAME
-
-SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format.
-
-=head1 SYNOPSIS
-
-int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
-
-=head1 DESCRIPTION
-
-SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7
-structure to produce an S/MIME message.
-
-B<out> is the BIO to write the data to. B<p7> is the appropriate
-B<PKCS7> structure. If cleartext signing (B<multipart/signed>) is
-being used then the signed data must be supplied in the B<data>
-argument. B<flags> is an optional set of flags.
-
-=head1 NOTES
-
-The following flags can be passed in the B<flags> parameter.
-
-If B<PKCS7_DETACHED> is set then cleartext signing will be used,
-this option only makes sense for signedData where B<PKCS7_DETACHED>
-is also set when PKCS7_sign() is also called.
-
-If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain>
-are added to the content, this only makes sense if B<PKCS7_DETACHED>
-is also set.
-
-If the B<PKCS7_PARTSIGN> flag is set the signed data is finalized
-and output along with the content. This flag should only be set
-if B<PKCS7_DETACHED> is also set and the previous call to PKCS7_sign()
-also set these flags.
-
-If cleartext signing is being used and B<PKCS7_PARTSIGN> not set then
-the data must be read twice: once to compute the signature in PKCS7_sign()
-and once to output the S/MIME message.
-
-=head1 BUGS
-
-SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there
-should be an option to disable this.
-
-=head1 RETURN VALUES
-
-SMIME_write_PKCS7() returns 1 for success or 0 for failure.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
-L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
-L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
-
-=head1 HISTORY
-
-SMIME_write_PKCS7() was added to OpenSSL 0.9.5
-
-=cut
diff --git a/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod b/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
deleted file mode 100644
index 11b35f6..0000000
--- a/crypto/openssl/doc/crypto/X509_NAME_ENTRY_get_object.pod
+++ /dev/null
@@ -1,72 +0,0 @@
-=pod
-
-=head1 NAME
-
-X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
-X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data,
-X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID,
-X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
-
-=head1 SYNOPSIS
-
-ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
-
-int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
-int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
-
-=head1 DESCRIPTION
-
-X509_NAME_ENTRY_get_object() retrieves the field name of B<ne> in
-and B<ASN1_OBJECT> structure.
-
-X509_NAME_ENTRY_get_data() retrieves the field value of B<ne> in
-and B<ASN1_STRING> structure.
-
-X509_NAME_ENTRY_set_object() sets the field name of B<ne> to B<obj>.
-
-X509_NAME_ENTRY_set_data() sets the field value of B<ne> to string type
-B<type> and value determined by B<bytes> and B<len>.
-
-X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID()
-and X509_NAME_ENTRY_create_by_OBJ() create and return an
-B<X509_NAME_ENTRY> structure.
-
-=head1 NOTES
-
-X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
-used to examine an B<X509_NAME_ENTRY> function as returned by
-X509_NAME_get_entry() for example.
-
-X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
-and X509_NAME_ENTRY_create_by_OBJ() create and return an
-
-X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
-X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
-are seldom used in practice because B<X509_NAME_ENTRY> structures
-are almost always part of B<X509_NAME> structures and the
-corresponding B<X509_NAME> functions are typically used to
-create and add new entries in a single operation.
-
-The arguments of these functions support similar options to the similarly
-named ones of the corresponding B<X509_NAME> functions such as
-X509_NAME_add_entry_by_txt(). So for example B<type> can be set to
-B<MBSTRING_ASC> but in the case of X509_set_data() the field name must be
-set first so the relevant field information can be looked up internally.
-
-=head1 RETURN VALUES
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
-L<OBJ_nid2obj(3),OBJ_nid2obj(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod b/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod
deleted file mode 100644
index e2ab4b0..0000000
--- a/crypto/openssl/doc/crypto/X509_NAME_add_entry_by_txt.pod
+++ /dev/null
@@ -1,114 +0,0 @@
-=pod
-
-=head1 NAME
-
-X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID,
-X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
-
-=head1 SYNOPSIS
-
-int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
-
-int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
-
-int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
-
-int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
-
-X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
-
-=head1 DESCRIPTION
-
-X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ() and
-X509_NAME_add_entry_by_NID() add a field whose name is defined
-by a string B<field>, an object B<obj> or a NID B<nid> respectively.
-The field value to be added is in B<bytes> of length B<len>. If
-B<len> is -1 then the field length is calculated internally using
-strlen(bytes).
-
-The type of field is determined by B<type> which can either be a
-definition of the type of B<bytes> (such as B<MBSTRING_ASC>) or a
-standard ASN1 type (such as B<V_ASN1_IA5STRING>). The new entry is
-added to a position determined by B<loc> and B<set>.
-
-X509_NAME_add_entry() adds a copy of B<X509_NAME_ENTRY> structure B<ne>
-to B<name>. The new entry is added to a position determined by B<loc>
-and B<set>. Since a copy of B<ne> is added B<ne> must be freed up after
-the call.
-
-X509_NAME_delete_entry() deletes an entry from B<name> at position
-B<loc>. The deleted entry is returned and must be freed up.
-
-=head1 NOTES
-
-The use of string types such as B<MBSTRING_ASC> or B<MBSTRING_UTF8>
-is strongly recommened for the B<type> parameter. This allows the
-internal code to correctly determine the type of the field and to
-apply length checks according to the relevant standards. This is
-done using ASN1_STRING_set_by_NID().
-
-If instead an ASN1 type is used no checks are performed and the
-supplied data in B<bytes> is used directly.
-
-In X509_NAME_add_entry_by_txt() the B<field> string represents
-the field name using OBJ_txt2obj(field, 0).
-
-The B<loc> and B<set> parameters determine where a new entry should
-be added. For almost all applications B<loc> can be set to -1 and B<set>
-to 0. This adds a new entry to the end of B<name> as a single valued
-RelativeDistinguishedName (RDN).
-
-B<loc> actually determines the index where the new entry is inserted:
-if it is -1 it is appended.
-
-B<set> determines how the new type is added. If it is zero a
-new RDN is created.
-
-If B<set> is -1 or 1 it is added to the previous or next RDN
-structure respectively. This will then be a multivalued RDN:
-since multivalues RDNs are very seldom used B<set> is almost
-always set to zero.
-
-=head1 EXAMPLES
-
-Create an B<X509_NAME> structure:
-
-"C=UK, O=Disorganized Organization, CN=Joe Bloggs"
-
- X509_NAME *nm;
- nm = X509_NAME_new();
- if (nm == NULL)
- /* Some error */
- if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
- "C", "UK", -1, -1, 0))
- /* Error */
- if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
- "O", "Disorganized Organization", -1, -1, 0))
- /* Error */
- if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
- "CN", "Joe Bloggs", -1, -1, 0))
- /* Error */
-
-=head1 RETURN VALUES
-
-X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(),
-X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for
-success of 0 if an error occurred.
-
-X509_NAME_delete_entry() returns either the deleted B<X509_NAME_ENTRY>
-structure of B<NULL> if an error occurred.
-
-=head1 BUGS
-
-B<type> can still be set to B<V_ASN1_APP_CHOOSE> to use a
-different algorithm to determine field types. Since this form does
-not understand multicharacter types, performs no length checks and
-can result in invalid field types its use is strongly discouraged.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
-
-=head1 HISTORY
-
-=cut
diff --git a/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod b/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
deleted file mode 100644
index 333323d..0000000
--- a/crypto/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod
+++ /dev/null
@@ -1,106 +0,0 @@
-=pod
-
-=head1 NAME
-
-X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
-X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ -
-X509_NAME lookup and enumeration functions
-
-=head1 SYNOPSIS
-
-int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
-
-int X509_NAME_entry_count(X509_NAME *name);
-X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
-
-int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
-int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
-
-=head1 DESCRIPTION
-
-These functions allow an B<X509_NAME> structure to be examined. The
-B<X509_NAME> structure is the same as the B<Name> type defined in
-RFC2459 (and elsewhere) and used for example in certificate subject
-and issuer names.
-
-X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve
-the next index matching B<nid> or B<obj> after B<lastpos>. B<lastpos>
-should initially be set to -1. If there are no more entries -1 is returned.
-
-X509_NAME_entry_count() returns the total number of entries in B<name>.
-
-X509_NAME_get_entry() retrieves the B<X509_NAME_ENTRY> from B<name>
-corresponding to index B<loc>. Acceptable values for B<loc> run from
-0 to (X509_NAME_entry_count(name) - 1). The value returned is an
-internal pointer which must not be freed.
-
-X509_NAME_get_text_by_NID(), X509_NAME_get_text_by_OBJ() retrieve
-the "text" from the first entry in B<name> which matches B<nid> or
-B<obj>, if no such entry exists -1 is returned. At most B<len> bytes
-will be written and the text written to B<buf> will be null
-terminated. The length of the output string written is returned
-excluding the terminating null. If B<buf> is <NULL> then the amount
-of space needed in B<buf> (excluding the final null) is returned.
-
-=head1 NOTES
-
-X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() are
-legacy functions which have various limitations which make them
-of minimal use in practice. They can only find the first matching
-entry and will copy the contents of the field verbatim: this can
-be highly confusing if the target is a muticharacter string type
-like a BMPString or a UTF8String.
-
-For a more general solution X509_NAME_get_index_by_NID() or
-X509_NAME_get_index_by_OBJ() should be used followed by
-X509_NAME_get_entry() on any matching indices and then the
-various B<X509_NAME_ENTRY> utility functions on the result.
-
-=head1 EXAMPLES
-
-Process all entries:
-
- int i;
- X509_NAME_ENTRY *e;
-
- for (i = 0; i < X509_NAME_entry_count(nm); i++)
- {
- e = X509_NAME_get_entry(nm, i);
- /* Do something with e */
- }
-
-Process all commonName entries:
-
- int loc;
- X509_NAME_ENTRY *e;
-
- loc = -1;
- for (;;)
- {
- lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
- if (lastpos == -1)
- break;
- e = X509_NAME_get_entry(nm, lastpos);
- /* Do something with e */
- }
-
-=head1 RETURN VALUES
-
-X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ()
-return the index of the next matching entry or -1 if not found.
-
-X509_NAME_entry_count() returns the total number of entries.
-
-X509_NAME_get_entry() returns an B<X509_NAME> pointer to the
-requested entry or B<NULL> if the index is invalid.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/X509_NAME_print_ex.pod b/crypto/openssl/doc/crypto/X509_NAME_print_ex.pod
deleted file mode 100644
index 919b908..0000000
--- a/crypto/openssl/doc/crypto/X509_NAME_print_ex.pod
+++ /dev/null
@@ -1,105 +0,0 @@
-=pod
-
-=head1 NAME
-
-X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
-X509_NAME_oneline - X509_NAME printing routines.
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
- int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
- char * X509_NAME_oneline(X509_NAME *a,char *buf,int size);
- int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
-
-=head1 DESCRIPTION
-
-X509_NAME_print_ex() prints a human readable version of B<nm> to BIO B<out>. Each
-line (for multiline formats) is indented by B<indent> spaces. The output format
-can be extensively customised by use of the B<flags> parameter.
-
-X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is
-written to FILE pointer B<fp>.
-
-X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>. At most B<size>
-bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically allocated
-and returned, otherwise B<buf> is returned.
-
-X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase>
-characters. Multiple lines are used if the output (including indent) exceeds
-80 characters.
-
-=head1 NOTES
-
-The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which
-produce a non standard output form, they don't handle multi character fields and
-have various quirks and inconsistencies. Their use is strongly discouraged in new
-applications.
-
-Although there are a large number of possible flags for most purposes
-B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice.
-As noted on the L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> manual page
-for UTF8 terminals the B<ASN1_STRFLGS_ESC_MSB> should be unset: so for example
-B<XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB> would be used.
-
-The complete set of the flags supported by X509_NAME_print_ex() is listed below.
-
-Several options can be ored together.
-
-The options B<XN_FLAG_SEP_COMMA_PLUS>, B<XN_FLAG_SEP_CPLUS_SPC>,
-B<XN_FLAG_SEP_SPLUS_SPC> and B<XN_FLAG_SEP_MULTILINE> determine the field separators
-to use. Two distinct separators are used between distinct RelativeDistinguishedName
-components and separate values in the same RDN for a multi-valued RDN. Multi-valued
-RDNs are currently very rare so the second separator will hardly ever be used.
-
-B<XN_FLAG_SEP_COMMA_PLUS> uses comma and plus as separators. B<XN_FLAG_SEP_CPLUS_SPC>
-uses comma and plus with spaces: this is more readable that plain comma and plus.
-B<XN_FLAG_SEP_SPLUS_SPC> uses spaced semicolon and plus. B<XN_FLAG_SEP_MULTILINE> uses
-spaced newline and plus respectively.
-
-If B<XN_FLAG_DN_REV> is set the whole DN is printed in reversed order.
-
-The fields B<XN_FLAG_FN_SN>, B<XN_FLAG_FN_LN>, B<XN_FLAG_FN_OID>,
-B<XN_FLAG_FN_NONE> determine how a field name is displayed. It will
-use the short name (e.g. CN) the long name (e.g. commonName) always
-use OID numerical form (normally OIDs are only used if the field name is not
-recognised) and no field name respectively.
-
-If B<XN_FLAG_SPC_EQ> is set then spaces will be placed around the '=' character
-separating field names and values.
-
-If B<XN_FLAG_DUMP_UNKNOWN_FIELDS> is set then the encoding of unknown fields is
-printed instead of the values.
-
-If B<XN_FLAG_FN_ALIGN> is set then field names are padded to 20 characters: this
-is only of use for multiline format.
-
-Additionally all the options supported by ASN1_STRING_print_ex() can be used to
-control how each field value is displayed.
-
-In addition a number options can be set for commonly used formats.
-
-B<XN_FLAG_RFC2253> sets options which produce an output compatible with RFC2253 it
-is equivalent to:
- B<ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS>
-
-
-B<XN_FLAG_ONELINE> is a more readable one line format it is the same as:
- B<ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN>
-
-B<XN_FLAG_MULTILINE> is a multiline format is is the same as:
- B<ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN>
-
-B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally.
-
-=head1 SEE ALSO
-
-L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/X509_new.pod b/crypto/openssl/doc/crypto/X509_new.pod
deleted file mode 100644
index fd5fc65..0000000
--- a/crypto/openssl/doc/crypto/X509_new.pod
+++ /dev/null
@@ -1,37 +0,0 @@
-=pod
-
-=head1 NAME
-
-X509_new, X509_free - X509 certificate ASN1 allocation functions
-
-=head1 SYNOPSIS
-
- X509 *X509_new(void);
- void X509_free(X509 *a);
-
-=head1 DESCRIPTION
-
-The X509 ASN1 allocation routines, allocate and free an
-X509 structure, which represents an X509 certificate.
-
-X509_new() allocates and initializes a X509 structure.
-
-X509_free() frees up the B<X509> structure B<a>.
-
-=head1 RETURN VALUES
-
-If the allocation fails, X509_new() returns B<NULL> and sets an error
-code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-Otherwise it returns a pointer to the newly allocated structure.
-
-X509_free() returns no value.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-X509_new() and X509_free() are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/bio.pod b/crypto/openssl/doc/crypto/bio.pod
deleted file mode 100644
index f9239226..0000000
--- a/crypto/openssl/doc/crypto/bio.pod
+++ /dev/null
@@ -1,54 +0,0 @@
-=pod
-
-=head1 NAME
-
-bio - I/O abstraction
-
-=head1 SYNOPSIS
-
- #include <openssl/bio.h>
-
-TBA
-
-
-=head1 DESCRIPTION
-
-A BIO is an I/O abstraction, it hides many of the underlying I/O
-details from an application. If an application uses a BIO for its
-I/O it can transparently handle SSL connections, unencrypted network
-connections and file I/O.
-
-There are two type of BIO, a source/sink BIO and a filter BIO.
-
-As its name implies a source/sink BIO is a source and/or sink of data,
-examples include a socket BIO and a file BIO.
-
-A filter BIO takes data from one BIO and passes it through to
-another, or the application. The data may be left unmodified (for
-example a message digest BIO) or translated (for example an
-encryption BIO). The effect of a filter BIO may change according
-to the I/O operation it is performing: for example an encryption
-BIO will encrypt data if it is being written to and decrypt data
-if it is being read from.
-
-BIOs can be joined together to form a chain (a single BIO is a chain
-with one component). A chain normally consist of one source/sink
-BIO and one or more filter BIOs. Data read from or written to the
-first BIO then traverses the chain to the end (normally a source/sink
-BIO).
-
-=head1 SEE ALSO
-
-L<BIO_ctrl(3)|BIO_ctrl(3)>,
-L<BIO_f_base64(3)|BIO_f_base64(3)>, L<BIO_f_buffer(3)|BIO_f_buffer(3)>,
-L<BIO_f_cipher(3)|BIO_f_cipher(3)>, L<BIO_f_md(3)|BIO_f_md(3)>,
-L<BIO_f_null(3)|BIO_f_null(3)>, L<BIO_f_ssl(3)|BIO_f_ssl(3)>,
-L<BIO_find_type(3)|BIO_find_type(3)>, L<BIO_new(3)|BIO_new(3)>,
-L<BIO_new_bio_pair(3)|BIO_new_bio_pair(3)>,
-L<BIO_push(3)|BIO_push(3)>, L<BIO_read(3)|BIO_read(3)>,
-L<BIO_s_accept(3)|BIO_s_accept(3)>, L<BIO_s_bio(3)|BIO_s_bio(3)>,
-L<BIO_s_connect(3)|BIO_s_connect(3)>, L<BIO_s_fd(3)|BIO_s_fd(3)>,
-L<BIO_s_file(3)|BIO_s_file(3)>, L<BIO_s_mem(3)|BIO_s_mem(3)>,
-L<BIO_s_null(3)|BIO_s_null(3)>, L<BIO_s_socket(3)|BIO_s_socket(3)>,
-L<BIO_set_callback(3)|BIO_set_callback(3)>,
-L<BIO_should_retry(3)|BIO_should_retry(3)>
diff --git a/crypto/openssl/doc/crypto/blowfish.pod b/crypto/openssl/doc/crypto/blowfish.pod
deleted file mode 100644
index 5b2d274..0000000
--- a/crypto/openssl/doc/crypto/blowfish.pod
+++ /dev/null
@@ -1,112 +0,0 @@
-=pod
-
-=head1 NAME
-
-blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
-BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
-
-=head1 SYNOPSIS
-
- #include <openssl/blowfish.h>
-
- void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
-
- void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
- BF_KEY *key, int enc);
- void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
- long length, BF_KEY *schedule, unsigned char *ivec, int enc);
- void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, BF_KEY *schedule, unsigned char *ivec, int *num,
- int enc);
- void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, BF_KEY *schedule, unsigned char *ivec, int *num);
- const char *BF_options(void);
-
- void BF_encrypt(BF_LONG *data,const BF_KEY *key);
- void BF_decrypt(BF_LONG *data,const BF_KEY *key);
-
-=head1 DESCRIPTION
-
-This library implements the Blowfish cipher, which was invented and described
-by Counterpane (see http://www.counterpane.com/blowfish.html ).
-
-Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
-It uses a variable size key, but typically, 128 bit (16 byte) keys are
-considered good for strong encryption. Blowfish can be used in the same
-modes as DES (see L<des_modes(7)|des_modes(7)>). Blowfish is currently one
-of the faster block ciphers. It is quite a bit faster than DES, and much
-faster than IDEA or RC2.
-
-Blowfish consists of a key setup phase and the actual encryption or decryption
-phase.
-
-BF_set_key() sets up the B<BF_KEY> B<key> using the B<len> bytes long key
-at B<data>.
-
-BF_ecb_encrypt() is the basic Blowfish encryption and decryption function.
-It encrypts or decrypts the first 64 bits of B<in> using the key B<key>,
-putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>)
-or decryption (B<BF_DECRYPT>) shall be performed. The vector pointed at by
-B<in> and B<out> must be 64 bits in length, no less. If they are larger,
-everything after the first 64 bits is ignored.
-
-The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt()
-all operate on variable length data. They all take an initialization vector
-B<ivec> which needs to be passed along into the next call of the same function
-for the same message. B<ivec> may be initialized with anything, but the
-recipient needs to know what it was initialized with, or it won't be able
-to decrypt. Some programs and protocols simplify this, like SSH, where
-B<ivec> is simply initialized to zero.
-BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while
-BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
-number of bytes (the amount does not have to be an exact multiple of 8). The
-purpose of the latter two is to simulate stream ciphers, and therefore, they
-need the parameter B<num>, which is a pointer to an integer where the current
-offset in B<ivec> is stored between calls. This integer must be initialized
-to zero when B<ivec> is initialized.
-
-BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish. It
-encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>,
-putting the result in B<out>. B<enc> decides if encryption (BF_ENCRYPT) or
-decryption (BF_DECRYPT) shall be performed. B<ivec> must point at an 8 byte
-long initialization vector.
-
-BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback.
-It encrypts or decrypts the bytes in B<in> using the key B<schedule>,
-putting the result in B<out>. B<enc> decides if encryption (B<BF_ENCRYPT>)
-or decryption (B<BF_DECRYPT>) shall be performed. B<ivec> must point at an
-8 byte long initialization vector. B<num> must point at an integer which must
-be initially zero.
-
-BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback.
-It uses the same parameters as BF_cfb64_encrypt(), which must be initialized
-the same way.
-
-BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish
-encryption. They encrypt/decrypt the first 64 bits of the vector pointed by
-B<data>, using the key B<key>. These functions should not be used unless you
-implement 'modes' of Blowfish. The alternative is to use BF_ecb_encrypt().
-If you still want to use these functions, you should be aware that they take
-each 32-bit chunk in host-byte order, which is little-endian on little-endian
-platforms and big-endian on big-endian ones.
-
-=head1 RETURN VALUES
-
-None of the functions presented here return any value.
-
-=head1 NOTE
-
-Applications should use the higher level functions
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> etc. instead of calling the
-blowfish functions directly.
-
-=head1 SEE ALSO
-
-L<des_modes(7)|des_modes(7)>
-
-=head1 HISTORY
-
-The Blowfish functions are available in all versions of SSLeay and OpenSSL.
-
-=cut
-
diff --git a/crypto/openssl/doc/crypto/bn.pod b/crypto/openssl/doc/crypto/bn.pod
deleted file mode 100644
index cd2f8e5..0000000
--- a/crypto/openssl/doc/crypto/bn.pod
+++ /dev/null
@@ -1,181 +0,0 @@
-=pod
-
-=head1 NAME
-
-bn - multiprecision integer arithmetics
-
-=head1 SYNOPSIS
-
- #include <openssl/bn.h>
-
- BIGNUM *BN_new(void);
- void BN_free(BIGNUM *a);
- void BN_init(BIGNUM *);
- void BN_clear(BIGNUM *a);
- void BN_clear_free(BIGNUM *a);
-
- BN_CTX *BN_CTX_new(void);
- void BN_CTX_init(BN_CTX *c);
- void BN_CTX_free(BN_CTX *c);
-
- BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
- BIGNUM *BN_dup(const BIGNUM *a);
-
- BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b);
-
- int BN_num_bytes(const BIGNUM *a);
- int BN_num_bits(const BIGNUM *a);
- int BN_num_bits_word(BN_ULONG w);
-
- void BN_set_negative(BIGNUM *a, int n);
- int BN_is_negative(const BIGNUM *a);
-
- int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
- int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
- int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
- int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
- int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
- BN_CTX *ctx);
- int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
- int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
- int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx);
- int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx);
- int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
- BN_CTX *ctx);
- int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
- int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
- int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
- int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-
- int BN_add_word(BIGNUM *a, BN_ULONG w);
- int BN_sub_word(BIGNUM *a, BN_ULONG w);
- int BN_mul_word(BIGNUM *a, BN_ULONG w);
- BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
- BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
-
- int BN_cmp(BIGNUM *a, BIGNUM *b);
- int BN_ucmp(BIGNUM *a, BIGNUM *b);
- int BN_is_zero(BIGNUM *a);
- int BN_is_one(BIGNUM *a);
- int BN_is_word(BIGNUM *a, BN_ULONG w);
- int BN_is_odd(BIGNUM *a);
-
- int BN_zero(BIGNUM *a);
- int BN_one(BIGNUM *a);
- const BIGNUM *BN_value_one(void);
- int BN_set_word(BIGNUM *a, unsigned long w);
- unsigned long BN_get_word(BIGNUM *a);
-
- int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
- int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
- int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
- int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
-
- BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
- BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
- int BN_is_prime(const BIGNUM *p, int nchecks,
- void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
-
- int BN_set_bit(BIGNUM *a, int n);
- int BN_clear_bit(BIGNUM *a, int n);
- int BN_is_bit_set(const BIGNUM *a, int n);
- int BN_mask_bits(BIGNUM *a, int n);
- int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
- int BN_lshift1(BIGNUM *r, BIGNUM *a);
- int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
- int BN_rshift1(BIGNUM *r, BIGNUM *a);
-
- int BN_bn2bin(const BIGNUM *a, unsigned char *to);
- BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
- char *BN_bn2hex(const BIGNUM *a);
- char *BN_bn2dec(const BIGNUM *a);
- int BN_hex2bn(BIGNUM **a, const char *str);
- int BN_dec2bn(BIGNUM **a, const char *str);
- int BN_print(BIO *fp, const BIGNUM *a);
- int BN_print_fp(FILE *fp, const BIGNUM *a);
- int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
- BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
-
- BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
- BN_CTX *ctx);
-
- BN_RECP_CTX *BN_RECP_CTX_new(void);
- void BN_RECP_CTX_init(BN_RECP_CTX *recp);
- void BN_RECP_CTX_free(BN_RECP_CTX *recp);
- int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
- int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
- BN_RECP_CTX *recp, BN_CTX *ctx);
-
- BN_MONT_CTX *BN_MONT_CTX_new(void);
- void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
- void BN_MONT_CTX_free(BN_MONT_CTX *mont);
- int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
- BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
- int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
- BN_MONT_CTX *mont, BN_CTX *ctx);
- int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
- BN_CTX *ctx);
- int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
- BN_CTX *ctx);
-
- BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai,
- BIGNUM *mod);
- void BN_BLINDING_free(BN_BLINDING *b);
- int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
- int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
- int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
- int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b,
- BN_CTX *ctx);
- int BN_BLINDING_invert_ex(BIGNUM *n,const BIGNUM *r,BN_BLINDING *b,
- BN_CTX *ctx);
- unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *);
- void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long);
- unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
- void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
- BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
- const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
- int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
- BN_MONT_CTX *m_ctx);
-
-=head1 DESCRIPTION
-
-This library performs arithmetic operations on integers of arbitrary
-size. It was written for use in public key cryptography, such as RSA
-and Diffie-Hellman.
-
-It uses dynamic memory allocation for storing its data structures.
-That means that there is no limit on the size of the numbers
-manipulated by these functions, but return values must always be
-checked in case a memory allocation error has occurred.
-
-The basic object in this library is a B<BIGNUM>. It is used to hold a
-single large integer. This type should be considered opaque and fields
-should not be modified or accessed directly.
-
-The creation of B<BIGNUM> objects is described in L<BN_new(3)|BN_new(3)>;
-L<BN_add(3)|BN_add(3)> describes most of the arithmetic operations.
-Comparison is described in L<BN_cmp(3)|BN_cmp(3)>; L<BN_zero(3)|BN_zero(3)>
-describes certain assignments, L<BN_rand(3)|BN_rand(3)> the generation of
-random numbers, L<BN_generate_prime(3)|BN_generate_prime(3)> deals with prime
-numbers and L<BN_set_bit(3)|BN_set_bit(3)> with bit operations. The conversion
-of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>.
-
-=head1 SEE ALSO
-
-L<bn_internal(3)|bn_internal(3)>,
-L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
-L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
-L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>,
-L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>,
-L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>,
-L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>,
-L<BN_bn2bin(3)|BN_bn2bin(3)>, L<BN_mod_inverse(3)|BN_mod_inverse(3)>,
-L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>,
-L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)>,
-L<BN_BLINDING_new(3)|BN_BLINDING_new(3)>
-
-=cut
diff --git a/crypto/openssl/doc/crypto/bn_internal.pod b/crypto/openssl/doc/crypto/bn_internal.pod
deleted file mode 100644
index 8919146..0000000
--- a/crypto/openssl/doc/crypto/bn_internal.pod
+++ /dev/null
@@ -1,226 +0,0 @@
-=pod
-
-=head1 NAME
-
-bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
-bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
-bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
-bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
-bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive,
-bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
-bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
-library internal functions
-
-=head1 SYNOPSIS
-
- BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
- BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
- BN_ULONG w);
- void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
- BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
- BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
- int num);
- BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
- int num);
-
- void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
- void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
- void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
- void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
-
- int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
-
- void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
- int nb);
- void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
- void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
- int dna,int dnb,BN_ULONG *tmp);
- void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
- int n, int tna,int tnb, BN_ULONG *tmp);
- void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
- int n2, BN_ULONG *tmp);
- void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
- int n2, BN_ULONG *tmp);
-
- void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
- void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
-
- void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
- void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
- void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
-
- BIGNUM *bn_expand(BIGNUM *a, int bits);
- BIGNUM *bn_wexpand(BIGNUM *a, int n);
- BIGNUM *bn_expand2(BIGNUM *a, int n);
- void bn_fix_top(BIGNUM *a);
-
- void bn_check_top(BIGNUM *a);
- void bn_print(BIGNUM *a);
- void bn_dump(BN_ULONG *d, int n);
- void bn_set_max(BIGNUM *a);
- void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
- void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
-
-=head1 DESCRIPTION
-
-This page documents the internal functions used by the OpenSSL
-B<BIGNUM> implementation. They are described here to facilitate
-debugging and extending the library. They are I<not> to be used by
-applications.
-
-=head2 The BIGNUM structure
-
- typedef struct bignum_st
- {
- int top; /* number of words used in d */
- BN_ULONG *d; /* pointer to an array containing the integer value */
- int max; /* size of the d array */
- int neg; /* sign */
- } BIGNUM;
-
-The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>),
-least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits
-in size, depending on the 'number of bits' (B<BITS2>) specified in
-C<openssl/bn.h>.
-
-B<max> is the size of the B<d> array that has been allocated. B<top>
-is the number of words being used, so for a value of 4, bn.d[0]=4 and
-bn.top=1. B<neg> is 1 if the number is negative. When a B<BIGNUM> is
-B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
-
-Various routines in this library require the use of temporary
-B<BIGNUM> variables during their execution. Since dynamic memory
-allocation to create B<BIGNUM>s is rather expensive when used in
-conjunction with repeated subroutine calls, the B<BN_CTX> structure is
-used. This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see
-L<BN_CTX_start(3)|BN_CTX_start(3)>.
-
-=head2 Low-level arithmetic operations
-
-These functions are implemented in C and for several platforms in
-assembly language:
-
-bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word
-arrays B<rp> and B<ap>. It computes B<ap> * B<w>, places the result
-in B<rp>, and returns the high word (carry).
-
-bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num>
-word arrays B<rp> and B<ap>. It computes B<ap> * B<w> + B<rp>, places
-the result in B<rp>, and returns the high word (carry).
-
-bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array
-B<ap> and the 2*B<num> word array B<ap>. It computes B<ap> * B<ap>
-word-wise, and places the low and high bytes of the result in B<rp>.
-
-bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>,B<l>)
-by B<d> and returns the result.
-
-bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
-arrays B<ap>, B<bp> and B<rp>. It computes B<ap> + B<bp>, places the
-result in B<rp>, and returns the high word (carry).
-
-bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
-arrays B<ap>, B<bp> and B<rp>. It computes B<ap> - B<bp>, places the
-result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0
-otherwise).
-
-bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
-B<b> and the 8 word array B<r>. It computes B<a>*B<b> and places the
-result in B<r>.
-
-bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
-B<b> and the 16 word array B<r>. It computes B<a>*B<b> and places the
-result in B<r>.
-
-bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
-B<b> and the 8 word array B<r>.
-
-bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
-B<b> and the 16 word array B<r>.
-
-The following functions are implemented in C:
-
-bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a>
-and B<b>. It returns 1, 0 and -1 if B<a> is greater than, equal and
-less than B<b>.
-
-bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na>
-word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word
-array B<r>. It computes B<a>*B<b> and places the result in B<r>.
-
-bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
-arrays B<r>, B<a> and B<b>. It computes the B<n> low words of
-B<a>*B<b> and places the result in B<r>.
-
-bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<dna>, B<dnb>, B<t>) operates
-on the word arrays B<a> and B<b> of length B<n2>+B<dna> and B<n2>+B<dnb>
-(B<dna> and B<dnb> are currently allowed to be 0 or negative) and the 2*B<n2>
-word arrays B<r> and B<t>. B<n2> must be a power of 2. It computes
-B<a>*B<b> and places the result in B<r>.
-
-bn_mul_part_recursive(B<r>, B<a>, B<b>, B<n>, B<tna>, B<tnb>, B<tmp>)
-operates on the word arrays B<a> and B<b> of length B<n>+B<tna> and
-B<n>+B<tnb> and the 4*B<n> word arrays B<r> and B<tmp>.
-
-bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
-B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
-and B<b>.
-
-bn_mul_high(B<r>, B<a>, B<b>, B<l>, B<n2>, B<tmp>) operates on the
-B<n2> word arrays B<r>, B<a>, B<b> and B<l> (?) and the 3*B<n2> word
-array B<tmp>.
-
-BN_mul() calls bn_mul_normal(), or an optimized implementation if the
-factors have the same size: bn_mul_comba8() is used if they are 8
-words long, bn_mul_recursive() if they are larger than
-B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word
-size, and bn_mul_part_recursive() for others that are larger than
-B<BN_MULL_SIZE_NORMAL>.
-
-bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array
-B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
-
-The implementations use the following macros which, depending on the
-architecture, may use "long long" C operations or inline assembler.
-They are defined in C<bn_lcl.h>.
-
-mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
-low word of the result in B<r> and the high word in B<c>.
-
-mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and
-places the low word of the result in B<r> and the high word in B<c>.
-
-sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word
-of the result in B<r0> and the high word in B<r1>.
-
-=head2 Size changes
-
-bn_expand() ensures that B<b> has enough space for a B<bits> bit
-number. bn_wexpand() ensures that B<b> has enough space for an
-B<n> word number. If the number has to be expanded, both macros
-call bn_expand2(), which allocates a new B<d> array and copies the
-data. They return B<NULL> on error, B<b> otherwise.
-
-The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
-significant non-zero word plus one when B<a> has shrunk.
-
-=head2 Debugging
-
-bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
-E<lt>= (a)-E<gt>max)>. A violation will cause the program to abort.
-
-bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
-(in reverse order, i.e. most significant word first) to stderr.
-
-bn_set_max() makes B<a> a static number with a B<max> of its current size.
-This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
-B<BIGNUM> that contains the B<n> low or high words of B<a>.
-
-If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump()
-and bn_set_max() are defined as empty macros.
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>
-
-=cut
diff --git a/crypto/openssl/doc/crypto/buffer.pod b/crypto/openssl/doc/crypto/buffer.pod
deleted file mode 100644
index 781f5b1..0000000
--- a/crypto/openssl/doc/crypto/buffer.pod
+++ /dev/null
@@ -1,73 +0,0 @@
-=pod
-
-=head1 NAME
-
-BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - simple
-character arrays structure
-
-=head1 SYNOPSIS
-
- #include <openssl/buffer.h>
-
- BUF_MEM *BUF_MEM_new(void);
-
- void BUF_MEM_free(BUF_MEM *a);
-
- int BUF_MEM_grow(BUF_MEM *str, int len);
-
- char * BUF_strdup(const char *str);
-
-=head1 DESCRIPTION
-
-The buffer library handles simple character arrays. Buffers are used for
-various purposes in the library, most notably memory BIOs.
-
-The library uses the BUF_MEM structure defined in buffer.h:
-
- typedef struct buf_mem_st
- {
- int length; /* current number of bytes */
- char *data;
- int max; /* size of buffer */
- } BUF_MEM;
-
-B<length> is the current size of the buffer in bytes, B<max> is the amount of
-memory allocated to the buffer. There are three functions which handle these
-and one "miscellaneous" function.
-
-BUF_MEM_new() allocates a new buffer of zero size.
-
-BUF_MEM_free() frees up an already existing buffer. The data is zeroed
-before freeing up in case the buffer contains sensitive data.
-
-BUF_MEM_grow() changes the size of an already existing buffer to
-B<len>. Any data already in the buffer is preserved if it increases in
-size.
-
-BUF_strdup() copies a null terminated string into a block of allocated
-memory and returns a pointer to the allocated block.
-Unlike the standard C library strdup() this function uses OPENSSL_malloc() and so
-should be used in preference to the standard library strdup() because it can
-be used for memory leak checking or replacing the malloc() function.
-
-The memory allocated from BUF_strdup() should be freed up using the OPENSSL_free()
-function.
-
-=head1 RETURN VALUES
-
-BUF_MEM_new() returns the buffer or NULL on error.
-
-BUF_MEM_free() has no return value.
-
-BUF_MEM_grow() returns zero on error or the new size (i.e. B<len>).
-
-=head1 SEE ALSO
-
-L<bio(3)|bio(3)>
-
-=head1 HISTORY
-
-BUF_MEM_new(), BUF_MEM_free() and BUF_MEM_grow() are available in all
-versions of SSLeay and OpenSSL. BUF_strdup() was added in SSLeay 0.8.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/crypto.pod b/crypto/openssl/doc/crypto/crypto.pod
deleted file mode 100644
index 7a52799..0000000
--- a/crypto/openssl/doc/crypto/crypto.pod
+++ /dev/null
@@ -1,85 +0,0 @@
-=pod
-
-=head1 NAME
-
-crypto - OpenSSL cryptographic library
-
-=head1 SYNOPSIS
-
-=head1 DESCRIPTION
-
-The OpenSSL B<crypto> library implements a wide range of cryptographic
-algorithms used in various Internet standards. The services provided
-by this library are used by the OpenSSL implementations of SSL, TLS
-and S/MIME, and they have also been used to implement SSH, OpenPGP, and
-other cryptographic standards.
-
-=head1 OVERVIEW
-
-B<libcrypto> consists of a number of sub-libraries that implement the
-individual algorithms.
-
-The functionality includes symmetric encryption, public key
-cryptography and key agreement, certificate handling, cryptographic
-hash functions and a cryptographic pseudo-random number generator.
-
-=over 4
-
-=item SYMMETRIC CIPHERS
-
-L<blowfish(3)|blowfish(3)>, L<cast(3)|cast(3)>, L<des(3)|des(3)>,
-L<idea(3)|idea(3)>, L<rc2(3)|rc2(3)>, L<rc4(3)|rc4(3)>, L<rc5(3)|rc5(3)>
-
-=item PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT
-
-L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rsa(3)|rsa(3)>
-
-=item CERTIFICATES
-
-L<x509(3)|x509(3)>, L<x509v3(3)|x509v3(3)>
-
-=item AUTHENTICATION CODES, HASH FUNCTIONS
-
-L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, L<md4(3)|md4(3)>,
-L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
-L<sha(3)|sha(3)>
-
-=item AUXILIARY FUNCTIONS
-
-L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>,
-L<OPENSSL_VERSION_NUMBER(3)|OPENSSL_VERSION_NUMBER(3)>
-
-=item INPUT/OUTPUT, DATA ENCODING
-
-L<asn1(3)|asn1(3)>, L<bio(3)|bio(3)>, L<evp(3)|evp(3)>, L<pem(3)|pem(3)>,
-L<pkcs7(3)|pkcs7(3)>, L<pkcs12(3)|pkcs12(3)>
-
-=item INTERNAL FUNCTIONS
-
-L<bn(3)|bn(3)>, L<buffer(3)|buffer(3)>, L<lhash(3)|lhash(3)>,
-L<objects(3)|objects(3)>, L<stack(3)|stack(3)>,
-L<txt_db(3)|txt_db(3)>
-
-=back
-
-=head1 NOTES
-
-Some of the newer functions follow a naming convention using the numbers
-B<0> and B<1>. For example the functions:
-
- int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
- int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
-
-The B<0> version uses the supplied structure pointer directly
-in the parent and it will be freed up when the parent is freed.
-In the above example B<crl> would be freed but B<rev> would not.
-
-The B<1> function uses a copy of the supplied structure pointer
-(or in some cases increases its link count) in the parent and
-so both (B<x> and B<obj> above) should be freed up.
-
-=head1 SEE ALSO
-
-L<openssl(1)|openssl(1)>, L<ssl(3)|ssl(3)>
-
-=cut
diff --git a/crypto/openssl/doc/crypto/d2i_ASN1_OBJECT.pod b/crypto/openssl/doc/crypto/d2i_ASN1_OBJECT.pod
deleted file mode 100644
index 45bb184..0000000
--- a/crypto/openssl/doc/crypto/d2i_ASN1_OBJECT.pod
+++ /dev/null
@@ -1,29 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_ASN1_OBJECT, i2d_ASN1_OBJECT - ASN1 OBJECT IDENTIFIER functions
-
-=head1 SYNOPSIS
-
- #include <openssl/objects.h>
-
- ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, long length);
- int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode an ASN1 OBJECT IDENTIFIER.
-
-Othewise these behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/d2i_DHparams.pod b/crypto/openssl/doc/crypto/d2i_DHparams.pod
deleted file mode 100644
index 1e98aeb..0000000
--- a/crypto/openssl/doc/crypto/d2i_DHparams.pod
+++ /dev/null
@@ -1,30 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
-
- DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
- int i2d_DHparams(DH *a, unsigned char **pp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode PKCS#3 DH parameters using the
-DHparameter structure described in PKCS#3.
-
-Othewise these behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod b/crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod
deleted file mode 100644
index 22c1b50..0000000
--- a/crypto/openssl/doc/crypto/d2i_DSAPublicKey.pod
+++ /dev/null
@@ -1,83 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,
-d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSA_SIG, i2d_DSA_SIG - DSA key encoding
-and parsing functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
- #include <openssl/x509.h>
-
- DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
-
- int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
-
- DSA * d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
-
- int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp);
-
- DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
-
- int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
-
- DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
-
- int i2d_DSAparams(const DSA *a, unsigned char **pp);
-
- DSA * d2i_DSA_SIG(DSA_SIG **a, const unsigned char **pp, long length);
-
- int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
-
-=head1 DESCRIPTION
-
-d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key
-components structure.
-
-d2i_DSA_PUBKEY() and i2d_DSA_PUBKEY() decode and encode an DSA public key using
-a SubjectPublicKeyInfo (certificate public key) structure.
-
-d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key
-components.
-
-d2i_DSAparams(), i2d_DSAparams() decode and encode the DSA parameters using
-a B<Dss-Parms> structure as defined in RFC2459.
-
-d2i_DSA_SIG(), i2d_DSA_SIG() decode and encode a DSA signature using a
-B<Dss-Sig-Value> structure as defined in RFC2459.
-
-The usage of all of these functions is similar to the d2i_X509() and
-i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 NOTES
-
-The B<DSA> structure passed to the private key encoding functions should have
-all the private key components present.
-
-The data encoded by the private key functions is unencrypted and therefore
-offers no private key security.
-
-The B<DSA_PUBKEY> functions should be used in preference to the B<DSAPublicKey>
-functions when encoding public keys because they use a standard format.
-
-The B<DSAPublicKey> functions use an non standard format the actual data encoded
-depends on the value of the B<write_params> field of the B<a> key parameter.
-If B<write_params> is zero then only the B<pub_key> field is encoded as an
-B<INTEGER>. If B<write_params> is 1 then a B<SEQUENCE> consisting of the
-B<p>, B<q>, B<g> and B<pub_key> respectively fields are encoded.
-
-The B<DSAPrivateKey> functions also use a non standard structure consiting
-consisting of a SEQUENCE containing the B<p>, B<q>, B<g> and B<pub_key> and
-B<priv_key> fields respectively.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/d2i_PKCS8PrivateKey.pod b/crypto/openssl/doc/crypto/d2i_PKCS8PrivateKey.pod
deleted file mode 100644
index a54b779..0000000
--- a/crypto/openssl/doc/crypto/d2i_PKCS8PrivateKey.pod
+++ /dev/null
@@ -1,56 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp,
-i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp,
-i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private key functions
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
- EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
- EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
-
- int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
- int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
- int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
- int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
-=head1 DESCRIPTION
-
-The PKCS#8 functions encode and decode private keys in PKCS#8 format using both
-PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms.
-
-Other than the use of DER as opposed to PEM these functions are identical to the
-corresponding B<PEM> function as described in the L<pem(3)|pem(3)> manual page.
-
-=head1 NOTES
-
-Before using these functions L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>
-should be called to initialize the internal algorithm lookup tables otherwise errors about
-unknown algorithms will occur if an attempt is made to decrypt a private key.
-
-These functions are currently the only way to store encrypted private keys using DER format.
-
-Currently all the functions use BIOs or FILE pointers, there are no functions which
-work directly on memory: this can be readily worked around by converting the buffers
-to memory BIOs, see L<BIO_s_mem(3)|BIO_s_mem(3)> for details.
-
-=head1 SEE ALSO
-
-L<pem(3)|pem(3)>
-
-=cut
diff --git a/crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod b/crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod
deleted file mode 100644
index 279b29c..0000000
--- a/crypto/openssl/doc/crypto/d2i_RSAPublicKey.pod
+++ /dev/null
@@ -1,67 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey,
-d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA,
-d2i_Netscape_RSA - RSA public and private key encoding functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
- #include <openssl/x509.h>
-
- RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
-
- int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
-
- RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length);
-
- int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
-
- RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
-
- int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
-
- int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
-
- RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
-
-=head1 DESCRIPTION
-
-d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey
-structure.
-
-d2i_RSA_PUBKEY() and i2d_RSA_PUBKEY() decode and encode an RSA public key using
-a SubjectPublicKeyInfo (certificate public key) structure.
-
-d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey
-structure.
-
-d2i_Netscape_RSA(), i2d_Netscape_RSA() decode and encode an RSA private key in
-NET format.
-
-The usage of all of these functions is similar to the d2i_X509() and
-i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 NOTES
-
-The B<RSA> structure passed to the private key encoding functions should have
-all the PKCS#1 private key components present.
-
-The data encoded by the private key functions is unencrypted and therefore
-offers no private key security.
-
-The NET format functions are present to provide compatibility with certain very
-old software. This format has some severe security weaknesses and should be
-avoided if possible.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/d2i_X509.pod b/crypto/openssl/doc/crypto/d2i_X509.pod
deleted file mode 100644
index 5bfa18a..0000000
--- a/crypto/openssl/doc/crypto/d2i_X509.pod
+++ /dev/null
@@ -1,231 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
-i2d_X509_fp - X509 encode and decode functions
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- X509 *d2i_X509(X509 **px, const unsigned char **in, int len);
- int i2d_X509(X509 *x, unsigned char **out);
-
- X509 *d2i_X509_bio(BIO *bp, X509 **x);
- X509 *d2i_X509_fp(FILE *fp, X509 **x);
-
- int i2d_X509_bio(X509 *x, BIO *bp);
- int i2d_X509_fp(X509 *x, FILE *fp);
-
-=head1 DESCRIPTION
-
-The X509 encode and decode routines encode and parse an
-B<X509> structure, which represents an X509 certificate.
-
-d2i_X509() attempts to decode B<len> bytes at B<*in>. If
-successful a pointer to the B<X509> structure is returned. If an error
-occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
-returned structure is written to B<*px>. If B<*px> is not B<NULL>
-then it is assumed that B<*px> contains a valid B<X509>
-structure and an attempt is made to reuse it. If the call is
-successful B<*in> is incremented to the byte following the
-parsed data.
-
-i2d_X509() encodes the structure pointed to by B<x> into DER format.
-If B<out> is not B<NULL> is writes the DER encoded data to the buffer
-at B<*out>, and increments it to point after the data just written.
-If the return value is negative an error occurred, otherwise it
-returns the length of the encoded data.
-
-For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be
-allocated for a buffer and the encoded data written to it. In this
-case B<*out> is not incremented and it points to the start of the
-data just written.
-
-d2i_X509_bio() is similar to d2i_X509() except it attempts
-to parse data from BIO B<bp>.
-
-d2i_X509_fp() is similar to d2i_X509() except it attempts
-to parse data from FILE pointer B<fp>.
-
-i2d_X509_bio() is similar to i2d_X509() except it writes
-the encoding of the structure B<x> to BIO B<bp> and it
-returns 1 for success and 0 for failure.
-
-i2d_X509_fp() is similar to i2d_X509() except it writes
-the encoding of the structure B<x> to BIO B<bp> and it
-returns 1 for success and 0 for failure.
-
-=head1 NOTES
-
-The letters B<i> and B<d> in for example B<i2d_X509> stand for
-"internal" (that is an internal C structure) and "DER". So that
-B<i2d_X509> converts from internal to DER.
-
-The functions can also understand B<BER> forms.
-
-The actual X509 structure passed to i2d_X509() must be a valid
-populated B<X509> structure it can B<not> simply be fed with an
-empty structure such as that returned by X509_new().
-
-The encoded data is in binary form and may contain embedded zeroes.
-Therefore any FILE pointers or BIOs should be opened in binary mode.
-Functions such as B<strlen()> will B<not> return the correct length
-of the encoded structure.
-
-The ways that B<*in> and B<*out> are incremented after the operation
-can trap the unwary. See the B<WARNINGS> section for some common
-errors.
-
-The reason for the auto increment behaviour is to reflect a typical
-usage of ASN1 functions: after one structure is encoded or decoded
-another will processed after it.
-
-=head1 EXAMPLES
-
-Allocate and encode the DER encoding of an X509 structure:
-
- int len;
- unsigned char *buf, *p;
-
- len = i2d_X509(x, NULL);
-
- buf = OPENSSL_malloc(len);
-
- if (buf == NULL)
- /* error */
-
- p = buf;
-
- i2d_X509(x, &p);
-
-If you are using OpenSSL 0.9.7 or later then this can be
-simplified to:
-
-
- int len;
- unsigned char *buf;
-
- buf = NULL;
-
- len = i2d_X509(x, &buf);
-
- if (len < 0)
- /* error */
-
-Attempt to decode a buffer:
-
- X509 *x;
-
- unsigned char *buf, *p;
-
- int len;
-
- /* Something to setup buf and len */
-
- p = buf;
-
- x = d2i_X509(NULL, &p, len);
-
- if (x == NULL)
- /* Some error */
-
-Alternative technique:
-
- X509 *x;
-
- unsigned char *buf, *p;
-
- int len;
-
- /* Something to setup buf and len */
-
- p = buf;
-
- x = NULL;
-
- if(!d2i_X509(&x, &p, len))
- /* Some error */
-
-
-=head1 WARNINGS
-
-The use of temporary variable is mandatory. A common
-mistake is to attempt to use a buffer directly as follows:
-
- int len;
- unsigned char *buf;
-
- len = i2d_X509(x, NULL);
-
- buf = OPENSSL_malloc(len);
-
- if (buf == NULL)
- /* error */
-
- i2d_X509(x, &buf);
-
- /* Other stuff ... */
-
- OPENSSL_free(buf);
-
-This code will result in B<buf> apparently containing garbage because
-it was incremented after the call to point after the data just written.
-Also B<buf> will no longer contain the pointer allocated by B<OPENSSL_malloc()>
-and the subsequent call to B<OPENSSL_free()> may well crash.
-
-The auto allocation feature (setting buf to NULL) only works on OpenSSL
-0.9.7 and later. Attempts to use it on earlier versions will typically
-cause a segmentation violation.
-
-Another trap to avoid is misuse of the B<xp> argument to B<d2i_X509()>:
-
- X509 *x;
-
- if (!d2i_X509(&x, &p, len))
- /* Some error */
-
-This will probably crash somewhere in B<d2i_X509()>. The reason for this
-is that the variable B<x> is uninitialized and an attempt will be made to
-interpret its (invalid) value as an B<X509> structure, typically causing
-a segmentation violation. If B<x> is set to NULL first then this will not
-happen.
-
-=head1 BUGS
-
-In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when
-B<*px> is valid is broken and some parts of the reused structure may
-persist if they are not present in the new one. As a result the use
-of this "reuse" behaviour is strongly discouraged.
-
-i2d_X509() will not return an error in many versions of OpenSSL,
-if mandatory fields are not initialized due to a programming error
-then the encoded structure may contain invalid data or omit the
-fields entirely and will not be parsed by d2i_X509(). This may be
-fixed in future so code should not assume that i2d_X509() will
-always succeed.
-
-=head1 RETURN VALUES
-
-d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
-or B<NULL> if an error occurs. The error code that can be obtained by
-L<ERR_get_error(3)|ERR_get_error(3)>.
-
-i2d_X509(), i2d_X509_bio() and i2d_X509_fp() return a the number of bytes
-successfully encoded or a negative value if an error occurs. The error code
-can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-i2d_X509_bio() and i2d_X509_fp() returns 1 for success and 0 if an error
-occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 SEE ALSO
-
-L<ERR_get_error(3)|ERR_get_error(3)>
-
-=head1 HISTORY
-
-d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp
-are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/d2i_X509_ALGOR.pod b/crypto/openssl/doc/crypto/d2i_X509_ALGOR.pod
deleted file mode 100644
index 9e5cd92..0000000
--- a/crypto/openssl/doc/crypto/d2i_X509_ALGOR.pod
+++ /dev/null
@@ -1,30 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_X509_ALGOR, i2d_X509_ALGOR - AlgorithmIdentifier functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length);
- int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode an B<X509_ALGOR> structure which is
-equivalent to the B<AlgorithmIdentifier> structure.
-
-Othewise these behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/d2i_X509_CRL.pod b/crypto/openssl/doc/crypto/d2i_X509_CRL.pod
deleted file mode 100644
index e7295a5..0000000
--- a/crypto/openssl/doc/crypto/d2i_X509_CRL.pod
+++ /dev/null
@@ -1,37 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp,
-i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- X509_CRL *d2i_X509_CRL(X509_CRL **a, const unsigned char **pp, long length);
- int i2d_X509_CRL(X509_CRL *a, unsigned char **pp);
-
- X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
- X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
-
- int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp);
- int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode an X509 CRL (certificate revocation
-list).
-
-Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/d2i_X509_NAME.pod b/crypto/openssl/doc/crypto/d2i_X509_NAME.pod
deleted file mode 100644
index 343ffe1..0000000
--- a/crypto/openssl/doc/crypto/d2i_X509_NAME.pod
+++ /dev/null
@@ -1,31 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_X509_NAME, i2d_X509_NAME - X509_NAME encoding functions
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length);
- int i2d_X509_NAME(X509_NAME *a, unsigned char **pp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode an B<X509_NAME> structure which is the
-the same as the B<Name> type defined in RFC2459 (and elsewhere) and used
-for example in certificate subject and issuer names.
-
-Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/d2i_X509_REQ.pod b/crypto/openssl/doc/crypto/d2i_X509_REQ.pod
deleted file mode 100644
index ae32a38..0000000
--- a/crypto/openssl/doc/crypto/d2i_X509_REQ.pod
+++ /dev/null
@@ -1,36 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
-i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- X509_REQ *d2i_X509_REQ(X509_REQ **a, const unsigned char **pp, long length);
- int i2d_X509_REQ(X509_REQ *a, unsigned char **pp);
-
- X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);
- X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
-
- int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp);
- int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode a PKCS#10 certificate request.
-
-Othewise these behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/d2i_X509_SIG.pod b/crypto/openssl/doc/crypto/d2i_X509_SIG.pod
deleted file mode 100644
index e48fd79..0000000
--- a/crypto/openssl/doc/crypto/d2i_X509_SIG.pod
+++ /dev/null
@@ -1,30 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_X509_SIG, i2d_X509_SIG - DigestInfo functions.
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
- X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length);
- int i2d_X509_SIG(X509_SIG *a, unsigned char **pp);
-
-=head1 DESCRIPTION
-
-These functions decode and encode an X509_SIG structure which is
-equivalent to the B<DigestInfo> structure defined in PKCS#1 and PKCS#7.
-
-Othewise these behave in a similar way to d2i_X509() and i2d_X509()
-described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
-
-=head1 SEE ALSO
-
-L<d2i_X509(3)|d2i_X509(3)>
-
-=head1 HISTORY
-
-TBA
-
-=cut
diff --git a/crypto/openssl/doc/crypto/des.pod b/crypto/openssl/doc/crypto/des.pod
deleted file mode 100644
index 6f0cf1c..0000000
--- a/crypto/openssl/doc/crypto/des.pod
+++ /dev/null
@@ -1,358 +0,0 @@
-=pod
-
-=head1 NAME
-
-DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
-DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key,
-DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt,
-DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt,
-DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
-DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
-DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
-DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
-DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
-
-=head1 SYNOPSIS
-
- #include <openssl/des.h>
-
- void DES_random_key(DES_cblock *ret);
-
- int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
- int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
- int DES_set_key_checked(const_DES_cblock *key,
- DES_key_schedule *schedule);
- void DES_set_key_unchecked(const_DES_cblock *key,
- DES_key_schedule *schedule);
-
- void DES_set_odd_parity(DES_cblock *key);
- int DES_is_weak_key(const_DES_cblock *key);
-
- void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
- DES_key_schedule *ks, int enc);
- void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output,
- DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
- void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
- DES_key_schedule *ks1, DES_key_schedule *ks2,
- DES_key_schedule *ks3, int enc);
-
- void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
- int enc);
- void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
- int numbits, long length, DES_key_schedule *schedule,
- DES_cblock *ivec, int enc);
- void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
- int numbits, long length, DES_key_schedule *schedule,
- DES_cblock *ivec);
- void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
- int enc);
- void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
- int *num, int enc);
- void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
- int *num);
-
- void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
- long length, DES_key_schedule *schedule, DES_cblock *ivec,
- const_DES_cblock *inw, const_DES_cblock *outw, int enc);
-
- void DES_ede2_cbc_encrypt(const unsigned char *input,
- unsigned char *output, long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_cblock *ivec, int enc);
- void DES_ede2_cfb64_encrypt(const unsigned char *in,
- unsigned char *out, long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc);
- void DES_ede2_ofb64_encrypt(const unsigned char *in,
- unsigned char *out, long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_cblock *ivec, int *num);
-
- void DES_ede3_cbc_encrypt(const unsigned char *input,
- unsigned char *output, long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
- int enc);
- void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
- DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
- int enc);
- void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
- DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
- void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
- long length, DES_key_schedule *ks1,
- DES_key_schedule *ks2, DES_key_schedule *ks3,
- DES_cblock *ivec, int *num);
-
- DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
- long length, DES_key_schedule *schedule,
- const_DES_cblock *ivec);
- DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
- long length, int out_count, DES_cblock *seed);
- void DES_string_to_key(const char *str, DES_cblock *key);
- void DES_string_to_2keys(const char *str, DES_cblock *key1,
- DES_cblock *key2);
-
- char *DES_fcrypt(const char *buf, const char *salt, char *ret);
- char *DES_crypt(const char *buf, const char *salt);
-
- int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
- DES_cblock *iv);
- int DES_enc_write(int fd, const void *buf, int len,
- DES_key_schedule *sched, DES_cblock *iv);
-
-=head1 DESCRIPTION
-
-This library contains a fast implementation of the DES encryption
-algorithm.
-
-There are two phases to the use of DES encryption. The first is the
-generation of a I<DES_key_schedule> from a key, the second is the
-actual encryption. A DES key is of type I<DES_cblock>. This type is
-consists of 8 bytes with odd parity. The least significant bit in
-each byte is the parity bit. The key schedule is an expanded form of
-the key; it is used to speed the encryption process.
-
-DES_random_key() generates a random key. The PRNG must be seeded
-prior to using this function (see L<rand(3)|rand(3)>). If the PRNG
-could not generate a secure key, 0 is returned.
-
-Before a DES key can be used, it must be converted into the
-architecture dependent I<DES_key_schedule> via the
-DES_set_key_checked() or DES_set_key_unchecked() function.
-
-DES_set_key_checked() will check that the key passed is of odd parity
-and is not a week or semi-weak key. If the parity is wrong, then -1
-is returned. If the key is a weak key, then -2 is returned. If an
-error is returned, the key schedule is not generated.
-
-DES_set_key() works like
-DES_set_key_checked() if the I<DES_check_key> flag is non-zero,
-otherwise like DES_set_key_unchecked(). These functions are available
-for compatibility; it is recommended to use a function that does not
-depend on a global variable.
-
-DES_set_odd_parity() sets the parity of the passed I<key> to odd.
-
-DES_is_weak_key() returns 1 is the passed key is a weak key, 0 if it
-is ok. The probability that a randomly generated key is weak is
-1/2^52, so it is not really worth checking for them.
-
-The following routines mostly operate on an input and output stream of
-I<DES_cblock>s.
-
-DES_ecb_encrypt() is the basic DES encryption routine that encrypts or
-decrypts a single 8-byte I<DES_cblock> in I<electronic code book>
-(ECB) mode. It always transforms the input data, pointed to by
-I<input>, into the output data, pointed to by the I<output> argument.
-If the I<encrypt> argument is non-zero (DES_ENCRYPT), the I<input>
-(cleartext) is encrypted in to the I<output> (ciphertext) using the
-key_schedule specified by the I<schedule> argument, previously set via
-I<DES_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now
-ciphertext) is decrypted into the I<output> (now cleartext). Input
-and output may overlap. DES_ecb_encrypt() does not return a value.
-
-DES_ecb3_encrypt() encrypts/decrypts the I<input> block by using
-three-key Triple-DES encryption in ECB mode. This involves encrypting
-the input with I<ks1>, decrypting with the key schedule I<ks2>, and
-then encrypting with I<ks3>. This routine greatly reduces the chances
-of brute force breaking of DES and has the advantage of if I<ks1>,
-I<ks2> and I<ks3> are the same, it is equivalent to just encryption
-using ECB mode and I<ks1> as the key.
-
-The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES
-encryption by using I<ks1> for the final encryption.
-
-DES_ncbc_encrypt() encrypts/decrypts using the I<cipher-block-chaining>
-(CBC) mode of DES. If the I<encrypt> argument is non-zero, the
-routine cipher-block-chain encrypts the cleartext data pointed to by
-the I<input> argument into the ciphertext pointed to by the I<output>
-argument, using the key schedule provided by the I<schedule> argument,
-and initialization vector provided by the I<ivec> argument. If the
-I<length> argument is not an integral multiple of eight bytes, the
-last block is copied to a temporary area and zero filled. The output
-is always an integral multiple of eight bytes.
-
-DES_xcbc_encrypt() is RSA's DESX mode of DES. It uses I<inw> and
-I<outw> to 'whiten' the encryption. I<inw> and I<outw> are secret
-(unlike the iv) and are as such, part of the key. So the key is sort
-of 24 bytes. This is much better than CBC DES.
-
-DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
-three keys. This means that each DES operation inside the CBC mode is
-really an C<C=E(ks3,D(ks2,E(ks1,M)))>. This mode is used by SSL.
-
-The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by
-reusing I<ks1> for the final encryption. C<C=E(ks1,D(ks2,E(ks1,M)))>.
-This form of Triple-DES is used by the RSAREF library.
-
-DES_pcbc_encrypt() encrypt/decrypts using the propagating cipher block
-chaining mode used by Kerberos v4. Its parameters are the same as
-DES_ncbc_encrypt().
-
-DES_cfb_encrypt() encrypt/decrypts using cipher feedback mode. This
-method takes an array of characters as input and outputs and array of
-characters. It does not require any padding to 8 character groups.
-Note: the I<ivec> variable is changed and the new changed value needs to
-be passed to the next call to this function. Since this function runs
-a complete DES ECB encryption per I<numbits>, this function is only
-suggested for use when sending small numbers of characters.
-
-DES_cfb64_encrypt()
-implements CFB mode of DES with 64bit feedback. Why is this
-useful you ask? Because this routine will allow you to encrypt an
-arbitrary number of bytes, no 8 byte padding. Each call to this
-routine will encrypt the input bytes to output and then update ivec
-and num. num contains 'how far' we are though ivec. If this does
-not make much sense, read more about cfb mode of DES :-).
-
-DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as
-DES_cfb64_encrypt() except that Triple-DES is used.
-
-DES_ofb_encrypt() encrypts using output feedback mode. This method
-takes an array of characters as input and outputs and array of
-characters. It does not require any padding to 8 character groups.
-Note: the I<ivec> variable is changed and the new changed value needs to
-be passed to the next call to this function. Since this function runs
-a complete DES ECB encryption per numbits, this function is only
-suggested for use when sending small numbers of characters.
-
-DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output
-Feed Back mode.
-
-DES_ede3_ofb64_encrypt() and DES_ede2_ofb64_encrypt() is the same as
-DES_ofb64_encrypt(), using Triple-DES.
-
-The following functions are included in the DES library for
-compatibility with the MIT Kerberos library.
-
-DES_cbc_cksum() produces an 8 byte checksum based on the input stream
-(via CBC encryption). The last 4 bytes of the checksum are returned
-and the complete 8 bytes are placed in I<output>. This function is
-used by Kerberos v4. Other applications should use
-L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead.
-
-DES_quad_cksum() is a Kerberos v4 function. It returns a 4 byte
-checksum from the input bytes. The algorithm can be iterated over the
-input, depending on I<out_count>, 1, 2, 3 or 4 times. If I<output> is
-non-NULL, the 8 bytes generated by each pass are written into
-I<output>.
-
-The following are DES-based transformations:
-
-DES_fcrypt() is a fast version of the Unix crypt(3) function. This
-version takes only a small amount of space relative to other fast
-crypt() implementations. This is different to the normal crypt in
-that the third parameter is the buffer that the return value is
-written into. It needs to be at least 14 bytes long. This function
-is thread safe, unlike the normal crypt.
-
-DES_crypt() is a faster replacement for the normal system crypt().
-This function calls DES_fcrypt() with a static array passed as the
-third parameter. This emulates the normal non-thread safe semantics
-of crypt(3).
-
-DES_enc_write() writes I<len> bytes to file descriptor I<fd> from
-buffer I<buf>. The data is encrypted via I<pcbc_encrypt> (default)
-using I<sched> for the key and I<iv> as a starting vector. The actual
-data send down I<fd> consists of 4 bytes (in network byte order)
-containing the length of the following encrypted data. The encrypted
-data then follows, padded with random data out to a multiple of 8
-bytes.
-
-DES_enc_read() is used to read I<len> bytes from file descriptor
-I<fd> into buffer I<buf>. The data being read from I<fd> is assumed to
-have come from DES_enc_write() and is decrypted using I<sched> for
-the key schedule and I<iv> for the initial vector.
-
-B<Warning:> The data format used by DES_enc_write() and DES_enc_read()
-has a cryptographic weakness: When asked to write more than MAXWRITE
-bytes, DES_enc_write() will split the data into several chunks that
-are all encrypted using the same IV. So don't use these functions
-unless you are sure you know what you do (in which case you might not
-want to use them anyway). They cannot handle non-blocking sockets.
-DES_enc_read() uses an internal state and thus cannot be used on
-multiple files.
-
-I<DES_rw_mode> is used to specify the encryption mode to use with
-DES_enc_read() and DES_end_write(). If set to I<DES_PCBC_MODE> (the
-default), DES_pcbc_encrypt is used. If set to I<DES_CBC_MODE>
-DES_cbc_encrypt is used.
-
-=head1 NOTES
-
-Single-key DES is insecure due to its short key size. ECB mode is
-not suitable for most applications; see L<des_modes(7)|des_modes(7)>.
-
-The L<evp(3)|evp(3)> library provides higher-level encryption functions.
-
-=head1 BUGS
-
-DES_3cbc_encrypt() is flawed and must not be used in applications.
-
-DES_cbc_encrypt() does not modify B<ivec>; use DES_ncbc_encrypt()
-instead.
-
-DES_cfb_encrypt() and DES_ofb_encrypt() operates on input of 8 bits.
-What this means is that if you set numbits to 12, and length to 2, the
-first 12 bits will come from the 1st input byte and the low half of
-the second input byte. The second 12 bits will have the low 8 bits
-taken from the 3rd input byte and the top 4 bits taken from the 4th
-input byte. The same holds for output. This function has been
-implemented this way because most people will be using a multiple of 8
-and because once you get into pulling bytes input bytes apart things
-get ugly!
-
-DES_string_to_key() is available for backward compatibility with the
-MIT library. New applications should use a cryptographic hash function.
-The same applies for DES_string_to_2key().
-
-=head1 CONFORMING TO
-
-ANSI X3.106
-
-The B<des> library was written to be source code compatible with
-the MIT Kerberos library.
-
-=head1 SEE ALSO
-
-crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)>
-
-=head1 HISTORY
-
-In OpenSSL 0.9.7, all des_ functions were renamed to DES_ to avoid
-clashes with older versions of libdes. Compatibility des_ functions
-are provided for a short while, as well as crypt().
-Declarations for these are in <openssl/des_old.h>. There is no DES_
-variant for des_random_seed().
-This will happen to other functions
-as well if they are deemed redundant (des_random_seed() just calls
-RAND_seed() and is present for backward compatibility only), buggy or
-already scheduled for removal.
-
-des_cbc_cksum(), des_cbc_encrypt(), des_ecb_encrypt(),
-des_is_weak_key(), des_key_sched(), des_pcbc_encrypt(),
-des_quad_cksum(), des_random_key() and des_string_to_key()
-are available in the MIT Kerberos library;
-des_check_key_parity(), des_fixup_key_parity() and des_is_weak_key()
-are available in newer versions of that library.
-
-des_set_key_checked() and des_set_key_unchecked() were added in
-OpenSSL 0.9.5.
-
-des_generate_random_block(), des_init_random_number_generator(),
-des_new_random_key(), des_set_random_generator_seed() and
-des_set_sequence_number() and des_rand_data() are used in newer
-versions of Kerberos but are not implemented here.
-
-des_random_key() generated cryptographically weak random data in
-SSLeay and in OpenSSL prior version 0.9.5, as well as in the original
-MIT library.
-
-=head1 AUTHOR
-
-Eric Young (eay@cryptsoft.com). Modified for the OpenSSL project
-(http://www.openssl.org).
-
-=cut
diff --git a/crypto/openssl/doc/crypto/des_modes.pod b/crypto/openssl/doc/crypto/des_modes.pod
deleted file mode 100644
index 0266403..0000000
--- a/crypto/openssl/doc/crypto/des_modes.pod
+++ /dev/null
@@ -1,255 +0,0 @@
-=pod
-
-=for comment openssl_manual_section:7
-
-=head1 NAME
-
-Modes of DES - the variants of DES and other crypto algorithms of OpenSSL
-
-=head1 DESCRIPTION
-
-Several crypto algorithms for OpenSSL can be used in a number of modes. Those
-are used for using block ciphers in a way similar to stream ciphers, among
-other things.
-
-=head1 OVERVIEW
-
-=head2 Electronic Codebook Mode (ECB)
-
-Normally, this is found as the function I<algorithm>_ecb_encrypt().
-
-=over 2
-
-=item *
-
-64 bits are enciphered at a time.
-
-=item *
-
-The order of the blocks can be rearranged without detection.
-
-=item *
-
-The same plaintext block always produces the same ciphertext block
-(for the same key) making it vulnerable to a 'dictionary attack'.
-
-=item *
-
-An error will only affect one ciphertext block.
-
-=back
-
-=head2 Cipher Block Chaining Mode (CBC)
-
-Normally, this is found as the function I<algorithm>_cbc_encrypt().
-Be aware that des_cbc_encrypt() is not really DES CBC (it does
-not update the IV); use des_ncbc_encrypt() instead.
-
-=over 2
-
-=item *
-
-a multiple of 64 bits are enciphered at a time.
-
-=item *
-
-The CBC mode produces the same ciphertext whenever the same
-plaintext is encrypted using the same key and starting variable.
-
-=item *
-
-The chaining operation makes the ciphertext blocks dependent on the
-current and all preceding plaintext blocks and therefore blocks can not
-be rearranged.
-
-=item *
-
-The use of different starting variables prevents the same plaintext
-enciphering to the same ciphertext.
-
-=item *
-
-An error will affect the current and the following ciphertext blocks.
-
-=back
-
-=head2 Cipher Feedback Mode (CFB)
-
-Normally, this is found as the function I<algorithm>_cfb_encrypt().
-
-=over 2
-
-=item *
-
-a number of bits (j) <= 64 are enciphered at a time.
-
-=item *
-
-The CFB mode produces the same ciphertext whenever the same
-plaintext is encrypted using the same key and starting variable.
-
-=item *
-
-The chaining operation makes the ciphertext variables dependent on the
-current and all preceding variables and therefore j-bit variables are
-chained together and can not be rearranged.
-
-=item *
-
-The use of different starting variables prevents the same plaintext
-enciphering to the same ciphertext.
-
-=item *
-
-The strength of the CFB mode depends on the size of k (maximal if
-j == k). In my implementation this is always the case.
-
-=item *
-
-Selection of a small value for j will require more cycles through
-the encipherment algorithm per unit of plaintext and thus cause
-greater processing overheads.
-
-=item *
-
-Only multiples of j bits can be enciphered.
-
-=item *
-
-An error will affect the current and the following ciphertext variables.
-
-=back
-
-=head2 Output Feedback Mode (OFB)
-
-Normally, this is found as the function I<algorithm>_ofb_encrypt().
-
-=over 2
-
-
-=item *
-
-a number of bits (j) <= 64 are enciphered at a time.
-
-=item *
-
-The OFB mode produces the same ciphertext whenever the same
-plaintext enciphered using the same key and starting variable. More
-over, in the OFB mode the same key stream is produced when the same
-key and start variable are used. Consequently, for security reasons
-a specific start variable should be used only once for a given key.
-
-=item *
-
-The absence of chaining makes the OFB more vulnerable to specific attacks.
-
-=item *
-
-The use of different start variables values prevents the same
-plaintext enciphering to the same ciphertext, by producing different
-key streams.
-
-=item *
-
-Selection of a small value for j will require more cycles through
-the encipherment algorithm per unit of plaintext and thus cause
-greater processing overheads.
-
-=item *
-
-Only multiples of j bits can be enciphered.
-
-=item *
-
-OFB mode of operation does not extend ciphertext errors in the
-resultant plaintext output. Every bit error in the ciphertext causes
-only one bit to be in error in the deciphered plaintext.
-
-=item *
-
-OFB mode is not self-synchronizing. If the two operation of
-encipherment and decipherment get out of synchronism, the system needs
-to be re-initialized.
-
-=item *
-
-Each re-initialization should use a value of the start variable
-different from the start variable values used before with the same
-key. The reason for this is that an identical bit stream would be
-produced each time from the same parameters. This would be
-susceptible to a 'known plaintext' attack.
-
-=back
-
-=head2 Triple ECB Mode
-
-Normally, this is found as the function I<algorithm>_ecb3_encrypt().
-
-=over 2
-
-=item *
-
-Encrypt with key1, decrypt with key2 and encrypt with key3 again.
-
-=item *
-
-As for ECB encryption but increases the key length to 168 bits.
-There are theoretic attacks that can be used that make the effective
-key length 112 bits, but this attack also requires 2^56 blocks of
-memory, not very likely, even for the NSA.
-
-=item *
-
-If both keys are the same it is equivalent to encrypting once with
-just one key.
-
-=item *
-
-If the first and last key are the same, the key length is 112 bits.
-There are attacks that could reduce the effective key strength
-to only slightly more than 56 bits, but these require a lot of memory.
-
-=item *
-
-If all 3 keys are the same, this is effectively the same as normal
-ecb mode.
-
-=back
-
-=head2 Triple CBC Mode
-
-Normally, this is found as the function I<algorithm>_ede3_cbc_encrypt().
-
-=over 2
-
-
-=item *
-
-Encrypt with key1, decrypt with key2 and then encrypt with key3.
-
-=item *
-
-As for CBC encryption but increases the key length to 168 bits with
-the same restrictions as for triple ecb mode.
-
-=back
-
-=head1 NOTES
-
-This text was been written in large parts by Eric Young in his original
-documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed
-it to:
-
- AS 2805.5.2
- Australian Standard
- Electronic funds transfer - Requirements for interfaces,
- Part 5.2: Modes of operation for an n-bit block cipher algorithm
- Appendix A
-
-=head1 SEE ALSO
-
-L<blowfish(3)|blowfish(3)>, L<des(3)|des(3)>, L<idea(3)|idea(3)>,
-L<rc2(3)|rc2(3)>
-
-=cut
-
diff --git a/crypto/openssl/doc/crypto/dh.pod b/crypto/openssl/doc/crypto/dh.pod
deleted file mode 100644
index c3ccd06..0000000
--- a/crypto/openssl/doc/crypto/dh.pod
+++ /dev/null
@@ -1,78 +0,0 @@
-=pod
-
-=head1 NAME
-
-dh - Diffie-Hellman key agreement
-
-=head1 SYNOPSIS
-
- #include <openssl/dh.h>
- #include <openssl/engine.h>
-
- DH * DH_new(void);
- void DH_free(DH *dh);
-
- int DH_size(const DH *dh);
-
- DH * DH_generate_parameters(int prime_len, int generator,
- void (*callback)(int, int, void *), void *cb_arg);
- int DH_check(const DH *dh, int *codes);
-
- int DH_generate_key(DH *dh);
- int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
-
- void DH_set_default_method(const DH_METHOD *meth);
- const DH_METHOD *DH_get_default_method(void);
- int DH_set_method(DH *dh, const DH_METHOD *meth);
- DH *DH_new_method(ENGINE *engine);
- const DH_METHOD *DH_OpenSSL(void);
-
- int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
- int (*dup_func)(), void (*free_func)());
- int DH_set_ex_data(DH *d, int idx, char *arg);
- char *DH_get_ex_data(DH *d, int idx);
-
- DH * d2i_DHparams(DH **a, unsigned char **pp, long length);
- int i2d_DHparams(const DH *a, unsigned char **pp);
-
- int DHparams_print_fp(FILE *fp, const DH *x);
- int DHparams_print(BIO *bp, const DH *x);
-
-=head1 DESCRIPTION
-
-These functions implement the Diffie-Hellman key agreement protocol.
-The generation of shared DH parameters is described in
-L<DH_generate_parameters(3)|DH_generate_parameters(3)>; L<DH_generate_key(3)|DH_generate_key(3)> describes how
-to perform a key agreement.
-
-The B<DH> structure consists of several BIGNUM components.
-
- struct
- {
- BIGNUM *p; // prime number (shared)
- BIGNUM *g; // generator of Z_p (shared)
- BIGNUM *priv_key; // private DH value x
- BIGNUM *pub_key; // public DH value g^x
- // ...
- };
- DH
-
-Note that DH keys may use non-standard B<DH_METHOD> implementations,
-either directly or by the use of B<ENGINE> modules. In some cases (eg. an
-ENGINE providing support for hardware-embedded keys), these BIGNUM values
-will not be used by the implementation or may be used for alternative data
-storage. For this reason, applications should generally avoid using DH
-structure elements directly and instead use API functions to query or
-modify keys.
-
-=head1 SEE ALSO
-
-L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
-L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>,
-L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>,
-L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
-L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
-L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
-L<RSA_print(3)|RSA_print(3)>
-
-=cut
diff --git a/crypto/openssl/doc/crypto/dsa.pod b/crypto/openssl/doc/crypto/dsa.pod
deleted file mode 100644
index da07d2b..0000000
--- a/crypto/openssl/doc/crypto/dsa.pod
+++ /dev/null
@@ -1,114 +0,0 @@
-=pod
-
-=head1 NAME
-
-dsa - Digital Signature Algorithm
-
-=head1 SYNOPSIS
-
- #include <openssl/dsa.h>
- #include <openssl/engine.h>
-
- DSA * DSA_new(void);
- void DSA_free(DSA *dsa);
-
- int DSA_size(const DSA *dsa);
-
- DSA * DSA_generate_parameters(int bits, unsigned char *seed,
- int seed_len, int *counter_ret, unsigned long *h_ret,
- void (*callback)(int, int, void *), void *cb_arg);
-
- DH * DSA_dup_DH(const DSA *r);
-
- int DSA_generate_key(DSA *dsa);
-
- int DSA_sign(int dummy, const unsigned char *dgst, int len,
- unsigned char *sigret, unsigned int *siglen, DSA *dsa);
- int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
- BIGNUM **rp);
- int DSA_verify(int dummy, const unsigned char *dgst, int len,
- const unsigned char *sigbuf, int siglen, DSA *dsa);
-
- void DSA_set_default_method(const DSA_METHOD *meth);
- const DSA_METHOD *DSA_get_default_method(void);
- int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
- DSA *DSA_new_method(ENGINE *engine);
- const DSA_METHOD *DSA_OpenSSL(void);
-
- int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
- int (*dup_func)(), void (*free_func)());
- int DSA_set_ex_data(DSA *d, int idx, char *arg);
- char *DSA_get_ex_data(DSA *d, int idx);
-
- DSA_SIG *DSA_SIG_new(void);
- void DSA_SIG_free(DSA_SIG *a);
- int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
- DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
-
- DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
- int DSA_do_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-
- DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
- DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
- DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
- int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
- int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
- int i2d_DSAparams(const DSA *a,unsigned char **pp);
-
- int DSAparams_print(BIO *bp, const DSA *x);
- int DSAparams_print_fp(FILE *fp, const DSA *x);
- int DSA_print(BIO *bp, const DSA *x, int off);
- int DSA_print_fp(FILE *bp, const DSA *x, int off);
-
-=head1 DESCRIPTION
-
-These functions implement the Digital Signature Algorithm (DSA). The
-generation of shared DSA parameters is described in
-L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>;
-L<DSA_generate_key(3)|DSA_generate_key(3)> describes how to
-generate a signature key. Signature generation and verification are
-described in L<DSA_sign(3)|DSA_sign(3)>.
-
-The B<DSA> structure consists of several BIGNUM components.
-
- struct
- {
- BIGNUM *p; // prime number (public)
- BIGNUM *q; // 160-bit subprime, q | p-1 (public)
- BIGNUM *g; // generator of subgroup (public)
- BIGNUM *priv_key; // private key x
- BIGNUM *pub_key; // public key y = g^x
- // ...
- }
- DSA;
-
-In public keys, B<priv_key> is NULL.
-
-Note that DSA keys may use non-standard B<DSA_METHOD> implementations,
-either directly or by the use of B<ENGINE> modules. In some cases (eg. an
-ENGINE providing support for hardware-embedded keys), these BIGNUM values
-will not be used by the implementation or may be used for alternative data
-storage. For this reason, applications should generally avoid using DSA
-structure elements directly and instead use API functions to query or
-modify keys.
-
-=head1 CONFORMING TO
-
-US Federal Information Processing Standard FIPS 186 (Digital Signature
-Standard, DSS), ANSI X9.30
-
-=head1 SEE ALSO
-
-L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>,
-L<DSA_new(3)|DSA_new(3)>,
-L<DSA_size(3)|DSA_size(3)>,
-L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
-L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
-L<DSA_generate_key(3)|DSA_generate_key(3)>,
-L<DSA_sign(3)|DSA_sign(3)>, L<DSA_set_method(3)|DSA_set_method(3)>,
-L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>,
-L<RSA_print(3)|RSA_print(3)>
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ecdsa.pod b/crypto/openssl/doc/crypto/ecdsa.pod
deleted file mode 100644
index 49b10f2..0000000
--- a/crypto/openssl/doc/crypto/ecdsa.pod
+++ /dev/null
@@ -1,210 +0,0 @@
-=pod
-
-=head1 NAME
-
-ecdsa - Elliptic Curve Digital Signature Algorithm
-
-=head1 SYNOPSIS
-
- #include <openssl/ecdsa.h>
-
- ECDSA_SIG* ECDSA_SIG_new(void);
- void ECDSA_SIG_free(ECDSA_SIG *sig);
- int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
- ECDSA_SIG* d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp,
- long len);
-
- ECDSA_SIG* ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
- EC_KEY *eckey);
- ECDSA_SIG* ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
- const BIGNUM *kinv, const BIGNUM *rp,
- EC_KEY *eckey);
- int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
- const ECDSA_SIG *sig, EC_KEY* eckey);
- int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx,
- BIGNUM **kinv, BIGNUM **rp);
- int ECDSA_sign(int type, const unsigned char *dgst,
- int dgstlen, unsigned char *sig,
- unsigned int *siglen, EC_KEY *eckey);
- int ECDSA_sign_ex(int type, const unsigned char *dgst,
- int dgstlen, unsigned char *sig,
- unsigned int *siglen, const BIGNUM *kinv,
- const BIGNUM *rp, EC_KEY *eckey);
- int ECDSA_verify(int type, const unsigned char *dgst,
- int dgstlen, const unsigned char *sig,
- int siglen, EC_KEY *eckey);
- int ECDSA_size(const EC_KEY *eckey);
-
- const ECDSA_METHOD* ECDSA_OpenSSL(void);
- void ECDSA_set_default_method(const ECDSA_METHOD *meth);
- const ECDSA_METHOD* ECDSA_get_default_method(void);
- int ECDSA_set_method(EC_KEY *eckey,const ECDSA_METHOD *meth);
-
- int ECDSA_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
- int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
- void* ECDSA_get_ex_data(EC_KEY *d, int idx);
-
-=head1 DESCRIPTION
-
-The B<ECDSA_SIG> structure consists of two BIGNUMs for the
-r and s value of a ECDSA signature (see X9.62 or FIPS 186-2).
-
- struct
- {
- BIGNUM *r;
- BIGNUM *s;
- } ECDSA_SIG;
-
-ECDSA_SIG_new() allocates a new B<ECDSA_SIG> structure (note: this
-function also allocates the BIGNUMs) and initialize it.
-
-ECDSA_SIG_free() frees the B<ECDSA_SIG> structure B<sig>.
-
-i2d_ECDSA_SIG() creates the DER encoding of the ECDSA signature
-B<sig> and writes the encoded signature to B<*pp> (note: if B<pp>
-is NULL B<i2d_ECDSA_SIG> returns the expected length in bytes of
-the DER encoded signature). B<i2d_ECDSA_SIG> returns the length
-of the DER encoded signature (or 0 on error).
-
-d2i_ECDSA_SIG() decodes a DER encoded ECDSA signature and returns
-the decoded signature in a newly allocated B<ECDSA_SIG> structure.
-B<*sig> points to the buffer containing the DER encoded signature
-of size B<len>.
-
-ECDSA_size() returns the maximum length of a DER encoded
-ECDSA signature created with the private EC key B<eckey>.
-
-ECDSA_sign_setup() may be used to precompute parts of the
-signing operation. B<eckey> is the private EC key and B<ctx>
-is a pointer to B<BN_CTX> structure (or NULL). The precomputed
-values or returned in B<kinv> and B<rp> and can be used in a
-later call to B<ECDSA_sign_ex> or B<ECDSA_do_sign_ex>.
-
-ECDSA_sign() is wrapper function for ECDSA_sign_ex with B<kinv>
-and B<rp> set to NULL.
-
-ECDSA_sign_ex() computes a digital signature of the B<dgstlen> bytes
-hash value B<dgst> using the private EC key B<eckey> and the optional
-pre-computed values B<kinv> and B<rp>. The DER encoded signatures is
-stored in B<sig> and it's length is returned in B<sig_len>. Note: B<sig>
-must point to B<ECDSA_size> bytes of memory. The parameter B<type>
-is ignored.
-
-ECDSA_verify() verifies that the signature in B<sig> of size
-B<siglen> is a valid ECDSA signature of the hash value
-value B<dgst> of size B<dgstlen> using the public key B<eckey>.
-The parameter B<type> is ignored.
-
-ECDSA_do_sign() is wrapper function for ECDSA_do_sign_ex with B<kinv>
-and B<rp> set to NULL.
-
-ECDSA_do_sign_ex() computes a digital signature of the B<dgst_len>
-bytes hash value B<dgst> using the private key B<eckey> and the
-optional pre-computed values B<kinv> and B<rp>. The signature is
-returned in a newly allocated B<ECDSA_SIG> structure (or NULL on error).
-
-ECDSA_do_verify() verifies that the signature B<sig> is a valid
-ECDSA signature of the hash value B<dgst> of size B<dgst_len>
-using the public key B<eckey>.
-
-=head1 RETURN VALUES
-
-ECDSA_size() returns the maximum length signature or 0 on error.
-
-ECDSA_sign_setup() and ECDSA_sign() return 1 if successful or -1
-on error.
-
-ECDSA_verify() and ECDSA_do_verify() return 1 for a valid
-signature, 0 for an invalid signature and -1 on error.
-The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
-
-=head1 EXAMPLES
-
-Creating a ECDSA signature of given SHA-1 hash value using the
-named curve secp192k1.
-
-First step: create a EC_KEY object (note: this part is B<not> ECDSA
-specific)
-
- int ret;
- ECDSA_SIG *sig;
- EC_KEY *eckey = EC_KEY_new();
- if (eckey == NULL)
- {
- /* error */
- }
- key->group = EC_GROUP_new_by_nid(NID_secp192k1);
- if (key->group == NULL)
- {
- /* error */
- }
- if (!EC_KEY_generate_key(eckey))
- {
- /* error */
- }
-
-Second step: compute the ECDSA signature of a SHA-1 hash value
-using B<ECDSA_do_sign>
-
- sig = ECDSA_do_sign(digest, 20, eckey);
- if (sig == NULL)
- {
- /* error */
- }
-
-or using B<ECDSA_sign>
-
- unsigned char *buffer, *pp;
- int buf_len;
- buf_len = ECDSA_size(eckey);
- buffer = OPENSSL_malloc(buf_len);
- pp = buffer;
- if (!ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey);
- {
- /* error */
- }
-
-Third step: verify the created ECDSA signature using B<ECDSA_do_verify>
-
- ret = ECDSA_do_verify(digest, 20, sig, eckey);
-
-or using B<ECDSA_verify>
-
- ret = ECDSA_verify(0, digest, 20, buffer, buf_len, eckey);
-
-and finally evaluate the return value:
-
- if (ret == -1)
- {
- /* error */
- }
- else if (ret == 0)
- {
- /* incorrect signature */
- }
- else /* ret == 1 */
- {
- /* signature ok */
- }
-
-=head1 CONFORMING TO
-
-ANSI X9.62, US Federal Information Processing Standard FIPS 186-2
-(Digital Signature Standard, DSS)
-
-=head1 SEE ALSO
-
-L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>
-
-=head1 HISTORY
-
-The ecdsa implementation was first introduced in OpenSSL 0.9.8
-
-=head1 AUTHOR
-
-Nils Larsch for the OpenSSL project (http://www.openssl.org).
-
-=cut
diff --git a/crypto/openssl/doc/crypto/engine.pod b/crypto/openssl/doc/crypto/engine.pod
deleted file mode 100644
index 75933fc..0000000
--- a/crypto/openssl/doc/crypto/engine.pod
+++ /dev/null
@@ -1,599 +0,0 @@
-=pod
-
-=head1 NAME
-
-engine - ENGINE cryptographic module support
-
-=head1 SYNOPSIS
-
- #include <openssl/engine.h>
-
- ENGINE *ENGINE_get_first(void);
- ENGINE *ENGINE_get_last(void);
- ENGINE *ENGINE_get_next(ENGINE *e);
- ENGINE *ENGINE_get_prev(ENGINE *e);
-
- int ENGINE_add(ENGINE *e);
- int ENGINE_remove(ENGINE *e);
-
- ENGINE *ENGINE_by_id(const char *id);
-
- int ENGINE_init(ENGINE *e);
- int ENGINE_finish(ENGINE *e);
-
- void ENGINE_load_openssl(void);
- void ENGINE_load_dynamic(void);
- #ifndef OPENSSL_NO_STATIC_ENGINE
- void ENGINE_load_4758cca(void);
- void ENGINE_load_aep(void);
- void ENGINE_load_atalla(void);
- void ENGINE_load_chil(void);
- void ENGINE_load_cswift(void);
- void ENGINE_load_gmp(void);
- void ENGINE_load_nuron(void);
- void ENGINE_load_sureware(void);
- void ENGINE_load_ubsec(void);
- #endif
- void ENGINE_load_cryptodev(void);
- void ENGINE_load_builtin_engines(void);
-
- void ENGINE_cleanup(void);
-
- ENGINE *ENGINE_get_default_RSA(void);
- ENGINE *ENGINE_get_default_DSA(void);
- ENGINE *ENGINE_get_default_ECDH(void);
- ENGINE *ENGINE_get_default_ECDSA(void);
- ENGINE *ENGINE_get_default_DH(void);
- ENGINE *ENGINE_get_default_RAND(void);
- ENGINE *ENGINE_get_cipher_engine(int nid);
- ENGINE *ENGINE_get_digest_engine(int nid);
-
- int ENGINE_set_default_RSA(ENGINE *e);
- int ENGINE_set_default_DSA(ENGINE *e);
- int ENGINE_set_default_ECDH(ENGINE *e);
- int ENGINE_set_default_ECDSA(ENGINE *e);
- int ENGINE_set_default_DH(ENGINE *e);
- int ENGINE_set_default_RAND(ENGINE *e);
- int ENGINE_set_default_ciphers(ENGINE *e);
- int ENGINE_set_default_digests(ENGINE *e);
- int ENGINE_set_default_string(ENGINE *e, const char *list);
-
- int ENGINE_set_default(ENGINE *e, unsigned int flags);
-
- unsigned int ENGINE_get_table_flags(void);
- void ENGINE_set_table_flags(unsigned int flags);
-
- int ENGINE_register_RSA(ENGINE *e);
- void ENGINE_unregister_RSA(ENGINE *e);
- void ENGINE_register_all_RSA(void);
- int ENGINE_register_DSA(ENGINE *e);
- void ENGINE_unregister_DSA(ENGINE *e);
- void ENGINE_register_all_DSA(void);
- int ENGINE_register_ECDH(ENGINE *e);
- void ENGINE_unregister_ECDH(ENGINE *e);
- void ENGINE_register_all_ECDH(void);
- int ENGINE_register_ECDSA(ENGINE *e);
- void ENGINE_unregister_ECDSA(ENGINE *e);
- void ENGINE_register_all_ECDSA(void);
- int ENGINE_register_DH(ENGINE *e);
- void ENGINE_unregister_DH(ENGINE *e);
- void ENGINE_register_all_DH(void);
- int ENGINE_register_RAND(ENGINE *e);
- void ENGINE_unregister_RAND(ENGINE *e);
- void ENGINE_register_all_RAND(void);
- int ENGINE_register_STORE(ENGINE *e);
- void ENGINE_unregister_STORE(ENGINE *e);
- void ENGINE_register_all_STORE(void);
- int ENGINE_register_ciphers(ENGINE *e);
- void ENGINE_unregister_ciphers(ENGINE *e);
- void ENGINE_register_all_ciphers(void);
- int ENGINE_register_digests(ENGINE *e);
- void ENGINE_unregister_digests(ENGINE *e);
- void ENGINE_register_all_digests(void);
- int ENGINE_register_complete(ENGINE *e);
- int ENGINE_register_all_complete(void);
-
- int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
- int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
- int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
- long i, void *p, void (*f)(void), int cmd_optional);
- int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
- int cmd_optional);
-
- int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
- void *ENGINE_get_ex_data(const ENGINE *e, int idx);
-
- int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
- ENGINE *ENGINE_new(void);
- int ENGINE_free(ENGINE *e);
- int ENGINE_up_ref(ENGINE *e);
-
- int ENGINE_set_id(ENGINE *e, const char *id);
- int ENGINE_set_name(ENGINE *e, const char *name);
- int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
- int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
- int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *dh_meth);
- int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *dh_meth);
- int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
- int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
- int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *rand_meth);
- int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
- int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
- int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
- int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
- int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
- int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
- int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
- int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
- int ENGINE_set_flags(ENGINE *e, int flags);
- int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
-
- const char *ENGINE_get_id(const ENGINE *e);
- const char *ENGINE_get_name(const ENGINE *e);
- const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
- const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
- const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
- const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
- const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
- const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
- const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e);
- ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
- ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
- ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
- ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
- ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
- ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
- ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
- ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
- const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
- const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
- int ENGINE_get_flags(const ENGINE *e);
- const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
-
- EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
- EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
-
- void ENGINE_add_conf_module(void);
-
-=head1 DESCRIPTION
-
-These functions create, manipulate, and use cryptographic modules in the
-form of B<ENGINE> objects. These objects act as containers for
-implementations of cryptographic algorithms, and support a
-reference-counted mechanism to allow them to be dynamically loaded in and
-out of the running application.
-
-The cryptographic functionality that can be provided by an B<ENGINE>
-implementation includes the following abstractions;
-
- RSA_METHOD - for providing alternative RSA implementations
- DSA_METHOD, DH_METHOD, RAND_METHOD, ECDH_METHOD, ECDSA_METHOD,
- STORE_METHOD - similarly for other OpenSSL APIs
- EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
- EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
- key-loading - loading public and/or private EVP_PKEY keys
-
-=head2 Reference counting and handles
-
-Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
-treated as handles - ie. not only as pointers, but also as references to
-the underlying ENGINE object. Ie. one should obtain a new reference when
-making copies of an ENGINE pointer if the copies will be used (and
-released) independantly.
-
-ENGINE objects have two levels of reference-counting to match the way in
-which the objects are used. At the most basic level, each ENGINE pointer is
-inherently a B<structural> reference - a structural reference is required
-to use the pointer value at all, as this kind of reference is a guarantee
-that the structure can not be deallocated until the reference is released.
-
-However, a structural reference provides no guarantee that the ENGINE is
-initiliased and able to use any of its cryptographic
-implementations. Indeed it's quite possible that most ENGINEs will not
-initialise at all in typical environments, as ENGINEs are typically used to
-support specialised hardware. To use an ENGINE's functionality, you need a
-B<functional> reference. This kind of reference can be considered a
-specialised form of structural reference, because each functional reference
-implicitly contains a structural reference as well - however to avoid
-difficult-to-find programming bugs, it is recommended to treat the two
-kinds of reference independantly. If you have a functional reference to an
-ENGINE, you have a guarantee that the ENGINE has been initialised ready to
-perform cryptographic operations and will remain uninitialised
-until after you have released your reference.
-
-I<Structural references>
-
-This basic type of reference is used for instantiating new ENGINEs,
-iterating across OpenSSL's internal linked-list of loaded
-ENGINEs, reading information about an ENGINE, etc. Essentially a structural
-reference is sufficient if you only need to query or manipulate the data of
-an ENGINE implementation rather than use its functionality.
-
-The ENGINE_new() function returns a structural reference to a new (empty)
-ENGINE object. There are other ENGINE API functions that return structural
-references such as; ENGINE_by_id(), ENGINE_get_first(), ENGINE_get_last(),
-ENGINE_get_next(), ENGINE_get_prev(). All structural references should be
-released by a corresponding to call to the ENGINE_free() function - the
-ENGINE object itself will only actually be cleaned up and deallocated when
-the last structural reference is released.
-
-It should also be noted that many ENGINE API function calls that accept a
-structural reference will internally obtain another reference - typically
-this happens whenever the supplied ENGINE will be needed by OpenSSL after
-the function has returned. Eg. the function to add a new ENGINE to
-OpenSSL's internal list is ENGINE_add() - if this function returns success,
-then OpenSSL will have stored a new structural reference internally so the
-caller is still responsible for freeing their own reference with
-ENGINE_free() when they are finished with it. In a similar way, some
-functions will automatically release the structural reference passed to it
-if part of the function's job is to do so. Eg. the ENGINE_get_next() and
-ENGINE_get_prev() functions are used for iterating across the internal
-ENGINE list - they will return a new structural reference to the next (or
-previous) ENGINE in the list or NULL if at the end (or beginning) of the
-list, but in either case the structural reference passed to the function is
-released on behalf of the caller.
-
-To clarify a particular function's handling of references, one should
-always consult that function's documentation "man" page, or failing that
-the openssl/engine.h header file includes some hints.
-
-I<Functional references>
-
-As mentioned, functional references exist when the cryptographic
-functionality of an ENGINE is required to be available. A functional
-reference can be obtained in one of two ways; from an existing structural
-reference to the required ENGINE, or by asking OpenSSL for the default
-operational ENGINE for a given cryptographic purpose.
-
-To obtain a functional reference from an existing structural reference,
-call the ENGINE_init() function. This returns zero if the ENGINE was not
-already operational and couldn't be successfully initialised (eg. lack of
-system drivers, no special hardware attached, etc), otherwise it will
-return non-zero to indicate that the ENGINE is now operational and will
-have allocated a new B<functional> reference to the ENGINE. All functional
-references are released by calling ENGINE_finish() (which removes the
-implicit structural reference as well).
-
-The second way to get a functional reference is by asking OpenSSL for a
-default implementation for a given task, eg. by ENGINE_get_default_RSA(),
-ENGINE_get_default_cipher_engine(), etc. These are discussed in the next
-section, though they are not usually required by application programmers as
-they are used automatically when creating and using the relevant
-algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.
-
-=head2 Default implementations
-
-For each supported abstraction, the ENGINE code maintains an internal table
-of state to control which implementations are available for a given
-abstraction and which should be used by default. These implementations are
-registered in the tables and indexed by an 'nid' value, because
-abstractions like EVP_CIPHER and EVP_DIGEST support many distinct
-algorithms and modes, and ENGINEs can support arbitrarily many of them.
-In the case of other abstractions like RSA, DSA, etc, there is only one
-"algorithm" so all implementations implicitly register using the same 'nid'
-index.
-
-When a default ENGINE is requested for a given abstraction/algorithm/mode, (eg.
-when calling RSA_new_method(NULL)), a "get_default" call will be made to the
-ENGINE subsystem to process the corresponding state table and return a
-functional reference to an initialised ENGINE whose implementation should be
-used. If no ENGINE should (or can) be used, it will return NULL and the caller
-will operate with a NULL ENGINE handle - this usually equates to using the
-conventional software implementation. In the latter case, OpenSSL will from
-then on behave the way it used to before the ENGINE API existed.
-
-Each state table has a flag to note whether it has processed this
-"get_default" query since the table was last modified, because to process
-this question it must iterate across all the registered ENGINEs in the
-table trying to initialise each of them in turn, in case one of them is
-operational. If it returns a functional reference to an ENGINE, it will
-also cache another reference to speed up processing future queries (without
-needing to iterate across the table). Likewise, it will cache a NULL
-response if no ENGINE was available so that future queries won't repeat the
-same iteration unless the state table changes. This behaviour can also be
-changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using
-ENGINE_set_table_flags()), no attempted initialisations will take place,
-instead the only way for the state table to return a non-NULL ENGINE to the
-"get_default" query will be if one is expressly set in the table. Eg.
-ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except
-that it also sets the state table's cached response for the "get_default"
-query. In the case of abstractions like EVP_CIPHER, where implementations are
-indexed by 'nid', these flags and cached-responses are distinct for each 'nid'
-value.
-
-=head2 Application requirements
-
-This section will explain the basic things an application programmer should
-support to make the most useful elements of the ENGINE functionality
-available to the user. The first thing to consider is whether the
-programmer wishes to make alternative ENGINE modules available to the
-application and user. OpenSSL maintains an internal linked list of
-"visible" ENGINEs from which it has to operate - at start-up, this list is
-empty and in fact if an application does not call any ENGINE API calls and
-it uses static linking against openssl, then the resulting application
-binary will not contain any alternative ENGINE code at all. So the first
-consideration is whether any/all available ENGINE implementations should be
-made visible to OpenSSL - this is controlled by calling the various "load"
-functions, eg.
-
- /* Make the "dynamic" ENGINE available */
- void ENGINE_load_dynamic(void);
- /* Make the CryptoSwift hardware acceleration support available */
- void ENGINE_load_cswift(void);
- /* Make support for nCipher's "CHIL" hardware available */
- void ENGINE_load_chil(void);
- ...
- /* Make ALL ENGINE implementations bundled with OpenSSL available */
- void ENGINE_load_builtin_engines(void);
-
-Having called any of these functions, ENGINE objects would have been
-dynamically allocated and populated with these implementations and linked
-into OpenSSL's internal linked list. At this point it is important to
-mention an important API function;
-
- void ENGINE_cleanup(void);
-
-If no ENGINE API functions are called at all in an application, then there
-are no inherent memory leaks to worry about from the ENGINE functionality,
-however if any ENGINEs are loaded, even if they are never registered or
-used, it is necessary to use the ENGINE_cleanup() function to
-correspondingly cleanup before program exit, if the caller wishes to avoid
-memory leaks. This mechanism uses an internal callback registration table
-so that any ENGINE API functionality that knows it requires cleanup can
-register its cleanup details to be called during ENGINE_cleanup(). This
-approach allows ENGINE_cleanup() to clean up after any ENGINE functionality
-at all that your program uses, yet doesn't automatically create linker
-dependencies to all possible ENGINE functionality - only the cleanup
-callbacks required by the functionality you do use will be required by the
-linker.
-
-The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
-the program and loaded into memory at run-time) does not mean they are
-"registered" or called into use by OpenSSL automatically - that behaviour
-is something for the application to control. Some applications
-will want to allow the user to specify exactly which ENGINE they want used
-if any is to be used at all. Others may prefer to load all support and have
-OpenSSL automatically use at run-time any ENGINE that is able to
-successfully initialise - ie. to assume that this corresponds to
-acceleration hardware attached to the machine or some such thing. There are
-probably numerous other ways in which applications may prefer to handle
-things, so we will simply illustrate the consequences as they apply to a
-couple of simple cases and leave developers to consider these and the
-source code to openssl's builtin utilities as guides.
-
-I<Using a specific ENGINE implementation>
-
-Here we'll assume an application has been configured by its user or admin
-to want to use the "ACME" ENGINE if it is available in the version of
-OpenSSL the application was compiled with. If it is available, it should be
-used by default for all RSA, DSA, and symmetric cipher operation, otherwise
-OpenSSL should use its builtin software as per usual. The following code
-illustrates how to approach this;
-
- ENGINE *e;
- const char *engine_id = "ACME";
- ENGINE_load_builtin_engines();
- e = ENGINE_by_id(engine_id);
- if(!e)
- /* the engine isn't available */
- return;
- if(!ENGINE_init(e)) {
- /* the engine couldn't initialise, release 'e' */
- ENGINE_free(e);
- return;
- }
- if(!ENGINE_set_default_RSA(e))
- /* This should only happen when 'e' can't initialise, but the previous
- * statement suggests it did. */
- abort();
- ENGINE_set_default_DSA(e);
- ENGINE_set_default_ciphers(e);
- /* Release the functional reference from ENGINE_init() */
- ENGINE_finish(e);
- /* Release the structural reference from ENGINE_by_id() */
- ENGINE_free(e);
-
-I<Automatically using builtin ENGINE implementations>
-
-Here we'll assume we want to load and register all ENGINE implementations
-bundled with OpenSSL, such that for any cryptographic algorithm required by
-OpenSSL - if there is an ENGINE that implements it and can be initialise,
-it should be used. The following code illustrates how this can work;
-
- /* Load all bundled ENGINEs into memory and make them visible */
- ENGINE_load_builtin_engines();
- /* Register all of them for every algorithm they collectively implement */
- ENGINE_register_all_complete();
-
-That's all that's required. Eg. the next time OpenSSL tries to set up an
-RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to
-ENGINE_init() and if any of those succeed, that ENGINE will be set as the
-default for RSA use from then on.
-
-=head2 Advanced configuration support
-
-There is a mechanism supported by the ENGINE framework that allows each
-ENGINE implementation to define an arbitrary set of configuration
-"commands" and expose them to OpenSSL and any applications based on
-OpenSSL. This mechanism is entirely based on the use of name-value pairs
-and assumes ASCII input (no unicode or UTF for now!), so it is ideal if
-applications want to provide a transparent way for users to provide
-arbitrary configuration "directives" directly to such ENGINEs. It is also
-possible for the application to dynamically interrogate the loaded ENGINE
-implementations for the names, descriptions, and input flags of their
-available "control commands", providing a more flexible configuration
-scheme. However, if the user is expected to know which ENGINE device he/she
-is using (in the case of specialised hardware, this goes without saying)
-then applications may not need to concern themselves with discovering the
-supported control commands and simply prefer to pass settings into ENGINEs
-exactly as they are provided by the user.
-
-Before illustrating how control commands work, it is worth mentioning what
-they are typically used for. Broadly speaking there are two uses for
-control commands; the first is to provide the necessary details to the
-implementation (which may know nothing at all specific to the host system)
-so that it can be initialised for use. This could include the path to any
-driver or config files it needs to load, required network addresses,
-smart-card identifiers, passwords to initialise protected devices,
-logging information, etc etc. This class of commands typically needs to be
-passed to an ENGINE B<before> attempting to initialise it, ie. before
-calling ENGINE_init(). The other class of commands consist of settings or
-operations that tweak certain behaviour or cause certain operations to take
-place, and these commands may work either before or after ENGINE_init(), or
-in some cases both. ENGINE implementations should provide indications of
-this in the descriptions attached to builtin control commands and/or in
-external product documentation.
-
-I<Issuing control commands to an ENGINE>
-
-Let's illustrate by example; a function for which the caller supplies the
-name of the ENGINE it wishes to use, a table of string-pairs for use before
-initialisation, and another table for use after initialisation. Note that
-the string-pairs used for control commands consist of a command "name"
-followed by the command "parameter" - the parameter could be NULL in some
-cases but the name can not. This function should initialise the ENGINE
-(issuing the "pre" commands beforehand and the "post" commands afterwards)
-and set it as the default for everything except RAND and then return a
-boolean success or failure.
-
- int generic_load_engine_fn(const char *engine_id,
- const char **pre_cmds, int pre_num,
- const char **post_cmds, int post_num)
- {
- ENGINE *e = ENGINE_by_id(engine_id);
- if(!e) return 0;
- while(pre_num--) {
- if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
- fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
- pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
- ENGINE_free(e);
- return 0;
- }
- pre_cmds += 2;
- }
- if(!ENGINE_init(e)) {
- fprintf(stderr, "Failed initialisation\n");
- ENGINE_free(e);
- return 0;
- }
- /* ENGINE_init() returned a functional reference, so free the structural
- * reference from ENGINE_by_id(). */
- ENGINE_free(e);
- while(post_num--) {
- if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
- fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
- post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
- ENGINE_finish(e);
- return 0;
- }
- post_cmds += 2;
- }
- ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
- /* Success */
- return 1;
- }
-
-Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
-relax the semantics of the function - if set non-zero it will only return
-failure if the ENGINE supported the given command name but failed while
-executing it, if the ENGINE doesn't support the command name it will simply
-return success without doing anything. In this case we assume the user is
-only supplying commands specific to the given ENGINE so we set this to
-FALSE.
-
-I<Discovering supported control commands>
-
-It is possible to discover at run-time the names, numerical-ids, descriptions
-and input parameters of the control commands supported by an ENGINE using a
-structural reference. Note that some control commands are defined by OpenSSL
-itself and it will intercept and handle these control commands on behalf of the
-ENGINE, ie. the ENGINE's ctrl() handler is not used for the control command.
-openssl/engine.h defines an index, ENGINE_CMD_BASE, that all control commands
-implemented by ENGINEs should be numbered from. Any command value lower than
-this symbol is considered a "generic" command is handled directly by the
-OpenSSL core routines.
-
-It is using these "core" control commands that one can discover the the control
-commands implemented by a given ENGINE, specifically the commands;
-
- #define ENGINE_HAS_CTRL_FUNCTION 10
- #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11
- #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12
- #define ENGINE_CTRL_GET_CMD_FROM_NAME 13
- #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14
- #define ENGINE_CTRL_GET_NAME_FROM_CMD 15
- #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16
- #define ENGINE_CTRL_GET_DESC_FROM_CMD 17
- #define ENGINE_CTRL_GET_CMD_FLAGS 18
-
-Whilst these commands are automatically processed by the OpenSSL framework code,
-they use various properties exposed by each ENGINE to process these
-queries. An ENGINE has 3 properties it exposes that can affect how this behaves;
-it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in
-the ENGINE's flags, and it can expose an array of control command descriptions.
-If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will
-simply pass all these "core" control commands directly to the ENGINE's ctrl()
-handler (and thus, it must have supplied one), so it is up to the ENGINE to
-reply to these "discovery" commands itself. If that flag is not set, then the
-OpenSSL framework code will work with the following rules;
-
- if no ctrl() handler supplied;
- ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
- all other commands fail.
- if a ctrl() handler was supplied but no array of control commands;
- ENGINE_HAS_CTRL_FUNCTION returns TRUE,
- all other commands fail.
- if a ctrl() handler and array of control commands was supplied;
- ENGINE_HAS_CTRL_FUNCTION returns TRUE,
- all other commands proceed processing ...
-
-If the ENGINE's array of control commands is empty then all other commands will
-fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of
-the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the
-identifier of a command supported by the ENGINE and returns the next command
-identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string
-name for a command and returns the corresponding identifier or fails if no such
-command name exists, and the remaining commands take a command identifier and
-return properties of the corresponding commands. All except
-ENGINE_CTRL_GET_FLAGS return the string length of a command name or description,
-or populate a supplied character buffer with a copy of the command name or
-description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
-possible values;
-
- #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001
- #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002
- #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004
- #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008
-
-If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
-informational to the caller - this flag will prevent the command being usable
-for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string().
-"INTERNAL" commands are not intended to be exposed to text-based configuration
-by applications, administrations, users, etc. These can support arbitrary
-operations via ENGINE_ctrl(), including passing to and/or from the control
-commands data of any arbitrary type. These commands are supported in the
-discovery mechanisms simply to allow applications determinie if an ENGINE
-supports certain specific commands it might want to use (eg. application "foo"
-might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
-and ENGINE could therefore decide whether or not to support this "foo"-specific
-extension).
-
-=head2 Future developments
-
-The ENGINE API and internal architecture is currently being reviewed. Slated for
-possible release in 0.9.8 is support for transparent loading of "dynamic"
-ENGINEs (built as self-contained shared-libraries). This would allow ENGINE
-implementations to be provided independantly of OpenSSL libraries and/or
-OpenSSL-based applications, and would also remove any requirement for
-applications to explicitly use the "dynamic" ENGINE to bind to shared-library
-implementations.
-
-=head1 SEE ALSO
-
-L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)>
-
-=cut
diff --git a/crypto/openssl/doc/crypto/err.pod b/crypto/openssl/doc/crypto/err.pod
deleted file mode 100644
index 6f72955..0000000
--- a/crypto/openssl/doc/crypto/err.pod
+++ /dev/null
@@ -1,187 +0,0 @@
-=pod
-
-=head1 NAME
-
-err - error codes
-
-=head1 SYNOPSIS
-
- #include <openssl/err.h>
-
- unsigned long ERR_get_error(void);
- unsigned long ERR_peek_error(void);
- unsigned long ERR_get_error_line(const char **file, int *line);
- unsigned long ERR_peek_error_line(const char **file, int *line);
- unsigned long ERR_get_error_line_data(const char **file, int *line,
- const char **data, int *flags);
- unsigned long ERR_peek_error_line_data(const char **file, int *line,
- const char **data, int *flags);
-
- int ERR_GET_LIB(unsigned long e);
- int ERR_GET_FUNC(unsigned long e);
- int ERR_GET_REASON(unsigned long e);
-
- void ERR_clear_error(void);
-
- char *ERR_error_string(unsigned long e, char *buf);
- const char *ERR_lib_error_string(unsigned long e);
- const char *ERR_func_error_string(unsigned long e);
- const char *ERR_reason_error_string(unsigned long e);
-
- void ERR_print_errors(BIO *bp);
- void ERR_print_errors_fp(FILE *fp);
-
- void ERR_load_crypto_strings(void);
- void ERR_free_strings(void);
-
- void ERR_remove_state(unsigned long pid);
-
- void ERR_put_error(int lib, int func, int reason, const char *file,
- int line);
- void ERR_add_error_data(int num, ...);
-
- void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
- unsigned long ERR_PACK(int lib, int func, int reason);
- int ERR_get_next_error_library(void);
-
-=head1 DESCRIPTION
-
-When a call to the OpenSSL library fails, this is usually signalled
-by the return value, and an error code is stored in an error queue
-associated with the current thread. The B<err> library provides
-functions to obtain these error codes and textual error messages.
-
-The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to
-access error codes.
-
-Error codes contain information about where the error occurred, and
-what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to
-extract this information. A method to obtain human-readable error
-messages is described in L<ERR_error_string(3)|ERR_error_string(3)>.
-
-L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the
-error queue.
-
-Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to
-avoid memory leaks when threads are terminated.
-
-=head1 ADDING NEW ERROR CODES TO OPENSSL
-
-See L<ERR_put_error(3)> if you want to record error codes in the
-OpenSSL error system from within your application.
-
-The remainder of this section is of interest only if you want to add
-new error codes to OpenSSL or add error codes from external libraries.
-
-=head2 Reporting errors
-
-Each sub-library has a specific macro XXXerr() that is used to report
-errors. Its first argument is a function code B<XXX_F_...>, the second
-argument is a reason code B<XXX_R_...>. Function codes are derived
-from the function names; reason codes consist of textual error
-descriptions. For example, the function ssl23_read() reports a
-"handshake failure" as follows:
-
- SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
-
-Function and reason codes should consist of upper case characters,
-numbers and underscores only. The error file generation script translates
-function codes into function names by looking in the header files
-for an appropriate function name, if none is found it just uses
-the capitalized form such as "SSL23_READ" in the above example.
-
-The trailing section of a reason code (after the "_R_") is translated
-into lower case and underscores changed to spaces.
-
-When you are using new function or reason codes, run B<make errors>.
-The necessary B<#define>s will then automatically be added to the
-sub-library's header file.
-
-Although a library will normally report errors using its own specific
-XXXerr macro, another library's macro can be used. This is normally
-only done when a library wants to include ASN1 code which must use
-the ASN1err() macro.
-
-=head2 Adding new libraries
-
-When adding a new sub-library to OpenSSL, assign it a library number
-B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its
-name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add
-C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function
-(in B<crypto/err/err_all.c>). Finally, add an entry
-
- L XXX xxx.h xxx_err.c
-
-to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile.
-Running B<make errors> will then generate a file B<xxx_err.c>, and
-add all error codes used in the library to B<xxx.h>.
-
-Additionally the library include file must have a certain form.
-Typically it will initially look like this:
-
- #ifndef HEADER_XXX_H
- #define HEADER_XXX_H
-
- #ifdef __cplusplus
- extern "C" {
- #endif
-
- /* Include files */
-
- #include <openssl/bio.h>
- #include <openssl/x509.h>
-
- /* Macros, structures and function prototypes */
-
-
- /* BEGIN ERROR CODES */
-
-The B<BEGIN ERROR CODES> sequence is used by the error code
-generation script as the point to place new error codes, any text
-after this point will be overwritten when B<make errors> is run.
-The closing #endif etc will be automatically added by the script.
-
-The generated C error code file B<xxx_err.c> will load the header
-files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the
-header file must load any additional header files containing any
-definitions it uses.
-
-=head1 USING ERROR CODES IN EXTERNAL LIBRARIES
-
-It is also possible to use OpenSSL's error code scheme in external
-libraries. The library needs to load its own codes and call the OpenSSL
-error code insertion script B<mkerr.pl> explicitly to add codes to
-the header file and generate the C error code file. This will normally
-be done if the external library needs to generate new ASN1 structures
-but it can also be used to add more general purpose error code handling.
-
-TBA more details
-
-=head1 INTERNALS
-
-The error queues are stored in a hash table with one B<ERR_STATE>
-entry for each pid. ERR_get_state() returns the current thread's
-B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error
-codes. When more error codes are added, the old ones are overwritten,
-on the assumption that the most recent errors are most important.
-
-Error strings are also stored in hash table. The hash tables can
-be obtained by calling ERR_get_err_state_table(void) and
-ERR_get_string_table(void) respectively.
-
-=head1 SEE ALSO
-
-L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
-L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>,
-L<ERR_get_error(3)|ERR_get_error(3)>,
-L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
-L<ERR_clear_error(3)|ERR_clear_error(3)>,
-L<ERR_error_string(3)|ERR_error_string(3)>,
-L<ERR_print_errors(3)|ERR_print_errors(3)>,
-L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
-L<ERR_remove_state(3)|ERR_remove_state(3)>,
-L<ERR_put_error(3)|ERR_put_error(3)>,
-L<ERR_load_strings(3)|ERR_load_strings(3)>,
-L<SSL_get_error(3)|SSL_get_error(3)>
-
-=cut
diff --git a/crypto/openssl/doc/crypto/evp.pod b/crypto/openssl/doc/crypto/evp.pod
deleted file mode 100644
index b3ca143..0000000
--- a/crypto/openssl/doc/crypto/evp.pod
+++ /dev/null
@@ -1,45 +0,0 @@
-=pod
-
-=head1 NAME
-
-evp - high-level cryptographic functions
-
-=head1 SYNOPSIS
-
- #include <openssl/evp.h>
-
-=head1 DESCRIPTION
-
-The EVP library provides a high-level interface to cryptographic
-functions.
-
-B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption
-and decryption to implement digital "envelopes".
-
-The B<EVP_Sign>I<...> and B<EVP_Verify>I<...> functions implement
-digital signatures.
-
-Symmetric encryption is available with the B<EVP_Encrypt>I<...>
-functions. The B<EVP_Digest>I<...> functions provide message digests.
-
-Algorithms are loaded with OpenSSL_add_all_algorithms(3).
-
-All the symmetric algorithms (ciphers) and digests can be replaced by ENGINE
-modules providing alternative implementations. If ENGINE implementations of
-ciphers or digests are registered as defaults, then the various EVP functions
-will automatically use those implementations automatically in preference to
-built in software implementations. For more information, consult the engine(3)
-man page.
-
-=head1 SEE ALSO
-
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
-L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
-L<EVP_SealInit(3)|EVP_SealInit(3)>,
-L<EVP_SignInit(3)|EVP_SignInit(3)>,
-L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
-L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
-L<engine(3)|engine(3)>
-
-=cut
diff --git a/crypto/openssl/doc/crypto/hmac.pod b/crypto/openssl/doc/crypto/hmac.pod
deleted file mode 100644
index 0bd79a6..0000000
--- a/crypto/openssl/doc/crypto/hmac.pod
+++ /dev/null
@@ -1,102 +0,0 @@
-=pod
-
-=head1 NAME
-
-HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup - HMAC message
-authentication code
-
-=head1 SYNOPSIS
-
- #include <openssl/hmac.h>
-
- unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
- int key_len, const unsigned char *d, int n,
- unsigned char *md, unsigned int *md_len);
-
- void HMAC_CTX_init(HMAC_CTX *ctx);
-
- void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
- const EVP_MD *md);
- void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
- const EVP_MD *md, ENGINE *impl);
- void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
- void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
-
- void HMAC_CTX_cleanup(HMAC_CTX *ctx);
- void HMAC_cleanup(HMAC_CTX *ctx);
-
-=head1 DESCRIPTION
-
-HMAC is a MAC (message authentication code), i.e. a keyed hash
-function used for message authentication, which is based on a hash
-function.
-
-HMAC() computes the message authentication code of the B<n> bytes at
-B<d> using the hash function B<evp_md> and the key B<key> which is
-B<key_len> bytes long.
-
-It places the result in B<md> (which must have space for the output of
-the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
-If B<md> is NULL, the digest is placed in a static array. The size of
-the output is placed in B<md_len>, unless it is B<NULL>.
-
-B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
-B<key> and B<evp_md> may be B<NULL> if a key and hash function have
-been set in a previous call to HMAC_Init() for that B<HMAC_CTX>.
-
-HMAC_CTX_init() initialises a B<HMAC_CTX> before first use. It must be
-called.
-
-HMAC_CTX_cleanup() erases the key and other data from the B<HMAC_CTX>
-and releases any associated resources. It must be called when an
-B<HMAC_CTX> is no longer required.
-
-HMAC_cleanup() is an alias for HMAC_CTX_cleanup() included for back
-compatibility with 0.9.6b, it is deprecated.
-
-The following functions may be used if the message is not completely
-stored in memory:
-
-HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
-function B<evp_md> and the key B<key> which is B<key_len> bytes
-long. It is deprecated and only included for backward compatibility
-with OpenSSL 0.9.6b.
-
-HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use
-the function B<evp_md> and key B<key>. Either can be NULL, in which
-case the existing one will be reused. HMAC_CTX_init() must have been
-called before the first use of an B<HMAC_CTX> in this
-function. B<N.B. HMAC_Init() had this undocumented behaviour in
-previous versions of OpenSSL - failure to switch to HMAC_Init_ex() in
-programs that expect it will cause them to stop working>.
-
-HMAC_Update() can be called repeatedly with chunks of the message to
-be authenticated (B<len> bytes at B<data>).
-
-HMAC_Final() places the message authentication code in B<md>, which
-must have space for the hash function output.
-
-=head1 RETURN VALUES
-
-HMAC() returns a pointer to the message authentication code.
-
-HMAC_CTX_init(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
-HMAC_CTX_cleanup() do not return values.
-
-=head1 CONFORMING TO
-
-RFC 2104
-
-=head1 SEE ALSO
-
-L<sha(3)|sha(3)>, L<evp(3)|evp(3)>
-
-=head1 HISTORY
-
-HMAC(), HMAC_Init(), HMAC_Update(), HMAC_Final() and HMAC_cleanup()
-are available since SSLeay 0.9.0.
-
-HMAC_CTX_init(), HMAC_Init_ex() and HMAC_CTX_cleanup() are available
-since OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/lh_stats.pod b/crypto/openssl/doc/crypto/lh_stats.pod
deleted file mode 100644
index 3eeaa72..0000000
--- a/crypto/openssl/doc/crypto/lh_stats.pod
+++ /dev/null
@@ -1,60 +0,0 @@
-=pod
-
-=head1 NAME
-
-lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
-lh_node_stats_bio, lh_node_usage_stats_bio - LHASH statistics
-
-=head1 SYNOPSIS
-
- #include <openssl/lhash.h>
-
- void lh_stats(LHASH *table, FILE *out);
- void lh_node_stats(LHASH *table, FILE *out);
- void lh_node_usage_stats(LHASH *table, FILE *out);
-
- void lh_stats_bio(LHASH *table, BIO *out);
- void lh_node_stats_bio(LHASH *table, BIO *out);
- void lh_node_usage_stats_bio(LHASH *table, BIO *out);
-
-=head1 DESCRIPTION
-
-The B<LHASH> structure records statistics about most aspects of
-accessing the hash table. This is mostly a legacy of Eric Young
-writing this library for the reasons of implementing what looked like
-a nice algorithm rather than for a particular software product.
-
-lh_stats() prints out statistics on the size of the hash table, how
-many entries are in it, and the number and result of calls to the
-routines in this library.
-
-lh_node_stats() prints the number of entries for each 'bucket' in the
-hash table.
-
-lh_node_usage_stats() prints out a short summary of the state of the
-hash table. It prints the 'load' and the 'actual load'. The load is
-the average number of data items per 'bucket' in the hash table. The
-'actual load' is the average number of items per 'bucket', but only
-for buckets which contain entries. So the 'actual load' is the
-average number of searches that will need to find an item in the hash
-table, while the 'load' is the average number that will be done to
-record a miss.
-
-lh_stats_bio(), lh_node_stats_bio() and lh_node_usage_stats_bio()
-are the same as the above, except that the output goes to a B<BIO>.
-
-=head1 RETURN VALUES
-
-These functions do not return values.
-
-=head1 SEE ALSO
-
-L<bio(3)|bio(3)>, L<lhash(3)|lhash(3)>
-
-=head1 HISTORY
-
-These functions are available in all versions of SSLeay and OpenSSL.
-
-This manpage is derived from the SSLeay documentation.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/lhash.pod b/crypto/openssl/doc/crypto/lhash.pod
deleted file mode 100644
index dcdbb43..0000000
--- a/crypto/openssl/doc/crypto/lhash.pod
+++ /dev/null
@@ -1,294 +0,0 @@
-=pod
-
-=head1 NAME
-
-lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_error - dynamic hash table
-
-=head1 SYNOPSIS
-
- #include <openssl/lhash.h>
-
- LHASH *lh_new(LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE compare);
- void lh_free(LHASH *table);
-
- void *lh_insert(LHASH *table, void *data);
- void *lh_delete(LHASH *table, void *data);
- void *lh_retrieve(LHASH *table, void *data);
-
- void lh_doall(LHASH *table, LHASH_DOALL_FN_TYPE func);
- void lh_doall_arg(LHASH *table, LHASH_DOALL_ARG_FN_TYPE func,
- void *arg);
-
- int lh_error(LHASH *table);
-
- typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
- typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
- typedef void (*LHASH_DOALL_FN_TYPE)(const void *);
- typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *);
-
-=head1 DESCRIPTION
-
-This library implements dynamic hash tables. The hash table entries
-can be arbitrary structures. Usually they consist of key and value
-fields.
-
-lh_new() creates a new B<LHASH> structure to store arbitrary data
-entries, and provides the 'hash' and 'compare' callbacks to be used in
-organising the table's entries. The B<hash> callback takes a pointer
-to a table entry as its argument and returns an unsigned long hash
-value for its key field. The hash value is normally truncated to a
-power of 2, so make sure that your hash function returns well mixed
-low order bits. The B<compare> callback takes two arguments (pointers
-to two hash table entries), and returns 0 if their keys are equal,
-non-zero otherwise. If your hash table will contain items of some
-particular type and the B<hash> and B<compare> callbacks hash/compare
-these types, then the B<DECLARE_LHASH_HASH_FN> and
-B<IMPLEMENT_LHASH_COMP_FN> macros can be used to create callback
-wrappers of the prototypes required by lh_new(). These provide
-per-variable casts before calling the type-specific callbacks written
-by the application author. These macros, as well as those used for
-the "doall" callbacks, are defined as;
-
- #define DECLARE_LHASH_HASH_FN(f_name,o_type) \
- unsigned long f_name##_LHASH_HASH(const void *);
- #define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \
- unsigned long f_name##_LHASH_HASH(const void *arg) { \
- o_type a = (o_type)arg; \
- return f_name(a); }
- #define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
-
- #define DECLARE_LHASH_COMP_FN(f_name,o_type) \
- int f_name##_LHASH_COMP(const void *, const void *);
- #define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \
- int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \
- o_type a = (o_type)arg1; \
- o_type b = (o_type)arg2; \
- return f_name(a,b); }
- #define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
-
- #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
- void f_name##_LHASH_DOALL(const void *);
- #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
- void f_name##_LHASH_DOALL(const void *arg) { \
- o_type a = (o_type)arg; \
- f_name(a); }
- #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
-
- #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
- void f_name##_LHASH_DOALL_ARG(const void *, const void *);
- #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
- void f_name##_LHASH_DOALL_ARG(const void *arg1, const void *arg2) { \
- o_type a = (o_type)arg1; \
- a_type b = (a_type)arg2; \
- f_name(a,b); }
- #define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
-
-An example of a hash table storing (pointers to) structures of type 'STUFF'
-could be defined as follows;
-
- /* Calculates the hash value of 'tohash' (implemented elsewhere) */
- unsigned long STUFF_hash(const STUFF *tohash);
- /* Orders 'arg1' and 'arg2' (implemented elsewhere) */
- int STUFF_cmp(const STUFF *arg1, const STUFF *arg2);
- /* Create the type-safe wrapper functions for use in the LHASH internals */
- static IMPLEMENT_LHASH_HASH_FN(STUFF_hash, const STUFF *)
- static IMPLEMENT_LHASH_COMP_FN(STUFF_cmp, const STUFF *);
- /* ... */
- int main(int argc, char *argv[]) {
- /* Create the new hash table using the hash/compare wrappers */
- LHASH *hashtable = lh_new(LHASH_HASH_FN(STUFF_hash),
- LHASH_COMP_FN(STUFF_cmp));
- /* ... */
- }
-
-lh_free() frees the B<LHASH> structure B<table>. Allocated hash table
-entries will not be freed; consider using lh_doall() to deallocate any
-remaining entries in the hash table (see below).
-
-lh_insert() inserts the structure pointed to by B<data> into B<table>.
-If there already is an entry with the same key, the old value is
-replaced. Note that lh_insert() stores pointers, the data are not
-copied.
-
-lh_delete() deletes an entry from B<table>.
-
-lh_retrieve() looks up an entry in B<table>. Normally, B<data> is
-a structure with the key field(s) set; the function will return a
-pointer to a fully populated structure.
-
-lh_doall() will, for every entry in the hash table, call B<func> with
-the data item as its parameter. For lh_doall() and lh_doall_arg(),
-function pointer casting should be avoided in the callbacks (see
-B<NOTE>) - instead, either declare the callbacks to match the
-prototype required in lh_new() or use the declare/implement macros to
-create type-safe wrappers that cast variables prior to calling your
-type-specific callbacks. An example of this is illustrated here where
-the callback is used to cleanup resources for items in the hash table
-prior to the hashtable itself being deallocated:
-
- /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */
- void STUFF_cleanup(STUFF *a);
- /* Implement a prototype-compatible wrapper for "STUFF_cleanup" */
- IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF *)
- /* ... then later in the code ... */
- /* So to run "STUFF_cleanup" against all items in a hash table ... */
- lh_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup));
- /* Then the hash table itself can be deallocated */
- lh_free(hashtable);
-
-When doing this, be careful if you delete entries from the hash table
-in your callbacks: the table may decrease in size, moving the item
-that you are currently on down lower in the hash table - this could
-cause some entries to be skipped during the iteration. The second
-best solution to this problem is to set hash-E<gt>down_load=0 before
-you start (which will stop the hash table ever decreasing in size).
-The best solution is probably to avoid deleting items from the hash
-table inside a "doall" callback!
-
-lh_doall_arg() is the same as lh_doall() except that B<func> will be
-called with B<arg> as the second argument and B<func> should be of
-type B<LHASH_DOALL_ARG_FN_TYPE> (a callback prototype that is passed
-both the table entry and an extra argument). As with lh_doall(), you
-can instead choose to declare your callback with a prototype matching
-the types you are dealing with and use the declare/implement macros to
-create compatible wrappers that cast variables before calling your
-type-specific callbacks. An example of this is demonstrated here
-(printing all hash table entries to a BIO that is provided by the
-caller):
-
- /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */
- void STUFF_print(const STUFF *a, BIO *output_bio);
- /* Implement a prototype-compatible wrapper for "STUFF_print" */
- static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF_print, const STUFF *, BIO *)
- /* ... then later in the code ... */
- /* Print out the entire hashtable to a particular BIO */
- lh_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), logging_bio);
-
-lh_error() can be used to determine if an error occurred in the last
-operation. lh_error() is a macro.
-
-=head1 RETURN VALUES
-
-lh_new() returns B<NULL> on error, otherwise a pointer to the new
-B<LHASH> structure.
-
-When a hash table entry is replaced, lh_insert() returns the value
-being replaced. B<NULL> is returned on normal operation and on error.
-
-lh_delete() returns the entry being deleted. B<NULL> is returned if
-there is no such value in the hash table.
-
-lh_retrieve() returns the hash table entry if it has been found,
-B<NULL> otherwise.
-
-lh_error() returns 1 if an error occurred in the last operation, 0
-otherwise.
-
-lh_free(), lh_doall() and lh_doall_arg() return no values.
-
-=head1 NOTE
-
-The various LHASH macros and callback types exist to make it possible
-to write type-safe code without resorting to function-prototype
-casting - an evil that makes application code much harder to
-audit/verify and also opens the window of opportunity for stack
-corruption and other hard-to-find bugs. It also, apparently, violates
-ANSI-C.
-
-The LHASH code regards table entries as constant data. As such, it
-internally represents lh_insert()'d items with a "const void *"
-pointer type. This is why callbacks such as those used by lh_doall()
-and lh_doall_arg() declare their prototypes with "const", even for the
-parameters that pass back the table items' data pointers - for
-consistency, user-provided data is "const" at all times as far as the
-LHASH code is concerned. However, as callers are themselves providing
-these pointers, they can choose whether they too should be treating
-all such parameters as constant.
-
-As an example, a hash table may be maintained by code that, for
-reasons of encapsulation, has only "const" access to the data being
-indexed in the hash table (ie. it is returned as "const" from
-elsewhere in their code) - in this case the LHASH prototypes are
-appropriate as-is. Conversely, if the caller is responsible for the
-life-time of the data in question, then they may well wish to make
-modifications to table item passed back in the lh_doall() or
-lh_doall_arg() callbacks (see the "STUFF_cleanup" example above). If
-so, the caller can either cast the "const" away (if they're providing
-the raw callbacks themselves) or use the macros to declare/implement
-the wrapper functions without "const" types.
-
-Callers that only have "const" access to data they're indexing in a
-table, yet declare callbacks without constant types (or cast the
-"const" away themselves), are therefore creating their own risks/bugs
-without being encouraged to do so by the API. On a related note,
-those auditing code should pay special attention to any instances of
-DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros that provide types
-without any "const" qualifiers.
-
-=head1 BUGS
-
-lh_insert() returns B<NULL> both for success and error.
-
-=head1 INTERNALS
-
-The following description is based on the SSLeay documentation:
-
-The B<lhash> library implements a hash table described in the
-I<Communications of the ACM> in 1991. What makes this hash table
-different is that as the table fills, the hash table is increased (or
-decreased) in size via OPENSSL_realloc(). When a 'resize' is done, instead of
-all hashes being redistributed over twice as many 'buckets', one
-bucket is split. So when an 'expand' is done, there is only a minimal
-cost to redistribute some values. Subsequent inserts will cause more
-single 'bucket' redistributions but there will never be a sudden large
-cost due to redistributing all the 'buckets'.
-
-The state for a particular hash table is kept in the B<LHASH> structure.
-The decision to increase or decrease the hash table size is made
-depending on the 'load' of the hash table. The load is the number of
-items in the hash table divided by the size of the hash table. The
-default values are as follows. If (hash->up_load E<lt> load) =E<gt>
-expand. if (hash-E<gt>down_load E<gt> load) =E<gt> contract. The
-B<up_load> has a default value of 1 and B<down_load> has a default value
-of 2. These numbers can be modified by the application by just
-playing with the B<up_load> and B<down_load> variables. The 'load' is
-kept in a form which is multiplied by 256. So
-hash-E<gt>up_load=8*256; will cause a load of 8 to be set.
-
-If you are interested in performance the field to watch is
-num_comp_calls. The hash library keeps track of the 'hash' value for
-each item so when a lookup is done, the 'hashes' are compared, if
-there is a match, then a full compare is done, and
-hash-E<gt>num_comp_calls is incremented. If num_comp_calls is not equal
-to num_delete plus num_retrieve it means that your hash function is
-generating hashes that are the same for different values. It is
-probably worth changing your hash function if this is the case because
-even if your hash table has 10 items in a 'bucket', it can be searched
-with 10 B<unsigned long> compares and 10 linked list traverses. This
-will be much less expensive that 10 calls to your compare function.
-
-lh_strhash() is a demo string hashing function:
-
- unsigned long lh_strhash(const char *c);
-
-Since the B<LHASH> routines would normally be passed structures, this
-routine would not normally be passed to lh_new(), rather it would be
-used in the function passed to lh_new().
-
-=head1 SEE ALSO
-
-L<lh_stats(3)|lh_stats(3)>
-
-=head1 HISTORY
-
-The B<lhash> library is available in all versions of SSLeay and OpenSSL.
-lh_error() was added in SSLeay 0.9.1b.
-
-This manpage is derived from the SSLeay documentation.
-
-In OpenSSL 0.9.7, all lhash functions that were passed function pointers
-were changed for better type safety, and the function types LHASH_COMP_FN_TYPE,
-LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE and LHASH_DOALL_ARG_FN_TYPE
-became available.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/md5.pod b/crypto/openssl/doc/crypto/md5.pod
deleted file mode 100644
index d11d5c3..0000000
--- a/crypto/openssl/doc/crypto/md5.pod
+++ /dev/null
@@ -1,101 +0,0 @@
-=pod
-
-=head1 NAME
-
-MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
-MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
-
-=head1 SYNOPSIS
-
- #include <openssl/md2.h>
-
- unsigned char *MD2(const unsigned char *d, unsigned long n,
- unsigned char *md);
-
- int MD2_Init(MD2_CTX *c);
- int MD2_Update(MD2_CTX *c, const unsigned char *data,
- unsigned long len);
- int MD2_Final(unsigned char *md, MD2_CTX *c);
-
-
- #include <openssl/md4.h>
-
- unsigned char *MD4(const unsigned char *d, unsigned long n,
- unsigned char *md);
-
- int MD4_Init(MD4_CTX *c);
- int MD4_Update(MD4_CTX *c, const void *data,
- unsigned long len);
- int MD4_Final(unsigned char *md, MD4_CTX *c);
-
-
- #include <openssl/md5.h>
-
- unsigned char *MD5(const unsigned char *d, unsigned long n,
- unsigned char *md);
-
- int MD5_Init(MD5_CTX *c);
- int MD5_Update(MD5_CTX *c, const void *data,
- unsigned long len);
- int MD5_Final(unsigned char *md, MD5_CTX *c);
-
-=head1 DESCRIPTION
-
-MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output.
-
-MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest
-of the B<n> bytes at B<d> and place it in B<md> (which must have space
-for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16
-bytes of output). If B<md> is NULL, the digest is placed in a static
-array.
-
-The following functions may be used if the message is not completely
-stored in memory:
-
-MD2_Init() initializes a B<MD2_CTX> structure.
-
-MD2_Update() can be called repeatedly with chunks of the message to
-be hashed (B<len> bytes at B<data>).
-
-MD2_Final() places the message digest in B<md>, which must have space
-for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MD2_CTX>.
-
-MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and
-MD5_Final() are analogous using an B<MD4_CTX> and B<MD5_CTX> structure.
-
-Applications should use the higher level functions
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>
-etc. instead of calling the hash functions directly.
-
-=head1 NOTE
-
-MD2, MD4, and MD5 are recommended only for compatibility with existing
-applications. In new applications, SHA-1 or RIPEMD-160 should be
-preferred.
-
-=head1 RETURN VALUES
-
-MD2(), MD4(), and MD5() return pointers to the hash value.
-
-MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(),
-MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() return 1 for
-success, 0 otherwise.
-
-=head1 CONFORMING TO
-
-RFC 1319, RFC 1320, RFC 1321
-
-=head1 SEE ALSO
-
-L<sha(3)|sha(3)>, L<ripemd(3)|ripemd(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
-
-=head1 HISTORY
-
-MD2(), MD2_Init(), MD2_Update() MD2_Final(), MD5(), MD5_Init(),
-MD5_Update() and MD5_Final() are available in all versions of SSLeay
-and OpenSSL.
-
-MD4(), MD4_Init(), and MD4_Update() are available in OpenSSL 0.9.6 and
-above.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/mdc2.pod b/crypto/openssl/doc/crypto/mdc2.pod
deleted file mode 100644
index 41f648a..0000000
--- a/crypto/openssl/doc/crypto/mdc2.pod
+++ /dev/null
@@ -1,64 +0,0 @@
-=pod
-
-=head1 NAME
-
-MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function
-
-=head1 SYNOPSIS
-
- #include <openssl/mdc2.h>
-
- unsigned char *MDC2(const unsigned char *d, unsigned long n,
- unsigned char *md);
-
- int MDC2_Init(MDC2_CTX *c);
- int MDC2_Update(MDC2_CTX *c, const unsigned char *data,
- unsigned long len);
- int MDC2_Final(unsigned char *md, MDC2_CTX *c);
-
-=head1 DESCRIPTION
-
-MDC2 is a method to construct hash functions with 128 bit output from
-block ciphers. These functions are an implementation of MDC2 with
-DES.
-
-MDC2() computes the MDC2 message digest of the B<n>
-bytes at B<d> and places it in B<md> (which must have space for
-MDC2_DIGEST_LENGTH == 16 bytes of output). If B<md> is NULL, the digest
-is placed in a static array.
-
-The following functions may be used if the message is not completely
-stored in memory:
-
-MDC2_Init() initializes a B<MDC2_CTX> structure.
-
-MDC2_Update() can be called repeatedly with chunks of the message to
-be hashed (B<len> bytes at B<data>).
-
-MDC2_Final() places the message digest in B<md>, which must have space
-for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MDC2_CTX>.
-
-Applications should use the higher level functions
-L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead of calling the
-hash functions directly.
-
-=head1 RETURN VALUES
-
-MDC2() returns a pointer to the hash value.
-
-MDC2_Init(), MDC2_Update() and MDC2_Final() return 1 for success, 0 otherwise.
-
-=head1 CONFORMING TO
-
-ISO/IEC 10118-2, with DES
-
-=head1 SEE ALSO
-
-L<sha(3)|sha(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
-
-=head1 HISTORY
-
-MDC2(), MDC2_Init(), MDC2_Update() and MDC2_Final() are available since
-SSLeay 0.8.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/pem.pod b/crypto/openssl/doc/crypto/pem.pod
deleted file mode 100644
index 4f9a27d..0000000
--- a/crypto/openssl/doc/crypto/pem.pod
+++ /dev/null
@@ -1,476 +0,0 @@
-=pod
-
-=head1 NAME
-
-PEM - PEM routines
-
-=head1 SYNOPSIS
-
- #include <openssl/pem.h>
-
- EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
- pem_password_cb *cb, void *u);
-
- EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
- pem_password_cb *cb, void *u);
-
- int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
- int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
- int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
- int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
- int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
- int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
- char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
- EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
- pem_password_cb *cb, void *u);
-
- EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
- pem_password_cb *cb, void *u);
-
- int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
- int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
-
- RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
- pem_password_cb *cb, void *u);
-
- RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
- pem_password_cb *cb, void *u);
-
- int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
- int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
- RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
- pem_password_cb *cb, void *u);
-
- RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
- pem_password_cb *cb, void *u);
-
- int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
-
- int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
-
- RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
- pem_password_cb *cb, void *u);
-
- RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
- pem_password_cb *cb, void *u);
-
- int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
-
- int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
-
- DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
- pem_password_cb *cb, void *u);
-
- DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
- pem_password_cb *cb, void *u);
-
- int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
- int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
- unsigned char *kstr, int klen,
- pem_password_cb *cb, void *u);
-
- DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
- pem_password_cb *cb, void *u);
-
- DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
- pem_password_cb *cb, void *u);
-
- int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
-
- int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
-
- DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
-
- DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
-
- int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
-
- int PEM_write_DSAparams(FILE *fp, DSA *x);
-
- DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
-
- DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
-
- int PEM_write_bio_DHparams(BIO *bp, DH *x);
-
- int PEM_write_DHparams(FILE *fp, DH *x);
-
- X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
-
- X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
-
- int PEM_write_bio_X509(BIO *bp, X509 *x);
-
- int PEM_write_X509(FILE *fp, X509 *x);
-
- X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
-
- X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
-
- int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
-
- int PEM_write_X509_AUX(FILE *fp, X509 *x);
-
- X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
- pem_password_cb *cb, void *u);
-
- X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
- pem_password_cb *cb, void *u);
-
- int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
-
- int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
-
- int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
-
- int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
-
- X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
- pem_password_cb *cb, void *u);
- X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
- pem_password_cb *cb, void *u);
- int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
- int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
-
- PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
-
- PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
-
- int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
-
- int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
-
- NETSCAPE_CERT_SEQUENCE *PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp,
- NETSCAPE_CERT_SEQUENCE **x,
- pem_password_cb *cb, void *u);
-
- NETSCAPE_CERT_SEQUENCE *PEM_read_NETSCAPE_CERT_SEQUENCE(FILE *fp,
- NETSCAPE_CERT_SEQUENCE **x,
- pem_password_cb *cb, void *u);
-
- int PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, NETSCAPE_CERT_SEQUENCE *x);
-
- int PEM_write_NETSCAPE_CERT_SEQUENCE(FILE *fp, NETSCAPE_CERT_SEQUENCE *x);
-
-=head1 DESCRIPTION
-
-The PEM functions read or write structures in PEM format. In
-this sense PEM format is simply base64 encoded data surrounded
-by header lines.
-
-For more details about the meaning of arguments see the
-B<PEM FUNCTION ARGUMENTS> section.
-
-Each operation has four functions associated with it. For
-clarity the term "B<foobar> functions" will be used to collectively
-refer to the PEM_read_bio_foobar(), PEM_read_foobar(),
-PEM_write_bio_foobar() and PEM_write_foobar() functions.
-
-The B<PrivateKey> functions read or write a private key in
-PEM format using an EVP_PKEY structure. The write routines use
-"traditional" private key format and can handle both RSA and DSA
-private keys. The read functions can additionally transparently
-handle PKCS#8 format encrypted and unencrypted keys too.
-
-PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey()
-write a private key in an EVP_PKEY structure in PKCS#8
-EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
-algorithms. The B<cipher> argument specifies the encryption algoritm to
-use: unlike all other PEM routines the encryption is applied at the
-PKCS#8 level and not in the PEM headers. If B<cipher> is NULL then no
-encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
-
-PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
-also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
-it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
-to use is specified in the B<nid> parameter and should be the NID of the
-corresponding OBJECT IDENTIFIER (see NOTES section).
-
-The B<PUBKEY> functions process a public key using an EVP_PKEY
-structure. The public key is encoded as a SubjectPublicKeyInfo
-structure.
-
-The B<RSAPrivateKey> functions process an RSA private key using an
-RSA structure. It handles the same formats as the B<PrivateKey>
-functions but an error occurs if the private key is not RSA.
-
-The B<RSAPublicKey> functions process an RSA public key using an
-RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey
-structure.
-
-The B<RSA_PUBKEY> functions also process an RSA public key using
-an RSA structure. However the public key is encoded using a
-SubjectPublicKeyInfo structure and an error occurs if the public
-key is not RSA.
-
-The B<DSAPrivateKey> functions process a DSA private key using a
-DSA structure. It handles the same formats as the B<PrivateKey>
-functions but an error occurs if the private key is not DSA.
-
-The B<DSA_PUBKEY> functions process a DSA public key using
-a DSA structure. The public key is encoded using a
-SubjectPublicKeyInfo structure and an error occurs if the public
-key is not DSA.
-
-The B<DSAparams> functions process DSA parameters using a DSA
-structure. The parameters are encoded using a foobar structure.
-
-The B<DHparams> functions process DH parameters using a DH
-structure. The parameters are encoded using a PKCS#3 DHparameter
-structure.
-
-The B<X509> functions process an X509 certificate using an X509
-structure. They will also process a trusted X509 certificate but
-any trust settings are discarded.
-
-The B<X509_AUX> functions process a trusted X509 certificate using
-an X509 structure.
-
-The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
-certificate request using an X509_REQ structure. The B<X509_REQ>
-write functions use B<CERTIFICATE REQUEST> in the header whereas
-the B<X509_REQ_NEW> functions use B<NEW CERTIFICATE REQUEST>
-(as required by some CAs). The B<X509_REQ> read functions will
-handle either form so there are no B<X509_REQ_NEW> read functions.
-
-The B<X509_CRL> functions process an X509 CRL using an X509_CRL
-structure.
-
-The B<PKCS7> functions process a PKCS#7 ContentInfo using a PKCS7
-structure.
-
-The B<NETSCAPE_CERT_SEQUENCE> functions process a Netscape Certificate
-Sequence using a NETSCAPE_CERT_SEQUENCE structure.
-
-=head1 PEM FUNCTION ARGUMENTS
-
-The PEM functions have many common arguments.
-
-The B<bp> BIO parameter (if present) specifies the BIO to read from
-or write to.
-
-The B<fp> FILE parameter (if present) specifies the FILE pointer to
-read from or write to.
-
-The PEM read functions all take an argument B<TYPE **x> and return
-a B<TYPE *> pointer. Where B<TYPE> is whatever structure the function
-uses. If B<x> is NULL then the parameter is ignored. If B<x> is not
-NULL but B<*x> is NULL then the structure returned will be written
-to B<*x>. If neither B<x> nor B<*x> is NULL then an attempt is made
-to reuse the structure at B<*x> (but see BUGS and EXAMPLES sections).
-Irrespective of the value of B<x> a pointer to the structure is always
-returned (or NULL if an error occurred).
-
-The PEM functions which write private keys take an B<enc> parameter
-which specifies the encryption algorithm to use, encryption is done
-at the PEM level. If this parameter is set to NULL then the private
-key is written in unencrypted form.
-
-The B<cb> argument is the callback to use when querying for the pass
-phrase used for encrypted PEM structures (normally only private keys).
-
-For the PEM write routines if the B<kstr> parameter is not NULL then
-B<klen> bytes at B<kstr> are used as the passphrase and B<cb> is
-ignored.
-
-If the B<cb> parameters is set to NULL and the B<u> parameter is not
-NULL then the B<u> parameter is interpreted as a null terminated string
-to use as the passphrase. If both B<cb> and B<u> are NULL then the
-default callback routine is used which will typically prompt for the
-passphrase on the current terminal with echoing turned off.
-
-The default passphrase callback is sometimes inappropriate (for example
-in a GUI application) so an alternative can be supplied. The callback
-routine has the following form:
-
- int cb(char *buf, int size, int rwflag, void *u);
-
-B<buf> is the buffer to write the passphrase to. B<size> is the maximum
-length of the passphrase (i.e. the size of buf). B<rwflag> is a flag
-which is set to 0 when reading and 1 when writing. A typical routine
-will ask the user to verify the passphrase (for example by prompting
-for it twice) if B<rwflag> is 1. The B<u> parameter has the same
-value as the B<u> parameter passed to the PEM routine. It allows
-arbitrary data to be passed to the callback by the application
-(for example a window handle in a GUI application). The callback
-B<must> return the number of characters in the passphrase or 0 if
-an error occurred.
-
-=head1 EXAMPLES
-
-Although the PEM routines take several arguments in almost all applications
-most of them are set to 0 or NULL.
-
-Read a certificate in PEM format from a BIO:
-
- X509 *x;
- x = PEM_read_bio_X509(bp, NULL, 0, NULL);
- if (x == NULL)
- {
- /* Error */
- }
-
-Alternative method:
-
- X509 *x = NULL;
- if (!PEM_read_bio_X509(bp, &x, 0, NULL))
- {
- /* Error */
- }
-
-Write a certificate to a BIO:
-
- if (!PEM_write_bio_X509(bp, x))
- {
- /* Error */
- }
-
-Write an unencrypted private key to a FILE pointer:
-
- if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL))
- {
- /* Error */
- }
-
-Write a private key (using traditional format) to a BIO using
-triple DES encryption, the pass phrase is prompted for:
-
- if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
- {
- /* Error */
- }
-
-Write a private key (using PKCS#8 format) to a BIO using triple
-DES encryption, using the pass phrase "hello":
-
- if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello"))
- {
- /* Error */
- }
-
-Read a private key from a BIO using the pass phrase "hello":
-
- key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
- if (key == NULL)
- {
- /* Error */
- }
-
-Read a private key from a BIO using a pass phrase callback:
-
- key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
- if (key == NULL)
- {
- /* Error */
- }
-
-Skeleton pass phrase callback:
-
- int pass_cb(char *buf, int size, int rwflag, void *u);
- {
- int len;
- char *tmp;
- /* We'd probably do something else if 'rwflag' is 1 */
- printf("Enter pass phrase for \"%s\"\n", u);
-
- /* get pass phrase, length 'len' into 'tmp' */
- tmp = "hello";
- len = strlen(tmp);
-
- if (len <= 0) return 0;
- /* if too long, truncate */
- if (len > size) len = size;
- memcpy(buf, tmp, len);
- return len;
- }
-
-=head1 NOTES
-
-The old B<PrivateKey> write routines are retained for compatibility.
-New applications should write private keys using the
-PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines
-because they are more secure (they use an iteration count of 2048 whereas
-the traditional routines use a count of 1) unless compatibility with older
-versions of OpenSSL is important.
-
-The B<PrivateKey> read routines can be used in all applications because
-they handle all formats transparently.
-
-A frequent cause of problems is attempting to use the PEM routines like
-this:
-
- X509 *x;
- PEM_read_bio_X509(bp, &x, 0, NULL);
-
-this is a bug because an attempt will be made to reuse the data at B<x>
-which is an uninitialised pointer.
-
-=head1 PEM ENCRYPTION FORMAT
-
-This old B<PrivateKey> routines use a non standard technique for encryption.
-
-The private key (or other data) takes the following form:
-
- -----BEGIN RSA PRIVATE KEY-----
- Proc-Type: 4,ENCRYPTED
- DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
-
- ...base64 encoded data...
- -----END RSA PRIVATE KEY-----
-
-The line beginning DEK-Info contains two comma separated pieces of information:
-the encryption algorithm name as used by EVP_get_cipherbyname() and an 8
-byte B<salt> encoded as a set of hexadecimal digits.
-
-After this is the base64 encoded encrypted data.
-
-The encryption key is determined using EVP_bytestokey(), using B<salt> and an
-iteration count of 1. The IV used is the value of B<salt> and *not* the IV
-returned by EVP_bytestokey().
-
-=head1 BUGS
-
-The PEM read routines in some versions of OpenSSL will not correctly reuse
-an existing structure. Therefore the following:
-
- PEM_read_bio_X509(bp, &x, 0, NULL);
-
-where B<x> already contains a valid certificate, may not work, whereas:
-
- X509_free(x);
- x = PEM_read_bio_X509(bp, NULL, 0, NULL);
-
-is guaranteed to work.
-
-=head1 RETURN CODES
-
-The read routines return either a pointer to the structure read or NULL
-if an error occurred.
-
-The write routines return 1 for success or 0 for failure.
diff --git a/crypto/openssl/doc/crypto/rand.pod b/crypto/openssl/doc/crypto/rand.pod
deleted file mode 100644
index 1c068c8..0000000
--- a/crypto/openssl/doc/crypto/rand.pod
+++ /dev/null
@@ -1,175 +0,0 @@
-=pod
-
-=head1 NAME
-
-rand - pseudo-random number generator
-
-=head1 SYNOPSIS
-
- #include <openssl/rand.h>
-
- int RAND_set_rand_engine(ENGINE *engine);
-
- int RAND_bytes(unsigned char *buf, int num);
- int RAND_pseudo_bytes(unsigned char *buf, int num);
-
- void RAND_seed(const void *buf, int num);
- void RAND_add(const void *buf, int num, int entropy);
- int RAND_status(void);
-
- int RAND_load_file(const char *file, long max_bytes);
- int RAND_write_file(const char *file);
- const char *RAND_file_name(char *file, size_t num);
-
- int RAND_egd(const char *path);
-
- void RAND_set_rand_method(const RAND_METHOD *meth);
- const RAND_METHOD *RAND_get_rand_method(void);
- RAND_METHOD *RAND_SSLeay(void);
-
- void RAND_cleanup(void);
-
- /* For Win32 only */
- void RAND_screen(void);
- int RAND_event(UINT, WPARAM, LPARAM);
-
-=head1 DESCRIPTION
-
-Since the introduction of the ENGINE API, the recommended way of controlling
-default implementations is by using the ENGINE API functions. The default
-B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
-RAND_get_rand_method(), is only used if no ENGINE has been set as the default
-"rand" implementation. Hence, these two functions are no longer the recommened
-way to control defaults.
-
-If an alternative B<RAND_METHOD> implementation is being used (either set
-directly or as provided by an ENGINE module), then it is entirely responsible
-for the generation and management of a cryptographically secure PRNG stream. The
-mechanisms described below relate solely to the software PRNG implementation
-built in to OpenSSL and used by default.
-
-These functions implement a cryptographically secure pseudo-random
-number generator (PRNG). It is used by other library functions for
-example to generate random keys, and applications can use it when they
-need randomness.
-
-A cryptographic PRNG must be seeded with unpredictable data such as
-mouse movements or keys pressed at random by the user. This is
-described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file
-(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the
-seeding process whenever the application is started.
-
-L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the
-PRNG.
-
-=head1 INTERNALS
-
-The RAND_SSLeay() method implements a PRNG based on a cryptographic
-hash function.
-
-The following description of its design is based on the SSLeay
-documentation:
-
-First up I will state the things I believe I need for a good RNG.
-
-=over 4
-
-=item 1
-
-A good hashing algorithm to mix things up and to convert the RNG 'state'
-to random numbers.
-
-=item 2
-
-An initial source of random 'state'.
-
-=item 3
-
-The state should be very large. If the RNG is being used to generate
-4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
-If your RNG state only has 128 bits, you are obviously limiting the
-search space to 128 bits, not 2048. I'm probably getting a little
-carried away on this last point but it does indicate that it may not be
-a bad idea to keep quite a lot of RNG state. It should be easier to
-break a cipher than guess the RNG seed data.
-
-=item 4
-
-Any RNG seed data should influence all subsequent random numbers
-generated. This implies that any random seed data entered will have
-an influence on all subsequent random numbers generated.
-
-=item 5
-
-When using data to seed the RNG state, the data used should not be
-extractable from the RNG state. I believe this should be a
-requirement because one possible source of 'secret' semi random
-data would be a private key or a password. This data must
-not be disclosed by either subsequent random numbers or a
-'core' dump left by a program crash.
-
-=item 6
-
-Given the same initial 'state', 2 systems should deviate in their RNG state
-(and hence the random numbers generated) over time if at all possible.
-
-=item 7
-
-Given the random number output stream, it should not be possible to determine
-the RNG state or the next random number.
-
-=back
-
-The algorithm is as follows.
-
-There is global state made up of a 1023 byte buffer (the 'state'), a
-working hash value ('md'), and a counter ('count').
-
-Whenever seed data is added, it is inserted into the 'state' as
-follows.
-
-The input is chopped up into units of 20 bytes (or less for
-the last block). Each of these blocks is run through the hash
-function as follows: The data passed to the hash function
-is the current 'md', the same number of bytes from the 'state'
-(the location determined by in incremented looping index) as
-the current 'block', the new key data 'block', and 'count'
-(which is incremented after each use).
-The result of this is kept in 'md' and also xored into the
-'state' at the same locations that were used as input into the
-hash function. I
-believe this system addresses points 1 (hash function; currently
-SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash
-function and xor).
-
-When bytes are extracted from the RNG, the following process is used.
-For each group of 10 bytes (or less), we do the following:
-
-Input into the hash function the local 'md' (which is initialized from
-the global 'md' before any bytes are generated), the bytes that are to
-be overwritten by the random bytes, and bytes from the 'state'
-(incrementing looping index). From this digest output (which is kept
-in 'md'), the top (up to) 10 bytes are returned to the caller and the
-bottom 10 bytes are xored into the 'state'.
-
-Finally, after we have finished 'num' random bytes for the caller,
-'count' (which is incremented) and the local and global 'md' are fed
-into the hash function and the results are kept in the global 'md'.
-
-I believe the above addressed points 1 (use of SHA-1), 6 (by hashing
-into the 'state' the 'old' data from the caller that is about to be
-overwritten) and 7 (by not using the 10 bytes given to the caller to
-update the 'state', but they are used to update 'md').
-
-So of the points raised, only 2 is not addressed (but see
-L<RAND_add(3)|RAND_add(3)>).
-
-=head1 SEE ALSO
-
-L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>,
-L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>,
-L<RAND_bytes(3)|RAND_bytes(3)>,
-L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>,
-L<RAND_cleanup(3)|RAND_cleanup(3)>
-
-=cut
diff --git a/crypto/openssl/doc/crypto/rc4.pod b/crypto/openssl/doc/crypto/rc4.pod
deleted file mode 100644
index b6d3a43..0000000
--- a/crypto/openssl/doc/crypto/rc4.pod
+++ /dev/null
@@ -1,62 +0,0 @@
-=pod
-
-=head1 NAME
-
-RC4_set_key, RC4 - RC4 encryption
-
-=head1 SYNOPSIS
-
- #include <openssl/rc4.h>
-
- void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
-
- void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
- unsigned char *outdata);
-
-=head1 DESCRIPTION
-
-This library implements the Alleged RC4 cipher, which is described for
-example in I<Applied Cryptography>. It is believed to be compatible
-with RC4[TM], a proprietary cipher of RSA Security Inc.
-
-RC4 is a stream cipher with variable key length. Typically, 128 bit
-(16 byte) keys are used for strong encryption, but shorter insecure
-key sizes have been widely used due to export restrictions.
-
-RC4 consists of a key setup phase and the actual encryption or
-decryption phase.
-
-RC4_set_key() sets up the B<RC4_KEY> B<key> using the B<len> bytes long
-key at B<data>.
-
-RC4() encrypts or decrypts the B<len> bytes of data at B<indata> using
-B<key> and places the result at B<outdata>. Repeated RC4() calls with
-the same B<key> yield a continuous key stream.
-
-Since RC4 is a stream cipher (the input is XORed with a pseudo-random
-key stream to produce the output), decryption uses the same function
-calls as encryption.
-
-Applications should use the higher level functions
-L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
-etc. instead of calling the RC4 functions directly.
-
-=head1 RETURN VALUES
-
-RC4_set_key() and RC4() do not return values.
-
-=head1 NOTE
-
-Certain conditions have to be observed to securely use stream ciphers.
-It is not permissible to perform multiple encryptions using the same
-key stream.
-
-=head1 SEE ALSO
-
-L<blowfish(3)|blowfish(3)>, L<des(3)|des(3)>, L<rc2(3)|rc2(3)>
-
-=head1 HISTORY
-
-RC4_set_key() and RC4() are available in all versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ripemd.pod b/crypto/openssl/doc/crypto/ripemd.pod
deleted file mode 100644
index 264bb99..0000000
--- a/crypto/openssl/doc/crypto/ripemd.pod
+++ /dev/null
@@ -1,66 +0,0 @@
-=pod
-
-=head1 NAME
-
-RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final -
-RIPEMD-160 hash function
-
-=head1 SYNOPSIS
-
- #include <openssl/ripemd.h>
-
- unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
- unsigned char *md);
-
- int RIPEMD160_Init(RIPEMD160_CTX *c);
- int RIPEMD160_Update(RIPEMD_CTX *c, const void *data,
- unsigned long len);
- int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
-
-=head1 DESCRIPTION
-
-RIPEMD-160 is a cryptographic hash function with a
-160 bit output.
-
-RIPEMD160() computes the RIPEMD-160 message digest of the B<n>
-bytes at B<d> and places it in B<md> (which must have space for
-RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
-is placed in a static array.
-
-The following functions may be used if the message is not completely
-stored in memory:
-
-RIPEMD160_Init() initializes a B<RIPEMD160_CTX> structure.
-
-RIPEMD160_Update() can be called repeatedly with chunks of the message to
-be hashed (B<len> bytes at B<data>).
-
-RIPEMD160_Final() places the message digest in B<md>, which must have
-space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases
-the B<RIPEMD160_CTX>.
-
-Applications should use the higher level functions
-L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead of calling the
-hash functions directly.
-
-=head1 RETURN VALUES
-
-RIPEMD160() returns a pointer to the hash value.
-
-RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() return 1 for
-success, 0 otherwise.
-
-=head1 CONFORMING TO
-
-ISO/IEC 10118-3 (draft) (??)
-
-=head1 SEE ALSO
-
-L<sha(3)|sha(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
-
-=head1 HISTORY
-
-RIPEMD160(), RIPEMD160_Init(), RIPEMD160_Update() and
-RIPEMD160_Final() are available since SSLeay 0.9.0.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/rsa.pod b/crypto/openssl/doc/crypto/rsa.pod
deleted file mode 100644
index 45ac53f..0000000
--- a/crypto/openssl/doc/crypto/rsa.pod
+++ /dev/null
@@ -1,123 +0,0 @@
-=pod
-
-=head1 NAME
-
-rsa - RSA public key cryptosystem
-
-=head1 SYNOPSIS
-
- #include <openssl/rsa.h>
- #include <openssl/engine.h>
-
- RSA * RSA_new(void);
- void RSA_free(RSA *rsa);
-
- int RSA_public_encrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
- int RSA_private_decrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
- int RSA_private_encrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
- int RSA_public_decrypt(int flen, unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-
- int RSA_sign(int type, unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, RSA *rsa);
- int RSA_verify(int type, unsigned char *m, unsigned int m_len,
- unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
-
- int RSA_size(const RSA *rsa);
-
- RSA *RSA_generate_key(int num, unsigned long e,
- void (*callback)(int,int,void *), void *cb_arg);
-
- int RSA_check_key(RSA *rsa);
-
- int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
- void RSA_blinding_off(RSA *rsa);
-
- void RSA_set_default_method(const RSA_METHOD *meth);
- const RSA_METHOD *RSA_get_default_method(void);
- int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
- const RSA_METHOD *RSA_get_method(const RSA *rsa);
- RSA_METHOD *RSA_PKCS1_SSLeay(void);
- RSA_METHOD *RSA_null_method(void);
- int RSA_flags(const RSA *rsa);
- RSA *RSA_new_method(ENGINE *engine);
-
- int RSA_print(BIO *bp, RSA *x, int offset);
- int RSA_print_fp(FILE *fp, RSA *x, int offset);
-
- int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
- int (*dup_func)(), void (*free_func)());
- int RSA_set_ex_data(RSA *r,int idx,char *arg);
- char *RSA_get_ex_data(RSA *r, int idx);
-
- int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
- unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
- RSA *rsa);
- int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
- unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
- RSA *rsa);
-
-=head1 DESCRIPTION
-
-These functions implement RSA public key encryption and signatures
-as defined in PKCS #1 v2.0 [RFC 2437].
-
-The B<RSA> structure consists of several BIGNUM components. It can
-contain public as well as private RSA keys:
-
- struct
- {
- BIGNUM *n; // public modulus
- BIGNUM *e; // public exponent
- BIGNUM *d; // private exponent
- BIGNUM *p; // secret prime factor
- BIGNUM *q; // secret prime factor
- BIGNUM *dmp1; // d mod (p-1)
- BIGNUM *dmq1; // d mod (q-1)
- BIGNUM *iqmp; // q^-1 mod p
- // ...
- };
- RSA
-
-In public keys, the private exponent and the related secret values are
-B<NULL>.
-
-B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
-keys, but the RSA operations are much faster when these values are
-available.
-
-Note that RSA keys may use non-standard B<RSA_METHOD> implementations,
-either directly or by the use of B<ENGINE> modules. In some cases (eg. an
-ENGINE providing support for hardware-embedded keys), these BIGNUM values
-will not be used by the implementation or may be used for alternative data
-storage. For this reason, applications should generally avoid using RSA
-structure elements directly and instead use API functions to query or
-modify keys.
-
-=head1 CONFORMING TO
-
-SSL, PKCS #1 v2.0
-
-=head1 PATENTS
-
-RSA was covered by a US patent which expired in September 2000.
-
-=head1 SEE ALSO
-
-L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>,
-L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>,
-L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
-L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>,
-L<RSA_generate_key(3)|RSA_generate_key(3)>,
-L<RSA_check_key(3)|RSA_check_key(3)>,
-L<RSA_blinding_on(3)|RSA_blinding_on(3)>,
-L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
-L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
-L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
-L<RSA_sign_ASN1_OCTET_STRING(3)|RSA_sign_ASN1_OCTET_STRING(3)>,
-L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)>
-
-=cut
diff --git a/crypto/openssl/doc/crypto/sha.pod b/crypto/openssl/doc/crypto/sha.pod
deleted file mode 100644
index 94ab7bc..0000000
--- a/crypto/openssl/doc/crypto/sha.pod
+++ /dev/null
@@ -1,70 +0,0 @@
-=pod
-
-=head1 NAME
-
-SHA1, SHA1_Init, SHA1_Update, SHA1_Final - Secure Hash Algorithm
-
-=head1 SYNOPSIS
-
- #include <openssl/sha.h>
-
- unsigned char *SHA1(const unsigned char *d, unsigned long n,
- unsigned char *md);
-
- int SHA1_Init(SHA_CTX *c);
- int SHA1_Update(SHA_CTX *c, const void *data,
- unsigned long len);
- int SHA1_Final(unsigned char *md, SHA_CTX *c);
-
-=head1 DESCRIPTION
-
-SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
-160 bit output.
-
-SHA1() computes the SHA-1 message digest of the B<n>
-bytes at B<d> and places it in B<md> (which must have space for
-SHA_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
-is placed in a static array.
-
-The following functions may be used if the message is not completely
-stored in memory:
-
-SHA1_Init() initializes a B<SHA_CTX> structure.
-
-SHA1_Update() can be called repeatedly with chunks of the message to
-be hashed (B<len> bytes at B<data>).
-
-SHA1_Final() places the message digest in B<md>, which must have space
-for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B<SHA_CTX>.
-
-Applications should use the higher level functions
-L<EVP_DigestInit(3)|EVP_DigestInit(3)>
-etc. instead of calling the hash functions directly.
-
-The predecessor of SHA-1, SHA, is also implemented, but it should be
-used only when backward compatibility is required.
-
-=head1 RETURN VALUES
-
-SHA1() returns a pointer to the hash value.
-
-SHA1_Init(), SHA1_Update() and SHA1_Final() return 1 for success, 0 otherwise.
-
-=head1 CONFORMING TO
-
-SHA: US Federal Information Processing Standard FIPS PUB 180 (Secure Hash
-Standard),
-SHA-1: US Federal Information Processing Standard FIPS PUB 180-1 (Secure Hash
-Standard),
-ANSI X9.30
-
-=head1 SEE ALSO
-
-L<ripemd(3)|ripemd(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
-
-=head1 HISTORY
-
-SHA1(), SHA1_Init(), SHA1_Update() and SHA1_Final() are available in all
-versions of SSLeay and OpenSSL.
-
-=cut
diff --git a/crypto/openssl/doc/crypto/threads.pod b/crypto/openssl/doc/crypto/threads.pod
deleted file mode 100644
index 3df4ecd..0000000
--- a/crypto/openssl/doc/crypto/threads.pod
+++ /dev/null
@@ -1,175 +0,0 @@
-=pod
-
-=head1 NAME
-
-CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
-CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback,
-CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid,
-CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
-
-=head1 SYNOPSIS
-
- #include <openssl/crypto.h>
-
- void CRYPTO_set_locking_callback(void (*locking_function)(int mode,
- int n, const char *file, int line));
-
- void CRYPTO_set_id_callback(unsigned long (*id_function)(void));
-
- int CRYPTO_num_locks(void);
-
-
- /* struct CRYPTO_dynlock_value needs to be defined by the user */
- struct CRYPTO_dynlock_value;
-
- void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *
- (*dyn_create_function)(char *file, int line));
- void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)
- (int mode, struct CRYPTO_dynlock_value *l,
- const char *file, int line));
- void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)
- (struct CRYPTO_dynlock_value *l, const char *file, int line));
-
- int CRYPTO_get_new_dynlockid(void);
-
- void CRYPTO_destroy_dynlockid(int i);
-
- void CRYPTO_lock(int mode, int n, const char *file, int line);
-
- #define CRYPTO_w_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
- #define CRYPTO_w_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
- #define CRYPTO_r_lock(type) \
- CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
- #define CRYPTO_r_unlock(type) \
- CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
- #define CRYPTO_add(addr,amount,type) \
- CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
-
-=head1 DESCRIPTION
-
-OpenSSL can safely be used in multi-threaded applications provided
-that at least two callback functions are set.
-
-locking_function(int mode, int n, const char *file, int line) is
-needed to perform locking on shared data structures.
-(Note that OpenSSL uses a number of global data structures that
-will be implicitly shared whenever multiple threads use OpenSSL.)
-Multi-threaded applications will crash at random if it is not set.
-
-locking_function() must be able to handle up to CRYPTO_num_locks()
-different mutex locks. It sets the B<n>-th lock if B<mode> &
-B<CRYPTO_LOCK>, and releases it otherwise.
-
-B<file> and B<line> are the file number of the function setting the
-lock. They can be useful for debugging.
-
-id_function(void) is a function that returns a thread ID, for example
-pthread_self() if it returns an integer (see NOTES below). It isn't
-needed on Windows nor on platforms where getpid() returns a different
-ID for each thread (see NOTES below).
-
-Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
-of OpenSSL need it for better performance. To enable this, the following
-is required:
-
-=over 4
-
-=item *
-Three additional callback function, dyn_create_function, dyn_lock_function
-and dyn_destroy_function.
-
-=item *
-A structure defined with the data that each lock needs to handle.
-
-=back
-
-struct CRYPTO_dynlock_value has to be defined to contain whatever structure
-is needed to handle locks.
-
-dyn_create_function(const char *file, int line) is needed to create a
-lock. Multi-threaded applications might crash at random if it is not set.
-
-dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line)
-is needed to perform locking off dynamic lock numbered n. Multi-threaded
-applications might crash at random if it is not set.
-
-dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is
-needed to destroy the lock l. Multi-threaded applications might crash at
-random if it is not set.
-
-CRYPTO_get_new_dynlockid() is used to create locks. It will call
-dyn_create_function for the actual creation.
-
-CRYPTO_destroy_dynlockid() is used to destroy locks. It will call
-dyn_destroy_function for the actual destruction.
-
-CRYPTO_lock() is used to lock and unlock the locks. mode is a bitfield
-describing what should be done with the lock. n is the number of the
-lock as returned from CRYPTO_get_new_dynlockid(). mode can be combined
-from the following values. These values are pairwise exclusive, with
-undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE
-should not be used together):
-
- CRYPTO_LOCK 0x01
- CRYPTO_UNLOCK 0x02
- CRYPTO_READ 0x04
- CRYPTO_WRITE 0x08
-
-=head1 RETURN VALUES
-
-CRYPTO_num_locks() returns the required number of locks.
-
-CRYPTO_get_new_dynlockid() returns the index to the newly created lock.
-
-The other functions return no values.
-
-=head1 NOTES
-
-You can find out if OpenSSL was configured with thread support:
-
- #define OPENSSL_THREAD_DEFINES
- #include <openssl/opensslconf.h>
- #if defined(OPENSSL_THREADS)
- // thread support enabled
- #else
- // no thread support
- #endif
-
-Also, dynamic locks are currently not used internally by OpenSSL, but
-may do so in the future.
-
-Defining id_function(void) has it's own issues. Generally speaking,
-pthread_self() should be used, even on platforms where getpid() gives
-different answers in each thread, since that may depend on the machine
-the program is run on, not the machine where the program is being
-compiled. For instance, Red Hat 8 Linux and earlier used
-LinuxThreads, whose getpid() returns a different value for each
-thread. Red Hat 9 Linux and later use NPTL, which is
-Posix-conformant, and has a getpid() that returns the same value for
-all threads in a process. A program compiled on Red Hat 8 and run on
-Red Hat 9 will therefore see getpid() returning the same value for
-all threads.
-
-There is still the issue of platforms where pthread_self() returns
-something other than an integer. This is a bit unusual, and this
-manual has no cookbook solution for that case.
-
-=head1 EXAMPLES
-
-B<crypto/threads/mttest.c> shows examples of the callback functions on
-Solaris, Irix and Win32.
-
-=head1 HISTORY
-
-CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are
-available in all versions of SSLeay and OpenSSL.
-CRYPTO_num_locks() was added in OpenSSL 0.9.4.
-All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev.
-
-=head1 SEE ALSO
-
-L<crypto(3)|crypto(3)>
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ui.pod b/crypto/openssl/doc/crypto/ui.pod
deleted file mode 100644
index 6df68d6..0000000
--- a/crypto/openssl/doc/crypto/ui.pod
+++ /dev/null
@@ -1,194 +0,0 @@
-=pod
-
-=head1 NAME
-
-UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
-UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
-UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
-UI_add_error_string, UI_dup_error_string, UI_construct_prompt,
-UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
-UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
-UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface
-
-=head1 SYNOPSIS
-
- #include <openssl/ui.h>
-
- typedef struct ui_st UI;
- typedef struct ui_method_st UI_METHOD;
-
- UI *UI_new(void);
- UI *UI_new_method(const UI_METHOD *method);
- void UI_free(UI *ui);
-
- int UI_add_input_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize);
- int UI_dup_input_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize);
- int UI_add_verify_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize, const char *test_buf);
- int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
- char *result_buf, int minsize, int maxsize, const char *test_buf);
- int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
- const char *ok_chars, const char *cancel_chars,
- int flags, char *result_buf);
- int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
- const char *ok_chars, const char *cancel_chars,
- int flags, char *result_buf);
- int UI_add_info_string(UI *ui, const char *text);
- int UI_dup_info_string(UI *ui, const char *text);
- int UI_add_error_string(UI *ui, const char *text);
- int UI_dup_error_string(UI *ui, const char *text);
-
- /* These are the possible flags. They can be or'ed together. */
- #define UI_INPUT_FLAG_ECHO 0x01
- #define UI_INPUT_FLAG_DEFAULT_PWD 0x02
-
- char *UI_construct_prompt(UI *ui_method,
- const char *object_desc, const char *object_name);
-
- void *UI_add_user_data(UI *ui, void *user_data);
- void *UI_get0_user_data(UI *ui);
-
- const char *UI_get0_result(UI *ui, int i);
-
- int UI_process(UI *ui);
-
- int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
- #define UI_CTRL_PRINT_ERRORS 1
- #define UI_CTRL_IS_REDOABLE 2
-
- void UI_set_default_method(const UI_METHOD *meth);
- const UI_METHOD *UI_get_default_method(void);
- const UI_METHOD *UI_get_method(UI *ui);
- const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
-
- UI_METHOD *UI_OpenSSL(void);
-
-=head1 DESCRIPTION
-
-UI stands for User Interface, and is general purpose set of routines to
-prompt the user for text-based information. Through user-written methods
-(see L<ui_create(3)|ui_create(3)>), prompting can be done in any way
-imaginable, be it plain text prompting, through dialog boxes or from a
-cell phone.
-
-All the functions work through a context of the type UI. This context
-contains all the information needed to prompt correctly as well as a
-reference to a UI_METHOD, which is an ordered vector of functions that
-carry out the actual prompting.
-
-The first thing to do is to create a UI with UI_new() or UI_new_method(),
-then add information to it with the UI_add or UI_dup functions. Also,
-user-defined random data can be passed down to the underlying method
-through calls to UI_add_user_data. The default UI method doesn't care
-about these data, but other methods might. Finally, use UI_process()
-to actually perform the prompting and UI_get0_result() to find the result
-to the prompt.
-
-A UI can contain more than one prompt, which are performed in the given
-sequence. Each prompt gets an index number which is returned by the
-UI_add and UI_dup functions, and has to be used to get the corresponding
-result with UI_get0_result().
-
-The functions are as follows:
-
-UI_new() creates a new UI using the default UI method. When done with
-this UI, it should be freed using UI_free().
-
-UI_new_method() creates a new UI using the given UI method. When done with
-this UI, it should be freed using UI_free().
-
-UI_OpenSSL() returns the built-in UI method (note: not the default one,
-since the default can be changed. See further on). This method is the
-most machine/OS dependent part of OpenSSL and normally generates the
-most problems when porting.
-
-UI_free() removes a UI from memory, along with all other pieces of memory
-that's connected to it, like duplicated input strings, results and others.
-
-UI_add_input_string() and UI_add_verify_string() add a prompt to the UI,
-as well as flags and a result buffer and the desired minimum and maximum
-sizes of the result. The given information is used to prompt for
-information, for example a password, and to verify a password (i.e. having
-the user enter it twice and check that the same string was entered twice).
-UI_add_verify_string() takes and extra argument that should be a pointer
-to the result buffer of the input string that it's supposed to verify, or
-verification will fail.
-
-UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered
-in a boolean way, with a single character for yes and a different character
-for no. A set of characters that can be used to cancel the prompt is given
-as well. The prompt itself is really divided in two, one part being the
-descriptive text (given through the I<prompt> argument) and one describing
-the possible answers (given through the I<action_desc> argument).
-
-UI_add_info_string() and UI_add_error_string() add strings that are shown at
-the same time as the prompt for extra information or to show an error string.
-The difference between the two is only conceptual. With the builtin method,
-there's no technical difference between them. Other methods may make a
-difference between them, however.
-
-The flags currently supported are UI_INPUT_FLAG_ECHO, which is relevant for
-UI_add_input_string() and will have the users response be echoed (when
-prompting for a password, this flag should obviously not be used, and
-UI_INPUT_FLAG_DEFAULT_PWD, which means that a default password of some
-sort will be used (completely depending on the application and the UI
-method).
-
-UI_dup_input_string(), UI_dup_verify_string(), UI_dup_input_boolean(),
-UI_dup_info_string() and UI_dup_error_string() are basically the same
-as their UI_add counterparts, except that they make their own copies
-of all strings.
-
-UI_construct_prompt() is a helper function that can be used to create
-a prompt from two pieces of information: an description and a name.
-The default constructor (if there is none provided by the method used)
-creates a string "Enter I<description> for I<name>:". With the
-description "pass phrase" and the file name "foo.key", that becomes
-"Enter pass phrase for foo.key:". Other methods may create whatever
-string and may include encodings that will be processed by the other
-method functions.
-
-UI_add_user_data() adds a piece of memory for the method to use at any
-time. The builtin UI method doesn't care about this info. Note that several
-calls to this function doesn't add data, it replaces the previous blob
-with the one given as argument.
-
-UI_get0_user_data() retrieves the data that has last been given to the
-UI with UI_add_user_data().
-
-UI_get0_result() returns a pointer to the result buffer associated with
-the information indexed by I<i>.
-
-UI_process() goes through the information given so far, does all the printing
-and prompting and returns.
-
-UI_ctrl() adds extra control for the application author. For now, it
-understands two commands: UI_CTRL_PRINT_ERRORS, which makes UI_process()
-print the OpenSSL error stack as part of processing the UI, and
-UI_CTRL_IS_REDOABLE, which returns a flag saying if the used UI can
-be used again or not.
-
-UI_set_default_method() changes the default UI method to the one given.
-
-UI_get_default_method() returns a pointer to the current default UI method.
-
-UI_get_method() returns the UI method associated with a given UI.
-
-UI_set_method() changes the UI method associated with a given UI.
-
-=head1 SEE ALSO
-
-L<ui_create(3)|ui_create(3)>, L<ui_compat(3)|ui_compat(3)>
-
-=head1 HISTORY
-
-The UI section was first introduced in OpenSSL 0.9.7.
-
-=head1 AUTHOR
-
-Richard Levitte (richard@levitte.org) for the OpenSSL project
-(http://www.openssl.org).
-
-=cut
diff --git a/crypto/openssl/doc/crypto/ui_compat.pod b/crypto/openssl/doc/crypto/ui_compat.pod
deleted file mode 100644
index 9ab3c69..0000000
--- a/crypto/openssl/doc/crypto/ui_compat.pod
+++ /dev/null
@@ -1,55 +0,0 @@
-=pod
-
-=head1 NAME
-
-des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw -
-Compatibility user interface functions
-
-=head1 SYNOPSIS
-
- int des_read_password(DES_cblock *key,const char *prompt,int verify);
- int des_read_2passwords(DES_cblock *key1,DES_cblock *key2,
- const char *prompt,int verify);
-
- int des_read_pw_string(char *buf,int length,const char *prompt,int verify);
- int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
-
-=head1 DESCRIPTION
-
-The DES library contained a few routines to prompt for passwords. These
-aren't necessarely dependent on DES, and have therefore become part of the
-UI compatibility library.
-
-des_read_pw() writes the string specified by I<prompt> to standard output
-turns echo off and reads an input string from the terminal. The string is
-returned in I<buf>, which must have spac for at least I<size> bytes.
-If I<verify> is set, the user is asked for the password twice and unless
-the two copies match, an error is returned. The second password is stored
-in I<buff>, which must therefore also be at least I<size> bytes. A return
-code of -1 indicates a system error, 1 failure due to use interaction, and
-0 is success. All other functions described here use des_read_pw() to do
-the work.
-
-des_read_pw_string() is a variant of des_read_pw() that provides a buffer
-for you if I<verify> is set.
-
-des_read_password() calls des_read_pw() and converts the password to a
-DES key by calling DES_string_to_key(); des_read_2password() operates in
-the same way as des_read_password() except that it generates two keys
-by using the DES_string_to_2key() function.
-
-=head1 NOTES
-
-des_read_pw_string() is available in the MIT Kerberos library as well, and
-is also available under the name EVP_read_pw_string().
-
-=head1 SEE ALSO
-
-L<ui(3)|ui(3)>, L<ui_create(3)|ui_create(3)>
-
-=head1 AUTHOR
-
-Richard Levitte (richard@levitte.org) for the OpenSSL project
-(http://www.openssl.org).
-
-=cut
diff --git a/crypto/openssl/doc/crypto/x509.pod b/crypto/openssl/doc/crypto/x509.pod
deleted file mode 100644
index f9e58e0..0000000
--- a/crypto/openssl/doc/crypto/x509.pod
+++ /dev/null
@@ -1,64 +0,0 @@
-=pod
-
-=head1 NAME
-
-x509 - X.509 certificate handling
-
-=head1 SYNOPSIS
-
- #include <openssl/x509.h>
-
-=head1 DESCRIPTION
-
-A X.509 certificate is a structured grouping of information about
-an individual, a device, or anything one can imagine. A X.509 CRL
-(certificate revocation list) is a tool to help determine if a
-certificate is still valid. The exact definition of those can be
-found in the X.509 document from ITU-T, or in RFC3280 from PKIX.
-In OpenSSL, the type X509 is used to express such a certificate, and
-the type X509_CRL is used to express a CRL.
-
-A related structure is a certificate request, defined in PKCS#10 from
-RSA Security, Inc, also reflected in RFC2896. In OpenSSL, the type
-X509_REQ is used to express such a certificate request.
-
-To handle some complex parts of a certificate, there are the types
-X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express
-a certificate attributes), X509_EXTENSION (to express a certificate
-extension) and a few more.
-
-Finally, there's the supertype X509_INFO, which can contain a CRL, a
-certificate and a corresponding private key.
-
-B<X509_>I<...>, B<d2i_X509_>I<...> and B<i2d_X509_>I<...> handle X.509
-certificates, with some exceptions, shown below.
-
-B<X509_CRL_>I<...>, B<d2i_X509_CRL_>I<...> and B<i2d_X509_CRL_>I<...>
-handle X.509 CRLs.
-
-B<X509_REQ_>I<...>, B<d2i_X509_REQ_>I<...> and B<i2d_X509_REQ_>I<...>
-handle PKCS#10 certificate requests.
-
-B<X509_NAME_>I<...> handle certificate names.
-
-B<X509_ATTRIBUTE_>I<...> handle certificate attributes.
-
-B<X509_EXTENSION_>I<...> handle certificate extensions.
-
-=head1 SEE ALSO
-
-L<X509_NAME_ENTRY_get_object(3)|X509_NAME_ENTRY_get_object(3)>,
-L<X509_NAME_add_entry_by_txt(3)|X509_NAME_add_entry_by_txt(3)>,
-L<X509_NAME_add_entry_by_NID(3)|X509_NAME_add_entry_by_NID(3)>,
-L<X509_NAME_print_ex(3)|X509_NAME_print_ex(3)>,
-L<X509_NAME_new(3)|X509_NAME_new(3)>,
-L<d2i_X509(3)|d2i_X509(3)>,
-L<d2i_X509_ALGOR(3)|d2i_X509_ALGOR(3)>,
-L<d2i_X509_CRL(3)|d2i_X509_CRL(3)>,
-L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
-L<d2i_X509_REQ(3)|d2i_X509_REQ(3)>,
-L<d2i_X509_SIG(3)|d2i_X509_SIG(3)>,
-L<crypto(3)|crypto(3)>,
-L<x509v3(3)|x509v3(3)>
-
-=cut
diff --git a/crypto/openssl/doc/fingerprints.txt b/crypto/openssl/doc/fingerprints.txt
deleted file mode 100644
index 7d05a85..0000000
--- a/crypto/openssl/doc/fingerprints.txt
+++ /dev/null
@@ -1,57 +0,0 @@
- Fingerprints
-
-OpenSSL releases are signed with PGP/GnuPG keys. You can find the
-signatures in separate files in the same location you find the
-distributions themselves. The normal file name is the same as the
-distribution file, with '.asc' added. For example, the signature for
-the distribution of OpenSSL 0.9.7f, openssl-0.9.7f.tar.gz, is found in
-the file openssl-0.9.7f.tar.gz.asc.
-
-The following is the list of fingerprints for the keys that are
-currently in use (have been used since summer 2004) to sign OpenSSL
-distributions:
-
-pub 1024D/F709453B 2003-10-20
- Key fingerprint = C4CA B749 C34F 7F4C C04F DAC9 A7AF 9E78 F709 453B
-uid Richard Levitte <richard@levitte.org>
-uid Richard Levitte <levitte@openssl.org>
-uid Richard Levitte <levitte@lp.se>
-
-pub 2048R/F295C759 1998-12-13
- Key fingerprint = D0 5D 8C 61 6E 27 E6 60 41 EC B1 B8 D5 7E E5 97
-uid Dr S N Henson <shenson@drh-consultancy.demon.co.uk>
-
-pub 1024R/49A563D9 1997-02-24
- Key fingerprint = 7B 79 19 FA 71 6B 87 25 0E 77 21 E5 52 D9 83 BF
-uid Mark Cox <mjc@redhat.com>
-uid Mark Cox <mark@awe.com>
-uid Mark Cox <mjc@apache.org>
-
-pub 1024R/26BB437D 1997-04-28
- Key fingerprint = 00 C9 21 8E D1 AB 70 37 DD 67 A2 3A 0A 6F 8D A5
-uid Ralf S. Engelschall <rse@engelschall.com>
-
-pub 1024R/9C58A66D 1997-04-03
- Key fingerprint = 13 D0 B8 9D 37 30 C3 ED AC 9C 24 7D 45 8C 17 67
-uid jaenicke@openssl.org
-uid Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>
-
-pub 1024D/2118CF83 1998-07-13
- Key fingerprint = 7656 55DE 62E3 96FF 2587 EB6C 4F6D E156 2118 CF83
-uid Ben Laurie <ben@thebunker.net>
-uid Ben Laurie <ben@cryptix.org>
-uid Ben Laurie <ben@algroup.co.uk>
-sub 4096g/1F5143E7 1998-07-13
-
-pub 1024R/5A6A9B85 1994-03-22
- Key fingerprint = C7 AC 7E AD 56 6A 65 EC F6 16 66 83 7E 86 68 28
-uid Bodo Moeller <2005@bmoeller.de>
-uid Bodo Moeller <2003@bmoeller.de>
-uid Bodo Moeller <2004@bmoeller.de>
-uid Bodo Moeller <bmoeller@acm.org>
-uid Bodo Moeller <bodo@openssl.org>
-uid Bodo Moeller <bm@ulf.mali.sub.org>
-uid Bodo Moeller <3moeller@informatik.uni-hamburg.de>
-uid Bodo Moeller <Bodo_Moeller@public.uni-hamburg.de>
-uid Bodo Moeller <3moeller@rzdspc5.informatik.uni-hamburg.de>
-
diff --git a/crypto/openssl/doc/openssl-shared.txt b/crypto/openssl/doc/openssl-shared.txt
deleted file mode 100644
index 5cf84a0..0000000
--- a/crypto/openssl/doc/openssl-shared.txt
+++ /dev/null
@@ -1,32 +0,0 @@
-The OpenSSL shared libraries are often installed in a directory like
-/usr/local/ssl/lib.
-
-If this directory is not in a standard system path for dynamic/shared
-libraries, then you will have problems linking and executing
-applications that use OpenSSL libraries UNLESS:
-
-* you link with static (archive) libraries. If you are truly
- paranoid about security, you should use static libraries.
-* you use the GNU libtool code during linking
- (http://www.gnu.org/software/libtool/libtool.html)
-* you use pkg-config during linking (this requires that
- PKG_CONFIG_PATH includes the path to the OpenSSL shared
- library directory), and make use of -R or -rpath.
- (http://www.freedesktop.org/software/pkgconfig/)
-* you specify the system-wide link path via a command such
- as crle(1) on Solaris systems.
-* you add the OpenSSL shared library directory to /etc/ld.so.conf
- and run ldconfig(8) on Linux systems.
-* you define the LD_LIBRARY_PATH, LIBPATH, SHLIB_PATH (HP),
- DYLD_LIBRARY_PATH (MacOS X) or PATH (Cygwin and DJGPP)
- environment variable and add the OpenSSL shared library
- directory to it.
-
-One common tool to check the dynamic dependencies of an executable
-or dynamic library is ldd(1) on most UNIX systems.
-
-See any operating system documentation and manpages about shared
-libraries for your version of UNIX. The following manpages may be
-helpful: ld(1), ld.so(1), ld.so.1(1) [Solaris], dld.sl(1) [HP],
-ldd(1), crle(1) [Solaris], pldd(1) [Solaris], ldconfig(8) [Linux],
-chatr(1) [HP].
diff --git a/crypto/openssl/doc/openssl.txt b/crypto/openssl/doc/openssl.txt
deleted file mode 100644
index f8817b0..0000000
--- a/crypto/openssl/doc/openssl.txt
+++ /dev/null
@@ -1,1254 +0,0 @@
-
-This is some preliminary documentation for OpenSSL.
-
-Contents:
-
- OpenSSL X509V3 extension configuration
- X509V3 Extension code: programmers guide
- PKCS#12 Library
-
-
-==============================================================================
- OpenSSL X509V3 extension configuration
-==============================================================================
-
-OpenSSL X509V3 extension configuration: preliminary documentation.
-
-INTRODUCTION.
-
-For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now
-possible to add and print out common X509 V3 certificate and CRL extensions.
-
-BEGINNERS NOTE
-
-For most simple applications you don't need to know too much about extensions:
-the default openssl.cnf values will usually do sensible things.
-
-If you want to know more you can initially quickly look through the sections
-describing how the standard OpenSSL utilities display and add extensions and
-then the list of supported extensions.
-
-For more technical information about the meaning of extensions see:
-
-http://www.imc.org/ietf-pkix/
-http://home.netscape.com/eng/security/certs.html
-
-PRINTING EXTENSIONS.
-
-Extension values are automatically printed out for supported extensions.
-
-openssl x509 -in cert.pem -text
-openssl crl -in crl.pem -text
-
-will give information in the extension printout, for example:
-
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Subject Key Identifier:
- 73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15
- X509v3 Authority Key Identifier:
- keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00
- X509v3 Key Usage:
- Certificate Sign, CRL Sign
- X509v3 Subject Alternative Name:
- email:email@1.address, email:email@2.address
-
-CONFIGURATION FILES.
-
-The OpenSSL utilities 'ca' and 'req' can now have extension sections listing
-which certificate extensions to include. In each case a line:
-
-x509_extensions = extension_section
-
-indicates which section contains the extensions. In the case of 'req' the
-extension section is used when the -x509 option is present to create a
-self signed root certificate.
-
-The 'x509' utility also supports extensions when it signs a certificate.
-The -extfile option is used to set the configuration file containing the
-extensions. In this case a line with:
-
-extensions = extension_section
-
-in the nameless (default) section is used. If no such line is included then
-it uses the default section.
-
-You can also add extensions to CRLs: a line
-
-crl_extensions = crl_extension_section
-
-will include extensions when the -gencrl option is used with the 'ca' utility.
-You can add any extension to a CRL but of the supported extensions only
-issuerAltName and authorityKeyIdentifier make any real sense. Note: these are
-CRL extensions NOT CRL *entry* extensions which cannot currently be generated.
-CRL entry extensions can be displayed.
-
-NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL
-you should not include a crl_extensions line in the configuration file.
-
-As with all configuration files you can use the inbuilt environment expansion
-to allow the values to be passed in the environment. Therefore if you have
-several extension sections used for different purposes you can have a line:
-
-x509_extensions = $ENV::ENV_EXT
-
-and set the ENV_EXT environment variable before calling the relevant utility.
-
-EXTENSION SYNTAX.
-
-Extensions have the basic form:
-
-extension_name=[critical,] extension_options
-
-the use of the critical option makes the extension critical. Extreme caution
-should be made when using the critical flag. If an extension is marked
-as critical then any client that does not understand the extension should
-reject it as invalid. Some broken software will reject certificates which
-have *any* critical extensions (these violates PKIX but we have to live
-with it).
-
-There are three main types of extension: string extensions, multi-valued
-extensions, and raw extensions.
-
-String extensions simply have a string which contains either the value itself
-or how it is obtained.
-
-For example:
-
-nsComment="This is a Comment"
-
-Multi-valued extensions have a short form and a long form. The short form
-is a list of names and values:
-
-basicConstraints=critical,CA:true,pathlen:1
-
-The long form allows the values to be placed in a separate section:
-
-basicConstraints=critical,@bs_section
-
-[bs_section]
-
-CA=true
-pathlen=1
-
-Both forms are equivalent. However it should be noted that in some cases the
-same name can appear multiple times, for example,
-
-subjectAltName=email:steve@here,email:steve@there
-
-in this case an equivalent long form is:
-
-subjectAltName=@alt_section
-
-[alt_section]
-
-email.1=steve@here
-email.2=steve@there
-
-This is because the configuration file code cannot handle the same name
-occurring twice in the same section.
-
-The syntax of raw extensions is governed by the extension code: it can
-for example contain data in multiple sections. The correct syntax to
-use is defined by the extension code itself: check out the certificate
-policies extension for an example.
-
-There are two ways to encode arbitrary extensions.
-
-The first way is to use the word ASN1 followed by the extension content
-using the same syntax as ASN1_generate_nconf(). For example:
-
-1.2.3.4=critical,ASN1:UTF8String:Some random data
-
-1.2.3.4=ASN1:SEQUENCE:seq_sect
-
-[seq_sect]
-
-field1 = UTF8:field1
-field2 = UTF8:field2
-
-It is also possible to use the word DER to include arbitrary data in any
-extension.
-
-1.2.3.4=critical,DER:01:02:03:04
-1.2.3.4=DER:01020304
-
-The value following DER is a hex dump of the DER encoding of the extension
-Any extension can be placed in this form to override the default behaviour.
-For example:
-
-basicConstraints=critical,DER:00:01:02:03
-
-WARNING: DER should be used with caution. It is possible to create totally
-invalid extensions unless care is taken.
-
-CURRENTLY SUPPORTED EXTENSIONS.
-
-If you aren't sure about extensions then they can be largely ignored: its only
-when you want to do things like restrict certificate usage when you need to
-worry about them.
-
-The only extension that a beginner might want to look at is Basic Constraints.
-If in addition you want to try Netscape object signing the you should also
-look at Netscape Certificate Type.
-
-Literal String extensions.
-
-In each case the 'value' of the extension is placed directly in the
-extension. Currently supported extensions in this category are: nsBaseUrl,
-nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl,
-nsSslServerName and nsComment.
-
-For example:
-
-nsComment="This is a test comment"
-
-Bit Strings.
-
-Bit string extensions just consist of a list of supported bits, currently
-two extensions are in this category: PKIX keyUsage and the Netscape specific
-nsCertType.
-
-nsCertType (netscape certificate type) takes the flags: client, server, email,
-objsign, reserved, sslCA, emailCA, objCA.
-
-keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation,
-keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign,
-encipherOnly, decipherOnly.
-
-For example:
-
-nsCertType=server
-
-keyUsage=digitalSignature, nonRepudiation
-
-Hints on Netscape Certificate Type.
-
-Other than Basic Constraints this is the only extension a beginner might
-want to use, if you want to try Netscape object signing, otherwise it can
-be ignored.
-
-If you want a certificate that can be used just for object signing then:
-
-nsCertType=objsign
-
-will do the job. If you want to use it as a normal end user and server
-certificate as well then
-
-nsCertType=objsign,email,server
-
-is more appropriate. You cannot use a self signed certificate for object
-signing (well Netscape signtool can but it cheats!) so you need to create
-a CA certificate and sign an end user certificate with it.
-
-Side note: If you want to conform to the Netscape specifications then you
-should really also set:
-
-nsCertType=objCA
-
-in the *CA* certificate for just an object signing CA and
-
-nsCertType=objCA,emailCA,sslCA
-
-for everything. Current Netscape software doesn't enforce this so it can
-be omitted.
-
-Basic Constraints.
-
-This is generally the only extension you need to worry about for simple
-applications. If you want your certificate to be usable as a CA certificate
-(in addition to an end user certificate) then you set this to:
-
-basicConstraints=CA:TRUE
-
-if you want to be certain the certificate cannot be used as a CA then do:
-
-basicConstraints=CA:FALSE
-
-The rest of this section describes more advanced usage.
-
-Basic constraints is a multi-valued extension that supports a CA and an
-optional pathlen option. The CA option takes the values true and false and
-pathlen takes an integer. Note if the CA option is false the pathlen option
-should be omitted.
-
-The pathlen parameter indicates the maximum number of CAs that can appear
-below this one in a chain. So if you have a CA with a pathlen of zero it can
-only be used to sign end user certificates and not further CAs. This all
-assumes that the software correctly interprets this extension of course.
-
-Examples:
-
-basicConstraints=CA:TRUE
-basicConstraints=critical,CA:TRUE, pathlen:0
-
-NOTE: for a CA to be considered valid it must have the CA option set to
-TRUE. An end user certificate MUST NOT have the CA value set to true.
-According to PKIX recommendations it should exclude the extension entirely,
-however some software may require CA set to FALSE for end entity certificates.
-
-Extended Key Usage.
-
-This extensions consists of a list of usages.
-
-These can either be object short names of the dotted numerical form of OIDs.
-While any OID can be used only certain values make sense. In particular the
-following PKIX, NS and MS values are meaningful:
-
-Value Meaning
------ -------
-serverAuth SSL/TLS Web Server Authentication.
-clientAuth SSL/TLS Web Client Authentication.
-codeSigning Code signing.
-emailProtection E-mail Protection (S/MIME).
-timeStamping Trusted Timestamping
-msCodeInd Microsoft Individual Code Signing (authenticode)
-msCodeCom Microsoft Commercial Code Signing (authenticode)
-msCTLSign Microsoft Trust List Signing
-msSGC Microsoft Server Gated Crypto
-msEFS Microsoft Encrypted File System
-nsSGC Netscape Server Gated Crypto
-
-For example, under IE5 a CA can be used for any purpose: by including a list
-of the above usages the CA can be restricted to only authorised uses.
-
-Note: software packages may place additional interpretations on certificate
-use, in particular some usages may only work for selected CAs. Don't for example
-expect just including msSGC or nsSGC will automatically mean that a certificate
-can be used for SGC ("step up" encryption) otherwise anyone could use it.
-
-Examples:
-
-extendedKeyUsage=critical,codeSigning,1.2.3.4
-extendedKeyUsage=nsSGC,msSGC
-
-Subject Key Identifier.
-
-This is really a string extension and can take two possible values. Either
-a hex string giving details of the extension value to include or the word
-'hash' which then automatically follow PKIX guidelines in selecting and
-appropriate key identifier. The use of the hex string is strongly discouraged.
-
-Example: subjectKeyIdentifier=hash
-
-Authority Key Identifier.
-
-The authority key identifier extension permits two options. keyid and issuer:
-both can take the optional value "always".
-
-If the keyid option is present an attempt is made to copy the subject key
-identifier from the parent certificate. If the value "always" is present
-then an error is returned if the option fails.
-
-The issuer option copies the issuer and serial number from the issuer
-certificate. Normally this will only be done if the keyid option fails or
-is not included: the "always" flag will always include the value.
-
-Subject Alternative Name.
-
-The subject alternative name extension allows various literal values to be
-included in the configuration file. These include "email" (an email address)
-"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
-registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.
-
-Also the email option include a special 'copy' value. This will automatically
-include and email addresses contained in the certificate subject name in
-the extension.
-
-otherName can include arbitrary data associated with an OID: the value
-should be the OID followed by a semicolon and the content in standard
-ASN1_generate_nconf() format.
-
-Examples:
-
-subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
-subjectAltName=email:my@other.address,RID:1.2.3.4
-subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
-
-Issuer Alternative Name.
-
-The issuer alternative name option supports all the literal options of
-subject alternative name. It does *not* support the email:copy option because
-that would not make sense. It does support an additional issuer:copy option
-that will copy all the subject alternative name values from the issuer
-certificate (if possible).
-
-Example:
-
-issuserAltName = issuer:copy
-
-Authority Info Access.
-
-The authority information access extension gives details about how to access
-certain information relating to the CA. Its syntax is accessOID;location
-where 'location' has the same syntax as subject alternative name (except
-that email:copy is not supported). accessOID can be any valid OID but only
-certain values are meaningful for example OCSP and caIssuers. OCSP gives the
-location of an OCSP responder: this is used by Netscape PSM and other software.
-
-Example:
-
-authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
-authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
-
-CRL distribution points.
-
-This is a multi-valued extension that supports all the literal options of
-subject alternative name. Of the few software packages that currently interpret
-this extension most only interpret the URI option.
-
-Currently each option will set a new DistributionPoint with the fullName
-field set to the given value.
-
-Other fields like cRLissuer and reasons cannot currently be set or displayed:
-at this time no examples were available that used these fields.
-
-If you see this extension with <UNSUPPORTED> when you attempt to print it out
-or it doesn't appear to display correctly then let me know, including the
-certificate (mail me at steve@openssl.org) .
-
-Examples:
-
-crlDistributionPoints=URI:http://www.myhost.com/myca.crl
-crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
-
-Certificate Policies.
-
-This is a RAW extension. It attempts to display the contents of this extension:
-unfortunately this extension is often improperly encoded.
-
-The certificate policies extension will rarely be used in practice: few
-software packages interpret it correctly or at all. IE5 does partially
-support this extension: but it needs the 'ia5org' option because it will
-only correctly support a broken encoding. Of the options below only the
-policy OID, explicitText and CPS options are displayed with IE5.
-
-All the fields of this extension can be set by using the appropriate syntax.
-
-If you follow the PKIX recommendations of not including any qualifiers and just
-using only one OID then you just include the value of that OID. Multiple OIDs
-can be set separated by commas, for example:
-
-certificatePolicies= 1.2.4.5, 1.1.3.4
-
-If you wish to include qualifiers then the policy OID and qualifiers need to
-be specified in a separate section: this is done by using the @section syntax
-instead of a literal OID value.
-
-The section referred to must include the policy OID using the name
-policyIdentifier, cPSuri qualifiers can be included using the syntax:
-
-CPS.nnn=value
-
-userNotice qualifiers can be set using the syntax:
-
-userNotice.nnn=@notice
-
-The value of the userNotice qualifier is specified in the relevant section.
-This section can include explicitText, organization and noticeNumbers
-options. explicitText and organization are text strings, noticeNumbers is a
-comma separated list of numbers. The organization and noticeNumbers options
-(if included) must BOTH be present. If you use the userNotice option with IE5
-then you need the 'ia5org' option at the top level to modify the encoding:
-otherwise it will not be interpreted properly.
-
-Example:
-
-certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
-
-[polsect]
-
-policyIdentifier = 1.3.5.8
-CPS.1="http://my.host.name/"
-CPS.2="http://my.your.name/"
-userNotice.1=@notice
-
-[notice]
-
-explicitText="Explicit Text Here"
-organization="Organisation Name"
-noticeNumbers=1,2,3,4
-
-TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field,
-according to PKIX it should be of type DisplayText but Verisign uses an
-IA5STRING and IE5 needs this too.
-
-Display only extensions.
-
-Some extensions are only partially supported and currently are only displayed
-but cannot be set. These include private key usage period, CRL number, and
-CRL reason.
-
-==============================================================================
- X509V3 Extension code: programmers guide
-==============================================================================
-
-The purpose of the extension code is twofold. It allows an extension to be
-created from a string or structure describing its contents and it prints out an
-extension in a human or machine readable form.
-
-1. Initialisation and cleanup.
-
-No special initialisation is needed before calling the extension functions.
-You used to have to call X509V3_add_standard_extensions(); but this is no longer
-required and this function no longer does anything.
-
-void X509V3_EXT_cleanup(void);
-
-This function should be called to cleanup the extension code if any custom
-extensions have been added. If no custom extensions have been added then this
-call does nothing. After this call all custom extension code is freed up but
-you can still use the standard extensions.
-
-2. Printing and parsing extensions.
-
-The simplest way to print out extensions is via the standard X509 printing
-routines: if you use the standard X509_print() function, the supported
-extensions will be printed out automatically.
-
-The following functions allow finer control over extension display:
-
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
-int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-
-These two functions print out an individual extension to a BIO or FILE pointer.
-Currently the flag argument is unused and should be set to 0. The 'indent'
-argument is the number of spaces to indent each line.
-
-void *X509V3_EXT_d2i(X509_EXTENSION *ext);
-
-This function parses an extension and returns its internal structure. The
-precise structure you get back depends on the extension being parsed. If the
-extension if basicConstraints you will get back a pointer to a
-BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more
-details about the structures returned. The returned structure should be freed
-after use using the relevant free function, BASIC_CONSTRAINTS_free() for
-example.
-
-void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
-void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
-void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
-void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
-
-These functions combine the operations of searching for extensions and
-parsing them. They search a certificate, a CRL a CRL entry or a stack
-of extensions respectively for extension whose NID is 'nid' and return
-the parsed result of NULL if an error occurred. For example:
-
-BASIC_CONSTRAINTS *bs;
-bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
-
-This will search for the basicConstraints extension and either return
-it value or NULL. NULL can mean either the extension was not found, it
-occurred more than once or it could not be parsed.
-
-If 'idx' is NULL then an extension is only parsed if it occurs precisely
-once. This is standard behaviour because extensions normally cannot occur
-more than once. If however more than one extension of the same type can
-occur it can be used to parse successive extensions for example:
-
-int i;
-void *ext;
-
-i = -1;
-for(;;) {
- ext = X509_get_ext_d2i(x, nid, crit, &idx);
- if(ext == NULL) break;
- /* Do something with ext */
-}
-
-If 'crit' is not NULL and the extension was found then the int it points to
-is set to 1 for critical extensions and 0 for non critical. Therefore if the
-function returns NULL but 'crit' is set to 0 or 1 then the extension was
-found but it could not be parsed.
-
-The int pointed to by crit will be set to -1 if the extension was not found
-and -2 if the extension occurred more than once (this will only happen if
-idx is NULL). In both cases the function will return NULL.
-
-3. Generating extensions.
-
-An extension will typically be generated from a configuration file, or some
-other kind of configuration database.
-
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
- X509 *cert);
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
- X509_CRL *crl);
-
-These functions add all the extensions in the given section to the given
-certificate or CRL. They will normally be called just before the certificate
-or CRL is due to be signed. Both return 0 on error on non zero for success.
-
-In each case 'conf' is the LHASH pointer of the configuration file to use
-and 'section' is the section containing the extension details.
-
-See the 'context functions' section for a description of the ctx parameter.
-
-
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
- char *value);
-
-This function returns an extension based on a name and value pair, if the
-pair will not need to access other sections in a config file (or there is no
-config file) then the 'conf' parameter can be set to NULL.
-
-X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid,
- char *value);
-
-This function creates an extension in the same way as X509V3_EXT_conf() but
-takes the NID of the extension rather than its name.
-
-For example to produce basicConstraints with the CA flag and a path length of
-10:
-
-x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
-
-
-X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
-
-This function sets up an extension from its internal structure. The ext_nid
-parameter is the NID of the extension and 'crit' is the critical flag.
-
-4. Context functions.
-
-The following functions set and manipulate an extension context structure.
-The purpose of the extension context is to allow the extension code to
-access various structures relating to the "environment" of the certificate:
-for example the issuers certificate or the certificate request.
-
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
- X509_REQ *req, X509_CRL *crl, int flags);
-
-This function sets up an X509V3_CTX structure with details of the certificate
-environment: specifically the issuers certificate, the subject certificate,
-the certificate request and the CRL: if these are not relevant or not
-available then they can be set to NULL. The 'flags' parameter should be set
-to zero.
-
-X509V3_set_ctx_test(ctx)
-
-This macro is used to set the 'ctx' structure to a 'test' value: this is to
-allow the syntax of an extension (or configuration file) to be tested.
-
-X509V3_set_ctx_nodb(ctx)
-
-This macro is used when no configuration database is present.
-
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
-
-This function is used to set the configuration database when it is an LHASH
-structure: typically a configuration file.
-
-The following functions are used to access a configuration database: they
-should only be used in RAW extensions.
-
-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
-
-This function returns the value of the parameter "name" in "section", or NULL
-if there has been an error.
-
-void X509V3_string_free(X509V3_CTX *ctx, char *str);
-
-This function frees up the string returned by the above function.
-
-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
-
-This function returns a whole section as a STACK_OF(CONF_VALUE) .
-
-void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
-
-This function frees up the STACK returned by the above function.
-
-Note: it is possible to use the extension code with a custom configuration
-database. To do this the "db_meth" element of the X509V3_CTX structure should
-be set to an X509V3_CTX_METHOD structure. This structure contains the following
-function pointers:
-
-char * (*get_string)(void *db, char *section, char *value);
-STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
-void (*free_string)(void *db, char * string);
-void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
-
-these will be called and passed the 'db' element in the X509V3_CTX structure
-to access the database. If a given function is not implemented or not required
-it can be set to NULL.
-
-5. String helper functions.
-
-There are several "i2s" and "s2i" functions that convert structures to and
-from ASCII strings. In all the "i2s" cases the returned string should be
-freed using Free() after use. Since some of these are part of other extension
-code they may take a 'method' parameter. Unless otherwise stated it can be
-safely set to NULL.
-
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct);
-
-This returns a hex string from an ASN1_OCTET_STRING.
-
-char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
-char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
-
-These return a string decimal representations of an ASN1_INTEGER and an
-ASN1_ENUMERATED type, respectively.
-
-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
- X509V3_CTX *ctx, char *str);
-
-This converts an ASCII hex string to an ASN1_OCTET_STRING.
-
-ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
-
-This converts a decimal ASCII string into an ASN1_INTEGER.
-
-6. Multi valued extension helper functions.
-
-The following functions can be used to manipulate STACKs of CONF_VALUE
-structures, as used by multi valued extensions.
-
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
-
-This function expects a boolean value in 'value' and sets 'asn1_bool' to
-it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following
-strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE"
-"false", "N", "n", "NO" or "no".
-
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
-
-This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER.
-
-int X509V3_add_value(const char *name, const char *value,
- STACK_OF(CONF_VALUE) **extlist);
-
-This simply adds a string name and value pair.
-
-int X509V3_add_value_uchar(const char *name, const unsigned char *value,
- STACK_OF(CONF_VALUE) **extlist);
-
-The same as above but for an unsigned character value.
-
-int X509V3_add_value_bool(const char *name, int asn1_bool,
- STACK_OF(CONF_VALUE) **extlist);
-
-This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
-
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
- STACK_OF(CONF_VALUE) **extlist);
-
-This is the same as above except it adds nothing if asn1_bool is FALSE.
-
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
- STACK_OF(CONF_VALUE) **extlist);
-
-This function adds the value of the ASN1_INTEGER in decimal form.
-
-7. Other helper functions.
-
-<to be added>
-
-ADDING CUSTOM EXTENSIONS.
-
-Currently there are three types of supported extensions.
-
-String extensions are simple strings where the value is placed directly in the
-extensions, and the string returned is printed out.
-
-Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
-or return a STACK_OF(CONF_VALUE).
-
-Raw extensions are just passed a BIO or a value and it is the extensions
-responsibility to handle all the necessary printing.
-
-There are two ways to add an extension. One is simply as an alias to an already
-existing extension. An alias is an extension that is identical in ASN1 structure
-to an existing extension but has a different OBJECT IDENTIFIER. This can be
-done by calling:
-
-int X509V3_EXT_add_alias(int nid_to, int nid_from);
-
-'nid_to' is the new extension NID and 'nid_from' is the already existing
-extension NID.
-
-Alternatively an extension can be written from scratch. This involves writing
-the ASN1 code to encode and decode the extension and functions to print out and
-generate the extension from strings. The relevant functions are then placed in
-a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
-called.
-
-The X509V3_EXT_METHOD structure is described below.
-
-struct {
-int ext_nid;
-int ext_flags;
-X509V3_EXT_NEW ext_new;
-X509V3_EXT_FREE ext_free;
-X509V3_EXT_D2I d2i;
-X509V3_EXT_I2D i2d;
-X509V3_EXT_I2S i2s;
-X509V3_EXT_S2I s2i;
-X509V3_EXT_I2V i2v;
-X509V3_EXT_V2I v2i;
-X509V3_EXT_R2I r2i;
-X509V3_EXT_I2R i2r;
-
-void *usr_data;
-};
-
-The elements have the following meanings.
-
-ext_nid is the NID of the object identifier of the extension.
-
-ext_flags is set of flags. Currently the only external flag is
- X509V3_EXT_MULTILINE which means a multi valued extensions
- should be printed on separate lines.
-
-usr_data is an extension specific pointer to any relevant data. This
- allows extensions to share identical code but have different
- uses. An example of this is the bit string extension which uses
- usr_data to contain a list of the bit names.
-
-All the remaining elements are function pointers.
-
-ext_new is a pointer to a function that allocates memory for the
- extension ASN1 structure: for example ASN1_OBJECT_new().
-
-ext_free is a pointer to a function that free up memory of the extension
- ASN1 structure: for example ASN1_OBJECT_free().
-
-d2i is the standard ASN1 function that converts a DER buffer into
- the internal ASN1 structure: for example d2i_ASN1_IA5STRING().
-
-i2d is the standard ASN1 function that converts the internal
- structure into the DER representation: for example
- i2d_ASN1_IA5STRING().
-
-The remaining functions are depend on the type of extension. One i2X and
-one X2i should be set and the rest set to NULL. The types set do not need
-to match up, for example the extension could be set using the multi valued
-v2i function and printed out using the raw i2r.
-
-All functions have the X509V3_EXT_METHOD passed to them in the 'method'
-parameter and an X509V3_CTX structure. Extension code can then access the
-parent structure via the 'method' parameter to for example make use of the value
-of usr_data. If the code needs to use detail relating to the request it can
-use the 'ctx' parameter.
-
-A note should be given here about the 'flags' member of the 'ctx' parameter.
-If it has the value CTX_TEST then the configuration syntax is being checked
-and no actual certificate or CRL exists. Therefore any attempt in the config
-file to access such information should silently succeed. If the syntax is OK
-then it should simply return a (possibly bogus) extension, otherwise it
-should return NULL.
-
-char *i2s(struct v3_ext_method *method, void *ext);
-
-This function takes the internal structure in the ext parameter and returns
-a Malloc'ed string representing its value.
-
-void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
-
-This function takes the string representation in the ext parameter and returns
-an allocated internal structure: ext_free() will be used on this internal
-structure after use.
-
-i2v and v2i handle a STACK_OF(CONF_VALUE):
-
-typedef struct
-{
- char *section;
- char *name;
- char *value;
-} CONF_VALUE;
-
-Only the name and value members are currently used.
-
-STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext);
-
-This function is passed the internal structure in the ext parameter and
-returns a STACK of CONF_VALUE structures. The values of name, value,
-section and the structure itself will be freed up with Free after use.
-Several helper functions are available to add values to this STACK.
-
-void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx,
- STACK_OF(CONF_VALUE) *values);
-
-This function takes a STACK_OF(CONF_VALUE) structures and should set the
-values of the external structure. This typically uses the name element to
-determine which structure element to set and the value element to determine
-what to set it to. Several helper functions are available for this
-purpose (see above).
-
-int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
-
-This function is passed the internal extension structure in the ext parameter
-and sends out a human readable version of the extension to out. The 'indent'
-parameter should be noted to determine the necessary amount of indentation
-needed on the output.
-
-void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
-
-This is just passed the string representation of the extension. It is intended
-to be used for more elaborate extensions where the standard single and multi
-valued options are insufficient. They can use the 'ctx' parameter to parse the
-configuration database themselves. See the context functions section for details
-of how to do this.
-
-Note: although this type takes the same parameters as the "r2s" function there
-is a subtle difference. Whereas an "r2i" function can access a configuration
-database an "s2i" function MUST NOT. This is so the internal code can safely
-assume that an "s2i" function will work without a configuration database.
-
-==============================================================================
- PKCS#12 Library
-==============================================================================
-
-This section describes the internal PKCS#12 support. There are very few
-differences between the old external library and the new internal code at
-present. This may well change because the external library will not be updated
-much in future.
-
-This version now includes a couple of high level PKCS#12 functions which
-generally "do the right thing" and should make it much easier to handle PKCS#12
-structures.
-
-HIGH LEVEL FUNCTIONS.
-
-For most applications you only need concern yourself with the high level
-functions. They can parse and generate simple PKCS#12 files as produced by
-Netscape and MSIE or indeed any compliant PKCS#12 file containing a single
-private key and certificate pair.
-
-1. Initialisation and cleanup.
-
-No special initialisation is needed for the internal PKCS#12 library: the
-standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to
-add all algorithms (you should at least add SHA1 though) then you can manually
-initialise the PKCS#12 library with:
-
-PKCS12_PBE_add();
-
-The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is
-called or it can be directly freed with:
-
-EVP_PBE_cleanup();
-
-after this call (or EVP_cleanup() ) no more PKCS#12 library functions should
-be called.
-
-2. I/O functions.
-
-i2d_PKCS12_bio(bp, p12)
-
-This writes out a PKCS12 structure to a BIO.
-
-i2d_PKCS12_fp(fp, p12)
-
-This is the same but for a FILE pointer.
-
-d2i_PKCS12_bio(bp, p12)
-
-This reads in a PKCS12 structure from a BIO.
-
-d2i_PKCS12_fp(fp, p12)
-
-This is the same but for a FILE pointer.
-
-3. High level functions.
-
-3.1 Parsing with PKCS12_parse().
-
-int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
- STACK **ca);
-
-This function takes a PKCS12 structure and a password (ASCII, null terminated)
-and returns the private key, the corresponding certificate and any CA
-certificates. If any of these is not required it can be passed as a NULL.
-The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK
-structure. Typically to read in a PKCS#12 file you might do:
-
-p12 = d2i_PKCS12_fp(fp, NULL);
-PKCS12_parse(p12, password, &pkey, &cert, NULL); /* CAs not wanted */
-PKCS12_free(p12);
-
-3.2 PKCS#12 creation with PKCS12_create().
-
-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
- STACK *ca, int nid_key, int nid_cert, int iter,
- int mac_iter, int keytype);
-
-This function will create a PKCS12 structure from a given password, name,
-private key, certificate and optional STACK of CA certificates. The remaining
-5 parameters can be set to 0 and sensible defaults will be used.
-
-The parameters nid_key and nid_cert are the key and certificate encryption
-algorithms, iter is the encryption iteration count, mac_iter is the MAC
-iteration count and keytype is the type of private key. If you really want
-to know what these last 5 parameters do then read the low level section.
-
-Typically to create a PKCS#12 file the following could be used:
-
-p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
-i2d_PKCS12_fp(fp, p12);
-PKCS12_free(p12);
-
-3.3 Changing a PKCS#12 structure password.
-
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
-
-This changes the password of an already existing PKCS#12 structure. oldpass
-is the old password and newpass is the new one. An error occurs if the old
-password is incorrect.
-
-LOW LEVEL FUNCTIONS.
-
-In some cases the high level functions do not provide the necessary
-functionality. For example if you want to generate or parse more complex
-PKCS#12 files. The sample pkcs12 application uses the low level functions
-to display details about the internal structure of a PKCS#12 file.
-
-Introduction.
-
-This is a brief description of how a PKCS#12 file is represented internally:
-some knowledge of PKCS#12 is assumed.
-
-A PKCS#12 object contains several levels.
-
-At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a
-CRL, a private key, encrypted or unencrypted, a set of safebags (so the
-structure can be nested) or other secrets (not documented at present).
-A safebag can optionally have attributes, currently these are: a unicode
-friendlyName (a Unicode string) or a localKeyID (a string of bytes).
-
-At the next level is an authSafe which is a set of safebags collected into
-a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself.
-
-At the top level is the PKCS12 structure itself which contains a set of
-authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it
-contains a MAC which is a kind of password protected digest to preserve
-integrity (so any unencrypted stuff below can't be tampered with).
-
-The reason for these levels is so various objects can be encrypted in various
-ways. For example you might want to encrypt a set of private keys with
-triple-DES and then include the related certificates either unencrypted or
-with lower encryption. Yes it's the dreaded crypto laws at work again which
-allow strong encryption on private keys and only weak encryption on other
-stuff.
-
-To build one of these things you turn all certificates and keys into safebags
-(with optional attributes). You collect the safebags into (one or more) STACKS
-and convert these into authsafes (encrypted or unencrypted). The authsafes
-are collected into a STACK and added to a PKCS12 structure. Finally a MAC
-inserted.
-
-Pulling one apart is basically the reverse process. The MAC is verified against
-the given password. The authsafes are extracted and each authsafe split into
-a set of safebags (possibly involving decryption). Finally the safebags are
-decomposed into the original keys and certificates and the attributes used to
-match up private key and certificate pairs.
-
-Anyway here are the functions that do the dirty work.
-
-1. Construction functions.
-
-1.1 Safebag functions.
-
-M_PKCS12_x5092certbag(x509)
-
-This macro takes an X509 structure and returns a certificate bag. The
-X509 structure can be freed up after calling this function.
-
-M_PKCS12_x509crl2certbag(crl)
-
-As above but for a CRL.
-
-PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey)
-
-Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure.
-Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo
-structure contains a private key data in plain text form it should be free'd
-up as soon as it has been encrypted for security reasons (freeing up the
-structure zeros out the sensitive data). This can be done with
-PKCS8_PRIV_KEY_INFO_free().
-
-PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
-
-This sets the key type when a key is imported into MSIE or Outlook 98. Two
-values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type
-key that can also be used for signing but its size is limited in the export
-versions of MS software to 512 bits, it is also the default. KEY_SIG is a
-signing only key but the keysize is unlimited (well 16K is supposed to work).
-If you are using the domestic version of MSIE then you can ignore this because
-KEY_EX is not limited and can be used for both.
-
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
-
-Convert a PKCS8 private key structure into a keybag. This routine embeds the
-p8 structure in the keybag so p8 should not be freed up or used after it is
-called. The p8 structure will be freed up when the safebag is freed.
-
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
-
-Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not
-embedded and can be freed up after use.
-
-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
-int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
-
-Add a local key id or a friendlyname to a safebag.
-
-1.2 Authsafe functions.
-
-PKCS7 *PKCS12_pack_p7data(STACK *sk)
-Take a stack of safebags and convert them into an unencrypted authsafe. The
-stack of safebags can be freed up after calling this function.
-
-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags);
-
-As above but encrypted.
-
-1.3 PKCS12 functions.
-
-PKCS12 *PKCS12_init(int mode)
-
-Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data).
-
-M_PKCS12_pack_authsafes(p12, safes)
-
-This macro takes a STACK of authsafes and adds them to a PKCS#12 structure.
-
-int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type);
-
-Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests
-that SHA-1 should be used.
-
-2. Extraction Functions.
-
-2.1 Safebags.
-
-M_PKCS12_bag_type(bag)
-
-Return the type of "bag". Returns one of the following
-
-NID_keyBag
-NID_pkcs8ShroudedKeyBag 7
-NID_certBag 8
-NID_crlBag 9
-NID_secretBag 10
-NID_safeContentsBag 11
-
-M_PKCS12_cert_bag_type(bag)
-
-Returns type of certificate bag, following are understood.
-
-NID_x509Certificate 14
-NID_sdsiCertificate 15
-
-M_PKCS12_crl_bag_type(bag)
-
-Returns crl bag type, currently only NID_crlBag is recognised.
-
-M_PKCS12_certbag2x509(bag)
-
-This macro extracts an X509 certificate from a certificate bag.
-
-M_PKCS12_certbag2x509crl(bag)
-
-As above but for a CRL.
-
-EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
-
-Extract a private key from a PKCS8 private key info structure.
-
-M_PKCS12_decrypt_skey(bag, pass, passlen)
-
-Decrypt a shrouded key bag and return a PKCS8 private key info structure.
-Works with both RSA and DSA keys
-
-char *PKCS12_get_friendlyname(bag)
-
-Returns the friendlyName of a bag if present or NULL if none. The returned
-string is a null terminated ASCII string allocated with Malloc(). It should
-thus be freed up with Free() after use.
-
-2.2 AuthSafe functions.
-
-M_PKCS12_unpack_p7data(p7)
-
-Extract a STACK of safe bags from a PKCS#7 data ContentInfo.
-
-#define M_PKCS12_unpack_p7encdata(p7, pass, passlen)
-
-As above but for an encrypted content info.
-
-2.3 PKCS12 functions.
-
-M_PKCS12_unpack_authsafes(p12)
-
-Extract a STACK of authsafes from a PKCS12 structure.
-
-M_PKCS12_mac_present(p12)
-
-Check to see if a MAC is present.
-
-int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen)
-
-Verify a MAC on a PKCS12 structure. Returns an error if MAC not present.
-
-
-Notes.
-
-1. All the function return 0 or NULL on error.
-2. Encryption based functions take a common set of parameters. These are
-described below.
-
-pass, passlen
-ASCII password and length. The password on the MAC is called the "integrity
-password" the encryption password is called the "privacy password" in the
-PKCS#12 documentation. The passwords do not have to be the same. If -1 is
-passed for the length it is worked out by the function itself (currently
-this is sometimes done whatever is passed as the length but that may change).
-
-salt, saltlen
-A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a
-default length is used.
-
-iter
-Iteration count. This is a measure of how many times an internal function is
-called to encrypt the data. The larger this value is the longer it takes, it
-makes dictionary attacks on passwords harder. NOTE: Some implementations do
-not support an iteration count on the MAC. If the password for the MAC and
-encryption is the same then there is no point in having a high iteration
-count for encryption if the MAC has no count. The MAC could be attacked
-and the password used for the main decryption.
-
-pbe_nid
-This is the NID of the password based encryption method used. The following are
-supported.
-NID_pbe_WithSHA1And128BitRC4
-NID_pbe_WithSHA1And40BitRC4
-NID_pbe_WithSHA1And3_Key_TripleDES_CBC
-NID_pbe_WithSHA1And2_Key_TripleDES_CBC
-NID_pbe_WithSHA1And128BitRC2_CBC
-NID_pbe_WithSHA1And40BitRC2_CBC
-
-Which you use depends on the implementation you are exporting to. "Export
-grade" (i.e. cryptographically challenged) products cannot support all
-algorithms. Typically you may be able to use any encryption on shrouded key
-bags but they must then be placed in an unencrypted authsafe. Other authsafes
-may only support 40bit encryption. Of course if you are using SSLeay
-throughout you can strongly encrypt everything and have high iteration counts
-on everything.
-
-3. For decryption routines only the password and length are needed.
-
-4. Unlike the external version the nid's of objects are the values of the
-constants: that is NID_certBag is the real nid, therefore there is no
-PKCS12_obj_offset() function. Note the object constants are not the same as
-those of the external version. If you use these constants then you will need
-to recompile your code.
-
-5. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or
-macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be
-reused or freed up safely.
-
diff --git a/crypto/openssl/doc/openssl_button.gif b/crypto/openssl/doc/openssl_button.gif
deleted file mode 100644
index 3d3c90c..0000000
--- a/crypto/openssl/doc/openssl_button.gif
+++ /dev/null
Binary files differ
diff --git a/crypto/openssl/doc/openssl_button.html b/crypto/openssl/doc/openssl_button.html
deleted file mode 100644
index 44c91bd..0000000
--- a/crypto/openssl/doc/openssl_button.html
+++ /dev/null
@@ -1,7 +0,0 @@
-
-<!-- the `Includes OpenSSL Cryptogaphy Software' button -->
-<!-- freely usable by any application linked against OpenSSL -->
-<a href="http://www.openssl.org/">
-<img src="openssl_button.gif"
- width=102 height=47 border=0></a>
-
diff --git a/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod b/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod
deleted file mode 100644
index f81f692..0000000
--- a/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod
+++ /dev/null
@@ -1,112 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- const char *SSL_CIPHER_get_name(const SSL_CIPHER *cipher);
- int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, int *alg_bits);
- char *SSL_CIPHER_get_version(const SSL_CIPHER *cipher);
- char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size);
-
-=head1 DESCRIPTION
-
-SSL_CIPHER_get_name() returns a pointer to the name of B<cipher>. If the
-argument is the NULL pointer, a pointer to the constant value "NONE" is
-returned.
-
-SSL_CIPHER_get_bits() returns the number of secret bits used for B<cipher>. If
-B<alg_bits> is not NULL, it contains the number of bits processed by the
-chosen algorithm. If B<cipher> is NULL, 0 is returned.
-
-SSL_CIPHER_get_version() returns the protocol version for B<cipher>, currently
-"SSLv2", "SSLv3", or "TLSv1". If B<cipher> is NULL, "(NONE)" is returned.
-
-SSL_CIPHER_description() returns a textual description of the cipher used
-into the buffer B<buf> of length B<len> provided. B<len> must be at least
-128 bytes, otherwise a pointer to the the string "Buffer too small" is
-returned. If B<buf> is NULL, a buffer of 128 bytes is allocated using
-OPENSSL_malloc(). If the allocation fails, a pointer to the string
-"OPENSSL_malloc Error" is returned.
-
-=head1 NOTES
-
-The number of bits processed can be different from the secret bits. An
-export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The algorithm
-does use the full 128 bits (which would be returned for B<alg_bits>), of
-which however 88bits are fixed. The search space is hence only 40 bits.
-
-The string returned by SSL_CIPHER_description() in case of success consists
-of cleartext information separated by one or more blanks in the following
-sequence:
-
-=over 4
-
-=item <ciphername>
-
-Textual representation of the cipher name.
-
-=item <protocol version>
-
-Protocol version: B<SSLv2>, B<SSLv3>. The TLSv1 ciphers are flagged with SSLv3.
-
-=item Kx=<key exchange>
-
-Key exchange method: B<RSA> (for export ciphers as B<RSA(512)> or
-B<RSA(1024)>), B<DH> (for export ciphers as B<DH(512)> or B<DH(1024)>),
-B<DH/RSA>, B<DH/DSS>, B<Fortezza>.
-
-=item Au=<authentication>
-
-Authentication method: B<RSA>, B<DSS>, B<DH>, B<None>. None is the
-representation of anonymous ciphers.
-
-=item Enc=<symmetric encryption method>
-
-Encryption method with number of secret bits: B<DES(40)>, B<DES(56)>,
-B<3DES(168)>, B<RC4(40)>, B<RC4(56)>, B<RC4(64)>, B<RC4(128)>,
-B<RC2(40)>, B<RC2(56)>, B<RC2(128)>, B<IDEA(128)>, B<Fortezza>, B<None>.
-
-=item Mac=<message authentication code>
-
-Message digest: B<MD5>, B<SHA1>.
-
-=item <export flag>
-
-If the cipher is flagged exportable with respect to old US crypto
-regulations, the word "B<export>" is printed.
-
-=back
-
-=head1 EXAMPLES
-
-Some examples for the output of SSL_CIPHER_description():
-
- EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
- EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
- RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
- EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
-
-=head1 BUGS
-
-If SSL_CIPHER_description() is called with B<cipher> being NULL, the
-library crashes.
-
-If SSL_CIPHER_description() cannot handle a built-in cipher, the according
-description of the cipher property is B<unknown>. This case should not
-occur.
-
-=head1 RETURN VALUES
-
-See DESCRIPTION
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_get_current_cipher(3)|SSL_get_current_cipher(3)>,
-L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, L<ciphers(1)|ciphers(1)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod b/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
deleted file mode 100644
index 42fa66b..0000000
--- a/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
+++ /dev/null
@@ -1,70 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_COMP_add_compression_method - handle SSL/TLS integrated compression methods
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
-
-=head1 DESCRIPTION
-
-SSL_COMP_add_compression_method() adds the compression method B<cm> with
-the identifier B<id> to the list of available compression methods. This
-list is globally maintained for all SSL operations within this application.
-It cannot be set for specific SSL_CTX or SSL objects.
-
-=head1 NOTES
-
-The TLS standard (or SSLv3) allows the integration of compression methods
-into the communication. The TLS RFC does however not specify compression
-methods or their corresponding identifiers, so there is currently no compatible
-way to integrate compression with unknown peers. It is therefore currently not
-recommended to integrate compression into applications. Applications for
-non-public use may agree on certain compression methods. Using different
-compression methods with the same identifier will lead to connection failure.
-
-An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1)
-will unconditionally send the list of all compression methods enabled with
-SSL_COMP_add_compression_method() to the server during the handshake.
-Unlike the mechanisms to set a cipher list, there is no method available to
-restrict the list of compression method on a per connection basis.
-
-An OpenSSL server will match the identifiers listed by a client against
-its own compression methods and will unconditionally activate compression
-when a matching identifier is found. There is no way to restrict the list
-of compression methods supported on a per connection basis.
-
-The OpenSSL library has the compression methods B<COMP_rle()> and (when
-especially enabled during compilation) B<COMP_zlib()> available.
-
-=head1 WARNINGS
-
-Once the identities of the compression methods for the TLS protocol have
-been standardized, the compression API will most likely be changed. Using
-it in the current state is not recommended.
-
-=head1 RETURN VALUES
-
-SSL_COMP_add_compression_method() may return the following values:
-
-=over 4
-
-=item 0
-
-The operation succeeded.
-
-=item 1
-
-The operation failed. Check the error queue to find out the reason.
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
deleted file mode 100644
index ee28f5c..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
+++ /dev/null
@@ -1,39 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_add_extra_chain_cert - add certificate to chain
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509)
-
-=head1 DESCRIPTION
-
-SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the certificate
-chain presented together with the certificate. Several certificates
-can be added one after the other.
-
-=head1 NOTES
-
-When constructing the certificate chain, the chain will be formed from
-these certificates explicitly specified. If no chain is specified,
-the library will try to complete the chain from the available CA
-certificates in the trusted CA storage, see
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
-
-=head1 RETURN VALUES
-
-SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the
-error stack to find out the reason for failure otherwise.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
-L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod b/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
deleted file mode 100644
index 82676b2..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
+++ /dev/null
@@ -1,73 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session - manipulate session cache
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);
- int SSL_add_session(SSL_CTX *ctx, SSL_SESSION *c);
-
- int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
- int SSL_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
-
-=head1 DESCRIPTION
-
-SSL_CTX_add_session() adds the session B<c> to the context B<ctx>. The
-reference count for session B<c> is incremented by 1. If a session with
-the same session id already exists, the old session is removed by calling
-L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
-
-SSL_CTX_remove_session() removes the session B<c> from the context B<ctx>.
-L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> is called once for B<c>.
-
-SSL_add_session() and SSL_remove_session() are synonyms for their
-SSL_CTX_*() counterparts.
-
-=head1 NOTES
-
-When adding a new session to the internal session cache, it is examined
-whether a session with the same session id already exists. In this case
-it is assumed that both sessions are identical. If the same session is
-stored in a different SSL_SESSION object, The old session is
-removed and replaced by the new session. If the session is actually
-identical (the SSL_SESSION object is identical), SSL_CTX_add_session()
-is a no-op, and the return value is 0.
-
-If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE
-flag then the internal cache will not be populated automatically by new
-sessions negotiated by the SSL/TLS implementation, even though the internal
-cache will be searched automatically for session-resume requests (the
-latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
-application can use SSL_CTX_add_session() directly to have full control
-over the sessions that can be resumed if desired.
-
-
-=head1 RETURN VALUES
-
-The following values are returned by all functions:
-
-=over 4
-
-=item 0
-
- The operation failed. In case of the add operation, it was tried to add
- the same (identical) session twice. In case of the remove operation, the
- session was not found in the cache.
-
-=item 1
-
- The operation succeeded.
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
-L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod b/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod
deleted file mode 100644
index fb6adcf..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod
+++ /dev/null
@@ -1,34 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal handling functions for SSL_CTX and SSL objects
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
- long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)());
-
- long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
- long SSL_callback_ctrl(SSL *, int cmd, void (*fp)());
-
-=head1 DESCRIPTION
-
-The SSL_*_ctrl() family of functions is used to manipulate settings of
-the SSL_CTX and SSL objects. Depending on the command B<cmd> the arguments
-B<larg>, B<parg>, or B<fp> are evaluated. These functions should never
-be called directly. All functionalities needed are made available via
-other functions or macros.
-
-=head1 RETURN VALUES
-
-The return values of the SSL*_ctrl() functions depend on the command
-supplied via the B<cmd> parameter.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_flush_sessions.pod b/crypto/openssl/doc/ssl/SSL_CTX_flush_sessions.pod
deleted file mode 100644
index 148c36c..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_flush_sessions.pod
+++ /dev/null
@@ -1,49 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_flush_sessions, SSL_flush_sessions - remove expired sessions
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
- void SSL_flush_sessions(SSL_CTX *ctx, long tm);
-
-=head1 DESCRIPTION
-
-SSL_CTX_flush_sessions() causes a run through the session cache of
-B<ctx> to remove sessions expired at time B<tm>.
-
-SSL_flush_sessions() is a synonym for SSL_CTX_flush_sessions().
-
-=head1 NOTES
-
-If enabled, the internal session cache will collect all sessions established
-up to the specified maximum number (see SSL_CTX_sess_set_cache_size()).
-As sessions will not be reused ones they are expired, they should be
-removed from the cache to save resources. This can either be done
- automatically whenever 255 new sessions were established (see
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>)
-or manually by calling SSL_CTX_flush_sessions().
-
-The parameter B<tm> specifies the time which should be used for the
-expiration test, in most cases the actual time given by time(0)
-will be used.
-
-SSL_CTX_flush_sessions() will only check sessions stored in the internal
-cache. When a session is found and removed, the remove_session_cb is however
-called to synchronize with the external cache (see
-L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>).
-
-=head1 RETURN VALUES
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
-L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
-L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_free.pod b/crypto/openssl/doc/ssl/SSL_CTX_free.pod
deleted file mode 100644
index 51d8676..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_free.pod
+++ /dev/null
@@ -1,41 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_free - free an allocated SSL_CTX object
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_free(SSL_CTX *ctx);
-
-=head1 DESCRIPTION
-
-SSL_CTX_free() decrements the reference count of B<ctx>, and removes the
-SSL_CTX object pointed to by B<ctx> and frees up the allocated memory if the
-the reference count has reached 0.
-
-It also calls the free()ing procedures for indirectly affected items, if
-applicable: the session cache, the list of ciphers, the list of Client CAs,
-the certificates and keys.
-
-=head1 WARNINGS
-
-If a session-remove callback is set (SSL_CTX_sess_set_remove_cb()), this
-callback will be called for each session being freed from B<ctx>'s
-session cache. This implies, that all corresponding sessions from an
-external session cache are removed as well. If this is not desired, the user
-should explicitly unset the callback by calling
-SSL_CTX_sess_set_remove_cb(B<ctx>, NULL) prior to calling SSL_CTX_free().
-
-=head1 RETURN VALUES
-
-SSL_CTX_free() does not provide diagnostic information.
-
-=head1 SEE ALSO
-
-L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>,
-L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod b/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod
deleted file mode 100644
index 0c40a91..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod
+++ /dev/null
@@ -1,53 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data - internal application specific data functions
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_CTX_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
-
- int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg);
-
- void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx);
-
- typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
- typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
- typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
- int idx, long argl, void *argp);
-
-=head1 DESCRIPTION
-
-Several OpenSSL structures can have application specific data attached to them.
-These functions are used internally by OpenSSL to manipulate application
-specific data attached to a specific structure.
-
-SSL_CTX_get_ex_new_index() is used to register a new index for application
-specific data.
-
-SSL_CTX_set_ex_data() is used to store application data at B<arg> for B<idx>
-into the B<ctx> object.
-
-SSL_CTX_get_ex_data() is used to retrieve the information for B<idx> from
-B<ctx>.
-
-A detailed description for the B<*_get_ex_new_index()> functionality
-can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
-The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
-L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
-L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_get_verify_mode.pod b/crypto/openssl/doc/ssl/SSL_CTX_get_verify_mode.pod
deleted file mode 100644
index 2a3747e..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_get_verify_mode.pod
+++ /dev/null
@@ -1,50 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback - get currently set verification parameters
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
- int SSL_get_verify_mode(const SSL *ssl);
- int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
- int SSL_get_verify_depth(const SSL *ssl);
- int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
- int (*SSL_get_verify_callback(const SSL *ssl))(int, X509_STORE_CTX *);
-
-=head1 DESCRIPTION
-
-SSL_CTX_get_verify_mode() returns the verification mode currently set in
-B<ctx>.
-
-SSL_get_verify_mode() returns the verification mode currently set in
-B<ssl>.
-
-SSL_CTX_get_verify_depth() returns the verification depth limit currently set
-in B<ctx>. If no limit has been explicitly set, -1 is returned and the
-default value will be used.
-
-SSL_get_verify_depth() returns the verification depth limit currently set
-in B<ssl>. If no limit has been explicitly set, -1 is returned and the
-default value will be used.
-
-SSL_CTX_get_verify_callback() returns a function pointer to the verification
-callback currently set in B<ctx>. If no callback was explicitly set, the
-NULL pointer is returned and the default callback will be used.
-
-SSL_get_verify_callback() returns a function pointer to the verification
-callback currently set in B<ssl>. If no callback was explicitly set, the
-NULL pointer is returned and the default callback will be used.
-
-=head1 RETURN VALUES
-
-See DESCRIPTION
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod b/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod
deleted file mode 100644
index 84a799f..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod
+++ /dev/null
@@ -1,124 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_load_verify_locations - set default locations for trusted CA
-certificates
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
- const char *CApath);
-
-=head1 DESCRIPTION
-
-SSL_CTX_load_verify_locations() specifies the locations for B<ctx>, at
-which CA certificates for verification purposes are located. The certificates
-available via B<CAfile> and B<CApath> are trusted.
-
-=head1 NOTES
-
-If B<CAfile> is not NULL, it points to a file of CA certificates in PEM
-format. The file can contain several CA certificates identified by
-
- -----BEGIN CERTIFICATE-----
- ... (CA certificate in base64 encoding) ...
- -----END CERTIFICATE-----
-
-sequences. Before, between, and after the certificates text is allowed
-which can be used e.g. for descriptions of the certificates.
-
-The B<CAfile> is processed on execution of the SSL_CTX_load_verify_locations()
-function.
-
-If B<CApath> is not NULL, it points to a directory containing CA certificates
-in PEM format. The files each contain one CA certificate. The files are
-looked up by the CA subject name hash value, which must hence be available.
-If more than one CA certificate with the same name hash value exist, the
-extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search
-is performed in the ordering of the extension number, regardless of other
-properties of the certificates.
-Use the B<c_rehash> utility to create the necessary links.
-
-The certificates in B<CApath> are only looked up when required, e.g. when
-building the certificate chain or when actually performing the verification
-of a peer certificate.
-
-When looking up CA certificates, the OpenSSL library will first search the
-certificates in B<CAfile>, then those in B<CApath>. Certificate matching
-is done based on the subject name, the key identifier (if present), and the
-serial number as taken from the certificate to be verified. If these data
-do not match, the next certificate will be tried. If a first certificate
-matching the parameters is found, the verification process will be performed;
-no other certificates for the same parameters will be searched in case of
-failure.
-
-In server mode, when requesting a client certificate, the server must send
-the list of CAs of which it will accept client certificates. This list
-is not influenced by the contents of B<CAfile> or B<CApath> and must
-explicitly be set using the
-L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>
-family of functions.
-
-When building its own certificate chain, an OpenSSL client/server will
-try to fill in missing certificates from B<CAfile>/B<CApath>, if the
-certificate chain was not explicitly specified (see
-L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
-L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>.
-
-=head1 WARNINGS
-
-If several CA certificates matching the name, key identifier, and serial
-number condition are available, only the first one will be examined. This
-may lead to unexpected results if the same CA certificate is available
-with different expiration dates. If a "certificate expired" verification
-error occurs, no other certificate will be searched. Make sure to not
-have expired certificates mixed with valid ones.
-
-=head1 EXAMPLES
-
-Generate a CA certificate file with descriptive text from the CA certificates
-ca1.pem ca2.pem ca3.pem:
-
- #!/bin/sh
- rm CAfile.pem
- for i in ca1.pem ca2.pem ca3.pem ; do
- openssl x509 -in $i -text >> CAfile.pem
- done
-
-Prepare the directory /some/where/certs containing several CA certificates
-for use as B<CApath>:
-
- cd /some/where/certs
- c_rehash .
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item 0
-
-The operation failed because B<CAfile> and B<CApath> are NULL or the
-processing at one of the locations specified failed. Check the error
-stack to find out the reason.
-
-=item 1
-
-The operation succeeded.
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
-L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
-L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
-L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
-L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_new.pod b/crypto/openssl/doc/ssl/SSL_CTX_new.pod
deleted file mode 100644
index 465220a..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_new.pod
+++ /dev/null
@@ -1,94 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- SSL_CTX *SSL_CTX_new(SSL_METHOD *method);
-
-=head1 DESCRIPTION
-
-SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish
-TLS/SSL enabled connections.
-
-=head1 NOTES
-
-The SSL_CTX object uses B<method> as connection method. The methods exist
-in a generic type (for client and server use), a server only type, and a
-client only type. B<method> can be of the following types:
-
-=over 4
-
-=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)
-
-A TLS/SSL connection established with these methods will only understand
-the SSLv2 protocol. A client will send out SSLv2 client hello messages
-and will also indicate that it only understand SSLv2. A server will only
-understand SSLv2 client hello messages.
-
-=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
-
-A TLS/SSL connection established with these methods will only understand the
-SSLv3 protocol. A client will send out SSLv3 client hello messages
-and will indicate that it only understands SSLv3. A server will only understand
-SSLv3 client hello messages. This especially means, that it will
-not understand SSLv2 client hello messages which are widely used for
-compatibility reasons, see SSLv23_*_method().
-
-=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)
-
-A TLS/SSL connection established with these methods will only understand the
-TLSv1 protocol. A client will send out TLSv1 client hello messages
-and will indicate that it only understands TLSv1. A server will only understand
-TLSv1 client hello messages. This especially means, that it will
-not understand SSLv2 client hello messages which are widely used for
-compatibility reasons, see SSLv23_*_method(). It will also not understand
-SSLv3 client hello messages.
-
-=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
-
-A TLS/SSL connection established with these methods will understand the SSLv2,
-SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
-and will indicate that it also understands SSLv3 and TLSv1. A server will
-understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
-choice when compatibility is a concern.
-
-=back
-
-The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
-SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
-B<SSL_set_options()> functions. Using these options it is possible to choose
-e.g. SSLv23_server_method() and be able to negotiate with all possible
-clients, but to only allow newer protocols like SSLv3 or TLSv1.
-
-SSL_CTX_new() initializes the list of ciphers, the session cache setting,
-the callbacks, the keys and certificates, and the options to its default
-values.
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item NULL
-
-The creation of a new SSL_CTX object failed. Check the error stack to
-find out the reason.
-
-=item Pointer to an SSL_CTX object
-
-The return value points to an allocated SSL_CTX object.
-
-=back
-
-=head1 SEE ALSO
-
-L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,
-L<ssl(3)|ssl(3)>, L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_sess_number.pod b/crypto/openssl/doc/ssl/SSL_CTX_sess_number.pod
deleted file mode 100644
index 19aa4e2..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_sess_number.pod
+++ /dev/null
@@ -1,76 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full - obtain session cache statistics
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_CTX_sess_number(SSL_CTX *ctx);
- long SSL_CTX_sess_connect(SSL_CTX *ctx);
- long SSL_CTX_sess_connect_good(SSL_CTX *ctx);
- long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);
- long SSL_CTX_sess_accept(SSL_CTX *ctx);
- long SSL_CTX_sess_accept_good(SSL_CTX *ctx);
- long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);
- long SSL_CTX_sess_hits(SSL_CTX *ctx);
- long SSL_CTX_sess_cb_hits(SSL_CTX *ctx);
- long SSL_CTX_sess_misses(SSL_CTX *ctx);
- long SSL_CTX_sess_timeouts(SSL_CTX *ctx);
- long SSL_CTX_sess_cache_full(SSL_CTX *ctx);
-
-=head1 DESCRIPTION
-
-SSL_CTX_sess_number() returns the current number of sessions in the internal
-session cache.
-
-SSL_CTX_sess_connect() returns the number of started SSL/TLS handshakes in
-client mode.
-
-SSL_CTX_sess_connect_good() returns the number of successfully established
-SSL/TLS sessions in client mode.
-
-SSL_CTX_sess_connect_renegotiate() returns the number of start renegotiations
-in client mode.
-
-SSL_CTX_sess_accept() returns the number of started SSL/TLS handshakes in
-server mode.
-
-SSL_CTX_sess_accept_good() returns the number of successfully established
-SSL/TLS sessions in server mode.
-
-SSL_CTX_sess_accept_renegotiate() returns the number of start renegotiations
-in server mode.
-
-SSL_CTX_sess_hits() returns the number of successfully reused sessions.
-In client mode a session set with L<SSL_set_session(3)|SSL_set_session(3)>
-successfully reused is counted as a hit. In server mode a session successfully
-retrieved from internal or external cache is counted as a hit.
-
-SSL_CTX_sess_cb_hits() returns the number of successfully retrieved sessions
-from the external session cache in server mode.
-
-SSL_CTX_sess_misses() returns the number of sessions proposed by clients
-that were not found in the internal session cache in server mode.
-
-SSL_CTX_sess_timeouts() returns the number of sessions proposed by clients
-and either found in the internal or external session cache in server mode,
- but that were invalid due to timeout. These sessions are not included in
-the SSL_CTX_sess_hits() count.
-
-SSL_CTX_sess_cache_full() returns the number of sessions that were removed
-because the maximum session cache size was exceeded.
-
-=head1 RETURN VALUES
-
-The functions return the values indicated in the DESCRIPTION section.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
-L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod b/crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod
deleted file mode 100644
index c8b99f4..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod
+++ /dev/null
@@ -1,51 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size - manipulate session cache size
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t);
- long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);
-
-=head1 DESCRIPTION
-
-SSL_CTX_sess_set_cache_size() sets the size of the internal session cache
-of context B<ctx> to B<t>.
-
-SSL_CTX_sess_get_cache_size() returns the currently valid session cache size.
-
-=head1 NOTES
-
-The internal session cache size is SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,
-currently 1024*20, so that up to 20000 sessions can be held. This size
-can be modified using the SSL_CTX_sess_set_cache_size() call. A special
-case is the size 0, which is used for unlimited size.
-
-When the maximum number of sessions is reached, no more new sessions are
-added to the cache. New space may be added by calling
-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> to remove
-expired sessions.
-
-If the size of the session cache is reduced and more sessions are already
-in the session cache, old session will be removed at the next time a
-session shall be added. This removal is not synchronized with the
-expiration of sessions.
-
-=head1 RETURN VALUES
-
-SSL_CTX_sess_set_cache_size() returns the previously valid size.
-
-SSL_CTX_sess_get_cache_size() returns the currently valid size.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
-L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod
deleted file mode 100644
index b9d54a4..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod
+++ /dev/null
@@ -1,87 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb - provide callback functions for server side external session caching
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
- int (*new_session_cb)(SSL *, SSL_SESSION *));
- void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
- void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *));
- void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
- SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *));
-
- int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
- void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
- SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *data, int len, int *copy);
-
- int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
- void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
- SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
- int len, int *copy);
-
-=head1 DESCRIPTION
-
-SSL_CTX_sess_set_new_cb() sets the callback function, which is automatically
-called whenever a new session was negotiated.
-
-SSL_CTX_sess_set_remove_cb() sets the callback function, which is
-automatically called whenever a session is removed by the SSL engine,
-because it is considered faulty or the session has become obsolete because
-of exceeding the timeout value.
-
-SSL_CTX_sess_set_get_cb() sets the callback function which is called,
-whenever a SSL/TLS client proposed to resume a session but the session
-could not be found in the internal session cache (see
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>).
-(SSL/TLS server only.)
-
-SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and
-SSL_CTX_sess_get_get_cb() allow to retrieve the function pointers of the
-provided callback functions. If a callback function has not been set,
-the NULL pointer is returned.
-
-=head1 NOTES
-
-In order to allow external session caching, synchronization with the internal
-session cache is realized via callback functions. Inside these callback
-functions, session can be saved to disk or put into a database using the
-L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)> interface.
-
-The new_session_cb() is called, whenever a new session has been negotiated
-and session caching is enabled (see
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>).
-The new_session_cb() is passed the B<ssl> connection and the ssl session
-B<sess>. If the callback returns B<0>, the session will be immediately
-removed again.
-
-The remove_session_cb() is called, whenever the SSL engine removes a session
-from the internal cache. This happens when the session is removed because
-it is expired or when a connection was not shutdown cleanly. It also happens
-for all sessions in the internal session cache when
-L<SSL_CTX_free(3)|SSL_CTX_free(3)> is called. The remove_session_cb() is passed
-the B<ctx> and the ssl session B<sess>. It does not provide any feedback.
-
-The get_session_cb() is only called on SSL/TLS servers with the session id
-proposed by the client. The get_session_cb() is always called, also when
-session caching was disabled. The get_session_cb() is passed the
-B<ssl> connection, the session id of length B<length> at the memory location
-B<data>. With the parameter B<copy> the callback can require the
-SSL engine to increment the reference count of the SSL_SESSION object,
-Normally the reference count is not incremented and therefore the
-session must not be explicitly freed with
-L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
-L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
-L<SSL_CTX_free(3)|SSL_CTX_free(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_sessions.pod b/crypto/openssl/doc/ssl/SSL_CTX_sessions.pod
deleted file mode 100644
index e05aab3..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_sessions.pod
+++ /dev/null
@@ -1,34 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_sessions - access internal session cache
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
-
-=head1 DESCRIPTION
-
-SSL_CTX_sessions() returns a pointer to the lhash databases containing the
-internal session cache for B<ctx>.
-
-=head1 NOTES
-
-The sessions in the internal session cache are kept in an
-L<lhash(3)|lhash(3)> type database. It is possible to directly
-access this database e.g. for searching. In parallel, the sessions
-form a linked list which is maintained separately from the
-L<lhash(3)|lhash(3)> operations, so that the database must not be
-modified directly but by using the
-L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)> family of functions.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<lhash(3)|lhash(3)>,
-L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod
deleted file mode 100644
index 6acf0d9..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod
+++ /dev/null
@@ -1,57 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
- X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_cert_store() sets/replaces the certificate verification storage
-of B<ctx> to/with B<store>. If another X509_STORE object is currently
-set in B<ctx>, it will be X509_STORE_free()ed.
-
-SSL_CTX_get_cert_store() returns a pointer to the current certificate
-verification storage.
-
-=head1 NOTES
-
-In order to verify the certificates presented by the peer, trusted CA
-certificates must be accessed. These CA certificates are made available
-via lookup methods, handled inside the X509_STORE. From the X509_STORE
-the X509_STORE_CTX used when verifying certificates is created.
-
-Typically the trusted certificate store is handled indirectly via using
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
-Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions
-it is possible to manipulate the X509_STORE object beyond the
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
-call.
-
-Currently no detailed documentation on how to use the X509_STORE
-object is available. Not all members of the X509_STORE are used when
-the verification takes place. So will e.g. the verify_callback() be
-overridden with the verify_callback() set via the
-L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> family of functions.
-This document must therefore be updated when documentation about the
-X509_STORE object and its handling becomes available.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_cert_store() does not return diagnostic output.
-
-SSL_CTX_get_cert_store() returns the current setting.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
-L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
deleted file mode 100644
index c0f4f85..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
+++ /dev/null
@@ -1,75 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_cert_verify_callback() sets the verification callback function for
-I<ctx>. SSL objects that are created from I<ctx> inherit the setting valid at
-the time when L<SSL_new(3)|SSL_new(3)> is called.
-
-=head1 NOTES
-
-Whenever a certificate is verified during a SSL/TLS handshake, a verification
-function is called. If the application does not explicitly specify a
-verification callback function, the built-in verification function is used.
-If a verification callback I<callback> is specified via
-SSL_CTX_set_cert_verify_callback(), the supplied callback function is called
-instead. By setting I<callback> to NULL, the default behaviour is restored.
-
-When the verification must be performed, I<callback> will be called with
-the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The
-argument I<arg> is specified by the application when setting I<callback>.
-
-I<callback> should return 1 to indicate verification success and 0 to
-indicate verification failure. If SSL_VERIFY_PEER is set and I<callback>
-returns 0, the handshake will fail. As the verification procedure may
-allow to continue the connection in case of failure (by always returning 1)
-the verification result must be set in any case using the B<error>
-member of I<x509_store_ctx> so that the calling application will be informed
-about the detailed result of the verification procedure!
-
-Within I<x509_store_ctx>, I<callback> has access to the I<verify_callback>
-function set using L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>.
-
-=head1 WARNINGS
-
-Do not mix the verification callback described in this function with the
-B<verify_callback> function called during the verification process. The
-latter is set using the L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
-family of functions.
-
-Providing a complete verification procedure including certificate purpose
-settings etc is a complex task. The built-in procedure is quite powerful
-and in most cases it should be sufficient to modify its behaviour using
-the B<verify_callback> function.
-
-=head1 BUGS
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_cert_verify_callback() does not provide diagnostic information.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
-L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
-
-=head1 HISTORY
-
-Previous to OpenSSL 0.9.7, the I<arg> argument to B<SSL_CTX_set_cert_verify_callback>
-was ignored, and I<callback> was called simply as
- int (*callback)(X509_STORE_CTX *)
-To compile software written for previous versions of OpenSSL, a dummy
-argument will have to be added to I<callback>.
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod
deleted file mode 100644
index ed64f64..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod
+++ /dev/null
@@ -1,70 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_cipher_list, SSL_set_cipher_list - choose list of available SSL_CIPHERs
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
- int SSL_set_cipher_list(SSL *ssl, const char *str);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_cipher_list() sets the list of available ciphers for B<ctx>
-using the control string B<str>. The format of the string is described
-in L<ciphers(1)|ciphers(1)>. The list of ciphers is inherited by all
-B<ssl> objects created from B<ctx>.
-
-SSL_set_cipher_list() sets the list of ciphers only for B<ssl>.
-
-=head1 NOTES
-
-The control string B<str> should be universally usable and not depend
-on details of the library configuration (ciphers compiled in). Thus no
-syntax checking takes place. Items that are not recognized, because the
-corresponding ciphers are not compiled in or because they are mistyped,
-are simply ignored. Failure is only flagged if no ciphers could be collected
-at all.
-
-It should be noted, that inclusion of a cipher to be used into the list is
-a necessary condition. On the client side, the inclusion into the list is
-also sufficient. On the server side, additional restrictions apply. All ciphers
-have additional requirements. ADH ciphers don't need a certificate, but
-DH-parameters must have been set. All other ciphers need a corresponding
-certificate and key.
-
-A RSA cipher can only be chosen, when a RSA certificate is available.
-RSA export ciphers with a keylength of 512 bits for the RSA key require
-a temporary 512 bit RSA key, as typically the supplied key has a length
-of 1024 bit (see
-L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
-RSA ciphers using EDH need a certificate and key and additional DH-parameters
-(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
-
-A DSA cipher can only be chosen, when a DSA certificate is available.
-DSA ciphers always use DH key exchange and therefore need DH-parameters
-(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
-
-When these conditions are not met for any cipher in the list (e.g. a
-client only supports export RSA ciphers with a asymmetric key length
-of 512 bits and the server is not configured to use temporary RSA
-keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
-and the handshake will fail.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher
-could be selected and 0 on complete failure.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
-L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
-L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
-L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
-L<ciphers(1)|ciphers(1)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
deleted file mode 100644
index 632b556..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
+++ /dev/null
@@ -1,94 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
-SSL_add_client_CA - set list of CAs sent to the client when requesting a
-client certificate
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
- void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
- int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
- int SSL_add_client_CA(SSL *ssl, X509 *cacert);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when
-requesting a client certificate for B<ctx>.
-
-SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when
-requesting a client certificate for the chosen B<ssl>, overriding the
-setting valid for B<ssl>'s SSL_CTX object.
-
-SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the
-list of CAs sent to the client when requesting a client certificate for
-B<ctx>.
-
-SSL_add_client_CA() adds the CA name extracted from B<cacert> to the
-list of CAs sent to the client when requesting a client certificate for
-the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object.
-
-=head1 NOTES
-
-When a TLS/SSL server requests a client certificate (see
-B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which
-it will accept certificates, to the client.
-
-This list must explicitly be set using SSL_CTX_set_client_CA_list() for
-B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
-specified overrides the previous setting. The CAs listed do not become
-trusted (B<list> only contains the names, not the complete certificates); use
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
-to additionally load them for verification.
-
-If the list of acceptable CAs is compiled in a file, the
-L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>
-function can be used to help importing the necessary data.
-
-SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional
-items the list of client CAs. If no list was specified before using
-SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client
-CA list for B<ctx> or B<ssl> (as appropriate) is opened.
-
-These functions are only useful for TLS/SSL servers.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
-diagnostic information.
-
-SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
-values:
-
-=over 4
-
-=item 1
-
-The operation succeeded.
-
-=item 0
-
-A failure while manipulating the STACK_OF(X509_NAME) object occurred or
-the X509_NAME could not be extracted from B<cacert>. Check the error stack
-to find out the reason.
-
-=back
-
-=head1 EXAMPLES
-
-Scan all certificates in B<CAfile> and list them as acceptable CAs:
-
- SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
-L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod
deleted file mode 100644
index 3465b5c..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod
+++ /dev/null
@@ -1,94 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
- int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
- int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_client_cert_cb() sets the B<client_cert_cb()> callback, that is
-called when a client certificate is requested by a server and no certificate
-was yet set for the SSL object.
-
-When B<client_cert_cb()> is NULL, no callback function is used.
-
-SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback
-function.
-
-client_cert_cb() is the application defined callback. If it wants to
-set a certificate, a certificate/private key combination must be set
-using the B<x509> and B<pkey> arguments and "1" must be returned. The
-certificate will be installed into B<ssl>, see the NOTES and BUGS sections.
-If no certificate should be set, "0" has to be returned and no certificate
-will be sent. A negative return value will suspend the handshake and the
-handshake function will return immediatly. L<SSL_get_error(3)|SSL_get_error(3)>
-will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was
-suspended. The next call to the handshake function will again lead to the call
-of client_cert_cb(). It is the job of the client_cert_cb() to store information
-about the state of the last call, if required to continue.
-
-=head1 NOTES
-
-During a handshake (or renegotiation) a server may request a certificate
-from the client. A client certificate must only be sent, when the server
-did send the request.
-
-When a certificate was set using the
-L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)> family of functions,
-it will be sent to the server. The TLS standard requires that only a
-certificate is sent, if it matches the list of acceptable CAs sent by the
-server. This constraint is violated by the default behavior of the OpenSSL
-library. Using the callback function it is possible to implement a proper
-selection routine or to allow a user interaction to choose the certificate to
-be sent.
-
-If a callback function is defined and no certificate was yet defined for the
-SSL object, the callback function will be called.
-If the callback function returns a certificate, the OpenSSL library
-will try to load the private key and certificate data into the SSL
-object using the SSL_use_certificate() and SSL_use_private_key() functions.
-Thus it will permanently install the certificate and key for this SSL
-object. It will not be reset by calling L<SSL_clear(3)|SSL_clear(3)>.
-If the callback returns no certificate, the OpenSSL library will not send
-a certificate.
-
-=head1 BUGS
-
-The client_cert_cb() cannot return a complete certificate chain, it can
-only return one client certificate. If the chain only has a length of 2,
-the root CA certificate may be omitted according to the TLS standard and
-thus a standard conforming answer can be sent to the server. For a
-longer chain, the client must send the complete chain (with the option
-to leave out the root CA certificate). This can only be accomplished by
-either adding the intermediate CA certificates into the trusted
-certificate store for the SSL_CTX object (resulting in having to add
-CA certificates that otherwise maybe would not be trusted), or by adding
-the chain certificates using the
-L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
-function, which is only available for the SSL_CTX object as a whole and that
-therefore probably can only apply for one client certificate, making
-the concept of the callback function (to allow the choice from several
-certificates) questionable.
-
-Once the SSL object has been used in conjunction with the callback function,
-the certificate will be set for the SSL object and will not be cleared
-even when L<SSL_clear(3)|SSL_clear(3)> is being called. It is therefore
-mandatory to destroy the SSL object using L<SSL_free(3)|SSL_free(3)>
-and create a new one to return to the previous state.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
-L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
-L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
-L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
deleted file mode 100644
index 2b87f01..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
+++ /dev/null
@@ -1,76 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set passwd callback for encrypted PEM file handling
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
- void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
-
- int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_default_passwd_cb() sets the default password callback called
-when loading/storing a PEM certificate with encryption.
-
-SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to B<userdata> which
-will be provided to the password callback on invocation.
-
-The pem_passwd_cb(), which must be provided by the application, hands back the
-password to be used during decryption. On invocation a pointer to B<userdata>
-is provided. The pem_passwd_cb must write the password into the provided buffer
-B<buf> which is of size B<size>. The actual length of the password must
-be returned to the calling function. B<rwflag> indicates whether the
-callback is used for reading/decryption (rwflag=0) or writing/encryption
-(rwflag=1).
-
-=head1 NOTES
-
-When loading or storing private keys, a password might be supplied to
-protect the private key. The way this password can be supplied may depend
-on the application. If only one private key is handled, it can be practical
-to have pem_passwd_cb() handle the password dialog interactively. If several
-keys have to be handled, it can be practical to ask for the password once,
-then keep it in memory and use it several times. In the last case, the
-password could be stored into the B<userdata> storage and the
-pem_passwd_cb() only returns the password already stored.
-
-When asking for the password interactively, pem_passwd_cb() can use
-B<rwflag> to check, whether an item shall be encrypted (rwflag=1).
-In this case the password dialog may ask for the same password twice
-for comparison in order to catch typos, that would make decryption
-impossible.
-
-Other items in PEM formatting (certificates) can also be encrypted, it is
-however not usual, as certificate information is considered public.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_default_passwd_cb() and SSL_CTX_set_default_passwd_cb_userdata()
-do not provide diagnostic information.
-
-=head1 EXAMPLES
-
-The following example returns the password provided as B<userdata> to the
-calling function. The password is considered to be a '\0' terminated
-string. If the password does not fit into the buffer, the password is
-truncated.
-
- int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
- {
- strncpy(buf, (char *)(password), size);
- buf[size - 1] = '\0';
- return(strlen(buf));
- }
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_generate_session_id.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_generate_session_id.pod
deleted file mode 100644
index 798e844..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_generate_session_id.pod
+++ /dev/null
@@ -1,150 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id - manipulate generation of SSL session IDs (server only)
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
- unsigned int *id_len);
-
- int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
- int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb);
- int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
- unsigned int id_len);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_generate_session_id() sets the callback function for generating
-new session ids for SSL/TLS sessions for B<ctx> to be B<cb>.
-
-SSL_set_generate_session_id() sets the callback function for generating
-new session ids for SSL/TLS sessions for B<ssl> to be B<cb>.
-
-SSL_has_matching_session_id() checks, whether a session with id B<id>
-(of length B<id_len>) is already contained in the internal session cache
-of the parent context of B<ssl>.
-
-=head1 NOTES
-
-When a new session is established between client and server, the server
-generates a session id. The session id is an arbitrary sequence of bytes.
-The length of the session id is 16 bytes for SSLv2 sessions and between
-1 and 32 bytes for SSLv3/TLSv1. The session id is not security critical
-but must be unique for the server. Additionally, the session id is
-transmitted in the clear when reusing the session so it must not contain
-sensitive information.
-
-Without a callback being set, an OpenSSL server will generate a unique
-session id from pseudo random numbers of the maximum possible length.
-Using the callback function, the session id can be changed to contain
-additional information like e.g. a host id in order to improve load balancing
-or external caching techniques.
-
-The callback function receives a pointer to the memory location to put
-B<id> into and a pointer to the maximum allowed length B<id_len>. The
-buffer at location B<id> is only guaranteed to have the size B<id_len>.
-The callback is only allowed to generate a shorter id and reduce B<id_len>;
-the callback B<must never> increase B<id_len> or write to the location
-B<id> exceeding the given limit.
-
-If a SSLv2 session id is generated and B<id_len> is reduced, it will be
-restored after the callback has finished and the session id will be padded
-with 0x00. It is not recommended to change the B<id_len> for SSLv2 sessions.
-The callback can use the L<SSL_get_version(3)|SSL_get_version(3)> function
-to check, whether the session is of type SSLv2.
-
-The location B<id> is filled with 0x00 before the callback is called, so the
-callback may only fill part of the possible length and leave B<id_len>
-untouched while maintaining reproducibility.
-
-Since the sessions must be distinguished, session ids must be unique.
-Without the callback a random number is used, so that the probability
-of generating the same session id is extremely small (2^128 possible ids
-for an SSLv2 session, 2^256 for SSLv3/TLSv1). In order to assure the
-uniqueness of the generated session id, the callback must call
-SSL_has_matching_session_id() and generate another id if a conflict occurs.
-If an id conflict is not resolved, the handshake will fail.
-If the application codes e.g. a unique host id, a unique process number, and
-a unique sequence number into the session id, uniqueness could easily be
-achieved without randomness added (it should however be taken care that
-no confidential information is leaked this way). If the application can not
-guarantee uniqueness, it is recommended to use the maximum B<id_len> and
-fill in the bytes not used to code special information with random data
-to avoid collisions.
-
-SSL_has_matching_session_id() will only query the internal session cache,
-not the external one. Since the session id is generated before the
-handshake is completed, it is not immediately added to the cache. If
-another thread is using the same internal session cache, a race condition
-can occur in that another thread generates the same session id.
-Collisions can also occur when using an external session cache, since
-the external cache is not tested with SSL_has_matching_session_id()
-and the same race condition applies.
-
-When calling SSL_has_matching_session_id() for an SSLv2 session with
-reduced B<id_len>, the match operation will be performed using the
-fixed length required and with a 0x00 padded id.
-
-The callback must return 0 if it cannot generate a session id for whatever
-reason and return 1 on success.
-
-=head1 EXAMPLES
-
-The callback function listed will generate a session id with the
-server id given, and will fill the rest with pseudo random bytes:
-
- const char session_id_prefix = "www-18";
-
- #define MAX_SESSION_ID_ATTEMPTS 10
- static int generate_session_id(const SSL *ssl, unsigned char *id,
- unsigned int *id_len)
- {
- unsigned int count = 0;
- const char *version;
-
- version = SSL_get_version(ssl);
- if (!strcmp(version, "SSLv2"))
- /* we must not change id_len */;
-
- do {
- RAND_pseudo_bytes(id, *id_len);
- /* Prefix the session_id with the required prefix. NB: If our
- * prefix is too long, clip it - but there will be worse effects
- * anyway, eg. the server could only possibly create 1 session
- * ID (ie. the prefix!) so all future session negotiations will
- * fail due to conflicts. */
- memcpy(id, session_id_prefix,
- (strlen(session_id_prefix) < *id_len) ?
- strlen(session_id_prefix) : *id_len);
- }
- while(SSL_has_matching_session_id(ssl, id, *id_len) &&
- (++count < MAX_SESSION_ID_ATTEMPTS));
- if(count >= MAX_SESSION_ID_ATTEMPTS)
- return 0;
- return 1;
- }
-
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_generate_session_id() and SSL_set_generate_session_id()
-always return 1.
-
-SSL_has_matching_session_id() returns 1 if another session with the
-same id is already in the cache.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_get_version(3)|SSL_get_version(3)>
-
-=head1 HISTORY
-
-SSL_CTX_set_generate_session_id(), SSL_set_generate_session_id()
-and SSL_has_matching_session_id() have been introduced in
-OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod
deleted file mode 100644
index 0b4affd5..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod
+++ /dev/null
@@ -1,153 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback - handle information callback for SSL connections
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
- void (*SSL_CTX_get_info_callback(const SSL_CTX *ctx))();
-
- void SSL_set_info_callback(SSL *ssl, void (*callback)());
- void (*SSL_get_info_callback(const SSL *ssl))();
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_info_callback() sets the B<callback> function, that can be used to
-obtain state information for SSL objects created from B<ctx> during connection
-setup and use. The setting for B<ctx> is overridden from the setting for
-a specific SSL object, if specified.
-When B<callback> is NULL, not callback function is used.
-
-SSL_set_info_callback() sets the B<callback> function, that can be used to
-obtain state information for B<ssl> during connection setup and use.
-When B<callback> is NULL, the callback setting currently valid for
-B<ctx> is used.
-
-SSL_CTX_get_info_callback() returns a pointer to the currently set information
-callback function for B<ctx>.
-
-SSL_get_info_callback() returns a pointer to the currently set information
-callback function for B<ssl>.
-
-=head1 NOTES
-
-When setting up a connection and during use, it is possible to obtain state
-information from the SSL/TLS engine. When set, an information callback function
-is called whenever the state changes, an alert appears, or an error occurs.
-
-The callback function is called as B<callback(SSL *ssl, int where, int ret)>.
-The B<where> argument specifies information about where (in which context)
-the callback function was called. If B<ret> is 0, an error condition occurred.
-If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert
-information.
-
-B<where> is a bitmask made up of the following bits:
-
-=over 4
-
-=item SSL_CB_LOOP
-
-Callback has been called to indicate state change inside a loop.
-
-=item SSL_CB_EXIT
-
-Callback has been called to indicate error exit of a handshake function.
-(May be soft error with retry option for non-blocking setups.)
-
-=item SSL_CB_READ
-
-Callback has been called during read operation.
-
-=item SSL_CB_WRITE
-
-Callback has been called during write operation.
-
-=item SSL_CB_ALERT
-
-Callback has been called due to an alert being sent or received.
-
-=item SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
-
-=item SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
-
-=item SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
-
-=item SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
-
-=item SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
-
-=item SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
-
-=item SSL_CB_HANDSHAKE_START
-
-Callback has been called because a new handshake is started.
-
-=item SSL_CB_HANDSHAKE_DONE 0x20
-
-Callback has been called because a handshake is finished.
-
-=back
-
-The current state information can be obtained using the
-L<SSL_state_string(3)|SSL_state_string(3)> family of functions.
-
-The B<ret> information can be evaluated using the
-L<SSL_alert_type_string(3)|SSL_alert_type_string(3)> family of functions.
-
-=head1 RETURN VALUES
-
-SSL_set_info_callback() does not provide diagnostic information.
-
-SSL_get_info_callback() returns the current setting.
-
-=head1 EXAMPLES
-
-The following example callback function prints state strings, information
-about alerts being handled and error messages to the B<bio_err> BIO.
-
- void apps_ssl_info_callback(SSL *s, int where, int ret)
- {
- const char *str;
- int w;
-
- w=where& ~SSL_ST_MASK;
-
- if (w & SSL_ST_CONNECT) str="SSL_connect";
- else if (w & SSL_ST_ACCEPT) str="SSL_accept";
- else str="undefined";
-
- if (where & SSL_CB_LOOP)
- {
- BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
- }
- else if (where & SSL_CB_ALERT)
- {
- str=(where & SSL_CB_READ)?"read":"write";
- BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
- str,
- SSL_alert_type_string_long(ret),
- SSL_alert_desc_string_long(ret));
- }
- else if (where & SSL_CB_EXIT)
- {
- if (ret == 0)
- BIO_printf(bio_err,"%s:failed in %s\n",
- str,SSL_state_string_long(s));
- else if (ret < 0)
- {
- BIO_printf(bio_err,"%s:error in %s\n",
- str,SSL_state_string_long(s));
- }
- }
- }
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_state_string(3)|SSL_state_string(3)>,
-L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod
deleted file mode 100644
index da68cb9..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_max_cert_list.pod
+++ /dev/null
@@ -1,77 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list, - manipulate allowed for the peer's certificate chain
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size);
- long SSL_CTX_get_max_cert_list(SSL_CTX *ctx);
-
- long SSL_set_max_cert_list(SSL *ssl, long size);
- long SSL_get_max_cert_list(SSL *ctx);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_max_cert_list() sets the maximum size allowed for the peer's
-certificate chain for all SSL objects created from B<ctx> to be <size> bytes.
-The SSL objects inherit the setting valid for B<ctx> at the time
-L<SSL_new(3)|SSL_new(3)> is being called.
-
-SSL_CTX_get_max_cert_list() returns the currently set maximum size for B<ctx>.
-
-SSL_set_max_cert_list() sets the maximum size allowed for the peer's
-certificate chain for B<ssl> to be <size> bytes. This setting stays valid
-until a new value is set.
-
-SSL_get_max_cert_list() returns the currently set maximum size for B<ssl>.
-
-=head1 NOTES
-
-During the handshake process, the peer may send a certificate chain.
-The TLS/SSL standard does not give any maximum size of the certificate chain.
-The OpenSSL library handles incoming data by a dynamically allocated buffer.
-In order to prevent this buffer from growing without bounds due to data
-received from a faulty or malicious peer, a maximum size for the certificate
-chain is set.
-
-The default value for the maximum certificate chain size is 100kB (30kB
-on the 16bit DOS platform). This should be sufficient for usual certificate
-chains (OpenSSL's default maximum chain length is 10, see
-L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>, and certificates
-without special extensions have a typical size of 1-2kB).
-
-For special applications it can be necessary to extend the maximum certificate
-chain size allowed to be sent by the peer, see e.g. the work on
-"Internet X.509 Public Key Infrastructure Proxy Certificate Profile"
-and "TLS Delegation Protocol" at http://www.ietf.org/ and
-http://www.globus.org/ .
-
-Under normal conditions it should never be necessary to set a value smaller
-than the default, as the buffer is handled dynamically and only uses the
-memory actually required by the data sent by the peer.
-
-If the maximum certificate chain size allowed is exceeded, the handshake will
-fail with a SSL_R_EXCESSIVE_MESSAGE_SIZE error.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_max_cert_list() and SSL_set_max_cert_list() return the previously
-set value.
-
-SSL_CTX_get_max_cert_list() and SSL_get_max_cert_list() return the currently
-set value.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>,
-L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
-
-=head1 HISTORY
-
-SSL*_set/get_max_cert_list() have been introduced in OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
deleted file mode 100644
index 9822544..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
+++ /dev/null
@@ -1,81 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
- long SSL_set_mode(SSL *ssl, long mode);
-
- long SSL_CTX_get_mode(SSL_CTX *ctx);
- long SSL_get_mode(SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_mode() adds the mode set via bitmask in B<mode> to B<ctx>.
-Options already set before are not cleared.
-
-SSL_set_mode() adds the mode set via bitmask in B<mode> to B<ssl>.
-Options already set before are not cleared.
-
-SSL_CTX_get_mode() returns the mode set for B<ctx>.
-
-SSL_get_mode() returns the mode set for B<ssl>.
-
-=head1 NOTES
-
-The following mode changes are available:
-
-=over 4
-
-=item SSL_MODE_ENABLE_PARTIAL_WRITE
-
-Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
-when just a single record has been written). When not set (the default),
-SSL_write() will only report success once the complete chunk was written.
-Once SSL_write() returns with r, r bytes have been successfully written
-and the next call to SSL_write() must only send the n-r bytes left,
-imitating the behaviour of write().
-
-=item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
-
-Make it possible to retry SSL_write() with changed buffer location
-(the buffer contents must stay the same). This is not the default to avoid
-the misconception that non-blocking SSL_write() behaves like
-non-blocking write().
-
-=item SSL_MODE_AUTO_RETRY
-
-Never bother the application with retries if the transport is blocking.
-If a renegotiation take place during normal operation, a
-L<SSL_read(3)|SSL_read(3)> or L<SSL_write(3)|SSL_write(3)> would return
-with -1 and indicate the need to retry with SSL_ERROR_WANT_READ.
-In a non-blocking environment applications must be prepared to handle
-incomplete read/write operations.
-In a blocking environment, applications are not always prepared to
-deal with read/write operations returning without success report. The
-flag SSL_MODE_AUTO_RETRY will cause read/write operations to only
-return after the handshake and successful completion.
-
-=back
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask
-after adding B<mode>.
-
-SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_read(3)|SSL_read(3)>, L<SSL_write(3)|SSL_write(3)>
-
-=head1 HISTORY
-
-SSL_MODE_AUTO_RETRY as been added in OpenSSL 0.9.6.
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod
deleted file mode 100644
index 0015e6e..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_msg_callback.pod
+++ /dev/null
@@ -1,99 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_get_msg_callback_arg - install callback for observing protocol messages
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
- void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
-
- void SSL_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
- void SSL_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_msg_callback() or SSL_set_msg_callback() can be used to
-define a message callback function I<cb> for observing all SSL/TLS
-protocol messages (such as handshake messages) that are received or
-sent. SSL_CTX_set_msg_callback_arg() and SSL_set_msg_callback_arg()
-can be used to set argument I<arg> to the callback function, which is
-available for arbitrary application use.
-
-SSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify
-default settings that will be copied to new B<SSL> objects by
-L<SSL_new(3)|SSL_new(3)>. SSL_set_msg_callback() and
-SSL_set_msg_callback_arg() modify the actual settings of an B<SSL>
-object. Using a B<0> pointer for I<cb> disables the message callback.
-
-When I<cb> is called by the SSL/TLS library for a protocol message,
-the function arguments have the following meaning:
-
-=over 4
-
-=item I<write_p>
-
-This flag is B<0> when a protocol message has been received and B<1>
-when a protocol message has been sent.
-
-=item I<version>
-
-The protocol version according to which the protocol message is
-interpreted by the library. Currently, this is one of
-B<SSL2_VERSION>, B<SSL3_VERSION> and B<TLS1_VERSION> (for SSL 2.0, SSL
-3.0 and TLS 1.0, respectively).
-
-=item I<content_type>
-
-In the case of SSL 2.0, this is always B<0>. In the case of SSL 3.0
-or TLS 1.0, this is one of the B<ContentType> values defined in the
-protocol specification (B<change_cipher_spec(20)>, B<alert(21)>,
-B<handshake(22)>; but never B<application_data(23)> because the
-callback will only be called for protocol messages).
-
-=item I<buf>, I<len>
-
-I<buf> points to a buffer containing the protocol message, which
-consists of I<len> bytes. The buffer is no longer valid after the
-callback function has returned.
-
-=item I<ssl>
-
-The B<SSL> object that received or sent the message.
-
-=item I<arg>
-
-The user-defined argument optionally defined by
-SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg().
-
-=back
-
-=head1 NOTES
-
-Protocol messages are passed to the callback function after decryption
-and fragment collection where applicable. (Thus record boundaries are
-not visible.)
-
-If processing a received protocol message results in an error,
-the callback function may not be called. For example, the callback
-function will never see messages that are considered too large to be
-processed.
-
-Due to automatic protocol version negotiation, I<version> is not
-necessarily the protocol version used by the sender of the message: If
-a TLS 1.0 ClientHello message is received by an SSL 3.0-only server,
-I<version> will be B<SSL3_VERSION>.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>
-
-=head1 HISTORY
-
-SSL_CTX_set_msg_callback(), SSL_CTX_set_msg_callback_arg(),
-SSL_set_msg_callback() and SSL_get_msg_callback_arg() were added in OpenSSL 0.9.7.
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
deleted file mode 100644
index fa63263..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
+++ /dev/null
@@ -1,235 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - manipulate SSL engine options
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_CTX_set_options(SSL_CTX *ctx, long options);
- long SSL_set_options(SSL *ssl, long options);
-
- long SSL_CTX_get_options(SSL_CTX *ctx);
- long SSL_get_options(SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
-Options already set before are not cleared!
-
-SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
-Options already set before are not cleared!
-
-SSL_CTX_get_options() returns the options set for B<ctx>.
-
-SSL_get_options() returns the options set for B<ssl>.
-
-=head1 NOTES
-
-The behaviour of the SSL library can be changed by setting several options.
-The options are coded as bitmasks and can be combined by a logical B<or>
-operation (|). Options can only be added but can never be reset.
-
-SSL_CTX_set_options() and SSL_set_options() affect the (external)
-protocol behaviour of the SSL library. The (internal) behaviour of
-the API can be changed by using the similar
-L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> and SSL_set_mode() functions.
-
-During a handshake, the option settings of the SSL object are used. When
-a new SSL object is created from a context using SSL_new(), the current
-option setting is copied. Changes to B<ctx> do not affect already created
-SSL objects. SSL_clear() does not affect the settings.
-
-The following B<bug workaround> options are available:
-
-=over 4
-
-=item SSL_OP_MICROSOFT_SESS_ID_BUG
-
-www.microsoft.com - when talking SSLv2, if session-id reuse is
-performed, the session-id passed back in the server-finished message
-is different from the one decided upon.
-
-=item SSL_OP_NETSCAPE_CHALLENGE_BUG
-
-Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
-challenge but then appears to only use 16 bytes when generating the
-encryption keys. Using 16 bytes is ok but it should be ok to use 32.
-According to the SSLv3 spec, one should use 32 bytes for the challenge
-when operating in SSLv2/v3 compatibility mode, but as mentioned above,
-this breaks this server so 16 bytes is the way to go.
-
-=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
-
-ssl3.netscape.com:443, first a connection is established with RC4-MD5.
-If it is then resumed, we end up using DES-CBC3-SHA. It should be
-RC4-MD5 according to 7.6.1.3, 'cipher_suite'.
-
-Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug.
-It only really shows up when connecting via SSLv2/v3 then reconnecting
-via SSLv3. The cipher list changes....
-
-NEW INFORMATION. Try connecting with a cipher list of just
-DES-CBC-SHA:RC4-MD5. For some weird reason, each new connection uses
-RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when
-doing a re-connect, always takes the first cipher in the cipher list.
-
-=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
-
-...
-
-=item SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
-
-...
-
-=item SSL_OP_MSIE_SSLV2_RSA_PADDING
-
-As of OpenSSL 0.9.7h and 0.9.8a, this option has no effect.
-
-=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
-
-...
-
-=item SSL_OP_TLS_D5_BUG
-
-...
-
-=item SSL_OP_TLS_BLOCK_PADDING_BUG
-
-...
-
-=item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-
-Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol
-vulnerability affecting CBC ciphers, which cannot be handled by some
-broken SSL implementations. This option has no effect for connections
-using other ciphers.
-
-=item SSL_OP_ALL
-
-All of the above bug workarounds.
-
-=back
-
-It is usually safe to use B<SSL_OP_ALL> to enable the bug workaround
-options if compatibility with somewhat broken implementations is
-desired.
-
-The following B<modifying> options are available:
-
-=over 4
-
-=item SSL_OP_TLS_ROLLBACK_BUG
-
-Disable version rollback attack detection.
-
-During the client key exchange, the client must send the same information
-about acceptable SSL/TLS protocol levels as during the first hello. Some
-clients violate this rule by adapting to the server's answer. (Example:
-the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
-only understands up to SSLv3. In this case the client must still use the
-same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
-to the server's answer and violate the version rollback protection.)
-
-=item SSL_OP_SINGLE_DH_USE
-
-Always create a new key when using temporary/ephemeral DH parameters
-(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
-This option must be used to prevent small subgroup attacks, when
-the DH parameters were not generated using "strong" primes
-(e.g. when using DSA-parameters, see L<dhparam(1)|dhparam(1)>).
-If "strong" primes were used, it is not strictly necessary to generate
-a new DH key during each handshake but it is also recommended.
-B<SSL_OP_SINGLE_DH_USE> should therefore be enabled whenever
-temporary/ephemeral DH parameters are used.
-
-=item SSL_OP_EPHEMERAL_RSA
-
-Always use ephemeral (temporary) RSA key when doing RSA operations
-(see L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
-According to the specifications this is only done, when a RSA key
-can only be used for signature operations (namely under export ciphers
-with restricted RSA keylength). By setting this option, ephemeral
-RSA keys are always used. This option breaks compatibility with the
-SSL/TLS specifications and may lead to interoperability problems with
-clients and should therefore never be used. Ciphers with EDH (ephemeral
-Diffie-Hellman) key exchange should be used instead.
-
-=item SSL_OP_CIPHER_SERVER_PREFERENCE
-
-When choosing a cipher, use the server's preferences instead of the client
-preferences. When not set, the SSL server will always follow the clients
-preferences. When set, the SSLv3/TLSv1 server will choose following its
-own preferences. Because of the different protocol, for SSLv2 the server
-will send its list of preferences to the client and the client chooses.
-
-=item SSL_OP_PKCS1_CHECK_1
-
-...
-
-=item SSL_OP_PKCS1_CHECK_2
-
-...
-
-=item SSL_OP_NETSCAPE_CA_DN_BUG
-
-If we accept a netscape connection, demand a client cert, have a
-non-self-signed CA which does not have its CA in netscape, and the
-browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
-
-=item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
-
-...
-
-=item SSL_OP_NO_SSLv2
-
-Do not use the SSLv2 protocol.
-
-=item SSL_OP_NO_SSLv3
-
-Do not use the SSLv3 protocol.
-
-=item SSL_OP_NO_TLSv1
-
-Do not use the TLSv1 protocol.
-
-=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
-
-When performing renegotiation as a server, always start a new session
-(i.e., session resumption requests are only accepted in the initial
-handshake). This option is not needed for clients.
-
-=back
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
-after adding B<options>.
-
-SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
-L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
-L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
-L<dhparam(1)|dhparam(1)>
-
-=head1 HISTORY
-
-B<SSL_OP_CIPHER_SERVER_PREFERENCE> and
-B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> have been added in
-OpenSSL 0.9.7.
-
-B<SSL_OP_TLS_ROLLBACK_BUG> has been added in OpenSSL 0.9.6 and was automatically
-enabled with B<SSL_OP_ALL>. As of 0.9.7, it is no longer included in B<SSL_OP_ALL>
-and must be explicitly set.
-
-B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS> has been added in OpenSSL 0.9.6e.
-Versions up to OpenSSL 0.9.6c do not include the countermeasure that
-can be disabled with this option (in OpenSSL 0.9.6d, it was always
-enabled).
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
deleted file mode 100644
index 393f8ff..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
+++ /dev/null
@@ -1,63 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - manipulate shutdown behaviour
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
- int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
-
- void SSL_set_quiet_shutdown(SSL *ssl, int mode);
- int SSL_get_quiet_shutdown(const SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ctx> to be
-B<mode>. SSL objects created from B<ctx> inherit the B<mode> valid at the time
-L<SSL_new(3)|SSL_new(3)> is called. B<mode> may be 0 or 1.
-
-SSL_CTX_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ctx>.
-
-SSL_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ssl> to be
-B<mode>. The setting stays valid until B<ssl> is removed with
-L<SSL_free(3)|SSL_free(3)> or SSL_set_quiet_shutdown() is called again.
-It is not changed when L<SSL_clear(3)|SSL_clear(3)> is called.
-B<mode> may be 0 or 1.
-
-SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>.
-
-=head1 NOTES
-
-Normally when a SSL connection is finished, the parties must send out
-"close notify" alert messages using L<SSL_shutdown(3)|SSL_shutdown(3)>
-for a clean shutdown.
-
-When setting the "quiet shutdown" flag to 1, L<SSL_shutdown(3)|SSL_shutdown(3)>
-will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.
-(L<SSL_shutdown(3)|SSL_shutdown(3)> then behaves like
-L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> called with
-SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.)
-The session is thus considered to be shutdown, but no "close notify" alert
-is sent to the peer. This behaviour violates the TLS standard.
-
-The default is normal shutdown behaviour as described by the TLS standard.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_quiet_shutdown() and SSL_set_quiet_shutdown() do not return
-diagnostic information.
-
-SSL_CTX_get_quiet_shutdown() and SSL_get_quiet_shutdown return the current
-setting.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>,
-L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, L<SSL_new(3)|SSL_new(3)>,
-L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
deleted file mode 100644
index c5d2f43..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
+++ /dev/null
@@ -1,137 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode - enable/disable session caching
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode);
- long SSL_CTX_get_session_cache_mode(SSL_CTX ctx);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_session_cache_mode() enables/disables session caching
-by setting the operational mode for B<ctx> to <mode>.
-
-SSL_CTX_get_session_cache_mode() returns the currently used cache mode.
-
-=head1 NOTES
-
-The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse.
-The sessions can be held in memory for each B<ctx>, if more than one
-SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX
-object.
-
-In order to reuse a session, a client must send the session's id to the
-server. It can only send exactly one id. The server then either
-agrees to reuse the session or it starts a full handshake (to create a new
-session).
-
-A server will lookup up the session in its internal session storage. If the
-session is not found in internal storage or lookups for the internal storage
-have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try
-the external storage if available.
-
-Since a client may try to reuse a session intended for use in a different
-context, the session id context must be set by the server (see
-L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>).
-
-The following session cache modes and modifiers are available:
-
-=over 4
-
-=item SSL_SESS_CACHE_OFF
-
-No session caching for client or server takes place.
-
-=item SSL_SESS_CACHE_CLIENT
-
-Client sessions are added to the session cache. As there is no reliable way
-for the OpenSSL library to know whether a session should be reused or which
-session to choose (due to the abstract BIO layer the SSL engine does not
-have details about the connection), the application must select the session
-to be reused by using the L<SSL_set_session(3)|SSL_set_session(3)>
-function. This option is not activated by default.
-
-=item SSL_SESS_CACHE_SERVER
-
-Server sessions are added to the session cache. When a client proposes a
-session to be reused, the server looks for the corresponding session in (first)
-the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set),
-then (second) in the external cache if available. If the session is found, the
-server will try to reuse the session. This is the default.
-
-=item SSL_SESS_CACHE_BOTH
-
-Enable both SSL_SESS_CACHE_CLIENT and SSL_SESS_CACHE_SERVER at the same time.
-
-=item SSL_SESS_CACHE_NO_AUTO_CLEAR
-
-Normally the session cache is checked for expired sessions every
-255 connections using the
-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> function. Since
-this may lead to a delay which cannot be controlled, the automatic
-flushing may be disabled and
-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> can be called
-explicitly by the application.
-
-=item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
-
-By setting this flag, session-resume operations in an SSL/TLS server will not
-automatically look up sessions in the internal cache, even if sessions are
-automatically stored there. If external session caching callbacks are in use,
-this flag guarantees that all lookups are directed to the external cache.
-As automatic lookup only applies for SSL/TLS servers, the flag has no effect on
-clients.
-
-=item SSL_SESS_CACHE_NO_INTERNAL_STORE
-
-Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER,
-sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
-Normally a new session is added to the internal cache as well as any external
-session caching (callback) that is configured for the SSL_CTX. This flag will
-prevent sessions being stored in the internal cache (though the application can
-add them manually using L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>). Note:
-in any SSL/TLS servers where external caching is configured, any successful
-session lookups in the external cache (ie. for session-resume requests) would
-normally be copied into the local cache before processing continues - this flag
-prevents these additions to the internal cache as well.
-
-=item SSL_SESS_CACHE_NO_INTERNAL
-
-Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and
-SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.
-
-
-=back
-
-The default mode is SSL_SESS_CACHE_SERVER.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_session_cache_mode() returns the previously set cache mode.
-
-SSL_CTX_get_session_cache_mode() returns the currently set cache mode.
-
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
-L<SSL_session_reused(3)|SSL_session_reused(3)>,
-L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
-L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
-L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
-L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
-L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
-L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
-
-=head1 HISTORY
-
-SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL
-were introduced in OpenSSL 0.9.6h.
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod
deleted file mode 100644
index 58fc685..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_session_id_context.pod
+++ /dev/null
@@ -1,83 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_session_id_context, SSL_set_session_id_context - set context within which session can be reused (server side only)
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
- unsigned int sid_ctx_len);
- int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
- unsigned int sid_ctx_len);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_session_id_context() sets the context B<sid_ctx> of length
-B<sid_ctx_len> within which a session can be reused for the B<ctx> object.
-
-SSL_set_session_id_context() sets the context B<sid_ctx> of length
-B<sid_ctx_len> within which a session can be reused for the B<ssl> object.
-
-=head1 NOTES
-
-Sessions are generated within a certain context. When exporting/importing
-sessions with B<i2d_SSL_SESSION>/B<d2i_SSL_SESSION> it would be possible,
-to re-import a session generated from another context (e.g. another
-application), which might lead to malfunctions. Therefore each application
-must set its own session id context B<sid_ctx> which is used to distinguish
-the contexts and is stored in exported sessions. The B<sid_ctx> can be
-any kind of binary data with a given length, it is therefore possible
-to use e.g. the name of the application and/or the hostname and/or service
-name ...
-
-The session id context becomes part of the session. The session id context
-is set by the SSL/TLS server. The SSL_CTX_set_session_id_context() and
-SSL_set_session_id_context() functions are therefore only useful on the
-server side.
-
-OpenSSL clients will check the session id context returned by the server
-when reusing a session.
-
-The maximum length of the B<sid_ctx> is limited to
-B<SSL_MAX_SSL_SESSION_ID_LENGTH>.
-
-=head1 WARNINGS
-
-If the session id context is not set on an SSL/TLS server and client
-certificates are used, stored sessions
-will not be reused but a fatal error will be flagged and the handshake
-will fail.
-
-If a server returns a different session id context to an OpenSSL client
-when reusing a session, an error will be flagged and the handshake will
-fail. OpenSSL servers will always return the correct session id context,
-as an OpenSSL server checks the session id context itself before reusing
-a session as described above.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_session_id_context() and SSL_set_session_id_context()
-return the following values:
-
-=over 4
-
-=item 0
-
-The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
-the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
-is logged to the error stack.
-
-=item 1
-
-The operation succeeded.
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod
deleted file mode 100644
index 0020180..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_ssl_version.pod
+++ /dev/null
@@ -1,61 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
-- choose a new TLS/SSL method
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *method);
- int SSL_set_ssl_method(SSL *s, SSL_METHOD *method);
- SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects
-newly created from this B<ctx>. SSL objects already created with
-L<SSL_new(3)|SSL_new(3)> are not affected, except when
-L<SSL_clear(3)|SSL_clear(3)> is being called.
-
-SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl>
-object. It may be reset, when SSL_clear() is called.
-
-SSL_get_ssl_method() returns a function pointer to the TLS/SSL method
-set in B<ssl>.
-
-=head1 NOTES
-
-The available B<method> choices are described in
-L<SSL_CTX_new(3)|SSL_CTX_new(3)>.
-
-When L<SSL_clear(3)|SSL_clear(3)> is called and no session is connected to
-an SSL object, the method of the SSL object is reset to the method currently
-set in the corresponding SSL_CTX object.
-
-=head1 RETURN VALUES
-
-The following return values can occur for SSL_CTX_set_ssl_version()
-and SSL_set_ssl_method():
-
-=over 4
-
-=item 0
-
-The new choice failed, check the error stack to find out the reason.
-
-=item 1
-
-The operation succeeded.
-
-=back
-
-=head1 SEE ALSO
-
-L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_new(3)|SSL_new(3)>,
-L<SSL_clear(3)|SSL_clear(3)>, L<ssl(3)|ssl(3)>,
-L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod
deleted file mode 100644
index e3de27c..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod
+++ /dev/null
@@ -1,59 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
- long SSL_CTX_get_timeout(SSL_CTX *ctx);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_timeout() sets the timeout for newly created sessions for
-B<ctx> to B<t>. The timeout value B<t> must be given in seconds.
-
-SSL_CTX_get_timeout() returns the currently set timeout value for B<ctx>.
-
-=head1 NOTES
-
-Whenever a new session is created, it is assigned a maximum lifetime. This
-lifetime is specified by storing the creation time of the session and the
-timeout value valid at this time. If the actual time is later than creation
-time plus timeout, the session is not reused.
-
-Due to this realization, all sessions behave according to the timeout value
-valid at the time of the session negotiation. Changes of the timeout value
-do not affect already established sessions.
-
-The expiration time of a single session can be modified using the
-L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)> family of functions.
-
-Expired sessions are removed from the internal session cache, whenever
-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> is called, either
-directly by the application or automatically (see
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>)
-
-The default value for session timeout is decided on a per protocol
-basis, see L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>.
-All currently supported protocols have the same default timeout value
-of 300 seconds.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_timeout() returns the previously set timeout value.
-
-SSL_CTX_get_timeout() returns the currently set timeout value.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
-L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
-L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
deleted file mode 100644
index 29d1f8a..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
+++ /dev/null
@@ -1,170 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
- DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
- long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
-
- void SSL_set_tmp_dh_callback(SSL_CTX *ctx,
- DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
- long SSL_set_tmp_dh(SSL *ssl, DH *dh)
-
- DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be
-used when a DH parameters are required to B<tmp_dh_callback>.
-The callback is inherited by all B<ssl> objects created from B<ctx>.
-
-SSL_CTX_set_tmp_dh() sets DH parameters to be used to be B<dh>.
-The key is inherited by all B<ssl> objects created from B<ctx>.
-
-SSL_set_tmp_dh_callback() sets the callback only for B<ssl>.
-
-SSL_set_tmp_dh() sets the parameters only for B<ssl>.
-
-These functions apply to SSL/TLS servers only.
-
-=head1 NOTES
-
-When using a cipher with RSA authentication, an ephemeral DH key exchange
-can take place. Ciphers with DSA keys always use ephemeral DH keys as well.
-In these cases, the session data are negotiated using the
-ephemeral/temporary DH key and the key supplied and certified
-by the certificate chain is only used for signing.
-Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.
-
-Using ephemeral DH key exchange yields forward secrecy, as the connection
-can only be decrypted, when the DH key is known. By generating a temporary
-DH key inside the server application that is lost when the application
-is left, it becomes impossible for an attacker to decrypt past sessions,
-even if he gets hold of the normal (certified) key, as this key was
-only used for signing.
-
-In order to perform a DH key exchange the server must use a DH group
-(DH parameters) and generate a DH key. The server will always generate a new
-DH key during the negotiation, when the DH parameters are supplied via
-callback and/or when the SSL_OP_SINGLE_DH_USE option of
-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)> is set. It will
-immediately create a DH key, when DH parameters are supplied via
-SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. In this case,
-it may happen that a key is generated on initialization without later
-being needed, while on the other hand the computer time during the
-negotiation is being saved.
-
-If "strong" primes were used to generate the DH parameters, it is not strictly
-necessary to generate a new key for each handshake but it does improve forward
-secrecy. If it is not assured, that "strong" primes were used (see especially
-the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used
-in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE
-has an impact on the computer time needed during negotiation, but it is not
-very large, so application authors/users should consider to always enable
-this option.
-
-As generating DH parameters is extremely time consuming, an application
-should not generate the parameters on the fly but supply the parameters.
-DH parameters can be reused, as the actual key is newly generated during
-the negotiation. The risk in reusing DH parameters is that an attacker
-may specialize on a very often used DH group. Applications should therefore
-generate their own DH parameters during the installation process using the
-openssl L<dhparam(1)|dhparam(1)> application. In order to reduce the computer
-time needed for this generation, it is possible to use DSA parameters
-instead (see L<dhparam(1)|dhparam(1)>), but in this case SSL_OP_SINGLE_DH_USE
-is mandatory.
-
-Application authors may compile in DH parameters. Files dh512.pem,
-dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current
-version of the OpenSSL distribution contain the 'SKIP' DH parameters,
-which use safe primes and were generated verifiably pseudo-randomly.
-These files can be converted into C code using the B<-C> option of the
-L<dhparam(1)|dhparam(1)> application.
-Authors may also generate their own set of parameters using
-L<dhparam(1)|dhparam(1)>, but a user may not be sure how the parameters were
-generated. The generation of DH parameters during installation is therefore
-recommended.
-
-An application may either directly specify the DH parameters or
-can supply the DH parameters via a callback function. The callback approach
-has the advantage, that the callback may supply DH parameters for different
-key lengths.
-
-The B<tmp_dh_callback> is called with the B<keylength> needed and
-the B<is_export> information. The B<is_export> flag is set, when the
-ephemeral DH key exchange is performed with an export cipher.
-
-=head1 EXAMPLES
-
-Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling
-partly left out.)
-
- ...
- /* Set up ephemeral DH stuff */
- DH *dh_512 = NULL;
- DH *dh_1024 = NULL;
- FILE *paramfile;
-
- ...
- /* "openssl dhparam -out dh_param_512.pem -2 512" */
- paramfile = fopen("dh_param_512.pem", "r");
- if (paramfile) {
- dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
- fclose(paramfile);
- }
- /* "openssl dhparam -out dh_param_1024.pem -2 1024" */
- paramfile = fopen("dh_param_1024.pem", "r");
- if (paramfile) {
- dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
- fclose(paramfile);
- }
- ...
-
- /* "openssl dhparam -C -2 512" etc... */
- DH *get_dh512() { ... }
- DH *get_dh1024() { ... }
-
- DH *tmp_dh_callback(SSL *s, int is_export, int keylength)
- {
- DH *dh_tmp=NULL;
-
- switch (keylength) {
- case 512:
- if (!dh_512)
- dh_512 = get_dh512();
- dh_tmp = dh_512;
- break;
- case 1024:
- if (!dh_1024)
- dh_1024 = get_dh1024();
- dh_tmp = dh_1024;
- break;
- default:
- /* Generating a key on the fly is very costly, so use what is there */
- setup_dh_parameters_like_above();
- }
- return(dh_tmp);
- }
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return
-diagnostic output.
-
-SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0
-on failure. Check the error queue to find out the reason of failure.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
-L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
-L<ciphers(1)|ciphers(1)>, L<dhparam(1)|dhparam(1)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
deleted file mode 100644
index 534643c..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
+++ /dev/null
@@ -1,166 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
- RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
- long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);
- long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx);
-
- void SSL_set_tmp_rsa_callback(SSL_CTX *ctx,
- RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
- long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
- long SSL_need_tmp_rsa(SSL *ssl)
-
- RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_tmp_rsa_callback() sets the callback function for B<ctx> to be
-used when a temporary/ephemeral RSA key is required to B<tmp_rsa_callback>.
-The callback is inherited by all SSL objects newly created from B<ctx>
-with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
-
-SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be
-B<rsa>. The key is inherited by all SSL objects newly created from B<ctx>
-with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
-
-SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed
-for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
-with a keysize larger than 512 bits is installed.
-
-SSL_set_tmp_rsa_callback() sets the callback only for B<ssl>.
-
-SSL_set_tmp_rsa() sets the key only for B<ssl>.
-
-SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed,
-for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
-with a keysize larger than 512 bits is installed.
-
-These functions apply to SSL/TLS servers only.
-
-=head1 NOTES
-
-When using a cipher with RSA authentication, an ephemeral RSA key exchange
-can take place. In this case the session data are negotiated using the
-ephemeral/temporary RSA key and the RSA key supplied and certified
-by the certificate chain is only used for signing.
-
-Under previous export restrictions, ciphers with RSA keys shorter (512 bits)
-than the usual key length of 1024 bits were created. To use these ciphers
-with RSA keys of usual length, an ephemeral key exchange must be performed,
-as the normal (certified) key cannot be directly used.
-
-Using ephemeral RSA key exchange yields forward secrecy, as the connection
-can only be decrypted, when the RSA key is known. By generating a temporary
-RSA key inside the server application that is lost when the application
-is left, it becomes impossible for an attacker to decrypt past sessions,
-even if he gets hold of the normal (certified) RSA key, as this key was
-used for signing only. The downside is that creating a RSA key is
-computationally expensive.
-
-Additionally, the use of ephemeral RSA key exchange is only allowed in
-the TLS standard, when the RSA key can be used for signing only, that is
-for export ciphers. Using ephemeral RSA key exchange for other purposes
-violates the standard and can break interoperability with clients.
-It is therefore strongly recommended to not use ephemeral RSA key
-exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead
-in order to achieve forward secrecy (see
-L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
-
-On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default
-and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of
-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, violating the TLS/SSL
-standard. When ephemeral RSA key exchange is required for export ciphers,
-it will automatically be used without this option!
-
-An application may either directly specify the key or can supply the key via
-a callback function. The callback approach has the advantage, that the
-callback may generate the key only in case it is actually needed. As the
-generation of a RSA key is however costly, it will lead to a significant
-delay in the handshake procedure. Another advantage of the callback function
-is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA
-usage) while the explicit setting of the key is only useful for key size of
-512 bits to satisfy the export restricted ciphers and does give away key length
-if a longer key would be allowed.
-
-The B<tmp_rsa_callback> is called with the B<keylength> needed and
-the B<is_export> information. The B<is_export> flag is set, when the
-ephemeral RSA key exchange is performed with an export cipher.
-
-=head1 EXAMPLES
-
-Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the
-generation of a RSA key costs a lot of computer time, they saved for later
-reuse. For demonstration purposes, two keys for 512 bits and 1024 bits
-respectively are generated.
-
- ...
- /* Set up ephemeral RSA stuff */
- RSA *rsa_512 = NULL;
- RSA *rsa_1024 = NULL;
-
- rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);
- if (rsa_512 == NULL)
- evaluate_error_queue();
-
- rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);
- if (rsa_1024 == NULL)
- evaluate_error_queue();
-
- ...
-
- RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)
- {
- RSA *rsa_tmp=NULL;
-
- switch (keylength) {
- case 512:
- if (rsa_512)
- rsa_tmp = rsa_512;
- else { /* generate on the fly, should not happen in this example */
- rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);
- rsa_512 = rsa_tmp; /* Remember for later reuse */
- }
- break;
- case 1024:
- if (rsa_1024)
- rsa_tmp=rsa_1024;
- else
- should_not_happen_in_this_example();
- break;
- default:
- /* Generating a key on the fly is very costly, so use what is there */
- if (rsa_1024)
- rsa_tmp=rsa_1024;
- else
- rsa_tmp=rsa_512; /* Use at least a shorter key */
- }
- return(rsa_tmp);
- }
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return
-diagnostic output.
-
-SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0
-on failure. Check the error queue to find out the reason of failure.
-
-SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary
-RSA key is needed and 0 otherwise.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
-L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
-L<SSL_new(3)|SSL_new(3)>, L<ciphers(1)|ciphers(1)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
deleted file mode 100644
index ca8d81b..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
+++ /dev/null
@@ -1,294 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth - set peer certificate verification parameters
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
- int (*verify_callback)(int, X509_STORE_CTX *));
- void SSL_set_verify(SSL *s, int mode,
- int (*verify_callback)(int, X509_STORE_CTX *));
- void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
- void SSL_set_verify_depth(SSL *s, int depth);
-
- int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx);
-
-=head1 DESCRIPTION
-
-SSL_CTX_set_verify() sets the verification flags for B<ctx> to be B<mode> and
-specifies the B<verify_callback> function to be used. If no callback function
-shall be specified, the NULL pointer can be used for B<verify_callback>.
-
-SSL_set_verify() sets the verification flags for B<ssl> to be B<mode> and
-specifies the B<verify_callback> function to be used. If no callback function
-shall be specified, the NULL pointer can be used for B<verify_callback>. In
-this case last B<verify_callback> set specifically for this B<ssl> remains. If
-no special B<callback> was set before, the default callback for the underlying
-B<ctx> is used, that was valid at the the time B<ssl> was created with
-L<SSL_new(3)|SSL_new(3)>.
-
-SSL_CTX_set_verify_depth() sets the maximum B<depth> for the certificate chain
-verification that shall be allowed for B<ctx>. (See the BUGS section.)
-
-SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain
-verification that shall be allowed for B<ssl>. (See the BUGS section.)
-
-=head1 NOTES
-
-The verification of certificates can be controlled by a set of logically
-or'ed B<mode> flags:
-
-=over 4
-
-=item SSL_VERIFY_NONE
-
-B<Server mode:> the server will not send a client certificate request to the
-client, so the client will not send a certificate.
-
-B<Client mode:> if not using an anonymous cipher (by default disabled), the
-server will send a certificate which will be checked. The result of the
-certificate verification process can be checked after the TLS/SSL handshake
-using the L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> function.
-The handshake will be continued regardless of the verification result.
-
-=item SSL_VERIFY_PEER
-
-B<Server mode:> the server sends a client certificate request to the client.
-The certificate returned (if any) is checked. If the verification process
-fails, the TLS/SSL handshake is
-immediately terminated with an alert message containing the reason for
-the verification failure.
-The behaviour can be controlled by the additional
-SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE flags.
-
-B<Client mode:> the server certificate is verified. If the verification process
-fails, the TLS/SSL handshake is
-immediately terminated with an alert message containing the reason for
-the verification failure. If no server certificate is sent, because an
-anonymous cipher is used, SSL_VERIFY_PEER is ignored.
-
-=item SSL_VERIFY_FAIL_IF_NO_PEER_CERT
-
-B<Server mode:> if the client did not return a certificate, the TLS/SSL
-handshake is immediately terminated with a "handshake failure" alert.
-This flag must be used together with SSL_VERIFY_PEER.
-
-B<Client mode:> ignored
-
-=item SSL_VERIFY_CLIENT_ONCE
-
-B<Server mode:> only request a client certificate on the initial TLS/SSL
-handshake. Do not ask for a client certificate again in case of a
-renegotiation. This flag must be used together with SSL_VERIFY_PEER.
-
-B<Client mode:> ignored
-
-=back
-
-Exactly one of the B<mode> flags SSL_VERIFY_NONE and SSL_VERIFY_PEER must be
-set at any time.
-
-The actual verification procedure is performed either using the built-in
-verification procedure or using another application provided verification
-function set with
-L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>.
-The following descriptions apply in the case of the built-in procedure. An
-application provided procedure also has access to the verify depth information
-and the verify_callback() function, but the way this information is used
-may be different.
-
-SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set the limit up
-to which depth certificates in a chain are used during the verification
-procedure. If the certificate chain is longer than allowed, the certificates
-above the limit are ignored. Error messages are generated as if these
-certificates would not be present, most likely a
-X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued.
-The depth count is "level 0:peer certificate", "level 1: CA certificate",
-"level 2: higher level CA certificate", and so on. Setting the maximum
-depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9,
-allowing for the peer certificate and additional 9 CA certificates.
-
-The B<verify_callback> function is used to control the behaviour when the
-SSL_VERIFY_PEER flag is set. It must be supplied by the application and
-receives two arguments: B<preverify_ok> indicates, whether the verification of
-the certificate in question was passed (preverify_ok=1) or not
-(preverify_ok=0). B<x509_ctx> is a pointer to the complete context used
-for the certificate chain verification.
-
-The certificate chain is checked starting with the deepest nesting level
-(the root CA certificate) and worked upward to the peer's certificate.
-At each level signatures and issuer attributes are checked. Whenever
-a verification error is found, the error number is stored in B<x509_ctx>
-and B<verify_callback> is called with B<preverify_ok>=0. By applying
-X509_CTX_store_* functions B<verify_callback> can locate the certificate
-in question and perform additional steps (see EXAMPLES). If no error is
-found for a certificate, B<verify_callback> is called with B<preverify_ok>=1
-before advancing to the next level.
-
-The return value of B<verify_callback> controls the strategy of the further
-verification process. If B<verify_callback> returns 0, the verification
-process is immediately stopped with "verification failed" state. If
-SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and
-the TLS/SSL handshake is terminated. If B<verify_callback> returns 1,
-the verification process is continued. If B<verify_callback> always returns
-1, the TLS/SSL handshake will not be terminated with respect to verification
-failures and the connection will be established. The calling process can
-however retrieve the error code of the last verification error using
-L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> or by maintaining its
-own error storage managed by B<verify_callback>.
-
-If no B<verify_callback> is specified, the default callback will be used.
-Its return value is identical to B<preverify_ok>, so that any verification
-failure will lead to a termination of the TLS/SSL handshake with an
-alert message, if SSL_VERIFY_PEER is set.
-
-=head1 BUGS
-
-In client mode, it is not checked whether the SSL_VERIFY_PEER flag
-is set, but whether SSL_VERIFY_NONE is not set. This can lead to
-unexpected behaviour, if the SSL_VERIFY_PEER and SSL_VERIFY_NONE are not
-used as required (exactly one must be set at any time).
-
-The certificate verification depth set with SSL[_CTX]_verify_depth()
-stops the verification at a certain depth. The error message produced
-will be that of an incomplete certificate chain and not
-X509_V_ERR_CERT_CHAIN_TOO_LONG as may be expected.
-
-=head1 RETURN VALUES
-
-The SSL*_set_verify*() functions do not provide diagnostic information.
-
-=head1 EXAMPLES
-
-The following code sequence realizes an example B<verify_callback> function
-that will always continue the TLS/SSL handshake regardless of verification
-failure, if wished. The callback realizes a verification depth limit with
-more informational output.
-
-All verification errors are printed, informations about the certificate chain
-are printed on request.
-The example is realized for a server that does allow but not require client
-certificates.
-
-The example makes use of the ex_data technique to store application data
-into/retrieve application data from the SSL structure
-(see L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>,
-L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>).
-
- ...
- typedef struct {
- int verbose_mode;
- int verify_depth;
- int always_continue;
- } mydata_t;
- int mydata_index;
- ...
- static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
- {
- char buf[256];
- X509 *err_cert;
- int err, depth;
- SSL *ssl;
- mydata_t *mydata;
-
- err_cert = X509_STORE_CTX_get_current_cert(ctx);
- err = X509_STORE_CTX_get_error(ctx);
- depth = X509_STORE_CTX_get_error_depth(ctx);
-
- /*
- * Retrieve the pointer to the SSL of the connection currently treated
- * and the application specific data stored into the SSL object.
- */
- ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
- mydata = SSL_get_ex_data(ssl, mydata_index);
-
- X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
-
- /*
- * Catch a too long certificate chain. The depth limit set using
- * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
- * that whenever the "depth>verify_depth" condition is met, we
- * have violated the limit and want to log this error condition.
- * We must do it here, because the CHAIN_TOO_LONG error would not
- * be found explicitly; only errors introduced by cutting off the
- * additional certificates would be logged.
- */
- if (depth > mydata->verify_depth) {
- preverify_ok = 0;
- err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
- X509_STORE_CTX_set_error(ctx, err);
- }
- if (!preverify_ok) {
- printf("verify error:num=%d:%s:depth=%d:%s\n", err,
- X509_verify_cert_error_string(err), depth, buf);
- }
- else if (mydata->verbose_mode)
- {
- printf("depth=%d:%s\n", depth, buf);
- }
-
- /*
- * At this point, err contains the last verification error. We can use
- * it for something special
- */
- if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
- {
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
- printf("issuer= %s\n", buf);
- }
-
- if (mydata->always_continue)
- return 1;
- else
- return preverify_ok;
- }
- ...
-
- mydata_t mydata;
-
- ...
- mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
-
- ...
- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
- verify_callback);
-
- /*
- * Let the verify_callback catch the verify_depth error so that we get
- * an appropriate error in the logfile.
- */
- SSL_CTX_set_verify_depth(verify_depth + 1);
-
- /*
- * Set up the SSL specific data into "mydata" and store it into th SSL
- * structure.
- */
- mydata.verify_depth = verify_depth; ...
- SSL_set_ex_data(ssl, mydata_index, &mydata);
-
- ...
- SSL_accept(ssl); /* check of success left out for clarity */
- if (peer = SSL_get_peer_certificate(ssl))
- {
- if (SSL_get_verify_result(ssl) == X509_V_OK)
- {
- /* The client sent a certificate which verified OK */
- }
- }
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>,
-L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>,
-L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
-L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>,
-L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>,
-L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
-L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod b/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod
deleted file mode 100644
index 10be95f..0000000
--- a/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod
+++ /dev/null
@@ -1,169 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key - load certificate and key data
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
- int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
- int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
- int SSL_use_certificate(SSL *ssl, X509 *x);
- int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
- int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
-
- int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
-
- int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
- int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d,
- long len);
- int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
- int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
- int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
- int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
- int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
- int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
- int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
- int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
- int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
- int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
-
- int SSL_CTX_check_private_key(const SSL_CTX *ctx);
- int SSL_check_private_key(const SSL *ssl);
-
-=head1 DESCRIPTION
-
-These functions load the certificates and private keys into the SSL_CTX
-or SSL object, respectively.
-
-The SSL_CTX_* class of functions loads the certificates and keys into the
-SSL_CTX object B<ctx>. The information is passed to SSL objects B<ssl>
-created from B<ctx> with L<SSL_new(3)|SSL_new(3)> by copying, so that
-changes applied to B<ctx> do not propagate to already existing SSL objects.
-
-The SSL_* class of functions only loads certificates and keys into a
-specific SSL object. The specific information is kept, when
-L<SSL_clear(3)|SSL_clear(3)> is called for this SSL object.
-
-SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>,
-SSL_use_certificate() loads B<x> into B<ssl>. The rest of the
-certificates needed to form the complete certificate chain can be
-specified using the
-L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
-function.
-
-SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from
-the memory location B<d> (with length B<len>) into B<ctx>,
-SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into B<ssl>.
-
-SSL_CTX_use_certificate_file() loads the first certificate stored in B<file>
-into B<ctx>. The formatting B<type> of the certificate must be specified
-from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.
-SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>.
-See the NOTES section on why SSL_CTX_use_certificate_chain_file()
-should be preferred.
-
-SSL_CTX_use_certificate_chain_file() loads a certificate chain from
-B<file> into B<ctx>. The certificates must be in PEM format and must
-be sorted starting with the subject's certificate (actual client or server
-certificate), followed by intermediate CA certificates if applicable, and
-ending at the highest level (root) CA.
-There is no corresponding function working on a single SSL object.
-
-SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>.
-SSL_CTX_use_RSAPrivateKey() adds the private key B<rsa> of type RSA
-to B<ctx>. SSL_use_PrivateKey() adds B<pkey> as private key to B<ssl>;
-SSL_use_RSAPrivateKey() adds B<rsa> as private key of type RSA to B<ssl>.
-If a certificate has already been set and the private does not belong
-to the certificate an error is returned. To change a certificate, private
-key pair the new certificate needs to be set with SSL_use_certificate()
-or SSL_CTX_use_certificate() before setting the private key with
-SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey().
-
-
-SSL_CTX_use_PrivateKey_ASN1() adds the private key of type B<pk>
-stored at memory location B<d> (length B<len>) to B<ctx>.
-SSL_CTX_use_RSAPrivateKey_ASN1() adds the private key of type RSA
-stored at memory location B<d> (length B<len>) to B<ctx>.
-SSL_use_PrivateKey_ASN1() and SSL_use_RSAPrivateKey_ASN1() add the private
-key to B<ssl>.
-
-SSL_CTX_use_PrivateKey_file() adds the first private key found in
-B<file> to B<ctx>. The formatting B<type> of the certificate must be specified
-from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.
-SSL_CTX_use_RSAPrivateKey_file() adds the first private RSA key found in
-B<file> to B<ctx>. SSL_use_PrivateKey_file() adds the first private key found
-in B<file> to B<ssl>; SSL_use_RSAPrivateKey_file() adds the first private
-RSA key found to B<ssl>.
-
-SSL_CTX_check_private_key() checks the consistency of a private key with
-the corresponding certificate loaded into B<ctx>. If more than one
-key/certificate pair (RSA/DSA) is installed, the last item installed will
-be checked. If e.g. the last item was a RSA certificate or key, the RSA
-key/certificate pair will be checked. SSL_check_private_key() performs
-the same check for B<ssl>. If no key/certificate was explicitly added for
-this B<ssl>, the last item added into B<ctx> will be checked.
-
-=head1 NOTES
-
-The internal certificate store of OpenSSL can hold two private key/certificate
-pairs at a time: one key/certificate of type RSA and one key/certificate
-of type DSA. The certificate used depends on the cipher select, see
-also L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>.
-
-When reading certificates and private keys from file, files of type
-SSL_FILETYPE_ASN1 (also known as B<DER>, binary encoding) can only contain
-one certificate or private key, consequently
-SSL_CTX_use_certificate_chain_file() is only applicable to PEM formatting.
-Files of type SSL_FILETYPE_PEM can contain more than one item.
-
-SSL_CTX_use_certificate_chain_file() adds the first certificate found
-in the file to the certificate store. The other certificates are added
-to the store of chain certificates using
-L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>.
-There exists only one extra chain store, so that the same chain is appended
-to both types of certificates, RSA and DSA! If it is not intended to use
-both type of certificate at the same time, it is recommended to use the
-SSL_CTX_use_certificate_chain_file() instead of the
-SSL_CTX_use_certificate_file() function in order to allow the use of
-complete certificate chains even when no trusted CA storage is used or
-when the CA issuing the certificate shall not be added to the trusted
-CA storage.
-
-If additional certificates are needed to complete the chain during the
-TLS negotiation, CA certificates are additionally looked up in the
-locations of trusted CA certificates, see
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
-
-The private keys loaded from file can be encrypted. In order to successfully
-load encrypted keys, a function returning the passphrase must have been
-supplied, see
-L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>.
-(Certificate files might be encrypted as well from the technical point
-of view, it however does not make sense as the data in the certificate
-is considered public anyway.)
-
-=head1 RETURN VALUES
-
-On success, the functions return 1.
-Otherwise check out the error stack to find out the reason.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
-L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
-L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
-L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
-L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
-
-=head1 HISTORY
-
-Support for DER encoded private keys (SSL_FILETYPE_ASN1) in
-SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() was added
-in 0.9.8 .
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_SESSION_free.pod b/crypto/openssl/doc/ssl/SSL_SESSION_free.pod
deleted file mode 100644
index 558de01..0000000
--- a/crypto/openssl/doc/ssl/SSL_SESSION_free.pod
+++ /dev/null
@@ -1,55 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_SESSION_free - free an allocated SSL_SESSION structure
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_SESSION_free(SSL_SESSION *session);
-
-=head1 DESCRIPTION
-
-SSL_SESSION_free() decrements the reference count of B<session> and removes
-the B<SSL_SESSION> structure pointed to by B<session> and frees up the allocated
-memory, if the the reference count has reached 0.
-
-=head1 NOTES
-
-SSL_SESSION objects are allocated, when a TLS/SSL handshake operation
-is successfully completed. Depending on the settings, see
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
-the SSL_SESSION objects are internally referenced by the SSL_CTX and
-linked into its session cache. SSL objects may be using the SSL_SESSION object;
-as a session may be reused, several SSL objects may be using one SSL_SESSION
-object at the same time. It is therefore crucial to keep the reference
-count (usage information) correct and not delete a SSL_SESSION object
-that is still used, as this may lead to program failures due to
-dangling pointers. These failures may also appear delayed, e.g.
-when an SSL_SESSION object was completely freed as the reference count
-incorrectly became 0, but it is still referenced in the internal
-session cache and the cache list is processed during a
-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> operation.
-
-SSL_SESSION_free() must only be called for SSL_SESSION objects, for
-which the reference count was explicitly incremented (e.g.
-by calling SSL_get1_session(), see L<SSL_get_session(3)|SSL_get_session(3)>)
-or when the SSL_SESSION object was generated outside a TLS handshake
-operation, e.g. by using L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>.
-It must not be called on other SSL_SESSION objects, as this would cause
-incorrect reference counts and therefore program failures.
-
-=head1 RETURN VALUES
-
-SSL_SESSION_free() does not provide diagnostic information.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)>,
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
- L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod b/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod
deleted file mode 100644
index 657cda9..0000000
--- a/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod
+++ /dev/null
@@ -1,61 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data - internal application specific data functions
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_SESSION_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
-
- int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg);
-
- void *SSL_SESSION_get_ex_data(const SSL_SESSION *session, int idx);
-
- typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
- typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
- typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
- int idx, long argl, void *argp);
-
-=head1 DESCRIPTION
-
-Several OpenSSL structures can have application specific data attached to them.
-These functions are used internally by OpenSSL to manipulate application
-specific data attached to a specific structure.
-
-SSL_SESSION_get_ex_new_index() is used to register a new index for application
-specific data.
-
-SSL_SESSION_set_ex_data() is used to store application data at B<arg> for B<idx>
-into the B<session> object.
-
-SSL_SESSION_get_ex_data() is used to retrieve the information for B<idx> from
-B<session>.
-
-A detailed description for the B<*_get_ex_new_index()> functionality
-can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
-The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
-L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
-
-=head1 WARNINGS
-
-The application data is only maintained for sessions held in memory. The
-application data is not included when dumping the session with
-i2d_SSL_SESSION() (and all functions indirectly calling the dump functions
-like PEM_write_SSL_SESSION() and PEM_write_bio_SSL_SESSION()) and can
-therefore not be restored.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
-L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod b/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod
deleted file mode 100644
index 490337a..0000000
--- a/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod
+++ /dev/null
@@ -1,64 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_set_timeout - retrieve and manipulate session time and timeout settings
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_SESSION_get_time(const SSL_SESSION *s);
- long SSL_SESSION_set_time(SSL_SESSION *s, long tm);
- long SSL_SESSION_get_timeout(const SSL_SESSION *s);
- long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm);
-
- long SSL_get_time(const SSL_SESSION *s);
- long SSL_set_time(SSL_SESSION *s, long tm);
- long SSL_get_timeout(const SSL_SESSION *s);
- long SSL_set_timeout(SSL_SESSION *s, long tm);
-
-=head1 DESCRIPTION
-
-SSL_SESSION_get_time() returns the time at which the session B<s> was
-established. The time is given in seconds since the Epoch and therefore
-compatible to the time delivered by the time() call.
-
-SSL_SESSION_set_time() replaces the creation time of the session B<s> with
-the chosen value B<tm>.
-
-SSL_SESSION_get_timeout() returns the timeout value set for session B<s>
-in seconds.
-
-SSL_SESSION_set_timeout() sets the timeout value for session B<s> in seconds
-to B<tm>.
-
-The SSL_get_time(), SSL_set_time(), SSL_get_timeout(), and SSL_set_timeout()
-functions are synonyms for the SSL_SESSION_*() counterparts.
-
-=head1 NOTES
-
-Sessions are expired by examining the creation time and the timeout value.
-Both are set at creation time of the session to the actual time and the
-default timeout value at creation, respectively, as set by
-L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>.
-Using these functions it is possible to extend or shorten the lifetime
-of the session.
-
-=head1 RETURN VALUES
-
-SSL_SESSION_get_time() and SSL_SESSION_get_timeout() return the currently
-valid values.
-
-SSL_SESSION_set_time() and SSL_SESSION_set_timeout() return 1 on success.
-
-If any of the function is passed the NULL pointer for the session B<s>,
-0 is returned.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
-L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_accept.pod b/crypto/openssl/doc/ssl/SSL_accept.pod
deleted file mode 100644
index cc724c0..0000000
--- a/crypto/openssl/doc/ssl/SSL_accept.pod
+++ /dev/null
@@ -1,76 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_accept(SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake.
-The communication channel must already have been set and assigned to the
-B<ssl> by setting an underlying B<BIO>.
-
-=head1 NOTES
-
-The behaviour of SSL_accept() depends on the underlying BIO.
-
-If the underlying BIO is B<blocking>, SSL_accept() will only return once the
-handshake has been finished or an error occurred, except for SGC (Server
-Gated Cryptography). For SGC, SSL_accept() may return with -1, but
-SSL_get_error() will yield B<SSL_ERROR_WANT_READ/WRITE> and SSL_accept()
-should be called again.
-
-If the underlying BIO is B<non-blocking>, SSL_accept() will also return
-when the underlying BIO could not satisfy the needs of SSL_accept()
-to continue the handshake, indicating the problem by the return value -1.
-In this case a call to SSL_get_error() with the
-return value of SSL_accept() will yield B<SSL_ERROR_WANT_READ> or
-B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
-taking appropriate action to satisfy the needs of SSL_accept().
-The action depends on the underlying BIO. When using a non-blocking socket,
-nothing is to be done, but select() can be used to check for the required
-condition. When using a buffering BIO, like a BIO pair, data must be written
-into or retrieved out of the BIO before being able to continue.
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item 1
-
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
-=item 0
-
-The TLS/SSL handshake was not successful but was shut down controlled and
-by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
-return value B<ret> to find out the reason.
-
-=item E<lt>0
-
-The TLS/SSL handshake was not successful because a fatal error occurred either
-at the protocol level or a connection failure occurred. The shutdown was
-not clean. It can also occur of action is need to continue the operation
-for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
-to find out the reason.
-
-=back
-
-=head1 SEE ALSO
-
-L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
-L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
-L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
-L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
-L<SSL_CTX_new(3)|SSL_CTX_new(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_alert_type_string.pod b/crypto/openssl/doc/ssl/SSL_alert_type_string.pod
deleted file mode 100644
index 94e28cc..0000000
--- a/crypto/openssl/doc/ssl/SSL_alert_type_string.pod
+++ /dev/null
@@ -1,228 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long - get textual description of alert information
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- const char *SSL_alert_type_string(int value);
- const char *SSL_alert_type_string_long(int value);
-
- const char *SSL_alert_desc_string(int value);
- const char *SSL_alert_desc_string_long(int value);
-
-=head1 DESCRIPTION
-
-SSL_alert_type_string() returns a one letter string indicating the
-type of the alert specified by B<value>.
-
-SSL_alert_type_string_long() returns a string indicating the type of the alert
-specified by B<value>.
-
-SSL_alert_desc_string() returns a two letter string as a short form
-describing the reason of the alert specified by B<value>.
-
-SSL_alert_desc_string_long() returns a string describing the reason
-of the alert specified by B<value>.
-
-=head1 NOTES
-
-When one side of an SSL/TLS communication wants to inform the peer about
-a special situation, it sends an alert. The alert is sent as a special message
-and does not influence the normal data stream (unless its contents results
-in the communication being canceled).
-
-A warning alert is sent, when a non-fatal error condition occurs. The
-"close notify" alert is sent as a warning alert. Other examples for
-non-fatal errors are certificate errors ("certificate expired",
-"unsupported certificate"), for which a warning alert may be sent.
-(The sending party may however decide to send a fatal error.) The
-receiving side may cancel the connection on reception of a warning
-alert on it discretion.
-
-Several alert messages must be sent as fatal alert messages as specified
-by the TLS RFC. A fatal alert always leads to a connection abort.
-
-=head1 RETURN VALUES
-
-The following strings can occur for SSL_alert_type_string() or
-SSL_alert_type_string_long():
-
-=over 4
-
-=item "W"/"warning"
-
-=item "F"/"fatal"
-
-=item "U"/"unknown"
-
-This indicates that no support is available for this alert type.
-Probably B<value> does not contain a correct alert message.
-
-=back
-
-The following strings can occur for SSL_alert_desc_string() or
-SSL_alert_desc_string_long():
-
-=over 4
-
-=item "CN"/"close notify"
-
-The connection shall be closed. This is a warning alert.
-
-=item "UM"/"unexpected message"
-
-An inappropriate message was received. This alert is always fatal
-and should never be observed in communication between proper
-implementations.
-
-=item "BM"/"bad record mac"
-
-This alert is returned if a record is received with an incorrect
-MAC. This message is always fatal.
-
-=item "DF"/"decompression failure"
-
-The decompression function received improper input (e.g. data
-that would expand to excessive length). This message is always
-fatal.
-
-=item "HF"/"handshake failure"
-
-Reception of a handshake_failure alert message indicates that the
-sender was unable to negotiate an acceptable set of security
-parameters given the options available. This is a fatal error.
-
-=item "NC"/"no certificate"
-
-A client, that was asked to send a certificate, does not send a certificate
-(SSLv3 only).
-
-=item "BC"/"bad certificate"
-
-A certificate was corrupt, contained signatures that did not
-verify correctly, etc
-
-=item "UC"/"unsupported certificate"
-
-A certificate was of an unsupported type.
-
-=item "CR"/"certificate revoked"
-
-A certificate was revoked by its signer.
-
-=item "CE"/"certificate expired"
-
-A certificate has expired or is not currently valid.
-
-=item "CU"/"certificate unknown"
-
-Some other (unspecified) issue arose in processing the
-certificate, rendering it unacceptable.
-
-=item "IP"/"illegal parameter"
-
-A field in the handshake was out of range or inconsistent with
-other fields. This is always fatal.
-
-=item "DC"/"decryption failed"
-
-A TLSCiphertext decrypted in an invalid way: either it wasn't an
-even multiple of the block length or its padding values, when
-checked, weren't correct. This message is always fatal.
-
-=item "RO"/"record overflow"
-
-A TLSCiphertext record was received which had a length more than
-2^14+2048 bytes, or a record decrypted to a TLSCompressed record
-with more than 2^14+1024 bytes. This message is always fatal.
-
-=item "CA"/"unknown CA"
-
-A valid certificate chain or partial chain was received, but the
-certificate was not accepted because the CA certificate could not
-be located or couldn't be matched with a known, trusted CA. This
-message is always fatal.
-
-=item "AD"/"access denied"
-
-A valid certificate was received, but when access control was
-applied, the sender decided not to proceed with negotiation.
-This message is always fatal.
-
-=item "DE"/"decode error"
-
-A message could not be decoded because some field was out of the
-specified range or the length of the message was incorrect. This
-message is always fatal.
-
-=item "CY"/"decrypt error"
-
-A handshake cryptographic operation failed, including being
-unable to correctly verify a signature, decrypt a key exchange,
-or validate a finished message.
-
-=item "ER"/"export restriction"
-
-A negotiation not in compliance with export restrictions was
-detected; for example, attempting to transfer a 1024 bit
-ephemeral RSA key for the RSA_EXPORT handshake method. This
-message is always fatal.
-
-=item "PV"/"protocol version"
-
-The protocol version the client has attempted to negotiate is
-recognized, but not supported. (For example, old protocol
-versions might be avoided for security reasons). This message is
-always fatal.
-
-=item "IS"/"insufficient security"
-
-Returned instead of handshake_failure when a negotiation has
-failed specifically because the server requires ciphers more
-secure than those supported by the client. This message is always
-fatal.
-
-=item "IE"/"internal error"
-
-An internal error unrelated to the peer or the correctness of the
-protocol makes it impossible to continue (such as a memory
-allocation failure). This message is always fatal.
-
-=item "US"/"user canceled"
-
-This handshake is being canceled for some reason unrelated to a
-protocol failure. If the user cancels an operation after the
-handshake is complete, just closing the connection by sending a
-close_notify is more appropriate. This alert should be followed
-by a close_notify. This message is generally a warning.
-
-=item "NR"/"no renegotiation"
-
-Sent by the client in response to a hello request or by the
-server in response to a client hello after initial handshaking.
-Either of these would normally lead to renegotiation; when that
-is not appropriate, the recipient should respond with this alert;
-at that point, the original requester can decide whether to
-proceed with the connection. One case where this would be
-appropriate would be where a server has spawned a process to
-satisfy a request; the process might receive security parameters
-(key length, authentication, etc.) at startup and it might be
-difficult to communicate changes to these parameters after that
-point. This message is always a warning.
-
-=item "UK"/"unknown"
-
-This indicates that no description is available for this alert type.
-Probably B<value> does not contain a correct alert message.
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_clear.pod b/crypto/openssl/doc/ssl/SSL_clear.pod
deleted file mode 100644
index 8e077e31..0000000
--- a/crypto/openssl/doc/ssl/SSL_clear.pod
+++ /dev/null
@@ -1,69 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_clear - reset SSL object to allow another connection
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_clear(SSL *ssl);
-
-=head1 DESCRIPTION
-
-Reset B<ssl> to allow another connection. All settings (method, ciphers,
-BIOs) are kept.
-
-=head1 NOTES
-
-SSL_clear is used to prepare an SSL object for a new connection. While all
-settings are kept, a side effect is the handling of the current SSL session.
-If a session is still B<open>, it is considered bad and will be removed
-from the session cache, as required by RFC2246. A session is considered open,
-if L<SSL_shutdown(3)|SSL_shutdown(3)> was not called for the connection
-or at least L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> was used to
-set the SSL_SENT_SHUTDOWN state.
-
-If a session was closed cleanly, the session object will be kept and all
-settings corresponding. This explicitly means, that e.g. the special method
-used during the session will be kept for the next handshake. So if the
-session was a TLSv1 session, a SSL client object will use a TLSv1 client
-method for the next handshake and a SSL server object will use a TLSv1
-server method, even if SSLv23_*_methods were chosen on startup. This
-will might lead to connection failures (see L<SSL_new(3)|SSL_new(3)>)
-for a description of the method's properties.
-
-=head1 WARNINGS
-
-SSL_clear() resets the SSL object to allow for another connection. The
-reset operation however keeps several settings of the last sessions
-(some of these settings were made automatically during the last
-handshake). It only makes sense when opening a new session (or reusing
-an old one) with the same peer that shares these settings.
-SSL_clear() is not a short form for the sequence
-L<SSL_free(3)|SSL_free(3)>; L<SSL_new(3)|SSL_new(3)>; .
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item 0
-
-The SSL_clear() operation could not be performed. Check the error stack to
-find out the reason.
-
-=item 1
-
-The SSL_clear() operation was successful.
-
-=back
-
-L<SSL_new(3)|SSL_new(3)>, L<SSL_free(3)|SSL_free(3)>,
-L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, L<ssl(3)|ssl(3)>,
-L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_connect.pod b/crypto/openssl/doc/ssl/SSL_connect.pod
deleted file mode 100644
index cc56ebb..0000000
--- a/crypto/openssl/doc/ssl/SSL_connect.pod
+++ /dev/null
@@ -1,73 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_connect(SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_connect() initiates the TLS/SSL handshake with a server. The communication
-channel must already have been set and assigned to the B<ssl> by setting an
-underlying B<BIO>.
-
-=head1 NOTES
-
-The behaviour of SSL_connect() depends on the underlying BIO.
-
-If the underlying BIO is B<blocking>, SSL_connect() will only return once the
-handshake has been finished or an error occurred.
-
-If the underlying BIO is B<non-blocking>, SSL_connect() will also return
-when the underlying BIO could not satisfy the needs of SSL_connect()
-to continue the handshake, indicating the problem by the return value -1.
-In this case a call to SSL_get_error() with the
-return value of SSL_connect() will yield B<SSL_ERROR_WANT_READ> or
-B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
-taking appropriate action to satisfy the needs of SSL_connect().
-The action depends on the underlying BIO. When using a non-blocking socket,
-nothing is to be done, but select() can be used to check for the required
-condition. When using a buffering BIO, like a BIO pair, data must be written
-into or retrieved out of the BIO before being able to continue.
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item 1
-
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
-=item 0
-
-The TLS/SSL handshake was not successful but was shut down controlled and
-by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
-return value B<ret> to find out the reason.
-
-=item E<lt>0
-
-The TLS/SSL handshake was not successful, because a fatal error occurred either
-at the protocol level or a connection failure occurred. The shutdown was
-not clean. It can also occur of action is need to continue the operation
-for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
-to find out the reason.
-
-=back
-
-=head1 SEE ALSO
-
-L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>,
-L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
-L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
-L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
-L<SSL_CTX_new(3)|SSL_CTX_new(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_do_handshake.pod b/crypto/openssl/doc/ssl/SSL_do_handshake.pod
deleted file mode 100644
index 2435764..0000000
--- a/crypto/openssl/doc/ssl/SSL_do_handshake.pod
+++ /dev/null
@@ -1,75 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_do_handshake - perform a TLS/SSL handshake
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_do_handshake(SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the
-connection is in client mode, the handshake will be started. The handshake
-routines may have to be explicitly set in advance using either
-L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or
-L<SSL_set_accept_state(3)|SSL_set_accept_state(3)>.
-
-=head1 NOTES
-
-The behaviour of SSL_do_handshake() depends on the underlying BIO.
-
-If the underlying BIO is B<blocking>, SSL_do_handshake() will only return
-once the handshake has been finished or an error occurred, except for SGC
-(Server Gated Cryptography). For SGC, SSL_do_handshake() may return with -1,
-but SSL_get_error() will yield B<SSL_ERROR_WANT_READ/WRITE> and
-SSL_do_handshake() should be called again.
-
-If the underlying BIO is B<non-blocking>, SSL_do_handshake() will also return
-when the underlying BIO could not satisfy the needs of SSL_do_handshake()
-to continue the handshake. In this case a call to SSL_get_error() with the
-return value of SSL_do_handshake() will yield B<SSL_ERROR_WANT_READ> or
-B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
-taking appropriate action to satisfy the needs of SSL_do_handshake().
-The action depends on the underlying BIO. When using a non-blocking socket,
-nothing is to be done, but select() can be used to check for the required
-condition. When using a buffering BIO, like a BIO pair, data must be written
-into or retrieved out of the BIO before being able to continue.
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item 1
-
-The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
-established.
-
-=item 0
-
-The TLS/SSL handshake was not successful but was shut down controlled and
-by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
-return value B<ret> to find out the reason.
-
-=item E<lt>0
-
-The TLS/SSL handshake was not successful because a fatal error occurred either
-at the protocol level or a connection failure occurred. The shutdown was
-not clean. It can also occur of action is need to continue the operation
-for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
-to find out the reason.
-
-=back
-
-=head1 SEE ALSO
-
-L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
-L<SSL_accept(3)|SSL_accept(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
-L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_free.pod b/crypto/openssl/doc/ssl/SSL_free.pod
deleted file mode 100644
index 2d4f8b6..0000000
--- a/crypto/openssl/doc/ssl/SSL_free.pod
+++ /dev/null
@@ -1,44 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_free - free an allocated SSL structure
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_free(SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_free() decrements the reference count of B<ssl>, and removes the SSL
-structure pointed to by B<ssl> and frees up the allocated memory if the
-the reference count has reached 0.
-
-=head1 NOTES
-
-SSL_free() also calls the free()ing procedures for indirectly affected items, if
-applicable: the buffering BIO, the read and write BIOs,
-cipher lists specially created for this B<ssl>, the B<SSL_SESSION>.
-Do not explicitly free these indirectly freed up items before or after
-calling SSL_free(), as trying to free things twice may lead to program
-failure.
-
-The ssl session has reference counts from two users: the SSL object, for
-which the reference count is removed by SSL_free() and the internal
-session cache. If the session is considered bad, because
-L<SSL_shutdown(3)|SSL_shutdown(3)> was not called for the connection
-and L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> was not used to set the
-SSL_SENT_SHUTDOWN state, the session will also be removed
-from the session cache as required by RFC2246.
-
-=head1 RETURN VALUES
-
-SSL_free() does not provide diagnostic information.
-
-L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
-L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
-L<ssl(3)|ssl(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod b/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod
deleted file mode 100644
index 659c482..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod
+++ /dev/null
@@ -1,26 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_get_SSL_CTX() returns a pointer to the SSL_CTX object, from which
-B<ssl> was created with L<SSL_new(3)|SSL_new(3)>.
-
-=head1 RETURN VALUES
-
-The pointer to the SSL_CTX object is returned.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_ciphers.pod b/crypto/openssl/doc/ssl/SSL_get_ciphers.pod
deleted file mode 100644
index aecadd9..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_ciphers.pod
+++ /dev/null
@@ -1,42 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl);
- const char *SSL_get_cipher_list(const SSL *ssl, int priority);
-
-=head1 DESCRIPTION
-
-SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B<ssl>,
-sorted by preference. If B<ssl> is NULL or no ciphers are available, NULL
-is returned.
-
-SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER
-listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are
-available, or there are less ciphers than B<priority> available, NULL
-is returned.
-
-=head1 NOTES
-
-The details of the ciphers obtained by SSL_get_ciphers() can be obtained using
-the L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> family of functions.
-
-Call SSL_get_cipher_list() with B<priority> starting from 0 to obtain the
-sorted list of available ciphers, until NULL is returned.
-
-=head1 RETURN VALUES
-
-See DESCRIPTION
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
-L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod b/crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod
deleted file mode 100644
index 68181b2..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod
+++ /dev/null
@@ -1,53 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
- STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx);
-
-=head1 DESCRIPTION
-
-SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for
-B<ctx> using L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>.
-
-SSL_get_client_CA_list() returns the list of client CAs explicitly
-set for B<ssl> using SSL_set_client_CA_list() or B<ssl>'s SSL_CTX object with
-L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>, when in
-server mode. In client mode, SSL_get_client_CA_list returns the list of
-client CAs sent from the server, if any.
-
-=head1 RETURN VALUES
-
-SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
-diagnostic information.
-
-SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
-values:
-
-=over 4
-
-=item STACK_OF(X509_NAMES)
-
-List of CA names explicitly set (for B<ctx> or in server mode) or send
-by the server (client mode).
-
-=item NULL
-
-No client CA list was explicitly set (for B<ctx> or in server mode) or
-the server did not send a list of CAs (client mode).
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
-L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_current_cipher.pod b/crypto/openssl/doc/ssl/SSL_get_current_cipher.pod
deleted file mode 100644
index e5ab124..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_current_cipher.pod
+++ /dev/null
@@ -1,43 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name,
-SSL_get_cipher_bits, SSL_get_cipher_version - get SSL_CIPHER of a connection
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
- #define SSL_get_cipher(s) \
- SSL_CIPHER_get_name(SSL_get_current_cipher(s))
- #define SSL_get_cipher_name(s) \
- SSL_CIPHER_get_name(SSL_get_current_cipher(s))
- #define SSL_get_cipher_bits(s,np) \
- SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
- #define SSL_get_cipher_version(s) \
- SSL_CIPHER_get_version(SSL_get_current_cipher(s))
-
-=head1 DESCRIPTION
-
-SSL_get_current_cipher() returns a pointer to an SSL_CIPHER object containing
-the description of the actually used cipher of a connection established with
-the B<ssl> object.
-
-SSL_get_cipher() and SSL_get_cipher_name() are identical macros to obtain the
-name of the currently used cipher. SSL_get_cipher_bits() is a
-macro to obtain the number of secret/algorithm bits used and
-SSL_get_cipher_version() returns the protocol name.
-See L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> for more details.
-
-=head1 RETURN VALUES
-
-SSL_get_current_cipher() returns the cipher actually used or NULL, when
-no session has been established.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod b/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod
deleted file mode 100644
index a648a9b..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod
+++ /dev/null
@@ -1,41 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_default_timeout - get default session timeout value
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_get_default_timeout(const SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_get_default_timeout() returns the default timeout value assigned to
-SSL_SESSION objects negotiated for the protocol valid for B<ssl>.
-
-=head1 NOTES
-
-Whenever a new session is negotiated, it is assigned a timeout value,
-after which it will not be accepted for session reuse. If the timeout
-value was not explicitly set using
-L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, the hardcoded default
-timeout for the protocol will be used.
-
-SSL_get_default_timeout() return this hardcoded value, which is 300 seconds
-for all currently supported protocols (SSLv2, SSLv3, and TLSv1).
-
-=head1 RETURN VALUES
-
-See description.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
-L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
-L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_error.pod b/crypto/openssl/doc/ssl/SSL_get_error.pod
deleted file mode 100644
index 48c6b15..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_error.pod
+++ /dev/null
@@ -1,114 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_error - obtain result code for TLS/SSL I/O operation
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_get_error(const SSL *ssl, int ret);
-
-=head1 DESCRIPTION
-
-SSL_get_error() returns a result code (suitable for the C "switch"
-statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(),
-SSL_read(), SSL_peek(), or SSL_write() on B<ssl>. The value returned by
-that TLS/SSL I/O function must be passed to SSL_get_error() in parameter
-B<ret>.
-
-In addition to B<ssl> and B<ret>, SSL_get_error() inspects the
-current thread's OpenSSL error queue. Thus, SSL_get_error() must be
-used in the same thread that performed the TLS/SSL I/O operation, and no
-other OpenSSL function calls should appear in between. The current
-thread's error queue must be empty before the TLS/SSL I/O operation is
-attempted, or SSL_get_error() will not work reliably.
-
-=head1 RETURN VALUES
-
-The following return values can currently occur:
-
-=over 4
-
-=item SSL_ERROR_NONE
-
-The TLS/SSL I/O operation completed. This result code is returned
-if and only if B<ret E<gt> 0>.
-
-=item SSL_ERROR_ZERO_RETURN
-
-The TLS/SSL connection has been closed. If the protocol version is SSL 3.0
-or TLS 1.0, this result code is returned only if a closure
-alert has occurred in the protocol, i.e. if the connection has been
-closed cleanly. Note that in this case B<SSL_ERROR_ZERO_RETURN>
-does not necessarily indicate that the underlying transport
-has been closed.
-
-=item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
-
-The operation did not complete; the same TLS/SSL I/O function should be
-called again later. If, by then, the underlying B<BIO> has data
-available for reading (if the result code is B<SSL_ERROR_WANT_READ>)
-or allows writing data (B<SSL_ERROR_WANT_WRITE>), then some TLS/SSL
-protocol progress will take place, i.e. at least part of an TLS/SSL
-record will be read or written. Note that the retry may again lead to
-a B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE> condition.
-There is no fixed upper limit for the number of iterations that
-may be necessary until progress becomes visible at application
-protocol level.
-
-For socket B<BIO>s (e.g. when SSL_set_fd() was used), select() or
-poll() on the underlying socket can be used to find out when the
-TLS/SSL I/O function should be retried.
-
-Caveat: Any TLS/SSL I/O function can lead to either of
-B<SSL_ERROR_WANT_READ> and B<SSL_ERROR_WANT_WRITE>. In particular,
-SSL_read() or SSL_peek() may want to write data and SSL_write() may want
-to read data. This is mainly because TLS/SSL handshakes may occur at any
-time during the protocol (initiated by either the client or the server);
-SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes.
-
-=item SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT
-
-The operation did not complete; the same TLS/SSL I/O function should be
-called again later. The underlying BIO was not connected yet to the peer
-and the call would block in connect()/accept(). The SSL function should be
-called again when the connection is established. These messages can only
-appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively.
-In order to find out, when the connection has been successfully established,
-on many platforms select() or poll() for writing on the socket file descriptor
-can be used.
-
-=item SSL_ERROR_WANT_X509_LOOKUP
-
-The operation did not complete because an application callback set by
-SSL_CTX_set_client_cert_cb() has asked to be called again.
-The TLS/SSL I/O function should be called again later.
-Details depend on the application.
-
-=item SSL_ERROR_SYSCALL
-
-Some I/O error occurred. The OpenSSL error queue may contain more
-information on the error. If the error queue is empty
-(i.e. ERR_get_error() returns 0), B<ret> can be used to find out more
-about the error: If B<ret == 0>, an EOF was observed that violates
-the protocol. If B<ret == -1>, the underlying B<BIO> reported an
-I/O error (for socket I/O on Unix systems, consult B<errno> for details).
-
-=item SSL_ERROR_SSL
-
-A failure in the SSL library occurred, usually a protocol error. The
-OpenSSL error queue contains more information on the error.
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<err(3)|err(3)>
-
-=head1 HISTORY
-
-SSL_get_error() was added in SSLeay 0.8.
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod b/crypto/openssl/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod
deleted file mode 100644
index 165c6a5..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod
+++ /dev/null
@@ -1,61 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_ex_data_X509_STORE_CTX_idx - get ex_data index to access SSL structure
-from X509_STORE_CTX
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_get_ex_data_X509_STORE_CTX_idx(void);
-
-=head1 DESCRIPTION
-
-SSL_get_ex_data_X509_STORE_CTX_idx() returns the index number under which
-the pointer to the SSL object is stored into the X509_STORE_CTX object.
-
-=head1 NOTES
-
-Whenever a X509_STORE_CTX object is created for the verification of the
-peers certificate during a handshake, a pointer to the SSL object is
-stored into the X509_STORE_CTX object to identify the connection affected.
-To retrieve this pointer the X509_STORE_CTX_get_ex_data() function can
-be used with the correct index. This index is globally the same for all
-X509_STORE_CTX objects and can be retrieved using
-SSL_get_ex_data_X509_STORE_CTX_idx(). The index value is set when
-SSL_get_ex_data_X509_STORE_CTX_idx() is first called either by the application
-program directly or indirectly during other SSL setup functions or during
-the handshake.
-
-The value depends on other index values defined for X509_STORE_CTX objects
-before the SSL index is created.
-
-=head1 RETURN VALUES
-
-=over 4
-
-=item E<gt>=0
-
-The index value to access the pointer.
-
-=item E<lt>0
-
-An error occurred, check the error stack for a detailed error message.
-
-=back
-
-=head1 EXAMPLES
-
-The index returned from SSL_get_ex_data_X509_STORE_CTX_idx() allows to
-access the SSL object for the connection to be accessed during the
-verify_callback() when checking the peers certificate. Please check
-the example in L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
-L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod b/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod
deleted file mode 100644
index 228d23d..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod
+++ /dev/null
@@ -1,59 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data - internal application specific data functions
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_get_ex_new_index(long argl, void *argp,
- CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,
- CRYPTO_EX_free *free_func);
-
- int SSL_set_ex_data(SSL *ssl, int idx, void *arg);
-
- void *SSL_get_ex_data(const SSL *ssl, int idx);
-
- typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
- typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
- int idx, long argl, void *argp);
- typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
- int idx, long argl, void *argp);
-
-=head1 DESCRIPTION
-
-Several OpenSSL structures can have application specific data attached to them.
-These functions are used internally by OpenSSL to manipulate application
-specific data attached to a specific structure.
-
-SSL_get_ex_new_index() is used to register a new index for application
-specific data.
-
-SSL_set_ex_data() is used to store application data at B<arg> for B<idx> into
-the B<ssl> object.
-
-SSL_get_ex_data() is used to retrieve the information for B<idx> from
-B<ssl>.
-
-A detailed description for the B<*_get_ex_new_index()> functionality
-can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
-The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
-L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
-
-=head1 EXAMPLES
-
-An example on how to use the functionality is included in the example
-verify_callback() in L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
-L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>,
-L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_fd.pod b/crypto/openssl/doc/ssl/SSL_get_fd.pod
deleted file mode 100644
index 89260b5..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_fd.pod
+++ /dev/null
@@ -1,44 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_fd - get file descriptor linked to an SSL object
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_get_fd(const SSL *ssl);
- int SSL_get_rfd(const SSL *ssl);
- int SSL_get_wfd(const SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_get_fd() returns the file descriptor which is linked to B<ssl>.
-SSL_get_rfd() and SSL_get_wfd() return the file descriptors for the
-read or the write channel, which can be different. If the read and the
-write channel are different, SSL_get_fd() will return the file descriptor
-of the read channel.
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item -1
-
-The operation failed, because the underlying BIO is not of the correct type
-(suitable for file descriptors).
-
-=item E<gt>=0
-
-The file descriptor linked to B<ssl>.
-
-=back
-
-=head1 SEE ALSO
-
-L<SSL_set_fd(3)|SSL_set_fd(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_peer_cert_chain.pod b/crypto/openssl/doc/ssl/SSL_get_peer_cert_chain.pod
deleted file mode 100644
index 49fb88f..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_peer_cert_chain.pod
+++ /dev/null
@@ -1,52 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_peer_cert_chain - get the X509 certificate chain of the peer
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- STACKOF(X509) *SSL_get_peer_cert_chain(const SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_get_peer_cert_chain() returns a pointer to STACKOF(X509) certificates
-forming the certificate chain of the peer. If called on the client side,
-the stack also contains the peer's certificate; if called on the server
-side, the peer's certificate must be obtained separately using
-L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>.
-If the peer did not present a certificate, NULL is returned.
-
-=head1 NOTES
-
-The peer certificate chain is not necessarily available after reusing
-a session, in which case a NULL pointer is returned.
-
-The reference count of the STACKOF(X509) object is not incremented.
-If the corresponding session is freed, the pointer must not be used
-any longer.
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item NULL
-
-No certificate was presented by the peer or no connection was established
-or the certificate chain is no longer available when a session is reused.
-
-=item Pointer to a STACKOF(X509)
-
-The return value points to the certificate chain presented by the peer.
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod b/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod
deleted file mode 100644
index ef7c8be..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod
+++ /dev/null
@@ -1,55 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_peer_certificate - get the X509 certificate of the peer
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- X509 *SSL_get_peer_certificate(const SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_get_peer_certificate() returns a pointer to the X509 certificate the
-peer presented. If the peer did not present a certificate, NULL is returned.
-
-=head1 NOTES
-
-Due to the protocol definition, a TLS/SSL server will always send a
-certificate, if present. A client will only send a certificate when
-explicitly requested to do so by the server (see
-L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>). If an anonymous cipher
-is used, no certificates are sent.
-
-That a certificate is returned does not indicate information about the
-verification state, use L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
-to check the verification state.
-
-The reference count of the X509 object is incremented by one, so that it
-will not be destroyed when the session containing the peer certificate is
-freed. The X509 object must be explicitly freed using X509_free().
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item NULL
-
-No certificate was presented by the peer or no connection was established.
-
-=item Pointer to an X509 certificate
-
-The return value points to the certificate presented by the peer.
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
-L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_rbio.pod b/crypto/openssl/doc/ssl/SSL_get_rbio.pod
deleted file mode 100644
index 3d98233..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_rbio.pod
+++ /dev/null
@@ -1,40 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_rbio - get BIO linked to an SSL object
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- BIO *SSL_get_rbio(SSL *ssl);
- BIO *SSL_get_wbio(SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_get_rbio() and SSL_get_wbio() return pointers to the BIOs for the
-read or the write channel, which can be different. The reference count
-of the BIO is not incremented.
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item NULL
-
-No BIO was connected to the SSL object
-
-=item Any other pointer
-
-The BIO linked to B<ssl>.
-
-=back
-
-=head1 SEE ALSO
-
-L<SSL_set_bio(3)|SSL_set_bio(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_session.pod b/crypto/openssl/doc/ssl/SSL_get_session.pod
deleted file mode 100644
index 0c41caa..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_session.pod
+++ /dev/null
@@ -1,73 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_session - retrieve TLS/SSL session data
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- SSL_SESSION *SSL_get_session(const SSL *ssl);
- SSL_SESSION *SSL_get0_session(const SSL *ssl);
- SSL_SESSION *SSL_get1_session(SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_get_session() returns a pointer to the B<SSL_SESSION> actually used in
-B<ssl>. The reference count of the B<SSL_SESSION> is not incremented, so
-that the pointer can become invalid by other operations.
-
-SSL_get0_session() is the same as SSL_get_session().
-
-SSL_get1_session() is the same as SSL_get_session(), but the reference
-count of the B<SSL_SESSION> is incremented by one.
-
-=head1 NOTES
-
-The ssl session contains all information required to re-establish the
-connection without a new handshake.
-
-SSL_get0_session() returns a pointer to the actual session. As the
-reference counter is not incremented, the pointer is only valid while
-the connection is in use. If L<SSL_clear(3)|SSL_clear(3)> or
-L<SSL_free(3)|SSL_free(3)> is called, the session may be removed completely
-(if considered bad), and the pointer obtained will become invalid. Even
-if the session is valid, it can be removed at any time due to timeout
-during L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>.
-
-If the data is to be kept, SSL_get1_session() will increment the reference
-count, so that the session will not be implicitly removed by other operations
-but stays in memory. In order to remove the session
-L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> must be explicitly called once
-to decrement the reference count again.
-
-SSL_SESSION objects keep internal link information about the session cache
-list, when being inserted into one SSL_CTX object's session cache.
-One SSL_SESSION object, regardless of its reference count, must therefore
-only be used with one SSL_CTX object (and the SSL objects created
-from this SSL_CTX object).
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item NULL
-
-There is no session available in B<ssl>.
-
-=item Pointer to an SSL
-
-The return value points to the data of an SSL session.
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_free(3)|SSL_free(3)>,
-L<SSL_clear(3)|SSL_clear(3)>,
-L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_verify_result.pod b/crypto/openssl/doc/ssl/SSL_get_verify_result.pod
deleted file mode 100644
index 55b56a5..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_verify_result.pod
+++ /dev/null
@@ -1,57 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_verify_result - get result of peer certificate verification
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- long SSL_get_verify_result(const SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_get_verify_result() returns the result of the verification of the
-X509 certificate presented by the peer, if any.
-
-=head1 NOTES
-
-SSL_get_verify_result() can only return one error code while the verification
-of a certificate can fail because of many reasons at the same time. Only
-the last verification error that occurred during the processing is available
-from SSL_get_verify_result().
-
-The verification result is part of the established session and is restored
-when a session is reused.
-
-=head1 BUGS
-
-If no peer certificate was presented, the returned result code is
-X509_V_OK. This is because no verification error occurred, it does however
-not indicate success. SSL_get_verify_result() is only useful in connection
-with L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>.
-
-=head1 RETURN VALUES
-
-The following return values can currently occur:
-
-=over 4
-
-=item X509_V_OK
-
-The verification succeeded or no peer certificate was presented.
-
-=item Any other value
-
-Documented in L<verify(1)|verify(1)>.
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_set_verify_result(3)|SSL_set_verify_result(3)>,
-L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>,
-L<verify(1)|verify(1)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_get_version.pod b/crypto/openssl/doc/ssl/SSL_get_version.pod
deleted file mode 100644
index cc271db..0000000
--- a/crypto/openssl/doc/ssl/SSL_get_version.pod
+++ /dev/null
@@ -1,46 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_get_version - get the protocol version of a connection.
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- const char *SSL_get_version(const SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_get_cipher_version() returns the name of the protocol used for the
-connection B<ssl>.
-
-=head1 RETURN VALUES
-
-The following strings can occur:
-
-=over 4
-
-=item SSLv2
-
-The connection uses the SSLv2 protocol.
-
-=item SSLv3
-
-The connection uses the SSLv3 protocol.
-
-=item TLSv1
-
-The connection uses the TLSv1 protocol.
-
-=item unknown
-
-This indicates that no version has been set (no connection established).
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_library_init.pod b/crypto/openssl/doc/ssl/SSL_library_init.pod
deleted file mode 100644
index ecf3c48..0000000
--- a/crypto/openssl/doc/ssl/SSL_library_init.pod
+++ /dev/null
@@ -1,52 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
-- initialize SSL library by registering algorithms
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_library_init(void);
- #define OpenSSL_add_ssl_algorithms() SSL_library_init()
- #define SSLeay_add_ssl_algorithms() SSL_library_init()
-
-=head1 DESCRIPTION
-
-SSL_library_init() registers the available ciphers and digests.
-
-OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms
-for SSL_library_init().
-
-=head1 NOTES
-
-SSL_library_init() must be called before any other action takes place.
-
-=head1 WARNING
-
-SSL_library_init() only registers ciphers. Another important initialization
-is the seeding of the PRNG (Pseudo Random Number Generator), which has to
-be performed separately.
-
-=head1 EXAMPLES
-
-A typical TLS/SSL application will start with the library initialization,
-will provide readable error messages and will seed the PRNG.
-
- SSL_load_error_strings(); /* readable error messages */
- SSL_library_init(); /* initialize library */
- actions_to_seed_PRNG();
-
-=head1 RETURN VALUES
-
-SSL_library_init() always returns "1", so it is safe to discard the return
-value.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>,
-L<RAND_add(3)|RAND_add(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_load_client_CA_file.pod b/crypto/openssl/doc/ssl/SSL_load_client_CA_file.pod
deleted file mode 100644
index 02527dc..0000000
--- a/crypto/openssl/doc/ssl/SSL_load_client_CA_file.pod
+++ /dev/null
@@ -1,62 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_load_client_CA_file - load certificate names from file
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
-
-=head1 DESCRIPTION
-
-SSL_load_client_CA_file() reads certificates from B<file> and returns
-a STACK_OF(X509_NAME) with the subject names found.
-
-=head1 NOTES
-
-SSL_load_client_CA_file() reads a file of PEM formatted certificates and
-extracts the X509_NAMES of the certificates found. While the name suggests
-the specific usage as support function for
-L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
-it is not limited to CA certificates.
-
-=head1 EXAMPLES
-
-Load names of CAs from file and use it as a client CA list:
-
- SSL_CTX *ctx;
- STACK_OF(X509_NAME) *cert_names;
-
- ...
- cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
- if (cert_names != NULL)
- SSL_CTX_set_client_CA_list(ctx, cert_names);
- else
- error_handling();
- ...
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item NULL
-
-The operation failed, check out the error stack for the reason.
-
-=item Pointer to STACK_OF(X509_NAME)
-
-Pointer to the subject names of the successfully read certificates.
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>,
-L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_new.pod b/crypto/openssl/doc/ssl/SSL_new.pod
deleted file mode 100644
index 25300e9..0000000
--- a/crypto/openssl/doc/ssl/SSL_new.pod
+++ /dev/null
@@ -1,44 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_new - create a new SSL structure for a connection
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- SSL *SSL_new(SSL_CTX *ctx);
-
-=head1 DESCRIPTION
-
-SSL_new() creates a new B<SSL> structure which is needed to hold the
-data for a TLS/SSL connection. The new structure inherits the settings
-of the underlying context B<ctx>: connection method (SSLv2/v3/TLSv1),
-options, verification settings, timeout settings.
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item NULL
-
-The creation of a new SSL structure failed. Check the error stack to
-find out the reason.
-
-=item Pointer to an SSL structure
-
-The return value points to an allocated SSL structure.
-
-=back
-
-=head1 SEE ALSO
-
-L<SSL_free(3)|SSL_free(3)>, L<SSL_clear(3)|SSL_clear(3)>,
-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
-L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
-L<ssl(3)|ssl(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_pending.pod b/crypto/openssl/doc/ssl/SSL_pending.pod
deleted file mode 100644
index 43f2874..0000000
--- a/crypto/openssl/doc/ssl/SSL_pending.pod
+++ /dev/null
@@ -1,43 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_pending - obtain number of readable bytes buffered in an SSL object
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_pending(const SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_pending() returns the number of bytes which are available inside
-B<ssl> for immediate read.
-
-=head1 NOTES
-
-Data are received in blocks from the peer. Therefore data can be buffered
-inside B<ssl> and are ready for immediate retrieval with
-L<SSL_read(3)|SSL_read(3)>.
-
-=head1 RETURN VALUES
-
-The number of bytes pending is returned.
-
-=head1 BUGS
-
-SSL_pending() takes into account only bytes from the TLS/SSL record
-that is currently being processed (if any). If the B<SSL> object's
-I<read_ahead> flag is set, additional protocol bytes may have been
-read containing more TLS/SSL records; these are ignored by
-SSL_pending().
-
-Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type
-of pending data is application data.
-
-=head1 SEE ALSO
-
-L<SSL_read(3)|SSL_read(3)>, L<ssl(3)|ssl(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_read.pod b/crypto/openssl/doc/ssl/SSL_read.pod
deleted file mode 100644
index f6c37f7..0000000
--- a/crypto/openssl/doc/ssl/SSL_read.pod
+++ /dev/null
@@ -1,118 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_read - read bytes from a TLS/SSL connection.
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_read(SSL *ssl, void *buf, int num);
-
-=head1 DESCRIPTION
-
-SSL_read() tries to read B<num> bytes from the specified B<ssl> into the
-buffer B<buf>.
-
-=head1 NOTES
-
-If necessary, SSL_read() will negotiate a TLS/SSL session, if
-not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or
-L<SSL_accept(3)|SSL_accept(3)>. If the
-peer requests a re-negotiation, it will be performed transparently during
-the SSL_read() operation. The behaviour of SSL_read() depends on the
-underlying BIO.
-
-For the transparent negotiation to succeed, the B<ssl> must have been
-initialized to client or server mode. This is being done by calling
-L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
-before the first call to an SSL_read() or L<SSL_write(3)|SSL_write(3)>
-function.
-
-SSL_read() works based on the SSL/TLS records. The data are received in
-records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
-record has been completely received, it can be processed (decryption and
-check of integrity). Therefore data that was not retrieved at the last
-call of SSL_read() can still be buffered inside the SSL layer and will be
-retrieved on the next call to SSL_read(). If B<num> is higher than the
-number of bytes buffered, SSL_read() will return with the bytes buffered.
-If no more bytes are in the buffer, SSL_read() will trigger the processing
-of the next record. Only when the record has been received and processed
-completely, SSL_read() will return reporting success. At most the contents
-of the record will be returned. As the size of an SSL/TLS record may exceed
-the maximum packet size of the underlying transport (e.g. TCP), it may
-be necessary to read several packets from the transport layer before the
-record is complete and SSL_read() can succeed.
-
-If the underlying BIO is B<blocking>, SSL_read() will only return, once the
-read operation has been finished or an error occurred, except when a
-renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
-This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the
-L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call.
-
-If the underlying BIO is B<non-blocking>, SSL_read() will also return
-when the underlying BIO could not satisfy the needs of SSL_read()
-to continue the operation. In this case a call to
-L<SSL_get_error(3)|SSL_get_error(3)> with the
-return value of SSL_read() will yield B<SSL_ERROR_WANT_READ> or
-B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a
-call to SSL_read() can also cause write operations! The calling process
-then must repeat the call after taking appropriate action to satisfy the
-needs of SSL_read(). The action depends on the underlying BIO. When using a
-non-blocking socket, nothing is to be done, but select() can be used to check
-for the required condition. When using a buffering BIO, like a BIO pair, data
-must be written into or retrieved out of the BIO before being able to continue.
-
-=head1 WARNING
-
-When an SSL_read() operation has to be repeated because of
-B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
-with the same arguments.
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item E<gt>0
-
-The read operation was successful; the return value is the number of
-bytes actually read from the TLS/SSL connection.
-
-=item 0
-
-The read operation was not successful. The reason may either be a clean
-shutdown due to a "close notify" alert sent by the peer (in which case
-the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set
-(see L<SSL_shutdown(3)|SSL_shutdown(3)>,
-L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>). It is also possible, that
-the peer simply shut down the underlying transport and the shutdown is
-incomplete. Call SSL_get_error() with the return value B<ret> to find out,
-whether an error occurred or the connection was shut down cleanly
-(SSL_ERROR_ZERO_RETURN).
-
-SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
-only be detected, whether the underlying connection was closed. It cannot
-be checked, whether the closure was initiated by the peer or by something
-else.
-
-=item E<lt>0
-
-The read operation was not successful, because either an error occurred
-or action must be taken by the calling process. Call SSL_get_error() with the
-return value B<ret> to find out the reason.
-
-=back
-
-=head1 SEE ALSO
-
-L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>,
-L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
-L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
-L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
-L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
-L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_rstate_string.pod b/crypto/openssl/doc/ssl/SSL_rstate_string.pod
deleted file mode 100644
index bdb8a1f..0000000
--- a/crypto/openssl/doc/ssl/SSL_rstate_string.pod
+++ /dev/null
@@ -1,59 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_rstate_string, SSL_rstate_string_long - get textual description of state of an SSL object during read operation
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- const char *SSL_rstate_string(SSL *ssl);
- const char *SSL_rstate_string_long(SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_rstate_string() returns a 2 letter string indicating the current read state
-of the SSL object B<ssl>.
-
-SSL_rstate_string_long() returns a string indicating the current read state of
-the SSL object B<ssl>.
-
-=head1 NOTES
-
-When performing a read operation, the SSL/TLS engine must parse the record,
-consisting of header and body. When working in a blocking environment,
-SSL_rstate_string[_long]() should always return "RD"/"read done".
-
-This function should only seldom be needed in applications.
-
-=head1 RETURN VALUES
-
-SSL_rstate_string() and SSL_rstate_string_long() can return the following
-values:
-
-=over 4
-
-=item "RH"/"read header"
-
-The header of the record is being evaluated.
-
-=item "RB"/"read body"
-
-The body of the record is being evaluated.
-
-=item "RD"/"read done"
-
-The record has been completely processed.
-
-=item "unknown"/"unknown"
-
-The read state is unknown. This should never happen.
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_session_reused.pod b/crypto/openssl/doc/ssl/SSL_session_reused.pod
deleted file mode 100644
index da7d062..0000000
--- a/crypto/openssl/doc/ssl/SSL_session_reused.pod
+++ /dev/null
@@ -1,45 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_session_reused - query whether a reused session was negotiated during handshake
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_session_reused(SSL *ssl);
-
-=head1 DESCRIPTION
-
-Query, whether a reused session was negotiated during the handshake.
-
-=head1 NOTES
-
-During the negotiation, a client can propose to reuse a session. The server
-then looks up the session in its cache. If both client and server agree
-on the session, it will be reused and a flag is being set that can be
-queried by the application.
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item 0
-
-A new session was negotiated.
-
-=item 1
-
-A session was reused.
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_set_bio.pod b/crypto/openssl/doc/ssl/SSL_set_bio.pod
deleted file mode 100644
index 67c9756..0000000
--- a/crypto/openssl/doc/ssl/SSL_set_bio.pod
+++ /dev/null
@@ -1,34 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_set_bio - connect the SSL object with a BIO
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
-
-=head1 DESCRIPTION
-
-SSL_set_bio() connects the BIOs B<rbio> and B<wbio> for the read and write
-operations of the TLS/SSL (encrypted) side of B<ssl>.
-
-The SSL engine inherits the behaviour of B<rbio> and B<wbio>, respectively.
-If a BIO is non-blocking, the B<ssl> will also have non-blocking behaviour.
-
-If there was already a BIO connected to B<ssl>, BIO_free() will be called
-(for both the reading and writing side, if different).
-
-=head1 RETURN VALUES
-
-SSL_set_bio() cannot fail.
-
-=head1 SEE ALSO
-
-L<SSL_get_rbio(3)|SSL_get_rbio(3)>,
-L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
-L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_set_connect_state.pod b/crypto/openssl/doc/ssl/SSL_set_connect_state.pod
deleted file mode 100644
index d88a057..0000000
--- a/crypto/openssl/doc/ssl/SSL_set_connect_state.pod
+++ /dev/null
@@ -1,55 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_set_connect_state, SSL_get_accept_state - prepare SSL object to work in client or server mode
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_set_connect_state(SSL *ssl);
-
- void SSL_set_accept_state(SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_set_connect_state() sets B<ssl> to work in client mode.
-
-SSL_set_accept_state() sets B<ssl> to work in server mode.
-
-=head1 NOTES
-
-When the SSL_CTX object was created with L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
-it was either assigned a dedicated client method, a dedicated server
-method, or a generic method, that can be used for both client and
-server connections. (The method might have been changed with
-L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or
-SSL_set_ssl_method().)
-
-When beginning a new handshake, the SSL engine must know whether it must
-call the connect (client) or accept (server) routines. Even though it may
-be clear from the method chosen, whether client or server mode was
-requested, the handshake routines must be explicitly set.
-
-When using the L<SSL_connect(3)|SSL_connect(3)> or
-L<SSL_accept(3)|SSL_accept(3)> routines, the correct handshake
-routines are automatically set. When performing a transparent negotiation
-using L<SSL_write(3)|SSL_write(3)> or L<SSL_read(3)|SSL_read(3)>, the
-handshake routines must be explicitly set in advance using either
-SSL_set_connect_state() or SSL_set_accept_state().
-
-=head1 RETURN VALUES
-
-SSL_set_connect_state() and SSL_set_accept_state() do not return diagnostic
-information.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
-L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
-L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>,
-L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
-L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_set_fd.pod b/crypto/openssl/doc/ssl/SSL_set_fd.pod
deleted file mode 100644
index 7029112..0000000
--- a/crypto/openssl/doc/ssl/SSL_set_fd.pod
+++ /dev/null
@@ -1,54 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_set_fd - connect the SSL object with a file descriptor
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_set_fd(SSL *ssl, int fd);
- int SSL_set_rfd(SSL *ssl, int fd);
- int SSL_set_wfd(SSL *ssl, int fd);
-
-=head1 DESCRIPTION
-
-SSL_set_fd() sets the file descriptor B<fd> as the input/output facility
-for the TLS/SSL (encrypted) side of B<ssl>. B<fd> will typically be the
-socket file descriptor of a network connection.
-
-When performing the operation, a B<socket BIO> is automatically created to
-interface between the B<ssl> and B<fd>. The BIO and hence the SSL engine
-inherit the behaviour of B<fd>. If B<fd> is non-blocking, the B<ssl> will
-also have non-blocking behaviour.
-
-If there was already a BIO connected to B<ssl>, BIO_free() will be called
-(for both the reading and writing side, if different).
-
-SSL_set_rfd() and SSL_set_wfd() perform the respective action, but only
-for the read channel or the write channel, which can be set independently.
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item 0
-
-The operation failed. Check the error stack to find out why.
-
-=item 1
-
-The operation succeeded.
-
-=back
-
-=head1 SEE ALSO
-
-L<SSL_get_fd(3)|SSL_get_fd(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>,
-L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
-L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_set_session.pod b/crypto/openssl/doc/ssl/SSL_set_session.pod
deleted file mode 100644
index 5f54714..0000000
--- a/crypto/openssl/doc/ssl/SSL_set_session.pod
+++ /dev/null
@@ -1,57 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_set_session - set a TLS/SSL session to be used during TLS/SSL connect
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_set_session(SSL *ssl, SSL_SESSION *session);
-
-=head1 DESCRIPTION
-
-SSL_set_session() sets B<session> to be used when the TLS/SSL connection
-is to be established. SSL_set_session() is only useful for TLS/SSL clients.
-When the session is set, the reference count of B<session> is incremented
-by 1. If the session is not reused, the reference count is decremented
-again during SSL_connect(). Whether the session was reused can be queried
-with the L<SSL_session_reused(3)|SSL_session_reused(3)> call.
-
-If there is already a session set inside B<ssl> (because it was set with
-SSL_set_session() before or because the same B<ssl> was already used for
-a connection), SSL_SESSION_free() will be called for that session.
-
-=head1 NOTES
-
-SSL_SESSION objects keep internal link information about the session cache
-list, when being inserted into one SSL_CTX object's session cache.
-One SSL_SESSION object, regardless of its reference count, must therefore
-only be used with one SSL_CTX object (and the SSL objects created
-from this SSL_CTX object).
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item 0
-
-The operation failed; check the error stack to find out the reason.
-
-=item 1
-
-The operation succeeded.
-
-=back
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
-L<SSL_get_session(3)|SSL_get_session(3)>,
-L<SSL_session_reused(3)|SSL_session_reused(3)>,
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_set_shutdown.pod b/crypto/openssl/doc/ssl/SSL_set_shutdown.pod
deleted file mode 100644
index 011a022..0000000
--- a/crypto/openssl/doc/ssl/SSL_set_shutdown.pod
+++ /dev/null
@@ -1,72 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_set_shutdown, SSL_get_shutdown - manipulate shutdown state of an SSL connection
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_set_shutdown(SSL *ssl, int mode);
-
- int SSL_get_shutdown(const SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_set_shutdown() sets the shutdown state of B<ssl> to B<mode>.
-
-SSL_get_shutdown() returns the shutdown mode of B<ssl>.
-
-=head1 NOTES
-
-The shutdown state of an ssl connection is a bitmask of:
-
-=over 4
-
-=item 0
-
-No shutdown setting, yet.
-
-=item SSL_SENT_SHUTDOWN
-
-A "close notify" shutdown alert was sent to the peer, the connection is being
-considered closed and the session is closed and correct.
-
-=item SSL_RECEIVED_SHUTDOWN
-
-A shutdown alert was received form the peer, either a normal "close notify"
-or a fatal error.
-
-=back
-
-SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN can be set at the same time.
-
-The shutdown state of the connection is used to determine the state of
-the ssl session. If the session is still open, when
-L<SSL_clear(3)|SSL_clear(3)> or L<SSL_free(3)|SSL_free(3)> is called,
-it is considered bad and removed according to RFC2246.
-The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN
-(according to the TLS RFC, it is acceptable to only send the "close notify"
-alert but to not wait for the peer's answer, when the underlying connection
-is closed).
-SSL_set_shutdown() can be used to set this state without sending a
-close alert to the peer (see L<SSL_shutdown(3)|SSL_shutdown(3)>).
-
-If a "close notify" was received, SSL_RECEIVED_SHUTDOWN will be set,
-for setting SSL_SENT_SHUTDOWN the application must however still call
-L<SSL_shutdown(3)|SSL_shutdown(3)> or SSL_set_shutdown() itself.
-
-=head1 RETURN VALUES
-
-SSL_set_shutdown() does not return diagnostic information.
-
-SSL_get_shutdown() returns the current setting.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>,
-L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
-L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_set_verify_result.pod b/crypto/openssl/doc/ssl/SSL_set_verify_result.pod
deleted file mode 100644
index 04ab101..0000000
--- a/crypto/openssl/doc/ssl/SSL_set_verify_result.pod
+++ /dev/null
@@ -1,38 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_set_verify_result - override result of peer certificate verification
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- void SSL_set_verify_result(SSL *ssl, long verify_result);
-
-=head1 DESCRIPTION
-
-SSL_set_verify_result() sets B<verify_result> of the object B<ssl> to be the
-result of the verification of the X509 certificate presented by the peer,
-if any.
-
-=head1 NOTES
-
-SSL_set_verify_result() overrides the verification result. It only changes
-the verification result of the B<ssl> object. It does not become part of the
-established session, so if the session is to be reused later, the original
-value will reappear.
-
-The valid codes for B<verify_result> are documented in L<verify(1)|verify(1)>.
-
-=head1 RETURN VALUES
-
-SSL_set_verify_result() does not provide a return value.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
-L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>,
-L<verify(1)|verify(1)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_shutdown.pod b/crypto/openssl/doc/ssl/SSL_shutdown.pod
deleted file mode 100644
index 89911ac..0000000
--- a/crypto/openssl/doc/ssl/SSL_shutdown.pod
+++ /dev/null
@@ -1,125 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_shutdown - shut down a TLS/SSL connection
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_shutdown(SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_shutdown() shuts down an active TLS/SSL connection. It sends the
-"close notify" shutdown alert to the peer.
-
-=head1 NOTES
-
-SSL_shutdown() tries to send the "close notify" shutdown alert to the peer.
-Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
-a currently open session is considered closed and good and will be kept in the
-session cache for further reuse.
-
-The shutdown procedure consists of 2 steps: the sending of the "close notify"
-shutdown alert and the reception of the peer's "close notify" shutdown
-alert. According to the TLS standard, it is acceptable for an application
-to only send its shutdown alert and then close the underlying connection
-without waiting for the peer's response (this way resources can be saved,
-as the process can already terminate or serve another connection).
-When the underlying connection shall be used for more communications, the
-complete shutdown procedure (bidirectional "close notify" alerts) must be
-performed, so that the peers stay synchronized.
-
-SSL_shutdown() supports both uni- and bidirectional shutdown by its 2 step
-behaviour.
-
-=over 4
-
-=item When the application is the first party to send the "close notify"
-alert, SSL_shutdown() will only send the alert and then set the
-SSL_SENT_SHUTDOWN flag (so that the session is considered good and will
-be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional
-shutdown is enough (the underlying connection shall be closed anyway), this
-first call to SSL_shutdown() is sufficient. In order to complete the
-bidirectional shutdown handshake, SSL_shutdown() must be called again.
-The second call will make SSL_shutdown() wait for the peer's "close notify"
-shutdown alert. On success, the second call to SSL_shutdown() will return
-with 1.
-
-=item If the peer already sent the "close notify" alert B<and> it was
-already processed implicitly inside another function
-(L<SSL_read(3)|SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set.
-SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN
-flag and will immediately return with 1.
-Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the
-SSL_get_shutdown() (see also L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> call.
-
-=back
-
-It is therefore recommended, to check the return value of SSL_shutdown()
-and call SSL_shutdown() again, if the bidirectional shutdown is not yet
-complete (return value of the first call is 0). As the shutdown is not
-specially handled in the SSLv2 protocol, SSL_shutdown() will succeed on
-the first call.
-
-The behaviour of SSL_shutdown() additionally depends on the underlying BIO.
-
-If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
-handshake step has been finished or an error occurred.
-
-If the underlying BIO is B<non-blocking>, SSL_shutdown() will also return
-when the underlying BIO could not satisfy the needs of SSL_shutdown()
-to continue the handshake. In this case a call to SSL_get_error() with the
-return value of SSL_shutdown() will yield B<SSL_ERROR_WANT_READ> or
-B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
-taking appropriate action to satisfy the needs of SSL_shutdown().
-The action depends on the underlying BIO. When using a non-blocking socket,
-nothing is to be done, but select() can be used to check for the required
-condition. When using a buffering BIO, like a BIO pair, data must be written
-into or retrieved out of the BIO before being able to continue.
-
-SSL_shutdown() can be modified to only set the connection to "shutdown"
-state but not actually send the "close notify" alert messages,
-see L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>.
-When "quiet shutdown" is enabled, SSL_shutdown() will always succeed
-and return 1.
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item 1
-
-The shutdown was successfully completed. The "close notify" alert was sent
-and the peer's "close notify" alert was received.
-
-=item 0
-
-The shutdown is not yet finished. Call SSL_shutdown() for a second time,
-if a bidirectional shutdown shall be performed.
-The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
-erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
-
-=item -1
-
-The shutdown was not successful because a fatal error occurred either
-at the protocol level or a connection failure occurred. It can also occur if
-action is need to continue the operation for non-blocking BIOs.
-Call L<SSL_get_error(3)|SSL_get_error(3)> with the return value B<ret>
-to find out the reason.
-
-=back
-
-=head1 SEE ALSO
-
-L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
-L<SSL_accept(3)|SSL_accept(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
-L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
-L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>,
-L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_state_string.pod b/crypto/openssl/doc/ssl/SSL_state_string.pod
deleted file mode 100644
index fe25d47..0000000
--- a/crypto/openssl/doc/ssl/SSL_state_string.pod
+++ /dev/null
@@ -1,45 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_state_string, SSL_state_string_long - get textual description of state of an SSL object
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- const char *SSL_state_string(const SSL *ssl);
- const char *SSL_state_string_long(const SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_state_string() returns a 6 letter string indicating the current state
-of the SSL object B<ssl>.
-
-SSL_state_string_long() returns a string indicating the current state of
-the SSL object B<ssl>.
-
-=head1 NOTES
-
-During its use, an SSL objects passes several states. The state is internally
-maintained. Querying the state information is not very informative before
-or when a connection has been established. It however can be of significant
-interest during the handshake.
-
-When using non-blocking sockets, the function call performing the handshake
-may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition,
-so that SSL_state_string[_long]() may be called.
-
-For both blocking or non-blocking sockets, the details state information
-can be used within the info_callback function set with the
-SSL_set_info_callback() call.
-
-=head1 RETURN VALUES
-
-Detailed description of possible states to be included later.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_want.pod b/crypto/openssl/doc/ssl/SSL_want.pod
deleted file mode 100644
index c0059c0..0000000
--- a/crypto/openssl/doc/ssl/SSL_want.pod
+++ /dev/null
@@ -1,77 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup - obtain state information TLS/SSL I/O operation
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_want(const SSL *ssl);
- int SSL_want_nothing(const SSL *ssl);
- int SSL_want_read(const SSL *ssl);
- int SSL_want_write(const SSL *ssl);
- int SSL_want_x509_lookup(const SSL *ssl);
-
-=head1 DESCRIPTION
-
-SSL_want() returns state information for the SSL object B<ssl>.
-
-The other SSL_want_*() calls are shortcuts for the possible states returned
-by SSL_want().
-
-=head1 NOTES
-
-SSL_want() examines the internal state information of the SSL object. Its
-return values are similar to that of L<SSL_get_error(3)|SSL_get_error(3)>.
-Unlike L<SSL_get_error(3)|SSL_get_error(3)>, which also evaluates the
-error queue, the results are obtained by examining an internal state flag
-only. The information must therefore only be used for normal operation under
-non-blocking I/O. Error conditions are not handled and must be treated
-using L<SSL_get_error(3)|SSL_get_error(3)>.
-
-The result returned by SSL_want() should always be consistent with
-the result of L<SSL_get_error(3)|SSL_get_error(3)>.
-
-=head1 RETURN VALUES
-
-The following return values can currently occur for SSL_want():
-
-=over 4
-
-=item SSL_NOTHING
-
-There is no data to be written or to be read.
-
-=item SSL_WRITING
-
-There are data in the SSL buffer that must be written to the underlying
-B<BIO> layer in order to complete the actual SSL_*() operation.
-A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
-SSL_ERROR_WANT_WRITE.
-
-=item SSL_READING
-
-More data must be read from the underlying B<BIO> layer in order to
-complete the actual SSL_*() operation.
-A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
-SSL_ERROR_WANT_READ.
-
-=item SSL_X509_LOOKUP
-
-The operation did not complete because an application callback set by
-SSL_CTX_set_client_cert_cb() has asked to be called again.
-A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
-SSL_ERROR_WANT_X509_LOOKUP.
-
-=back
-
-SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup()
-return 1, when the corresponding condition is true or 0 otherwise.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<err(3)|err(3)>, L<SSL_get_error(3)|SSL_get_error(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/SSL_write.pod b/crypto/openssl/doc/ssl/SSL_write.pod
deleted file mode 100644
index e013c12..0000000
--- a/crypto/openssl/doc/ssl/SSL_write.pod
+++ /dev/null
@@ -1,109 +0,0 @@
-=pod
-
-=head1 NAME
-
-SSL_write - write bytes to a TLS/SSL connection.
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- int SSL_write(SSL *ssl, const void *buf, int num);
-
-=head1 DESCRIPTION
-
-SSL_write() writes B<num> bytes from the buffer B<buf> into the specified
-B<ssl> connection.
-
-=head1 NOTES
-
-If necessary, SSL_write() will negotiate a TLS/SSL session, if
-not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or
-L<SSL_accept(3)|SSL_accept(3)>. If the
-peer requests a re-negotiation, it will be performed transparently during
-the SSL_write() operation. The behaviour of SSL_write() depends on the
-underlying BIO.
-
-For the transparent negotiation to succeed, the B<ssl> must have been
-initialized to client or server mode. This is being done by calling
-L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
-before the first call to an L<SSL_read(3)|SSL_read(3)> or SSL_write() function.
-
-If the underlying BIO is B<blocking>, SSL_write() will only return, once the
-write operation has been finished or an error occurred, except when a
-renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur.
-This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the
-L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call.
-
-If the underlying BIO is B<non-blocking>, SSL_write() will also return,
-when the underlying BIO could not satisfy the needs of SSL_write()
-to continue the operation. In this case a call to
-L<SSL_get_error(3)|SSL_get_error(3)> with the
-return value of SSL_write() will yield B<SSL_ERROR_WANT_READ> or
-B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a
-call to SSL_write() can also cause read operations! The calling process
-then must repeat the call after taking appropriate action to satisfy the
-needs of SSL_write(). The action depends on the underlying BIO. When using a
-non-blocking socket, nothing is to be done, but select() can be used to check
-for the required condition. When using a buffering BIO, like a BIO pair, data
-must be written into or retrieved out of the BIO before being able to continue.
-
-SSL_write() will only return with success, when the complete contents
-of B<buf> of length B<num> has been written. This default behaviour
-can be changed with the SSL_MODE_ENABLE_PARTIAL_WRITE option of
-L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>. When this flag is set,
-SSL_write() will also return with success, when a partial write has been
-successfully completed. In this case the SSL_write() operation is considered
-completed. The bytes are sent and a new SSL_write() operation with a new
-buffer (with the already sent bytes removed) must be started.
-A partial write is performed with the size of a message block, which is
-16kB for SSLv3/TLSv1.
-
-=head1 WARNING
-
-When an SSL_write() operation has to be repeated because of
-B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
-with the same arguments.
-
-When calling SSL_write() with num=0 bytes to be sent the behaviour is
-undefined.
-
-=head1 RETURN VALUES
-
-The following return values can occur:
-
-=over 4
-
-=item E<gt>0
-
-The write operation was successful, the return value is the number of
-bytes actually written to the TLS/SSL connection.
-
-=item 0
-
-The write operation was not successful. Probably the underlying connection
-was closed. Call SSL_get_error() with the return value B<ret> to find out,
-whether an error occurred or the connection was shut down cleanly
-(SSL_ERROR_ZERO_RETURN).
-
-SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
-only be detected, whether the underlying connection was closed. It cannot
-be checked, why the closure happened.
-
-=item E<lt>0
-
-The write operation was not successful, because either an error occurred
-or action must be taken by the calling process. Call SSL_get_error() with the
-return value B<ret> to find out the reason.
-
-=back
-
-=head1 SEE ALSO
-
-L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_read(3)|SSL_read(3)>,
-L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
-L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
-L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
-L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod b/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod
deleted file mode 100644
index 81d2764..0000000
--- a/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod
+++ /dev/null
@@ -1,66 +0,0 @@
-=pod
-
-=head1 NAME
-
-d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 representation
-
-=head1 SYNOPSIS
-
- #include <openssl/ssl.h>
-
- SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length);
- int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
-
-=head1 DESCRIPTION
-
-d2i_SSL_SESSION() transforms the external ASN1 representation of an SSL/TLS
-session, stored as binary data at location B<pp> with length B<length>, into
-an SSL_SESSION object.
-
-i2d_SSL_SESSION() transforms the SSL_SESSION object B<in> into the ASN1
-representation and stores it into the memory location pointed to by B<pp>.
-The length of the resulting ASN1 representation is returned. If B<pp> is
-the NULL pointer, only the length is calculated and returned.
-
-=head1 NOTES
-
-The SSL_SESSION object is built from several malloc()ed parts, it can
-therefore not be moved, copied or stored directly. In order to store
-session data on disk or into a database, it must be transformed into
-a binary ASN1 representation.
-
-When using d2i_SSL_SESSION(), the SSL_SESSION object is automatically
-allocated. The reference count is 1, so that the session must be
-explicitly removed using L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
-unless the SSL_SESSION object is completely taken over, when being called
-inside the get_session_cb() (see
-L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>).
-
-SSL_SESSION objects keep internal link information about the session cache
-list, when being inserted into one SSL_CTX object's session cache.
-One SSL_SESSION object, regardless of its reference count, must therefore
-only be used with one SSL_CTX object (and the SSL objects created
-from this SSL_CTX object).
-
-When using i2d_SSL_SESSION(), the memory location pointed to by B<pp> must be
-large enough to hold the binary representation of the session. There is no
-known limit on the size of the created ASN1 representation, so the necessary
-amount of space should be obtained by first calling i2d_SSL_SESSION() with
-B<pp=NULL>, and obtain the size needed, then allocate the memory and
-call i2d_SSL_SESSION() again.
-
-=head1 RETURN VALUES
-
-d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION
-object. In case of failure the NULL-pointer is returned and the error message
-can be retrieved from the error stack.
-
-i2d_SSL_SESSION() returns the size of the ASN1 representation in bytes.
-When the session is not valid, B<0> is returned and no operation is performed.
-
-=head1 SEE ALSO
-
-L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
-L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
-
-=cut
diff --git a/crypto/openssl/doc/ssl/ssl.pod b/crypto/openssl/doc/ssl/ssl.pod
deleted file mode 100644
index 266697d..0000000
--- a/crypto/openssl/doc/ssl/ssl.pod
+++ /dev/null
@@ -1,736 +0,0 @@
-
-=pod
-
-=head1 NAME
-
-SSL - OpenSSL SSL/TLS library
-
-=head1 SYNOPSIS
-
-=head1 DESCRIPTION
-
-The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
-Transport Layer Security (TLS v1) protocols. It provides a rich API which is
-documented here.
-
-At first the library must be initialized; see
-L<SSL_library_init(3)|SSL_library_init(3)>.
-
-Then an B<SSL_CTX> object is created as a framework to establish
-TLS/SSL enabled connections (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>).
-Various options regarding certificates, algorithms etc. can be set
-in this object.
-
-When a network connection has been created, it can be assigned to an
-B<SSL> object. After the B<SSL> object has been created using
-L<SSL_new(3)|SSL_new(3)>, L<SSL_set_fd(3)|SSL_set_fd(3)> or
-L<SSL_set_bio(3)|SSL_set_bio(3)> can be used to associate the network
-connection with the object.
-
-Then the TLS/SSL handshake is performed using
-L<SSL_accept(3)|SSL_accept(3)> or L<SSL_connect(3)|SSL_connect(3)>
-respectively.
-L<SSL_read(3)|SSL_read(3)> and L<SSL_write(3)|SSL_write(3)> are used
-to read and write data on the TLS/SSL connection.
-L<SSL_shutdown(3)|SSL_shutdown(3)> can be used to shut down the
-TLS/SSL connection.
-
-=head1 DATA STRUCTURES
-
-Currently the OpenSSL B<ssl> library functions deals with the following data
-structures:
-
-=over 4
-
-=item B<SSL_METHOD> (SSL Method)
-
-That's a dispatch structure describing the internal B<ssl> library
-methods/functions which implement the various protocol versions (SSLv1, SSLv2
-and TLSv1). It's needed to create an B<SSL_CTX>.
-
-=item B<SSL_CIPHER> (SSL Cipher)
-
-This structure holds the algorithm information for a particular cipher which
-are a core part of the SSL/TLS protocol. The available ciphers are configured
-on a B<SSL_CTX> basis and the actually used ones are then part of the
-B<SSL_SESSION>.
-
-=item B<SSL_CTX> (SSL Context)
-
-That's the global context structure which is created by a server or client
-once per program life-time and which holds mainly default values for the
-B<SSL> structures which are later created for the connections.
-
-=item B<SSL_SESSION> (SSL Session)
-
-This is a structure containing the current TLS/SSL session details for a
-connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
-
-=item B<SSL> (SSL Connection)
-
-That's the main SSL/TLS structure which is created by a server or client per
-established connection. This actually is the core structure in the SSL API.
-Under run-time the application usually deals with this structure which has
-links to mostly all other structures.
-
-=back
-
-
-=head1 HEADER FILES
-
-Currently the OpenSSL B<ssl> library provides the following C header files
-containing the prototypes for the data structures and and functions:
-
-=over 4
-
-=item B<ssl.h>
-
-That's the common header file for the SSL/TLS API. Include it into your
-program to make the API of the B<ssl> library available. It internally
-includes both more private SSL headers and headers from the B<crypto> library.
-Whenever you need hard-core details on the internals of the SSL API, look
-inside this header file.
-
-=item B<ssl2.h>
-
-That's the sub header file dealing with the SSLv2 protocol only.
-I<Usually you don't have to include it explicitly because
-it's already included by ssl.h>.
-
-=item B<ssl3.h>
-
-That's the sub header file dealing with the SSLv3 protocol only.
-I<Usually you don't have to include it explicitly because
-it's already included by ssl.h>.
-
-=item B<ssl23.h>
-
-That's the sub header file dealing with the combined use of the SSLv2 and
-SSLv3 protocols.
-I<Usually you don't have to include it explicitly because
-it's already included by ssl.h>.
-
-=item B<tls1.h>
-
-That's the sub header file dealing with the TLSv1 protocol only.
-I<Usually you don't have to include it explicitly because
-it's already included by ssl.h>.
-
-=back
-
-=head1 API FUNCTIONS
-
-Currently the OpenSSL B<ssl> library exports 214 API functions.
-They are documented in the following:
-
-=head2 DEALING WITH PROTOCOL METHODS
-
-Here we document the various API functions which deal with the SSL/TLS
-protocol methods defined in B<SSL_METHOD> structures.
-
-=over 4
-
-=item SSL_METHOD *B<SSLv2_client_method>(void);
-
-Constructor for the SSLv2 SSL_METHOD structure for a dedicated client.
-
-=item SSL_METHOD *B<SSLv2_server_method>(void);
-
-Constructor for the SSLv2 SSL_METHOD structure for a dedicated server.
-
-=item SSL_METHOD *B<SSLv2_method>(void);
-
-Constructor for the SSLv2 SSL_METHOD structure for combined client and server.
-
-=item SSL_METHOD *B<SSLv3_client_method>(void);
-
-Constructor for the SSLv3 SSL_METHOD structure for a dedicated client.
-
-=item SSL_METHOD *B<SSLv3_server_method>(void);
-
-Constructor for the SSLv3 SSL_METHOD structure for a dedicated server.
-
-=item SSL_METHOD *B<SSLv3_method>(void);
-
-Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
-
-=item SSL_METHOD *B<TLSv1_client_method>(void);
-
-Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
-
-=item SSL_METHOD *B<TLSv1_server_method>(void);
-
-Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
-
-=item SSL_METHOD *B<TLSv1_method>(void);
-
-Constructor for the TLSv1 SSL_METHOD structure for combined client and server.
-
-=back
-
-=head2 DEALING WITH CIPHERS
-
-Here we document the various API functions which deal with the SSL/TLS
-ciphers defined in B<SSL_CIPHER> structures.
-
-=over 4
-
-=item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len);
-
-Write a string to I<buf> (with a maximum size of I<len>) containing a human
-readable description of I<cipher>. Returns I<buf>.
-
-=item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits);
-
-Determine the number of bits in I<cipher>. Because of export crippled ciphers
-there are two bits: The bits the algorithm supports in general (stored to
-I<alg_bits>) and the bits which are actually used (the return value).
-
-=item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher);
-
-Return the internal name of I<cipher> as a string. These are the various
-strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx>
-definitions in the header files.
-
-=item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher);
-
-Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the
-SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined
-in the specification the first time).
-
-=back
-
-=head2 DEALING WITH PROTOCOL CONTEXTS
-
-Here we document the various API functions which deal with the SSL/TLS
-protocol context defined in the B<SSL_CTX> structure.
-
-=over 4
-
-=item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x);
-
-=item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509);
-
-=item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c);
-
-=item int B<SSL_CTX_check_private_key>(const SSL_CTX *ctx);
-
-=item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg);
-
-=item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t);
-
-=item void B<SSL_CTX_free>(SSL_CTX *a);
-
-=item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx);
-
-=item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx);
-
-=item STACK *B<SSL_CTX_get_client_CA_list>(const SSL_CTX *ctx);
-
-=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-
-=item char *B<SSL_CTX_get_ex_data>(const SSL_CTX *s, int idx);
-
-=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
-
-=item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
-
-=item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx);
-
-=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
-
-=item long B<SSL_CTX_get_timeout>(const SSL_CTX *ctx);
-
-=item int (*B<SSL_CTX_get_verify_callback>(const SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
-
-=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath);
-
-=item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx);
-
-=item SSL_CTX *B<SSL_CTX_new>(SSL_METHOD *meth);
-
-=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
-
-=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx);
-
-=item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
-
-=item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
-
-=item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
-
-=item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_sess_number>(SSL_CTX *ctx);
-
-=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t);
-
-=item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
-
-=item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
-
-=item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
-
-=item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx);
-
-=item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx);
-
-=item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
-
-=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
-
-=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg)
-
-=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
-
-=item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list);
-
-=item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
-
-=item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void))
-
-=item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m);
-
-=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx);
-
-=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg);
-
-=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
-
-=item void B<SSL_CTX_set_msg_callback>(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-
-=item void B<SSL_CTX_set_msg_callback_arg>(SSL_CTX *ctx, void *arg);
-
-=item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op);
-
-=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
-
-=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
-
-=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, SSL_METHOD *meth);
-
-=item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t);
-
-=item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh);
-
-=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
-
-=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa);
-
-=item SSL_CTX_set_tmp_rsa_callback
-
-C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));>
-
-Sets the callback which will be called when a temporary private key is
-required. The B<C<export>> flag will be set if the reason for needing
-a temp key is that an export ciphersuite is in use, in which case,
-B<C<keylength>> will contain the required keylength in bits. Generate a key of
-appropriate size (using ???) and return it.
-
-=item SSL_set_tmp_rsa_callback
-
-long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
-
-The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL
-session instead of a context.
-
-=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
-
-=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
-
-=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len);
-
-=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type);
-
-=item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa);
-
-=item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len);
-
-=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type);
-
-=item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x);
-
-=item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d);
-
-=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type);
-
-=back
-
-=head2 DEALING WITH SESSIONS
-
-Here we document the various API functions which deal with the SSL/TLS
-sessions defined in the B<SSL_SESSION> structures.
-
-=over 4
-
-=item int B<SSL_SESSION_cmp>(const SSL_SESSION *a, const SSL_SESSION *b);
-
-=item void B<SSL_SESSION_free>(SSL_SESSION *ss);
-
-=item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s);
-
-=item char *B<SSL_SESSION_get_ex_data>(const SSL_SESSION *s, int idx);
-
-=item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
-
-=item long B<SSL_SESSION_get_time>(const SSL_SESSION *s);
-
-=item long B<SSL_SESSION_get_timeout>(const SSL_SESSION *s);
-
-=item unsigned long B<SSL_SESSION_hash>(const SSL_SESSION *a);
-
-=item SSL_SESSION *B<SSL_SESSION_new>(void);
-
-=item int B<SSL_SESSION_print>(BIO *bp, const SSL_SESSION *x);
-
-=item int B<SSL_SESSION_print_fp>(FILE *fp, const SSL_SESSION *x);
-
-=item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
-
-=item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg);
-
-=item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t);
-
-=item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t);
-
-=back
-
-=head2 DEALING WITH CONNECTIONS
-
-Here we document the various API functions which deal with the SSL/TLS
-connection defined in the B<SSL> structure.
-
-=over 4
-
-=item int B<SSL_accept>(SSL *ssl);
-
-=item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir);
-
-=item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file);
-
-=item int B<SSL_add_client_CA>(SSL *ssl, X509 *x);
-
-=item char *B<SSL_alert_desc_string>(int value);
-
-=item char *B<SSL_alert_desc_string_long>(int value);
-
-=item char *B<SSL_alert_type_string>(int value);
-
-=item char *B<SSL_alert_type_string_long>(int value);
-
-=item int B<SSL_check_private_key>(const SSL *ssl);
-
-=item void B<SSL_clear>(SSL *ssl);
-
-=item long B<SSL_clear_num_renegotiations>(SSL *ssl);
-
-=item int B<SSL_connect>(SSL *ssl);
-
-=item void B<SSL_copy_session_id>(SSL *t, const SSL *f);
-
-=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg);
-
-=item int B<SSL_do_handshake>(SSL *ssl);
-
-=item SSL *B<SSL_dup>(SSL *ssl);
-
-=item STACK *B<SSL_dup_CA_list>(STACK *sk);
-
-=item void B<SSL_free>(SSL *ssl);
-
-=item SSL_CTX *B<SSL_get_SSL_CTX>(const SSL *ssl);
-
-=item char *B<SSL_get_app_data>(SSL *ssl);
-
-=item X509 *B<SSL_get_certificate>(const SSL *ssl);
-
-=item const char *B<SSL_get_cipher>(const SSL *ssl);
-
-=item int B<SSL_get_cipher_bits>(const SSL *ssl, int *alg_bits);
-
-=item char *B<SSL_get_cipher_list>(const SSL *ssl, int n);
-
-=item char *B<SSL_get_cipher_name>(const SSL *ssl);
-
-=item char *B<SSL_get_cipher_version>(const SSL *ssl);
-
-=item STACK *B<SSL_get_ciphers>(const SSL *ssl);
-
-=item STACK *B<SSL_get_client_CA_list>(const SSL *ssl);
-
-=item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl);
-
-=item long B<SSL_get_default_timeout>(const SSL *ssl);
-
-=item int B<SSL_get_error>(const SSL *ssl, int i);
-
-=item char *B<SSL_get_ex_data>(const SSL *ssl, int idx);
-
-=item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void);
-
-=item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
-
-=item int B<SSL_get_fd>(const SSL *ssl);
-
-=item void (*B<SSL_get_info_callback>(const SSL *ssl);)()
-
-=item STACK *B<SSL_get_peer_cert_chain>(const SSL *ssl);
-
-=item X509 *B<SSL_get_peer_certificate>(const SSL *ssl);
-
-=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl);
-
-=item int B<SSL_get_quiet_shutdown>(const SSL *ssl);
-
-=item BIO *B<SSL_get_rbio>(const SSL *ssl);
-
-=item int B<SSL_get_read_ahead>(const SSL *ssl);
-
-=item SSL_SESSION *B<SSL_get_session>(const SSL *ssl);
-
-=item char *B<SSL_get_shared_ciphers>(const SSL *ssl, char *buf, int len);
-
-=item int B<SSL_get_shutdown>(const SSL *ssl);
-
-=item SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl);
-
-=item int B<SSL_get_state>(const SSL *ssl);
-
-=item long B<SSL_get_time>(const SSL *ssl);
-
-=item long B<SSL_get_timeout>(const SSL *ssl);
-
-=item int (*B<SSL_get_verify_callback>(const SSL *ssl))(int,X509_STORE_CTX *)
-
-=item int B<SSL_get_verify_mode>(const SSL *ssl);
-
-=item long B<SSL_get_verify_result>(const SSL *ssl);
-
-=item char *B<SSL_get_version>(const SSL *ssl);
-
-=item BIO *B<SSL_get_wbio>(const SSL *ssl);
-
-=item int B<SSL_in_accept_init>(SSL *ssl);
-
-=item int B<SSL_in_before>(SSL *ssl);
-
-=item int B<SSL_in_connect_init>(SSL *ssl);
-
-=item int B<SSL_in_init>(SSL *ssl);
-
-=item int B<SSL_is_init_finished>(SSL *ssl);
-
-=item STACK *B<SSL_load_client_CA_file>(char *file);
-
-=item void B<SSL_load_error_strings>(void);
-
-=item SSL *B<SSL_new>(SSL_CTX *ctx);
-
-=item long B<SSL_num_renegotiations>(SSL *ssl);
-
-=item int B<SSL_peek>(SSL *ssl, void *buf, int num);
-
-=item int B<SSL_pending>(const SSL *ssl);
-
-=item int B<SSL_read>(SSL *ssl, void *buf, int num);
-
-=item int B<SSL_renegotiate>(SSL *ssl);
-
-=item char *B<SSL_rstate_string>(SSL *ssl);
-
-=item char *B<SSL_rstate_string_long>(SSL *ssl);
-
-=item long B<SSL_session_reused>(SSL *ssl);
-
-=item void B<SSL_set_accept_state>(SSL *ssl);
-
-=item void B<SSL_set_app_data>(SSL *ssl, char *arg);
-
-=item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio);
-
-=item int B<SSL_set_cipher_list>(SSL *ssl, char *str);
-
-=item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list);
-
-=item void B<SSL_set_connect_state>(SSL *ssl);
-
-=item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg);
-
-=item int B<SSL_set_fd>(SSL *ssl, int fd);
-
-=item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void))
-
-=item void B<SSL_set_msg_callback>(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-
-=item void B<SSL_set_msg_callback_arg>(SSL *ctx, void *arg);
-
-=item void B<SSL_set_options>(SSL *ssl, unsigned long op);
-
-=item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode);
-
-=item void B<SSL_set_read_ahead>(SSL *ssl, int yes);
-
-=item int B<SSL_set_rfd>(SSL *ssl, int fd);
-
-=item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session);
-
-=item void B<SSL_set_shutdown>(SSL *ssl, int mode);
-
-=item int B<SSL_set_ssl_method>(SSL *ssl, SSL_METHOD *meth);
-
-=item void B<SSL_set_time>(SSL *ssl, long t);
-
-=item void B<SSL_set_timeout>(SSL *ssl, long t);
-
-=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void))
-
-=item void B<SSL_set_verify_result>(SSL *ssl, long arg);
-
-=item int B<SSL_set_wfd>(SSL *ssl, int fd);
-
-=item int B<SSL_shutdown>(SSL *ssl);
-
-=item int B<SSL_state>(const SSL *ssl);
-
-=item char *B<SSL_state_string>(const SSL *ssl);
-
-=item char *B<SSL_state_string_long>(const SSL *ssl);
-
-=item long B<SSL_total_renegotiations>(SSL *ssl);
-
-=item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey);
-
-=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len);
-
-=item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type);
-
-=item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa);
-
-=item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len);
-
-=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type);
-
-=item int B<SSL_use_certificate>(SSL *ssl, X509 *x);
-
-=item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d);
-
-=item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type);
-
-=item int B<SSL_version>(const SSL *ssl);
-
-=item int B<SSL_want>(const SSL *ssl);
-
-=item int B<SSL_want_nothing>(const SSL *ssl);
-
-=item int B<SSL_want_read>(const SSL *ssl);
-
-=item int B<SSL_want_write>(const SSL *ssl);
-
-=item int B<SSL_want_x509_lookup>(const SSL *ssl);
-
-=item int B<SSL_write>(SSL *ssl, const void *buf, int num);
-
-=back
-
-=head1 SEE ALSO
-
-L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>,
-L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
-L<SSL_connect(3)|SSL_connect(3)>,
-L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>,
-L<SSL_COMP_add_compression_method(3)|SSL_COMP_add_compression_method(3)>,
-L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
-L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
-L<SSL_CTX_ctrl(3)|SSL_CTX_ctrl(3)>,
-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
-L<SSL_CTX_get_ex_new_index(3)|SSL_CTX_get_ex_new_index(3)>,
-L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>,
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
-L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
-L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
-L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
-L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
-L<SSL_CTX_sessions(3)|SSL_CTX_sessions(3)>,
-L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>,
-L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>,
-L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
-L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
-L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
-L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
-L<SSL_CTX_set_generate_session_id(3)|SSL_CTX_set_generate_session_id(3)>,
-L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>,
-L<SSL_CTX_set_max_cert_list(3)|SSL_CTX_set_max_cert_list(3)>,
-L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
-L<SSL_CTX_set_msg_callback(3)|SSL_CTX_set_msg_callback(3)>,
-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
-L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
-L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
-L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
-L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
-L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
-L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
-L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
-L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
-L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
-L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>,
-L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
-L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
-L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
-L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
-L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>,
-L<SSL_get_error(3)|SSL_get_error(3)>,
-L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
-L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>,
-L<SSL_get_fd(3)|SSL_get_fd(3)>,
-L<SSL_get_peer_cert_chain(3)|SSL_get_peer_cert_chain(3)>,
-L<SSL_get_rbio(3)|SSL_get_rbio(3)>,
-L<SSL_get_session(3)|SSL_get_session(3)>,
-L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
-L<SSL_get_version(3)|SSL_get_version(3)>,
-L<SSL_library_init(3)|SSL_library_init(3)>,
-L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
-L<SSL_new(3)|SSL_new(3)>,
-L<SSL_pending(3)|SSL_pending(3)>,
-L<SSL_read(3)|SSL_read(3)>,
-L<SSL_rstate_string(3)|SSL_rstate_string(3)>,
-L<SSL_session_reused(3)|SSL_session_reused(3)>,
-L<SSL_set_bio(3)|SSL_set_bio(3)>,
-L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
-L<SSL_set_fd(3)|SSL_set_fd(3)>,
-L<SSL_set_session(3)|SSL_set_session(3)>,
-L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
-L<SSL_shutdown(3)|SSL_shutdown(3)>,
-L<SSL_state_string(3)|SSL_state_string(3)>,
-L<SSL_want(3)|SSL_want(3)>,
-L<SSL_write(3)|SSL_write(3)>,
-L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
-L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>,
-L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
-L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>
-
-=head1 HISTORY
-
-The L<ssl(3)|ssl(3)> document appeared in OpenSSL 0.9.2
-
-=cut
-
diff --git a/crypto/openssl/doc/ssleay.txt b/crypto/openssl/doc/ssleay.txt
deleted file mode 100644
index c753129..0000000
--- a/crypto/openssl/doc/ssleay.txt
+++ /dev/null
@@ -1,7030 +0,0 @@
-
-Bundle of old SSLeay documentation files [OBSOLETE!]
-
-*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! ***
-
-OBSOLETE means that nothing in this document should be trusted. This
-document is provided mostly for historical purposes (it wasn't even up
-to date at the time SSLeay 0.8.1 was released) and as inspiration. If
-you copy some snippet of code from this document, please _check_ that
-it really is correct from all points of view. For example, you can
-check with the other documents in this directory tree, or by comparing
-with relevant parts of the include files.
-
-People have done the mistake of trusting what's written here. Please
-don't do that.
-
-*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! ***
-
-
-==== readme ========================================================
-
-This is the old 0.6.6 docuementation. Most of the cipher stuff is still
-relevent but I'm working (very slowly) on new docuemtation.
-The current version can be found online at
-
-http://www.cryptsoft.com/ssleay/doc
-
-==== API.doc ========================================================
-
-SSL - SSLv2/v3/v23 etc.
-
-BIO - methods and how they plug together
-
-MEM - memory allocation callback
-
-CRYPTO - locking for threads
-
-EVP - Ciphers/Digests/signatures
-
-RSA - methods
-
-X509 - certificate retrieval
-
-X509 - validation
-
-X509 - X509v3 extensions
-
-Objects - adding object identifiers
-
-ASN.1 - parsing
-
-PEM - parsing
-
-==== ssl/readme =====================================================
-
-22 Jun 1996
-This file belongs in ../apps, but I'll leave it here because it deals
-with SSL :-) It is rather dated but it gives you an idea of how
-things work.
-===
-
-17 Jul 1995
-I have been changing things quite a bit and have not fully updated
-this file, so take what you read with a grain of salt
-eric
-===
-The s_client and s_server programs can be used to test SSL capable
-IP/port addresses and the verification of the X509 certificates in use
-by these services. I strongly advise having a look at the code to get
-an idea of how to use the authentication under SSLeay. Any feedback
-on changes and improvements would be greatly accepted.
-
-This file will probably be gibberish unless you have read
-rfc1421, rfc1422, rfc1423 and rfc1424 which describe PEM
-authentication.
-
-A Brief outline (and examples) how to use them to do so.
-
-NOTE:
-The environment variable SSL_CIPER is used to specify the prefered
-cipher to use, play around with setting it's value to combinations of
-RC4-MD5, EXP-RC4-MD5, CBC-DES-MD5, CBC3-DES-MD5, CFB-DES-NULL
-in a : separated list.
-
-This directory contains 3 X509 certificates which can be used by these programs.
-client.pem: a file containing a certificate and private key to be used
- by s_client.
-server.pem :a file containing a certificate and private key to be used
- by s_server.
-eay1024.pem:the certificate used to sign client.pem and server.pem.
- This would be your CA's certificate. There is also a link
- from the file a8556381.0 to eay1024.PEM. The value a8556381
- is returned by 'x509 -hash -noout <eay1024.pem' and is the
- value used by X509 verification routines to 'find' this
- certificte when search a directory for it.
- [the above is not true any more, the CA cert is
- ../certs/testca.pem which is signed by ../certs/mincomca.pem]
-
-When testing the s_server, you may get
-bind: Address already in use
-errors. These indicate the port is still being held by the unix
-kernel and you are going to have to wait for it to let go of it. If
-this is the case, remember to use the port commands on the s_server and
-s_client to talk on an alternative port.
-
-=====
-s_client.
-This program can be used to connect to any IP/hostname:port that is
-talking SSL. Once connected, it will attempt to authenticate the
-certificate it was passed and if everything works as expected, a 2
-directional channel will be open. Any text typed will be sent to the
-other end. type Q<cr> to exit. Flags are as follows.
--host arg : Arg is the host or IP address to connect to.
--port arg : Arg is the port to connect to (https is 443).
--verify arg : Turn on authentication of the server certificate.
- : Arg specifies the 'depth', this will covered below.
--cert arg : The optional certificate to use. This certificate
- : will be returned to the server if the server
- : requests it for client authentication.
--key arg : The private key that matches the certificate
- : specified by the -cert option. If this is not
- : specified (but -cert is), the -cert file will be
- : searched for the Private key. Both files are
- : assumed to be in PEM format.
--CApath arg : When to look for certificates when 'verifying' the
- : certificate from the server.
--CAfile arg : A file containing certificates to be used for
- : 'verifying' the server certificate.
--reconnect : Once a connection has been made, drop it and
- : reconnect with same session-id. This is for testing :-).
-
-The '-verify n' parameter specifies not only to verify the servers
-certificate but to also only take notice of 'n' levels. The best way
-to explain is to show via examples.
-Given
-s_server -cert server.PEM is running.
-
-s_client
- CONNECTED
- depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
- issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
- verify error:num=1:unable to get issuer certificate
- verify return:1
- CIPHER is CBC-DES-MD5
-What has happened is that the 'SSLeay demo server' certificate's
-issuer ('CA') could not be found but because verify is not on, we
-don't care and the connection has been made anyway. It is now 'up'
-using CBC-DES-MD5 mode. This is an unauthenticate secure channel.
-You may not be talking to the right person but the data going to them
-is encrypted.
-
-s_client -verify 0
- CONNECTED
- depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
- issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
- verify error:num=1:unable to get issuer certificate
- verify return:1
- CIPHER is CBC-DES-MD5
-We are 'verifying' but only to depth 0, so since the 'SSLeay demo server'
-certificate passed the date and checksum, we are happy to proceed.
-
-s_client -verify 1
- CONNECTED
- depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
- issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
- verify error:num=1:unable to get issuer certificate
- verify return:0
- ERROR
- verify error:unable to get issuer certificate
-In this case we failed to make the connection because we could not
-authenticate the certificate because we could not find the
-'CA' certificate.
-
-s_client -verify 1 -CAfile eay1024.PEM
- CONNECTED
- depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
- verify return:1
- depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
- verify return:1
- CIPHER is CBC-DES-MD5
-We loaded the certificates from the file eay1024.PEM. Everything
-checked out and so we made the connection.
-
-s_client -verify 1 -CApath .
- CONNECTED
- depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
- verify return:1
- depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
- verify return:1
- CIPHER is CBC-DES-MD5
-We looked in out local directory for issuer certificates and 'found'
-a8556381.0 and so everything is ok.
-
-It is worth noting that 'CA' is a self certified certificate. If you
-are passed one of these, it will fail to 'verify' at depth 0 because
-we need to lookup the certifier of a certificate from some information
-that we trust and keep locally.
-
-SSL_CIPHER=CBC3-DES-MD5:RC4-MD5
-export SSL_CIPHER
-s_client -verify 10 -CApath . -reconnect
- CONNECTED
- depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
- verify return:1
- depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
- verify return:1
- drop the connection and reconnect with the same session id
- CIPHER is CBC3-DES-MD5
-This has done a full connection and then re-estabished it with the
-same session id but a new socket. No RSA stuff occures on the second
-connection. Note that we said we would prefer to use CBC3-DES-MD5
-encryption and so, since the server supports it, we are.
-
-=====
-s_server
-This program accepts SSL connections on a specified port
-Once connected, it will estabish an SSL connection and optionaly
-attempt to authenticate the client. A 2 directional channel will be
-open. Any text typed will be sent to the other end. Type Q<cr> to exit.
-Flags are as follows.
--port arg : Arg is the port to listen on.
--verify arg : Turn on authentication of the client if they have a
- : certificate. Arg specifies the 'depth'.
--Verify arg : Turn on authentication of the client. If they don't
- : have a valid certificate, drop the connection.
--cert arg : The certificate to use. This certificate
- : will be passed to the client. If it is not
- : specified, it will default to server.PEM
--key arg : The private key that matches the certificate
- : specified by the -cert option. If this is not
- : specified (but -cert is), the -cert file will be
- : searched for the Private key. Both files are
- : assumed to be in PEM format. Default is server.PEM
--CApath arg : When to look for certificates when 'verifying' the
- : certificate from the client.
--CAfile arg : A file containing certificates to be used for
- : 'verifying' the client certificate.
-
-For the following 'demo' I will specify the s_server command and
-the s_client command and then list the output from the s_server.
-s_server
-s_client
- CONNECTED
- CIPHER is CBC-DES-MD5
-Everything up and running
-
-s_server -verify 0
-s_client
- CONNECTED
- CIPHER is CBC-DES-MD5
-Ok since no certificate was returned and we don't care.
-
-s_server -verify 0
-./s_client -cert client.PEM
- CONNECTED
- depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
- issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
- verify error:num=1:unable to get issuer certificate
- verify return:1
- CIPHER is CBC-DES-MD5
-Ok since we were only verifying to level 0
-
-s_server -verify 4
-s_client -cert client.PEM
- CONNECTED
- depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
- issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
- verify error:num=1:unable to get issuer certificate
- verify return:0
- ERROR
- verify error:unable to get issuer certificate
-Bad because we could not authenticate the returned certificate.
-
-s_server -verify 4 -CApath .
-s_client -cert client.PEM
- CONNECTED
- depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
- verify return:1
- depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
- verify return:1
- CIPHER is CBC-DES-MD5
-Ok because we could authenticate the returned certificate :-).
-
-s_server -Verify 0 -CApath .
-s_client
- CONNECTED
- ERROR
- SSL error:function is:REQUEST_CERTIFICATE
- :error is :client end did not return a certificate
-Error because no certificate returned.
-
-s_server -Verify 4 -CApath .
-s_client -cert client.PEM
- CONNECTED
- depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
- verify return:1
- depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
- verify return:1
- CIPHER is CBC-DES-MD5
-Full authentication of the client.
-
-So in summary to do full authentication of both ends
-s_server -Verify 9 -CApath .
-s_client -cert client.PEM -CApath . -verify 9
-From the server side
- CONNECTED
- depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
- verify return:1
- depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
- verify return:1
- CIPHER is CBC-DES-MD5
-From the client side
- CONNECTED
- depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
- verify return:1
- depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
- verify return:1
- CIPHER is CBC-DES-MD5
-
-For general probing of the 'internet https' servers for the
-distribution area, run
-s_client -host www.netscape.com -port 443 -verify 4 -CApath ../rsa/hash
-Then enter
-GET /
-and you should be talking to the https server on that host.
-
-www.rsa.com was refusing to respond to connections on 443 when I was
-testing.
-
-have fun :-).
-
-eric
-
-==== a_verify.doc ========================================================
-
-From eay@mincom.com Fri Oct 4 18:29:06 1996
-Received: by orb.mincom.oz.au id AA29080
- (5.65c/IDA-1.4.4 for eay); Fri, 4 Oct 1996 08:29:07 +1000
-Date: Fri, 4 Oct 1996 08:29:06 +1000 (EST)
-From: Eric Young <eay@mincom.oz.au>
-X-Sender: eay@orb
-To: wplatzer <wplatzer@iaik.tu-graz.ac.at>
-Cc: Eric Young <eay@mincom.oz.au>, SSL Mailing List <ssl-users@mincom.com>
-Subject: Re: Netscape's Public Key
-In-Reply-To: <19961003134837.NTM0049@iaik.tu-graz.ac.at>
-Message-Id: <Pine.SOL.3.91.961004081346.8018K-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Status: RO
-X-Status:
-
-On Thu, 3 Oct 1996, wplatzer wrote:
-> I get Public Key from Netscape (Gold 3.0b4), but cannot do anything
-> with it... It looks like (asn1parse):
->
-> 0:d=0 hl=3 l=180 cons: SEQUENCE
-> 3:d=1 hl=2 l= 96 cons: SEQUENCE
-> 5:d=2 hl=2 l= 92 cons: SEQUENCE
-> 7:d=3 hl=2 l= 13 cons: SEQUENCE
-> 9:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
-> 20:d=4 hl=2 l= 0 prim: NULL
-> 22:d=3 hl=2 l= 75 prim: BIT STRING
-> 99:d=2 hl=2 l= 0 prim: IA5STRING :
-> 101:d=1 hl=2 l= 13 cons: SEQUENCE
-> 103:d=2 hl=2 l= 9 prim: OBJECT :md5withRSAEncryption
-> 114:d=2 hl=2 l= 0 prim: NULL
-> 116:d=1 hl=2 l= 65 prim: BIT STRING
->
-> The first BIT STRING is the public key and the second BIT STRING is
-> the signature.
-> But a public key consists of the public exponent and the modulus. Are
-> both numbers in the first BIT STRING?
-> Is there a document simply describing this coding stuff (checking
-> signature, get the public key, etc.)?
-
-Minimal in SSLeay. If you want to see what the modulus and exponent are,
-try asn1parse -offset 25 -length 75 <key.pem
-asn1parse will currently stuff up on the 'length 75' part (fixed in next
-release) but it will print the stuff. If you are after more
-documentation on ASN.1, have a look at www.rsa.com and get their PKCS
-documents, most of my initial work on SSLeay was done using them.
-
-As for SSLeay,
-util/crypto.num and util/ssl.num are lists of all exported functions in
-the library (but not macros :-(.
-
-The ones for extracting public keys from certificates and certificate
-requests are EVP_PKEY * X509_REQ_extract_key(X509_REQ *req);
-EVP_PKEY * X509_extract_key(X509 *x509);
-
-To verify a signature on a signed ASN.1 object
-int X509_verify(X509 *a,EVP_PKEY *key);
-int X509_REQ_verify(X509_REQ *a,EVP_PKEY *key);
-int X509_CRL_verify(X509_CRL *a,EVP_PKEY *key);
-int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a,EVP_PKEY *key);
-
-I should mention that EVP_PKEY can be used to hold a public or a private key,
-since for things like RSA and DSS, a public key is just a subset of what
-is stored for the private key.
-
-To sign any of the above structures
-
-int X509_sign(X509 *a,EVP_PKEY *key,EVP_MD *md);
-int X509_REQ_sign(X509_REQ *a,EVP_PKEY *key,EVP_MD *md);
-int X509_CRL_sign(X509_CRL *a,EVP_PKEY *key,EVP_MD *md);
-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *a,EVP_PKEY *key,EVP_MD *md);
-
-where md is the message digest to sign with.
-
-There are all defined in x509.h and all the _sign and _verify functions are
-actually macros to the ASN1_sign() and ASN1_verify() functions.
-These functions will put the correct algorithm identifiers in the correct
-places in the structures.
-
-eric
---
-Eric Young | BOOL is tri-state according to Bill Gates.
-AARNet: eay@mincom.oz.au | RTFM Win32 GetMessage().
-
-==== x509 =======================================================
-
-X509_verify()
-X509_sign()
-
-X509_get_version()
-X509_get_serialNumber()
-X509_get_issuer()
-X509_get_subject()
-X509_get_notBefore()
-X509_get_notAfter()
-X509_get_pubkey()
-
-X509_set_version()
-X509_set_serialNumber()
-X509_set_issuer()
-X509_set_subject()
-X509_set_notBefore()
-X509_set_notAfter()
-X509_set_pubkey()
-
-X509_get_extensions()
-X509_set_extensions()
-
-X509_EXTENSIONS_clear()
-X509_EXTENSIONS_retrieve()
-X509_EXTENSIONS_add()
-X509_EXTENSIONS_delete()
-
-==== x509 attribute ================================================
-
-PKCS7
- STACK of X509_ATTRIBUTES
- ASN1_OBJECT
- STACK of ASN1_TYPE
-
-So it is
-
-p7.xa[].obj
-p7.xa[].data[]
-
-get_obj_by_nid(STACK , nid)
-get_num_by_nid(STACK , nid)
-get_data_by_nid(STACK , nid, index)
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
-void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **ex,
- int nid, STACK *value);
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **ex,
- int nid, STACK *value);
-
-int X509_ATTRIBUTE_set_object(X509_ATTRIBUTE *ex,ASN1_OBJECT *obj);
-int X509_ATTRIBUTE_add_data(X509_ATTRIBUTE *ex, int index,
- ASN1_TYPE *value);
-
-ASN1_OBJECT * X509_ATTRIBUTE_get_object(X509_ATTRIBUTE *ex);
-int X509_ATTRIBUTE_get_num(X509_ATTRIBUTE *ne);
-ASN1_TYPE * X509_ATTRIBUTE_get_data(X509_ATTRIBUTE *ne,int index);
-
-ASN1_TYPE * X509_ATTRIBUTE_get_data_by_NID(X509_ATTRIBUTE *ne,
- ASN1_OBJECT *obj);
-
-X509_ATTRIBUTE *PKCS7_get_s_att_by_NID(PKCS7 *p7,int nid);
-X509_ATTRIBUTE *PKCS7_get_u_att_by_NID(PKCS7 *p7,int nid);
-
-==== x509 v3 ========================================================
-
-The 'new' system.
-
-The X509_EXTENSION_METHOD includes extensions and attributes and/or names.
-Basically everthing that can be added to an X509 with an OID identifying it.
-
-It operates via 2 methods per object id.
-int a2i_XXX(X509 *x,char *str,int len);
-int i2a_XXX(BIO *bp,X509 *x);
-
-The a2i_XXX function will add the object with a value converted from the
-string into the X509. Len can be -1 in which case the length is calculated
-via strlen(str). Applications can always use direct knowledge to load and
-unload the relevent objects themselves.
-
-i2a_XXX will print to the passed BIO, a text representation of the
-relevet object. Use a memory BIO if you want it printed to a buffer :-).
-
-X509_add_by_NID(X509 *x,int nid,char *str,int len);
-X509_add_by_OBJ(X509 *x,ASN1_OBJECT *obj,char *str,int len);
-
-X509_print_by_name(BIO *bp,X509 *x);
-X509_print_by_NID(BIO *bp,X509 *x);
-X509_print_by_OBJ(BIO *bp,X509 *x);
-
-==== verify ========================================================
-
-X509_verify_cert_chain(
- CERT_STORE *cert_store,
- STACK /* X509 */ *certs,
- int *verify_result,
- int (*verify_error_callback)()
- char *argument_to_callback, /* SSL */
-
-app_verify_callback(
- char *app_verify_arg, /* from SSL_CTX */
- STACK /* X509 */ *certs,
- int *verify_result,
- int (*verify_error_callback)()
- SSL *s,
-
-int X509_verify_cert(
- CERT_STORE *cert_store,
- X509 *x509,
- int *verify_result,
- int (*verify_error_callback)(),
- char *arg,
-
-==== apps.doc ========================================================
-
-The applications
-
-Ok, where to begin....
-In the begining, when SSLeay was small (April 1995), there
-were but few applications, they did happily cohabit in
-the one bin directory. Then over time, they did multiply and grow,
-and they started to look like microsoft software; 500k to print 'hello world'.
-A new approach was needed. They were coalessed into one 'Monolithic'
-application, ssleay. This one program is composed of many programs that
-can all be compiled independantly.
-
-ssleay has 3 modes of operation.
-1) If the ssleay binaray has the name of one of its component programs, it
-executes that program and then exits. This can be achieve by using hard or
-symbolic links, or failing that, just renaming the binary.
-2) If the first argument to ssleay is the name of one of the component
-programs, that program runs that program and then exits.
-3) If there are no arguments, ssleay enters a 'command' mode. Each line is
-interpreted as a program name plus arguments. After each 'program' is run,
-ssleay returns to the comand line.
-
-dgst - message digests
-enc - encryption and base64 encoding
-
-ans1parse - 'pulls' appart ASN.1 encoded objects like certificates.
-
-dh - Diffle-Hellman parameter manipulation.
-rsa - RSA manipulations.
-crl - Certificate revokion list manipulations
-x509 - X509 cert fiddles, including signing.
-pkcs7 - pkcs7 manipulation, only DER versions right now.
-
-genrsa - generate an RSA private key.
-gendh - Generate a set of Diffle-Hellman parameters.
-req - Generate a PKCS#10 object, a certificate request.
-
-s_client - SSL client program
-s_server - SSL server program
-s_time - A SSL protocol timing program
-s_mult - Another SSL server, but it multiplexes
- connections.
-s_filter - under development
-
-errstr - Convert SSLeay error numbers to strings.
-ca - Sign certificate requests, and generate
- certificate revokion lists
-crl2pkcs7 - put a crl and certifcates into a pkcs7 object.
-speed - Benchmark the ciphers.
-verify - Check certificates
-hashdir - under development
-
-[ there a now a few more options, play with the program to see what they
- are ]
-
-==== asn1.doc ========================================================
-
-The ASN.1 Routines.
-
-ASN.1 is a specification for how to encode structured 'data' in binary form.
-The approach I have take to the manipulation of structures and their encoding
-into ASN.1 is as follows.
-
-For each distinct structure there are 4 function of the following form
-TYPE *TYPE_new(void);
-void TYPE_free(TYPE *);
-TYPE *d2i_TYPE(TYPE **a,unsigned char **pp,long length);
-long i2d_TYPE(TYPE *a,unsigned char **pp); /* CHECK RETURN VALUE */
-
-where TYPE is the type of the 'object'. The TYPE that have these functions
-can be in one of 2 forms, either the internal C malloc()ed data structure
-or in the DER (a variant of ASN.1 encoding) binary encoding which is just
-an array of unsigned bytes. The 'i2d' functions converts from the internal
-form to the DER form and the 'd2i' functions convert from the DER form to
-the internal form.
-
-The 'new' function returns a malloc()ed version of the structure with all
-substructures either created or left as NULL pointers. For 'optional'
-fields, they are normally left as NULL to indicate no value. For variable
-size sub structures (often 'SET OF' or 'SEQUENCE OF' in ASN.1 syntax) the
-STACK data type is used to hold the values. Have a read of stack.doc
-and have a look at the relevant header files to see what I mean. If there
-is an error while malloc()ing the structure, NULL is returned.
-
-The 'free' function will free() all the sub components of a particular
-structure. If any of those sub components have been 'removed', replace
-them with NULL pointers, the 'free' functions are tolerant of NULL fields.
-
-The 'd2i' function copies a binary representation into a C structure. It
-operates as follows. 'a' is a pointer to a pointer to
-the structure to populate, 'pp' is a pointer to a pointer to where the DER
-byte string is located and 'length' is the length of the '*pp' data.
-If there are no errors, a pointer to the populated structure is returned.
-If there is an error, NULL is returned. Errors can occur because of
-malloc() failures but normally they will be due to syntax errors in the DER
-encoded data being parsed. It is also an error if there was an
-attempt to read more that 'length' bytes from '*p'. If
-everything works correctly, the value in '*p' is updated
-to point at the location just beyond where the DER
-structure was read from. In this way, chained calls to 'd2i' type
-functions can be made, with the pointer into the 'data' array being
-'walked' along the input byte array.
-Depending on the value passed for 'a', different things will be done. If
-'a' is NULL, a new structure will be malloc()ed and returned. If '*a' is
-NULL, a new structure will be malloc()ed and put into '*a' and returned.
-If '*a' is not NULL, the structure in '*a' will be populated, or in the
-case of an error, free()ed and then returned.
-Having these semantics means that a structure
-can call a 'd2i' function to populate a field and if the field is currently
-NULL, the structure will be created.
-
-The 'i2d' function type is used to copy a C structure to a byte array.
-The parameter 'a' is the structure to convert and '*p' is where to put it.
-As for the 'd2i' type structure, 'p' is updated to point after the last
-byte written. If p is NULL, no data is written. The function also returns
-the number of bytes written. Where this becomes useful is that if the
-function is called with a NULL 'p' value, the length is returned. This can
-then be used to malloc() an array of bytes and then the same function can
-be recalled passing the malloced array to be written to. e.g.
-
-int len;
-unsigned char *bytes,*p;
-len=i2d_X509(x,NULL); /* get the size of the ASN1 encoding of 'x' */
-if ((bytes=(unsigned char *)malloc(len)) == NULL)
- goto err;
-p=bytes;
-i2d_X509(x,&p);
-
-Please note that a new variable, 'p' was passed to i2d_X509. After the
-call to i2d_X509 p has been incremented by len bytes.
-
-Now the reason for this functional organisation is that it allows nested
-structures to be built up by calling these functions as required. There
-are various macros used to help write the general 'i2d', 'd2i', 'new' and
-'free' functions. They are discussed in another file and would only be
-used by some-one wanting to add new structures to the library. As you
-might be able to guess, the process of writing ASN.1 files can be a bit CPU
-expensive for complex structures. I'm willing to live with this since the
-simpler library code make my life easier and hopefully most programs using
-these routines will have their execution profiles dominated by cipher or
-message digest routines.
-What follows is a list of 'TYPE' values and the corresponding ASN.1
-structure and where it is used.
-
-TYPE ASN.1
-ASN1_INTEGER INTEGER
-ASN1_BIT_STRING BIT STRING
-ASN1_OCTET_STRING OCTET STRING
-ASN1_OBJECT OBJECT IDENTIFIER
-ASN1_PRINTABLESTRING PrintableString
-ASN1_T61STRING T61String
-ASN1_IA5STRING IA5String
-ASN1_UTCTIME UTCTime
-ASN1_TYPE Any of the above mentioned types plus SEQUENCE and SET
-
-Most of the above mentioned types are actualled stored in the
-ASN1_BIT_STRING type and macros are used to differentiate between them.
-The 3 types used are
-
-typedef struct asn1_object_st
- {
- /* both null if a dynamic ASN1_OBJECT, one is
- * defined if a 'static' ASN1_OBJECT */
- char *sn,*ln;
- int nid;
- int length;
- unsigned char *data;
- } ASN1_OBJECT;
-This is used to store ASN1 OBJECTS. Read 'objects.doc' for details ono
-routines to manipulate this structure. 'sn' and 'ln' are used to hold text
-strings that represent the object (short name and long or lower case name).
-These are used by the 'OBJ' library. 'nid' is a number used by the OBJ
-library to uniquely identify objects. The ASN1 routines will populate the
-'length' and 'data' fields which will contain the bit string representing
-the object.
-
-typedef struct asn1_bit_string_st
- {
- int length;
- int type;
- unsigned char *data;
- } ASN1_BIT_STRING;
-This structure is used to hold all the other base ASN1 types except for
-ASN1_UTCTIME (which is really just a 'char *'). Length is the number of
-bytes held in data and type is the ASN1 type of the object (there is a list
-in asn1.h).
-
-typedef struct asn1_type_st
- {
- int type;
- union {
- char *ptr;
- ASN1_INTEGER * integer;
- ASN1_BIT_STRING * bit_string;
- ASN1_OCTET_STRING * octet_string;
- ASN1_OBJECT * object;
- ASN1_PRINTABLESTRING * printablestring;
- ASN1_T61STRING * t61string;
- ASN1_IA5STRING * ia5string;
- ASN1_UTCTIME * utctime;
- ASN1_BIT_STRING * set;
- ASN1_BIT_STRING * sequence;
- } value;
- } ASN1_TYPE;
-This structure is used in a few places when 'any' type of object can be
-expected.
-
-X509 Certificate
-X509_CINF CertificateInfo
-X509_ALGOR AlgorithmIdentifier
-X509_NAME Name
-X509_NAME_ENTRY A single sub component of the name.
-X509_VAL Validity
-X509_PUBKEY SubjectPublicKeyInfo
-The above mentioned types are declared in x509.h. They are all quite
-straight forward except for the X509_NAME/X509_NAME_ENTRY pair.
-A X509_NAME is a STACK (see stack.doc) of X509_NAME_ENTRY's.
-typedef struct X509_name_entry_st
- {
- ASN1_OBJECT *object;
- ASN1_BIT_STRING *value;
- int set;
- int size; /* temp variable */
- } X509_NAME_ENTRY;
-The size is a temporary variable used by i2d_NAME and set is the set number
-for the particular NAME_ENTRY. A X509_NAME is encoded as a sequence of
-sequence of sets. Normally each set contains only a single item.
-Sometimes it contains more. Normally throughout this library there will be
-only one item per set. The set field contains the 'set' that this entry is
-a member of. So if you have just created a X509_NAME structure and
-populated it with X509_NAME_ENTRYs, you should then traverse the X509_NAME
-(which is just a STACK) and set the 'set/' field to incrementing numbers.
-For more details on why this is done, read the ASN.1 spec for Distinguished
-Names.
-
-X509_REQ CertificateRequest
-X509_REQ_INFO CertificateRequestInfo
-These are used to hold certificate requests.
-
-X509_CRL CertificateRevocationList
-These are used to hold a certificate revocation list
-
-RSAPrivateKey PrivateKeyInfo
-RSAPublicKey PublicKeyInfo
-Both these 'function groups' operate on 'RSA' structures (see rsa.doc).
-The difference is that the RSAPublicKey operations only manipulate the m
-and e fields in the RSA structure.
-
-DSAPrivateKey DSS private key
-DSAPublicKey DSS public key
-Both these 'function groups' operate on 'DSS' structures (see dsa.doc).
-The difference is that the RSAPublicKey operations only manipulate the
-XXX fields in the DSA structure.
-
-DHparams DHParameter
-This is used to hold the p and g value for The Diffie-Hellman operation.
-The function deal with the 'DH' strucure (see dh.doc).
-
-Now all of these function types can be used with several other functions to give
-quite useful set of general manipulation routines. Normally one would
-not uses these functions directly but use them via macros.
-
-char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
-'x' is the input structure case to a 'char *', 'i2d' is the 'i2d_TYPE'
-function for the type that 'x' is and d2i is the 'd2i_TYPE' function for the
-type that 'x' is. As is obvious from the parameters, this function
-duplicates the strucutre by transforming it into the DER form and then
-re-loading it into a new strucutre and returning the new strucutre. This
-is obviously a bit cpu intensive but when faced with a complex dynamic
-structure this is the simplest programming approach. There are macros for
-duplicating the major data types but is simple to add extras.
-
-char *ASN1_d2i_fp(char *(*new)(),char *(*d2i)(),FILE *fp,unsigned char **x);
-'x' is a pointer to a pointer of the 'desired type'. new and d2i are the
-corresponding 'TYPE_new' and 'd2i_TYPE' functions for the type and 'fp' is
-an open file pointer to read from. This function reads from 'fp' as much
-data as it can and then uses 'd2i' to parse the bytes to load and return
-the parsed strucutre in 'x' (if it was non-NULL) and to actually return the
-strucutre. The behavior of 'x' is as per all the other d2i functions.
-
-char *ASN1_d2i_bio(char *(*new)(),char *(*d2i)(),BIO *fp,unsigned char **x);
-The 'BIO' is the new IO type being used in SSLeay (see bio.doc). This
-function is the same as ASN1_d2i_fp() except for the BIO argument.
-ASN1_d2i_fp() actually calls this function.
-
-int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
-'x' is converted to bytes by 'i2d' and then written to 'out'. ASN1_i2d_fp
-and ASN1_d2i_fp are not really symetric since ASN1_i2d_fp will read all
-available data from the file pointer before parsing a single item while
-ASN1_i2d_fp can be used to write a sequence of data objects. To read a
-series of objects from a file I would sugest loading the file into a buffer
-and calling the relevent 'd2i' functions.
-
-char *ASN1_d2i_bio(char *(*new)(),char *(*d2i)(),BIO *fp,unsigned char **x);
-This function is the same as ASN1_i2d_fp() except for the BIO argument.
-ASN1_i2d_fp() actually calls this function.
-
-char * PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,int (*cb)());
-This function will read the next PEM encoded (base64) object of the same
-type as 'x' (loaded by the d2i function). 'name' is the name that is in
-the '-----BEGIN name-----' that designates the start of that object type.
-If the data is encrypted, 'cb' will be called to prompt for a password. If
-it is NULL a default function will be used to prompt from the password.
-'x' is delt with as per the standard 'd2i' function interface. This
-function can be used to read a series of objects from a file. While any
-data type can be encrypted (see PEM_ASN1_write) only RSA private keys tend
-to be encrypted.
-
-char * PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *fp,
- char **x,int (*cb)());
-Same as PEM_ASN1_read() except using a BIO. This is called by
-PEM_ASN1_read().
-
-int PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,EVP_CIPHER *enc,
- unsigned char *kstr,int klen,int (*callback)());
-
-int PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *fp,
- char *x,EVP_CIPHER *enc,unsigned char *kstr,int klen,
- int (*callback)());
-
-int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
- ASN1_BIT_STRING *signature, char *data, RSA *rsa, EVP_MD *type);
-int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
- ASN1_BIT_STRING *signature,char *data, RSA *rsa);
-
-int ASN1_BIT_STRING_cmp(ASN1_BIT_STRING *a, ASN1_BIT_STRING *b);
-ASN1_BIT_STRING *ASN1_BIT_STRING_type_new(int type );
-
-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
-void ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
-ASN1_UTCTIME *ASN1_UTCTIME_dup(ASN1_UTCTIME *a);
-
-ASN1_BIT_STRING *d2i_asn1_print_type(ASN1_BIT_STRING **a,unsigned char **pp,
- long length,int type);
-
-int i2d_ASN1_SET(STACK *a, unsigned char **pp,
- int (*func)(), int ex_tag, int ex_class);
-STACK * d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
- char *(*func)(), int ex_tag, int ex_class);
-
-int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *object);
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
-int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
-
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
-long ASN1_INTEGER_get(ASN1_INTEGER *a);
-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
-
-/* given a string, return the correct type. Max is the maximum number
- * of bytes to parse. It stops parsing when 'max' bytes have been
- * processed or a '\0' is hit */
-int ASN1_PRINTABLE_type(unsigned char *s,int max);
-
-void ASN1_parse(BIO *fp,unsigned char *pp,long len);
-
-int i2d_ASN1_bytes(ASN1_BIT_STRING *a, unsigned char **pp, int tag, int class);
-ASN1_BIT_STRING *d2i_ASN1_bytes(ASN1_OCTET_STRING **a, unsigned char **pp,
- long length, int Ptag, int Pclass);
-
-/* PARSING */
-int asn1_Finish(ASN1_CTX *c);
-
-/* SPECIALS */
-int ASN1_get_object(unsigned char **pp, long *plength, int *ptag,
- int *pclass, long omax);
-int ASN1_check_infinite_end(unsigned char **p,long len);
-void ASN1_put_object(unsigned char **pp, int constructed, int length,
- int tag, int class);
-int ASN1_object_size(int constructed, int length, int tag);
-
-X509 * X509_get_cert(CERTIFICATE_CTX *ctx,X509_NAME * name,X509 *tmp_x509);
-int X509_add_cert(CERTIFICATE_CTX *ctx,X509 *);
-
-char * X509_cert_verify_error_string(int n);
-int X509_add_cert_file(CERTIFICATE_CTX *c,char *file, int type);
-char * X509_gmtime (char *s, long adj);
-int X509_add_cert_dir (CERTIFICATE_CTX *c,char *dir, int type);
-int X509_load_verify_locations (CERTIFICATE_CTX *ctx,
- char *file_env, char *dir_env);
-int X509_set_default_verify_paths(CERTIFICATE_CTX *cts);
-X509 * X509_new_D2i_X509(int len, unsigned char *p);
-char * X509_get_default_cert_area(void );
-char * X509_get_default_cert_dir(void );
-char * X509_get_default_cert_file(void );
-char * X509_get_default_cert_dir_env(void );
-char * X509_get_default_cert_file_env(void );
-char * X509_get_default_private_dir(void );
-X509_REQ *X509_X509_TO_req(X509 *x, RSA *rsa);
-int X509_cert_verify(CERTIFICATE_CTX *ctx,X509 *xs, int (*cb)());
-
-CERTIFICATE_CTX *CERTIFICATE_CTX_new();
-void CERTIFICATE_CTX_free(CERTIFICATE_CTX *c);
-
-void X509_NAME_print(BIO *fp, X509_NAME *name, int obase);
-int X509_print_fp(FILE *fp,X509 *x);
-int X509_print(BIO *fp,X509 *x);
-
-X509_INFO * X509_INFO_new(void);
-void X509_INFO_free(X509_INFO *a);
-
-char * X509_NAME_oneline(X509_NAME *a);
-
-#define X509_verify(x,rsa)
-#define X509_REQ_verify(x,rsa)
-#define X509_CRL_verify(x,rsa)
-
-#define X509_sign(x,rsa,md)
-#define X509_REQ_sign(x,rsa,md)
-#define X509_CRL_sign(x,rsa,md)
-
-#define X509_dup(x509)
-#define d2i_X509_fp(fp,x509)
-#define i2d_X509_fp(fp,x509)
-#define d2i_X509_bio(bp,x509)
-#define i2d_X509_bio(bp,x509)
-
-#define X509_CRL_dup(crl)
-#define d2i_X509_CRL_fp(fp,crl)
-#define i2d_X509_CRL_fp(fp,crl)
-#define d2i_X509_CRL_bio(bp,crl)
-#define i2d_X509_CRL_bio(bp,crl)
-
-#define X509_REQ_dup(req)
-#define d2i_X509_REQ_fp(fp,req)
-#define i2d_X509_REQ_fp(fp,req)
-#define d2i_X509_REQ_bio(bp,req)
-#define i2d_X509_REQ_bio(bp,req)
-
-#define RSAPrivateKey_dup(rsa)
-#define d2i_RSAPrivateKey_fp(fp,rsa)
-#define i2d_RSAPrivateKey_fp(fp,rsa)
-#define d2i_RSAPrivateKey_bio(bp,rsa)
-#define i2d_RSAPrivateKey_bio(bp,rsa)
-
-#define X509_NAME_dup(xn)
-#define X509_NAME_ENTRY_dup(ne)
-
-void X509_REQ_print_fp(FILE *fp,X509_REQ *req);
-void X509_REQ_print(BIO *fp,X509_REQ *req);
-
-RSA *X509_REQ_extract_key(X509_REQ *req);
-RSA *X509_extract_key(X509 *x509);
-
-int X509_issuer_and_serial_cmp(X509 *a, X509 *b);
-unsigned long X509_issuer_and_serial_hash(X509 *a);
-
-X509_NAME * X509_get_issuer_name(X509 *a);
-int X509_issuer_name_cmp(X509 *a, X509 *b);
-unsigned long X509_issuer_name_hash(X509 *a);
-
-X509_NAME * X509_get_subject_name(X509 *a);
-int X509_subject_name_cmp(X509 *a,X509 *b);
-unsigned long X509_subject_name_hash(X509 *x);
-
-int X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
-unsigned long X509_NAME_hash(X509_NAME *x);
-
-
-==== bio.doc ========================================================
-
-BIO Routines
-
-This documentation is rather sparse, you are probably best
-off looking at the code for specific details.
-
-The BIO library is a IO abstraction that was originally
-inspired by the need to have callbacks to perform IO to FILE
-pointers when using Windows 3.1 DLLs. There are two types
-of BIO; a source/sink type and a filter type.
-The source/sink methods are as follows:
-- BIO_s_mem() memory buffer - a read/write byte array that
- grows until memory runs out :-).
-- BIO_s_file() FILE pointer - A wrapper around the normal
- 'FILE *' commands, good for use with stdin/stdout.
-- BIO_s_fd() File descriptor - A wrapper around file
- descriptors, often used with pipes.
-- BIO_s_socket() Socket - Used around sockets. It is
- mostly in the Microsoft world that sockets are different
- from file descriptors and there are all those ugly winsock
- commands.
-- BIO_s_null() Null - read nothing and write nothing.; a
- useful endpoint for filter type BIO's specifically things
- like the message digest BIO.
-
-The filter types are
-- BIO_f_buffer() IO buffering - does output buffering into
- larger chunks and performs input buffering to allow gets()
- type functions.
-- BIO_f_md() Message digest - a transparent filter that can
- be asked to return a message digest for the data that has
- passed through it.
-- BIO_f_cipher() Encrypt or decrypt all data passing
- through the filter.
-- BIO_f_base64() Base64 decode on read and encode on write.
-- BIO_f_ssl() A filter that performs SSL encryption on the
- data sent through it.
-
-Base BIO functions.
-The BIO library has a set of base functions that are
-implemented for each particular type. Filter BIOs will
-normally call the equivalent function on the source/sink BIO
-that they are layered on top of after they have performed
-some modification to the data stream. Multiple filter BIOs
-can be 'push' into a stack of modifers, so to read from a
-file, unbase64 it, then decrypt it, a BIO_f_cipher,
-BIO_f_base64 and a BIO_s_file would probably be used. If a
-sha-1 and md5 message digest needed to be generated, a stack
-two BIO_f_md() BIOs and a BIO_s_null() BIO could be used.
-The base functions are
-- BIO *BIO_new(BIO_METHOD *type); Create a new BIO of type 'type'.
-- int BIO_free(BIO *a); Free a BIO structure. Depending on
- the configuration, this will free the underlying data
- object for a source/sink BIO.
-- int BIO_read(BIO *b, char *data, int len); Read upto 'len'
- bytes into 'data'.
-- int BIO_gets(BIO *bp,char *buf, int size); Depending on
- the BIO, this can either be a 'get special' or a get one
- line of data, as per fgets();
-- int BIO_write(BIO *b, char *data, int len); Write 'len'
- bytes from 'data' to the 'b' BIO.
-- int BIO_puts(BIO *bp,char *buf); Either a 'put special' or
- a write null terminated string as per fputs().
-- long BIO_ctrl(BIO *bp,int cmd,long larg,char *parg); A
- control function which is used to manipulate the BIO
- structure and modify it's state and or report on it. This
- function is just about never used directly, rather it
- should be used in conjunction with BIO_METHOD specific
- macros.
-- BIO *BIO_push(BIO *new_top, BIO *old); new_top is apped to the
- top of the 'old' BIO list. new_top should be a filter BIO.
- All writes will go through 'new_top' first and last on read.
- 'old' is returned.
-- BIO *BIO_pop(BIO *bio); the new topmost BIO is returned, NULL if
- there are no more.
-
-If a particular low level BIO method is not supported
-(normally BIO_gets()), -2 will be returned if that method is
-called. Otherwise the IO methods (read, write, gets, puts)
-will return the number of bytes read or written, and 0 or -1
-for error (or end of input). For the -1 case,
-BIO_should_retry(bio) can be called to determine if it was a
-genuine error or a temporary problem. -2 will also be
-returned if the BIO has not been initalised yet, in all
-cases, the correct error codes are set (accessible via the
-ERR library).
-
-
-The following functions are convenience functions:
-- int BIO_printf(BIO *bio, char * format, ..); printf but
- to a BIO handle.
-- long BIO_ctrl_int(BIO *bp,int cmd,long larg,int iarg); a
- convenience function to allow a different argument types
- to be passed to BIO_ctrl().
-- int BIO_dump(BIO *b,char *bytes,int len); output 'len'
- bytes from 'bytes' in a hex dump debug format.
-- long BIO_debug_callback(BIO *bio, int cmd, char *argp, int
- argi, long argl, long ret) - a default debug BIO callback,
- this is mentioned below. To use this one normally has to
- use the BIO_set_callback_arg() function to assign an
- output BIO for the callback to use.
-- BIO *BIO_find_type(BIO *bio,int type); when there is a 'stack'
- of BIOs, this function scan the list and returns the first
- that is of type 'type', as listed in buffer.h under BIO_TYPE_XXX.
-- void BIO_free_all(BIO *bio); Free the bio and all other BIOs
- in the list. It walks the bio->next_bio list.
-
-
-
-Extra commands are normally implemented as macros calling BIO_ctrl().
-- BIO_number_read(BIO *bio) - the number of bytes processed
- by BIO_read(bio,.).
-- BIO_number_written(BIO *bio) - the number of bytes written
- by BIO_write(bio,.).
-- BIO_reset(BIO *bio) - 'reset' the BIO.
-- BIO_eof(BIO *bio) - non zero if we are at the current end
- of input.
-- BIO_set_close(BIO *bio, int close_flag) - set the close flag.
-- BIO_get_close(BIO *bio) - return the close flag.
- BIO_pending(BIO *bio) - return the number of bytes waiting
- to be read (normally buffered internally).
-- BIO_flush(BIO *bio) - output any data waiting to be output.
-- BIO_should_retry(BIO *io) - after a BIO_read/BIO_write
- operation returns 0 or -1, a call to this function will
- return non zero if you should retry the call later (this
- is for non-blocking IO).
-- BIO_should_read(BIO *io) - we should retry when data can
- be read.
-- BIO_should_write(BIO *io) - we should retry when data can
- be written.
-- BIO_method_name(BIO *io) - return a string for the method name.
-- BIO_method_type(BIO *io) - return the unique ID of the BIO method.
-- BIO_set_callback(BIO *io, long (*callback)(BIO *io, int
- cmd, char *argp, int argi, long argl, long ret); - sets
- the debug callback.
-- BIO_get_callback(BIO *io) - return the assigned function
- as mentioned above.
-- BIO_set_callback_arg(BIO *io, char *arg) - assign some
- data against the BIO. This is normally used by the debug
- callback but could in reality be used for anything. To
- get an idea of how all this works, have a look at the code
- in the default debug callback mentioned above. The
- callback can modify the return values.
-
-Details of the BIO_METHOD structure.
-typedef struct bio_method_st
- {
- int type;
- char *name;
- int (*bwrite)();
- int (*bread)();
- int (*bputs)();
- int (*bgets)();
- long (*ctrl)();
- int (*create)();
- int (*destroy)();
- } BIO_METHOD;
-
-The 'type' is the numeric type of the BIO, these are listed in buffer.h;
-'Name' is a textual representation of the BIO 'type'.
-The 7 function pointers point to the respective function
-methods, some of which can be NULL if not implemented.
-The BIO structure
-typedef struct bio_st
- {
- BIO_METHOD *method;
- long (*callback)(BIO * bio, int mode, char *argp, int
- argi, long argl, long ret);
- char *cb_arg; /* first argument for the callback */
- int init;
- int shutdown;
- int flags; /* extra storage */
- int num;
- char *ptr;
- struct bio_st *next_bio; /* used by filter BIOs */
- int references;
- unsigned long num_read;
- unsigned long num_write;
- } BIO;
-
-- 'Method' is the BIO method.
-- 'callback', when configured, is called before and after
- each BIO method is called for that particular BIO. This
- is intended primarily for debugging and of informational feedback.
-- 'init' is 0 when the BIO can be used for operation.
- Often, after a BIO is created, a number of operations may
- need to be performed before it is available for use. An
- example is for BIO_s_sock(). A socket needs to be
- assigned to the BIO before it can be used.
-- 'shutdown', this flag indicates if the underlying
- comunication primative being used should be closed/freed
- when the BIO is closed.
-- 'flags' is used to hold extra state. It is primarily used
- to hold information about why a non-blocking operation
- failed and to record startup protocol information for the
- SSL BIO.
-- 'num' and 'ptr' are used to hold instance specific state
- like file descriptors or local data structures.
-- 'next_bio' is used by filter BIOs to hold the pointer of the
- next BIO in the chain. written data is sent to this BIO and
- data read is taken from it.
-- 'references' is used to indicate the number of pointers to
- this structure. This needs to be '1' before a call to
- BIO_free() is made if the BIO_free() function is to
- actually free() the structure, otherwise the reference
- count is just decreased. The actual BIO subsystem does
- not really use this functionality but it is useful when
- used in more advanced applicaion.
-- num_read and num_write are the total number of bytes
- read/written via the 'read()' and 'write()' methods.
-
-BIO_ctrl operations.
-The following is the list of standard commands passed as the
-second parameter to BIO_ctrl() and should be supported by
-all BIO as best as possible. Some are optional, some are
-manditory, in any case, where is makes sense, a filter BIO
-should pass such requests to underlying BIO's.
-- BIO_CTRL_RESET - Reset the BIO back to an initial state.
-- BIO_CTRL_EOF - return 0 if we are not at the end of input,
- non 0 if we are.
-- BIO_CTRL_INFO - BIO specific special command, normal
- information return.
-- BIO_CTRL_SET - set IO specific parameter.
-- BIO_CTRL_GET - get IO specific parameter.
-- BIO_CTRL_GET_CLOSE - Get the close on BIO_free() flag, one
- of BIO_CLOSE or BIO_NOCLOSE.
-- BIO_CTRL_SET_CLOSE - Set the close on BIO_free() flag.
-- BIO_CTRL_PENDING - Return the number of bytes available
- for instant reading
-- BIO_CTRL_FLUSH - Output pending data, return number of bytes output.
-- BIO_CTRL_SHOULD_RETRY - After an IO error (-1 returned)
- should we 'retry' when IO is possible on the underlying IO object.
-- BIO_CTRL_RETRY_TYPE - What kind of IO are we waiting on.
-
-The following command is a special BIO_s_file() specific option.
-- BIO_CTRL_SET_FILENAME - specify a file to open for IO.
-
-The BIO_CTRL_RETRY_TYPE needs a little more explanation.
-When performing non-blocking IO, or say reading on a memory
-BIO, when no data is present (or cannot be written),
-BIO_read() and/or BIO_write() will return -1.
-BIO_should_retry(bio) will return true if this is due to an
-IO condition rather than an actual error. In the case of
-BIO_s_mem(), a read when there is no data will return -1 and
-a should retry when there is more 'read' data.
-The retry type is deduced from 2 macros
-BIO_should_read(bio) and BIO_should_write(bio).
-Now while it may appear obvious that a BIO_read() failure
-should indicate that a retry should be performed when more
-read data is available, this is often not true when using
-things like an SSL BIO. During the SSL protocol startup
-multiple reads and writes are performed, triggered by any
-SSL_read or SSL_write.
-So to write code that will transparently handle either a
-socket or SSL BIO,
- i=BIO_read(bio,..)
- if (I == -1)
- {
- if (BIO_should_retry(bio))
- {
- if (BIO_should_read(bio))
- {
- /* call us again when BIO can be read */
- }
- if (BIO_should_write(bio))
- {
- /* call us again when BIO can be written */
- }
- }
- }
-
-At this point in time only read and write conditions can be
-used but in the future I can see the situation for other
-conditions, specifically with SSL there could be a condition
-of a X509 certificate lookup taking place and so the non-
-blocking BIO_read would require a retry when the certificate
-lookup subsystem has finished it's lookup. This is all
-makes more sense and is easy to use in a event loop type
-setup.
-When using the SSL BIO, either SSL_read() or SSL_write()s
-can be called during the protocol startup and things will
-still work correctly.
-The nice aspect of the use of the BIO_should_retry() macro
-is that all the errno codes that indicate a non-fatal error
-are encapsulated in one place. The Windows specific error
-codes and WSAGetLastError() calls are also hidden from the
-application.
-
-Notes on each BIO method.
-Normally buffer.h is just required but depending on the
-BIO_METHOD, ssl.h or evp.h will also be required.
-
-BIO_METHOD *BIO_s_mem(void);
-- BIO_set_mem_buf(BIO *bio, BUF_MEM *bm, int close_flag) -
- set the underlying BUF_MEM structure for the BIO to use.
-- BIO_get_mem_ptr(BIO *bio, char **pp) - if pp is not NULL,
- set it to point to the memory array and return the number
- of bytes available.
-A read/write BIO. Any data written is appended to the
-memory array and any read is read from the front. This BIO
-can be used for read/write at the same time. BIO_gets() is
-supported in the fgets() sense.
-BIO_CTRL_INFO can be used to retrieve pointers to the memory
-buffer and it's length.
-
-BIO_METHOD *BIO_s_file(void);
-- BIO_set_fp(BIO *bio, FILE *fp, int close_flag) - set 'FILE *' to use.
-- BIO_get_fp(BIO *bio, FILE **fp) - get the 'FILE *' in use.
-- BIO_read_filename(BIO *bio, char *name) - read from file.
-- BIO_write_filename(BIO *bio, char *name) - write to file.
-- BIO_append_filename(BIO *bio, char *name) - append to file.
-This BIO sits over the normal system fread()/fgets() type
-functions. Gets() is supported. This BIO in theory could be
-used for read and write but it is best to think of each BIO
-of this type as either a read or a write BIO, not both.
-
-BIO_METHOD *BIO_s_socket(void);
-BIO_METHOD *BIO_s_fd(void);
-- BIO_sock_should_retry(int i) - the underlying function
- used to determine if a call should be retried; the
- argument is the '0' or '-1' returned by the previous BIO
- operation.
-- BIO_fd_should_retry(int i) - same as the
-- BIO_sock_should_retry() except that it is different internally.
-- BIO_set_fd(BIO *bio, int fd, int close_flag) - set the
- file descriptor to use
-- BIO_get_fd(BIO *bio, int *fd) - get the file descriptor.
-These two methods are very similar. Gets() is not
-supported, if you want this functionality, put a
-BIO_f_buffer() onto it. This BIO is bi-directional if the
-underlying file descriptor is. This is normally the case
-for sockets but not the case for stdio descriptors.
-
-BIO_METHOD *BIO_s_null(void);
-Read and write as much data as you like, it all disappears
-into this BIO.
-
-BIO_METHOD *BIO_f_buffer(void);
-- BIO_get_buffer_num_lines(BIO *bio) - return the number of
- complete lines in the buffer.
-- BIO_set_buffer_size(BIO *bio, long size) - set the size of
- the buffers.
-This type performs input and output buffering. It performs
-both at the same time. The size of the buffer can be set
-via the set buffer size option. Data buffered for output is
-only written when the buffer fills.
-
-BIO_METHOD *BIO_f_ssl(void);
-- BIO_set_ssl(BIO *bio, SSL *ssl, int close_flag) - the SSL
- structure to use.
-- BIO_get_ssl(BIO *bio, SSL **ssl) - get the SSL structure
- in use.
-The SSL bio is a little different from normal BIOs because
-the underlying SSL structure is a little different. A SSL
-structure performs IO via a read and write BIO. These can
-be different and are normally set via the
-SSL_set_rbio()/SSL_set_wbio() calls. The SSL_set_fd() calls
-are just wrappers that create socket BIOs and then call
-SSL_set_bio() where the read and write BIOs are the same.
-The BIO_push() operation makes the SSLs IO BIOs the same, so
-make sure the BIO pushed is capable of two directional
-traffic. If it is not, you will have to install the BIOs
-via the more conventional SSL_set_bio() call. BIO_pop() will retrieve
-the 'SSL read' BIO.
-
-BIO_METHOD *BIO_f_md(void);
-- BIO_set_md(BIO *bio, EVP_MD *md) - set the message digest
- to use.
-- BIO_get_md(BIO *bio, EVP_MD **mdp) - return the digest
- method in use in mdp, return 0 if not set yet.
-- BIO_reset() reinitializes the digest (EVP_DigestInit())
- and passes the reset to the underlying BIOs.
-All data read or written via BIO_read() or BIO_write() to
-this BIO will be added to the calculated digest. This
-implies that this BIO is only one directional. If read and
-write operations are performed, two separate BIO_f_md() BIOs
-are reuqired to generate digests on both the input and the
-output. BIO_gets(BIO *bio, char *md, int size) will place the
-generated digest into 'md' and return the number of bytes.
-The EVP_MAX_MD_SIZE should probably be used to size the 'md'
-array. Reading the digest will also reset it.
-
-BIO_METHOD *BIO_f_cipher(void);
-- BIO_reset() reinitializes the cipher.
-- BIO_flush() should be called when the last bytes have been
- output to flush the final block of block ciphers.
-- BIO_get_cipher_status(BIO *b), when called after the last
- read from a cipher BIO, returns non-zero if the data
- decrypted correctly, otherwise, 0.
-- BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *key,
- unsigned char *iv, int encrypt) This function is used to
- setup a cipher BIO. The length of key and iv are
- specified by the choice of EVP_CIPHER. Encrypt is 1 to
- encrypt and 0 to decrypt.
-
-BIO_METHOD *BIO_f_base64(void);
-- BIO_flush() should be called when the last bytes have been output.
-This BIO base64 encodes when writing and base64 decodes when
-reading. It will scan the input until a suitable begin line
-is found. After reading data, BIO_reset() will reset the
-BIO to start scanning again. Do not mix reading and writing
-on the same base64 BIO. It is meant as a single stream BIO.
-
-Directions type
-both BIO_s_mem()
-one/both BIO_s_file()
-both BIO_s_fd()
-both BIO_s_socket()
-both BIO_s_null()
-both BIO_f_buffer()
-one BIO_f_md()
-one BIO_f_cipher()
-one BIO_f_base64()
-both BIO_f_ssl()
-
-It is easy to mix one and two directional BIOs, all one has
-to do is to keep two separate BIO pointers for reading and
-writing and be careful about usage of underlying BIOs. The
-SSL bio by it's very nature has to be two directional but
-the BIO_push() command will push the one BIO into the SSL
-BIO for both reading and writing.
-
-The best example program to look at is apps/enc.c and/or perhaps apps/dgst.c.
-
-
-==== blowfish.doc ========================================================
-
-The Blowfish library.
-
-Blowfish is a block cipher that operates on 64bit (8 byte) quantities. It
-uses variable size key, but 128bit (16 byte) key would normally be considered
-good. It can be used in all the modes that DES can be used. This
-library implements the ecb, cbc, cfb64, ofb64 modes.
-
-Blowfish is quite a bit faster that DES, and much faster than IDEA or
-RC2. It is one of the faster block ciphers.
-
-For all calls that have an 'input' and 'output' variables, they can be the
-same.
-
-This library requires the inclusion of 'blowfish.h'.
-
-All of the encryption functions take what is called an BF_KEY as an
-argument. An BF_KEY is an expanded form of the Blowfish key.
-For all modes of the Blowfish algorithm, the BF_KEY used for
-decryption is the same one that was used for encryption.
-
-The define BF_ENCRYPT is passed to specify encryption for the functions
-that require an encryption/decryption flag. BF_DECRYPT is passed to
-specify decryption.
-
-Please note that any of the encryption modes specified in my DES library
-could be used with Blowfish. I have only implemented ecb, cbc, cfb64 and
-ofb64 for the following reasons.
-- ecb is the basic Blowfish encryption.
-- cbc is the normal 'chaining' form for block ciphers.
-- cfb64 can be used to encrypt single characters, therefore input and output
- do not need to be a multiple of 8.
-- ofb64 is similar to cfb64 but is more like a stream cipher, not as
- secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
-- If you want triple Blowfish, thats 384 bits of key and you must be totally
- obsessed with security. Still, if you want it, it is simple enough to
- copy the function from the DES library and change the des_encrypt to
- BF_encrypt; an exercise left for the paranoid reader :-).
-
-The functions are as follows:
-
-void BF_set_key(
-BF_KEY *ks;
-int len;
-unsigned char *key;
- BF_set_key converts an 'len' byte key into a BF_KEY.
- A 'ks' is an expanded form of the 'key' which is used to
- perform actual encryption. It can be regenerated from the Blowfish key
- so it only needs to be kept when encryption or decryption is about
- to occur. Don't save or pass around BF_KEY's since they
- are CPU architecture dependent, 'key's are not. Blowfish is an
- interesting cipher in that it can be used with a variable length
- key. 'len' is the length of 'key' to be used as the key.
- A 'len' of 16 is recomended by me, but blowfish can use upto
- 72 bytes. As a warning, blowfish has a very very slow set_key
- function, it actually runs BF_encrypt 521 times.
-
-void BF_encrypt(unsigned long *data, BF_KEY *key);
-void BF_decrypt(unsigned long *data, BF_KEY *key);
- These are the Blowfish encryption function that gets called by just
- about every other Blowfish routine in the library. You should not
- use this function except to implement 'modes' of Blowfish.
- I say this because the
- functions that call this routine do the conversion from 'char *' to
- long, and this needs to be done to make sure 'non-aligned' memory
- access do not occur.
- Data is a pointer to 2 unsigned long's and key is the
- BF_KEY to use.
-
-void BF_ecb_encrypt(
-unsigned char *in,
-unsigned char *out,
-BF_KEY *key,
-int encrypt);
- This is the basic Electronic Code Book form of Blowfish (in DES this
- mode is called Electronic Code Book so I'm going to use the term
- for blowfish as well.
- Input is encrypted into output using the key represented by
- key. Depending on the encrypt, encryption or
- decryption occurs. Input is 8 bytes long and output is 8 bytes.
-
-void BF_cbc_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-BF_KEY *ks,
-unsigned char *ivec,
-int encrypt);
- This routine implements Blowfish in Cipher Block Chaining mode.
- Input, which should be a multiple of 8 bytes is encrypted
- (or decrypted) to output which will also be a multiple of 8 bytes.
- The number of bytes is in length (and from what I've said above,
- should be a multiple of 8). If length is not a multiple of 8, bad
- things will probably happen. ivec is the initialisation vector.
- This function updates iv after each call so that it can be passed to
- the next call to BF_cbc_encrypt().
-
-void BF_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-BF_KEY *schedule,
-unsigned char *ivec,
-int *num,
-int encrypt);
- This is one of the more useful functions in this Blowfish library, it
- implements CFB mode of Blowfish with 64bit feedback.
- This allows you to encrypt an arbitrary number of bytes,
- you do not require 8 byte padding. Each call to this
- routine will encrypt the input bytes to output and then update ivec
- and num. Num contains 'how far' we are though ivec.
- 'Encrypt' is used to indicate encryption or decryption.
- CFB64 mode operates by using the cipher to generate a stream
- of bytes which is used to encrypt the plain text.
- The cipher text is then encrypted to generate the next 64 bits to
- be xored (incrementally) with the next 64 bits of plain
- text. As can be seen from this, to encrypt or decrypt,
- the same 'cipher stream' needs to be generated but the way the next
- block of data is gathered for encryption is different for
- encryption and decryption.
-
-void BF_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-BF_KEY *schedule,
-unsigned char *ivec,
-int *num);
- This functions implements OFB mode of Blowfish with 64bit feedback.
- This allows you to encrypt an arbitrary number of bytes,
- you do not require 8 byte padding. Each call to this
- routine will encrypt the input bytes to output and then update ivec
- and num. Num contains 'how far' we are though ivec.
- This is in effect a stream cipher, there is no encryption or
- decryption mode.
-
-For reading passwords, I suggest using des_read_pw_string() from my DES library.
-To generate a password from a text string, I suggest using MD5 (or MD2) to
-produce a 16 byte message digest that can then be passed directly to
-BF_set_key().
-
-=====
-For more information about the specific Blowfish modes in this library
-(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
-documentation on my DES library. What is said about DES is directly
-applicable for Blowfish.
-
-
-==== bn.doc ========================================================
-
-The Big Number library.
-
-#include "bn.h" when using this library.
-
-This big number library was written for use in implementing the RSA and DH
-public key encryption algorithms. As such, features such as negative
-numbers have not been extensively tested but they should work as expected.
-This library uses dynamic memory allocation for storing its data structures
-and so there are no limit on the size of the numbers manipulated by these
-routines but there is always the requirement to check return codes from
-functions just in case a memory allocation error has occurred.
-
-The basic object in this library is a BIGNUM. It is used to hold a single
-large integer. This type should be considered opaque and fields should not
-be modified or accessed directly.
-typedef struct bignum_st
- {
- int top; /* Index of last used d. */
- BN_ULONG *d; /* Pointer to an array of 'BITS2' bit chunks. */
- int max; /* Size of the d array. */
- int neg;
- } BIGNUM;
-The big number is stored in a malloced array of BN_ULONG's. A BN_ULONG can
-be either 16, 32 or 64 bits in size, depending on the 'number of bits'
-specified in bn.h.
-The 'd' field is this array. 'max' is the size of the 'd' array that has
-been allocated. 'top' is the 'last' entry being used, so for a value of 4,
-bn.d[0]=4 and bn.top=1. 'neg' is 1 if the number is negative.
-When a BIGNUM is '0', the 'd' field can be NULL and top == 0.
-
-Various routines in this library require the use of 'temporary' BIGNUM
-variables during their execution. Due to the use of dynamic memory
-allocation to create BIGNUMs being rather expensive when used in
-conjunction with repeated subroutine calls, the BN_CTX structure is
-used. This structure contains BN_CTX BIGNUMs. BN_CTX
-is the maximum number of temporary BIGNUMs any publicly exported
-function will use.
-
-#define BN_CTX 12
-typedef struct bignum_ctx
- {
- int tos; /* top of stack */
- BIGNUM *bn[BN_CTX]; /* The variables */
- } BN_CTX;
-
-The functions that follow have been grouped according to function. Most
-arithmetic functions return a result in the first argument, sometimes this
-first argument can also be an input parameter, sometimes it cannot. These
-restrictions are documented.
-
-extern BIGNUM *BN_value_one;
-There is one variable defined by this library, a BIGNUM which contains the
-number 1. This variable is useful for use in comparisons and assignment.
-
-Get Size functions.
-
-int BN_num_bits(BIGNUM *a);
- This function returns the size of 'a' in bits.
-
-int BN_num_bytes(BIGNUM *a);
- This function (macro) returns the size of 'a' in bytes.
- For conversion of BIGNUMs to byte streams, this is the number of
- bytes the output string will occupy. If the output byte
- format specifies that the 'top' bit indicates if the number is
- signed, so an extra '0' byte is required if the top bit on a
- positive number is being written, it is upto the application to
- make this adjustment. Like I said at the start, I don't
- really support negative numbers :-).
-
-Creation/Destruction routines.
-
-BIGNUM *BN_new();
- Return a new BIGNUM object. The number initially has a value of 0. If
- there is an error, NULL is returned.
-
-void BN_free(BIGNUM *a);
- Free()s a BIGNUM.
-
-void BN_clear(BIGNUM *a);
- Sets 'a' to a value of 0 and also zeros all unused allocated
- memory. This function is used to clear a variable of 'sensitive'
- data that was held in it.
-
-void BN_clear_free(BIGNUM *a);
- This function zeros the memory used by 'a' and then free()'s it.
- This function should be used to BN_free() BIGNUMS that have held
- sensitive numeric values like RSA private key values. Both this
- function and BN_clear tend to only be used by RSA and DH routines.
-
-BN_CTX *BN_CTX_new(void);
- Returns a new BN_CTX. NULL on error.
-
-void BN_CTX_free(BN_CTX *c);
- Free a BN_CTX structure. The BIGNUMs in 'c' are BN_clear_free()ed.
-
-BIGNUM *bn_expand(BIGNUM *b, int bits);
- This is an internal function that should not normally be used. It
- ensures that 'b' has enough room for a 'bits' bit number. It is
- mostly used by the various BIGNUM routines. If there is an error,
- NULL is returned. if not, 'b' is returned.
-
-BIGNUM *BN_copy(BIGNUM *to, BIGNUM *from);
- The 'from' is copied into 'to'. NULL is returned if there is an
- error, otherwise 'to' is returned.
-
-BIGNUM *BN_dup(BIGNUM *a);
- A new BIGNUM is created and returned containing the value of 'a'.
- NULL is returned on error.
-
-Comparison and Test Functions.
-
-int BN_is_zero(BIGNUM *a)
- Return 1 if 'a' is zero, else 0.
-
-int BN_is_one(a)
- Return 1 is 'a' is one, else 0.
-
-int BN_is_word(a,w)
- Return 1 if 'a' == w, else 0. 'w' is a BN_ULONG.
-
-int BN_cmp(BIGNUM *a, BIGNUM *b);
- Return -1 if 'a' is less than 'b', 0 if 'a' and 'b' are the same
- and 1 is 'a' is greater than 'b'. This is a signed comparison.
-
-int BN_ucmp(BIGNUM *a, BIGNUM *b);
- This function is the same as BN_cmp except that the comparison
- ignores the sign of the numbers.
-
-Arithmetic Functions
-For all of these functions, 0 is returned if there is an error and 1 is
-returned for success. The return value should always be checked. eg.
-if (!BN_add(r,a,b)) goto err;
-Unless explicitly mentioned, the 'return' value can be one of the
-'parameters' to the function.
-
-int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
- Add 'a' and 'b' and return the result in 'r'. This is r=a+b.
-
-int BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
- Subtract 'a' from 'b' and put the result in 'r'. This is r=a-b.
-
-int BN_lshift(BIGNUM *r, BIGNUM *a, int n);
- Shift 'a' left by 'n' bits. This is r=a*(2^n).
-
-int BN_lshift1(BIGNUM *r, BIGNUM *a);
- Shift 'a' left by 1 bit. This form is more efficient than
- BN_lshift(r,a,1). This is r=a*2.
-
-int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
- Shift 'a' right by 'n' bits. This is r=int(a/(2^n)).
-
-int BN_rshift1(BIGNUM *r, BIGNUM *a);
- Shift 'a' right by 1 bit. This form is more efficient than
- BN_rshift(r,a,1). This is r=int(a/2).
-
-int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b);
- Multiply a by b and return the result in 'r'. 'r' must not be
- either 'a' or 'b'. It has to be a different BIGNUM.
- This is r=a*b.
-
-int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
- Multiply a by a and return the result in 'r'. 'r' must not be
- 'a'. This function is alot faster than BN_mul(r,a,a). This is r=a*a.
-
-int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
- Divide 'm' by 'd' and return the result in 'dv' and the remainder
- in 'rem'. Either of 'dv' or 'rem' can be NULL in which case that
- value is not returned. 'ctx' needs to be passed as a source of
- temporary BIGNUM variables.
- This is dv=int(m/d), rem=m%d.
-
-int BN_mod(BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
- Find the remainder of 'm' divided by 'd' and return it in 'rem'.
- 'ctx' holds the temporary BIGNUMs required by this function.
- This function is more efficient than BN_div(NULL,rem,m,d,ctx);
- This is rem=m%d.
-
-int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *m,BN_CTX *ctx);
- Multiply 'a' by 'b' and return the remainder when divided by 'm'.
- 'ctx' holds the temporary BIGNUMs required by this function.
- This is r=(a*b)%m.
-
-int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
- Raise 'a' to the 'p' power and return the remainder when divided by
- 'm'. 'ctx' holds the temporary BIGNUMs required by this function.
- This is r=(a^p)%m.
-
-int BN_reciprocal(BIGNUM *r, BIGNUM *m, BN_CTX *ctx);
- Return the reciprocal of 'm'. 'ctx' holds the temporary variables
- required. This function returns -1 on error, otherwise it returns
- the number of bits 'r' is shifted left to make 'r' into an integer.
- This number of bits shifted is required in BN_mod_mul_reciprocal().
- This is r=(1/m)<<(BN_num_bits(m)+1).
-
-int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BIGNUM *m,
- BIGNUM *i, int nb, BN_CTX *ctx);
- This function is used to perform an efficient BN_mod_mul()
- operation. If one is going to repeatedly perform BN_mod_mul() with
- the same modulus is worth calculating the reciprocal of the modulus
- and then using this function. This operation uses the fact that
- a/b == a*r where r is the reciprocal of b. On modern computers
- multiplication is very fast and big number division is very slow.
- 'x' is multiplied by 'y' and then divided by 'm' and the remainder
- is returned. 'i' is the reciprocal of 'm' and 'nb' is the number
- of bits as returned from BN_reciprocal(). Normal usage is as follows.
- bn=BN_reciprocal(i,m);
- for (...)
- { BN_mod_mul_reciprocal(r,x,y,m,i,bn,ctx); }
- This is r=(x*y)%m. Internally it is approximately
- r=(x*y)-m*(x*y/m) or r=(x*y)-m*((x*y*i) >> bn)
- This function is used in BN_mod_exp() and BN_is_prime().
-
-Assignment Operations
-
-int BN_one(BIGNUM *a)
- Set 'a' to hold the value one.
- This is a=1.
-
-int BN_zero(BIGNUM *a)
- Set 'a' to hold the value zero.
- This is a=0.
-
-int BN_set_word(BIGNUM *a, unsigned long w);
- Set 'a' to hold the value of 'w'. 'w' is an unsigned long.
- This is a=w.
-
-unsigned long BN_get_word(BIGNUM *a);
- Returns 'a' in an unsigned long. Not remarkably, often 'a' will
- be biger than a word, in which case 0xffffffffL is returned.
-
-Word Operations
-These functions are much more efficient that the normal bignum arithmetic
-operations.
-
-BN_ULONG BN_mod_word(BIGNUM *a, unsigned long w);
- Return the remainder of 'a' divided by 'w'.
- This is return(a%w).
-
-int BN_add_word(BIGNUM *a, unsigned long w);
- Add 'w' to 'a'. This function does not take the sign of 'a' into
- account. This is a+=w;
-
-Bit operations.
-
-int BN_is_bit_set(BIGNUM *a, int n);
- This function return 1 if bit 'n' is set in 'a' else 0.
-
-int BN_set_bit(BIGNUM *a, int n);
- This function sets bit 'n' to 1 in 'a'.
- This is a&= ~(1<<n);
-
-int BN_clear_bit(BIGNUM *a, int n);
- This function sets bit 'n' to zero in 'a'. Return 0 if less
- than 'n' bits in 'a' else 1. This is a&= ~(1<<n);
-
-int BN_mask_bits(BIGNUM *a, int n);
- Truncate 'a' to n bits long. This is a&= ~((~0)<<n)
-
-Format conversion routines.
-
-BIGNUM *BN_bin2bn(unsigned char *s, int len,BIGNUM *ret);
- This function converts 'len' bytes in 's' into a BIGNUM which
- is put in 'ret'. If ret is NULL, a new BIGNUM is created.
- Either this new BIGNUM or ret is returned. The number is
- assumed to be in bigendian form in 's'. By this I mean that
- to 'ret' is created as follows for 'len' == 5.
- ret = s[0]*2^32 + s[1]*2^24 + s[2]*2^16 + s[3]*2^8 + s[4];
- This function cannot be used to convert negative numbers. It
- is always assumed the number is positive. The application
- needs to diddle the 'neg' field of th BIGNUM its self.
- The better solution would be to save the numbers in ASN.1 format
- since this is a defined standard for storing big numbers.
- Look at the functions
-
- ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
- BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
- int i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
- ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
- long length;
-
-int BN_bn2bin(BIGNUM *a, unsigned char *to);
- This function converts 'a' to a byte string which is put into
- 'to'. The representation is big-endian in that the most
- significant byte of 'a' is put into to[0]. This function
- returns the number of bytes used to hold 'a'. BN_num_bytes(a)
- would return the same value and can be used to determine how
- large 'to' needs to be. If the number is negative, this
- information is lost. Since this library was written to
- manipulate large positive integers, the inability to save and
- restore them is not considered to be a problem by me :-).
- As for BN_bin2bn(), look at the ASN.1 integer encoding funtions
- for SSLeay. They use BN_bin2bn() and BN_bn2bin() internally.
-
-char *BN_bn2ascii(BIGNUM *a);
- This function returns a malloc()ed string that contains the
- ascii hexadecimal encoding of 'a'. The number is in bigendian
- format with a '-' in front if the number is negative.
-
-int BN_ascii2bn(BIGNUM **bn, char *a);
- The inverse of BN_bn2ascii. The function returns the number of
- characters from 'a' were processed in generating a the bignum.
- error is inticated by 0 being returned. The number is a
- hex digit string, optionally with a leading '-'. If *bn
- is null, a BIGNUM is created and returned via that variable.
-
-int BN_print_fp(FILE *fp, BIGNUM *a);
- 'a' is printed to file pointer 'fp'. It is in the same format
- that is output from BN_bn2ascii(). 0 is returned on error,
- 1 if things are ok.
-
-int BN_print(BIO *bp, BIGNUM *a);
- Same as BN_print except that the output is done to the SSLeay libraries
- BIO routines. BN_print_fp() actually calls this function.
-
-Miscellaneous Routines.
-
-int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
- This function returns in 'rnd' a random BIGNUM that is bits
- long. If bottom is 1, the number returned is odd. If top is set,
- the top 2 bits of the number are set. This is useful because if
- this is set, 2 'n; bit numbers multiplied together will return a 2n
- bit number. If top was not set, they could produce a 2n-1 bit
- number.
-
-BIGNUM *BN_mod_inverse(BIGNUM *a, BIGNUM *n,BN_CTX *ctx);
- This function create a new BIGNUM and returns it. This number
- is the inverse mod 'n' of 'a'. By this it is meant that the
- returned value 'r' satisfies (a*r)%n == 1. This function is
- used in the generation of RSA keys. 'ctx', as per usual,
- is used to hold temporary variables that are required by the
- function. NULL is returned on error.
-
-int BN_gcd(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx);
- 'r' has the greatest common divisor of 'a' and 'b'. 'ctx' is
- used for temporary variables and 0 is returned on error.
-
-int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(),BN_CTX *ctx,
- char *cb_arg);
- This function is used to check if a BIGNUM ('p') is prime.
- It performs this test by using the Miller-Rabin randomised
- primality test. This is a probalistic test that requires a
- number of rounds to ensure the number is prime to a high
- degree of probability. Since this can take quite some time, a
- callback function can be passed and it will be called each
- time 'p' passes a round of the prime testing. 'callback' will
- be called as follows, callback(1,n,cb_arg) where n is the number of
- the round, just passed. As per usual 'ctx' contains temporary
- variables used. If ctx is NULL, it does not matter, a local version
- will be malloced. This parameter is present to save some mallocing
- inside the function but probably could be removed.
- 0 is returned on error.
- 'ncheck' is the number of Miller-Rabin tests to run. It is
- suggested to use the value 'BN_prime_checks' by default.
-
-BIGNUM *BN_generate_prime(
-int bits,
-int strong,
-BIGNUM *a,
-BIGNUM *rems,
-void (*callback)());
-char *cb_arg
- This function is used to generate prime numbers. It returns a
- new BIGNUM that has a high probability of being a prime.
- 'bits' is the number of bits that
- are to be in the prime. If 'strong' is true, the returned prime
- will also be a strong prime ((p-1)/2 is also prime).
- While searching for the prime ('p'), we
- can add the requirement that the prime fill the following
- condition p%a == rem. This can be used to help search for
- primes with specific features, which is required when looking
- for primes suitable for use with certain 'g' values in the
- Diffie-Hellman key exchange algorithm. If 'a' is NULL,
- this condition is not checked. If rem is NULL, rem is assumed
- to be 1. Since this search for a prime
- can take quite some time, if callback is not NULL, it is called
- in the following situations.
- We have a suspected prime (from a quick sieve),
- callback(0,sus_prime++,cb_arg). Each item to be passed to BN_is_prime().
- callback(1,round++,cb_arg). Each successful 'round' in BN_is_prime().
- callback(2,round,cb_arg). For each successful BN_is_prime() test.
-
-Hints
------
-
-DSA wants 64*32 to use word mont mul, but RSA wants to use full.
-
-==== callback.doc ========================================================
-
-Callback functions used in SSLeay.
-
---------------------------
-The BIO library.
-
-Each BIO structure can have a callback defined against it. This callback is
-called 2 times for each BIO 'function'. It is passed 6 parameters.
-BIO_debug_callback() is an example callback which is defined in
-crypto/buffer/bio_cb.c and is used in apps/dgst.c This is intended mostly
-for debuging or to notify the application of IO.
-
-long BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,long argl,
- long ret);
-bio is the BIO being called, cmd is the type of BIO function being called.
-Look at the BIO_CB_* defines in buffer.h. Argp and argi are the arguments
-passed to BIO_read(), BIO_write, BIO_gets(), BIO_puts(). In the case of
-BIO_ctrl(), argl is also defined. The first time the callback is called,
-before the underlying function has been executed, 0 is passed as 'ret', and
-if the return code from the callback is not > 0, the call is aborted
-and the returned <= 0 value is returned.
-The second time the callback is called, the 'cmd' value also has
-BIO_CB_RETURN logically 'or'ed with it. The 'ret' value is the value returned
-from the actuall function call and whatever the callback returns is returned
-from the BIO function.
-
-BIO_set_callback(b,cb) can be used to set the callback function
-(b is a BIO), and BIO_set_callback_arg(b,arg) can be used to
-set the cb_arg argument in the BIO strucutre. This field is only intended
-to be used by application, primarily in the callback function since it is
-accessable since the BIO is passed.
-
---------------------------
-The PEM library.
-
-The pem library only really uses one type of callback,
-static int def_callback(char *buf, int num, int verify);
-which is used to return a password string if required.
-'buf' is the buffer to put the string in. 'num' is the size of 'buf'
-and 'verify' is used to indicate that the password should be checked.
-This last flag is mostly used when reading a password for encryption.
-
-For all of these functions, a NULL callback will call the above mentioned
-default callback. This default function does not work under Windows 3.1.
-For other machines, it will use an application defined prompt string
-(EVP_set_pw_prompt(), which defines a library wide prompt string)
-if defined, otherwise it will use it's own PEM password prompt.
-It will then call EVP_read_pw_string() to get a password from the console.
-If your application wishes to use nice fancy windows to retrieve passwords,
-replace this function. The callback should return the number of bytes read
-into 'buf'. If the number of bytes <= 0, it is considered an error.
-
-Functions that take this callback are listed below. For the 'read' type
-functions, the callback will only be required if the PEM data is encrypted.
-
-For the Write functions, normally a password can be passed in 'kstr', of
-'klen' bytes which will be used if the 'enc' cipher is not NULL. If
-'kstr' is NULL, the callback will be used to retrieve a password.
-
-int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
- int (*callback)());
-char *PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,int (*cb)());
-char *PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,int (*cb)());
-int PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x,
- EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-int PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,
- EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK *PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)());
-STACK *PEM_X509_INFO_read_bio(BIO *fp, STACK *sk, int (*cb)());
-
-#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb)
-#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb)
-#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb)
-#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb)
-#define PEM_read_SSL_SESSION(fp,x,cb)
-#define PEM_read_X509(fp,x,cb)
-#define PEM_read_X509_REQ(fp,x,cb)
-#define PEM_read_X509_CRL(fp,x,cb)
-#define PEM_read_RSAPrivateKey(fp,x,cb)
-#define PEM_read_DSAPrivateKey(fp,x,cb)
-#define PEM_read_PrivateKey(fp,x,cb)
-#define PEM_read_PKCS7(fp,x,cb)
-#define PEM_read_DHparams(fp,x,cb)
-#define PEM_read_bio_SSL_SESSION(bp,x,cb)
-#define PEM_read_bio_X509(bp,x,cb)
-#define PEM_read_bio_X509_REQ(bp,x,cb)
-#define PEM_read_bio_X509_CRL(bp,x,cb)
-#define PEM_read_bio_RSAPrivateKey(bp,x,cb)
-#define PEM_read_bio_DSAPrivateKey(bp,x,cb)
-#define PEM_read_bio_PrivateKey(bp,x,cb)
-#define PEM_read_bio_PKCS7(bp,x,cb)
-#define PEM_read_bio_DHparams(bp,x,cb)
-int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
-RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
-
-Now you will notice that macros like
-#define PEM_write_X509(fp,x) \
- PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
- (char *)x, NULL,NULL,0,NULL)
-Don't do encryption normally. If you want to PEM encrypt your X509 structure,
-either just call PEM_ASN1_write directly or just define you own
-macro variant. As you can see, this macro just sets all encryption related
-parameters to NULL.
-
-
---------------------------
-The SSL library.
-
-#define SSL_set_info_callback(ssl,cb)
-#define SSL_CTX_set_info_callback(ctx,cb)
-void callback(SSL *ssl,int location,int ret)
-This callback is called each time around the SSL_connect()/SSL_accept()
-state machine. So it will be called each time the SSL protocol progresses.
-It is mostly present for use when debugging. When SSL_connect() or
-SSL_accept() return, the location flag is SSL_CB_ACCEPT_EXIT or
-SSL_CB_CONNECT_EXIT and 'ret' is the value about to be returned.
-Have a look at the SSL_CB_* defines in ssl.h. If an info callback is defined
-against the SSL_CTX, it is called unless there is one set against the SSL.
-Have a look at
-void client_info_callback() in apps/s_client() for an example.
-
-Certificate verification.
-void SSL_set_verify(SSL *s, int mode, int (*callback) ());
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)());
-This callback is used to help verify client and server X509 certificates.
-It is actually passed to X509_cert_verify(), along with the SSL structure
-so you have to read about X509_cert_verify() :-). The SSL_CTX version is used
-if the SSL version is not defined. X509_cert_verify() is the function used
-by the SSL part of the library to verify certificates. This function is
-nearly always defined by the application.
-
-void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg);
-int callback(char *arg,SSL *s,X509 *xs,STACK *cert_chain);
-This call is used to replace the SSLeay certificate verification code.
-The 'arg' is kept in the SSL_CTX and is passed to the callback.
-If the callback returns 0, the certificate is rejected, otherwise it
-is accepted. The callback is replacing the X509_cert_verify() call.
-This feature is not often used, but if you wished to implement
-some totally different certificate authentication system, this 'hook' is
-vital.
-
-SSLeay keeps a cache of session-ids against each SSL_CTX. These callbacks can
-be used to notify the application when a SSL_SESSION is added to the cache
-or to retrieve a SSL_SESSION that is not in the cache from the application.
-#define SSL_CTX_sess_set_get_cb(ctx,cb)
-SSL_SESSION *callback(SSL *s,char *session_id,int session_id_len,int *copy);
-If defined, this callback is called to return the SESSION_ID for the
-session-id in 'session_id', of 'session_id_len' bytes. 'copy' is set to 1
-if the server is to 'take a copy' of the SSL_SESSION structure. It is 0
-if the SSL_SESSION is being 'passed in' so the SSLeay library is now
-responsible for 'free()ing' the structure. Basically it is used to indicate
-if the reference count on the SSL_SESSION structure needs to be incremented.
-
-#define SSL_CTX_sess_set_new_cb(ctx,cb)
-int callback(SSL *s, SSL_SESSION *sess);
-When a new connection is established, if the SSL_SESSION is going to be added
-to the cache, this callback is called. Return 1 if a 'copy' is required,
-otherwise, return 0. This return value just causes the reference count
-to be incremented (on return of a 1), this means the application does
-not need to worry about incrementing the refernece count (and the
-locking that implies in a multi-threaded application).
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)());
-This sets the SSL password reading function.
-It is mostly used for windowing applications
-and used by PEM_read_bio_X509() and PEM_read_bio_RSAPrivateKey()
-calls inside the SSL library. The only reason this is present is because the
-calls to PEM_* functions is hidden in the SSLeay library so you have to
-pass in the callback some how.
-
-#define SSL_CTX_set_client_cert_cb(ctx,cb)
-int callback(SSL *s,X509 **x509, EVP_PKEY **pkey);
-Called when a client certificate is requested but there is not one set
-against the SSL_CTX or the SSL. If the callback returns 1, x509 and
-pkey need to point to valid data. The library will free these when
-required so if the application wants to keep these around, increment
-their reference counts. If 0 is returned, no client cert is
-available. If -1 is returned, it is assumed that the callback needs
-to be called again at a later point in time. SSL_connect will return
--1 and SSL_want_x509_lookup(ssl) returns true. Remember that
-application data can be attached to an SSL structure via the
-SSL_set_app_data(SSL *ssl,char *data) call.
-
---------------------------
-The X509 library.
-
-int X509_cert_verify(CERTIFICATE_CTX *ctx,X509 *xs, int (*cb)(),
- int *error,char *arg,STACK *cert_chain);
-int verify_callback(int ok,X509 *xs,X509 *xi,int depth,int error,char *arg,
- STACK *cert_chain);
-
-X509_cert_verify() is used to authenticate X509 certificates. The 'ctx' holds
-the details of the various caches and files used to locate certificates.
-'xs' is the certificate to verify and 'cb' is the application callback (more
-detail later). 'error' will be set to the error code and 'arg' is passed
-to the 'cb' callback. Look at the VERIFY_* defines in crypto/x509/x509.h
-
-When ever X509_cert_verify() makes a 'negative' decision about a
-certitificate, the callback is called. If everything checks out, the
-callback is called with 'VERIFY_OK' or 'VERIFY_ROOT_OK' (for a self
-signed cert that is not the passed certificate).
-
-The callback is passed the X509_cert_verify opinion of the certificate
-in 'ok', the certificate in 'xs', the issuer certificate in 'xi',
-the 'depth' of the certificate in the verification 'chain', the
-VERIFY_* code in 'error' and the argument passed to X509_cert_verify()
-in 'arg'. cert_chain is a list of extra certs to use if they are not
-in the cache.
-
-The callback can be used to look at the error reason, and then return 0
-for an 'error' or '1' for ok. This will override the X509_cert_verify()
-opinion of the certificates validity. Processing will continue depending on
-the return value. If one just wishes to use the callback for informational
-reason, just return the 'ok' parameter.
-
---------------------------
-The BN and DH library.
-
-BIGNUM *BN_generate_prime(int bits,int strong,BIGNUM *add,
- BIGNUM *rem,void (*callback)(int,int));
-int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int),
-
-Read doc/bn.doc for the description of these 2.
-
-DH *DH_generate_parameters(int prime_len,int generator,
- void (*callback)(int,int));
-Read doc/bn.doc for the description of the callback, since it is just passed
-to BN_generate_prime(), except that it is also called as
-callback(3,0) by this function.
-
---------------------------
-The CRYPTO library.
-
-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file,
- int line));
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,
- int type,char *file, int line));
-void CRYPTO_set_id_callback(unsigned long (*func)(void));
-
-Read threads.doc for info on these ones.
-
-
-==== cipher.doc ========================================================
-
-The Cipher subroutines.
-
-These routines require "evp.h" to be included.
-
-These functions are a higher level interface to the various cipher
-routines found in this library. As such, they allow the same code to be
-used to encrypt and decrypt via different ciphers with only a change
-in an initial parameter. These routines also provide buffering for block
-ciphers.
-
-These routines all take a pointer to the following structure to specify
-which cipher to use. If you wish to use a new cipher with these routines,
-you would probably be best off looking an how an existing cipher is
-implemented and copying it. At this point in time, I'm not going to go
-into many details. This structure should be considered opaque
-
-typedef struct pem_cipher_st
- {
- int type;
- int block_size;
- int key_len;
- int iv_len;
- void (*enc_init)(); /* init for encryption */
- void (*dec_init)(); /* init for decryption */
- void (*do_cipher)(); /* encrypt data */
- } EVP_CIPHER;
-
-The type field is the object NID of the cipher type
-(read the section on Objects for an explanation of what a NID is).
-The cipher block_size is how many bytes need to be passed
-to the cipher at a time. Key_len is the
-length of the key the cipher requires and iv_len is the length of the
-initialisation vector required. enc_init is the function
-called to initialise the ciphers context for encryption and dec_init is the
-function to initialise for decryption (they need to be different, especially
-for the IDEA cipher).
-
-One reason for specifying the Cipher via a pointer to a structure
-is that if you only use des-cbc, only the des-cbc routines will
-be included when you link the program. If you passed an integer
-that specified which cipher to use, the routine that mapped that
-integer to a set of cipher functions would cause all the ciphers
-to be link into the code. This setup also allows new ciphers
-to be added by the application (with some restrictions).
-
-The thirteen ciphers currently defined in this library are
-
-EVP_CIPHER *EVP_des_ecb(); /* DES in ecb mode, iv=0, block=8, key= 8 */
-EVP_CIPHER *EVP_des_ede(); /* DES in ecb ede mode, iv=0, block=8, key=16 */
-EVP_CIPHER *EVP_des_ede3(); /* DES in ecb ede mode, iv=0, block=8, key=24 */
-EVP_CIPHER *EVP_des_cfb(); /* DES in cfb mode, iv=8, block=1, key= 8 */
-EVP_CIPHER *EVP_des_ede_cfb(); /* DES in ede cfb mode, iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_des_ede3_cfb();/* DES in ede cfb mode, iv=8, block=1, key=24 */
-EVP_CIPHER *EVP_des_ofb(); /* DES in ofb mode, iv=8, block=1, key= 8 */
-EVP_CIPHER *EVP_des_ede_ofb(); /* DES in ede ofb mode, iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_des_ede3_ofb();/* DES in ede ofb mode, iv=8, block=1, key=24 */
-EVP_CIPHER *EVP_des_cbc(); /* DES in cbc mode, iv=8, block=8, key= 8 */
-EVP_CIPHER *EVP_des_ede_cbc(); /* DES in cbc ede mode, iv=8, block=8, key=16 */
-EVP_CIPHER *EVP_des_ede3_cbc();/* DES in cbc ede mode, iv=8, block=8, key=24 */
-EVP_CIPHER *EVP_desx_cbc(); /* DES in desx cbc mode,iv=8, block=8, key=24 */
-EVP_CIPHER *EVP_rc4(); /* RC4, iv=0, block=1, key=16 */
-EVP_CIPHER *EVP_idea_ecb(); /* IDEA in ecb mode, iv=0, block=8, key=16 */
-EVP_CIPHER *EVP_idea_cfb(); /* IDEA in cfb mode, iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_idea_ofb(); /* IDEA in ofb mode, iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_idea_cbc(); /* IDEA in cbc mode, iv=8, block=8, key=16 */
-EVP_CIPHER *EVP_rc2_ecb(); /* RC2 in ecb mode, iv=0, block=8, key=16 */
-EVP_CIPHER *EVP_rc2_cfb(); /* RC2 in cfb mode, iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_rc2_ofb(); /* RC2 in ofb mode, iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_rc2_cbc(); /* RC2 in cbc mode, iv=8, block=8, key=16 */
-EVP_CIPHER *EVP_bf_ecb(); /* Blowfish in ecb mode,iv=0, block=8, key=16 */
-EVP_CIPHER *EVP_bf_cfb(); /* Blowfish in cfb mode,iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_bf_ofb(); /* Blowfish in ofb mode,iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_bf_cbc(); /* Blowfish in cbc mode,iv=8, block=8, key=16 */
-
-The meaning of the compound names is as follows.
-des The base cipher is DES.
-idea The base cipher is IDEA
-rc4 The base cipher is RC4-128
-rc2 The base cipher is RC2-128
-ecb Electronic Code Book form of the cipher.
-cbc Cipher Block Chaining form of the cipher.
-cfb 64 bit Cipher Feedback form of the cipher.
-ofb 64 bit Output Feedback form of the cipher.
-ede The cipher is used in Encrypt, Decrypt, Encrypt mode. The first
- and last keys are the same.
-ede3 The cipher is used in Encrypt, Decrypt, Encrypt mode.
-
-All the Cipher routines take a EVP_CIPHER_CTX pointer as an argument.
-The state of the cipher is kept in this structure.
-
-typedef struct EVP_CIPHER_Ctx_st
- {
- EVP_CIPHER *cipher;
- int encrypt; /* encrypt or decrypt */
- int buf_len; /* number we have left */
- unsigned char buf[8];
- union {
- .... /* cipher specific stuff */
- } c;
- } EVP_CIPHER_CTX;
-
-Cipher is a pointer the the EVP_CIPHER for the current context. The encrypt
-flag indicates encryption or decryption. buf_len is the number of bytes
-currently being held in buf.
-The 'c' union holds the cipher specify context.
-
-The following functions are to be used.
-
-int EVP_read_pw_string(
-char *buf,
-int len,
-char *prompt,
-int verify,
- This function is the same as des_read_pw_string() (des.doc).
-
-void EVP_set_pw_prompt(char *prompt);
- This function sets the 'default' prompt to use to use in
- EVP_read_pw_string when the prompt parameter is NULL. If the
- prompt parameter is NULL, this 'default prompt' feature is turned
- off. Be warned, this is a global variable so weird things
- will happen if it is used under Win16 and care must be taken
- with a multi-threaded version of the library.
-
-char *EVP_get_pw_prompt();
- This returns a pointer to the default prompt string. NULL
- if it is not set.
-
-int EVP_BytesToKey(
-EVP_CIPHER *type,
-EVP_MD *md,
-unsigned char *salt,
-unsigned char *data,
-int datal,
-int count,
-unsigned char *key,
-unsigned char *iv);
- This function is used to generate a key and an initialisation vector
- for a specified cipher from a key string and a salt. Type
- specifies the cipher the 'key' is being generated for. Md is the
- message digest algorithm to use to generate the key and iv. The salt
- is an optional 8 byte object that is used to help seed the key
- generator.
- If the salt value is NULL, it is just not used. Datal is the
- number of bytes to use from 'data' in the key generation.
- This function returns the key size for the specified cipher, if
- data is NULL, this value is returns and no other
- computation is performed. Count is
- the number of times to loop around the key generator. I would
- suggest leaving it's value as 1. Key and iv are the structures to
- place the returning iv and key in. If they are NULL, no value is
- generated for that particular value.
- The algorithm used is as follows
-
- /* M[] is an array of message digests
- * MD() is the message digest function */
- M[0]=MD(data . salt);
- for (i=1; i<count; i++) M[0]=MD(M[0]);
-
- i=1
- while (data still needed for key and iv)
- {
- M[i]=MD(M[i-1] . data . salt);
- for (i=1; i<count; i++) M[i]=MD(M[i]);
- i++;
- }
-
- If the salt is NULL, it is not used.
- The digests are concatenated together.
- M = M[0] . M[1] . M[2] .......
-
- For key= 8, iv=8 => key=M[0.. 8], iv=M[ 9 .. 16].
- For key=16, iv=0 => key=M[0..16].
- For key=16, iv=8 => key=M[0..16], iv=M[17 .. 24].
- For key=24, iv=8 => key=M[0..24], iv=M[25 .. 32].
-
- This routine will produce DES-CBC keys and iv that are compatible
- with the PKCS-5 standard when md2 or md5 are used. If md5 is
- used, the salt is NULL and count is 1, this routine will produce
- the password to key mapping normally used with RC4.
- I have attempted to logically extend the PKCS-5 standard to
- generate keys and iv for ciphers that require more than 16 bytes,
- if anyone knows what the correct standard is, please inform me.
- When using sha or sha1, things are a bit different under this scheme,
- since sha produces a 20 byte digest. So for ciphers requiring
- 24 bits of data, 20 will come from the first MD and 4 will
- come from the second.
-
- I have considered having a separate function so this 'routine'
- can be used without the requirement of passing a EVP_CIPHER *,
- but I have decided to not bother. If you wish to use the
- function without official EVP_CIPHER structures, just declare
- a local one and set the key_len and iv_len fields to the
- length you desire.
-
-The following routines perform encryption and decryption 'by parts'. By
-this I mean that there are groups of 3 routines. An Init function that is
-used to specify a cipher and initialise data structures. An Update routine
-that does encryption/decryption, one 'chunk' at a time. And finally a
-'Final' function that finishes the encryption/decryption process.
-All these functions take a EVP_CIPHER pointer to specify which cipher to
-encrypt/decrypt with. They also take a EVP_CIPHER_CTX object as an
-argument. This structure is used to hold the state information associated
-with the operation in progress.
-
-void EVP_EncryptInit(
-EVP_CIPHER_CTX *ctx,
-EVP_CIPHER *type,
-unsigned char *key,
-unsigned char *iv);
- This function initialise a EVP_CIPHER_CTX for encryption using the
- cipher passed in the 'type' field. The cipher is initialised to use
- 'key' as the key and 'iv' for the initialisation vector (if one is
- required). If the type, key or iv is NULL, the value currently in the
- EVP_CIPHER_CTX is reused. So to perform several decrypt
- using the same cipher, key and iv, initialise with the cipher,
- key and iv the first time and then for subsequent calls,
- reuse 'ctx' but pass NULL for type, key and iv. You must make sure
- to pass a key that is large enough for a particular cipher. I
- would suggest using the EVP_BytesToKey() function.
-
-void EVP_EncryptUpdate(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl,
-unsigned char *in,
-int inl);
- This function takes 'inl' bytes from 'in' and outputs bytes
- encrypted by the cipher 'ctx' was initialised with into 'out'. The
- number of bytes written to 'out' is put into outl. If a particular
- cipher encrypts in blocks, less or more bytes than input may be
- output. Currently the largest block size used by supported ciphers
- is 8 bytes, so 'out' should have room for 'inl+7' bytes. Normally
- EVP_EncryptInit() is called once, followed by lots and lots of
- calls to EVP_EncryptUpdate, followed by a single EVP_EncryptFinal
- call.
-
-void EVP_EncryptFinal(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl);
- Because quite a large number of ciphers are block ciphers, there is
- often an incomplete block to write out at the end of the
- encryption. EVP_EncryptFinal() performs processing on this last
- block. The last block in encoded in such a way that it is possible
- to determine how many bytes in the last block are valid. For 8 byte
- block size ciphers, if only 5 bytes in the last block are valid, the
- last three bytes will be filled with the value 3. If only 2 were
- valid, the other 6 would be filled with sixes. If all 8 bytes are
- valid, a extra 8 bytes are appended to the cipher stream containing
- nothing but 8 eights. These last bytes are output into 'out' and
- the number of bytes written is put into 'outl' These last bytes
- are output into 'out' and the number of bytes written is put into
- 'outl'. This form of block cipher finalisation is compatible with
- PKCS-5. Please remember that even if you are using ciphers like
- RC4 that has no blocking and so the function will not write
- anything into 'out', it would still be a good idea to pass a
- variable for 'out' that can hold 8 bytes just in case the cipher is
- changed some time in the future. It should also be remembered
- that the EVP_CIPHER_CTX contains the password and so when one has
- finished encryption with a particular EVP_CIPHER_CTX, it is good
- practice to zero the structure
- (ie. memset(ctx,0,sizeof(EVP_CIPHER_CTX)).
-
-void EVP_DecryptInit(
-EVP_CIPHER_CTX *ctx,
-EVP_CIPHER *type,
-unsigned char *key,
-unsigned char *iv);
- This function is basically the same as EVP_EncryptInit() accept that
- is prepares the EVP_CIPHER_CTX for decryption.
-
-void EVP_DecryptUpdate(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl,
-unsigned char *in,
-int inl);
- This function is basically the same as EVP_EncryptUpdate()
- except that it performs decryption. There is one
- fundamental difference though. 'out' can not be the same as
- 'in' for any ciphers with a block size greater than 1 if more
- than one call to EVP_DecryptUpdate() will be made. This
- is because this routine can hold a 'partial' block between
- calls. When a partial block is decrypted (due to more bytes
- being passed via this function, they will be written to 'out'
- overwriting the input bytes in 'in' that have not been read
- yet. From this it should also be noted that 'out' should
- be at least one 'block size' larger than 'inl'. This problem
- only occurs on the second and subsequent call to
- EVP_DecryptUpdate() when using a block cipher.
-
-int EVP_DecryptFinal(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl);
- This function is different to EVP_EncryptFinal in that it 'removes'
- any padding bytes appended when the data was encrypted. Due to the
- way in which 1 to 8 bytes may have been appended when encryption
- using a block cipher, 'out' can end up with 0 to 7 bytes being put
- into it. When decoding the padding bytes, it is possible to detect
- an incorrect decryption. If the decryption appears to be wrong, 0
- is returned. If everything seems ok, 1 is returned. For ciphers
- with a block size of 1 (RC4), this function would normally not
- return any bytes and would always return 1. Just because this
- function returns 1 does not mean the decryption was correct. It
- would normally be wrong due to either the wrong key/iv or
- corruption of the cipher data fed to EVP_DecryptUpdate().
- As for EVP_EncryptFinal, it is a good idea to zero the
- EVP_CIPHER_CTX after use since the structure contains the key used
- to decrypt the data.
-
-The following Cipher routines are convenience routines that call either
-EVP_EncryptXxx or EVP_DecryptXxx depending on weather the EVP_CIPHER_CTX
-was setup to encrypt or decrypt.
-
-void EVP_CipherInit(
-EVP_CIPHER_CTX *ctx,
-EVP_CIPHER *type,
-unsigned char *key,
-unsigned char *iv,
-int enc);
- This function take arguments that are the same as EVP_EncryptInit()
- and EVP_DecryptInit() except for the extra 'enc' flag. If 1, the
- EVP_CIPHER_CTX is setup for encryption, if 0, decryption.
-
-void EVP_CipherUpdate(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl,
-unsigned char *in,
-int inl);
- Again this function calls either EVP_EncryptUpdate() or
- EVP_DecryptUpdate() depending on state in the 'ctx' structure.
- As noted for EVP_DecryptUpdate(), when this routine is used
- for decryption with block ciphers, 'out' should not be the
- same as 'in'.
-
-int EVP_CipherFinal(
-EVP_CIPHER_CTX *ctx,
-unsigned char *outm,
-int *outl);
- This routine call EVP_EncryptFinal() or EVP_DecryptFinal()
- depending on the state information in 'ctx'. 1 is always returned
- if the mode is encryption, otherwise the return value is the return
- value of EVP_DecryptFinal().
-
-==== cipher.m ========================================================
-
-Date: Tue, 15 Oct 1996 08:16:14 +1000 (EST)
-From: Eric Young <eay@mincom.com>
-X-Sender: eay@orb
-To: Roland Haring <rharing@tandem.cl>
-Cc: ssl-users@mincom.com
-Subject: Re: Symmetric encryption with ssleay
-In-Reply-To: <m0vBpyq-00001aC@tandemnet.tandem.cl>
-Message-Id: <Pine.SOL.3.91.961015075623.11394A-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Sender: ssl-lists-owner@mincom.com
-Precedence: bulk
-Status: RO
-X-Status:
-
-On Fri, 11 Oct 1996, Roland Haring wrote:
-> THE_POINT:
-> Would somebody be so kind to give me the minimum basic
-> calls I need to do to libcrypto.a to get some text encrypted
-> and decrypted again? ...hopefully with code included to do
-> base64 encryption and decryption ... e.g. that sign-it.c code
-> posted some while ago was a big help :-) (please, do not point
-> me to apps/enc.c where I suspect my Heissenbug to be hidden :-)
-
-Ok, the base64 encoding stuff in 'enc.c' does the wrong thing sometimes
-when the data is less than a line long (this is for decoding). I'll dig
-up the exact fix today and post it. I am taking longer on 0.6.5 than I
-intended so I'll just post this patch.
-
-The documentation to read is in
-doc/cipher.doc,
-doc/encode.doc (very sparse :-).
-and perhaps
-doc/digest.doc,
-
-The basic calls to encrypt with say triple DES are
-
-Given
-char key[EVP_MAX_KEY_LENGTH];
-char iv[EVP_MAX_IV_LENGTH];
-EVP_CIPHER_CTX ctx;
-unsigned char out[512+8];
-int outl;
-
-/* optional generation of key/iv data from text password using md5
- * via an upward compatable verson of PKCS#5. */
-EVP_BytesToKey(EVP_des_ede3_cbc,EVP_md5,NULL,passwd,strlen(passwd),
- key,iv);
-
-/* Initalise the EVP_CIPHER_CTX */
-EVP_EncryptInit(ctx,EVP_des_ede3_cbc,key,iv);
-
-while (....)
- {
- /* This is processing 512 bytes at a time, the bytes are being
- * copied into 'out', outl bytes are output. 'out' should not be the
- * same as 'in' for reasons mentioned in the documentation. */
- EVP_EncryptUpdate(ctx,out,&outl,in,512);
- }
-
-/* Output the last 'block'. If the cipher is a block cipher, the last
- * block is encoded in such a way so that a wrong decryption will normally be
- * detected - again, one of the PKCS standards. */
-
-EVP_EncryptFinal(ctx,out,&outl);
-
-To decrypt, use the EVP_DecryptXXXXX functions except that EVP_DecryptFinal()
-will return 0 if the decryption fails (only detectable on block ciphers).
-
-You can also use
-EVP_CipherInit()
-EVP_CipherUpdate()
-EVP_CipherFinal()
-which does either encryption or decryption depending on an extra
-parameter to EVP_CipherInit().
-
-
-To do the base64 encoding,
-EVP_EncodeInit()
-EVP_EncodeUpdate()
-EVP_EncodeFinal()
-
-EVP_DecodeInit()
-EVP_DecodeUpdate()
-EVP_DecodeFinal()
-
-where the encoding is quite simple, but the decoding can be a bit more
-fun (due to dud input).
-
-EVP_DecodeUpdate() returns -1 for an error on an input line, 0 if the
-'last line' was just processed, and 1 if more lines should be submitted.
-
-EVP_DecodeFinal() returns -1 for an error or 1 if things are ok.
-
-So the loop becomes
-EVP_DecodeInit(....)
-for (;;)
- {
- i=EVP_DecodeUpdate(....);
- if (i < 0) goto err;
-
- /* process the data */
-
- if (i == 0) break;
- }
-EVP_DecodeFinal(....);
-/* process the data */
-
-The problem in 'enc.c' is that I was stuff the processing up after the
-EVP_DecodeFinal(...) when the for(..) loop was not being run (one line of
-base64 data) and this was because 'enc.c' tries to scan over a file until
-it hits the first valid base64 encoded line.
-
-hope this helps a bit.
-eric
---
-Eric Young | BOOL is tri-state according to Bill Gates.
-AARNet: eay@mincom.oz.au | RTFM Win32 GetMessage().
-
-==== conf.doc ========================================================
-
-The CONF library.
-
-The CONF library is a simple set of routines that can be used to configure
-programs. It is a superset of the genenv() function with some extra
-structure.
-
-The library consists of 5 functions.
-
-LHASH *CONF_load(LHASH *config,char *file);
-This function is called to load in a configuration file. Multiple
-configuration files can be loaded, with each subsequent 'load' overwriting
-any already defined 'variables'. If there is an error, NULL is returned.
-If config is NULL, a new LHASH structure is created and returned, otherwise
-the new data in the 'file' is loaded into the 'config' structure.
-
-void CONF_free(LHASH *config);
-This function free()s the data in config.
-
-char *CONF_get_string(LHASH *config,char *section,char *name);
-This function returns the string found in 'config' that corresponds to the
-'section' and 'name' specified. Classes and the naming system used will be
-discussed later in this document. If the variable is not defined, an NULL
-is returned.
-
-long CONF_get_long(LHASH *config,char *section, char *name);
-This function is the same as CONF_get_string() except that it converts the
-string to an long and returns it. If variable is not a number or the
-variable does not exist, 0 is returned. This is a little problematic but I
-don't know of a simple way around it.
-
-STACK *CONF_get_section(LHASH *config, char *section);
-This function returns a 'stack' of CONF_VALUE items that are all the
-items defined in a particular section. DO NOT free() any of the
-variable returned. They will disappear when CONF_free() is called.
-
-The 'lookup' model.
-The configuration file is divided into 'sections'. Each section is started by
-a line of the form '[ section ]'. All subsequent variable definitions are
-of this section. A variable definition is a simple alpha-numeric name
-followed by an '=' and then the data. A section or variable name can be
-described by a regular expression of the following form '[A-Za-z0-9_]+'.
-The value of the variable is the text after the '=' until the end of the
-line, stripped of leading and trailing white space.
-At this point I should mention that a '#' is a comment character, \ is the
-escape character, and all three types of quote can be used to stop any
-special interpretation of the data.
-Now when the data is being loaded, variable expansion can occur. This is
-done by expanding any $NAME sequences into the value represented by the
-variable NAME. If the variable is not in the current section, the different
-section can be specified by using the $SECTION::NAME form. The ${NAME} form
-also works and is very useful for expanding variables inside strings.
-
-When a variable is looked up, there are 2 special section. 'default', which
-is the initial section, and 'ENV' which is the processes environment
-variables (accessed via getenv()). When a variable is looked up, it is
-first 'matched' with it's section (if one was specified), if this fails, the
-'default' section is matched.
-If the 'lhash' variable passed was NULL, the environment is searched.
-
-Now why do we bother with sections? So we can have multiple programs using
-the same configuration file, or multiple instances of the same program
-using different variables. It also provides a nice mechanism to override
-the processes environment variables (eg ENV::HOME=/tmp). If there is a
-program specific variable missing, we can have default values.
-Multiple configuration files can be loaded, with each new value clearing
-any predefined values. A system config file can provide 'default' values,
-and application/usr specific files can provide overriding values.
-
-Examples
-
-# This is a simple example
-SSLEAY_HOME = /usr/local/ssl
-ENV::PATH = $SSLEAY_HOME/bin:$PATH # override my path
-
-[X509]
-cert_dir = $SSLEAY_HOME/certs # /usr/local/ssl/certs
-
-[SSL]
-CIPHER = DES-EDE-MD5:RC4-MD5
-USER_CERT = $HOME/${USER}di'r 5' # /home/eay/eaydir 5
-USER_CERT = $HOME/\${USER}di\'r # /home/eay/${USER}di'r
-USER_CERT = "$HOME/${US"ER}di\'r # $HOME/${USER}di'r
-
-TEST = 1234\
-5678\
-9ab # TEST=123456789ab
-TTT = 1234\n\n # TTT=1234<nl><nl>
-
-
-
-==== des.doc ========================================================
-
-The DES library.
-
-Please note that this library was originally written to operate with
-eBones, a version of Kerberos that had had encryption removed when it left
-the USA and then put back in. As such there are some routines that I will
-advise not using but they are still in the library for historical reasons.
-For all calls that have an 'input' and 'output' variables, they can be the
-same.
-
-This library requires the inclusion of 'des.h'.
-
-All of the encryption functions take what is called a des_key_schedule as an
-argument. A des_key_schedule is an expanded form of the des key.
-A des_key is 8 bytes of odd parity, the type used to hold the key is a
-des_cblock. A des_cblock is an array of 8 bytes, often in this library
-description I will refer to input bytes when the function specifies
-des_cblock's as input or output, this just means that the variable should
-be a multiple of 8 bytes.
-
-The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to
-specify decryption. The functions and global variable are as follows:
-
-int des_check_key;
- DES keys are supposed to be odd parity. If this variable is set to
- a non-zero value, des_set_key() will check that the key has odd
- parity and is not one of the known weak DES keys. By default this
- variable is turned off;
-
-void des_set_odd_parity(
-des_cblock *key );
- This function takes a DES key (8 bytes) and sets the parity to odd.
-
-int des_is_weak_key(
-des_cblock *key );
- This function returns a non-zero value if the DES key passed is a
- weak, DES key. If it is a weak key, don't use it, try a different
- one. If you are using 'random' keys, the chances of hitting a weak
- key are 1/2^52 so it is probably not worth checking for them.
-
-int des_set_key(
-des_cblock *key,
-des_key_schedule schedule);
- Des_set_key converts an 8 byte DES key into a des_key_schedule.
- A des_key_schedule is an expanded form of the key which is used to
- perform actual encryption. It can be regenerated from the DES key
- so it only needs to be kept when encryption or decryption is about
- to occur. Don't save or pass around des_key_schedule's since they
- are CPU architecture dependent, DES keys are not. If des_check_key
- is non zero, zero is returned if the key has the wrong parity or
- the key is a weak key, else 1 is returned.
-
-int des_key_sched(
-des_cblock *key,
-des_key_schedule schedule);
- An alternative name for des_set_key().
-
-int des_rw_mode; /* defaults to DES_PCBC_MODE */
- This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default).
- This specifies the function to use in the enc_read() and enc_write()
- functions.
-
-void des_encrypt(
-unsigned long *data,
-des_key_schedule ks,
-int enc);
- This is the DES encryption function that gets called by just about
- every other DES routine in the library. You should not use this
- function except to implement 'modes' of DES. I say this because the
- functions that call this routine do the conversion from 'char *' to
- long, and this needs to be done to make sure 'non-aligned' memory
- access do not occur. The characters are loaded 'little endian',
- have a look at my source code for more details on how I use this
- function.
- Data is a pointer to 2 unsigned long's and ks is the
- des_key_schedule to use. enc, is non zero specifies encryption,
- zero if decryption.
-
-void des_encrypt2(
-unsigned long *data,
-des_key_schedule ks,
-int enc);
- This functions is the same as des_encrypt() except that the DES
- initial permutation (IP) and final permutation (FP) have been left
- out. As for des_encrypt(), you should not use this function.
- It is used by the routines in my library that implement triple DES.
- IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
- as des_encrypt() des_encrypt() des_encrypt() except faster :-).
-
-void des_ecb_encrypt(
-des_cblock *input,
-des_cblock *output,
-des_key_schedule ks,
-int enc);
- This is the basic Electronic Code Book form of DES, the most basic
- form. Input is encrypted into output using the key represented by
- ks. If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise
- decryption occurs. Input is 8 bytes long and output is 8 bytes.
- (the des_cblock structure is 8 chars).
-
-void des_ecb3_encrypt(
-des_cblock *input,
-des_cblock *output,
-des_key_schedule ks1,
-des_key_schedule ks2,
-des_key_schedule ks3,
-int enc);
- This is the 3 key EDE mode of ECB DES. What this means is that
- the 8 bytes of input is encrypted with ks1, decrypted with ks2 and
- then encrypted again with ks3, before being put into output;
- C=E(ks3,D(ks2,E(ks1,M))). There is a macro, des_ecb2_encrypt()
- that only takes 2 des_key_schedules that implements,
- C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1.
-
-void des_cbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int enc);
- This routine implements DES in Cipher Block Chaining mode.
- Input, which should be a multiple of 8 bytes is encrypted
- (or decrypted) to output which will also be a multiple of 8 bytes.
- The number of bytes is in length (and from what I've said above,
- should be a multiple of 8). If length is not a multiple of 8, I'm
- not being held responsible :-). ivec is the initialisation vector.
- This function does not modify this variable. To correctly implement
- cbc mode, you need to do one of 2 things; copy the last 8 bytes of
- cipher text for use as the next ivec in your application,
- or use des_ncbc_encrypt().
- Only this routine has this problem with updating the ivec, all
- other routines that are implementing cbc mode update ivec.
-
-void des_ncbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule sk,
-des_cblock *ivec,
-int enc);
- For historical reasons, des_cbc_encrypt() did not update the
- ivec with the value requires so that subsequent calls to
- des_cbc_encrypt() would 'chain'. This was needed so that the same
- 'length' values would not need to be used when decrypting.
- des_ncbc_encrypt() does the right thing. It is the same as
- des_cbc_encrypt accept that ivec is updates with the correct value
- to pass in subsequent calls to des_ncbc_encrypt(). I advise using
- des_ncbc_encrypt() instead of des_cbc_encrypt();
-
-void des_xcbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule sk,
-des_cblock *ivec,
-des_cblock *inw,
-des_cblock *outw,
-int enc);
- This is RSA's DESX mode of DES. It uses inw and outw to
- 'whiten' the encryption. inw and outw are secret (unlike the iv)
- and are as such, part of the key. So the key is sort of 24 bytes.
- This is much better than cbc des.
-
-void des_3cbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule sk1,
-des_key_schedule sk2,
-des_cblock *ivec1,
-des_cblock *ivec2,
-int enc);
- This function is flawed, do not use it. I have left it in the
- library because it is used in my des(1) program and will function
- correctly when used by des(1). If I removed the function, people
- could end up unable to decrypt files.
- This routine implements outer triple cbc encryption using 2 ks and
- 2 ivec's. Use des_ede2_cbc_encrypt() instead.
-
-void des_ede3_cbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule ks1,
-des_key_schedule ks2,
-des_key_schedule ks3,
-des_cblock *ivec,
-int enc);
- This function implements outer triple CBC DES encryption with 3
- keys. What this means is that each 'DES' operation
- inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))).
- Again, this is cbc mode so an ivec is requires.
- This mode is used by SSL.
- There is also a des_ede2_cbc_encrypt() that only uses 2
- des_key_schedule's, the first being reused for the final
- encryption. C=E(ks1,D(ks2,E(ks1,M))). This form of triple DES
- is used by the RSAref library.
-
-void des_pcbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int enc);
- This is Propagating Cipher Block Chaining mode of DES. It is used
- by Kerberos v4. It's parameters are the same as des_ncbc_encrypt().
-
-void des_cfb_encrypt(
-unsigned char *in,
-unsigned char *out,
-int numbits,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int enc);
- Cipher Feedback Back mode of DES. This implementation 'feeds back'
- in numbit blocks. The input (and output) is in multiples of numbits
- bits. numbits should to be a multiple of 8 bits. Length is the
- number of bytes input. If numbits is not a multiple of 8 bits,
- the extra bits in the bytes will be considered padding. So if
- numbits is 12, for each 2 input bytes, the 4 high bits of the
- second byte will be ignored. So to encode 72 bits when using
- a numbits of 12 take 12 bytes. To encode 72 bits when using
- numbits of 9 will take 16 bytes. To encode 80 bits when using
- numbits of 16 will take 10 bytes. etc, etc. This padding will
- apply to both input and output.
-
-
-void des_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int *num,
-int enc);
- This is one of the more useful functions in this DES library, it
- implements CFB mode of DES with 64bit feedback. Why is this
- useful you ask? Because this routine will allow you to encrypt an
- arbitrary number of bytes, no 8 byte padding. Each call to this
- routine will encrypt the input bytes to output and then update ivec
- and num. num contains 'how far' we are though ivec. If this does
- not make much sense, read more about cfb mode of DES :-).
-
-void des_ede3_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks1,
-des_key_schedule ks2,
-des_key_schedule ks3,
-des_cblock *ivec,
-int *num,
-int enc);
- Same as des_cfb64_encrypt() accept that the DES operation is
- triple DES. As usual, there is a macro for
- des_ede2_cfb64_encrypt() which reuses ks1.
-
-void des_ofb_encrypt(
-unsigned char *in,
-unsigned char *out,
-int numbits,
-long length,
-des_key_schedule ks,
-des_cblock *ivec);
- This is a implementation of Output Feed Back mode of DES. It is
- the same as des_cfb_encrypt() in that numbits is the size of the
- units dealt with during input and output (in bits).
-
-void des_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int *num);
- The same as des_cfb64_encrypt() except that it is Output Feed Back
- mode.
-
-void des_ede3_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks1,
-des_key_schedule ks2,
-des_key_schedule ks3,
-des_cblock *ivec,
-int *num);
- Same as des_ofb64_encrypt() accept that the DES operation is
- triple DES. As usual, there is a macro for
- des_ede2_ofb64_encrypt() which reuses ks1.
-
-int des_read_pw_string(
-char *buf,
-int length,
-char *prompt,
-int verify);
- This routine is used to get a password from the terminal with echo
- turned off. Buf is where the string will end up and length is the
- size of buf. Prompt is a string presented to the 'user' and if
- verify is set, the key is asked for twice and unless the 2 copies
- match, an error is returned. A return code of -1 indicates a
- system error, 1 failure due to use interaction, and 0 is success.
-
-unsigned long des_cbc_cksum(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule ks,
-des_cblock *ivec);
- This function produces an 8 byte checksum from input that it puts in
- output and returns the last 4 bytes as a long. The checksum is
- generated via cbc mode of DES in which only the last 8 byes are
- kept. I would recommend not using this function but instead using
- the EVP_Digest routines, or at least using MD5 or SHA. This
- function is used by Kerberos v4 so that is why it stays in the
- library.
-
-char *des_fcrypt(
-const char *buf,
-const char *salt
-char *ret);
- This is my fast version of the unix crypt(3) function. This version
- takes only a small amount of space relative to other fast
- crypt() implementations. This is different to the normal crypt
- in that the third parameter is the buffer that the return value
- is written into. It needs to be at least 14 bytes long. This
- function is thread safe, unlike the normal crypt.
-
-char *crypt(
-const char *buf,
-const char *salt);
- This function calls des_fcrypt() with a static array passed as the
- third parameter. This emulates the normal non-thread safe semantics
- of crypt(3).
-
-void des_string_to_key(
-char *str,
-des_cblock *key);
- This function takes str and converts it into a DES key. I would
- recommend using MD5 instead and use the first 8 bytes of output.
- When I wrote the first version of these routines back in 1990, MD5
- did not exist but I feel these routines are still sound. This
- routines is compatible with the one in MIT's libdes.
-
-void des_string_to_2keys(
-char *str,
-des_cblock *key1,
-des_cblock *key2);
- This function takes str and converts it into 2 DES keys.
- I would recommend using MD5 and using the 16 bytes as the 2 keys.
- I have nothing against these 2 'string_to_key' routines, it's just
- that if you say that your encryption key is generated by using the
- 16 bytes of an MD5 hash, every-one knows how you generated your
- keys.
-
-int des_read_password(
-des_cblock *key,
-char *prompt,
-int verify);
- This routine combines des_read_pw_string() with des_string_to_key().
-
-int des_read_2passwords(
-des_cblock *key1,
-des_cblock *key2,
-char *prompt,
-int verify);
- This routine combines des_read_pw_string() with des_string_to_2key().
-
-void des_random_seed(
-des_cblock key);
- This routine sets a starting point for des_random_key().
-
-void des_random_key(
-des_cblock ret);
- This function return a random key. Make sure to 'seed' the random
- number generator (with des_random_seed()) before using this function.
- I personally now use a MD5 based random number system.
-
-int des_enc_read(
-int fd,
-char *buf,
-int len,
-des_key_schedule ks,
-des_cblock *iv);
- This function will write to a file descriptor the encrypted data
- from buf. This data will be preceded by a 4 byte 'byte count' and
- will be padded out to 8 bytes. The encryption is either CBC of
- PCBC depending on the value of des_rw_mode. If it is DES_PCBC_MODE,
- pcbc is used, if DES_CBC_MODE, cbc is used. The default is to use
- DES_PCBC_MODE.
-
-int des_enc_write(
-int fd,
-char *buf,
-int len,
-des_key_schedule ks,
-des_cblock *iv);
- This routines read stuff written by des_enc_read() and decrypts it.
- I have used these routines quite a lot but I don't believe they are
- suitable for non-blocking io. If you are after a full
- authentication/encryption over networks, have a look at SSL instead.
-
-unsigned long des_quad_cksum(
-des_cblock *input,
-des_cblock *output,
-long length,
-int out_count,
-des_cblock *seed);
- This is a function from Kerberos v4 that is not anything to do with
- DES but was needed. It is a cksum that is quicker to generate than
- des_cbc_cksum(); I personally would use MD5 routines now.
-=====
-Modes of DES
-Quite a bit of the following information has been taken from
- AS 2805.5.2
- Australian Standard
- Electronic funds transfer - Requirements for interfaces,
- Part 5.2: Modes of operation for an n-bit block cipher algorithm
- Appendix A
-
-There are several different modes in which DES can be used, they are
-as follows.
-
-Electronic Codebook Mode (ECB) (des_ecb_encrypt())
-- 64 bits are enciphered at a time.
-- The order of the blocks can be rearranged without detection.
-- The same plaintext block always produces the same ciphertext block
- (for the same key) making it vulnerable to a 'dictionary attack'.
-- An error will only affect one ciphertext block.
-
-Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
-- a multiple of 64 bits are enciphered at a time.
-- The CBC mode produces the same ciphertext whenever the same
- plaintext is encrypted using the same key and starting variable.
-- The chaining operation makes the ciphertext blocks dependent on the
- current and all preceding plaintext blocks and therefore blocks can not
- be rearranged.
-- The use of different starting variables prevents the same plaintext
- enciphering to the same ciphertext.
-- An error will affect the current and the following ciphertext blocks.
-
-Cipher Feedback Mode (CFB) (des_cfb_encrypt())
-- a number of bits (j) <= 64 are enciphered at a time.
-- The CFB mode produces the same ciphertext whenever the same
- plaintext is encrypted using the same key and starting variable.
-- The chaining operation makes the ciphertext variables dependent on the
- current and all preceding variables and therefore j-bit variables are
- chained together and can not be rearranged.
-- The use of different starting variables prevents the same plaintext
- enciphering to the same ciphertext.
-- The strength of the CFB mode depends on the size of k (maximal if
- j == k). In my implementation this is always the case.
-- Selection of a small value for j will require more cycles through
- the encipherment algorithm per unit of plaintext and thus cause
- greater processing overheads.
-- Only multiples of j bits can be enciphered.
-- An error will affect the current and the following ciphertext variables.
-
-Output Feedback Mode (OFB) (des_ofb_encrypt())
-- a number of bits (j) <= 64 are enciphered at a time.
-- The OFB mode produces the same ciphertext whenever the same
- plaintext enciphered using the same key and starting variable. More
- over, in the OFB mode the same key stream is produced when the same
- key and start variable are used. Consequently, for security reasons
- a specific start variable should be used only once for a given key.
-- The absence of chaining makes the OFB more vulnerable to specific attacks.
-- The use of different start variables values prevents the same
- plaintext enciphering to the same ciphertext, by producing different
- key streams.
-- Selection of a small value for j will require more cycles through
- the encipherment algorithm per unit of plaintext and thus cause
- greater processing overheads.
-- Only multiples of j bits can be enciphered.
-- OFB mode of operation does not extend ciphertext errors in the
- resultant plaintext output. Every bit error in the ciphertext causes
- only one bit to be in error in the deciphered plaintext.
-- OFB mode is not self-synchronising. If the two operation of
- encipherment and decipherment get out of synchronism, the system needs
- to be re-initialised.
-- Each re-initialisation should use a value of the start variable
- different from the start variable values used before with the same
- key. The reason for this is that an identical bit stream would be
- produced each time from the same parameters. This would be
- susceptible to a ' known plaintext' attack.
-
-Triple ECB Mode (des_ecb3_encrypt())
-- Encrypt with key1, decrypt with key2 and encrypt with key3 again.
-- As for ECB encryption but increases the key length to 168 bits.
- There are theoretic attacks that can be used that make the effective
- key length 112 bits, but this attack also requires 2^56 blocks of
- memory, not very likely, even for the NSA.
-- If both keys are the same it is equivalent to encrypting once with
- just one key.
-- If the first and last key are the same, the key length is 112 bits.
- There are attacks that could reduce the key space to 55 bit's but it
- requires 2^56 blocks of memory.
-- If all 3 keys are the same, this is effectively the same as normal
- ecb mode.
-
-Triple CBC Mode (des_ede3_cbc_encrypt())
-- Encrypt with key1, decrypt with key2 and then encrypt with key3.
-- As for CBC encryption but increases the key length to 168 bits with
- the same restrictions as for triple ecb mode.
-
-==== digest.doc ========================================================
-
-
-The Message Digest subroutines.
-
-These routines require "evp.h" to be included.
-
-These functions are a higher level interface to the various message digest
-routines found in this library. As such, they allow the same code to be
-used to digest via different algorithms with only a change in an initial
-parameter. They are basically just a front-end to the MD2, MD5, SHA
-and SHA1
-routines.
-
-These routines all take a pointer to the following structure to specify
-which message digest algorithm to use.
-typedef struct evp_md_st
- {
- int type;
- int pkey_type;
- int md_size;
- void (*init)();
- void (*update)();
- void (*final)();
-
- int required_pkey_type; /*EVP_PKEY_xxx */
- int (*sign)();
- int (*verify)();
- } EVP_MD;
-
-If additional message digest algorithms are to be supported, a structure of
-this type needs to be declared and populated and then the Digest routines
-can be used with that algorithm. The type field is the object NID of the
-digest type (read the section on Objects for an explanation). The pkey_type
-is the Object type to use when the a message digest is generated by there
-routines and then is to be signed with the pkey algorithm. Md_size is
-the size of the message digest returned. Init, update
-and final are the relevant functions to perform the message digest function
-by parts. One reason for specifying the message digest to use via this
-mechanism is that if you only use md5, only the md5 routines will
-be included in you linked program. If you passed an integer
-that specified which message digest to use, the routine that mapped that
-integer to a set of message digest functions would cause all the message
-digests functions to be link into the code. This setup also allows new
-message digest functions to be added by the application.
-
-The six message digests defined in this library are
-
-EVP_MD *EVP_md2(void); /* RSA sign/verify */
-EVP_MD *EVP_md5(void); /* RSA sign/verify */
-EVP_MD *EVP_sha(void); /* RSA sign/verify */
-EVP_MD *EVP_sha1(void); /* RSA sign/verify */
-EVP_MD *EVP_dss(void); /* DSA sign/verify */
-EVP_MD *EVP_dss1(void); /* DSA sign/verify */
-
-All the message digest routines take a EVP_MD_CTX pointer as an argument.
-The state of the message digest is kept in this structure.
-
-typedef struct pem_md_ctx_st
- {
- EVP_MD *digest;
- union {
- unsigned char base[4]; /* this is used in my library as a
- * 'pointer' to all union elements
- * structures. */
- MD2_CTX md2;
- MD5_CTX md5;
- SHA_CTX sha;
- } md;
- } EVP_MD_CTX;
-
-The Digest functions are as follows.
-
-void EVP_DigestInit(
-EVP_MD_CTX *ctx,
-EVP_MD *type);
- This function is used to initialise the EVP_MD_CTX. The message
- digest that will associated with 'ctx' is specified by 'type'.
-
-void EVP_DigestUpdate(
-EVP_MD_CTX *ctx,
-unsigned char *data,
-unsigned int cnt);
- This function is used to pass more data to the message digest
- function. 'cnt' bytes are digested from 'data'.
-
-void EVP_DigestFinal(
-EVP_MD_CTX *ctx,
-unsigned char *md,
-unsigned int *len);
- This function finishes the digestion and puts the message digest
- into 'md'. The length of the message digest is put into len;
- EVP_MAX_MD_SIZE is the size of the largest message digest that
- can be returned from this function. Len can be NULL if the
- size of the digest is not required.
-
-
-==== encode.doc ========================================================
-
-
-void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
-void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
- int *outl,unsigned char *in,int inl);
-void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
-int EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n);
-
-void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
-int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
- unsigned char *in, int inl);
-int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
- char *out, int *outl);
-int EVP_DecodeBlock(unsigned char *t, unsigned
- char *f, int n);
-
-
-==== envelope.doc ========================================================
-
-The following routines are use to create 'digital' envelopes.
-By this I mean that they perform various 'higher' level cryptographic
-functions. Have a read of 'cipher.doc' and 'digest.doc' since those
-routines are used by these functions.
-cipher.doc contains documentation about the cipher part of the
-envelope library and digest.doc contatins the description of the
-message digests supported.
-
-To 'sign' a document involves generating a message digest and then encrypting
-the digest with an private key.
-
-#define EVP_SignInit(a,b) EVP_DigestInit(a,b)
-#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
-Due to the fact this operation is basically just an extended message
-digest, the first 2 functions are macro calls to Digest generating
-functions.
-
-int EVP_SignFinal(
-EVP_MD_CTX *ctx,
-unsigned char *md,
-unsigned int *s,
-EVP_PKEY *pkey);
- This finalisation function finishes the generation of the message
-digest and then encrypts the digest (with the correct message digest
-object identifier) with the EVP_PKEY private key. 'ctx' is the message digest
-context. 'md' will end up containing the encrypted message digest. This
-array needs to be EVP_PKEY_size(pkey) bytes long. 's' will actually
-contain the exact length. 'pkey' of course is the private key. It is
-one of EVP_PKEY_RSA or EVP_PKEY_DSA type.
-If there is an error, 0 is returned, otherwise 1.
-
-Verify is used to check an signed message digest.
-
-#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b)
-#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c)
-Since the first step is to generate a message digest, the first 2 functions
-are macros.
-
-int EVP_VerifyFinal(
-EVP_MD_CTX *ctx,
-unsigned char *md,
-unsigned int s,
-EVP_PKEY *pkey);
- This function finishes the generation of the message digest and then
-compares it with the supplied encrypted message digest. 'md' contains the
-'s' bytes of encrypted message digest. 'pkey' is used to public key decrypt
-the digest. It is then compared with the message digest just generated.
-If they match, 1 is returned else 0.
-
-int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
- int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk);
-Must have at least one public key, error is 0. I should also mention that
-the buffers pointed to by 'ek' need to be EVP_PKEY_size(pubk[n]) is size.
-
-#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e)
-void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
-
-
-int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
- int ekl,unsigned char *iv,EVP_PKEY *priv);
-0 on failure
-
-#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e)
-
-int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-Decrypt final return code
-
-
-==== error.doc ========================================================
-
-The error routines.
-
-The 'error' system I've implemented is intended to server 2 purpose, to
-record the reason why a command failed and to record where in the libraries
-the failure occurred. It is more or less setup to record a 'trace' of which
-library components were being traversed when the error occurred.
-
-When an error is recorded, it is done so a as single unsigned long which is
-composed of three parts. The top byte is the 'library' number, the middle
-12 bytes is the function code, and the bottom 12 bits is the 'reason' code.
-
-Each 'library', or should a say, 'section' of the SSLeay library has a
-different unique 'library' error number. Each function in the library has
-a number that is unique for that library. Each 'library' also has a number
-for each 'error reason' that is only unique for that 'library'.
-
-Due to the way these error routines record a 'error trace', there is an
-array per thread that is used to store the error codes.
-The various functions in this library are used to access
-and manipulate this array.
-
-void ERR_put_error(int lib, int func,int reason);
- This routine records an error in library 'lib', function 'func'
-and reason 'reason'. As errors get 'put' into the buffer, they wrap
-around and overwrite old errors if too many are written. It is assumed
-that the last errors are the most important.
-
-unsigned long ERR_get_error(void );
- This function returns the last error added to the error buffer.
-In effect it is popping the value off the buffer so repeated calls will
-continue to return values until there are no more errors to return in which
-case 0 is returned.
-
-unsigned long ERR_peek_error(void );
- This function returns the value of the last error added to the
-error buffer but does not 'pop' it from the buffer.
-
-void ERR_clear_error(void );
- This function clears the error buffer, discarding all unread
-errors.
-
-While the above described error system obviously produces lots of different
-error number, a method for 'reporting' these errors in a human readable
-form is required. To achieve this, each library has the option of
-'registering' error strings.
-
-typedef struct ERR_string_data_st
- {
- unsigned long error;
- char *string;
- } ERR_STRING_DATA;
-
-The 'ERR_STRING_DATA' contains an error code and the corresponding text
-string. To add new function error strings for a library, the
-ERR_STRING_DATA needs to be 'registered' with the library.
-
-void ERR_load_strings(unsigned long lib,ERR_STRING_DATA *err);
- This function 'registers' the array of ERR_STRING_DATA pointed to by
-'err' as error text strings for the error library 'lib'.
-
-void ERR_free_strings(void);
- This function free()s all the loaded error strings.
-
-char *ERR_error_string(unsigned long error,char *buf);
- This function returns a text string that is a human readable
-version of the error represented by 'error'. Buff should be at least 120
-bytes long and if it is NULL, the return value is a pointer to a static
-variable that will contain the error string, otherwise 'buf' is returned.
-If there is not a text string registered for a particular error, a text
-string containing the error number is returned instead.
-
-void ERR_print_errors(BIO *bp);
-void ERR_print_errors_fp(FILE *fp);
- This function is a convenience routine that prints the error string
-for each error until all errors have been accounted for.
-
-char *ERR_lib_error_string(unsigned long e);
-char *ERR_func_error_string(unsigned long e);
-char *ERR_reason_error_string(unsigned long e);
-The above three functions return the 3 different components strings for the
-error 'e'. ERR_error_string() uses these functions.
-
-void ERR_load_ERR_strings(void );
- This function 'registers' the error strings for the 'ERR' module.
-
-void ERR_load_crypto_strings(void );
- This function 'register' the error strings for just about every
-library in the SSLeay package except for the SSL routines. There is no
-need to ever register any error text strings and you will probably save in
-program size. If on the other hand you do 'register' all errors, it is
-quite easy to determine why a particular routine failed.
-
-As a final footnote as to why the error system is designed as it is.
-1) I did not want a single 'global' error code.
-2) I wanted to know which subroutine a failure occurred in.
-3) For Windows NT etc, it should be simple to replace the 'key' routines
- with code to pass error codes back to the application.
-4) I wanted the option of meaningful error text strings.
-
-Late breaking news - the changes to support threads.
-
-Each 'thread' has an 'ERR_STATE' state associated with it.
-ERR_STATE *ERR_get_state(void ) will return the 'state' for the calling
-thread/process.
-
-ERR_remove_state(unsigned long pid); will 'free()' this state. If pid == 0
-the current 'thread/process' will have it's error state removed.
-If you do not remove the error state of a thread, this could be considered a
-form of memory leak, so just after 'reaping' a thread that has died,
-call ERR_remove_state(pid).
-
-Have a read of thread.doc for more details for what is required for
-multi-threading support. All the other error routines will
-work correctly when using threads.
-
-
-==== idea.doc ========================================================
-
-The IDEA library.
-IDEA is a block cipher that operates on 64bit (8 byte) quantities. It
-uses a 128bit (16 byte) key. It can be used in all the modes that DES can
-be used. This library implements the ecb, cbc, cfb64 and ofb64 modes.
-
-For all calls that have an 'input' and 'output' variables, they can be the
-same.
-
-This library requires the inclusion of 'idea.h'.
-
-All of the encryption functions take what is called an IDEA_KEY_SCHEDULE as an
-argument. An IDEA_KEY_SCHEDULE is an expanded form of the idea key.
-For all modes of the IDEA algorithm, the IDEA_KEY_SCHEDULE used for
-decryption is different to the one used for encryption.
-
-The define IDEA_ENCRYPT is passed to specify encryption for the functions
-that require an encryption/decryption flag. IDEA_DECRYPT is passed to
-specify decryption. For some mode there is no encryption/decryption
-flag since this is determined by the IDEA_KEY_SCHEDULE.
-
-So to encrypt you would do the following
-idea_set_encrypt_key(key,encrypt_ks);
-idea_ecb_encrypt(...,encrypt_ks);
-idea_cbc_encrypt(....,encrypt_ks,...,IDEA_ENCRYPT);
-
-To Decrypt
-idea_set_encrypt_key(key,encrypt_ks);
-idea_set_decrypt_key(encrypt_ks,decrypt_ks);
-idea_ecb_encrypt(...,decrypt_ks);
-idea_cbc_encrypt(....,decrypt_ks,...,IDEA_DECRYPT);
-
-Please note that any of the encryption modes specified in my DES library
-could be used with IDEA. I have only implemented ecb, cbc, cfb64 and
-ofb64 for the following reasons.
-- ecb is the basic IDEA encryption.
-- cbc is the normal 'chaining' form for block ciphers.
-- cfb64 can be used to encrypt single characters, therefore input and output
- do not need to be a multiple of 8.
-- ofb64 is similar to cfb64 but is more like a stream cipher, not as
- secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
-- If you want triple IDEA, thats 384 bits of key and you must be totally
- obsessed with security. Still, if you want it, it is simple enough to
- copy the function from the DES library and change the des_encrypt to
- idea_encrypt; an exercise left for the paranoid reader :-).
-
-The functions are as follows:
-
-void idea_set_encrypt_key(
-unsigned char *key;
-IDEA_KEY_SCHEDULE *ks);
- idea_set_encrypt_key converts a 16 byte IDEA key into an
- IDEA_KEY_SCHEDULE. The IDEA_KEY_SCHEDULE is an expanded form of
- the key which can be used to perform IDEA encryption.
- An IDEA_KEY_SCHEDULE is an expanded form of the key which is used to
- perform actual encryption. It can be regenerated from the IDEA key
- so it only needs to be kept when encryption is about
- to occur. Don't save or pass around IDEA_KEY_SCHEDULE's since they
- are CPU architecture dependent, IDEA keys are not.
-
-void idea_set_decrypt_key(
-IDEA_KEY_SCHEDULE *encrypt_ks,
-IDEA_KEY_SCHEDULE *decrypt_ks);
- This functions converts an encryption IDEA_KEY_SCHEDULE into a
- decryption IDEA_KEY_SCHEDULE. For all decryption, this conversion
- of the key must be done. In some modes of IDEA, an
- encryption/decryption flag is also required, this is because these
- functions involve block chaining and the way this is done changes
- depending on which of encryption of decryption is being done.
- Please note that there is no quick way to generate the decryption
- key schedule other than generating the encryption key schedule and
- then converting it.
-
-void idea_encrypt(
-unsigned long *data,
-IDEA_KEY_SCHEDULE *ks);
- This is the IDEA encryption function that gets called by just about
- every other IDEA routine in the library. You should not use this
- function except to implement 'modes' of IDEA. I say this because the
- functions that call this routine do the conversion from 'char *' to
- long, and this needs to be done to make sure 'non-aligned' memory
- access do not occur.
- Data is a pointer to 2 unsigned long's and ks is the
- IDEA_KEY_SCHEDULE to use. Encryption or decryption depends on the
- IDEA_KEY_SCHEDULE.
-
-void idea_ecb_encrypt(
-unsigned char *input,
-unsigned char *output,
-IDEA_KEY_SCHEDULE *ks);
- This is the basic Electronic Code Book form of IDEA (in DES this
- mode is called Electronic Code Book so I'm going to use the term
- for idea as well :-).
- Input is encrypted into output using the key represented by
- ks. Depending on the IDEA_KEY_SCHEDULE, encryption or
- decryption occurs. Input is 8 bytes long and output is 8 bytes.
-
-void idea_cbc_encrypt(
-unsigned char *input,
-unsigned char *output,
-long length,
-IDEA_KEY_SCHEDULE *ks,
-unsigned char *ivec,
-int enc);
- This routine implements IDEA in Cipher Block Chaining mode.
- Input, which should be a multiple of 8 bytes is encrypted
- (or decrypted) to output which will also be a multiple of 8 bytes.
- The number of bytes is in length (and from what I've said above,
- should be a multiple of 8). If length is not a multiple of 8, bad
- things will probably happen. ivec is the initialisation vector.
- This function updates iv after each call so that it can be passed to
- the next call to idea_cbc_encrypt().
-
-void idea_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int *num,
-int enc);
- This is one of the more useful functions in this IDEA library, it
- implements CFB mode of IDEA with 64bit feedback.
- This allows you to encrypt an arbitrary number of bytes,
- you do not require 8 byte padding. Each call to this
- routine will encrypt the input bytes to output and then update ivec
- and num. Num contains 'how far' we are though ivec.
- Enc is used to indicate encryption or decryption.
- One very important thing to remember is that when decrypting, use
- the encryption form of the key.
- CFB64 mode operates by using the cipher to
- generate a stream of bytes which is used to encrypt the plain text.
- The cipher text is then encrypted to generate the next 64 bits to
- be xored (incrementally) with the next 64 bits of plain
- text. As can be seen from this, to encrypt or decrypt,
- the same 'cipher stream' needs to be generated but the way the next
- block of data is gathered for encryption is different for
- encryption and decryption. What this means is that to encrypt
- idea_set_encrypt_key(key,ks);
- idea_cfb64_encrypt(...,ks,..,IDEA_ENCRYPT)
- do decrypt
- idea_set_encrypt_key(key,ks)
- idea_cfb64_encrypt(...,ks,...,IDEA_DECRYPT)
- Note: The same IDEA_KEY_SCHEDULE but different encryption flags.
- For idea_cbc or idea_ecb, idea_set_decrypt_key() would need to be
- used to generate the IDEA_KEY_SCHEDULE for decryption.
- The reason I'm stressing this point is that I just wasted 3 hours
- today trying to decrypt using this mode and the decryption form of
- the key :-(.
-
-void idea_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int *num);
- This functions implements OFB mode of IDEA with 64bit feedback.
- This allows you to encrypt an arbitrary number of bytes,
- you do not require 8 byte padding. Each call to this
- routine will encrypt the input bytes to output and then update ivec
- and num. Num contains 'how far' we are though ivec.
- This is in effect a stream cipher, there is no encryption or
- decryption mode. The same key and iv should be used to
- encrypt and decrypt.
-
-For reading passwords, I suggest using des_read_pw_string() from my DES library.
-To generate a password from a text string, I suggest using MD5 (or MD2) to
-produce a 16 byte message digest that can then be passed directly to
-idea_set_encrypt_key().
-
-=====
-For more information about the specific IDEA modes in this library
-(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
-documentation on my DES library. What is said about DES is directly
-applicable for IDEA.
-
-
-==== legal.doc ========================================================
-
-From eay@mincom.com Thu Jun 27 00:25:45 1996
-Received: by orb.mincom.oz.au id AA15821
- (5.65c/IDA-1.4.4 for eay); Wed, 26 Jun 1996 14:25:45 +1000
-Date: Wed, 26 Jun 1996 14:25:45 +1000 (EST)
-From: Eric Young <eay@mincom.oz.au>
-X-Sender: eay@orb
-To: Ken Toll <ktoll@ren.digitalage.com>
-Cc: Eric Young <eay@mincom.oz.au>, ssl-talk@netscape.com
-Subject: Re: Unidentified subject!
-In-Reply-To: <9606261950.ZM28943@ren.digitalage.com>
-Message-Id: <Pine.SOL.3.91.960626131156.28573K-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Status: O
-X-Status:
-
-
-This is a little off topic but since SSLeay is a free implementation of
-the SSLv2 protocol, I feel it is worth responding on the topic of if it
-is actually legal for Americans to use free cryptographic software.
-
-On Wed, 26 Jun 1996, Ken Toll wrote:
-> Is the U.S the only country that SSLeay cannot be used commercially
-> (because of RSAref) or is that going to be an issue with every country
-> that a client/server application (non-web browser/server) is deployed
-> and sold?
-
->From what I understand, the software patents that apply to algorithms
-like RSA and DH only apply in the USA. The IDEA algorithm I believe is
-patened in europe (USA?), but considing how little it is used by other SSL
-implementations, it quite easily be left out of the SSLeay build
-(this can be done with a compile flag).
-
-Actually if the RSA patent did apply outside the USA, it could be rather
-interesting since RSA is not alowed to let RSA toolkits outside of the USA
-[1], and since these are the only forms that they will alow the algorithm
-to be used in, it would mean that non-one outside of the USA could produce
-public key software which would be a very strong statment for
-international patent law to make :-). This logic is a little flawed but
-it still points out some of the more interesting permutations of USA
-patent law and ITAR restrictions.
-
-Inside the USA there is also the unresolved issue of RC4/RC2 which were
-made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2). I have
-copies of the origional postings if people are interested. RSA I believe
-claim that they were 'trade-secrets' and that some-one broke an NDA in
-revealing them. Other claim they reverse engineered the algorithms from
-compiled binaries. If the algorithms were reverse engineered, I belive
-RSA had no legal leg to stand on. If an NDA was broken, I don't know.
-Regardless, RSA, I belive, is willing to go to court over the issue so
-licencing is probably the best idea, or at least talk to them.
-If there are people who actually know more about this, pease let me know, I
-don't want to vilify or spread miss-information if I can help it.
-
-If you are not producing a web browser, it is easy to build SSLeay with
-RC2/RC4 removed. Since RC4 is the defacto standard cipher in
-all web software (and it is damn fast) it is more or less required for
-www use. For non www use of SSL, especially for an application where
-interoperability with other vendors is not critical just leave it out.
-
-Removing IDEA, RC2 and RC4 would only leave DES and Triple DES but
-they should be ok. Considing that Triple DES can encrypt at rates of
-410k/sec on a pentium 100, and 940k/sec on a P6/200, this is quite
-reasonable performance. Single DES clocks in at 1160k/s and 2467k/s
-respectivly is actually quite fast for those not so paranoid (56 bit key).[1]
-
-> Is it possible to get a certificate for commercial use outside of the U.S.?
-yes.
-
-Thawte Consulting issues certificates (they are the people who sell the
- Sioux httpd server and are based in South Africa)
-Verisign will issue certificates for Sioux (sold from South Africa), so this
- proves that they will issue certificate for OS use if they are
- happy with the quality of the software.
-
-(The above mentioned companies just the ones that I know for sure are issuing
- certificates outside the USA).
-
-There is always the point that if you are using SSL for an intra net,
-SSLeay provides programs that can be used so you can issue your own
-certificates. They need polishing but at least it is a good starting point.
-
-I am not doing anything outside Australian law by implementing these
-algorithms (to the best of my knowedge). It is another example of how
-the world legal system does not cope with the internet very well.
-
-I may start making shared libraries available (I have now got DLL's for
-Windows). This will mean that distributions into the usa could be
-shipped with a version with a reduced cipher set and the versions outside
-could use the DLL/shared library with all the ciphers (and without RSAref).
-
-This could be completly hidden from the application, so this would not
-even require a re-linking.
-
-This is the reverse of what people were talking about doing to get around
-USA export regulations :-)
-
-eric
-
-[1]: The RSAref2.0 tookit is available on at least 3 ftp sites in Europe
- and one in South Africa.
-
-[2]: Since I always get questions when I post benchmark numbers :-),
- DES performace figures are in 1000's of bytes per second in cbc
- mode using an 8192 byte buffer. The pentium 100 was running Windows NT
- 3.51 DLLs and the 686/200 was running NextStep.
- I quote pentium 100 benchmarks because it is basically the
- 'entry level' computer that most people buy for personal use.
- Windows 95 is the OS shipping on those boxes, so I'll give
- NT numbers (the same Win32 runtime environment). The 686
- numbers are present as an indication of where we will be in a
- few years.
---
-Eric Young | BOOL is tri-state according to Bill Gates.
-AARNet: eay@mincom.oz.au | RTFM Win32 GetMessage().
-
-
-
-==== lhash.doc ========================================================
-
-The LHASH library.
-
-I wrote this library in 1991 and have since forgotten why I called it lhash.
-It implements a hash table from an article I read at the
-time from 'Communications of the ACM'. What makes this hash
-table different is that as the table fills, the hash table is
-increased (or decreased) in size via realloc().
-When a 'resize' is done, instead of all hashes being redistributed over
-twice as many 'buckets', one bucket is split. So when an 'expand' is done,
-there is only a minimal cost to redistribute some values. Subsequent
-inserts will cause more single 'bucket' redistributions but there will
-never be a sudden large cost due to redistributing all the 'buckets'.
-
-The state for a particular hash table is kept in the LHASH structure.
-The LHASH structure also records statistics about most aspects of accessing
-the hash table. This is mostly a legacy of my writing this library for
-the reasons of implementing what looked like a nice algorithm rather than
-for a particular software product.
-
-Internal stuff you probably don't want to know about.
-The decision to increase or decrease the hash table size is made depending
-on the 'load' of the hash table. The load is the number of items in the
-hash table divided by the size of the hash table. The default values are
-as follows. If (hash->up_load < load) => expand.
-if (hash->down_load > load) => contract. The 'up_load' has a default value of
-1 and 'down_load' has a default value of 2. These numbers can be modified
-by the application by just playing with the 'up_load' and 'down_load'
-variables. The 'load' is kept in a form which is multiplied by 256. So
-hash->up_load=8*256; will cause a load of 8 to be set.
-
-If you are interested in performance the field to watch is
-num_comp_calls. The hash library keeps track of the 'hash' value for
-each item so when a lookup is done, the 'hashes' are compared, if
-there is a match, then a full compare is done, and
-hash->num_comp_calls is incremented. If num_comp_calls is not equal
-to num_delete plus num_retrieve it means that your hash function is
-generating hashes that are the same for different values. It is
-probably worth changing your hash function if this is the case because
-even if your hash table has 10 items in a 'bucked', it can be searched
-with 10 'unsigned long' compares and 10 linked list traverses. This
-will be much less expensive that 10 calls to you compare function.
-
-LHASH *lh_new(
-unsigned long (*hash)(),
-int (*cmp)());
- This function is used to create a new LHASH structure. It is passed
- function pointers that are used to store and retrieve values passed
- into the hash table. The 'hash'
- function is a hashing function that will return a hashed value of
- it's passed structure. 'cmp' is passed 2 parameters, it returns 0
- is they are equal, otherwise, non zero.
- If there are any problems (usually malloc failures), NULL is
- returned, otherwise a new LHASH structure is returned. The
- hash value is normally truncated to a power of 2, so make sure
- that your hash function returns well mixed low order bits.
-
-void lh_free(
-LHASH *lh);
- This function free()s a LHASH structure. If there is malloced
- data in the hash table, it will not be freed. Consider using the
- lh_doall function to deallocate any remaining entries in the hash
- table.
-
-char *lh_insert(
-LHASH *lh,
-char *data);
- This function inserts the data pointed to by data into the lh hash
- table. If there is already and entry in the hash table entry, the
- value being replaced is returned. A NULL is returned if the new
- entry does not clash with an entry already in the table (the normal
- case) or on a malloc() failure (perhaps I should change this....).
- The 'char *data' is exactly what is passed to the hash and
- comparison functions specified in lh_new().
-
-char *lh_delete(
-LHASH *lh,
-char *data);
- This routine deletes an entry from the hash table. The value being
- deleted is returned. NULL is returned if there is no such value in
- the hash table.
-
-char *lh_retrieve(
-LHASH *lh,
-char *data);
- If 'data' is in the hash table it is returned, else NULL is
- returned. The way these routines would normally be uses is that a
- dummy structure would have key fields populated and then
- ret=lh_retrieve(hash,&dummy);. Ret would now be a pointer to a fully
- populated structure.
-
-void lh_doall(
-LHASH *lh,
-void (*func)(char *a));
- This function will, for every entry in the hash table, call function
- 'func' with the data item as parameters.
- This function can be quite useful when used as follows.
- void cleanup(STUFF *a)
- { STUFF_free(a); }
- lh_doall(hash,cleanup);
- lh_free(hash);
- This can be used to free all the entries, lh_free() then
- cleans up the 'buckets' that point to nothing. Be careful
- when doing this. If you delete entries from the hash table,
- in the call back function, the table may decrease in size,
- moving item that you are
- currently on down lower in the hash table. This could cause
- some entries to be skipped. The best solution to this problem
- is to set lh->down_load=0 before you start. This will stop
- the hash table ever being decreased in size.
-
-void lh_doall_arg(
-LHASH *lh;
-void(*func)(char *a,char *arg));
-char *arg;
- This function is the same as lh_doall except that the function
- called will be passed 'arg' as the second argument.
-
-unsigned long lh_strhash(
-char *c);
- This function is a demo string hashing function. Since the LHASH
- routines would normally be passed structures, this routine would
- not normally be passed to lh_new(), rather it would be used in the
- function passed to lh_new().
-
-The next three routines print out various statistics about the state of the
-passed hash table. These numbers are all kept in the lhash structure.
-
-void lh_stats(
-LHASH *lh,
-FILE *out);
- This function prints out statistics on the size of the hash table,
- how many entries are in it, and the number and result of calls to
- the routines in this library.
-
-void lh_node_stats(
-LHASH *lh,
-FILE *out);
- For each 'bucket' in the hash table, the number of entries is
- printed.
-
-void lh_node_usage_stats(
-LHASH *lh,
-FILE *out);
- This function prints out a short summary of the state of the hash
- table. It prints what I call the 'load' and the 'actual load'.
- The load is the average number of data items per 'bucket' in the
- hash table. The 'actual load' is the average number of items per
- 'bucket', but only for buckets which contain entries. So the
- 'actual load' is the average number of searches that will need to
- find an item in the hash table, while the 'load' is the average number
- that will be done to record a miss.
-
-==== md2.doc ========================================================
-
-The MD2 library.
-MD2 is a message digest algorithm that can be used to condense an arbitrary
-length message down to a 16 byte hash. The functions all need to be passed
-a MD2_CTX which is used to hold the MD2 context during multiple MD2_Update()
-function calls. The normal method of use for this library is as follows
-
-MD2_Init(...);
-MD2_Update(...);
-...
-MD2_Update(...);
-MD2_Final(...);
-
-This library requires the inclusion of 'md2.h'.
-
-The main negative about MD2 is that it is slow, especially when compared
-to MD5.
-
-The functions are as follows:
-
-void MD2_Init(
-MD2_CTX *c);
- This function needs to be called to initiate a MD2_CTX structure for
- use.
-
-void MD2_Update(
-MD2_CTX *c;
-unsigned char *data;
-unsigned long len);
- This updates the message digest context being generated with 'len'
- bytes from the 'data' pointer. The number of bytes can be any
- length.
-
-void MD2_Final(
-unsigned char *md;
-MD2_CTX *c;
- This function is called when a message digest of the data digested
- with MD2_Update() is wanted. The message digest is put in the 'md'
- array and is MD2_DIGEST_LENGTH (16) bytes long.
-
-unsigned char *MD2(
-unsigned long n;
-unsigned char *d;
-unsigned char *md;
- This function performs a MD2_Init(), followed by a MD2_Update()
- followed by a MD2_Final() (using a local MD2_CTX).
- The resulting digest is put into 'md' if it is not NULL.
- Regardless of the value of 'md', the message
- digest is returned from the function. If 'md' was NULL, the message
- digest returned is being stored in a static structure.
-
-==== md5.doc ========================================================
-
-The MD5 library.
-MD5 is a message digest algorithm that can be used to condense an arbitrary
-length message down to a 16 byte hash. The functions all need to be passed
-a MD5_CTX which is used to hold the MD5 context during multiple MD5_Update()
-function calls. This library also contains random number routines that are
-based on MD5
-
-The normal method of use for this library is as follows
-
-MD5_Init(...);
-MD5_Update(...);
-...
-MD5_Update(...);
-MD5_Final(...);
-
-This library requires the inclusion of 'md5.h'.
-
-The functions are as follows:
-
-void MD5_Init(
-MD5_CTX *c);
- This function needs to be called to initiate a MD5_CTX structure for
- use.
-
-void MD5_Update(
-MD5_CTX *c;
-unsigned char *data;
-unsigned long len);
- This updates the message digest context being generated with 'len'
- bytes from the 'data' pointer. The number of bytes can be any
- length.
-
-void MD5_Final(
-unsigned char *md;
-MD5_CTX *c;
- This function is called when a message digest of the data digested
- with MD5_Update() is wanted. The message digest is put in the 'md'
- array and is MD5_DIGEST_LENGTH (16) bytes long.
-
-unsigned char *MD5(
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
- This function performs a MD5_Init(), followed by a MD5_Update()
- followed by a MD5_Final() (using a local MD5_CTX).
- The resulting digest is put into 'md' if it is not NULL.
- Regardless of the value of 'md', the message
- digest is returned from the function. If 'md' was NULL, the message
- digest returned is being stored in a static structure.
-
-
-==== memory.doc ========================================================
-
-In the interests of debugging SSLeay, there is an option to compile
-using some simple memory leak checking.
-
-All malloc(), free() and realloc() calls in SSLeay now go via
-Malloc(), Free() and Realloc() (except those in crypto/lhash).
-
-If CRYPTO_MDEBUG is defined, these calls are #defined to
-CRYPTO_malloc(), CRYPTO_free() and CRYPTO_realloc().
-If it is not defined, they are #defined to malloc(), free() and realloc().
-
-the CRYPTO_malloc() routines by default just call the underlying library
-functons.
-
-If CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) is called, memory leak detection is
-turned on. CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) turns it off.
-
-When turned on, each Malloc() or Realloc() call is recored along with the file
-and line number from where the call was made. (This is done using the
-lhash library which always uses normal system malloc(3) routines).
-
-void CRYPTO_mem_leaks(BIO *b);
-void CRYPTO_mem_leaks_fp(FILE *fp);
-These both print out the list of memory that has not been free()ed.
-This will probably be rather hard to read, but if you look for the 'top level'
-structure allocation, this will often give an idea as to what is not being
-free()ed. I don't expect people to use this stuff normally.
-
-==== ca.1 ========================================================
-
-From eay@orb.mincom.oz.au Thu Dec 28 23:56:45 1995
-Received: by orb.mincom.oz.au id AA07374
- (5.65c/IDA-1.4.4 for eay); Thu, 28 Dec 1995 13:56:45 +1000
-Date: Thu, 28 Dec 1995 13:56:45 +1000 (EST)
-From: Eric Young <eay@mincom.oz.au>
-X-Sender: eay@orb
-To: sameer <sameer@c2.org>
-Cc: ssleay@mincom.oz.au
-Subject: Re: 'ca'
-In-Reply-To: <199512230440.UAA23410@infinity.c2.org>
-Message-Id: <Pine.SOL.3.91.951228133525.7269A-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Status: RO
-X-Status:
-
-On Fri, 22 Dec 1995, sameer wrote:
-> I could use documentation on 'ca'. Thanks.
-
-Very quickly.
-The ca program uses the ssleay.conf file for most of its configuration
-
-./ca -help
-
- -verbose - Talk alot while doing things
- -config file - A config file. If you don't want to use the
- default config file
- -name arg - The particular CA definition to use
- In the config file, the section to use for parameters. This lets
- multiple setups to be contained in the one file. By default, the
- default_ca variable is looked up in the [ ca ] section. So in the
- shipped ssleay.conf, the CA definition used is CA_default. It could be
- any other name.
- -gencrl days - Generate a new CRL, days is when the next CRL is due
- This will generate a new certificate revocion list.
- -days arg - number of days to certify the certificate for
- When certifiying certificates, this is the number of days to use.
- -md arg - md to use, one of md2, md5, sha or sha1
- -policy arg - The CA 'policy' to support
- I'll describe this later, but there are 2 policies definied in the
- shipped ssleay.conf
- -keyfile arg - PEM RSA private key file
- -key arg - key to decode the RSA private key if it is encrypted
- since we need to keep the CA's RSA key encrypted
- -cert - The CA certificate
- -in file - The input PEM encoded certificate request(s)
- -out file - Where to put the output file(s)
- -outdir dir - Where to put output certificates
- The -out options concatinates all the output certificied
- certificates to one file, -outdir puts them in a directory,
- named by serial number.
- -infiles .... - The last argument, requests to process
- The certificate requests to process, -in is the same.
-
-Just about all the above have default values defined in ssleay.conf.
-
-The key variables in ssleay.conf are (for the pariticular '-name' being
-used, in the default, it is CA_default).
-
-dir is where all the CA database stuff is kept.
-certs is where all the previously issued certificates are kept.
-The database is a simple text database containing the following tab separated
-fields.
-status: a value of 'R' - revoked, 'E' -expired or 'V' valid.
-issued date: When the certificate was certified.
-revoked date: When it was revoked, blank if not revoked.
-serial number: The certificate serial number.
-certificate: Where the certificate is located.
-CN: The name of the certificate.
-
-The demo file has quite a few made up values it it. The last 2 were
-added by the ca program and are acurate.
-The CA program does not update the 'certificate' file correctly right now.
-The serial field should be unique as should the CN/status combination.
-The ca program checks these at startup. What still needs to be
-wrtten is a program to 'regenerate' the data base file from the issued
-certificate list (and a CRL list).
-
-Back to the CA_default variables.
-
-Most of the variables are commented.
-
-policy is the default policy.
-
-Ok for policies, they define the order and which fields must be present
-in the certificate request and what gets filled in.
-
-So a value of
-countryName = match
-means that the country name must match the CA certificate.
-organizationalUnitName = optional
-The org.Unit,Name does not have to be present and
-commonName = supplied
-commonName must be supplied in the certificate request.
-
-For the 'policy_match' polocy, the order of the attributes in the
-generated certiticate would be
-countryName
-stateOrProvinceName
-organizationName
-organizationalUnitName
-commonName
-emailAddress
-
-Have a play, it sort of makes sense. If you think about how the persona
-requests operate, it is similar to the 'policy_match' policy and the
-'policy_anything' is similar to what versign is doing.
-
-I hope this helps a bit. Some backend scripts are definitly needed to
-update the database and to make certificate revocion easy. All
-certificates issued should also be kept forever (or until they expire?)
-
-hope this helps
-eric (who has to run off an buy some cheap knee pads for the caving in 4
-days time :-)
-
---
-Eric Young | Signature removed since it was generating
-AARNet: eay@mincom.oz.au | more followups than the message contents :-)
-
-
-==== ms3-ca.doc ========================================================
-
-Date: Mon, 9 Jun 97 08:00:33 +0200
-From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif)
-Subject: ms3-ca.doc
-Organization: TU Ilmenau, Fak. IA, FG Telematik
-Content-Length: 14575
-Status: RO
-X-Status:
-
-Loading client certs into MSIE 3.01
-===================================
-
-This document contains all the information necessary to successfully set up
-some scripts to issue client certs to Microsoft Internet Explorer. It
-includes the required knowledge about the model MSIE uses for client
-certification and includes complete sample scripts ready to play with. The
-scripts were tested against a modified ca program of SSLeay 0.6.6 and should
-work with the regular ca program that comes with version 0.8.0. I haven't
-tested against MSIE 4.0
-
-You can use the information contained in this document in either way you
-want. However if you feel it saved you a lot of time I ask you to be as fair
-as to mention my name: Holger Reif <reif@prakinf.tu-ilmenau.de>.
-
-1.) The model used by MSIE
---------------------------
-
-The Internet Explorer doesn't come with a embedded engine for installing
-client certs like Netscape's Navigator. It rather uses the CryptoAPI (CAPI)
-defined by Microsoft. CAPI comes with WindowsNT 4.0 or is installed together
-with Internet Explorer since 3.01. The advantage of this approach is a higher
-flexibility because the certificates in the (per user) system open
-certificate store may be used by other applications as well. The drawback
-however is that you need to do a bit more work to get a client cert issued.
-
-CAPI defines functions which will handle basic cryptographic work, eg.
-generating keys, encrypting some data, signing text or building a certificate
-request. The procedure is as follows: A CAPI function generates you a key
-pair and saves it into the certificate store. After that one builds a
-Distinguished Name. Together with that key pair another CAPI function forms a
-PKCS#10 request which you somehow need to submit to a CA. Finally the issued
-cert is given to a yet another CAPI function which saves it into the
-certificate store.
-
-The certificate store with the user's keys and certs is in the registry. You
-will find it under HKEY_CURRENT_USER/Software/Microsoft/Cryptography/ (I
-leave it to you as a little exercise to figure out what all the entries mean
-;-). Note that the keys are protected only with the user's usual Windows
-login password.
-
-2.) The practical usage
------------------------
-
-Unfortunatly since CAPI is a system API you can't access its functions from
-HTML code directly. For this purpose Microsoft provides a wrapper called
-certenr3.dll. This DLL accesses the CAPI functions and provides an interface
-usable from Visual Basic Script. One needs to install that library on the
-computer which wants to have client cert. The easiest way is to load it as an
-ActiveX control (certenr3.dll is properly authenticode signed by MS ;-). If
-you have ever enrolled e cert request at a CA you will have installed it.
-
-At time of writing certenr3.dll is contained in
-http://www.microsoft.com/workshop/prog/security/csa/certenr3.exe. It comes
-with an README file which explains the available functions. It is labeled
-beta but every CA seems to use it anyway. The license.txt allows you the
-usage for your own purposes (as far as I understood) and a somehow limited
-distribution.
-
-The two functions of main interest are GenerateKeyPair and AcceptCredentials.
-For complete explanation of all possible parameters see the README file. Here
-are only minimal required parameters and their values.
-
-GenerateKeyPair(sessionID, FASLE, szName, 0, "ClientAuth", TRUE, FALSE, 1)
-- sessionID is a (locally to that computer) unique string to correlate the
-generated key pair with a cert installed later.
-- szName is the DN of the form "C=DE; S=Thueringen; L=Ilmenau; CN=Holger
-Reif; 1.2.840.113549.1.9.1=reif@prakinf.tu-ilmenau.de". Note that S is the
-abreviation for StateOrProvince. The recognized abreviation include CN, O, C,
-OU, G, I, L, S, T. If the abreviation is unknown (eg. for PKCS#9 email addr)
-you need to use the full object identifier. The starting point for searching
-them could be crypto/objects.h since all OIDs know to SSLeay are listed
-there.
-- note: the possible ninth parameter which should give a default name to the
-certificate storage location doesn't seem to work. Changes to the constant
-values in the call above doesn't seem to make sense. You can't generate
-PKCS#10 extensions with that function.
-
-The result of GenerateKeyPair is the base64 encoded PKCS#10 request. However
-it has a little strange format that SSLeay doesn't accept. (BTW I feel the
-decision of rejecting that format as standard conforming.) It looks like
-follows:
- 1st line with 76 chars
- 2nd line with 76 chars
- ...
- (n-2)th line with 76 chars
- (n-1)th line contains a multiple of 4 chars less then 76 (possible
-empty)
- (n)th line has zero or 4 chars (then with 1 or 2 equal signs - the
- original text's lenght wasn'T a multiple of 3)
- The line separator has two chars: 0x0d 0x0a
-
-AcceptCredentials(sessionID, credentials, 0, FALSE)
-- sessionID needs to be the same as while generating the key pair
-- credentials is the base64 encoded PKCS#7 object containing the cert.
-
-CRL's and CA certs are not required simply just the client cert. (It seems to
-me that both are not even checked somehow.) The only format of the base64
-encoded object I succesfully used was all characters in a very long string
-without line feeds or carriage returns. (Hey, it doesn't matter, only a
-computer reads it!)
-
-The result should be S_OK. For error handling see the example that comes with
-certenr3.dll.
-
-A note about ASN.1 character encodings. certenr3.dll seems to know only about
-2 of them: UniversalString and PrintableString. First it is definitely wrong
-for an email address which is IA5STRING (checked by ssleay's ca). Second
-unfortunately MSIE (at least until version 3.02) can't handle UniversalString
-correctly - they just blow up you cert store! Therefore ssleay's ca (starting
-from version 0.8.0) tries to convert the encodings automatically to IA5STRING
-or TeletexString. The beef is it will work only for the latin-1 (western)
-charset. Microsoft still has to do abit of homework...
-
-3.) An example
---------------
-
-At least you need two steps: generating the key & request and then installing
-the certificate. A real world CA would have some more steps involved, eg.
-accepting some license. Note that both scripts shown below are just
-experimental state without any warrenty!
-
-First how to generate a request. Note that we can't use a static page because
-of the sessionID. I generate it from system time plus pid and hope it is
-unique enough. Your are free to feed it through md5 to get more impressive
-ID's ;-) Then the intended text is read in with sed which inserts the
-sessionID.
-
------BEGIN ms-enroll.cgi-----
-#!/bin/sh
-SESSION_ID=`date '+%y%m%d%H%M%S'`$$
-echo Content-type: text/html
-echo
-sed s/template_for_sessId/$SESSION_ID/ <<EOF
-<HTML><HEAD>
-<TITLE>Certificate Enrollment Test Page</TITLE>
-</HEAD><BODY>
-
-<OBJECT
- classid="clsid:33BEC9E0-F78F-11cf-B782-00C04FD7BF43"
- codebase=certenr3.dll
- id=certHelper
- >
-</OBJECT>
-
-<CENTER>
-<H2>enrollment for a personal cert</H2>
-<BR><HR WIDTH=50%><BR><P>
-<FORM NAME="MSIE_Enrollment" ACTION="ms-gencert.cgi" ENCTYPE=x-www-form-
-encoded METHOD=POST>
-<TABLE>
- <TR><TD>Country</TD><TD><INPUT NAME="Country" VALUE=""></TD></TR>
- <TR><TD>State</TD><TD><INPUT NAME="StateOrProvince" VALUE=""></TD></TR>
- <TR><TD>Location</TD><TD><INPUT NAME="Location" VALUE=""></TD></TR>
- <TR><TD>Organization</TD><TD><INPUT NAME="Organization"
-VALUE=""></TD></TR>
- <TR><TD>Organizational Unit</TD>
- <TD><INPUT NAME="OrganizationalUnit" VALUE=""></TD></TR>
- <TR><TD>Name</TD><TD><INPUT NAME="CommonName" VALUE=""></TD></TR>
- <TR><TD>eMail Address</TD>
- <TD><INPUT NAME="EmailAddress" VALUE=""></TD></TR>
- <TR><TD></TD>
- <TD><INPUT TYPE="BUTTON" NAME="submit" VALUE="Beantragen"></TD></TR>
-</TABLE>
- <INPUT TYPE="hidden" NAME="SessionId" VALUE="template_for_sessId">
- <INPUT TYPE="hidden" NAME="Request" VALUE="">
-</FORM>
-<BR><HR WIDTH=50%><BR><P>
-</CENTER>
-
-<SCRIPT LANGUAGE=VBS>
- Dim DN
-
- Sub Submit_OnClick
- Dim TheForm
- Set TheForm = Document.MSIE_Enrollment
- sessionId = TheForm.SessionId.value
- reqHardware = FALSE
- C = TheForm.Country.value
- SP = TheForm.StateOrProvince.value
- L = TheForm.Location.value
- O = TheForm.Organization.value
- OU = TheForm.OrganizationalUnit.value
- CN = TheForm.CommonName.value
- Email = TheForm.EmailAddress.value
- szPurpose = "ClientAuth"
- doAcceptanceUINow = FALSE
- doOnline = TRUE
-
- DN = ""
-
- Call Add_RDN("C", C)
- Call Add_RDN("S", SP)
- Call Add_RDN("L", L)
- Call Add_RDN("O", O)
- Call Add_RDN("OU", OU)
- Call Add_RDN("CN", CN)
- Call Add_RDN("1.2.840.113549.1.9.1", Email)
- ' rsadsi
- ' pkcs
- ' pkcs9
- ' eMailAddress
- On Error Resume Next
- sz10 = certHelper.GenerateKeyPair(sessionId, _
- FALSE, DN, 0, ClientAuth, FASLE, TRUE, 1)_
- theError = Err.Number
- On Error Goto 0
- if (sz10 = Empty OR theError <> 0) Then
- sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & _
- chr(10) & "Your credentials could not be generated."
- result = MsgBox(sz, 0, "Credentials Enrollment")
- Exit Sub
- else
- TheForm.Request.value = sz10
- TheForm.Submit
- end if
- End Sub
-
- Sub Add_RDN(sn, value)
- if (value <> "") then
- if (DN <> "") then
- DN = DN & "; "
- end if
- DN = DN & sn & "=" & value
- end if
- End Sub
-</SCRIPT>
-</BODY>
-</HTML>
-EOF
------END ms-enroll.cgi-----
-
-Second, how to extract the request and feed the certificate back? We need to
-"normalize" the base64 encoding of the PKCS#10 format which means
-regenerating the lines and wrapping with BEGIN and END line. This is done by
-gawk. The request is taken by ca the normal way. Then the cert needs to be
-packed into a PKCS#7 structure (note: the use of a CRL is necessary for
-crl2pkcs7 as of version 0.6.6. Starting with 0.8.0 it it might probably be
-ommited). Finally we need to format the PKCS#7 object and generate the HTML
-text. I use two templates to have a clearer script.
-
-1st note: postit2 is slightly modified from a program I found at ncsa's ftp
-site. Grab it from http://www.easterngraphics.com/certs/IX9704/postit2.c. You
-need utils.c from there too.
-
-2nd note: I'm note quite sure wether the gawk script really handles all
-possible inputs for the request right! Today I don't use this construction
-anymore myself.
-
-3d note: the cert must be of version 3! This could be done with the nsComment
-line in ssleay.cnf...
-
-------BEGIN ms-gencert.cgi-----
-#!/bin/sh
-FILE="/tmp/"`date '+%y%m%d%H%M%S'-`$$
-rm -f "$FILE".*
-
-HOME=`pwd`; export HOME # as ssleay.cnf insists on having such an env var
-cd /usr/local/ssl #where demoCA (as named in ssleay.conf) is located
-
-postit2 -s " " -i 0x0d > "$FILE".inp # process the FORM vars
-
-SESSION_ID=`gawk '$1 == "SessionId" { print $2; exit }' "$FILE".inp`
-
-gawk \
- 'BEGIN { \
- OFS = ""; \
- print "-----BEGIN CERTIFICATE REQUEST-----"; \
- req_seen=0 \
- } \
- $1 == "Request" { \
- req_seen=1; \
- if (length($2) == 72) print($2); \
- lastline=$2; \
- next; \
- } \
- { \
- if (req_seen == 1) { \
- if (length($1) >= 72) print($1); \
- else if (length(lastline) < 72) { \
- req_seen=0; \
- print (lastline,$1); \
- } \
- lastline=$1; \
- } \
- } \
- END { \
- print "-----END CERTIFICATE REQUEST-----"; \
- }' > "$FILE".pem < "$FILE".inp
-
-ssleay ca -batch -in "$FILE".pem -key passwd -out "$FILE".out
-ssleay crl2pkcs7 -certfile "$FILE".out -out "$FILE".pkcs7 -in demoCA/crl.pem
-
-sed s/template_for_sessId/$SESSION_ID/ <ms-enroll2a.html >"$FILE".cert
-/usr/local/bin/gawk \
- 'BEGIN { \
- OFS = ""; \
- dq = sprintf("%c",34); \
- } \
- $0 ~ "PKCS7" { next; } \
- { \
- print dq$0dq" & _"; \
- }' <"$FILE".pkcs7 >> "$FILE".cert
-cat ms-enroll2b.html >>"$FILE".cert
-
-echo Content-type: text/html
-echo Content-length: `wc -c "$FILE".cert`
-echo
-cat "$FILE".cert
-rm -f "$FILE".*
------END ms-gencert.cgi-----
-
-----BEGIN ms-enroll2a.html----
-<HTML><HEAD><TITLE>Certificate Acceptance Test Page</TITLE></HEAD><BODY>
-
-<OBJECT
- classid="clsid:33BEC9E0-F78F-11cf-B782-00C04FD7BF43"
- codebase=certenr3.dll
- id=certHelper
- >
-</OBJECT>
-
-<CENTER>
-<H2>Your personal certificate</H2>
-<BR><HR WIDTH=50%><BR><P>
-Press the button!
-<P><INPUT TYPE=BUTTON VALUE="Nimm mich!" NAME="InstallCert">
-</CENTER>
-<BR><HR WIDTH=50%><BR>
-
-<SCRIPT LANGUAGE=VBS>
- Sub InstallCert_OnClick
-
- sessionId = "template_for_sessId"
-credentials = "" & _
-----END ms-enroll2a.html----
-
-----BEGIN ms-enroll2b.html----
-""
- On Error Resume Next
- result = certHelper.AcceptCredentials(sessionId, credentials, 0,
-FALSE)
- if (IsEmpty(result)) Then
- sz = "The error '" & Err.Number & "' occurred." & chr(13) &
-chr(10) & "This Digital ID could not be registered."
- msgOut = MsgBox(sz, 0, "Credentials Registration Error")
- navigate "error.html"
- else
- sz = "Digital ID successfully registered."
- msgOut = MsgBox(sz, 0, "Credentials Registration")
- navigate "success.html"
- end if
- Exit Sub
- End Sub
-</SCRIPT>
-</BODY>
-</HTML>
-----END ms-enroll2b.html----
-
-4.) What do do with the cert?
------------------------------
-
-The cert is visible (without restarting MSIE) under the following menu:
-View->Options->Security->Personal certs. You can examine it's contents at
-least partially.
-
-To use it for client authentication you need to use SSL3.0 (fortunately
-SSLeay supports it with 0.8.0). Furthermore MSIE is told to only supports a
-kind of automatic selection of certs (I personally wasn't able to test it
-myself). But there is a requirement that the issuer of the server cert and
-the issuer of the client cert needs to be the same (according to a developer
-from MS). Which means: you need may more then one cert to talk to all
-servers...
-
-I'm sure we will get a bit more experience after ApacheSSL is available for
-SSLeay 0.8.8.
-
-
-I hope you enjoyed reading and that in future questions on this topic will
-rarely appear on ssl-users@moncom.com ;-)
-
-Ilmenau, 9th of June 1997
-Holger Reif <reif@prakinf.tu-ilmenau.de>
---
-read you later - Holger Reif
----------------------------------------- Signaturprojekt Deutsche Einheit
-TU Ilmenau - Informatik - Telematik (Verdamp lang her)
-Holger.Reif@PrakInf.TU-Ilmenau.DE Alt wie ein Baum werden, um ueber
-http://Remus.PrakInf.TU-Ilmenau.DE/Reif/ alle 7 Bruecken gehen zu koennen
-
-
-==== ns-ca.doc ========================================================
-
-The following documentation was supplied by Jeff Barber, who provided the
-patch to the CA program to add this functionality.
-
-eric
---
-Jeff Barber Email: jeffb@issl.atl.hp.com
-
-Hewlett Packard Phone: (404) 648-9503
-Internet and System Security Lab Fax: (404) 648-9516
-
- oo
----------------------cut /\ here for ns-ca.doc ------------------------------
-
-This document briefly describes how to use SSLeay to implement a
-certificate authority capable of dynamically serving up client
-certificates for version 3.0 beta 5 (and presumably later) versions of
-the Netscape Navigator. Before describing how this is done, it's
-important to understand a little about how the browser implements its
-client certificate support. This is documented in some detail in the
-URLs based at <URL:http://home.netscape.com/eng/security/certs.html>.
-Here's a brief overview:
-
-- The Navigator supports a new HTML tag "KEYGEN" which will cause
- the browser to generate an RSA key pair when you submit a form
- containing the tag. The public key, along with an optional
- challenge (supposedly provided for use in certificate revocation
- but I don't use it) is signed, DER-encoded, base-64 encoded
- and sent to the web server as the value of the variable
- whose NAME is provided in the KEYGEN tag. The private key is
- stored by the browser in a local key database.
-
- This "Signed Public Key And Challenge" (SPKAC) arrives formatted
- into 64 character lines (which are of course URL-encoded when
- sent via HTTP -- i.e. spaces, newlines and most punctuatation are
- encoded as "%HH" where HH is the hex equivalent of the ASCII code).
- Note that the SPKAC does not contain the other usual attributes
- of a certificate request, especially the subject name fields.
- These must be otherwise encoded in the form for submission along
- with the SPKAC.
-
-- Either immediately (in response to this form submission), or at
- some later date (a real CA will probably verify your identity in
- some way before issuing the certificate), a web server can send a
- certificate based on the public key and other attributes back to
- the browser by encoding it in DER (the binary form) and sending it
- to the browser as MIME type:
- "Content-type: application/x-x509-user-cert"
-
- The browser uses the public key encoded in the certificate to
- associate the certificate with the appropriate private key in
- its local key database. Now, the certificate is "installed".
-
-- When a server wants to require authentication based on client
- certificates, it uses the right signals via the SSL protocol to
- trigger the Navigator to ask you which certificate you want to
- send. Whether the certificate is accepted is dependent on CA
- certificates and so forth installed in the server and is beyond
- the scope of this document.
-
-
-Now, here's how the SSLeay package can be used to provide client
-certficates:
-
-- You prepare a file for input to the SSLeay ca application.
- The file contains a number of "name = value" pairs that identify
- the subject. The names here are the same subject name component
- identifiers used in the CA section of the lib/ssleay.conf file,
- such as "emailAddress", "commonName" "organizationName" and so
- forth. Both the long version and the short version (e.g. "Email",
- "CN", "O") can be used.
-
- One more name is supported: this one is "SPKAC". Its value
- is simply the value of the base-64 encoded SPKAC sent by the
- browser (with all the newlines and other space charaters
- removed -- and newline escapes are NOT supported).
-
- [ As of SSLeay 0.6.4, multiple lines are supported.
- Put a \ at the end of each line and it will be joined with the
- previous line with the '\n' removed - eay ]
-
- Here's a sample input file:
-
-C = US
-SP = Georgia
-O = Some Organization, Inc.
-OU = Netscape Compatibility Group
-CN = John X. Doe
-Email = jxdoe@someorg.com
-SPKAC = MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwmk6FMJ4uAVIYbcvIOx5+bDGTfvL8X5gE+R67ccMk6rCSGbVQz2cetyQtnI+VIs0NwdD6wjuSuVtVFbLoHonowIDAQABFgAwDQYJKoZIhvcNAQEEBQADQQBFZDUWFl6BJdomtN1Bi53mwijy1rRgJ4YirF15yBEDM3DjAQkKXHYOIX+qpz4KXKnl6EYxTnGSFL5wWt8X2iyx
-
-- You execute the ca command (either from a CGI program run out of
- the web server, or as a later manual task) giving it the above
- file as input. For example, if the file were named /tmp/cert.req,
- you'd run:
- $SSLDIR/bin/ca -spkac /tmp/cert.req -out /tmp/cert
-
- The output is in DER format (binary) if a -out argument is
- provided, as above; otherwise, it's in the PEM format (base-64
- encoded DER). Also, the "-batch" switch is implied by the
- "-spkac" so you don't get asked whether to complete the signing
- (probably it shouldn't work this way but I was only interested
- in hacking together an online CA that could be used for issuing
- test certificates).
-
- The "-spkac" capability doesn't support multiple files (I think).
-
- Any CHALLENGE provided in the SPKAC is simply ignored.
-
- The interactions between the identification fields you provide
- and those identified in your lib/ssleay.conf are the same as if
- you did an ordinary "ca -in infile -out outfile" -- that is, if
- something is marked as required in the ssleay.conf file and it
- isn't found in the -spkac file, the certificate won't be issued.
-
-- Now, you pick up the output from /tmp/cert and pass it back to
- the Navigator prepending the Content-type string described earlier.
-
-- In order to run the ca command out of a CGI program, you must
- provide a password to decrypt the CA's private key. You can
- do this by using "echo MyKeyPassword | $SSLDIR/bin/ca ..."
- I think there's a way to not encrypt the key file in the first
- place, but I didn't see how to do that, so I made a small change
- to the library that allows the password to be accepted from a pipe.
- Either way is UTTERLY INSECURE and a real CA would never do that.
-
- [ You can use the 'ssleay rsa' command to remove the password
- from the private key, or you can use the '-key' option to the
- ca command to specify the decryption key on the command line
- or use the -nodes option when generating the key.
- ca will try to clear the command line version of the password
- but for quite a few operating systems, this is not possible.
- - eric ]
-
-So, what do you have to do to make use of this stuff to create an online
-demo CA capability with SSLeay?
-
-1 Create an HTML form for your users. The form should contain
- fields for all of the required or optional fields in ssleay.conf.
- The form must contain a KEYGEN tag somewhere with at least a NAME
- attribute.
-
-2 Create a CGI program to process the form input submitted by the
- browser. The CGI program must URL-decode the variables and create
- the file described above, containing subject identification info
- as well as the SPKAC block. It should then run the the ca program
- with the -spkac option. If it works (check the exit status),
- return the new certificate with the appropriate MIME type. If not,
- return the output of the ca command with MIME type "text/plain".
-
-3 Set up your web server to accept connections signed by your demo
- CA. This probably involves obtaining the PEM-encoded CA certificate
- (ordinarily in $SSLDIR/CA/cacert.pem) and installing it into a
- server database. See your server manual for instructions.
-
-
-==== obj.doc ========================================================
-
-The Object library.
-
-As part of my Crypto library, I found I required a method of identifying various
-objects. These objects normally had 3 different values associated with
-them, a short text name, a long (or lower case) text name, and an
-ASN.1 Object Identifier (which is a sequence of numbers).
-This library contains a static list of objects and functions to lookup
-according to one type and to return the other types.
-
-To use these routines, 'Object.h' needs to be included.
-
-For each supported object, #define entries are defined as follows
-#define SN_Algorithm "Algorithm"
-#define LN_algorithm "algorithm"
-#define NID_algorithm 38
-#define OBJ_algorithm 1L,3L,14L,3L,2L
-
-SN_ stands for short name.
-LN_ stands for either long name or lowercase name.
-NID_ stands for Numeric ID. I each object has a unique NID and this
- should be used internally to identify objects.
-OBJ_ stands for ASN.1 Object Identifier or ASN1_OBJECT as defined in the
- ASN1 routines. These values are used in ASN1 encoding.
-
-The following functions are to be used to return pointers into a static
-definition of these types. What this means is "don't try to free() any
-pointers returned from these functions.
-
-ASN1_OBJECT *OBJ_nid2obj(
-int n);
- Return the ASN1_OBJECT that corresponds to a NID of n.
-
-char *OBJ_nid2ln(
-int n);
- Return the long/lower case name of the object represented by the
- NID of n.
-
-char *OBJ_nid2sn(
-int n);
- Return the short name for the object represented by the NID of n.
-
-ASN1_OBJECT *OBJ_dup(
-ASN1_OBJECT *o);
- Duplicate and return a new ASN1_OBJECT that is the same as the
- passed parameter.
-
-int OBJ_obj2nid(
-ASN1_OBJECT *o);
- Given ASN1_OBJECT o, return the NID that corresponds.
-
-int OBJ_ln2nid(
-char *s);
- Given the long/lower case name 's', return the NID of the object.
-
-int OBJ_sn2nid(
-char *s);
- Given the short name 's', return the NID of the object.
-
-char *OBJ_bsearch(
-char *key,
-char *base,
-int num,
-int size,
-int (*cmp)());
- Since I have come across a few platforms that do not have the
- bsearch() function, OBJ_bsearch is my version of that function.
- Feel free to use this function, but you may as well just use the
- normal system bsearch(3) if it is present. This version also
- has tolerance of being passed NULL pointers.
-
-==== keys ===========================================================
-
-EVP_PKEY_DSA
-EVP_PKEY_DSA2
-EVP_PKEY_DSA3
-EVP_PKEY_DSA4
-
-EVP_PKEY_RSA
-EVP_PKEY_RSA2
-
-valid DSA pkey types
- NID_dsa
- NID_dsaWithSHA
- NID_dsaWithSHA1
- NID_dsaWithSHA1_2
-
-valid RSA pkey types
- NID_rsaEncryption
- NID_rsa
-
-NID_dsaWithSHA NID_dsaWithSHA DSA SHA
-NID_dsa NID_dsaWithSHA1 DSA SHA1
-NID_md2 NID_md2WithRSAEncryption RSA-pkcs1 MD2
-NID_md5 NID_md5WithRSAEncryption RSA-pkcs1 MD5
-NID_mdc2 NID_mdc2WithRSA RSA-none MDC2
-NID_ripemd160 NID_ripemd160WithRSA RSA-pkcs1 RIPEMD160
-NID_sha NID_shaWithRSAEncryption RSA-pkcs1 SHA
-NID_sha1 NID_sha1WithRSAEncryption RSA-pkcs1 SHA1
-
-==== rand.doc ========================================================
-
-My Random number library.
-
-These routines can be used to generate pseudo random numbers and can be
-used to 'seed' the pseudo random number generator (RNG). The RNG make no
-effort to reproduce the same random number stream with each execution.
-Various other routines in the SSLeay library 'seed' the RNG when suitable
-'random' input data is available. Read the section at the end for details
-on the design of the RNG.
-
-void RAND_bytes(
-unsigned char *buf,
-int num);
- This routine puts 'num' random bytes into 'buf'. One should make
- sure RAND_seed() has been called before using this routine.
-
-void RAND_seed(
-unsigned char *buf,
-int num);
- This routine adds more 'seed' data the RNG state. 'num' bytes
- are added to the RNG state, they are taken from 'buf'. This
- routine can be called with sensitive data such as user entered
- passwords. This sensitive data is in no way recoverable from
- the RAND library routines or state. Try to pass as much data
- from 'random' sources as possible into the RNG via this function.
- Also strongly consider using the RAND_load_file() and
- RAND_write_file() routines.
-
-void RAND_cleanup();
- When a program has finished with the RAND library, if it so
- desires, it can 'zero' all RNG state.
-
-The following 3 routines are convenience routines that can be used to
-'save' and 'restore' data from/to the RNG and it's state.
-Since the more 'random' data that is feed as seed data the better, why not
-keep it around between executions of the program? Of course the
-application should pass more 'random' data in via RAND_seed() and
-make sure no-one can read the 'random' data file.
-
-char *RAND_file_name(
-char *buf,
-int size);
- This routine returns a 'default' name for the location of a 'rand'
- file. The 'rand' file should keep a sequence of random bytes used
- to initialise the RNG. The filename is put in 'buf'. Buf is 'size'
- bytes long. Buf is returned if things go well, if they do not,
- NULL is returned. The 'rand' file name is generated in the
- following way. First, if there is a 'RANDFILE' environment
- variable, it is returned. Second, if there is a 'HOME' environment
- variable, $HOME/.rand is returned. Third, NULL is returned. NULL
- is also returned if a buf would overflow.
-
-int RAND_load_file(
-char *file,
-long number);
- This function 'adds' the 'file' into the RNG state. It does this by
- doing a RAND_seed() on the value returned from a stat() system call
- on the file and if 'number' is non-zero, upto 'number' bytes read
- from the file. The number of bytes passed to RAND_seed() is returned.
-
-int RAND_write_file(
-char *file),
- RAND_write_file() writes N random bytes to the file 'file', where
- N is the size of the internal RND state (currently 1k).
- This is a suitable method of saving RNG state for reloading via
- RAND_load_file().
-
-What follows is a description of this RNG and a description of the rational
-behind it's design.
-
-It should be noted that this RNG is intended to be used to generate
-'random' keys for various ciphers including generation of DH and RSA keys.
-
-It should also be noted that I have just created a system that I am happy with.
-It may be overkill but that does not worry me. I have not spent that much
-time on this algorithm so if there are glaring errors, please let me know.
-Speed has not been a consideration in the design of these routines.
-
-First up I will state the things I believe I need for a good RNG.
-1) A good hashing algorithm to mix things up and to convert the RNG 'state'
- to random numbers.
-2) An initial source of random 'state'.
-3) The state should be very large. If the RNG is being used to generate
- 4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
- If your RNG state only has 128 bits, you are obviously limiting the
- search space to 128 bits, not 2048. I'm probably getting a little
- carried away on this last point but it does indicate that it may not be
- a bad idea to keep quite a lot of RNG state. It should be easier to
- break a cipher than guess the RNG seed data.
-4) Any RNG seed data should influence all subsequent random numbers
- generated. This implies that any random seed data entered will have
- an influence on all subsequent random numbers generated.
-5) When using data to seed the RNG state, the data used should not be
- extractable from the RNG state. I believe this should be a
- requirement because one possible source of 'secret' semi random
- data would be a private key or a password. This data must
- not be disclosed by either subsequent random numbers or a
- 'core' dump left by a program crash.
-6) Given the same initial 'state', 2 systems should deviate in their RNG state
- (and hence the random numbers generated) over time if at all possible.
-7) Given the random number output stream, it should not be possible to determine
- the RNG state or the next random number.
-
-
-The algorithm is as follows.
-
-There is global state made up of a 1023 byte buffer (the 'state'), a
-working message digest ('md') and a counter ('count').
-
-Whenever seed data is added, it is inserted into the 'state' as
-follows.
- The input is chopped up into units of 16 bytes (or less for
- the last block). Each of these blocks is run through the MD5
- message digest. The data passed to the MD5 digest is the
- current 'md', the same number of bytes from the 'state'
- (the location determined by in incremented looping index) as
- the current 'block' and the new key data 'block'. The result
- of this is kept in 'md' and also xored into the 'state' at the
- same locations that were used as input into the MD5.
- I believe this system addresses points 1 (MD5), 3 (the 'state'),
- 4 (via the 'md'), 5 (by the use of MD5 and xor).
-
-When bytes are extracted from the RNG, the following process is used.
-For each group of 8 bytes (or less), we do the following,
- Input into MD5, the top 8 bytes from 'md', the byte that are
- to be overwritten by the random bytes and bytes from the
- 'state' (incrementing looping index). From this digest output
- (which is kept in 'md'), the top (upto) 8 bytes are
- returned to the caller and the bottom (upto) 8 bytes are xored
- into the 'state'.
- Finally, after we have finished 'generation' random bytes for the
- called, 'count' (which is incremented) and 'md' are fed into MD5 and
- the results are kept in 'md'.
- I believe the above addressed points 1 (use of MD5), 6 (by
- hashing into the 'state' the 'old' data from the caller that
- is about to be overwritten) and 7 (by not using the 8 bytes
- given to the caller to update the 'state', but they are used
- to update 'md').
-
-So of the points raised, only 2 is not addressed, but sources of
-random data will always be a problem.
-
-
-==== rc2.doc ========================================================
-
-The RC2 library.
-
-RC2 is a block cipher that operates on 64bit (8 byte) quantities. It
-uses variable size key, but 128bit (16 byte) key would normally be considered
-good. It can be used in all the modes that DES can be used. This
-library implements the ecb, cbc, cfb64, ofb64 modes.
-
-I have implemented this library from an article posted to sci.crypt on
-11-Feb-1996. I personally don't know how far to trust the RC2 cipher.
-While it is capable of having a key of any size, not much reseach has
-publically been done on it at this point in time (Apr-1996)
-since the cipher has only been public for a few months :-)
-It is of a similar speed to DES and IDEA, so unless it is required for
-meeting some standard (SSLv2, perhaps S/MIME), it would probably be advisable
-to stick to IDEA, or for the paranoid, Tripple DES.
-
-Mind you, having said all that, I should mention that I just read alot and
-implement ciphers, I'm a 'babe in the woods' when it comes to evaluating
-ciphers :-).
-
-For all calls that have an 'input' and 'output' variables, they can be the
-same.
-
-This library requires the inclusion of 'rc2.h'.
-
-All of the encryption functions take what is called an RC2_KEY as an
-argument. An RC2_KEY is an expanded form of the RC2 key.
-For all modes of the RC2 algorithm, the RC2_KEY used for
-decryption is the same one that was used for encryption.
-
-The define RC2_ENCRYPT is passed to specify encryption for the functions
-that require an encryption/decryption flag. RC2_DECRYPT is passed to
-specify decryption.
-
-Please note that any of the encryption modes specified in my DES library
-could be used with RC2. I have only implemented ecb, cbc, cfb64 and
-ofb64 for the following reasons.
-- ecb is the basic RC2 encryption.
-- cbc is the normal 'chaining' form for block ciphers.
-- cfb64 can be used to encrypt single characters, therefore input and output
- do not need to be a multiple of 8.
-- ofb64 is similar to cfb64 but is more like a stream cipher, not as
- secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
-- If you want triple RC2, thats 384 bits of key and you must be totally
- obsessed with security. Still, if you want it, it is simple enough to
- copy the function from the DES library and change the des_encrypt to
- RC2_encrypt; an exercise left for the paranoid reader :-).
-
-The functions are as follows:
-
-void RC2_set_key(
-RC2_KEY *ks;
-int len;
-unsigned char *key;
-int bits;
- RC2_set_key converts an 'len' byte key into a RC2_KEY.
- A 'ks' is an expanded form of the 'key' which is used to
- perform actual encryption. It can be regenerated from the RC2 key
- so it only needs to be kept when encryption or decryption is about
- to occur. Don't save or pass around RC2_KEY's since they
- are CPU architecture dependent, 'key's are not. RC2 is an
- interesting cipher in that it can be used with a variable length
- key. 'len' is the length of 'key' to be used as the key.
- A 'len' of 16 is recomended. The 'bits' argument is an
- interesting addition which I only found out about in Aug 96.
- BSAFE uses this parameter to 'limit' the number of bits used
- for the key. To use the 'key' unmodified, set bits to 1024.
- This is what old versions of my RC2 library did (SSLeay 0.6.3).
- RSAs BSAFE library sets this parameter to be 128 if 128 bit
- keys are being used. So to be compatable with BSAFE, set it
- to 128, if you don't want to reduce RC2's key length, leave it
- at 1024.
-
-void RC2_encrypt(
-unsigned long *data,
-RC2_KEY *key,
-int encrypt);
- This is the RC2 encryption function that gets called by just about
- every other RC2 routine in the library. You should not use this
- function except to implement 'modes' of RC2. I say this because the
- functions that call this routine do the conversion from 'char *' to
- long, and this needs to be done to make sure 'non-aligned' memory
- access do not occur.
- Data is a pointer to 2 unsigned long's and key is the
- RC2_KEY to use. Encryption or decryption is indicated by 'encrypt'.
- which can have the values RC2_ENCRYPT or RC2_DECRYPT.
-
-void RC2_ecb_encrypt(
-unsigned char *in,
-unsigned char *out,
-RC2_KEY *key,
-int encrypt);
- This is the basic Electronic Code Book form of RC2 (in DES this
- mode is called Electronic Code Book so I'm going to use the term
- for rc2 as well.
- Input is encrypted into output using the key represented by
- key. Depending on the encrypt, encryption or
- decryption occurs. Input is 8 bytes long and output is 8 bytes.
-
-void RC2_cbc_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-RC2_KEY *ks,
-unsigned char *ivec,
-int encrypt);
- This routine implements RC2 in Cipher Block Chaining mode.
- Input, which should be a multiple of 8 bytes is encrypted
- (or decrypted) to output which will also be a multiple of 8 bytes.
- The number of bytes is in length (and from what I've said above,
- should be a multiple of 8). If length is not a multiple of 8, bad
- things will probably happen. ivec is the initialisation vector.
- This function updates iv after each call so that it can be passed to
- the next call to RC2_cbc_encrypt().
-
-void RC2_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-RC2_KEY *schedule,
-unsigned char *ivec,
-int *num,
-int encrypt);
- This is one of the more useful functions in this RC2 library, it
- implements CFB mode of RC2 with 64bit feedback.
- This allows you to encrypt an arbitrary number of bytes,
- you do not require 8 byte padding. Each call to this
- routine will encrypt the input bytes to output and then update ivec
- and num. Num contains 'how far' we are though ivec.
- 'Encrypt' is used to indicate encryption or decryption.
- CFB64 mode operates by using the cipher to generate a stream
- of bytes which is used to encrypt the plain text.
- The cipher text is then encrypted to generate the next 64 bits to
- be xored (incrementally) with the next 64 bits of plain
- text. As can be seen from this, to encrypt or decrypt,
- the same 'cipher stream' needs to be generated but the way the next
- block of data is gathered for encryption is different for
- encryption and decryption.
-
-void RC2_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-RC2_KEY *schedule,
-unsigned char *ivec,
-int *num);
- This functions implements OFB mode of RC2 with 64bit feedback.
- This allows you to encrypt an arbitrary number of bytes,
- you do not require 8 byte padding. Each call to this
- routine will encrypt the input bytes to output and then update ivec
- and num. Num contains 'how far' we are though ivec.
- This is in effect a stream cipher, there is no encryption or
- decryption mode.
-
-For reading passwords, I suggest using des_read_pw_string() from my DES library.
-To generate a password from a text string, I suggest using MD5 (or MD2) to
-produce a 16 byte message digest that can then be passed directly to
-RC2_set_key().
-
-=====
-For more information about the specific RC2 modes in this library
-(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
-documentation on my DES library. What is said about DES is directly
-applicable for RC2.
-
-
-==== rc4.doc ========================================================
-
-The RC4 library.
-RC4 is a stream cipher that operates on a byte stream. It can be used with
-any length key but I would recommend normally using 16 bytes.
-
-This library requires the inclusion of 'rc4.h'.
-
-The RC4 encryption function takes what is called an RC4_KEY as an argument.
-The RC4_KEY is generated by the RC4_set_key function from the key bytes.
-
-RC4, being a stream cipher, does not have an encryption or decryption mode.
-It produces a stream of bytes that the input stream is xor'ed against and
-so decryption is just a case of 'encrypting' again with the same key.
-
-I have only put in one 'mode' for RC4 which is the normal one. This means
-there is no initialisation vector and there is no feedback of the cipher
-text into the cipher. This implies that you should not ever use the
-same key twice if you can help it. If you do, you leave yourself open to
-known plain text attacks; if you know the plain text and
-corresponding cipher text in one message, all messages that used the same
-key can have the cipher text decoded for the corresponding positions in the
-cipher stream.
-
-The main positive feature of RC4 is that it is a very fast cipher; about 4
-times faster that DES. This makes it ideally suited to protocols where the
-key is randomly chosen, like SSL.
-
-The functions are as follows:
-
-void RC4_set_key(
-RC4_KEY *key;
-int len;
-unsigned char *data);
- This function initialises the RC4_KEY structure with the key passed
- in 'data', which is 'len' bytes long. The key data can be any
- length but 16 bytes seems to be a good number.
-
-void RC4(
-RC4_KEY *key;
-unsigned long len;
-unsigned char *in;
-unsigned char *out);
- Do the actual RC4 encryption/decryption. Using the 'key', 'len'
- bytes are transformed from 'in' to 'out'. As mentioned above,
- decryption is the operation as encryption.
-
-==== ref.doc ========================================================
-
-I have lots more references etc, and will update this list in the future,
-30 Aug 1996 - eay
-
-
-SSL The SSL Protocol - from Netscapes.
-
-RC4 Newsgroups: sci.crypt
- From: sterndark@netcom.com (David Sterndark)
- Subject: RC4 Algorithm revealed.
- Message-ID: <sternCvKL4B.Hyy@netcom.com>
-
-RC2 Newsgroups: sci.crypt
- From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
- Subject: Specification for Ron Rivests Cipher No.2
- Message-ID: <4fk39f$f70@net.auckland.ac.nz>
-
-MD2 RFC1319 The MD2 Message-Digest Algorithm
-MD5 RFC1321 The MD5 Message-Digest Algorithm
-
-X509 Certificates
- RFC1421 Privacy Enhancement for Internet Electronic Mail: Part I
- RFC1422 Privacy Enhancement for Internet Electronic Mail: Part II
- RFC1423 Privacy Enhancement for Internet Electronic Mail: Part III
- RFC1424 Privacy Enhancement for Internet Electronic Mail: Part IV
-
-RSA and various standard encoding
- PKCS#1 RSA Encryption Standard
- PKCS#5 Password-Based Encryption Standard
- PKCS#7 Cryptographic Message Syntax Standard
- A Layman's Guide to a Subset of ASN.1, BER, and DER
- An Overview of the PKCS Standards
- Some Examples of the PKCS Standards
-
-IDEA Chapter 3 The Block Cipher IDEA
-
-RSA, prime number generation and bignum algorithms
- Introduction To Algorithms,
- Thomas Cormen, Charles Leiserson, Ronald Rivest,
- Section 29 Arithmetic Circuits
- Section 33 Number-Theoretic Algorithms
-
-Fast Private Key algorithm
- Fast Decipherment Algorithm for RSA Public-Key Cryptosystem
- J.-J. Quisquater and C. Couvreur, Electronics Letters,
- 14th October 1982, Vol. 18 No. 21
-
-Prime number generation and bignum algorithms.
- PGP-2.3a
-
-==== rsa.doc ========================================================
-
-The RSA encryption and utility routines.
-
-The RSA routines are built on top of a big number library (the BN library).
-There are support routines in the X509 library for loading and manipulating
-the various objects in the RSA library. When errors are returned, read
-about the ERR library for how to access the error codes.
-
-All RSA encryption is done according to the PKCS-1 standard which is
-compatible with PEM and RSAref. This means that any values being encrypted
-must be less than the size of the modulus in bytes, minus 10, bytes long.
-
-This library uses RAND_bytes()() for it's random data, make sure to feed
-RAND_seed() with lots of interesting and varied data before using these
-routines.
-
-The RSA library has one specific data type, the RSA structure.
-It is composed of 8 BIGNUM variables (see the BN library for details) and
-can hold either a private RSA key or a public RSA key.
-Some RSA libraries have different structures for public and private keys, I
-don't. For my libraries, a public key is determined by the fact that the
-RSA->d value is NULL. These routines will operate on any size RSA keys.
-While I'm sure 4096 bit keys are very very secure, they take a lot longer
-to process that 1024 bit keys :-).
-
-The function in the RSA library are as follows.
-
-RSA *RSA_new();
- This function creates a new RSA object. The sub-fields of the RSA
- type are also malloced so you should always use this routine to
- create RSA variables.
-
-void RSA_free(
-RSA *rsa);
- This function 'frees' an RSA structure. This routine should always
- be used to free the RSA structure since it will also 'free' any
- sub-fields of the RSA type that need freeing.
-
-int RSA_size(
-RSA *rsa);
- This function returns the size of the RSA modulus in bytes. Why do
- I need this you may ask, well the reason is that when you encrypt
- with RSA, the output string will be the size of the RSA modulus.
- So the output for the RSA_encrypt and the input for the RSA_decrypt
- routines need to be RSA_size() bytes long, because this is how many
- bytes are expected.
-
-For the following 4 RSA encryption routines, it should be noted that
-RSA_private_decrypt() should be used on the output from
-RSA_public_encrypt() and RSA_public_decrypt() should be used on
-the output from RSA_private_encrypt().
-
-int RSA_public_encrypt(
-int from_len;
-unsigned char *from
-unsigned char *to
-RSA *rsa);
- This function implements RSA public encryption, the rsa variable
- should be a public key (but can be a private key). 'from_len'
- bytes taken from 'from' and encrypted and put into 'to'. 'to' needs
- to be at least RSA_size(rsa) bytes long. The number of bytes
- written into 'to' is returned. -1 is returned on an error. The
- operation performed is
- to = from^rsa->e mod rsa->n.
-
-int RSA_private_encrypt(
-int from_len;
-unsigned char *from
-unsigned char *to
-RSA *rsa);
- This function implements RSA private encryption, the rsa variable
- should be a private key. 'from_len' bytes taken from
- 'from' and encrypted and put into 'to'. 'to' needs
- to be at least RSA_size(rsa) bytes long. The number of bytes
- written into 'to' is returned. -1 is returned on an error. The
- operation performed is
- to = from^rsa->d mod rsa->n.
-
-int RSA_public_decrypt(
-int from_len;
-unsigned char *from
-unsigned char *to
-RSA *rsa);
- This function implements RSA public decryption, the rsa variable
- should be a public key (but can be a private key). 'from_len'
- bytes are taken from 'from' and decrypted. The decrypted data is
- put into 'to'. The number of bytes encrypted is returned. -1 is
- returned to indicate an error. The operation performed is
- to = from^rsa->e mod rsa->n.
-
-int RSA_private_decrypt(
-int from_len;
-unsigned char *from
-unsigned char *to
-RSA *rsa);
- This function implements RSA private decryption, the rsa variable
- should be a private key. 'from_len' bytes are taken
- from 'from' and decrypted. The decrypted data is
- put into 'to'. The number of bytes encrypted is returned. -1 is
- returned to indicate an error. The operation performed is
- to = from^rsa->d mod rsa->n.
-
-int RSA_mod_exp(
-BIGNUM *n;
-BIGNUM *p;
-RSA *rsa);
- Normally you will never use this routine.
- This is really an internal function which is called by
- RSA_private_encrypt() and RSA_private_decrypt(). It performs
- n=n^p mod rsa->n except that it uses the 5 extra variables in the
- RSA structure to make this more efficient.
-
-RSA *RSA_generate_key(
-int bits;
-unsigned long e;
-void (*callback)();
-char *cb_arg;
- This routine is used to generate RSA private keys. It takes
- quite a period of time to run and should only be used to
- generate initial private keys that should then be stored
- for later use. The passed callback function
- will be called periodically so that feedback can be given
- as to how this function is progressing.
- 'bits' is the length desired for the modulus, so it would be 1024
- to generate a 1024 bit private key.
- 'e' is the value to use for the public exponent 'e'. Traditionally
- it is set to either 3 or 0x10001.
- The callback function (if not NULL) is called in the following
- situations.
- when we have generated a suspected prime number to test,
- callback(0,num1++,cb_arg). When it passes a prime number test,
- callback(1,num2++,cb_arg). When it is rejected as one of
- the 2 primes required due to gcd(prime,e value) != 0,
- callback(2,num3++,cb_arg). When finally accepted as one
- of the 2 primes, callback(3,num4++,cb_arg).
-
-
-==== rsaref.doc ========================================================
-
-This package can be compiled to use the RSAref library.
-This library is not allowed outside of the USA but inside the USA it is
-claimed by RSA to be the only RSA public key library that can be used
-besides BSAFE..
-
-There are 2 files, rsaref/rsaref.c and rsaref/rsaref.h that contain the glue
-code to use RSAref. These files were written by looking at the PGP
-source code and seeing which routines it used to access RSAref.
-I have also been sent by some-one a copy of the RSAref header file that
-contains the library error codes.
-
-[ Jun 1996 update - I have recently gotten hold of RSAref 2.0 from
- South Africa and have been doing some performace tests. ]
-
-They have now been tested against the recently announced RSAEURO
-library.
-
-There are 2 ways to use SSLeay and RSAref. First, to build so that
-the programs must be linked with RSAref, add '-DRSAref' to CFLAG in the top
-level makefile and -lrsaref (or where ever you are keeping RSAref) to
-EX_LIBS.
-
-To build a makefile via util/mk1mf.pl to do this, use the 'rsaref' option.
-
-The second method is to build as per normal and link applications with
-the RSAglue library. The correct library order would be
-cc -o cmd cmd.o -lssl -lRSAglue -lcrypto -lrsaref -ldes
-The RSAglue library is built in the rsa directory and is NOT
-automatically installed.
-
-Be warned that the RSAEURO library, that is claimed to be compatible
-with RSAref contains a different value for the maximum number of bits
-supported. This changes structure sizes and so if you are using
-RSAEURO, change the value of RSAref_MAX_BITS in rsa/rsaref.h
-
-
-==== s_mult.doc ========================================================
-
-s_mult is a test program I hacked up on a Sunday for testing non-blocking
-IO. It has a select loop at it's centre that handles multiple readers
-and writers.
-
-Try the following command
-ssleay s_mult -echo -nbio -ssl -v
-echo - sends any sent text back to the sender
-nbio - turns on non-blocking IO
-ssl - accept SSL connections, default is normal text
-v - print lots
- type Q<cr> to quit
-
-In another window, run the following
-ssleay s_client -pause </etc/termcap
-
-The pause option puts in a 1 second pause in each read(2)/write(2) call
-so the other end will have read()s fail.
-
-==== session.doc ========================================================
-
-I have just checked over and re-worked the session stuff.
-The following brief example will ignore all setup information to do with
-authentication.
-
-Things operate as follows.
-
-The SSL environment has a 'context', a SSL_CTX structure. This holds the
-cached SSL_SESSIONS (which can be reused) and the certificate lookup
-information. Each SSL structure needs to be associated with a SSL_CTX.
-Normally only one SSL_CTX structure is needed per program.
-
-SSL_CTX *SSL_CTX_new(void );
-void SSL_CTX_free(SSL_CTX *);
-These 2 functions create and destroy SSL_CTX structures
-
-The SSL_CTX has a session_cache_mode which is by default,
-in SSL_SESS_CACHE_SERVER mode. What this means is that the library
-will automatically add new session-id's to the cache apon sucsessful
-SSL_accept() calls.
-If SSL_SESS_CACHE_CLIENT is set, then client certificates are also added
-to the cache.
-SSL_set_session_cache_mode(ctx,mode) will set the 'mode' and
-SSL_get_session_cache_mode(ctx) will get the cache 'mode'.
-The modes can be
-SSL_SESS_CACHE_OFF - no caching
-SSL_SESS_CACHE_CLIENT - only SSL_connect()
-SSL_SESS_CACHE_SERVER - only SSL_accept()
-SSL_SESS_NO_CACHE_BOTH - Either SSL_accept() or SSL_connect().
-If SSL_SESS_CACHE_NO_AUTO_CLEAR is set, old timed out sessions are
-not automatically removed each 255, SSL_connect()s or SSL_accept()s.
-
-By default, apon every 255 successful SSL_connect() or SSL_accept()s,
-the cache is flush. Please note that this could be expensive on
-a heavily loaded SSL server, in which case, turn this off and
-clear the cache of old entries 'manually' (with one of the functions
-listed below) every few hours. Perhaps I should up this number, it is hard
-to say. Remember, the '255' new calls is just a mechanims to get called
-every now and then, in theory at most 255 new session-id's will have been
-added but if 100 are added every minute, you would still have
-500 in the cache before any would start being flushed (assuming a 3 minute
-timeout)..
-
-int SSL_CTX_sess_hits(SSL_CTX *ctx);
-int SSL_CTX_sess_misses(SSL_CTX *ctx);
-int SSL_CTX_sess_timeouts(SSL_CTX *ctx);
-These 3 functions return statistics about the SSL_CTX. These 3 are the
-number of session id reuses. hits is the number of reuses, misses are the
-number of lookups that failed, and timeouts is the number of cached
-entries ignored because they had timeouted.
-
-ctx->new_session_cb is a function pointer to a function of type
-int new_session_callback(SSL *ssl,SSL_SESSION *new);
-This function, if set in the SSL_CTX structure is called whenever a new
-SSL_SESSION is added to the cache. If the callback returns non-zero, it
-means that the application will have to do a SSL_SESSION_free()
-on the structure (this is
-to do with the cache keeping the reference counts correct, without the
-application needing to know about it.
-The 'active' parameter is the current SSL session for which this connection
-was created.
-
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,int (*cb)());
-to set the callback,
-int (*cb)() SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)
-to get the callback.
-
-If the 'get session' callback is set, when a session id is looked up and
-it is not in the session-id cache, this callback is called. The callback is
-of the form
-SSL_SESSION *get_session_callback(unsigned char *sess_id,int sess_id_len,
- int *copy);
-
-The get_session_callback is intended to return null if no session id is found.
-The reference count on the SSL_SESSION in incremented by the SSL library,
-if copy is 1. Otherwise, the reference count is not modified.
-
-void SSL_CTX_sess_set_get_cb(ctx,cb) sets the callback and
-int (*cb)()SSL_CTX_sess_get_get_cb(ctx) returns the callback.
-
-These callbacks are basically indended to be used by processes to
-send their session-id's to other processes. I currently have not implemented
-non-blocking semantics for these callbacks, it is upto the appication
-to make the callbacks effiecent if they require blocking (perhaps
-by 'saving' them and then 'posting them' when control returns from
-the SSL_accept().
-
-LHASH *SSL_CTX_sessions(SSL_CTX *ctx)
-This returns the session cache. The lhash strucutre can be accessed for
-statistics about the cache.
-
-void lh_stats(LHASH *lh, FILE *out);
-void lh_node_stats(LHASH *lh, FILE *out);
-void lh_node_usage_stats(LHASH *lh, FILE *out);
-
-can be used to print details about it's activity and current state.
-You can also delve directly into the lhash structure for 14 different
-counters that are kept against the structure. When I wrote the lhash library,
-I was interested in gathering statistics :-).
-Have a read of doc/lhash.doc in the SSLeay distribution area for more details
-on the lhash library.
-
-Now as mentioned ealier, when a SSL is created, it needs a SSL_CTX.
-SSL * SSL_new(SSL_CTX *);
-
-This stores a session. A session is secret information shared between 2
-SSL contexts. It will only be created if both ends of the connection have
-authenticated their peer to their satisfaction. It basically contains
-the information required to use a particular secret key cipher.
-
-To retrieve the SSL_CTX being used by a SSL,
-SSL_CTX *SSL_get_SSL_CTX(SSL *s);
-
-Now when a SSL session is established between to programs, the 'session'
-information that is cached in the SSL_CTX can me manipulated by the
-following functions.
-int SSL_set_session(SSL *s, SSL_SESSION *session);
-This will set the SSL_SESSION to use for the next SSL_connect(). If you use
-this function on an already 'open' established SSL connection, 'bad things
-will happen'. This function is meaning-less when used on a ssl strucutre
-that is just about to be used in a SSL_accept() call since the
-SSL_accept() will either create a new session or retrieve one from the
-cache.
-
-SSL_SESSION *SSL_get_session(SSL *s);
-This will return the SSL_SESSION for the current SSL, NULL if there is
-no session associated with the SSL structure.
-
-The SSL sessions are kept in the SSL_CTX in a hash table, to remove a
-session
-void SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
-and to add one
-int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-SSL_CTX_add_session() returns 1 if the session was already in the cache (so it
-was not added).
-Whenever a new session is created via SSL_connect()/SSL_accept(),
-they are automatically added to the cache, depending on the session_cache_mode
-settings. SSL_set_session()
-does not add it to the cache. Just call SSL_CTX_add_session() if you do want the
-session added. For a 'client' this would not normally be the case.
-SSL_CTX_add_session() is not normally ever used, except for doing 'evil' things
-which the next 2 funtions help you do.
-
-int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
-These 2 functions are in the standard ASN1 library form and can be used to
-load and save to a byte format, the SSL_SESSION structure.
-With these functions, you can save and read these structures to a files or
-arbitary byte string.
-The PEM_write_SSL_SESSION(fp,x) and PEM_read_SSL_SESSION(fp,x,cb) will
-write to a file pointer in base64 encoding.
-
-What you can do with this, is pass session information between separate
-processes. Please note, that you will probably also need to modify the
-timeout information on the SSL_SESSIONs.
-
-long SSL_get_time(SSL_SESSION *s)
-will return the 'time' that the session
-was loaded. The timeout is relative to this time. This information is
-saved when the SSL_SESSION is converted to binarary but it is stored
-in as a unix long, which is rather OS dependant, but easy to convert back.
-
-long SSL_set_time(SSL_SESSION *s,long t) will set the above mentioned time.
-The time value is just the value returned from time(3), and should really
-be defined by be to be time_t.
-
-long SSL_get_timeout(SSL_SESSION *s);
-long SSL_set_timeout(SSL_SESSION *s,long t);
-These 2 retrieve and set the timeout which is just a number of secconds
-from the 'SSL_get_time()' value. When this time period has elapesed,
-the session will no longer be in the cache (well it will actually be removed
-the next time it is attempted to be retrieved, so you could 'bump'
-the timeout so it remains valid).
-The 'time' and 'timeout' are set on a session when it is created, not reset
-each time it is reused. If you did wish to 'bump it', just after establishing
-a connection, do a
-SSL_set_time(ssl,time(NULL));
-
-You can also use
-SSL_CTX_set_timeout(SSL_CTX *ctx,unsigned long t) and
-SSL_CTX_get_timeout(SSL_CTX *ctx) to manipulate the default timeouts for
-all SSL connections created against a SSL_CTX. If you set a timeout in
-an SSL_CTX, all new SSL's created will inherit the timeout. It can be over
-written by the SSL_set_timeout(SSL *s,unsigned long t) function call.
-If you 'set' the timeout back to 0, the system default will be used.
-
-SSL_SESSION *SSL_SESSION_new();
-void SSL_SESSION_free(SSL_SESSION *ses);
-These 2 functions are used to create and dispose of SSL_SESSION functions.
-You should not ever normally need to use them unless you are using
-i2d_SSL_SESSION() and/or d2i_SSL_SESSION(). If you 'load' a SSL_SESSION
-via d2i_SSL_SESSION(), you will need to SSL_SESSION_free() it.
-Both SSL_set_session() and SSL_CTX_add_session() will 'take copies' of the
-structure (via reference counts) when it is passed to them.
-
-SSL_CTX_flush_sessions(ctx,time);
-The first function will clear all sessions from the cache, which have expired
-relative to 'time' (which could just be time(NULL)).
-
-SSL_CTX_flush_sessions(ctx,0);
-This is a special case that clears everything.
-
-As a final comment, a 'session' is not enough to establish a new
-connection. If a session has timed out, a certificate and private key
-need to have been associated with the SSL structure.
-SSL_copy_session_id(SSL *to,SSL *from); will copy not only the session
-strucutre but also the private key and certificate associated with
-'from'.
-
-EXAMPLES.
-
-So lets play at being a weird SSL server.
-
-/* setup a context */
-ctx=SSL_CTX_new();
-
-/* Lets load some session from binary into the cache, why one would do
- * this is not toally clear, but passing between programs does make sense
- * Perhaps you are using 4096 bit keys and are happy to keep them
- * valid for a week, to avoid the RSA overhead of 15 seconds, I'm not toally
- * sure, perhaps this is a process called from an SSL inetd and this is being
- * passed to the application. */
-session=d2i_SSL_SESSION(....)
-SSL_CTX_add_session(ctx,session);
-
-/* Lets even add a session from a file */
-session=PEM_read_SSL_SESSION(....)
-SSL_CTX_add_session(ctx,session);
-
-/* create a new SSL structure */
-ssl=SSL_new(ctx);
-
-/* At this point we want to be able to 'create' new session if
- * required, so we need a certificate and RSAkey. */
-SSL_use_RSAPrivateKey_file(ssl,...)
-SSL_use_certificate_file(ssl,...)
-
-/* Now since we are a server, it make little sence to load a session against
- * the ssl strucutre since a SSL_accept() will either create a new session or
- * grab an existing one from the cache. */
-
-/* grab a socket descriptor */
-fd=accept(...);
-
-/* associated it with the ssl strucutre */
-SSL_set_fd(ssl,fd);
-
-SSL_accept(ssl); /* 'do' SSL using out cert and RSA key */
-
-/* Lets print out the session details or lets save it to a file,
- * perhaps with a secret key cipher, so that we can pass it to the FBI
- * when they want to decode the session :-). While we have RSA
- * this does not matter much but when I do SSLv3, this will allow a mechanism
- * for the server/client to record the information needed to decode
- * the traffic that went over the wire, even when using Diffie-Hellman */
-PEM_write_SSL_SESSION(SSL_get_session(ssl),stdout,....)
-
-Lets 'connect' back to the caller using the same session id.
-
-ssl2=SSL_new(ctx);
-fd2=connect(them);
-SSL_set_fd(ssl2,fd2);
-SSL_set_session(ssl2,SSL_get_session(ssl));
-SSL_connect(ssl2);
-
-/* what the hell, lets accept no more connections using this session */
-SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl),SSL_get_session(ssl));
-
-/* we could have just as easily used ssl2 since they both are using the
- * same session.
- * You will note that both ssl and ssl2 are still using the session, and
- * the SSL_SESSION structure will be free()ed when both ssl and ssl2
- * finish using the session. Also note that you could continue to initiate
- * connections using this session by doing SSL_get_session(ssl) to get the
- * existing session, but SSL_accept() will not be able to find it to
- * use for incoming connections.
- * Of corse, the session will timeout at the far end and it will no
- * longer be accepted after a while. The time and timeout are ignored except
- * by SSL_accept(). */
-
-/* Since we have had our server running for 10 weeks, and memory is getting
- * short, perhaps we should clear the session cache to remove those
- * 100000 session entries that have expired. Some may consider this
- * a memory leak :-) */
-
-SSL_CTX_flush_sessions(ctx,time(NULL));
-
-/* Ok, after a bit more time we wish to flush all sessions from the cache
- * so that all new connections will be authenticated and incure the
- * public key operation overhead */
-
-SSL_CTX_flush_sessions(ctx,0);
-
-/* As a final note, to copy everything to do with a SSL, use */
-SSL_copy_session_id(SSL *to,SSL *from);
-/* as this also copies the certificate and RSA key so new session can
- * be established using the same details */
-
-
-==== sha.doc ========================================================
-
-The SHA (Secure Hash Algorithm) library.
-SHA is a message digest algorithm that can be used to condense an arbitrary
-length message down to a 20 byte hash. The functions all need to be passed
-a SHA_CTX which is used to hold the SHA context during multiple SHA_Update()
-function calls. The normal method of use for this library is as follows
-This library contains both SHA and SHA-1 digest algorithms. SHA-1 is
-an update to SHA (which should really be called SHA-0 now) which
-tweaks the algorithm slightly. The SHA-1 algorithm is used by simply
-using SHA1_Init(), SHA1_Update(), SHA1_Final() and SHA1() instead of the
-SHA*() calls
-
-SHA_Init(...);
-SHA_Update(...);
-...
-SHA_Update(...);
-SHA_Final(...);
-
-This library requires the inclusion of 'sha.h'.
-
-The functions are as follows:
-
-void SHA_Init(
-SHA_CTX *c);
- This function needs to be called to initiate a SHA_CTX structure for
- use.
-
-void SHA_Update(
-SHA_CTX *c;
-unsigned char *data;
-unsigned long len);
- This updates the message digest context being generated with 'len'
- bytes from the 'data' pointer. The number of bytes can be any
- length.
-
-void SHA_Final(
-unsigned char *md;
-SHA_CTX *c;
- This function is called when a message digest of the data digested
- with SHA_Update() is wanted. The message digest is put in the 'md'
- array and is SHA_DIGEST_LENGTH (20) bytes long.
-
-unsigned char *SHA(
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
- This function performs a SHA_Init(), followed by a SHA_Update()
- followed by a SHA_Final() (using a local SHA_CTX).
- The resulting digest is put into 'md' if it is not NULL.
- Regardless of the value of 'md', the message
- digest is returned from the function. If 'md' was NULL, the message
- digest returned is being stored in a static structure.
-
-
-==== speed.doc ========================================================
-
-To get an idea of the performance of this library, use
-ssleay speed
-
-perl util/sp-diff.pl file1 file2
-
-will print out the relative differences between the 2 files which are
-expected to be the output from the speed program.
-
-The performace of the library is very dependant on the Compiler
-quality and various flags used to build.
-
----
-
-These are some numbers I did comparing RSAref and SSLeay on a Pentium 100.
-[ These numbers are all out of date, as of SSL - 0.6.1 the RSA
-operations are about 2 times faster, so check the version number ]
-
-RSA performance.
-
-SSLeay 0.6.0
-Pentium 100, 32meg, Windows NT Workstation 3.51
-linux - gcc v 2.7.0 -O3 -fomit-frame-pointer -m486
-and
-Windows NT - Windows NT 3.51 - Visual C++ 4.1 - 586 code + 32bit assember
-Windows 3.1 - Windows NT 3.51 - Visual C++ 1.52c - 286 code + 32bit assember
-NT Dos Shell- Windows NT 3.51 - Visual C++ 1.52c - 286 code + 16bit assember
-
-Times are how long it takes to do an RSA private key operation.
-
- 512bits 1024bits
--------------------------------
-SSLeay NT dll 0.042s 0.202s see above
-SSLeay linux 0.046s 0.218s Assember inner loops (normal build)
-SSLeay linux 0.067s 0.380s Pure C code with BN_LLONG defined
-SSLeay W3.1 dll 0.108s 0.478s see above
-SSLeay linux 0.109s 0.713s C without BN_LLONG.
-RSAref2.0 linux 0.149s 0.936s
-SSLeay MS-DOS 0.197s 1.049s see above
-
-486DX66, 32meg, Windows NT Server 3.51
- 512bits 1024bits
--------------------------------
-SSLeay NT dll 0.084s 0.495s <- SSLeay 0.6.3
-SSLeay NT dll 0.154s 0.882s
-SSLeay W3.1 dll 0.335s 1.538s
-SSLeay MS-DOS 0.490s 2.790s
-
-What I find cute is that I'm still faster than RSAref when using standard C,
-without using the 'long long' data type :-), %35 faster for 512bit and we
-scale up to 3.2 times faster for the 'default linux' build. I should mention
-that people should 'try' to use either x86-lnx.s (elf), x86-lnxa.s or
-x86-sol.s for any x86 based unix they are building on. The only problems
-with be with syntax but the performance gain is quite large, especially for
-servers. The code is very simple, you just need to modify the 'header'.
-
-The message is, if you are stuck using RSAref, the RSA performance will be
-bad. Considering the code was compiled for a pentium, the 486DX66 number
-would indicate 'Use RSAref and turn you Pentium 100 into a 486DX66' :-).
-[ As of verson 0.6.1, it would be correct to say 'turn you pentium 100
- into a 486DX33' :-) ]
-
-I won't tell people if the DLL's are using RSAref or my stuff if no-one
-asks :-).
-
-eric
-
-PS while I know I could speed things up further, I will probably not do
- so due to the effort involved. I did do some timings on the
- SSLeay bignum format -> RSAref number format conversion that occurs
- each time RSAref is used by SSLeay, and the numbers are trivial.
- 0.00012s a call for 512bit vs 0.149s for the time spent in the function.
- 0.00018s for 1024bit vs 0.938s. Insignificant.
- So the 'way to go', to support faster RSA libraries, if people are keen,
- is to write 'glue' code in a similar way that I do for RSAref and send it
- to me :-).
- My base library still has the advantage of being able to operate on
- any size numbers, and is not that far from the performance from the
- leaders in the field. (-%30?)
- [ Well as of 0.6.1 I am now the leader in the filed on x86 (we at
- least very close :-) ]
-
- I suppose I should also mention some other numbers RSAref numbers, again
- on my Pentium.
- DES CBC EDE-DES MD5
- RSAref linux 830k/s 302k/s 4390k/s
- SSLeay linux 855k/s 319k/s 10025k/s
- SSLeay NT 1158k/s 410k/s 10470k/s
- SSLeay w31 378k/s 143k/s 2383k/s (fully 16bit)
-
- Got to admit that Visual C++ 4.[01] is a damn fine compiler :-)
---
-Eric Young | BOOL is tri-state according to Bill Gates.
-AARNet: eay@cryptsoft.com | RTFM Win32 GetMessage().
-
-
-
-
-==== ssl-ciph.doc ========================================================
-
-This is a quick high level summery of how things work now.
-
-Each SSLv2 and SSLv3 cipher is composed of 4 major attributes plus a few extra
-minor ones.
-
-They are 'The key exchange algorithm', which is RSA for SSLv2 but can also
-be Diffle-Hellman for SSLv3.
-
-An 'Authenticion algorithm', which can be RSA, Diffle-Helman, DSS or
-none.
-
-The cipher
-
-The MAC digest.
-
-A cipher can also be an export cipher and is either an SSLv2 or a
-SSLv3 ciphers.
-
-To specify which ciphers to use, one can either specify all the ciphers,
-one at a time, or use 'aliases' to specify the preference and order for
-the ciphers.
-
-There are a large number of aliases, but the most importaint are
-kRSA, kDHr, kDHd and kEDH for key exchange types.
-
-aRSA, aDSS, aNULL and aDH for authentication
-DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers
-MD5, SHA0 and SHA1 digests
-
-Now where this becomes interesting is that these can be put together to
-specify the order and ciphers you wish to use.
-
-To speed this up there are also aliases for certian groups of ciphers.
-The main ones are
-SSLv2 - all SSLv2 ciphers
-SSLv3 - all SSLv3 ciphers
-EXP - all export ciphers
-LOW - all low strngth ciphers (no export ciphers, normally single DES)
-MEDIUM - 128 bit encryption
-HIGH - Triple DES
-
-These aliases can be joined in a : separated list which specifies to
-add ciphers, move them to the current location and delete them.
-
-A simpler way to look at all of this is to use the 'ssleay ciphers -v' command.
-The default library cipher spec is
-!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP
-which means, first, remove from consideration any ciphers that do not
-authenticate. Next up, use ciphers using RC4 and RSA. Next include the HIGH,
-MEDIUM and the LOW security ciphers. Finish up by adding all the export
-ciphers on the end, then 'pull' all the SSLv2 and export ciphers to
-the end of the list.
-
-The results are
-$ ssleay ciphers -v '!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP'
-
-RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
-RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
-EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
-EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
-DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
-IDEA-CBC-MD5 SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1
-DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
-DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5
-DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5
-IDEA-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5
-RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5
-RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
-EXP-EDH-RSA-DES-CBC SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
-EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
-EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
-EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
-EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
-EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
-EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
-
-I would recoment people use the 'ssleay ciphers -v "text"'
-command to check what they are going to use.
-
-Anyway, I'm falling asleep here so I'll do some more tomorrow.
-
-eric
-
-==== ssl.doc ========================================================
-
-SSL_CTX_sessions(SSL_CTX *ctx) - the session-id hash table.
-
-/* Session-id cache stats */
-SSL_CTX_sess_number
-SSL_CTX_sess_connect
-SSL_CTX_sess_connect_good
-SSL_CTX_sess_accept
-SSL_CTX_sess_accept_good
-SSL_CTX_sess_hits
-SSL_CTX_sess_cb_hits
-SSL_CTX_sess_misses
-SSL_CTX_sess_timeouts
-
-/* Session-id application notification callbacks */
-SSL_CTX_sess_set_new_cb
-SSL_CTX_sess_get_new_cb
-SSL_CTX_sess_set_get_cb
-SSL_CTX_sess_get_get_cb
-
-/* Session-id cache operation mode */
-SSL_CTX_set_session_cache_mode
-SSL_CTX_get_session_cache_mode
-
-/* Set default timeout values to use. */
-SSL_CTX_set_timeout
-SSL_CTX_get_timeout
-
-/* Global SSL initalisation informational callback */
-SSL_CTX_set_info_callback
-SSL_CTX_get_info_callback
-SSL_set_info_callback
-SSL_get_info_callback
-
-/* If the SSL_accept/SSL_connect returned with -1, these indicate when
- * we should re-call *.
-SSL_want
-SSL_want_nothing
-SSL_want_read
-SSL_want_write
-SSL_want_x509_lookup
-
-/* Where we are in SSL initalisation, used in non-blocking, perhaps
- * have a look at ssl/bio_ssl.c */
-SSL_state
-SSL_is_init_finished
-SSL_in_init
-SSL_in_connect_init
-SSL_in_accept_init
-
-/* Used to set the 'inital' state so SSL_in_connect_init and SSL_in_accept_init
- * can be used to work out which function to call. */
-SSL_set_connect_state
-SSL_set_accept_state
-
-/* Where to look for certificates for authentication */
-SSL_set_default_verify_paths /* calles SSL_load_verify_locations */
-SSL_load_verify_locations
-
-/* get info from an established connection */
-SSL_get_session
-SSL_get_certificate
-SSL_get_SSL_CTX
-
-SSL_CTX_new
-SSL_CTX_free
-SSL_new
-SSL_clear
-SSL_free
-
-SSL_CTX_set_cipher_list
-SSL_get_cipher
-SSL_set_cipher_list
-SSL_get_cipher_list
-SSL_get_shared_ciphers
-
-SSL_accept
-SSL_connect
-SSL_read
-SSL_write
-
-SSL_debug
-
-SSL_get_read_ahead
-SSL_set_read_ahead
-SSL_set_verify
-
-SSL_pending
-
-SSL_set_fd
-SSL_set_rfd
-SSL_set_wfd
-SSL_set_bio
-SSL_get_fd
-SSL_get_rbio
-SSL_get_wbio
-
-SSL_use_RSAPrivateKey
-SSL_use_RSAPrivateKey_ASN1
-SSL_use_RSAPrivateKey_file
-SSL_use_PrivateKey
-SSL_use_PrivateKey_ASN1
-SSL_use_PrivateKey_file
-SSL_use_certificate
-SSL_use_certificate_ASN1
-SSL_use_certificate_file
-
-ERR_load_SSL_strings
-SSL_load_error_strings
-
-/* human readable version of the 'state' of the SSL connection. */
-SSL_state_string
-SSL_state_string_long
-/* These 2 report what kind of IO operation the library was trying to
- * perform last. Probably not very usefull. */
-SSL_rstate_string
-SSL_rstate_string_long
-
-SSL_get_peer_certificate
-
-SSL_SESSION_new
-SSL_SESSION_print_fp
-SSL_SESSION_print
-SSL_SESSION_free
-i2d_SSL_SESSION
-d2i_SSL_SESSION
-
-SSL_get_time
-SSL_set_time
-SSL_get_timeout
-SSL_set_timeout
-SSL_copy_session_id
-SSL_set_session
-SSL_CTX_add_session
-SSL_CTX_remove_session
-SSL_CTX_flush_sessions
-
-BIO_f_ssl
-
-/* used to hold information as to why a certificate verification failed */
-SSL_set_verify_result
-SSL_get_verify_result
-
-/* can be used by the application to associate data with an SSL structure.
- * It needs to be 'free()ed' by the application */
-SSL_set_app_data
-SSL_get_app_data
-
-/* The following all set values that are kept in the SSL_CTX but
- * are used as the default values when an SSL session is created.
- * They are over writen by the relevent SSL_xxxx functions */
-
-/* SSL_set_verify */
-void SSL_CTX_set_default_verify
-
-/* This callback, if set, totaly overrides the normal SSLeay verification
- * functions and should return 1 on success and 0 on failure */
-void SSL_CTX_set_cert_verify_callback
-
-/* The following are the same as the equivilent SSL_xxx functions.
- * Only one copy of this information is kept and if a particular
- * SSL structure has a local override, it is totally separate structure.
- */
-int SSL_CTX_use_RSAPrivateKey
-int SSL_CTX_use_RSAPrivateKey_ASN1
-int SSL_CTX_use_RSAPrivateKey_file
-int SSL_CTX_use_PrivateKey
-int SSL_CTX_use_PrivateKey_ASN1
-int SSL_CTX_use_PrivateKey_file
-int SSL_CTX_use_certificate
-int SSL_CTX_use_certificate_ASN1
-int SSL_CTX_use_certificate_file
-
-
-==== ssl_ctx.doc ========================================================
-
-This is now a bit dated, quite a few of the SSL_ functions could be
-SSL_CTX_ functions. I will update this in the future. 30 Aug 1996
-
-From eay@orb.mincom.oz.au Mon Dec 11 21:37:08 1995
-Received: by orb.mincom.oz.au id AA00696
- (5.65c/IDA-1.4.4 for eay); Mon, 11 Dec 1995 11:37:08 +1000
-Date: Mon, 11 Dec 1995 11:37:08 +1000 (EST)
-From: Eric Young <eay@mincom.oz.au>
-X-Sender: eay@orb
-To: sameer <sameer@c2.org>
-Cc: Eric Young <eay@mincom.oz.au>
-Subject: Re: PEM_readX509 oesn't seem to be working
-In-Reply-To: <199512110102.RAA12521@infinity.c2.org>
-Message-Id: <Pine.SOL.3.91.951211112115.28608D-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Status: RO
-X-Status:
-
-On Sun, 10 Dec 1995, sameer wrote:
-> OK, that's solved. I've found out that it is saying "no
-> certificate set" in SSL_accept because s->conn == NULL
-> so there is some place I need to initialize s->conn that I am
-> not initializing it.
-
-The full order of things for a server should be.
-
-ctx=SSL_CTX_new();
-
-/* The next line should not really be using ctx->cert but I'll leave it
- * this way right now... I don't want a X509_ routine to know about an SSL
- * structure, there should be an SSL_load_verify_locations... hmm, I may
- * add it tonight.
- */
-X509_load_verify_locations(ctx->cert,CAfile,CApath);
-
-/* Ok now for each new connection we do the following */
-con=SSL_new(ctx);
-SSL_set_fd(con,s);
-SSL_set_verify(con,verify,verify_callback);
-
-/* set the certificate and private key to use. */
-SSL_use_certificate_ASN1(con,X509_certificate);
-SSL_use_RSAPrivateKey_ASN1(con,RSA_private_key);
-
-SSL_accept(con);
-
-SSL_read(con)/SSL_write(con);
-
-There is a bit more than that but that is basically the structure.
-
-Create a context and specify where to lookup certificates.
-
-foreach connection
- {
- create a SSL structure
- set the certificate and private key
- do a SSL_accept
-
- we should now be ok
- }
-
-eric
---
-Eric Young | Signature removed since it was generating
-AARNet: eay@mincom.oz.au | more followups than the message contents :-)
-
-
-
-==== ssleay.doc ========================================================
-
-SSLeay: a cryptographic kitchen sink.
-
-1st December 1995
-Way back at the start of April 1995, I was looking for a mindless
-programming project. A friend of mine (Tim Hudson) said "why don't you do SSL,
-it has DES encryption in it and I would not mind using it in a SSL telnet".
-While it was true I had written a DES library in previous years, litle
-did I know what an expansive task SSL would turn into.
-
-First of all, the SSL protocol contains DES encryption. Well and good. My
-DES library was fast and portable. It also contained the RSA's RC4 stream
-cipher. Again, not a problem, some-one had just posted to sci.crypt
-something that was claimed to be RC4. It also contained IDEA, I had the
-specifications, not a problem to implement. MD5, an RFC, trivial, at most
-I could spend a week or so trying to see if I could speed up the
-implementation. All in all a nice set of ciphers.
-Then the first 'expantion of the scope', RSA public key
-encryption. Since I did not knowing a thing about public key encryption
-or number theory, this appeared quite a daunting task. Just writing a
-big number library would be problomatic in itself, let alone making it fast.
-At this point the scope of 'implementing SSL' expands eponentialy.
-First of all, the RSA private keys were being kept in ASN.1 format.
-Thankfully the RSA PKCS series of documents explains this format. So I now
-needed to be able to encode and decode arbitary ASN.1 objects. The Public
-keys were embeded in X509 certificates. Hmm... these are not only
-ASN.1 objects but they make up a heirachy of authentication. To
-authenticate a X509 certificate one needs to retrieve it's issuers
-certificate etc etc. Hmm..., so I also need to implement some kind
-of certificate management software. I would also have to implement
-software to authenticate certificates. At this point the support code made
-the SSL part of my library look quite small.
-Around this time, the first version of SSLeay was released.
-
-Ah, but here was the problem, I was not happy with the code so far. As may
-have become obvious, I had been treating all of this as a learning
-exersize, so I have completely written the library myself. As such, due
-to the way it had grown like a fungus, much of the library was not
-'elagent' or neat. There were global and static variables all over the
-place, the SSL part did not even handle non-blocking IO.
-The Great rewrite began.
-
-As of this point in time, the 'Great rewrite' has almost finished. So what
-follows is an approximate list of what is actually SSLeay 0.5.0
-
-/********* This needs to be updated for 0.6.0+ *************/
-
----
-The library contains the following routines. Please note that most of these
-functions are not specfic for SSL or any other particular cipher
-implementation. I have tried to make all the routines as general purpose
-as possible. So you should not think of this library as an SSL
-implemtation, but rather as a library of cryptographic functions
-that also contains SSL. I refer to each of these function groupings as
-libraries since they are often capable of functioning as independant
-libraries
-
-First up, the general ciphers and message digests supported by the library.
-
-MD2 rfc???, a standard 'by parts' interface to this algorithm.
-MD5 rfc???, the same type of interface as for the MD2 library except a
- different algorithm.
-SHA THe Secure Hash Algorithm. Again the same type of interface as
- MD2/MD5 except the digest is 20 bytes.
-SHA1 The 'revised' version of SHA. Just about identical to SHA except
- for one tweak of an inner loop.
-DES This is my libdes library that has been floating around for the last
- few years. It has been enhanced for no other reason than completeness.
- It now supports ecb, cbc, cfb, ofb, cfb64, ofb64 in normal mode and
- triple DES modes of ecb, cbc, cfb64 and ofb64. cfb64 and ofb64 are
- functional interfaces to the 64 bit modes of cfb and ofb used in
- such a way thay they function as single character interfaces.
-RC4 The RSA Inc. stream cipher.
-RC2 The RSA Inc. block cipher.
-IDEA An implmentation of the IDEA cipher, the library supports ecb, cbc,
- cfb64 and ofb64 modes of operation.
-
-Now all the above mentioned ciphers and digests libraries support high
-speed, minimal 'crap in the way' type interfaces. For fastest and
-lowest level access, these routines should be used directly.
-
-Now there was also the matter of public key crypto systems. These are
-based on large integer arithmatic.
-
-BN This is my large integer library. It supports all the normal
- arithmentic operations. It uses malloc extensivly and as such has
- no limits of the size of the numbers being manipulated. If you
- wish to use 4000 bit RSA moduli, these routines will handle it.
- This library also contains routines to 'generate' prime numbers and
- to test for primality. The RSA and DH libraries sit on top of this
- library. As of this point in time, I don't support SHA, but
- when I do add it, it will just sit on top of the routines contained
- in this library.
-RSA This implements the RSA public key algorithm. It also contains
- routines that will generate a new private/public key pair.
- All the RSA functions conform to the PKCS#1 standard.
-DH This is an implementation of the
- Diffie-Hellman protocol. There are all the require routines for
- the protocol, plus extra routines that can be used to generate a
- strong prime for use with a specified generator. While this last
- routine is not generally required by applications implementing DH,
- It is present for completeness and because I thing it is much
- better to be able to 'generate' your own 'magic' numbers as oposed
- to using numbers suplied by others. I conform to the PKCS#3
- standard where required.
-
-You may have noticed the preceeding section mentions the 'generation' of
-prime numbers. Now this requries the use of 'random numbers'.
-
-RAND This psuedo-random number library is based on MD5 at it's core
- and a large internal state (2k bytes). Once you have entered enough
- seed data into this random number algorithm I don't feel
- you will ever need to worry about it generating predictable output.
- Due to the way I am writing a portable library, I have left the
- issue of how to get good initial random seed data upto the
- application but I do have support routines for saving and loading a
- persistant random number state for use between program runs.
-
-Now to make all these ciphers easier to use, a higher level
-interface was required. In this form, the same function would be used to
-encrypt 'by parts', via any one of the above mentioned ciphers.
-
-EVP The Digital EnVeloPe library is quite large. At it's core are
- function to perform encryption and decryption by parts while using
- an initial parameter to specify which of the 17 different ciphers
- or 4 different message digests to use. On top of these are implmented
- the digital signature functions, sign, verify, seal and open.
- Base64 encoding of binary data is also done in this library.
-
-PEM rfc???? describe the format for Privacy Enhanced eMail.
- As part of this standard, methods of encoding digital enveloped
- data is an ascii format are defined. As such, I use a form of these
- to encode enveloped data. While at this point in time full support
- for PEM has not been built into the library, a minimal subset of
- the secret key and Base64 encoding is present. These reoutines are
- mostly used to Ascii encode binary data with a 'type' associated
- with it and perhaps details of private key encryption used to
- encrypt the data.
-
-PKCS7 This is another Digital Envelope encoding standard which uses ASN.1
- to encode the data. At this point in time, while there are some
- routines to encode and decode this binary format, full support is
- not present.
-
-As Mentioned, above, there are several different ways to encode
-data structures.
-
-ASN1 This library is more a set of primatives used to encode the packing
- and unpacking of data structures. It is used by the X509
- certificate standard and by the PKCS standards which are used by
- this library. It also contains routines for duplicating and signing
- the structures asocisated with X509.
-
-X509 The X509 library contains routines for packing and unpacking,
- verifying and just about every thing else you would want to do with
- X509 certificates.
-
-PKCS7 PKCS-7 is a standard for encoding digital envelope data
- structures. At this point in time the routines will load and save
- DER forms of these structees. They need to be re-worked to support
- the BER form which is the normal way PKCS-7 is encoded. If the
- previous 2 sentances don't make much sense, don't worry, this
- library is not used by this version of SSLeay anyway.
-
-OBJ ASN.1 uses 'object identifiers' to identify objects. A set of
- functions were requred to translate from ASN.1 to an intenger, to a
- character string. This library provieds these translations
-
-Now I mentioned an X509 library. X509 specified a hieachy of certificates
-which needs to be traversed to authenticate particular certificates.
-
-METH This library is used to push 'methods' of retrieving certificates
- into the library. There are some supplied 'methods' with SSLeay
- but applications can add new methods if they so desire.
- This library has not been finished and is not being used in this
- version.
-
-Now all the above are required for use in the initial point of this project.
-
-SSL The SSL protocol. This is a full implmentation of SSL v 2. It
- support both server and client authentication. SSL v 3 support
- will be added when the SSL v 3 specification is released in it's
- final form.
-
-Now quite a few of the above mentioned libraries rely on a few 'complex'
-data structures. For each of these I have a library.
-
-Lhash This is a hash table library which is used extensivly.
-
-STACK An implemetation of a Stack data structure.
-
-BUF A simple character array structure that also support a function to
- check that the array is greater that a certain size, if it is not,
- it is realloced so that is it.
-
-TXT_DB A simple memory based text file data base. The application can specify
- unique indexes that will be enforced at update time.
-
-CONF Most of the programs written for this library require a configuration
- file. Instead of letting programs constantly re-implment this
- subsystem, the CONF library provides a consistant and flexable
- interface to not only configuration files but also environment
- variables.
-
-But what about when something goes wrong?
-The one advantage (and perhaps disadvantage) of all of these
-functions being in one library was the ability to implement a
-single error reporting system.
-
-ERR This library is used to report errors. The error system records
- library number, function number (in the library) and reason
- number. Multiple errors can be reported so that an 'error' trace
- is created. The errors can be printed in numeric or textual form.
-
-
-==== ssluse.doc ========================================================
-
-We have an SSL_CTX which contains global information for lots of
-SSL connections. The session-id cache and the certificate verificate cache.
-It also contains default values for use when certificates are used.
-
-SSL_CTX
- default cipher list
- session-id cache
- certificate cache
- default session-id timeout period
- New session-id callback
- Required session-id callback
- session-id stats
- Informational callback
- Callback that is set, overrides the SSLeay X509 certificate
- verification
- The default Certificate/Private Key pair
- Default read ahead mode.
- Default verify mode and verify callback. These are not used
- if the over ride callback mentioned above is used.
-
-Each SSL can have the following defined for it before a connection is made.
-
-Certificate
-Private key
-Ciphers to use
-Certificate verify mode and callback
-IO object to use in the comunication.
-Some 'read-ahead' mode information.
-A previous session-id to re-use.
-
-A connection is made by using SSL_connect or SSL_accept.
-When non-blocking IO is being used, there are functions that can be used
-to determin where and why the SSL_connect or SSL_accept did not complete.
-This information can be used to recall the functions when the 'error'
-condition has dissapeared.
-
-After the connection has been made, information can be retrived about the
-SSL session and the session-id values that have been decided apon.
-The 'peer' certificate can be retrieved.
-
-The session-id values include
-'start time'
-'timeout length'
-
-
-
-==== stack.doc ========================================================
-
-The stack data structure is used to store an ordered list of objects.
-It is basically misnamed to call it a stack but it can function that way
-and that is what I originally used it for. Due to the way element
-pointers are kept in a malloc()ed array, the most efficient way to use this
-structure is to add and delete elements from the end via sk_pop() and
-sk_push(). If you wish to do 'lookups' sk_find() is quite efficient since
-it will sort the stack (if required) and then do a binary search to lookup
-the requested item. This sorting occurs automatically so just sk_push()
-elements on the stack and don't worry about the order. Do remember that if
-you do a sk_find(), the order of the elements will change.
-
-You should never need to 'touch' this structure directly.
-typedef struct stack_st
- {
- unsigned int num;
- char **data;
- int sorted;
-
- unsigned int num_alloc;
- int (*comp)();
- } STACK;
-
-'num' holds the number of elements in the stack, 'data' is the array of
-elements. 'sorted' is 1 is the list has been sorted, 0 if not.
-
-num_alloc is the number of 'nodes' allocated in 'data'. When num becomes
-larger than num_alloc, data is realloced to a larger size.
-If 'comp' is set, it is a function that is used to compare 2 of the items
-in the stack. The function should return -1, 0 or 1, depending on the
-ordering.
-
-#define sk_num(sk) ((sk)->num)
-#define sk_value(sk,n) ((sk)->data[n])
-
-These 2 macros should be used to access the number of elements in the
-'stack' and to access a pointer to one of the values.
-
-STACK *sk_new(int (*c)());
- This creates a new stack. If 'c', the comparison function, is not
-specified, the various functions that operate on a sorted 'stack' will not
-work (sk_find()). NULL is returned on failure.
-
-void sk_free(STACK *);
- This function free()'s a stack structure. The elements in the
-stack will not be freed so one should 'pop' and free all elements from the
-stack before calling this function or call sk_pop_free() instead.
-
-void sk_pop_free(STACK *st; void (*func)());
- This function calls 'func' for each element on the stack, passing
-the element as the argument. sk_free() is then called to free the 'stack'
-structure.
-
-int sk_insert(STACK *sk,char *data,int where);
- This function inserts 'data' into stack 'sk' at location 'where'.
-If 'where' is larger that the number of elements in the stack, the element
-is put at the end. This function tends to be used by other 'stack'
-functions. Returns 0 on failure, otherwise the number of elements in the
-new stack.
-
-char *sk_delete(STACK *st,int loc);
- Remove the item a location 'loc' from the stack and returns it.
-Returns NULL if the 'loc' is out of range.
-
-char *sk_delete_ptr(STACK *st, char *p);
- If the data item pointed to by 'p' is in the stack, it is deleted
-from the stack and returned. NULL is returned if the element is not in the
-stack.
-
-int sk_find(STACK *st,char *data);
- Returns the location that contains a value that is equal to
-the 'data' item. If the comparison function was not set, this function
-does a linear search. This function actually qsort()s the stack if it is not
-in order and then uses bsearch() to do the initial search. If the
-search fails,, -1 is returned. For mutliple items with the same
-value, the index of the first in the array is returned.
-
-int sk_push(STACK *st,char *data);
- Append 'data' to the stack. 0 is returned if there is a failure
-(due to a malloc failure), else 1. This is
-sk_insert(st,data,sk_num(st));
-
-int sk_unshift(STACK *st,char *data);
- Prepend 'data' to the front (location 0) of the stack. This is
-sk_insert(st,data,0);
-
-char *sk_shift(STACK *st);
- Return and delete from the stack the first element in the stack.
-This is sk_delete(st,0);
-
-char *sk_pop(STACK *st);
- Return and delete the last element on the stack. This is
-sk_delete(st,sk_num(sk)-1);
-
-void sk_zero(STACK *st);
- Removes all items from the stack. It does not 'free'
-pointers but is a quick way to clear a 'stack of references'.
-
-==== threads.doc ========================================================
-
-How to compile SSLeay for multi-threading.
-
-Well basically it is quite simple, set the compiler flags and build.
-I have only really done much testing under Solaris and Windows NT.
-If you library supports localtime_r() and gmtime_r() add,
--DTHREADS to the makefile parameters. You can probably survive with out
-this define unless you are going to have multiple threads generating
-certificates at once. It will not affect the SSL side of things.
-
-The approach I have taken to doing locking is to make the application provide
-callbacks to perform locking and so that the SSLeay library can distinguish
-between threads (for the error state).
-
-To have a look at an example program, 'cd mt; vi mttest.c'.
-To build under solaris, sh solaris.sh, for Windows NT or Windows 95,
-win32.bat
-
-This will build mttest which will fire up 10 threads that talk SSL
-to each other 10 times.
-To enable everything to work, the application needs to call
-
-CRYPTO_set_id_callback(id_function);
-CRYPTO_set_locking_callback(locking_function);
-
-before any multithreading is started.
-id_function does not need to be defined under Windows NT or 95, the
-correct function will be called if it is not. Under unix, getpid()
-is call if the id_callback is not defined, for Solaris this is wrong
-(since threads id's are not pid's) but under Linux it is correct
-(threads are just processes sharing the data segement).
-
-The locking_callback is used to perform locking by the SSLeay library.
-eg.
-
-void solaris_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
- {
- if (mode & CRYPTO_LOCK)
- mutex_lock(&(lock_cs[type]));
- else
- mutex_unlock(&(lock_cs[type]));
- }
-
-Now in this case I have used mutexes instead of read/write locks, since they
-are faster and there are not many read locks in SSLeay, you may as well
-always use write locks. file and line are __FILE__ and __LINE__ from
-the compile and can be usefull when debugging.
-
-Now as you can see, 'type' can be one of a range of values, these values are
-defined in crypto/crypto.h
-CRYPTO_get_lock_name(type) will return a text version of what the lock is.
-There are CRYPTO_NUM_LOCKS locks required, so under solaris, the setup
-for multi-threading can be
-
-static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
-
-void thread_setup()
- {
- int i;
-
- for (i=0; i<CRYPTO_NUM_LOCKS; i++)
- mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
- CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
- CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
- }
-
-As a final note, under Windows NT or Windows 95, you have to be careful
-not to mix the various threaded, unthreaded and debug libraries.
-Normally if they are mixed incorrectly, mttest will crash just after printing
-out some usage statistics at the end. This is because the
-different system libraries use different malloc routines and if
-data is malloc()ed inside crypt32.dll or ssl32.dll and then free()ed by a
-different library malloc, things get very confused.
-
-The default SSLeay DLL builds use /MD, so if you use this on your
-application, things will work as expected. If you use /MDd,
-you will probably have to rebuild SSLeay using this flag.
-I should modify util/mk1mf.pl so it does all this correctly, but
-this has not been done yet.
-
-One last warning. Because locking overheads are actually quite large, the
-statistics collected against the SSL_CTX for successfull connections etc
-are not locked when updated. This does make it possible for these
-values to be slightly lower than they should be, if you are
-running multithreaded on a multi-processor box, but this does not really
-matter much.
-
-
-==== txt_db.doc ========================================================
-
-TXT_DB, a simple text based in memory database.
-
-It holds rows of ascii data, for which the only special character is '\0'.
-The rows can be of an unlimited length.
-
-==== why.doc ========================================================
-
-This file is more of a note for other people who wish to understand why
-the build environment is the way it is :-).
-
-The include files 'depend' as follows.
-Each of
-crypto/*/*.c includes crypto/cryptlib.h
-ssl/*.c include ssl/ssl_locl.h
-apps/*.c include apps/apps.h
-crypto/cryptlib.h, ssl/ssl_locl.h and apps/apps.h
-all include e_os.h which contains OS/environment specific information.
-If you need to add something todo with a particular environment,
-add it to this file. It is worth remembering that quite a few libraries,
-like lhash, des, md, sha etc etc do not include crypto/cryptlib.h. This
-is because these libraries should be 'independantly compilable' and so I
-try to keep them this way.
-e_os.h is not so much a part of SSLeay, as the placing in one spot all the
-evil OS dependant muck.
-
-I wanted to automate as many things as possible. This includes
-error number generation. A
-make errors
-will scan the source files for error codes, append them to the correct
-header files, and generate the functions to print the text version
-of the error numbers. So don't even think about adding error numbers by
-hand, put them in the form
-XXXerr(XXXX_F_XXXX,YYYY_R_YYYY);
-on line and it will be automatically picked up my a make errors.
-
-In a similar vein, programs to be added into ssleay in the apps directory
-just need to have an entry added to E_EXE in makefile.ssl and
-everthing will work as expected. Don't edit progs.h by hand.
-
-make links re-generates the symbolic links that are used. The reason why
-I keep everything in its own directory, and don't put all the
-test programs and header files in 'test' and 'include' is because I want
-to keep the 'sub-libraries' independant. I still 'pull' out
-indervidual libraries for use in specific projects where the code is
-required. I have used the 'lhash' library in just about every software
-project I have worked on :-).
-
-make depend generates dependancies and
-make dclean removes them.
-
-You will notice that I use perl quite a bit when I could be using 'sed'.
-The reason I decided to do this was to just stick to one 'extra' program.
-For Windows NT, I have perl and no sed.
-
-The util/mk1mf.pl program can be used to generate a single makefile.
-I use this because makefiles under Microsoft are horrific.
-Each C compiler seems to have different linker formats, which have
-to be used because the retarted C compilers explode when you do
-cl -o file *.o.
-
-Now some would argue that I should just use the single makefile. I don't
-like it during develoment for 2 reasons. First, the actuall make
-command takes a long time. For my current setup, if I'm in
-crypto/bn and I type make, only the crypto/bn directory gets rebuilt,
-which is nice when you are modifying prototypes in bn.h which
-half the SSLeay depends on. The second is that to add a new souce file
-I just plonk it in at the required spot in the local makefile. This
-then alows me to keep things local, I don't need to modify a 'global'
-tables (the make for unix, the make for NT, the make for w31...).
-When I am ripping apart a library structure, it is nice to only
-have to worry about one directory :-).
-
-Having said all this, for the hell of it I put together 2 files that
-#include all the souce code (generated by doing a ls */*.o after a build).
-crypto.c takes only 30 seconds to build under NT and 2 minutes under linux
-for my pentium100. Much faster that the normal build :-).
-Again, the problem is that when using libraries, every program linked
-to libcrypto.a would suddenly get 330k of library when it may only need
-1k. This technique does look like a nice way to do shared libraries though.
-
-Oh yes, as a final note, to 'build' a distribution, I just type
-make dist.
-This cleans and packages everything. The directory needs to be called
-SSLeay since the make does a 'cd ..' and renames and tars things up.
-
-==== req.1 ========================================================
-
-The 'req' command is used to manipulate and deal with pkcs#10
-certificate requests.
-
-It's default mode of operation is to load a certificate and then
-write it out again.
-
-By default the 'req' is read from stdin in 'PEM' format.
-The -inform option can be used to specify 'pem' format or 'der'
-format. PEM format is the base64 encoding of the DER format.
-
-By default 'req' then writes the request back out. -outform can be used
-to indicate the desired output format, be it 'pem' or 'der'.
-
-To specify an input file, use the '-in' option and the '-out' option
-can be used to specify the output file.
-
-If you wish to perform a command and not output the certificate
-request afterwards, use the '-noout' option.
-
-When a certificate is loaded, it can be printed in a human readable
-ascii format via the '-text' option.
-
-To check that the signature on a certificate request is correct, use
-the '-verify' option to make sure that the private key contained in the
-certificate request corresponds to the signature.
-
-Besides the default mode, there is also the 'generate a certificate
-request' mode. There are several flags that trigger this mode.
-
--new will generate a new RSA key (if required) and then prompts
-the user for details for the certificate request.
--newkey has an argument that is the number of bits to make the new
-key. This function also triggers '-new'.
-
-The '-new' option can have a key to use specified instead of having to
-load one, '-key' is used to specify the file containg the key.
--keyform can be used to specify the format of the key. Only
-'pem' and 'der' formats are supported, later, 'netscape' format may be added.
-
-Finally there is the '-x509' options which makes req output a self
-signed x509 certificate instead of a certificate request.
-
-Now as you may have noticed, there are lots of default options that
-cannot be specified via the command line. They are held in a 'template'
-or 'configuration file'. The -config option specifies which configuration
-file to use. See conf.doc for details on the syntax of this file.
-
-The req command uses the 'req' section of the config file.
-
----
-# The following variables are defined. For this example I will populate
-# the various values
-[ req ]
-default_bits = 512 # default number of bits to use.
-default_keyfile = testkey.pem # Where to write the generated keyfile
- # if not specified.
-distinguished_name= req_dn # The section that contains the
- # information about which 'object' we
- # want to put in the DN.
-attributes = req_attr # The objects we want for the
- # attributes field.
-encrypt_rsa_key = no # Should we encrypt newly generated
- # keys. I strongly recommend 'yes'.
-
-# The distinguished name section. For the following entries, the
-# object names must exist in the SSLeay header file objects.h. If they
-# do not, they will be silently ignored. The entries have the following
-# format.
-# <object_name> => string to prompt with
-# <object_name>_default => default value for people
-# <object_name>_value => Automatically use this value for this field.
-# <object_name>_min => minimum number of characters for data (def. 0)
-# <object_name>_max => maximum number of characters for data (def. inf.)
-# All of these entries are optional except for the first one.
-[ req_dn ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Queensland
-
-localityName = Locality Name (eg, city)
-
-organizationName = Organization Name (eg, company)
-organizationName_default = Mincom Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-organizationalUnitName_default = MTR
-
-commonName = Common Name (eg, YOUR name)
-commonName_max = 64
-
-emailAddress = Email Address
-emailAddress_max = 40
-
-# The next section is the attributes section. This is exactly the
-# same as for the previous section except that the resulting objects are
-# put in the attributes field.
-[ req_attr ]
-challengePassword = A challenge password
-challengePassword_min = 4
-challengePassword_max = 20
-
-unstructuredName = An optional company name
-
-----
-Also note that the order that attributes appear in this file is the
-order they will be put into the distinguished name.
-
-Once this request has been generated, it can be sent to a CA for
-certifying.
-
-----
-A few quick examples....
-
-To generate a new request and a new key
-req -new
-
-To generate a new request and a 1058 bit key
-req -newkey 1058
-
-To generate a new request using a pre-existing key
-req -new -key key.pem
-
-To generate a self signed x509 certificate from a certificate
-request using a supplied key, and we want to see the text form of the
-output certificate (which we will put in the file selfSign.pem
-req -x509 -in req.pem -key key.pem -text -out selfSign.pem
-
-Verify that the signature is correct on a certificate request.
-req -verify -in req.pem
-
-Verify that the signature was made using a specified public key.
-req -verify -in req.pem -key key.pem
-
-Print the contents of a certificate request
-req -text -in req.pem
-
-==== danger ========================================================
-
-If you specify a SSLv2 cipher, and the mode is SSLv23 and the server
-can talk SSLv3, it will claim there is no cipher since you should be
-using SSLv3.
-
-When tracing debug stuff, remember BIO_s_socket() is different to
-BIO_s_connect().
-
-BSD/OS assember is not working
-
diff --git a/crypto/openssl/doc/standards.txt b/crypto/openssl/doc/standards.txt
deleted file mode 100644
index bda55d1..0000000
--- a/crypto/openssl/doc/standards.txt
+++ /dev/null
@@ -1,272 +0,0 @@
-Standards related to OpenSSL
-============================
-
-[Please, this is currently a draft. I made a first try at finding
- documents that describe parts of what OpenSSL implements. There are
- big gaps, and I've most certainly done something wrong. Please
- correct whatever is... Also, this note should be removed when this
- file is reaching a somewhat correct state. -- Richard Levitte]
-
-
-All pointers in here will be either URL's or blobs of text borrowed
-from miscellaneous indexes, like rfc-index.txt (index of RFCs),
-1id-index.txt (index of Internet drafts) and the like.
-
-To find the latest possible RFCs, it's recommended to either browse
-ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
-use the search mechanism found there.
-To find the latest possible Internet drafts, it's recommended to
-browse ftp://ftp.isi.edu/internet-drafts/.
-To find the latest possible PKCS, it's recommended to browse
-http://www.rsasecurity.com/rsalabs/pkcs/.
-
-
-Implemented:
-------------
-
-These are documents that describe things that are implemented (in
-whole or at least great parts) in OpenSSL.
-
-1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
- (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
-
-1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
- TXT=32407 bytes) (Status: INFORMATIONAL)
-
-1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
- TXT=35222 bytes) (Status: INFORMATIONAL)
-
-2246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
- (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
-
-2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
- January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
-
-2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
- March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
-
-PKCS#8: Private-Key Information Syntax Standard
-
-PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
-
-2560 X.509 Internet Public Key Infrastructure Online Certificate
- Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
- C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
- STANDARD)
-
-2712 Addition of Kerberos Cipher Suites to Transport Layer Security
- (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
- (Status: PROPOSED STANDARD)
-
-2898 PKCS #5: Password-Based Cryptography Specification Version 2.0.
- B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status:
- INFORMATIONAL)
-
-2986 PKCS #10: Certification Request Syntax Specification Version 1.7.
- M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes)
- (Obsoletes RFC2314) (Status: INFORMATIONAL)
-
-3174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones.
- September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL)
-
-3268 Advanced Encryption Standard (AES) Ciphersuites for Transport
- Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes)
- (Status: PROPOSED STANDARD)
-
-3279 Algorithms and Identifiers for the Internet X.509 Public Key
- Infrastructure Certificate and Certificate Revocation List (CRL)
- Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format:
- TXT=53833 bytes) (Status: PROPOSED STANDARD)
-
-3280 Internet X.509 Public Key Infrastructure Certificate and
- Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W.
- Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
- RFC2459) (Status: PROPOSED STANDARD)
-
-3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
- Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003.
- (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:
- INFORMATIONAL)
-
-3713 A Description of the Camellia Encryption Algorithm. M. Matsui,
- J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes)
- (Status: INFORMATIONAL)
-
-3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate
- Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson.
- June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD)
-
-4132 Addition of Camellia Cipher Suites to Transport Layer Security
- (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590
- bytes) (Status: PROPOSED STANDARD)
-
-Related:
---------
-
-These are documents that are close to OpenSSL, for example the
-STARTTLS documents.
-
-1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
- Encryption and Authentication Procedures. J. Linn. February 1993.
- (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
- STANDARD)
-
-1422 Privacy Enhancement for Internet Electronic Mail: Part II:
- Certificate-Based Key Management. S. Kent. February 1993. (Format:
- TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
-
-1423 Privacy Enhancement for Internet Electronic Mail: Part III:
- Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
- (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
- STANDARD)
-
-1424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
- Certification and Related Services. B. Kaliski. February 1993.
- (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
-
-2025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October
- 1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD)
-
-2510 Internet X.509 Public Key Infrastructure Certificate Management
- Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178
- bytes) (Status: PROPOSED STANDARD)
-
-2511 Internet X.509 Certificate Request Message Format. M. Myers, C.
- Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes)
- (Status: PROPOSED STANDARD)
-
-2527 Internet X.509 Public Key Infrastructure Certificate Policy and
- Certification Practices Framework. S. Chokhani, W. Ford. March 1999.
- (Format: TXT=91860 bytes) (Status: INFORMATIONAL)
-
-2538 Storing Certificates in the Domain Name System (DNS). D. Eastlake
- 3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status:
- PROPOSED STANDARD)
-
-2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS).
- D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status:
- PROPOSED STANDARD)
-
-2559 Internet X.509 Public Key Infrastructure Operational Protocols -
- LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format:
- TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD)
-
-2585 Internet X.509 Public Key Infrastructure Operational Protocols:
- FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
- bytes) (Status: PROPOSED STANDARD)
-
-2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S.
- Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes)
- (Status: PROPOSED STANDARD)
-
-2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
- (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
-
-2631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999.
- (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD)
-
-2632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June
- 1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD)
-
-2716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October
- 1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL)
-
-2773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace.
- February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status:
- EXPERIMENTAL)
-
-2797 Certificate Management Messages over CMS. M. Myers, X. Liu, J.
- Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status:
- PROPOSED STANDARD)
-
-2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
- 2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
- STANDARD)
-
-2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
- (Status: INFORMATIONAL)
-
-2876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July
- 2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL)
-
-2984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams.
- October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD)
-
-2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0.
- M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes)
- (Status: INFORMATIONAL)
-
-3029 Internet X.509 Public Key Infrastructure Data Validation and
- Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev,
- R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status:
- EXPERIMENTAL)
-
-3039 Internet X.509 Public Key Infrastructure Qualified Certificates
- Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001.
- (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD)
-
-3058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P.
- Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes)
- (Status: INFORMATIONAL)
-
-3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol
- (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001.
- (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD)
-
-3185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner.
- October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD)
-
-3207 SMTP Service Extension for Secure SMTP over Transport Layer
- Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes)
- (Obsoletes RFC2487) (Status: PROPOSED STANDARD)
-
-3217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001.
- (Format: TXT=19855 bytes) (Status: INFORMATIONAL)
-
-3274 Compressed Data Content Type for Cryptographic Message Syntax
- (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status:
- PROPOSED STANDARD)
-
-3278 Use of Elliptic Curve Cryptography (ECC) Algorithms in
- Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P.
- Lambert. April 2002. (Format: TXT=33779 bytes) (Status:
- INFORMATIONAL)
-
-3281 An Internet Attribute Certificate Profile for Authorization. S.
- Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status:
- PROPOSED STANDARD)
-
-3369 Cryptographic Message Syntax (CMS). R. Housley. August 2002.
- (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status:
- PROPOSED STANDARD)
-
-3370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August
- 2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status:
- PROPOSED STANDARD)
-
-3377 Lightweight Directory Access Protocol (v3): Technical
- Specification. J. Hodges, R. Morgan. September 2002. (Format:
- TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255,
- RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD)
-
-3394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad,
- R. Housley. September 2002. (Format: TXT=73072 bytes) (Status:
- INFORMATIONAL)
-
-3436 Transport Layer Security over Stream Control Transmission
- Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002.
- (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD)
-
-3657 Use of the Camellia Encryption Algorithm in Cryptographic
- Message Syntax (CMS). S. Moriai, A. Kato. January 2004.
- (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD)
-
-"Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>
-
-
-To be implemented:
-------------------
-
-These are documents that describe things that are planed to be
-implemented in the hopefully short future.
-
diff --git a/crypto/openssl/e_os.h b/crypto/openssl/e_os.h
deleted file mode 100644
index 5068d1b..0000000
--- a/crypto/openssl/e_os.h
+++ /dev/null
@@ -1,665 +0,0 @@
-/* e_os.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_E_OS_H
-#define HEADER_E_OS_H
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/e_os2.h>
-/* <openssl/e_os2.h> contains what we can justify to make visible
- * to the outside; this file e_os.h is not part of the exported
- * interface. */
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Used to checking reference counts, most while doing perl5 stuff :-) */
-#ifdef REF_PRINT
-#undef REF_PRINT
-#define REF_PRINT(a,b) fprintf(stderr,"%08X:%4d:%s\n",(int)b,b->references,a)
-#endif
-
-#ifndef DEVRANDOM
-/* set this to a comma-separated list of 'random' device files to try out.
- * My default, we will try to read at least one of these files */
-#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
-#endif
-#ifndef DEVRANDOM_EGD
-/* set this to a comma-seperated list of 'egd' sockets to try out. These
- * sockets will be tried in the order listed in case accessing the device files
- * listed in DEVRANDOM did not return enough entropy. */
-#define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"
-#endif
-
-#if defined(OPENSSL_SYS_VXWORKS)
-# define NO_SYS_PARAM_H
-# define NO_CHMOD
-# define NO_SYSLOG
-#endif
-
-#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
-# if macintosh==1
-# ifndef MAC_OS_GUSI_SOURCE
-# define MAC_OS_pre_X
-# define NO_SYS_TYPES_H
- typedef long ssize_t;
-# endif
-# define NO_SYS_PARAM_H
-# define NO_CHMOD
-# define NO_SYSLOG
-# undef DEVRANDOM
-# define GETPID_IS_MEANINGLESS
-# endif
-#endif
-
-/********************************************************************
- The Microsoft section
- ********************************************************************/
-/* The following is used becaue of the small stack in some
- * Microsoft operating systems */
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32)
-# define MS_STATIC static
-#else
-# define MS_STATIC
-#endif
-
-#if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
-# define WIN32
-#endif
-#if defined(OPENSSL_SYS_WIN16) && !defined(WIN16)
-# define WIN16
-#endif
-#if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS)
-# define WINDOWS
-#endif
-#if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS)
-# define MSDOS
-#endif
-
-#if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
-# define GETPID_IS_MEANINGLESS
-#endif
-
-#ifdef WIN32
-#define get_last_sys_error() GetLastError()
-#define clear_sys_error() SetLastError(0)
-#if !defined(WINNT)
-#define WIN_CONSOLE_BUG
-#endif
-#else
-#define get_last_sys_error() errno
-#define clear_sys_error() errno=0
-#endif
-
-#if defined(WINDOWS)
-#define get_last_socket_error() WSAGetLastError()
-#define clear_socket_error() WSASetLastError(0)
-#define readsocket(s,b,n) recv((s),(b),(n),0)
-#define writesocket(s,b,n) send((s),(b),(n),0)
-#define EADDRINUSE WSAEADDRINUSE
-#elif defined(__DJGPP__)
-#define WATT32
-#define get_last_socket_error() errno
-#define clear_socket_error() errno=0
-#define closesocket(s) close_s(s)
-#define readsocket(s,b,n) read_s(s,b,n)
-#define writesocket(s,b,n) send(s,b,n,0)
-#elif defined(MAC_OS_pre_X)
-#define get_last_socket_error() errno
-#define clear_socket_error() errno=0
-#define closesocket(s) MacSocket_close(s)
-#define readsocket(s,b,n) MacSocket_recv((s),(b),(n),true)
-#define writesocket(s,b,n) MacSocket_send((s),(b),(n))
-#elif defined(OPENSSL_SYS_VMS)
-#define get_last_socket_error() errno
-#define clear_socket_error() errno=0
-#define ioctlsocket(a,b,c) ioctl(a,b,c)
-#define closesocket(s) close(s)
-#define readsocket(s,b,n) recv((s),(b),(n),0)
-#define writesocket(s,b,n) send((s),(b),(n),0)
-#elif defined(OPENSSL_SYS_VXWORKS)
-#define get_last_socket_error() errno
-#define clear_socket_error() errno=0
-#define ioctlsocket(a,b,c) ioctl((a),(b),(int)(c))
-#define closesocket(s) close(s)
-#define readsocket(s,b,n) read((s),(b),(n))
-#define writesocket(s,b,n) write((s),(char *)(b),(n))
-#elif defined(OPENSSL_SYS_NETWARE)
-#if defined(NETWARE_BSDSOCK)
-#define get_last_socket_error() errno
-#define clear_socket_error() errno=0
-#define closesocket(s) close(s)
-#define readsocket(s,b,n) recv((s),(b),(n),0)
-#define writesocket(s,b,n) send((s),(b),(n),0)
-#else
-#define get_last_socket_error() WSAGetLastError()
-#define clear_socket_error() WSASetLastError(0)
-#define readsocket(s,b,n) recv((s),(b),(n),0)
-#define writesocket(s,b,n) send((s),(b),(n),0)
-#endif
-#else
-#define get_last_socket_error() errno
-#define clear_socket_error() errno=0
-#define ioctlsocket(a,b,c) ioctl(a,b,c)
-#define closesocket(s) close(s)
-#define readsocket(s,b,n) read((s),(b),(n))
-#define writesocket(s,b,n) write((s),(b),(n))
-#endif
-
-#ifdef WIN16
-# define MS_CALLBACK _far _loadds
-# define MS_FAR _far
-#else
-# define MS_CALLBACK
-# define MS_FAR
-#endif
-
-#ifdef OPENSSL_NO_STDIO
-# undef OPENSSL_NO_FP_API
-# define OPENSSL_NO_FP_API
-#endif
-
-#if (defined(WINDOWS) || defined(MSDOS))
-
-# ifdef __DJGPP__
-# include <unistd.h>
-# include <sys/stat.h>
-# include <sys/socket.h>
-# include <tcp.h>
-# include <netdb.h>
-# define _setmode setmode
-# define _O_TEXT O_TEXT
-# define _O_BINARY O_BINARY
-# undef DEVRANDOM
-# define DEVRANDOM "/dev/urandom\x24"
-# endif /* __DJGPP__ */
-
-# ifndef S_IFDIR
-# define S_IFDIR _S_IFDIR
-# endif
-
-# ifndef S_IFMT
-# define S_IFMT _S_IFMT
-# endif
-
-# if !defined(WINNT) && !defined(__DJGPP__)
-# define NO_SYSLOG
-# endif
-# define NO_DIRENT
-
-# ifdef WINDOWS
-# if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT)
- /*
- * Defining _WIN32_WINNT here in e_os.h implies certain "discipline."
- * Most notably we ought to check for availability of each specific
- * routine with GetProcAddress() and/or quard NT-specific calls with
- * GetVersion() < 0x80000000. One can argue that in latter "or" case
- * we ought to /DELAYLOAD some .DLLs in order to protect ourselves
- * against run-time link errors. This doesn't seem to be necessary,
- * because it turned out that already Windows 95, first non-NT Win32
- * implementation, is equipped with at least NT 3.51 stubs, dummy
- * routines with same name, but which do nothing. Meaning that it's
- * apparently appropriate to guard generic NT calls with GetVersion
- * alone, while NT 4.0 and above calls ought to be additionally
- * checked upon with GetProcAddress.
- */
-# define _WIN32_WINNT 0x0400
-# endif
-# include <windows.h>
-# include <stddef.h>
-# include <errno.h>
-# include <string.h>
-# ifdef _WIN64
-# define strlen(s) _strlen31(s)
-/* cut strings to 2GB */
-static unsigned int _strlen31(const char *str)
- {
- unsigned int len=0;
- while (*str && len<0x80000000U) str++, len++;
- return len&0x7FFFFFFF;
- }
-# endif
-# include <malloc.h>
-# endif
-# include <io.h>
-# include <fcntl.h>
-
-# ifdef OPENSSL_SYS_WINCE
-# include <winsock_extras.h>
-# endif
-
-# define ssize_t long
-
-# if defined (__BORLANDC__)
-# define _setmode setmode
-# define _O_TEXT O_TEXT
-# define _O_BINARY O_BINARY
-# define _int64 __int64
-# define _kbhit kbhit
-# endif
-
-# if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
-# define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
-# define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
-# else
-# define EXIT(n) exit(n)
-# endif
-# define LIST_SEPARATOR_CHAR ';'
-# ifndef X_OK
-# define X_OK 0
-# endif
-# ifndef W_OK
-# define W_OK 2
-# endif
-# ifndef R_OK
-# define R_OK 4
-# endif
-# define OPENSSL_CONF "openssl.cnf"
-# define SSLEAY_CONF OPENSSL_CONF
-# define NUL_DEV "nul"
-# define RFILE ".rnd"
-# ifdef OPENSSL_SYS_WINCE
-# define DEFAULT_HOME ""
-# else
-# define DEFAULT_HOME "C:"
-# endif
-
-#else /* The non-microsoft world world */
-
-# ifdef OPENSSL_SYS_VMS
-# define VMS 1
- /* some programs don't include stdlib, so exit() and others give implicit
- function warnings */
-# include <stdlib.h>
-# if defined(__DECC)
-# include <unistd.h>
-# else
-# include <unixlib.h>
-# endif
-# define OPENSSL_CONF "openssl.cnf"
-# define SSLEAY_CONF OPENSSL_CONF
-# define RFILE ".rnd"
-# define LIST_SEPARATOR_CHAR ','
-# define NUL_DEV "NLA0:"
- /* We don't have any well-defined random devices on VMS, yet... */
-# undef DEVRANDOM
- /* We need to do this since VMS has the following coding on status codes:
-
- Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ...
- The important thing to know is that odd numbers are considered
- good, while even ones are considered errors.
- Bits 3-15: actual status number
- Bits 16-27: facility number. 0 is considered "unknown"
- Bits 28-31: control bits. If bit 28 is set, the shell won't try to
- output the message (which, for random codes, just looks ugly)
-
- So, what we do here is to change 0 to 1 to get the default success status,
- and everything else is shifted up to fit into the status number field, and
- the status is tagged as an error, which I believe is what is wanted here.
- -- Richard Levitte
- */
-# define EXIT(n) do { int __VMS_EXIT = n; \
- if (__VMS_EXIT == 0) \
- __VMS_EXIT = 1; \
- else \
- __VMS_EXIT = (n << 3) | 2; \
- __VMS_EXIT |= 0x10000000; \
- exit(__VMS_EXIT); } while(0)
-# define NO_SYS_PARAM_H
-
-# elif defined(OPENSSL_SYS_NETWARE)
-# include <fcntl.h>
-# include <unistd.h>
-# define NO_SYS_TYPES_H
-# undef DEVRANDOM
-# ifdef NETWARE_CLIB
-# define getpid GetThreadID
-# endif
-# define NO_SYSLOG
-# define _setmode setmode
-# define _kbhit kbhit
-# define _O_TEXT O_TEXT
-# define _O_BINARY O_BINARY
-# define OPENSSL_CONF "openssl.cnf"
-# define SSLEAY_CONF OPENSSL_CONF
-# define RFILE ".rnd"
-# define LIST_SEPARATOR_CHAR ';'
-# define EXIT(n) { if (n) printf("ERROR: %d\n", (int)n); exit(n); }
-
-# else
- /* !defined VMS */
-# ifdef OPENSSL_SYS_MPE
-# define NO_SYS_PARAM_H
-# endif
-# ifdef OPENSSL_UNISTD
-# include OPENSSL_UNISTD
-# else
-# include <unistd.h>
-# endif
-# ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-# endif
-# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4)
-# define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP
- * (unless when compiling with -D_POSIX_SOURCE,
- * which doesn't work for us) */
-# endif
-# if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
-# define ssize_t int /* ditto */
-# endif
-# ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */
-# define setvbuf(a, b, c, d) setbuffer((a), (b), (d))
- typedef unsigned long clock_t;
-# endif
-
-# define OPENSSL_CONF "openssl.cnf"
-# define SSLEAY_CONF OPENSSL_CONF
-# define RFILE ".rnd"
-# define LIST_SEPARATOR_CHAR ':'
-# define NUL_DEV "/dev/null"
-# define EXIT(n) exit(n)
-# endif
-
-# define SSLeay_getpid() getpid()
-
-#endif
-
-
-/*************/
-
-#ifdef USE_SOCKETS
-# if defined(WINDOWS) || defined(MSDOS)
- /* windows world */
-
-# ifdef OPENSSL_NO_SOCK
-# define SSLeay_Write(a,b,c) (-1)
-# define SSLeay_Read(a,b,c) (-1)
-# define SHUTDOWN(fd) close(fd)
-# define SHUTDOWN2(fd) close(fd)
-# elif !defined(__DJGPP__)
-# include <winsock.h>
-extern HINSTANCE _hInstance;
-# ifdef _WIN64
-/*
- * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because
- * the value constitutes an index in per-process table of limited size
- * and not a real pointer.
- */
-# define socket(d,t,p) ((int)socket(d,t,p))
-# define accept(s,f,l) ((int)accept(s,f,l))
-# endif
-# define SSLeay_Write(a,b,c) send((a),(b),(c),0)
-# define SSLeay_Read(a,b,c) recv((a),(b),(c),0)
-# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); }
-# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); }
-# else
-# define SSLeay_Write(a,b,c) write_s(a,b,c,0)
-# define SSLeay_Read(a,b,c) read_s(a,b,c)
-# define SHUTDOWN(fd) close_s(fd)
-# define SHUTDOWN2(fd) close_s(fd)
-# endif
-
-# elif defined(MAC_OS_pre_X)
-
-# include "MacSocket.h"
-# define SSLeay_Write(a,b,c) MacSocket_send((a),(b),(c))
-# define SSLeay_Read(a,b,c) MacSocket_recv((a),(b),(c),true)
-# define SHUTDOWN(fd) MacSocket_close(fd)
-# define SHUTDOWN2(fd) MacSocket_close(fd)
-
-# elif defined(OPENSSL_SYS_NETWARE)
- /* NetWare uses the WinSock2 interfaces by default, but can be configured for BSD
- */
-# if defined(NETWARE_BSDSOCK)
-# include <sys/socket.h>
-# include <netinet/in.h>
-# include <sys/time.h>
-# include <sys/select.h>
-# define INVALID_SOCKET (int)(~0)
-# else
-# include <novsock2.h>
-# endif
-# define SSLeay_Write(a,b,c) send((a),(b),(c),0)
-# define SSLeay_Read(a,b,c) recv((a),(b),(c),0)
-# define SHUTDOWN(fd) { shutdown((fd),0); closesocket(fd); }
-# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket(fd); }
-
-# else
-
-# ifndef NO_SYS_PARAM_H
-# include <sys/param.h>
-# endif
-# ifdef OPENSSL_SYS_VXWORKS
-# include <time.h>
-# elif !defined(OPENSSL_SYS_MPE)
-# include <sys/time.h> /* Needed under linux for FD_XXX */
-# endif
-
-# include <netdb.h>
-# if defined(OPENSSL_SYS_VMS_NODECC)
-# include <socket.h>
-# include <in.h>
-# include <inet.h>
-# else
-# include <sys/socket.h>
-# ifdef FILIO_H
-# include <sys/filio.h> /* Added for FIONBIO under unixware */
-# endif
-# include <netinet/in.h>
-# include <arpa/inet.h>
-# endif
-
-# if defined(NeXT) || defined(_NEXT_SOURCE)
-# include <sys/fcntl.h>
-# include <sys/types.h>
-# endif
-
-# ifdef OPENSSL_SYS_AIX
-# include <sys/select.h>
-# endif
-
-# ifdef __QNX__
-# include <sys/select.h>
-# endif
-
-# if defined(sun)
-# include <sys/filio.h>
-# else
-# ifndef VMS
-# include <sys/ioctl.h>
-# else
- /* ioctl is only in VMS > 7.0 and when socketshr is not used */
-# if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
-# include <sys/ioctl.h>
-# endif
-# endif
-# endif
-
-# ifdef VMS
-# include <unixio.h>
-# if defined(TCPIP_TYPE_SOCKETSHR)
-# include <socketshr.h>
-# endif
-# endif
-
-# define SSLeay_Read(a,b,c) read((a),(b),(c))
-# define SSLeay_Write(a,b,c) write((a),(b),(c))
-# define SHUTDOWN(fd) { shutdown((fd),0); closesocket((fd)); }
-# define SHUTDOWN2(fd) { shutdown((fd),2); closesocket((fd)); }
-# ifndef INVALID_SOCKET
-# define INVALID_SOCKET (-1)
-# endif /* INVALID_SOCKET */
-# endif
-#endif
-
-#if defined(__ultrix)
-# ifndef ssize_t
-# define ssize_t int
-# endif
-#endif
-
-#if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
- /* include headers first, so our defines don't break it */
-#include <stdlib.h>
-#include <string.h>
- /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
-# define memmove(s1,s2,n) bcopy((s2),(s1),(n))
-# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))
-extern char *sys_errlist[]; extern int sys_nerr;
-# define strerror(errnum) \
- (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
- /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */
-#include "crypto/o_str.h"
-# define memcmp OPENSSL_memcmp
-#endif
-
-#ifndef OPENSSL_EXIT
-# if defined(MONOLITH) && !defined(OPENSSL_C)
-# define OPENSSL_EXIT(n) return(n)
-# else
-# define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
-# endif
-#endif
-
-/***********************************************/
-
-/* do we need to do this for getenv.
- * Just define getenv for use under windows */
-
-#ifdef WIN16
-/* How to do this needs to be thought out a bit more.... */
-/*char *GETENV(char *);
-#define Getenv GETENV*/
-#define Getenv getenv
-#else
-#define Getenv getenv
-#endif
-
-#define DG_GCC_BUG /* gcc < 2.6.3 on DGUX */
-
-#ifdef sgi
-#define IRIX_CC_BUG /* all version of IRIX I've tested (4.* 5.*) */
-#endif
-#ifdef OPENSSL_SYS_SNI
-#define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from the same bug.*/
-#endif
-
-#if defined(OPENSSL_SYS_WINDOWS)
-# define strcasecmp _stricmp
-# define strncasecmp _strnicmp
-#elif defined(OPENSSL_SYS_VMS)
-/* VMS below version 7.0 doesn't have strcasecmp() */
-# include "o_str.h"
-# define strcasecmp OPENSSL_strcasecmp
-# define strncasecmp OPENSSL_strncasecmp
-# define OPENSSL_IMPLEMENTS_strncasecmp
-#elif defined(OPENSSL_SYS_OS2) && defined(__EMX__)
-# define strcasecmp stricmp
-# define strncasecmp strnicmp
-#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
-# define strcasecmp stricmp
-# define strncasecmp strnicmp
-#else
-# ifdef NO_STRINGS_H
- int strcasecmp();
- int strncasecmp();
-# else
-# include <strings.h>
-# endif /* NO_STRINGS_H */
-#endif
-
-#if defined(OPENSSL_SYS_OS2) && defined(__EMX__)
-# include <io.h>
-# include <fcntl.h>
-# define NO_SYSLOG
-#endif
-
-/* vxworks */
-#if defined(OPENSSL_SYS_VXWORKS)
-#include <ioLib.h>
-#include <tickLib.h>
-#include <sysLib.h>
-
-#define TTY_STRUCT int
-
-#define sleep(a) taskDelay((a) * sysClkRateGet())
-
-#include <vxWorks.h>
-#include <sockLib.h>
-#include <taskLib.h>
-
-#define getpid taskIdSelf
-
-/* NOTE: these are implemented by helpers in database app!
- * if the database is not linked, we need to implement them
- * elswhere */
-struct hostent *gethostbyname(const char *name);
-struct hostent *gethostbyaddr(const char *addr, int length, int type);
-struct servent *getservbyname(const char *name, const char *proto);
-
-#endif
-/* end vxworks */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/crypto/openssl/e_os2.h b/crypto/openssl/e_os2.h
deleted file mode 100644
index 9da0b65..0000000
--- a/crypto/openssl/e_os2.h
+++ /dev/null
@@ -1,279 +0,0 @@
-/* e_os2.h */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/opensslconf.h>
-
-#ifndef HEADER_E_OS2_H
-#define HEADER_E_OS2_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/******************************************************************************
- * Detect operating systems. This probably needs completing.
- * The result is that at least one OPENSSL_SYS_os macro should be defined.
- * However, if none is defined, Unix is assumed.
- **/
-
-#define OPENSSL_SYS_UNIX
-
-/* ----------------------- Macintosh, before MacOS X ----------------------- */
-#if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_MACINTOSH_CLASSIC
-#endif
-
-/* ----------------------- NetWare ----------------------------------------- */
-#if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_NETWARE
-#endif
-
-/* ---------------------- Microsoft operating systems ---------------------- */
-
-/* Note that MSDOS actually denotes 32-bit environments running on top of
- MS-DOS, such as DJGPP one. */
-#if defined(OPENSSL_SYSNAME_MSDOS)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_MSDOS
-#endif
-
-/* For 32 bit environment, there seems to be the CygWin environment and then
- all the others that try to do the same thing Microsoft does... */
-#if defined(OPENSSL_SYSNAME_UWIN)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WIN32_UWIN
-#else
-# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WIN32_CYGWIN
-# else
-# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WIN32
-# endif
-# if defined(OPENSSL_SYSNAME_WINNT)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WINNT
-# endif
-# if defined(OPENSSL_SYSNAME_WINCE)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WINCE
-# endif
-# endif
-#endif
-
-/* Anything that tries to look like Microsoft is "Windows" */
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_WINDOWS
-# ifndef OPENSSL_SYS_MSDOS
-# define OPENSSL_SYS_MSDOS
-# endif
-#endif
-
-/* DLL settings. This part is a bit tough, because it's up to the application
- implementor how he or she will link the application, so it requires some
- macro to be used. */
-#ifdef OPENSSL_SYS_WINDOWS
-# ifndef OPENSSL_OPT_WINDLL
-# if defined(_WINDLL) /* This is used when building OpenSSL to indicate that
- DLL linkage should be used */
-# define OPENSSL_OPT_WINDLL
-# endif
-# endif
-#endif
-
-/* -------------------------------- OpenVMS -------------------------------- */
-#if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_VMS
-# if defined(__DECC)
-# define OPENSSL_SYS_VMS_DECC
-# elif defined(__DECCXX)
-# define OPENSSL_SYS_VMS_DECC
-# define OPENSSL_SYS_VMS_DECCXX
-# else
-# define OPENSSL_SYS_VMS_NODECC
-# endif
-#endif
-
-/* --------------------------------- OS/2 ---------------------------------- */
-#if defined(__EMX__) || defined(__OS2__)
-# undef OPENSSL_SYS_UNIX
-# define OPENSSL_SYS_OS2
-#endif
-
-/* --------------------------------- Unix ---------------------------------- */
-#ifdef OPENSSL_SYS_UNIX
-# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX)
-# define OPENSSL_SYS_LINUX
-# endif
-# ifdef OPENSSL_SYSNAME_MPE
-# define OPENSSL_SYS_MPE
-# endif
-# ifdef OPENSSL_SYSNAME_SNI
-# define OPENSSL_SYS_SNI
-# endif
-# ifdef OPENSSL_SYSNAME_ULTRASPARC
-# define OPENSSL_SYS_ULTRASPARC
-# endif
-# ifdef OPENSSL_SYSNAME_NEWS4
-# define OPENSSL_SYS_NEWS4
-# endif
-# ifdef OPENSSL_SYSNAME_MACOSX
-# define OPENSSL_SYS_MACOSX
-# endif
-# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY
-# define OPENSSL_SYS_MACOSX_RHAPSODY
-# define OPENSSL_SYS_MACOSX
-# endif
-# ifdef OPENSSL_SYSNAME_SUNOS
-# define OPENSSL_SYS_SUNOS
-#endif
-# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY)
-# define OPENSSL_SYS_CRAY
-# endif
-# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX)
-# define OPENSSL_SYS_AIX
-# endif
-#endif
-
-/* --------------------------------- VOS ----------------------------------- */
-#ifdef OPENSSL_SYSNAME_VOS
-# define OPENSSL_SYS_VOS
-#endif
-
-/* ------------------------------- VxWorks --------------------------------- */
-#ifdef OPENSSL_SYSNAME_VXWORKS
-# define OPENSSL_SYS_VXWORKS
-#endif
-
-/**
- * That's it for OS-specific stuff
- *****************************************************************************/
-
-
-/* Specials for I/O an exit */
-#ifdef OPENSSL_SYS_MSDOS
-# define OPENSSL_UNISTD_IO <io.h>
-# define OPENSSL_DECLARE_EXIT extern void exit(int);
-#else
-# define OPENSSL_UNISTD_IO OPENSSL_UNISTD
-# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */
-#endif
-
-/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
- certain global symbols that, with some compilers under VMS, have to be
- defined and declared explicitely with globaldef and globalref.
- Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
- DLL exports and imports for compilers under Win32. These are a little
- more complicated to use. Basically, for any library that exports some
- global variables, the following code must be present in the header file
- that declares them, before OPENSSL_EXTERN is used:
-
- #ifdef SOME_BUILD_FLAG_MACRO
- # undef OPENSSL_EXTERN
- # define OPENSSL_EXTERN OPENSSL_EXPORT
- #endif
-
- The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL
- have some generally sensible values, and for OPENSSL_EXTERN to have the
- value OPENSSL_IMPORT.
-*/
-
-#if defined(OPENSSL_SYS_VMS_NODECC)
-# define OPENSSL_EXPORT globalref
-# define OPENSSL_IMPORT globalref
-# define OPENSSL_GLOBAL globaldef
-#elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
-# define OPENSSL_EXPORT extern __declspec(dllexport)
-# define OPENSSL_IMPORT extern __declspec(dllimport)
-# define OPENSSL_GLOBAL
-#else
-# define OPENSSL_EXPORT extern
-# define OPENSSL_IMPORT extern
-# define OPENSSL_GLOBAL
-#endif
-#define OPENSSL_EXTERN OPENSSL_IMPORT
-
-/* Macros to allow global variables to be reached through function calls when
- required (if a shared library version requvres it, for example.
- The way it's done allows definitions like this:
-
- // in foobar.c
- OPENSSL_IMPLEMENT_GLOBAL(int,foobar) = 0;
- // in foobar.h
- OPENSSL_DECLARE_GLOBAL(int,foobar);
- #define foobar OPENSSL_GLOBAL_REF(foobar)
-*/
-#ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
-# define OPENSSL_IMPLEMENT_GLOBAL(type,name) \
- extern type _hide_##name; \
- type *_shadow_##name(void) { return &_hide_##name; } \
- static type _hide_##name
-# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
-# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
-#else
-# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name
-# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
-# define OPENSSL_GLOBAL_REF(name) _shadow_##name
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/engines/Makefile b/crypto/openssl/engines/Makefile
deleted file mode 100644
index 88f8390..0000000
--- a/crypto/openssl/engines/Makefile
+++ /dev/null
@@ -1,249 +0,0 @@
-#
-# OpenSSL/engines/Makefile
-#
-
-DIR= engines
-TOP= ..
-CC= cc
-INCLUDES= -I../include
-CFLAG=-g
-MAKEFILE= Makefile
-AR= ar r
-
-PEX_LIBS=
-EX_LIBS=
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile engines.com install.com engine_vector.mar
-TEST=
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBNAMES= 4758cca aep atalla cswift gmp chil nuron sureware ubsec
-
-LIBSRC= e_4758cca.c \
- e_aep.c \
- e_atalla.c \
- e_cswift.c \
- e_gmp.c \
- e_chil.c \
- e_nuron.c \
- e_sureware.c \
- e_ubsec.c
-LIBOBJ= e_4758cca.o \
- e_aep.o \
- e_atalla.o \
- e_cswift.o \
- e_gmp.o \
- e_chil.o \
- e_nuron.o \
- e_sureware.o \
- e_ubsec.o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER= e_4758cca_err.c e_4758cca_err.h \
- e_aep_err.c e_aep_err.h \
- e_atalla_err.c e_atalla_err.h \
- e_cswift_err.c e_cswift_err.h \
- e_gmp_err.c e_gmp_err.h \
- e_chil_err.c e_chil_err.h \
- e_nuron_err.c e_nuron_err.h \
- e_sureware_err.c e_sureware_err.h \
- e_ubsec_err.c e_ubsec_err.h
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd ..; $(MAKE) DIRS=$(DIR) all)
-
-all: lib
-
-lib: $(LIBOBJ)
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
- for l in $(LIBNAMES); do \
- $(MAKE) -f ../Makefile.shared -e \
- LIBNAME=$$l LIBEXTRAS=e_$$l.o \
- LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \
- link_o.$(SHLIB_TARGET); \
- done; \
- else \
- $(AR) $(LIB) $(LIBOBJ); \
- $(RANLIB) $(LIB) || echo Never mind.; \
- fi; \
- touch lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
-
-# XXXXX This currently only works on systems that use .so as suffix
-# for shared libraries as well as for Cygwin which uses the
-# dlfcn_name_converter and therefore stores the engines with .so suffix, too.
-# XXXXX This was extended to HP-UX dl targets, which use .sl suffix.
-install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
- for l in $(LIBNAMES); do \
- ( echo installing $$l; \
- if [ "$(PLATFORM)" != "Cygwin" ]; then \
- case "$(CFLAGS)" in \
- *DSO_DLFCN*) sfx="so";; \
- *DSO_DL*) sfx="sl";; \
- *) sfx="bad";; \
- esac; \
- cp lib$$l.$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new; \
- else \
- sfx="so"; \
- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new; \
- fi; \
- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx ); \
- done; \
- fi
-
-tags:
- ctags $(SRC)
-
-errors:
- set -e; for l in $(LIBNAMES); do \
- $(PERL) ../util/mkerr.pl -conf e_$$l.ec \
- -nostatic -staticloader -write e_$$l.c; \
- done
-
-tests:
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- @if [ -z "$(THIS)" ]; then \
- $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
- else \
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \
- fi
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-e_4758cca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-e_4758cca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-e_4758cca.o: ../include/openssl/crypto.h ../include/openssl/dso.h
-e_4758cca.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-e_4758cca.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-e_4758cca.o: ../include/openssl/engine.h ../include/openssl/err.h
-e_4758cca.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-e_4758cca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-e_4758cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_4758cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-e_4758cca.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-e_4758cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-e_4758cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-e_4758cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-e_4758cca.o: e_4758cca.c e_4758cca_err.c e_4758cca_err.h
-e_4758cca.o: vendor_defns/hw_4758_cca.h
-e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h
-e_aep.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-e_aep.o: ../include/openssl/err.h ../include/openssl/lhash.h
-e_aep.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_aep.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h
-e_aep.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-e_aep.o: ../include/openssl/symhacks.h e_aep.c e_aep_err.c e_aep_err.h
-e_aep.o: vendor_defns/aep.h
-e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-e_atalla.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h
-e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-e_atalla.o: ../include/openssl/err.h ../include/openssl/lhash.h
-e_atalla.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_atalla.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h
-e_atalla.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-e_atalla.o: ../include/openssl/symhacks.h e_atalla.c e_atalla_err.c
-e_atalla.o: e_atalla_err.h vendor_defns/atalla.h
-e_chil.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-e_chil.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-e_chil.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-e_chil.o: ../include/openssl/dso.h ../include/openssl/e_os2.h
-e_chil.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-e_chil.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-e_chil.o: ../include/openssl/err.h ../include/openssl/evp.h
-e_chil.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-e_chil.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-e_chil.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-e_chil.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-e_chil.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
-e_chil.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-e_chil.o: ../include/openssl/sha.h ../include/openssl/stack.h
-e_chil.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
-e_chil.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h e_chil.c
-e_chil.o: e_chil_err.c e_chil_err.h vendor_defns/hwcryptohook.h
-e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h
-e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-e_cswift.o: ../include/openssl/err.h ../include/openssl/lhash.h
-e_cswift.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_cswift.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
-e_cswift.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-e_cswift.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_cswift.c
-e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h
-e_gmp.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
-e_gmp.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-e_gmp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_gmp.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-e_gmp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h e_gmp.c
-e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h
-e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-e_nuron.o: ../include/openssl/err.h ../include/openssl/lhash.h
-e_nuron.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_nuron.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h
-e_nuron.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-e_nuron.o: ../include/openssl/symhacks.h e_nuron.c e_nuron_err.c e_nuron_err.h
-e_sureware.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-e_sureware.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-e_sureware.o: ../include/openssl/dsa.h ../include/openssl/dso.h
-e_sureware.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-e_sureware.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-e_sureware.o: ../include/openssl/engine.h ../include/openssl/err.h
-e_sureware.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-e_sureware.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-e_sureware.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_sureware.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-e_sureware.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-e_sureware.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-e_sureware.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-e_sureware.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-e_sureware.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-e_sureware.o: e_sureware.c e_sureware_err.c e_sureware_err.h
-e_sureware.o: vendor_defns/sureware.h
-e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h
-e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-e_ubsec.o: ../include/openssl/err.h ../include/openssl/lhash.h
-e_ubsec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-e_ubsec.o: ../include/openssl/ossl_typ.h ../include/openssl/rsa.h
-e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-e_ubsec.o: ../include/openssl/symhacks.h e_ubsec.c e_ubsec_err.c e_ubsec_err.h
-e_ubsec.o: vendor_defns/hw_ubsec.h
diff --git a/crypto/openssl/engines/axp.opt b/crypto/openssl/engines/axp.opt
deleted file mode 100644
index 1dc71bf..0000000
--- a/crypto/openssl/engines/axp.opt
+++ /dev/null
@@ -1 +0,0 @@
-SYMBOL_VECTOR=(bind_engine=PROCEDURE,v_check=PROCEDURE)
diff --git a/crypto/openssl/engines/e_4758cca.c b/crypto/openssl/engines/e_4758cca.c
deleted file mode 100644
index 0f1dae7..0000000
--- a/crypto/openssl/engines/e_4758cca.c
+++ /dev/null
@@ -1,994 +0,0 @@
-/* Author: Maurice Gittens <maurice@gittens.nl> */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/dso.h>
-#include <openssl/x509.h>
-#include <openssl/objects.h>
-#include <openssl/engine.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_4758_CCA
-
-#ifdef FLAT_INC
-#include "hw_4758_cca.h"
-#else
-#include "vendor_defns/hw_4758_cca.h"
-#endif
-
-#include "e_4758cca_err.c"
-
-static int ibm_4758_cca_destroy(ENGINE *e);
-static int ibm_4758_cca_init(ENGINE *e);
-static int ibm_4758_cca_finish(ENGINE *e);
-static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-
-/* rsa functions */
-/*---------------*/
-#ifndef OPENSSL_NO_RSA
-static int cca_rsa_pub_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int cca_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding);
-static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
-static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
- unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
-
-/* utility functions */
-/*-----------------------*/
-static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*,
- UI_METHOD *ui_method, void *callback_data);
-static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*,
- UI_METHOD *ui_method, void *callback_data);
-
-static int getModulusAndExponent(const unsigned char *token, long *exponentLength,
- unsigned char *exponent, long *modulusLength,
- long *modulusFieldLength, unsigned char *modulus);
-#endif
-
-/* RAND number functions */
-/*-----------------------*/
-static int cca_get_random_bytes(unsigned char*, int );
-static int cca_random_status(void);
-
-#ifndef OPENSSL_NO_RSA
-static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp);
-#endif
-
-/* Function pointers for CCA verbs */
-/*---------------------------------*/
-#ifndef OPENSSL_NO_RSA
-static F_KEYRECORDREAD keyRecordRead;
-static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;
-static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;
-static F_PUBLICKEYEXTRACT publicKeyExtract;
-static F_PKAENCRYPT pkaEncrypt;
-static F_PKADECRYPT pkaDecrypt;
-#endif
-static F_RANDOMNUMBERGENERATE randomNumberGenerate;
-
-/* static variables */
-/*------------------*/
-static const char *CCA4758_LIB_NAME = NULL;
-static const char *get_CCA4758_LIB_NAME(void)
- {
- if(CCA4758_LIB_NAME)
- return CCA4758_LIB_NAME;
- return CCA_LIB_NAME;
- }
-static void free_CCA4758_LIB_NAME(void)
- {
- if(CCA4758_LIB_NAME)
- OPENSSL_free((void*)CCA4758_LIB_NAME);
- CCA4758_LIB_NAME = NULL;
- }
-static long set_CCA4758_LIB_NAME(const char *name)
- {
- free_CCA4758_LIB_NAME();
- return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
-#ifndef OPENSSL_NO_RSA
-static const char* n_keyRecordRead = CSNDKRR;
-static const char* n_digitalSignatureGenerate = CSNDDSG;
-static const char* n_digitalSignatureVerify = CSNDDSV;
-static const char* n_publicKeyExtract = CSNDPKX;
-static const char* n_pkaEncrypt = CSNDPKE;
-static const char* n_pkaDecrypt = CSNDPKD;
-#endif
-static const char* n_randomNumberGenerate = CSNBRNG;
-
-#ifndef OPENSSL_NO_RSA
-static int hndidx = -1;
-#endif
-static DSO *dso = NULL;
-
-/* openssl engine initialization structures */
-/*------------------------------------------*/
-
-#define CCA4758_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = {
- {CCA4758_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the '4758cca' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-static RSA_METHOD ibm_4758_cca_rsa =
- {
- "IBM 4758 CCA RSA method",
- cca_rsa_pub_enc,
- NULL,
- NULL,
- cca_rsa_priv_dec,
- NULL, /*rsa_mod_exp,*/
- NULL, /*mod_exp_mont,*/
- NULL, /* init */
- NULL, /* finish */
- RSA_FLAG_SIGN_VER, /* flags */
- NULL, /* app_data */
- cca_rsa_sign, /* rsa_sign */
- cca_rsa_verify, /* rsa_verify */
- NULL /* rsa_keygen */
- };
-#endif
-
-static RAND_METHOD ibm_4758_cca_rand =
- {
- /* "IBM 4758 RAND method", */
- NULL, /* seed */
- cca_get_random_bytes, /* get random bytes from the card */
- NULL, /* cleanup */
- NULL, /* add */
- cca_get_random_bytes, /* pseudo rand */
- cca_random_status, /* status */
- };
-
-static const char *engine_4758_cca_id = "4758cca";
-static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support";
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-/* Compatibility hack, the dynamic library uses this form in the path */
-static const char *engine_4758_cca_id_alt = "4758_cca";
-#endif
-
-/* engine implementation */
-/*-----------------------*/
-static int bind_helper(ENGINE *e)
- {
- if(!ENGINE_set_id(e, engine_4758_cca_id) ||
- !ENGINE_set_name(e, engine_4758_cca_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
-#endif
- !ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
- !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
- !ENGINE_set_init_function(e, ibm_4758_cca_init) ||
- !ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
- !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
- !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
-#endif
- !ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
- return 0;
- /* Ensure the error handling is set up */
- ERR_load_CCA4758_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_4758_cca(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_4758cca(void)
- {
- ENGINE *e_4758 = engine_4758_cca();
- if (!e_4758) return;
- ENGINE_add(e_4758);
- ENGINE_free(e_4758);
- ERR_clear_error();
- }
-#endif
-
-static int ibm_4758_cca_destroy(ENGINE *e)
- {
- ERR_unload_CCA4758_strings();
- free_CCA4758_LIB_NAME();
- return 1;
- }
-
-static int ibm_4758_cca_init(ENGINE *e)
- {
- if(dso)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_ALREADY_LOADED);
- goto err;
- }
-
- dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
- if(!dso)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
- goto err;
- }
-
-#ifndef OPENSSL_NO_RSA
- if(!(keyRecordRead = (F_KEYRECORDREAD)
- DSO_bind_func(dso, n_keyRecordRead)) ||
- !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
- DSO_bind_func(dso, n_randomNumberGenerate)) ||
- !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
- DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
- !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
- DSO_bind_func(dso, n_digitalSignatureVerify)) ||
- !(publicKeyExtract = (F_PUBLICKEYEXTRACT)
- DSO_bind_func(dso, n_publicKeyExtract)) ||
- !(pkaEncrypt = (F_PKAENCRYPT)
- DSO_bind_func(dso, n_pkaEncrypt)) ||
- !(pkaDecrypt = (F_PKADECRYPT)
- DSO_bind_func(dso, n_pkaDecrypt)))
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
- goto err;
- }
-#else
- if(!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
- DSO_bind_func(dso, n_randomNumberGenerate)))
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
- goto err;
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
- hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
- NULL, NULL, cca_ex_free);
-#endif
-
- return 1;
-err:
- if(dso)
- DSO_free(dso);
- dso = NULL;
-
-#ifndef OPENSSL_NO_RSA
- keyRecordRead = (F_KEYRECORDREAD)0;
- digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
- digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
- publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
- pkaEncrypt = (F_PKAENCRYPT)0;
- pkaDecrypt = (F_PKADECRYPT)0;
-#endif
- randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
- return 0;
- }
-
-static int ibm_4758_cca_finish(ENGINE *e)
- {
- free_CCA4758_LIB_NAME();
- if(!dso)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
- CCA4758_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(dso))
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
- CCA4758_R_UNIT_FAILURE);
- return 0;
- }
- dso = NULL;
-#ifndef OPENSSL_NO_RSA
- keyRecordRead = (F_KEYRECORDREAD)0;
- randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
- digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
- digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
- publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
- pkaEncrypt = (F_PKAENCRYPT)0;
- pkaDecrypt = (F_PKADECRYPT)0;
-#endif
- randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
- return 1;
- }
-
-static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case CCA4758_CMD_SO_PATH:
- if(p == NULL)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
- CCA4758_R_ALREADY_LOADED);
- return 0;
- }
- return set_CCA4758_LIB_NAME((const char *)p);
- default:
- break;
- }
- CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
- CCA4758_R_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-#ifndef OPENSSL_NO_RSA
-
-#define MAX_CCA_PKA_TOKEN_SIZE 2500
-
-static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- RSA *rtmp = NULL;
- EVP_PKEY *res = NULL;
- unsigned char* keyToken = NULL;
- unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
- long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
- long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
- long returnCode;
- long reasonCode;
- long exitDataLength = 0;
- long ruleArrayLength = 0;
- unsigned char exitData[8];
- unsigned char ruleArray[8];
- unsigned char keyLabel[64];
- unsigned long keyLabelLength = strlen(key_id);
- unsigned char modulus[256];
- long modulusFieldLength = sizeof(modulus);
- long modulusLength = 0;
- unsigned char exponent[256];
- long exponentLength = sizeof(exponent);
-
- if (keyLabelLength > sizeof(keyLabel))
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return NULL;
- }
-
- memset(keyLabel,' ', sizeof(keyLabel));
- memcpy(keyLabel, key_id, keyLabelLength);
-
- keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
- if (!keyToken)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
- exitData, &ruleArrayLength, ruleArray, keyLabel,
- &keyTokenLength, keyToken+sizeof(long));
-
- if (returnCode)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
- goto err;
- }
-
- publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
- exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
- keyToken+sizeof(long), &pubKeyTokenLength, pubKeyToken);
-
- if (returnCode)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
- goto err;
- }
-
- if (!getModulusAndExponent(pubKeyToken, &exponentLength,
- exponent, &modulusLength, &modulusFieldLength,
- modulus))
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PRIVKEY,
- CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
- goto err;
- }
-
- (*(long*)keyToken) = keyTokenLength;
- rtmp = RSA_new_method(e);
- RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
-
- rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
- rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
- rtmp->flags |= RSA_FLAG_EXT_PKEY;
-
- res = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(res, rtmp);
-
- return res;
-err:
- if (keyToken)
- OPENSSL_free(keyToken);
- if (res)
- EVP_PKEY_free(res);
- if (rtmp)
- RSA_free(rtmp);
- return NULL;
- }
-
-static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- RSA *rtmp = NULL;
- EVP_PKEY *res = NULL;
- unsigned char* keyToken = NULL;
- long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
- long returnCode;
- long reasonCode;
- long exitDataLength = 0;
- long ruleArrayLength = 0;
- unsigned char exitData[8];
- unsigned char ruleArray[8];
- unsigned char keyLabel[64];
- unsigned long keyLabelLength = strlen(key_id);
- unsigned char modulus[512];
- long modulusFieldLength = sizeof(modulus);
- long modulusLength = 0;
- unsigned char exponent[512];
- long exponentLength = sizeof(exponent);
-
- if (keyLabelLength > sizeof(keyLabel))
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return NULL;
- }
-
- memset(keyLabel,' ', sizeof(keyLabel));
- memcpy(keyLabel, key_id, keyLabelLength);
-
- keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
- if (!keyToken)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
- &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
- keyToken+sizeof(long));
-
- if (returnCode)
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!getModulusAndExponent(keyToken+sizeof(long), &exponentLength,
- exponent, &modulusLength, &modulusFieldLength, modulus))
- {
- CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
- CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
- goto err;
- }
-
- (*(long*)keyToken) = keyTokenLength;
- rtmp = RSA_new_method(e);
- RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
- rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
- rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
- rtmp->flags |= RSA_FLAG_EXT_PKEY;
- res = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(res, rtmp);
-
- return res;
-err:
- if (keyToken)
- OPENSSL_free(keyToken);
- if (res)
- EVP_PKEY_free(res);
- if (rtmp)
- RSA_free(rtmp);
- return NULL;
- }
-
-static int cca_rsa_pub_enc(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding)
- {
- long returnCode;
- long reasonCode;
- long lflen = flen;
- long exitDataLength = 0;
- unsigned char exitData[8];
- long ruleArrayLength = 1;
- unsigned char ruleArray[8] = "PKCS-1.2";
- long dataStructureLength = 0;
- unsigned char dataStructure[8];
- long outputLength = RSA_size(rsa);
- long keyTokenLength;
- unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
-
- keyTokenLength = *(long*)keyToken;
- keyToken+=sizeof(long);
-
- pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
- &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
- &dataStructureLength, dataStructure, &keyTokenLength,
- keyToken, &outputLength, to);
-
- if (returnCode || reasonCode)
- return -(returnCode << 16 | reasonCode);
- return outputLength;
- }
-
-static int cca_rsa_priv_dec(int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,int padding)
- {
- long returnCode;
- long reasonCode;
- long lflen = flen;
- long exitDataLength = 0;
- unsigned char exitData[8];
- long ruleArrayLength = 1;
- unsigned char ruleArray[8] = "PKCS-1.2";
- long dataStructureLength = 0;
- unsigned char dataStructure[8];
- long outputLength = RSA_size(rsa);
- long keyTokenLength;
- unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
-
- keyTokenLength = *(long*)keyToken;
- keyToken+=sizeof(long);
-
- pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
- &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
- &dataStructureLength, dataStructure, &keyTokenLength,
- keyToken, &outputLength, to);
-
- return (returnCode | reasonCode) ? 0 : 1;
- }
-
-#define SSL_SIG_LEN 36
-
-static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
- {
- long returnCode;
- long reasonCode;
- long lsiglen = siglen;
- long exitDataLength = 0;
- unsigned char exitData[8];
- long ruleArrayLength = 1;
- unsigned char ruleArray[8] = "PKCS-1.1";
- long keyTokenLength;
- unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
- long length = SSL_SIG_LEN;
- long keyLength ;
- unsigned char *hashBuffer = NULL;
- X509_SIG sig;
- ASN1_TYPE parameter;
- X509_ALGOR algorithm;
- ASN1_OCTET_STRING digest;
-
- keyTokenLength = *(long*)keyToken;
- keyToken+=sizeof(long);
-
- if (type == NID_md5 || type == NID_sha1)
- {
- sig.algor = &algorithm;
- algorithm.algorithm = OBJ_nid2obj(type);
-
- if (!algorithm.algorithm)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
- return 0;
- }
-
- if (!algorithm.algorithm->length)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
- return 0;
- }
-
- parameter.type = V_ASN1_NULL;
- parameter.value.ptr = NULL;
- algorithm.parameter = &parameter;
-
- sig.digest = &digest;
- sig.digest->data = (unsigned char*)m;
- sig.digest->length = m_len;
-
- length = i2d_X509_SIG(&sig, NULL);
- }
-
- keyLength = RSA_size(rsa);
-
- if (length - RSA_PKCS1_PADDING > keyLength)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return 0;
- }
-
- switch (type)
- {
- case NID_md5_sha1 :
- if (m_len != SSL_SIG_LEN)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return 0;
- }
-
- hashBuffer = (unsigned char *)m;
- length = m_len;
- break;
- case NID_md5 :
- {
- unsigned char *ptr;
- ptr = hashBuffer = OPENSSL_malloc(
- (unsigned int)keyLength+1);
- if (!hashBuffer)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- i2d_X509_SIG(&sig, &ptr);
- }
- break;
- case NID_sha1 :
- {
- unsigned char *ptr;
- ptr = hashBuffer = OPENSSL_malloc(
- (unsigned int)keyLength+1);
- if (!hashBuffer)
- {
- CCA4758err(CCA4758_F_CCA_RSA_VERIFY,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- i2d_X509_SIG(&sig, &ptr);
- }
- break;
- default:
- return 0;
- }
-
- digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
- exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
- keyToken, &length, hashBuffer, &lsiglen, sigbuf);
-
- if (type == NID_sha1 || type == NID_md5)
- {
- OPENSSL_cleanse(hashBuffer, keyLength+1);
- OPENSSL_free(hashBuffer);
- }
-
- return ((returnCode || reasonCode) ? 0 : 1);
- }
-
-#define SSL_SIG_LEN 36
-
-static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
- {
- long returnCode;
- long reasonCode;
- long exitDataLength = 0;
- unsigned char exitData[8];
- long ruleArrayLength = 1;
- unsigned char ruleArray[8] = "PKCS-1.1";
- long outputLength=256;
- long outputBitLength;
- long keyTokenLength;
- unsigned char *hashBuffer = NULL;
- unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
- long length = SSL_SIG_LEN;
- long keyLength ;
- X509_SIG sig;
- ASN1_TYPE parameter;
- X509_ALGOR algorithm;
- ASN1_OCTET_STRING digest;
-
- keyTokenLength = *(long*)keyToken;
- keyToken+=sizeof(long);
-
- if (type == NID_md5 || type == NID_sha1)
- {
- sig.algor = &algorithm;
- algorithm.algorithm = OBJ_nid2obj(type);
-
- if (!algorithm.algorithm)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
- return 0;
- }
-
- if (!algorithm.algorithm->length)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
- return 0;
- }
-
- parameter.type = V_ASN1_NULL;
- parameter.value.ptr = NULL;
- algorithm.parameter = &parameter;
-
- sig.digest = &digest;
- sig.digest->data = (unsigned char*)m;
- sig.digest->length = m_len;
-
- length = i2d_X509_SIG(&sig, NULL);
- }
-
- keyLength = RSA_size(rsa);
-
- if (length - RSA_PKCS1_PADDING > keyLength)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return 0;
- }
-
- switch (type)
- {
- case NID_md5_sha1 :
- if (m_len != SSL_SIG_LEN)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return 0;
- }
- hashBuffer = (unsigned char*)m;
- length = m_len;
- break;
- case NID_md5 :
- {
- unsigned char *ptr;
- ptr = hashBuffer = OPENSSL_malloc(
- (unsigned int)keyLength+1);
- if (!hashBuffer)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- i2d_X509_SIG(&sig, &ptr);
- }
- break;
- case NID_sha1 :
- {
- unsigned char *ptr;
- ptr = hashBuffer = OPENSSL_malloc(
- (unsigned int)keyLength+1);
- if (!hashBuffer)
- {
- CCA4758err(CCA4758_F_CCA_RSA_SIGN,
- ERR_R_MALLOC_FAILURE);
- return 0;
- }
- i2d_X509_SIG(&sig, &ptr);
- }
- break;
- default:
- return 0;
- }
-
- digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
- exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
- keyToken, &length, hashBuffer, &outputLength, &outputBitLength,
- sigret);
-
- if (type == NID_sha1 || type == NID_md5)
- {
- OPENSSL_cleanse(hashBuffer, keyLength+1);
- OPENSSL_free(hashBuffer);
- }
-
- *siglen = outputLength;
-
- return ((returnCode || reasonCode) ? 0 : 1);
- }
-
-static int getModulusAndExponent(const unsigned char*token, long *exponentLength,
- unsigned char *exponent, long *modulusLength, long *modulusFieldLength,
- unsigned char *modulus)
- {
- unsigned long len;
-
- if (*token++ != (char)0x1E) /* internal PKA token? */
- return 0;
-
- if (*token++) /* token version must be zero */
- return 0;
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- token += 4; /* skip reserved bytes */
-
- if (*token++ == (char)0x04)
- {
- if (*token++) /* token version must be zero */
- return 0;
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- token+=2; /* skip reserved section */
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- *exponentLength = len;
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- *modulusLength = len;
-
- len = *token++;
- len = len << 8;
- len |= (unsigned char)*token++;
-
- *modulusFieldLength = len;
-
- memcpy(exponent, token, *exponentLength);
- token+= *exponentLength;
-
- memcpy(modulus, token, *modulusFieldLength);
- return 1;
- }
- return 0;
- }
-
-#endif /* OPENSSL_NO_RSA */
-
-static int cca_random_status(void)
- {
- return 1;
- }
-
-static int cca_get_random_bytes(unsigned char* buf, int num)
- {
- long ret_code;
- long reason_code;
- long exit_data_length;
- unsigned char exit_data[4];
- unsigned char form[] = "RANDOM ";
- unsigned char rand_buf[8];
-
- while(num >= (int)sizeof(rand_buf))
- {
- randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
- exit_data, form, rand_buf);
- if (ret_code)
- return 0;
- num -= sizeof(rand_buf);
- memcpy(buf, rand_buf, sizeof(rand_buf));
- buf += sizeof(rand_buf);
- }
-
- if (num)
- {
- randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
- form, rand_buf);
- if (ret_code)
- return 0;
- memcpy(buf, rand_buf, num);
- }
-
- return 1;
- }
-
-#ifndef OPENSSL_NO_RSA
-static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
- long argl, void *argp)
- {
- if (item)
- OPENSSL_free(item);
- }
-#endif
-
-/* Goo to handle building as a dynamic engine */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_4758_cca_id) != 0) &&
- (strcmp(id, engine_4758_cca_id_alt) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif /* !OPENSSL_NO_HW_4758_CCA */
-#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/engines/e_4758cca.ec b/crypto/openssl/engines/e_4758cca.ec
deleted file mode 100644
index f30ed02..0000000
--- a/crypto/openssl/engines/e_4758cca.ec
+++ /dev/null
@@ -1 +0,0 @@
-L CCA4758 e_4758cca_err.h e_4758cca_err.c
diff --git a/crypto/openssl/engines/e_4758cca_err.c b/crypto/openssl/engines/e_4758cca_err.c
deleted file mode 100644
index 6ecdc6e..0000000
--- a/crypto/openssl/engines/e_4758cca_err.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/* e_4758cca_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_4758cca_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA CCA4758_str_functs[]=
- {
-{ERR_FUNC(CCA4758_F_CCA_RSA_SIGN), "CCA_RSA_SIGN"},
-{ERR_FUNC(CCA4758_F_CCA_RSA_VERIFY), "CCA_RSA_VERIFY"},
-{ERR_FUNC(CCA4758_F_IBM_4758_CCA_CTRL), "IBM_4758_CCA_CTRL"},
-{ERR_FUNC(CCA4758_F_IBM_4758_CCA_FINISH), "IBM_4758_CCA_FINISH"},
-{ERR_FUNC(CCA4758_F_IBM_4758_CCA_INIT), "IBM_4758_CCA_INIT"},
-{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PRIVKEY), "IBM_4758_LOAD_PRIVKEY"},
-{ERR_FUNC(CCA4758_F_IBM_4758_LOAD_PUBKEY), "IBM_4758_LOAD_PUBKEY"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA CCA4758_str_reasons[]=
- {
-{ERR_REASON(CCA4758_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD),"asn1 oid unknown for md"},
-{ERR_REASON(CCA4758_R_COMMAND_NOT_IMPLEMENTED),"command not implemented"},
-{ERR_REASON(CCA4758_R_DSO_FAILURE) ,"dso failure"},
-{ERR_REASON(CCA4758_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
-{ERR_REASON(CCA4758_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
-{ERR_REASON(CCA4758_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},
-{ERR_REASON(CCA4758_R_UNIT_FAILURE) ,"unit failure"},
-{ERR_REASON(CCA4758_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef CCA4758_LIB_NAME
-static ERR_STRING_DATA CCA4758_lib_name[]=
- {
-{0 ,CCA4758_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int CCA4758_lib_error_code=0;
-static int CCA4758_error_init=1;
-
-static void ERR_load_CCA4758_strings(void)
- {
- if (CCA4758_lib_error_code == 0)
- CCA4758_lib_error_code=ERR_get_next_error_library();
-
- if (CCA4758_error_init)
- {
- CCA4758_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_functs);
- ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
-#endif
-
-#ifdef CCA4758_LIB_NAME
- CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code,0,0);
- ERR_load_strings(0,CCA4758_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_CCA4758_strings(void)
- {
- if (CCA4758_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_functs);
- ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
-#endif
-
-#ifdef CCA4758_LIB_NAME
- ERR_unload_strings(0,CCA4758_lib_name);
-#endif
- CCA4758_error_init=1;
- }
- }
-
-static void ERR_CCA4758_error(int function, int reason, char *file, int line)
- {
- if (CCA4758_lib_error_code == 0)
- CCA4758_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(CCA4758_lib_error_code,function,reason,file,line);
- }
diff --git a/crypto/openssl/engines/e_4758cca_err.h b/crypto/openssl/engines/e_4758cca_err.h
deleted file mode 100644
index 3d4276b..0000000
--- a/crypto/openssl/engines/e_4758cca_err.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_CCA4758_ERR_H
-#define HEADER_CCA4758_ERR_H
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_CCA4758_strings(void);
-static void ERR_unload_CCA4758_strings(void);
-static void ERR_CCA4758_error(int function, int reason, char *file, int line);
-#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the CCA4758 functions. */
-
-/* Function codes. */
-#define CCA4758_F_CCA_RSA_SIGN 105
-#define CCA4758_F_CCA_RSA_VERIFY 106
-#define CCA4758_F_IBM_4758_CCA_CTRL 100
-#define CCA4758_F_IBM_4758_CCA_FINISH 101
-#define CCA4758_F_IBM_4758_CCA_INIT 102
-#define CCA4758_F_IBM_4758_LOAD_PRIVKEY 103
-#define CCA4758_F_IBM_4758_LOAD_PUBKEY 104
-
-/* Reason codes. */
-#define CCA4758_R_ALREADY_LOADED 100
-#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD 101
-#define CCA4758_R_COMMAND_NOT_IMPLEMENTED 102
-#define CCA4758_R_DSO_FAILURE 103
-#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY 104
-#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY 105
-#define CCA4758_R_NOT_LOADED 106
-#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
-#define CCA4758_R_UNIT_FAILURE 108
-#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE 109
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/engines/e_aep.c b/crypto/openssl/engines/e_aep.c
deleted file mode 100644
index 7307ddf..0000000
--- a/crypto/openssl/engines/e_aep.c
+++ /dev/null
@@ -1,1137 +0,0 @@
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <string.h>
-
-#include <openssl/e_os2.h>
-#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
-#include <sys/types.h>
-#include <unistd.h>
-#else
-#include <process.h>
-typedef int pid_t;
-#endif
-
-#include <openssl/crypto.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#include <openssl/buffer.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_AEP
-#ifdef FLAT_INC
-#include "aep.h"
-#else
-#include "vendor_defns/aep.h"
-#endif
-
-#define AEP_LIB_NAME "aep engine"
-#define FAIL_TO_SW 0x10101010
-
-#include "e_aep_err.c"
-
-static int aep_init(ENGINE *e);
-static int aep_finish(ENGINE *e);
-static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-static int aep_destroy(ENGINE *e);
-
-static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
-static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);
-static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
-static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
-
-/* BIGNUM stuff */
-#ifndef OPENSSL_NO_RSA
-static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-
-static AEP_RV aep_mod_exp_crt(BIGNUM *r,const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1,
- const BIGNUM *iqmp, BN_CTX *ctx);
-#endif
-
-/* RSA stuff */
-#ifndef OPENSSL_NO_RSA
-static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-#ifndef OPENSSL_NO_RSA
-static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-/* DSA stuff */
-#ifndef OPENSSL_NO_DSA
-static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
-
-static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-#endif
-
-/* DH stuff */
-/* This function is aliased to mod_exp (with the DH and mont dropped). */
-#ifndef OPENSSL_NO_DH
-static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-/* rand stuff */
-#ifdef AEPRAND
-static int aep_rand(unsigned char *buf, int num);
-static int aep_rand_status(void);
-#endif
-
-/* Bignum conversion stuff */
-static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize);
-static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
- unsigned char* AEP_BigNum);
-static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
- unsigned char* AEP_BigNum);
-
-/* The definitions for control commands specific to this engine */
-#define AEP_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN aep_cmd_defns[] =
- {
- { AEP_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'aep' shared library",
- ENGINE_CMD_FLAG_STRING
- },
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD aep_rsa =
- {
- "Aep RSA method",
- NULL, /*rsa_pub_encrypt*/
- NULL, /*rsa_pub_decrypt*/
- NULL, /*rsa_priv_encrypt*/
- NULL, /*rsa_priv_encrypt*/
- aep_rsa_mod_exp, /*rsa_mod_exp*/
- aep_mod_exp_mont, /*bn_mod_exp*/
- NULL, /*init*/
- NULL, /*finish*/
- 0, /*flags*/
- NULL, /*app_data*/
- NULL, /*rsa_sign*/
- NULL, /*rsa_verify*/
- NULL /*rsa_keygen*/
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD aep_dsa =
- {
- "Aep DSA method",
- NULL, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- NULL, /* dsa_do_verify */
- aep_dsa_mod_exp, /* dsa_mod_exp */
- aep_mod_exp_dsa, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD aep_dh =
- {
- "Aep DH method",
- NULL,
- NULL,
- aep_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
-
-#ifdef AEPRAND
-/* our internal RAND_method that we provide pointers to */
-static RAND_METHOD aep_random =
- {
- /*"AEP RAND method", */
- NULL,
- aep_rand,
- NULL,
- NULL,
- aep_rand,
- aep_rand_status,
- };
-#endif
-
-/*Define an array of structures to hold connections*/
-static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];
-
-/*Used to determine if this is a new process*/
-static pid_t recorded_pid = 0;
-
-#ifdef AEPRAND
-static AEP_U8 rand_block[RAND_BLK_SIZE];
-static AEP_U32 rand_block_bytes = 0;
-#endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_aep_id = "aep";
-static const char *engine_aep_name = "Aep hardware engine support";
-
-static int max_key_len = 2176;
-
-
-/* This internal function is used by ENGINE_aep() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_aep(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth2;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth3;
-#endif
-
- if(!ENGINE_set_id(e, engine_aep_id) ||
- !ENGINE_set_name(e, engine_aep_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &aep_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &aep_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &aep_dh) ||
-#endif
-#ifdef AEPRAND
- !ENGINE_set_RAND(e, &aep_random) ||
-#endif
- !ENGINE_set_init_function(e, aep_init) ||
- !ENGINE_set_destroy_function(e, aep_destroy) ||
- !ENGINE_set_finish_function(e, aep_finish) ||
- !ENGINE_set_ctrl_function(e, aep_ctrl) ||
- !ENGINE_set_cmd_defns(e, aep_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the aep-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-
-#ifndef OPENSSL_NO_DSA
- /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
- * bits. */
- meth2 = DSA_OpenSSL();
- aep_dsa.dsa_do_sign = meth2->dsa_do_sign;
- aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
- aep_dsa.dsa_do_verify = meth2->dsa_do_verify;
-
- aep_dsa = *DSA_get_default_method();
- aep_dsa.dsa_mod_exp = aep_dsa_mod_exp;
- aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth3 = DH_OpenSSL();
- aep_dh.generate_key = meth3->generate_key;
- aep_dh.compute_key = meth3->compute_key;
- aep_dh.bn_mod_exp = meth3->bn_mod_exp;
-#endif
-
- /* Ensure the aep error handling is set up */
- ERR_load_AEPHK_strings();
-
- return 1;
-}
-
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_helper(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_aep_id) != 0))
- return 0;
- if(!bind_aep(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-#else
-static ENGINE *engine_aep(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_aep(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_aep(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_aep();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This is a process-global DSO handle used for loading and unloading
- * the Aep library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-static DSO *aep_dso = NULL;
-
-/* These are the static string constants for the DSO file name and the function
- * symbol names to bind to.
-*/
-static const char *AEP_LIBNAME = NULL;
-static const char *get_AEP_LIBNAME(void)
- {
- if(AEP_LIBNAME)
- return AEP_LIBNAME;
- return "aep";
- }
-static void free_AEP_LIBNAME(void)
- {
- if(AEP_LIBNAME)
- OPENSSL_free((void*)AEP_LIBNAME);
- AEP_LIBNAME = NULL;
- }
-static long set_AEP_LIBNAME(const char *name)
- {
- free_AEP_LIBNAME();
- return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
- }
-
-static const char *AEP_F1 = "AEP_ModExp";
-static const char *AEP_F2 = "AEP_ModExpCrt";
-#ifdef AEPRAND
-static const char *AEP_F3 = "AEP_GenRandom";
-#endif
-static const char *AEP_F4 = "AEP_Finalize";
-static const char *AEP_F5 = "AEP_Initialize";
-static const char *AEP_F6 = "AEP_OpenConnection";
-static const char *AEP_F7 = "AEP_SetBNCallBacks";
-static const char *AEP_F8 = "AEP_CloseConnection";
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-static t_AEP_OpenConnection *p_AEP_OpenConnection = NULL;
-static t_AEP_CloseConnection *p_AEP_CloseConnection = NULL;
-static t_AEP_ModExp *p_AEP_ModExp = NULL;
-static t_AEP_ModExpCrt *p_AEP_ModExpCrt = NULL;
-#ifdef AEPRAND
-static t_AEP_GenRandom *p_AEP_GenRandom = NULL;
-#endif
-static t_AEP_Initialize *p_AEP_Initialize = NULL;
-static t_AEP_Finalize *p_AEP_Finalize = NULL;
-static t_AEP_SetBNCallBacks *p_AEP_SetBNCallBacks = NULL;
-
-/* (de)initialisation functions. */
-static int aep_init(ENGINE *e)
- {
- t_AEP_ModExp *p1;
- t_AEP_ModExpCrt *p2;
-#ifdef AEPRAND
- t_AEP_GenRandom *p3;
-#endif
- t_AEP_Finalize *p4;
- t_AEP_Initialize *p5;
- t_AEP_OpenConnection *p6;
- t_AEP_SetBNCallBacks *p7;
- t_AEP_CloseConnection *p8;
-
- int to_return = 0;
-
- if(aep_dso != NULL)
- {
- AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libaep.so. */
-
- aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
-
- if(aep_dso == NULL)
- {
- AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
- goto err;
- }
-
- if( !(p1 = (t_AEP_ModExp *) DSO_bind_func( aep_dso,AEP_F1)) ||
- !(p2 = (t_AEP_ModExpCrt*) DSO_bind_func( aep_dso,AEP_F2)) ||
-#ifdef AEPRAND
- !(p3 = (t_AEP_GenRandom*) DSO_bind_func( aep_dso,AEP_F3)) ||
-#endif
- !(p4 = (t_AEP_Finalize*) DSO_bind_func( aep_dso,AEP_F4)) ||
- !(p5 = (t_AEP_Initialize*) DSO_bind_func( aep_dso,AEP_F5)) ||
- !(p6 = (t_AEP_OpenConnection*) DSO_bind_func( aep_dso,AEP_F6)) ||
- !(p7 = (t_AEP_SetBNCallBacks*) DSO_bind_func( aep_dso,AEP_F7)) ||
- !(p8 = (t_AEP_CloseConnection*) DSO_bind_func( aep_dso,AEP_F8)))
- {
- AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
- goto err;
- }
-
- /* Copy the pointers */
-
- p_AEP_ModExp = p1;
- p_AEP_ModExpCrt = p2;
-#ifdef AEPRAND
- p_AEP_GenRandom = p3;
-#endif
- p_AEP_Finalize = p4;
- p_AEP_Initialize = p5;
- p_AEP_OpenConnection = p6;
- p_AEP_SetBNCallBacks = p7;
- p_AEP_CloseConnection = p8;
-
- to_return = 1;
-
- return to_return;
-
- err:
-
- if(aep_dso)
- DSO_free(aep_dso);
- aep_dso = NULL;
-
- p_AEP_OpenConnection = NULL;
- p_AEP_ModExp = NULL;
- p_AEP_ModExpCrt = NULL;
-#ifdef AEPRAND
- p_AEP_GenRandom = NULL;
-#endif
- p_AEP_Initialize = NULL;
- p_AEP_Finalize = NULL;
- p_AEP_SetBNCallBacks = NULL;
- p_AEP_CloseConnection = NULL;
-
- return to_return;
- }
-
-/* Destructor (complements the "ENGINE_aep()" constructor) */
-static int aep_destroy(ENGINE *e)
- {
- free_AEP_LIBNAME();
- ERR_unload_AEPHK_strings();
- return 1;
- }
-
-static int aep_finish(ENGINE *e)
- {
- int to_return = 0, in_use;
- AEP_RV rv;
-
- if(aep_dso == NULL)
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_NOT_LOADED);
- goto err;
- }
-
- rv = aep_close_all_connections(0, &in_use);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CLOSE_HANDLES_FAILED);
- goto err;
- }
- if (in_use)
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CONNECTIONS_IN_USE);
- goto err;
- }
-
- rv = p_AEP_Finalize();
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_FINALIZE_FAILED);
- goto err;
- }
-
- if(!DSO_free(aep_dso))
- {
- AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_UNIT_FAILURE);
- goto err;
- }
-
- aep_dso = NULL;
- p_AEP_CloseConnection = NULL;
- p_AEP_OpenConnection = NULL;
- p_AEP_ModExp = NULL;
- p_AEP_ModExpCrt = NULL;
-#ifdef AEPRAND
- p_AEP_GenRandom = NULL;
-#endif
- p_AEP_Initialize = NULL;
- p_AEP_Finalize = NULL;
- p_AEP_SetBNCallBacks = NULL;
-
- to_return = 1;
- err:
- return to_return;
- }
-
-static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((aep_dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case AEP_CMD_SO_PATH:
- if(p == NULL)
- {
- AEPHKerr(AEPHK_F_AEP_CTRL,
- ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- AEPHKerr(AEPHK_F_AEP_CTRL,
- AEPHK_R_ALREADY_LOADED);
- return 0;
- }
- return set_AEP_LIBNAME((const char*)p);
- default:
- break;
- }
- AEPHKerr(AEPHK_F_AEP_CTRL,AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- int to_return = 0;
- int r_len = 0;
- AEP_CONNECTION_HNDL hConnection;
- AEP_RV rv;
-
- r_len = BN_num_bits(m);
-
- /* Perform in software if modulus is too large for hardware. */
-
- if (r_len > max_key_len){
- AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- /*Grab a connection from the pool*/
- rv = aep_get_connection(&hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_GET_HANDLE_FAILED);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- /*To the card with the mod exp*/
- rv = p_AEP_ModExp(hConnection,(void*)a, (void*)p,(void*)m, (void*)r,NULL);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_MOD_EXP_FAILED);
- rv = aep_close_connection(hConnection);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- /*Return the connection to the pool*/
- rv = aep_return_connection(hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_RETURN_CONNECTION_FAILED);
- goto err;
- }
-
- to_return = 1;
- err:
- return to_return;
- }
-
-#ifndef OPENSSL_NO_RSA
-static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1,
- const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx)
- {
- AEP_RV rv = AEP_R_OK;
- AEP_CONNECTION_HNDL hConnection;
-
- /*Grab a connection from the pool*/
- rv = aep_get_connection(&hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_GET_HANDLE_FAILED);
- return FAIL_TO_SW;
- }
-
- /*To the card with the mod exp*/
- rv = p_AEP_ModExpCrt(hConnection,(void*)a, (void*)p, (void*)q, (void*)dmp1,(void*)dmq1,
- (void*)iqmp,(void*)r,NULL);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_MOD_EXP_CRT_FAILED);
- rv = aep_close_connection(hConnection);
- return FAIL_TO_SW;
- }
-
- /*Return the connection to the pool*/
- rv = aep_return_connection(hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_RETURN_CONNECTION_FAILED);
- goto err;
- }
-
- err:
- return rv;
- }
-#endif
-
-
-#ifdef AEPRAND
-static int aep_rand(unsigned char *buf,int len )
- {
- AEP_RV rv = AEP_R_OK;
- AEP_CONNECTION_HNDL hConnection;
-
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
- /*Can the request be serviced with what's already in the buffer?*/
- if (len <= rand_block_bytes)
- {
- memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
- rand_block_bytes -= len;
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- }
- else
- /*If not the get another block of random bytes*/
- {
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
- rv = aep_get_connection(&hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_HANDLE_FAILED);
- goto err_nounlock;
- }
-
- if (len > RAND_BLK_SIZE)
- {
- rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED);
- goto err_nounlock;
- }
- }
- else
- {
- CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
- rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2, &rand_block[0], NULL);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED);
-
- goto err;
- }
-
- rand_block_bytes = RAND_BLK_SIZE;
-
- memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
- rand_block_bytes -= len;
-
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- }
-
- rv = aep_return_connection(hConnection);
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED);
-
- goto err_nounlock;
- }
- }
-
- return 1;
- err:
- CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
- err_nounlock:
- return 0;
- }
-
-static int aep_rand_status(void)
-{
- return 1;
-}
-#endif
-
-#ifndef OPENSSL_NO_RSA
-static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- int to_return = 0;
- AEP_RV rv = AEP_R_OK;
-
- if (!aep_dso)
- {
- AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_NOT_LOADED);
- goto err;
- }
-
- /*See if we have all the necessary bits for a crt*/
- if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp)
- {
- rv = aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx);
-
- if (rv == FAIL_TO_SW){
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- to_return = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
- goto err;
- }
- else if (rv != AEP_R_OK)
- goto err;
- }
- else
- {
- if (!rsa->d || !rsa->n)
- {
- AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- rv = aep_mod_exp(r0,I,rsa->d,rsa->n,ctx);
- if (rv != AEP_R_OK)
- goto err;
-
- }
-
- to_return = 1;
-
- err:
- return to_return;
-}
-#endif
-
-#ifndef OPENSSL_NO_DSA
-static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int to_return = 0;
- BN_init(&t);
-
- /* let rr = a1 ^ p1 mod m */
- if (!aep_mod_exp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!aep_mod_exp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- to_return = 1;
- end:
- BN_free(&t);
- return to_return;
- }
-
-static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return aep_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return aep_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return aep_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
- {
- int count;
- AEP_RV rv = AEP_R_OK;
-
- /*Get the current process id*/
- pid_t curr_pid;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-
-#ifndef NETWARE_CLIB
- curr_pid = getpid();
-#else
- curr_pid = GetThreadID();
-#endif
-
- /*Check if this is the first time this is being called from the current
- process*/
- if (recorded_pid != curr_pid)
- {
- /*Remember our pid so we can check if we're in a new process*/
- recorded_pid = curr_pid;
-
- /*Call Finalize to make sure we have not inherited some data
- from a parent process*/
- p_AEP_Finalize();
-
- /*Initialise the AEP API*/
- rv = p_AEP_Initialize(NULL);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_INIT_FAILURE);
- recorded_pid = 0;
- goto end;
- }
-
- /*Set the AEP big num call back functions*/
- rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,
- &ConvertAEPBigNum);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_SETBNCALLBACK_FAILURE);
- recorded_pid = 0;
- goto end;
- }
-
-#ifdef AEPRAND
- /*Reset the rand byte count*/
- rand_block_bytes = 0;
-#endif
-
- /*Init the structures*/
- for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- aep_app_conn_table[count].conn_state = NotConnected;
- aep_app_conn_table[count].conn_hndl = 0;
- }
-
- /*Open a connection*/
- rv = p_AEP_OpenConnection(phConnection);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
- recorded_pid = 0;
- goto end;
- }
-
- aep_app_conn_table[0].conn_state = InUse;
- aep_app_conn_table[0].conn_hndl = *phConnection;
- goto end;
- }
- /*Check the existing connections to see if we can find a free one*/
- for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- if (aep_app_conn_table[count].conn_state == Connected)
- {
- aep_app_conn_table[count].conn_state = InUse;
- *phConnection = aep_app_conn_table[count].conn_hndl;
- goto end;
- }
- }
- /*If no connections available, we're going to have to try
- to open a new one*/
- for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- if (aep_app_conn_table[count].conn_state == NotConnected)
- {
- /*Open a connection*/
- rv = p_AEP_OpenConnection(phConnection);
-
- if (rv != AEP_R_OK)
- {
- AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
- goto end;
- }
-
- aep_app_conn_table[count].conn_state = InUse;
- aep_app_conn_table[count].conn_hndl = *phConnection;
- goto end;
- }
- }
- rv = AEP_R_GENERAL_ERROR;
- end:
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return rv;
- }
-
-
-static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
- {
- int count;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-
- /*Find the connection item that matches this connection handle*/
- for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- if (aep_app_conn_table[count].conn_hndl == hConnection)
- {
- aep_app_conn_table[count].conn_state = Connected;
- break;
- }
- }
-
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-
- return AEP_R_OK;
- }
-
-static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
- {
- int count;
- AEP_RV rv = AEP_R_OK;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-
- /*Find the connection item that matches this connection handle*/
- for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- if (aep_app_conn_table[count].conn_hndl == hConnection)
- {
- rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
- if (rv != AEP_R_OK)
- goto end;
- aep_app_conn_table[count].conn_state = NotConnected;
- aep_app_conn_table[count].conn_hndl = 0;
- break;
- }
- }
-
- end:
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return rv;
- }
-
-static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
- {
- int count;
- AEP_RV rv = AEP_R_OK;
-
- *in_use = 0;
- if (use_engine_lock) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
- {
- switch (aep_app_conn_table[count].conn_state)
- {
- case Connected:
- rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
- if (rv != AEP_R_OK)
- goto end;
- aep_app_conn_table[count].conn_state = NotConnected;
- aep_app_conn_table[count].conn_hndl = 0;
- break;
- case InUse:
- (*in_use)++;
- break;
- case NotConnected:
- break;
- }
- }
- end:
- if (use_engine_lock) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- return rv;
- }
-
-/*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums.
- Note only 32bit Openssl build support*/
-
-static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize)
- {
- BIGNUM* bn;
-
- /*Cast the ArbBigNum pointer to our BIGNUM struct*/
- bn = (BIGNUM*) ArbBigNum;
-
-#ifdef SIXTY_FOUR_BIT_LONG
- *BigNumSize = bn->top << 3;
-#else
- /*Size of the bignum in bytes is equal to the bn->top (no of 32 bit
- words) multiplies by 4*/
- *BigNumSize = bn->top << 2;
-#endif
-
- return AEP_R_OK;
- }
-
-static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
- unsigned char* AEP_BigNum)
- {
- BIGNUM* bn;
-
-#ifndef SIXTY_FOUR_BIT_LONG
- unsigned char* buf;
- int i;
-#endif
-
- /*Cast the ArbBigNum pointer to our BIGNUM struct*/
- bn = (BIGNUM*) ArbBigNum;
-
-#ifdef SIXTY_FOUR_BIT_LONG
- memcpy(AEP_BigNum, bn->d, BigNumSize);
-#else
- /*Must copy data into a (monotone) least significant byte first format
- performing endian conversion if necessary*/
- for(i=0;i<bn->top;i++)
- {
- buf = (unsigned char*)&bn->d[i];
-
- *((AEP_U32*)AEP_BigNum) = (AEP_U32)
- ((unsigned) buf[1] << 8 | buf[0]) |
- ((unsigned) buf[3] << 8 | buf[2]) << 16;
-
- AEP_BigNum += 4;
- }
-#endif
-
- return AEP_R_OK;
- }
-
-/*Turn an AEP Big Num back to a user big num*/
-static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
- unsigned char* AEP_BigNum)
- {
- BIGNUM* bn;
-#ifndef SIXTY_FOUR_BIT_LONG
- int i;
-#endif
-
- bn = (BIGNUM*)ArbBigNum;
-
- /*Expand the result bn so that it can hold our big num.
- Size is in bits*/
- bn_expand(bn, (int)(BigNumSize << 3));
-
-#ifdef SIXTY_FOUR_BIT_LONG
- bn->top = BigNumSize >> 3;
-
- if((BigNumSize & 7) != 0)
- bn->top++;
-
- memset(bn->d, 0, bn->top << 3);
-
- memcpy(bn->d, AEP_BigNum, BigNumSize);
-#else
- bn->top = BigNumSize >> 2;
-
- for(i=0;i<bn->top;i++)
- {
- bn->d[i] = (AEP_U32)
- ((unsigned) AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
- ((unsigned) AEP_BigNum[1] << 8 | AEP_BigNum[0]);
- AEP_BigNum += 4;
- }
-#endif
-
- return AEP_R_OK;
-}
-
-#endif /* !OPENSSL_NO_HW_AEP */
-#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/engines/e_aep.ec b/crypto/openssl/engines/e_aep.ec
deleted file mode 100644
index 8eae642..0000000
--- a/crypto/openssl/engines/e_aep.ec
+++ /dev/null
@@ -1 +0,0 @@
-L AEPHK e_aep_err.h e_aep_err.c
diff --git a/crypto/openssl/engines/e_aep_err.c b/crypto/openssl/engines/e_aep_err.c
deleted file mode 100644
index 3f95881..0000000
--- a/crypto/openssl/engines/e_aep_err.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/* e_aep_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_aep_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA AEPHK_str_functs[]=
- {
-{ERR_FUNC(AEPHK_F_AEP_CTRL), "AEP_CTRL"},
-{ERR_FUNC(AEPHK_F_AEP_FINISH), "AEP_FINISH"},
-{ERR_FUNC(AEPHK_F_AEP_GET_CONNECTION), "AEP_GET_CONNECTION"},
-{ERR_FUNC(AEPHK_F_AEP_INIT), "AEP_INIT"},
-{ERR_FUNC(AEPHK_F_AEP_MOD_EXP), "AEP_MOD_EXP"},
-{ERR_FUNC(AEPHK_F_AEP_MOD_EXP_CRT), "AEP_MOD_EXP_CRT"},
-{ERR_FUNC(AEPHK_F_AEP_RAND), "AEP_RAND"},
-{ERR_FUNC(AEPHK_F_AEP_RSA_MOD_EXP), "AEP_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA AEPHK_str_reasons[]=
- {
-{ERR_REASON(AEPHK_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(AEPHK_R_CLOSE_HANDLES_FAILED),"close handles failed"},
-{ERR_REASON(AEPHK_R_CONNECTIONS_IN_USE) ,"connections in use"},
-{ERR_REASON(AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(AEPHK_R_FINALIZE_FAILED) ,"finalize failed"},
-{ERR_REASON(AEPHK_R_GET_HANDLE_FAILED) ,"get handle failed"},
-{ERR_REASON(AEPHK_R_GET_RANDOM_FAILED) ,"get random failed"},
-{ERR_REASON(AEPHK_R_INIT_FAILURE) ,"init failure"},
-{ERR_REASON(AEPHK_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(AEPHK_R_MOD_EXP_CRT_FAILED) ,"mod exp crt failed"},
-{ERR_REASON(AEPHK_R_MOD_EXP_FAILED) ,"mod exp failed"},
-{ERR_REASON(AEPHK_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(AEPHK_R_OK) ,"ok"},
-{ERR_REASON(AEPHK_R_RETURN_CONNECTION_FAILED),"return connection failed"},
-{ERR_REASON(AEPHK_R_SETBNCALLBACK_FAILURE),"setbncallback failure"},
-{ERR_REASON(AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},
-{ERR_REASON(AEPHK_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef AEPHK_LIB_NAME
-static ERR_STRING_DATA AEPHK_lib_name[]=
- {
-{0 ,AEPHK_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int AEPHK_lib_error_code=0;
-static int AEPHK_error_init=1;
-
-static void ERR_load_AEPHK_strings(void)
- {
- if (AEPHK_lib_error_code == 0)
- AEPHK_lib_error_code=ERR_get_next_error_library();
-
- if (AEPHK_error_init)
- {
- AEPHK_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_functs);
- ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
-#endif
-
-#ifdef AEPHK_LIB_NAME
- AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code,0,0);
- ERR_load_strings(0,AEPHK_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_AEPHK_strings(void)
- {
- if (AEPHK_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_functs);
- ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
-#endif
-
-#ifdef AEPHK_LIB_NAME
- ERR_unload_strings(0,AEPHK_lib_name);
-#endif
- AEPHK_error_init=1;
- }
- }
-
-static void ERR_AEPHK_error(int function, int reason, char *file, int line)
- {
- if (AEPHK_lib_error_code == 0)
- AEPHK_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(AEPHK_lib_error_code,function,reason,file,line);
- }
diff --git a/crypto/openssl/engines/e_aep_err.h b/crypto/openssl/engines/e_aep_err.h
deleted file mode 100644
index 8fe4cf9..0000000
--- a/crypto/openssl/engines/e_aep_err.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_AEPHK_ERR_H
-#define HEADER_AEPHK_ERR_H
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_AEPHK_strings(void);
-static void ERR_unload_AEPHK_strings(void);
-static void ERR_AEPHK_error(int function, int reason, char *file, int line);
-#define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the AEPHK functions. */
-
-/* Function codes. */
-#define AEPHK_F_AEP_CTRL 100
-#define AEPHK_F_AEP_FINISH 101
-#define AEPHK_F_AEP_GET_CONNECTION 102
-#define AEPHK_F_AEP_INIT 103
-#define AEPHK_F_AEP_MOD_EXP 104
-#define AEPHK_F_AEP_MOD_EXP_CRT 105
-#define AEPHK_F_AEP_RAND 106
-#define AEPHK_F_AEP_RSA_MOD_EXP 107
-
-/* Reason codes. */
-#define AEPHK_R_ALREADY_LOADED 100
-#define AEPHK_R_CLOSE_HANDLES_FAILED 101
-#define AEPHK_R_CONNECTIONS_IN_USE 102
-#define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
-#define AEPHK_R_FINALIZE_FAILED 104
-#define AEPHK_R_GET_HANDLE_FAILED 105
-#define AEPHK_R_GET_RANDOM_FAILED 106
-#define AEPHK_R_INIT_FAILURE 107
-#define AEPHK_R_MISSING_KEY_COMPONENTS 108
-#define AEPHK_R_MOD_EXP_CRT_FAILED 109
-#define AEPHK_R_MOD_EXP_FAILED 110
-#define AEPHK_R_NOT_LOADED 111
-#define AEPHK_R_OK 112
-#define AEPHK_R_RETURN_CONNECTION_FAILED 113
-#define AEPHK_R_SETBNCALLBACK_FAILURE 114
-#define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL 116
-#define AEPHK_R_UNIT_FAILURE 115
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/engines/e_atalla.c b/crypto/openssl/engines/e_atalla.c
deleted file mode 100644
index fabaa86..0000000
--- a/crypto/openssl/engines/e_atalla.c
+++ /dev/null
@@ -1,607 +0,0 @@
-/* crypto/engine/hw_atalla.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_ATALLA
-
-#ifdef FLAT_INC
-#include "atalla.h"
-#else
-#include "vendor_defns/atalla.h"
-#endif
-
-#define ATALLA_LIB_NAME "atalla engine"
-#include "e_atalla_err.c"
-
-static int atalla_destroy(ENGINE *e);
-static int atalla_init(ENGINE *e);
-static int atalla_finish(ENGINE *e);
-static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-
-/* BIGNUM stuff */
-static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-
-#ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* DSA stuff */
-static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
-static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* DH stuff */
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-/* The definitions for control commands specific to this engine */
-#define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
- {ATALLA_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'atasi' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD atalla_rsa =
- {
- "Atalla RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- atalla_rsa_mod_exp,
- atalla_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD atalla_dsa =
- {
- "Atalla DSA method",
- NULL, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- NULL, /* dsa_do_verify */
- atalla_dsa_mod_exp, /* dsa_mod_exp */
- atalla_mod_exp_dsa, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD atalla_dh =
- {
- "Atalla DH method",
- NULL,
- NULL,
- atalla_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_atalla_id = "atalla";
-static const char *engine_atalla_name = "Atalla hardware engine support";
-
-/* This internal function is used by ENGINE_atalla() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth2;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth3;
-#endif
- if(!ENGINE_set_id(e, engine_atalla_id) ||
- !ENGINE_set_name(e, engine_atalla_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &atalla_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &atalla_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &atalla_dh) ||
-#endif
- !ENGINE_set_destroy_function(e, atalla_destroy) ||
- !ENGINE_set_init_function(e, atalla_init) ||
- !ENGINE_set_finish_function(e, atalla_finish) ||
- !ENGINE_set_ctrl_function(e, atalla_ctrl) ||
- !ENGINE_set_cmd_defns(e, atalla_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the atalla-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DSA
- /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
- * bits. */
- meth2 = DSA_OpenSSL();
- atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
- atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
- atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth3 = DH_OpenSSL();
- atalla_dh.generate_key = meth3->generate_key;
- atalla_dh.compute_key = meth3->compute_key;
-#endif
-
- /* Ensure the atalla error handling is set up */
- ERR_load_ATALLA_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_atalla(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_atalla(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_atalla();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This is a process-global DSO handle used for loading and unloading
- * the Atalla library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-static DSO *atalla_dso = NULL;
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
-static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
-static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
-
-/* These are the static string constants for the DSO file name and the function
- * symbol names to bind to. Regrettably, the DSO name on *nix appears to be
- * "atasi.so" rather than something more consistent like "libatasi.so". At the
- * time of writing, I'm not sure what the file name on win32 is but clearly
- * native name translation is not possible (eg libatasi.so on *nix, and
- * atasi.dll on win32). For the purposes of testing, I have created a symbollic
- * link called "libatasi.so" so that we can use native name-translation - a
- * better solution will be needed. */
-static const char *ATALLA_LIBNAME = NULL;
-static const char *get_ATALLA_LIBNAME(void)
- {
- if(ATALLA_LIBNAME)
- return ATALLA_LIBNAME;
- return "atasi";
- }
-static void free_ATALLA_LIBNAME(void)
- {
- if(ATALLA_LIBNAME)
- OPENSSL_free((void*)ATALLA_LIBNAME);
- ATALLA_LIBNAME = NULL;
- }
-static long set_ATALLA_LIBNAME(const char *name)
- {
- free_ATALLA_LIBNAME();
- return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
-static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
-static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
-static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
-
-/* Destructor (complements the "ENGINE_atalla()" constructor) */
-static int atalla_destroy(ENGINE *e)
- {
- free_ATALLA_LIBNAME();
- /* Unload the atalla error strings so any error state including our
- * functs or reasons won't lead to a segfault (they simply get displayed
- * without corresponding string data because none will be found). */
- ERR_unload_ATALLA_strings();
- return 1;
- }
-
-/* (de)initialisation functions. */
-static int atalla_init(ENGINE *e)
- {
- tfnASI_GetHardwareConfig *p1;
- tfnASI_RSAPrivateKeyOpFn *p2;
- tfnASI_GetPerformanceStatistics *p3;
- /* Not sure of the origin of this magic value, but Ben's code had it
- * and it seemed to have been working for a few people. :-) */
- unsigned int config_buf[1024];
-
- if(atalla_dso != NULL)
- {
- ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
- * changed unfortunately because the Atalla drivers don't have
- * standard library names that can be platform-translated well. */
- /* TODO: Work out how to actually map to the names the Atalla
- * drivers really use - for now a symbollic link needs to be
- * created on the host system from libatasi.so to atasi.so on
- * unix variants. */
- atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
- if(atalla_dso == NULL)
- {
- ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
- goto err;
- }
- if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
- atalla_dso, ATALLA_F1)) ||
- !(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
- atalla_dso, ATALLA_F2)) ||
- !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
- atalla_dso, ATALLA_F3)))
- {
- ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
- goto err;
- }
- /* Copy the pointers */
- p_Atalla_GetHardwareConfig = p1;
- p_Atalla_RSAPrivateKeyOpFn = p2;
- p_Atalla_GetPerformanceStatistics = p3;
- /* Perform a basic test to see if there's actually any unit
- * running. */
- if(p1(0L, config_buf) != 0)
- {
- ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE);
- goto err;
- }
- /* Everything's fine. */
- return 1;
-err:
- if(atalla_dso)
- DSO_free(atalla_dso);
- atalla_dso = NULL;
- p_Atalla_GetHardwareConfig = NULL;
- p_Atalla_RSAPrivateKeyOpFn = NULL;
- p_Atalla_GetPerformanceStatistics = NULL;
- return 0;
- }
-
-static int atalla_finish(ENGINE *e)
- {
- free_ATALLA_LIBNAME();
- if(atalla_dso == NULL)
- {
- ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(atalla_dso))
- {
- ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE);
- return 0;
- }
- atalla_dso = NULL;
- p_Atalla_GetHardwareConfig = NULL;
- p_Atalla_RSAPrivateKeyOpFn = NULL;
- p_Atalla_GetPerformanceStatistics = NULL;
- return 1;
- }
-
-static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((atalla_dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case ATALLA_CMD_SO_PATH:
- if(p == NULL)
- {
- ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED);
- return 0;
- }
- return set_ATALLA_LIBNAME((const char *)p);
- default:
- break;
- }
- ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- /* I need somewhere to store temporary serialised values for
- * use with the Atalla API calls. A neat cheat - I'll use
- * BIGNUMs from the BN_CTX but access their arrays directly as
- * byte arrays <grin>. This way I don't have to clean anything
- * up. */
- BIGNUM *modulus;
- BIGNUM *exponent;
- BIGNUM *argument;
- BIGNUM *result;
- RSAPrivateKey keydata;
- int to_return, numbytes;
-
- modulus = exponent = argument = result = NULL;
- to_return = 0; /* expect failure */
-
- if(!atalla_dso)
- {
- ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED);
- goto err;
- }
- /* Prepare the params */
- BN_CTX_start(ctx);
- modulus = BN_CTX_get(ctx);
- exponent = BN_CTX_get(ctx);
- argument = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- if (!result)
- {
- ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL);
- goto err;
- }
- if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
- !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
- {
- ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL);
- goto err;
- }
- /* Prepare the key-data */
- memset(&keydata, 0,sizeof keydata);
- numbytes = BN_num_bytes(m);
- memset(exponent->d, 0, numbytes);
- memset(modulus->d, 0, numbytes);
- BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
- BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
- keydata.privateExponent.data = (unsigned char *)exponent->d;
- keydata.privateExponent.len = numbytes;
- keydata.modulus.data = (unsigned char *)modulus->d;
- keydata.modulus.len = numbytes;
- /* Prepare the argument */
- memset(argument->d, 0, numbytes);
- memset(result->d, 0, numbytes);
- BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
- /* Perform the operation */
- if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
- (unsigned char *)argument->d,
- keydata.modulus.len) != 0)
- {
- ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED);
- goto err;
- }
- /* Convert the response */
- BN_bin2bn((unsigned char *)result->d, numbytes, r);
- to_return = 1;
-err:
- BN_CTX_end(ctx);
- return to_return;
- }
-
-#ifndef OPENSSL_NO_RSA
-static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- int to_return = 0;
-
- if(!atalla_dso)
- {
- ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED);
- goto err;
- }
- if(!rsa->d || !rsa->n)
- {
- ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
- to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
-err:
- return to_return;
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* This code was liberated and adapted from the commented-out code in
- * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
- * (it doesn't have a CRT form for RSA), this function means that an
- * Atalla system running with a DSA server certificate can handshake
- * around 5 or 6 times faster/more than an equivalent system running with
- * RSA. Just check out the "signs" statistics from the RSA and DSA parts
- * of "openssl speed -engine atalla dsa1024 rsa1024". */
-static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int to_return = 0;
-
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- to_return = 1;
-end:
- BN_free(&t);
- return to_return;
- }
-
-static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return atalla_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return atalla_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return atalla_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_atalla_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif /* !OPENSSL_NO_HW_ATALLA */
-#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/engines/e_atalla.ec b/crypto/openssl/engines/e_atalla.ec
deleted file mode 100644
index 1d735e1..0000000
--- a/crypto/openssl/engines/e_atalla.ec
+++ /dev/null
@@ -1 +0,0 @@
-L ATALLA e_atalla_err.h e_atalla_err.c
diff --git a/crypto/openssl/engines/e_atalla_err.c b/crypto/openssl/engines/e_atalla_err.c
deleted file mode 100644
index fd3e004..0000000
--- a/crypto/openssl/engines/e_atalla_err.c
+++ /dev/null
@@ -1,149 +0,0 @@
-/* e_atalla_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_atalla_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA ATALLA_str_functs[]=
- {
-{ERR_FUNC(ATALLA_F_ATALLA_CTRL), "ATALLA_CTRL"},
-{ERR_FUNC(ATALLA_F_ATALLA_FINISH), "ATALLA_FINISH"},
-{ERR_FUNC(ATALLA_F_ATALLA_INIT), "ATALLA_INIT"},
-{ERR_FUNC(ATALLA_F_ATALLA_MOD_EXP), "ATALLA_MOD_EXP"},
-{ERR_FUNC(ATALLA_F_ATALLA_RSA_MOD_EXP), "ATALLA_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA ATALLA_str_reasons[]=
- {
-{ERR_REASON(ATALLA_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(ATALLA_R_BN_CTX_FULL) ,"bn ctx full"},
-{ERR_REASON(ATALLA_R_BN_EXPAND_FAIL) ,"bn expand fail"},
-{ERR_REASON(ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(ATALLA_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(ATALLA_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(ATALLA_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(ATALLA_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef ATALLA_LIB_NAME
-static ERR_STRING_DATA ATALLA_lib_name[]=
- {
-{0 ,ATALLA_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int ATALLA_lib_error_code=0;
-static int ATALLA_error_init=1;
-
-static void ERR_load_ATALLA_strings(void)
- {
- if (ATALLA_lib_error_code == 0)
- ATALLA_lib_error_code=ERR_get_next_error_library();
-
- if (ATALLA_error_init)
- {
- ATALLA_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_functs);
- ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
-#endif
-
-#ifdef ATALLA_LIB_NAME
- ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code,0,0);
- ERR_load_strings(0,ATALLA_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_ATALLA_strings(void)
- {
- if (ATALLA_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_functs);
- ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
-#endif
-
-#ifdef ATALLA_LIB_NAME
- ERR_unload_strings(0,ATALLA_lib_name);
-#endif
- ATALLA_error_init=1;
- }
- }
-
-static void ERR_ATALLA_error(int function, int reason, char *file, int line)
- {
- if (ATALLA_lib_error_code == 0)
- ATALLA_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(ATALLA_lib_error_code,function,reason,file,line);
- }
diff --git a/crypto/openssl/engines/e_atalla_err.h b/crypto/openssl/engines/e_atalla_err.h
deleted file mode 100644
index cdac052..0000000
--- a/crypto/openssl/engines/e_atalla_err.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_ATALLA_ERR_H
-#define HEADER_ATALLA_ERR_H
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_ATALLA_strings(void);
-static void ERR_unload_ATALLA_strings(void);
-static void ERR_ATALLA_error(int function, int reason, char *file, int line);
-#define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the ATALLA functions. */
-
-/* Function codes. */
-#define ATALLA_F_ATALLA_CTRL 100
-#define ATALLA_F_ATALLA_FINISH 101
-#define ATALLA_F_ATALLA_INIT 102
-#define ATALLA_F_ATALLA_MOD_EXP 103
-#define ATALLA_F_ATALLA_RSA_MOD_EXP 104
-
-/* Reason codes. */
-#define ATALLA_R_ALREADY_LOADED 100
-#define ATALLA_R_BN_CTX_FULL 101
-#define ATALLA_R_BN_EXPAND_FAIL 102
-#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
-#define ATALLA_R_MISSING_KEY_COMPONENTS 104
-#define ATALLA_R_NOT_LOADED 105
-#define ATALLA_R_REQUEST_FAILED 106
-#define ATALLA_R_UNIT_FAILURE 107
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/engines/e_chil.c b/crypto/openssl/engines/e_chil.c
deleted file mode 100644
index 26108ca..0000000
--- a/crypto/openssl/engines/e_chil.c
+++ /dev/null
@@ -1,1374 +0,0 @@
-/* crypto/engine/e_chil.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
- * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com)
- * for the OpenSSL project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/pem.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#include <openssl/ui.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_CHIL
-
-/* Attribution notice: nCipher have said several times that it's OK for
- * us to implement a general interface to their boxes, and recently declared
- * their HWCryptoHook to be public, and therefore available for us to use.
- * Thanks, nCipher.
- *
- * The hwcryptohook.h included here is from May 2000.
- * [Richard Levitte]
- */
-#ifdef FLAT_INC
-#include "hwcryptohook.h"
-#else
-#include "vendor_defns/hwcryptohook.h"
-#endif
-
-#define HWCRHK_LIB_NAME "CHIL engine"
-#include "e_chil_err.c"
-
-static int hwcrhk_destroy(ENGINE *e);
-static int hwcrhk_init(ENGINE *e);
-static int hwcrhk_finish(ENGINE *e);
-static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-
-/* Functions to handle mutexes */
-static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);
-static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*);
-static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*);
-static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
-
-/* BIGNUM stuff */
-static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-
-#ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
-#ifndef OPENSSL_NO_RSA
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* DH stuff */
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-/* RAND stuff */
-static int hwcrhk_rand_bytes(unsigned char *buf, int num);
-static int hwcrhk_rand_status(void);
-
-/* KM stuff */
-static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
-static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
-#ifndef OPENSSL_NO_RSA
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int ind,long argl, void *argp);
-#endif
-
-/* Interaction stuff */
-static int hwcrhk_insert_card(const char *prompt_info,
- const char *wrong_info,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx);
-static int hwcrhk_get_pass(const char *prompt_info,
- int *len_io, char *buf,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx);
-static void hwcrhk_log_message(void *logstr, const char *message);
-
-/* The definitions for control commands specific to this engine */
-#define HWCRHK_CMD_SO_PATH ENGINE_CMD_BASE
-#define HWCRHK_CMD_FORK_CHECK (ENGINE_CMD_BASE + 1)
-#define HWCRHK_CMD_THREAD_LOCKING (ENGINE_CMD_BASE + 2)
-#define HWCRHK_CMD_SET_USER_INTERFACE (ENGINE_CMD_BASE + 3)
-#define HWCRHK_CMD_SET_CALLBACK_DATA (ENGINE_CMD_BASE + 4)
-static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
- {HWCRHK_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'hwcrhk' shared library",
- ENGINE_CMD_FLAG_STRING},
- {HWCRHK_CMD_FORK_CHECK,
- "FORK_CHECK",
- "Turns fork() checking on or off (boolean)",
- ENGINE_CMD_FLAG_NUMERIC},
- {HWCRHK_CMD_THREAD_LOCKING,
- "THREAD_LOCKING",
- "Turns thread-safe locking on or off (boolean)",
- ENGINE_CMD_FLAG_NUMERIC},
- {HWCRHK_CMD_SET_USER_INTERFACE,
- "SET_USER_INTERFACE",
- "Set the global user interface (internal)",
- ENGINE_CMD_FLAG_INTERNAL},
- {HWCRHK_CMD_SET_CALLBACK_DATA,
- "SET_CALLBACK_DATA",
- "Set the global user interface extra data (internal)",
- ENGINE_CMD_FLAG_INTERNAL},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD hwcrhk_rsa =
- {
- "CHIL RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- hwcrhk_rsa_mod_exp,
- hwcrhk_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD hwcrhk_dh =
- {
- "CHIL DH method",
- NULL,
- NULL,
- hwcrhk_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
-
-static RAND_METHOD hwcrhk_rand =
- {
- /* "CHIL RAND method", */
- NULL,
- hwcrhk_rand_bytes,
- NULL,
- NULL,
- hwcrhk_rand_bytes,
- hwcrhk_rand_status,
- };
-
-/* Constants used when creating the ENGINE */
-static const char *engine_hwcrhk_id = "chil";
-static const char *engine_hwcrhk_name = "CHIL hardware engine support";
-
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-/* Compatibility hack, the dynamic library uses this form in the path */
-static const char *engine_hwcrhk_id_alt = "ncipher";
-#endif
-
-/* Internal stuff for HWCryptoHook */
-
-/* Some structures needed for proper use of thread locks */
-/* hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
- into HWCryptoHook_Mutex */
-struct HWCryptoHook_MutexValue
- {
- int lockid;
- };
-
-/* hwcryptohook.h has some typedefs that turn
- struct HWCryptoHook_PassphraseContextValue
- into HWCryptoHook_PassphraseContext */
-struct HWCryptoHook_PassphraseContextValue
- {
- UI_METHOD *ui_method;
- void *callback_data;
- };
-
-/* hwcryptohook.h has some typedefs that turn
- struct HWCryptoHook_CallerContextValue
- into HWCryptoHook_CallerContext */
-struct HWCryptoHook_CallerContextValue
- {
- pem_password_cb *password_callback; /* Deprecated! Only present for
- backward compatibility! */
- UI_METHOD *ui_method;
- void *callback_data;
- };
-
-/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
- BIGNUM's, so lets define a couple of conversion macros */
-#define BN2MPI(mp, bn) \
- {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
-#define MPI2BN(bn, mp) \
- {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
-
-static BIO *logstream = NULL;
-static int disable_mutex_callbacks = 0;
-
-/* One might wonder why these are needed, since one can pass down at least
- a UI_METHOD and a pointer to callback data to the key-loading functions.
- The thing is that the ModExp and RSAImmed functions can load keys as well,
- if the data they get is in a special, nCipher-defined format (hint: if you
- look at the private exponent of the RSA data as a string, you'll see this
- string: "nCipher KM tool key id", followed by some bytes, followed a key
- identity string, followed by more bytes. This happens when you use "embed"
- keys instead of "hwcrhk" keys). Unfortunately, those functions do not take
- any passphrase or caller context, and our functions can't really take any
- callback data either. Still, the "insert_card" and "get_passphrase"
- callbacks may be called down the line, and will need to know what user
- interface callbacks to call, and having callback data from the application
- may be a nice thing as well, so we need to keep track of that globally. */
-static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
-
-/* Stuff to pass to the HWCryptoHook library */
-static HWCryptoHook_InitInfo hwcrhk_globals = {
- HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */
- &logstream, /* logstream */
- sizeof(BN_ULONG), /* limbsize */
- 0, /* mslimb first: false for BNs */
- -1, /* msbyte first: use native */
- 0, /* Max mutexes, 0 = no small limit */
- 0, /* Max simultaneous, 0 = default */
-
- /* The next few are mutex stuff: we write wrapper functions
- around the OS mutex functions. We initialise them to 0
- here, and change that to actual function pointers in hwcrhk_init()
- if dynamic locks are supported (that is, if the application
- programmer has made sure of setting up callbacks bafore starting
- this engine) *and* if disable_mutex_callbacks hasn't been set by
- a call to ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). */
- sizeof(HWCryptoHook_Mutex),
- 0,
- 0,
- 0,
- 0,
-
- /* The next few are condvar stuff: we write wrapper functions
- round the OS functions. Currently not implemented and not
- and absolute necessity even in threaded programs, therefore
- 0'ed. Will hopefully be implemented some day, since it
- enhances the efficiency of HWCryptoHook. */
- 0, /* sizeof(HWCryptoHook_CondVar), */
- 0, /* hwcrhk_cv_init, */
- 0, /* hwcrhk_cv_wait, */
- 0, /* hwcrhk_cv_signal, */
- 0, /* hwcrhk_cv_broadcast, */
- 0, /* hwcrhk_cv_destroy, */
-
- hwcrhk_get_pass, /* pass phrase */
- hwcrhk_insert_card, /* insert a card */
- hwcrhk_log_message /* Log message */
-};
-
-
-/* Now, to our own code */
-
-/* This internal function is used by ENGINE_chil() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth2;
-#endif
- if(!ENGINE_set_id(e, engine_hwcrhk_id) ||
- !ENGINE_set_name(e, engine_hwcrhk_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &hwcrhk_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &hwcrhk_dh) ||
-#endif
- !ENGINE_set_RAND(e, &hwcrhk_rand) ||
- !ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
- !ENGINE_set_init_function(e, hwcrhk_init) ||
- !ENGINE_set_finish_function(e, hwcrhk_finish) ||
- !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
- !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
- !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
- !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the cswift-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth2 = DH_OpenSSL();
- hwcrhk_dh.generate_key = meth2->generate_key;
- hwcrhk_dh.compute_key = meth2->compute_key;
-#endif
-
- /* Ensure the hwcrhk error handling is set up */
- ERR_load_HWCRHK_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_chil(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_chil(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_chil();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This is a process-global DSO handle used for loading and unloading
- * the HWCryptoHook library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-static DSO *hwcrhk_dso = NULL;
-static HWCryptoHook_ContextHandle hwcrhk_context = 0;
-#ifndef OPENSSL_NO_RSA
-static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */
-#endif
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
-static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
-static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
-#ifndef OPENSSL_NO_RSA
-static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
-#endif
-static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
-#ifndef OPENSSL_NO_RSA
-static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
-static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
-static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
-#endif
-static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
-
-/* Used in the DSO operations. */
-static const char *HWCRHK_LIBNAME = NULL;
-static void free_HWCRHK_LIBNAME(void)
- {
- if(HWCRHK_LIBNAME)
- OPENSSL_free((void*)HWCRHK_LIBNAME);
- HWCRHK_LIBNAME = NULL;
- }
-static const char *get_HWCRHK_LIBNAME(void)
- {
- if(HWCRHK_LIBNAME)
- return HWCRHK_LIBNAME;
- return "nfhwcrhk";
- }
-static long set_HWCRHK_LIBNAME(const char *name)
- {
- free_HWCRHK_LIBNAME();
- return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
-static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
-static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
-static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
-#ifndef OPENSSL_NO_RSA
-static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
-#endif
-static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
-#ifndef OPENSSL_NO_RSA
-static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
-static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
-static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
-#endif
-static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
-
-/* HWCryptoHook library functions and mechanics - these are used by the
- * higher-level functions further down. NB: As and where there's no
- * error checking, take a look lower down where these functions are
- * called, the checking and error handling is probably down there. */
-
-/* utility function to obtain a context */
-static int get_context(HWCryptoHook_ContextHandle *hac,
- HWCryptoHook_CallerContext *cac)
- {
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
-
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
- *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
- cac);
- if (!*hac)
- return 0;
- return 1;
- }
-
-/* similarly to release one. */
-static void release_context(HWCryptoHook_ContextHandle hac)
- {
- p_hwcrhk_Finish(hac);
- }
-
-/* Destructor (complements the "ENGINE_chil()" constructor) */
-static int hwcrhk_destroy(ENGINE *e)
- {
- free_HWCRHK_LIBNAME();
- ERR_unload_HWCRHK_strings();
- return 1;
- }
-
-/* (de)initialisation functions. */
-static int hwcrhk_init(ENGINE *e)
- {
- HWCryptoHook_Init_t *p1;
- HWCryptoHook_Finish_t *p2;
- HWCryptoHook_ModExp_t *p3;
-#ifndef OPENSSL_NO_RSA
- HWCryptoHook_RSA_t *p4;
- HWCryptoHook_RSALoadKey_t *p5;
- HWCryptoHook_RSAGetPublicKey_t *p6;
- HWCryptoHook_RSAUnloadKey_t *p7;
-#endif
- HWCryptoHook_RandomBytes_t *p8;
- HWCryptoHook_ModExpCRT_t *p9;
-
- if(hwcrhk_dso != NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
- hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
- if(hwcrhk_dso == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
- goto err;
- }
- if(!(p1 = (HWCryptoHook_Init_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
- !(p2 = (HWCryptoHook_Finish_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
- !(p3 = (HWCryptoHook_ModExp_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
-#ifndef OPENSSL_NO_RSA
- !(p4 = (HWCryptoHook_RSA_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
- !(p5 = (HWCryptoHook_RSALoadKey_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
- !(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
- !(p7 = (HWCryptoHook_RSAUnloadKey_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
-#endif
- !(p8 = (HWCryptoHook_RandomBytes_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
- !(p9 = (HWCryptoHook_ModExpCRT_t *)
- DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
- goto err;
- }
- /* Copy the pointers */
- p_hwcrhk_Init = p1;
- p_hwcrhk_Finish = p2;
- p_hwcrhk_ModExp = p3;
-#ifndef OPENSSL_NO_RSA
- p_hwcrhk_RSA = p4;
- p_hwcrhk_RSALoadKey = p5;
- p_hwcrhk_RSAGetPublicKey = p6;
- p_hwcrhk_RSAUnloadKey = p7;
-#endif
- p_hwcrhk_RandomBytes = p8;
- p_hwcrhk_ModExpCRT = p9;
-
- /* Check if the application decided to support dynamic locks,
- and if it does, use them. */
- if (disable_mutex_callbacks == 0)
- {
- if (CRYPTO_get_dynlock_create_callback() != NULL &&
- CRYPTO_get_dynlock_lock_callback() != NULL &&
- CRYPTO_get_dynlock_destroy_callback() != NULL)
- {
- hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
- hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
- hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
- hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
- }
- else if (CRYPTO_get_locking_callback() != NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING);
- ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
- goto err;
- }
- }
-
- /* Try and get a context - if not, we may have a DSO but no
- * accelerator! */
- if(!get_context(&hwcrhk_context, &password_context))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE);
- goto err;
- }
- /* Everything's fine. */
-#ifndef OPENSSL_NO_RSA
- if (hndidx_rsa == -1)
- hndidx_rsa = RSA_get_ex_new_index(0,
- "nFast HWCryptoHook RSA key handle",
- NULL, NULL, hwcrhk_ex_free);
-#endif
- return 1;
-err:
- if(hwcrhk_dso)
- DSO_free(hwcrhk_dso);
- hwcrhk_dso = NULL;
- p_hwcrhk_Init = NULL;
- p_hwcrhk_Finish = NULL;
- p_hwcrhk_ModExp = NULL;
-#ifndef OPENSSL_NO_RSA
- p_hwcrhk_RSA = NULL;
- p_hwcrhk_RSALoadKey = NULL;
- p_hwcrhk_RSAGetPublicKey = NULL;
- p_hwcrhk_RSAUnloadKey = NULL;
-#endif
- p_hwcrhk_ModExpCRT = NULL;
- p_hwcrhk_RandomBytes = NULL;
- return 0;
- }
-
-static int hwcrhk_finish(ENGINE *e)
- {
- int to_return = 1;
- free_HWCRHK_LIBNAME();
- if(hwcrhk_dso == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED);
- to_return = 0;
- goto err;
- }
- release_context(hwcrhk_context);
- if(!DSO_free(hwcrhk_dso))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE);
- to_return = 0;
- goto err;
- }
- err:
- if (logstream)
- BIO_free(logstream);
- hwcrhk_dso = NULL;
- p_hwcrhk_Init = NULL;
- p_hwcrhk_Finish = NULL;
- p_hwcrhk_ModExp = NULL;
-#ifndef OPENSSL_NO_RSA
- p_hwcrhk_RSA = NULL;
- p_hwcrhk_RSALoadKey = NULL;
- p_hwcrhk_RSAGetPublicKey = NULL;
- p_hwcrhk_RSAUnloadKey = NULL;
-#endif
- p_hwcrhk_ModExpCRT = NULL;
- p_hwcrhk_RandomBytes = NULL;
- return to_return;
- }
-
-static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int to_return = 1;
-
- switch(cmd)
- {
- case HWCRHK_CMD_SO_PATH:
- if(hwcrhk_dso)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED);
- return 0;
- }
- if(p == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- return set_HWCRHK_LIBNAME((const char *)p);
- case ENGINE_CTRL_SET_LOGSTREAM:
- {
- BIO *bio = (BIO *)p;
-
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if (logstream)
- {
- BIO_free(logstream);
- logstream = NULL;
- }
- if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
- logstream = bio;
- else
- HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED);
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- password_context.password_callback = (pem_password_cb *)f;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- case ENGINE_CTRL_SET_USER_INTERFACE:
- case HWCRHK_CMD_SET_USER_INTERFACE:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- password_context.ui_method = (UI_METHOD *)p;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- case ENGINE_CTRL_SET_CALLBACK_DATA:
- case HWCRHK_CMD_SET_CALLBACK_DATA:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- password_context.callback_data = p;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- /* this enables or disables the "SimpleForkCheck" flag used in the
- * initialisation structure. */
- case ENGINE_CTRL_CHIL_SET_FORKCHECK:
- case HWCRHK_CMD_FORK_CHECK:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if(i)
- hwcrhk_globals.flags |=
- HWCryptoHook_InitFlags_SimpleForkCheck;
- else
- hwcrhk_globals.flags &=
- ~HWCryptoHook_InitFlags_SimpleForkCheck;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- /* This will prevent the initialisation function from "installing"
- * the mutex-handling callbacks, even if they are available from
- * within the library (or were provided to the library from the
- * calling application). This is to remove any baggage for
- * applications not using multithreading. */
- case ENGINE_CTRL_CHIL_NO_LOCKING:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- disable_mutex_callbacks = 1;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- case HWCRHK_CMD_THREAD_LOCKING:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- disable_mutex_callbacks = ((i == 0) ? 0 : 1);
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
-
- /* The command isn't understood by this engine */
- default:
- HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
- HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- to_return = 0;
- break;
- }
-
- return to_return;
- }
-
-static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
-#ifndef OPENSSL_NO_RSA
- RSA *rtmp = NULL;
-#endif
- EVP_PKEY *res = NULL;
-#ifndef OPENSSL_NO_RSA
- HWCryptoHook_MPI e, n;
- HWCryptoHook_RSAKeyHandle *hptr;
-#endif
-#if !defined(OPENSSL_NO_RSA)
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
- HWCryptoHook_PassphraseContext ppctx;
-#endif
-
-#if !defined(OPENSSL_NO_RSA)
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-#endif
-
- if(!hwcrhk_context)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_NOT_INITIALISED);
- goto err;
- }
-#ifndef OPENSSL_NO_RSA
- hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
- if (!hptr)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
- ppctx.ui_method = ui_method;
- ppctx.callback_data = callback_data;
- if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
- &rmsg, &ppctx))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_CHIL_ERROR);
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- if (!*hptr)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_NO_KEY);
- goto err;
- }
-#endif
-#ifndef OPENSSL_NO_RSA
- rtmp = RSA_new_method(eng);
- RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
- rtmp->e = BN_new();
- rtmp->n = BN_new();
- rtmp->flags |= RSA_FLAG_EXT_PKEY;
- MPI2BN(rtmp->e, e);
- MPI2BN(rtmp->n, n);
- if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
- != HWCRYPTOHOOK_ERROR_MPISIZE)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,HWCRHK_R_CHIL_ERROR);
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
-
- bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
- bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
- MPI2BN(rtmp->e, e);
- MPI2BN(rtmp->n, n);
-
- if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_CHIL_ERROR);
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- rtmp->e->top = e.size / sizeof(BN_ULONG);
- bn_fix_top(rtmp->e);
- rtmp->n->top = n.size / sizeof(BN_ULONG);
- bn_fix_top(rtmp->n);
-
- res = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(res, rtmp);
-#endif
-
- if (!res)
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
- HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
-
- return res;
- err:
- if (res)
- EVP_PKEY_free(res);
-#ifndef OPENSSL_NO_RSA
- if (rtmp)
- RSA_free(rtmp);
-#endif
- return NULL;
- }
-
-static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
- {
- EVP_PKEY *res = NULL;
-
-#ifndef OPENSSL_NO_RSA
- res = hwcrhk_load_privkey(eng, key_id,
- ui_method, callback_data);
-#endif
-
- if (res)
- switch(res->type)
- {
-#ifndef OPENSSL_NO_RSA
- case EVP_PKEY_RSA:
- {
- RSA *rsa = NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
- rsa = res->pkey.rsa;
- res->pkey.rsa = RSA_new();
- res->pkey.rsa->n = rsa->n;
- res->pkey.rsa->e = rsa->e;
- rsa->n = NULL;
- rsa->e = NULL;
- CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
- RSA_free(rsa);
- }
- break;
-#endif
- default:
- HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
- HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- goto err;
- }
-
- return res;
- err:
- if (res)
- EVP_PKEY_free(res);
- return NULL;
- }
-
-/* A little mod_exp */
-static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
- /* Since HWCryptoHook_MPI is pretty compatible with BIGNUM's,
- we use them directly, plus a little macro magic. We only
- thing we need to make sure of is that enough space is allocated. */
- HWCryptoHook_MPI m_a, m_p, m_n, m_r;
- int to_return, ret;
-
- to_return = 0; /* expect failure */
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
- if(!hwcrhk_context)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
- goto err;
- }
- /* Prepare the params */
- bn_expand2(r, m->top); /* Check for error !! */
- BN2MPI(m_a, a);
- BN2MPI(m_p, p);
- BN2MPI(m_n, m);
- MPI2BN(r, m_r);
-
- /* Perform the operation */
- ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
-
- /* Convert the response */
- r->top = m_r.size / sizeof(BN_ULONG);
- bn_fix_top(r);
-
- if (ret < 0)
- {
- /* FIXME: When this error is returned, HWCryptoHook is
- telling us that falling back to software computation
- might be a good thing. */
- if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK);
- }
- else
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED);
- }
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
-
- to_return = 1;
-err:
- return to_return;
- }
-
-#ifndef OPENSSL_NO_RSA
-static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
- HWCryptoHook_RSAKeyHandle *hptr;
- int to_return = 0, ret;
-
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
- if(!hwcrhk_context)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
- goto err;
- }
-
- /* This provides support for nForce keys. Since that's opaque data
- all we do is provide a handle to the proper key and let HWCryptoHook
- take care of the rest. */
- if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
- != NULL)
- {
- HWCryptoHook_MPI m_a, m_r;
-
- if(!rsa->n)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- /* Prepare the params */
- bn_expand2(r, rsa->n->top); /* Check for error !! */
- BN2MPI(m_a, I);
- MPI2BN(r, m_r);
-
- /* Perform the operation */
- ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
-
- /* Convert the response */
- r->top = m_r.size / sizeof(BN_ULONG);
- bn_fix_top(r);
-
- if (ret < 0)
- {
- /* FIXME: When this error is returned, HWCryptoHook is
- telling us that falling back to software computation
- might be a good thing. */
- if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_REQUEST_FALLBACK);
- }
- else
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_REQUEST_FAILED);
- }
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- }
- else
- {
- HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
-
- if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- /* Prepare the params */
- bn_expand2(r, rsa->n->top); /* Check for error !! */
- BN2MPI(m_a, I);
- BN2MPI(m_p, rsa->p);
- BN2MPI(m_q, rsa->q);
- BN2MPI(m_dmp1, rsa->dmp1);
- BN2MPI(m_dmq1, rsa->dmq1);
- BN2MPI(m_iqmp, rsa->iqmp);
- MPI2BN(r, m_r);
-
- /* Perform the operation */
- ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
- m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
-
- /* Convert the response */
- r->top = m_r.size / sizeof(BN_ULONG);
- bn_fix_top(r);
-
- if (ret < 0)
- {
- /* FIXME: When this error is returned, HWCryptoHook is
- telling us that falling back to software computation
- might be a good thing. */
- if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_REQUEST_FALLBACK);
- }
- else
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
- HWCRHK_R_REQUEST_FAILED);
- }
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- }
- /* If we're here, we must be here with some semblance of success :-) */
- to_return = 1;
-err:
- return to_return;
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return hwcrhk_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return hwcrhk_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-/* Random bytes are good */
-static int hwcrhk_rand_bytes(unsigned char *buf, int num)
- {
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
- int to_return = 0; /* assume failure */
- int ret;
-
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
- if(!hwcrhk_context)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED);
- goto err;
- }
-
- ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
- if (ret < 0)
- {
- /* FIXME: When this error is returned, HWCryptoHook is
- telling us that falling back to software computation
- might be a good thing. */
- if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
- HWCRHK_R_REQUEST_FALLBACK);
- }
- else
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
- HWCRHK_R_REQUEST_FAILED);
- }
- ERR_add_error_data(1,rmsg.buf);
- goto err;
- }
- to_return = 1;
- err:
- return to_return;
- }
-
-static int hwcrhk_rand_status(void)
- {
- return 1;
- }
-
-/* This cleans up an RSA KM key, called when ex_data is freed */
-#ifndef OPENSSL_NO_RSA
-static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int ind,long argl, void *argp)
-{
- char tempbuf[1024];
- HWCryptoHook_ErrMsgBuf rmsg;
-#ifndef OPENSSL_NO_RSA
- HWCryptoHook_RSAKeyHandle *hptr;
-#endif
-#if !defined(OPENSSL_NO_RSA)
- int ret;
-#endif
-
- rmsg.buf = tempbuf;
- rmsg.size = sizeof(tempbuf);
-
-#ifndef OPENSSL_NO_RSA
- hptr = (HWCryptoHook_RSAKeyHandle *) item;
- if(hptr)
- {
- ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
- OPENSSL_free(hptr);
- }
-#endif
-}
-#endif
-
-/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
- * these just wrap the POSIX functions and add some logging.
- */
-
-static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt,
- HWCryptoHook_CallerContext *cactx)
- {
- mt->lockid = CRYPTO_get_new_dynlockid();
- if (mt->lockid == 0)
- return 1; /* failure */
- return 0; /* success */
- }
-
-static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt)
- {
- CRYPTO_w_lock(mt->lockid);
- return 0;
- }
-
-static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
- {
- CRYPTO_w_unlock(mt->lockid);
- }
-
-static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt)
- {
- CRYPTO_destroy_dynlockid(mt->lockid);
- }
-
-static int hwcrhk_get_pass(const char *prompt_info,
- int *len_io, char *buf,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx)
- {
- pem_password_cb *callback = NULL;
- void *callback_data = NULL;
- UI_METHOD *ui_method = NULL;
-
- if (cactx)
- {
- if (cactx->ui_method)
- ui_method = cactx->ui_method;
- if (cactx->password_callback)
- callback = cactx->password_callback;
- if (cactx->callback_data)
- callback_data = cactx->callback_data;
- }
- if (ppctx)
- {
- if (ppctx->ui_method)
- {
- ui_method = ppctx->ui_method;
- callback = NULL;
- }
- if (ppctx->callback_data)
- callback_data = ppctx->callback_data;
- }
- if (callback == NULL && ui_method == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK);
- return -1;
- }
-
- if (ui_method)
- {
- UI *ui = UI_new_method(ui_method);
- if (ui)
- {
- int ok;
- char *prompt = UI_construct_prompt(ui,
- "pass phrase", prompt_info);
-
- ok = UI_add_input_string(ui,prompt,
- UI_INPUT_FLAG_DEFAULT_PWD,
- buf,0,(*len_io) - 1);
- UI_add_user_data(ui, callback_data);
- UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
-
- if (ok >= 0)
- do
- {
- ok=UI_process(ui);
- }
- while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
-
- if (ok >= 0)
- *len_io = strlen(buf);
-
- UI_free(ui);
- OPENSSL_free(prompt);
- }
- }
- else
- {
- *len_io = callback(buf, *len_io, 0, callback_data);
- }
- if(!*len_io)
- return -1;
- return 0;
- }
-
-static int hwcrhk_insert_card(const char *prompt_info,
- const char *wrong_info,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx)
- {
- int ok = -1;
- UI *ui;
- void *callback_data = NULL;
- UI_METHOD *ui_method = NULL;
-
- if (cactx)
- {
- if (cactx->ui_method)
- ui_method = cactx->ui_method;
- if (cactx->callback_data)
- callback_data = cactx->callback_data;
- }
- if (ppctx)
- {
- if (ppctx->ui_method)
- ui_method = ppctx->ui_method;
- if (ppctx->callback_data)
- callback_data = ppctx->callback_data;
- }
- if (ui_method == NULL)
- {
- HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD,
- HWCRHK_R_NO_CALLBACK);
- return -1;
- }
-
- ui = UI_new_method(ui_method);
-
- if (ui)
- {
- char answer;
- char buf[BUFSIZ];
-
- if (wrong_info)
- BIO_snprintf(buf, sizeof(buf)-1,
- "Current card: \"%s\"\n", wrong_info);
- ok = UI_dup_info_string(ui, buf);
- if (ok >= 0 && prompt_info)
- {
- BIO_snprintf(buf, sizeof(buf)-1,
- "Insert card \"%s\"", prompt_info);
- ok = UI_dup_input_boolean(ui, buf,
- "\n then hit <enter> or C<enter> to cancel\n",
- "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer);
- }
- UI_add_user_data(ui, callback_data);
-
- if (ok >= 0)
- ok = UI_process(ui);
- UI_free(ui);
-
- if (ok == -2 || (ok >= 0 && answer == 'C'))
- ok = 1;
- else if (ok < 0)
- ok = -1;
- else
- ok = 0;
- }
- return ok;
- }
-
-static void hwcrhk_log_message(void *logstr, const char *message)
- {
- BIO *lstream = NULL;
-
- CRYPTO_w_lock(CRYPTO_LOCK_BIO);
- if (logstr)
- lstream=*(BIO **)logstr;
- if (lstream)
- {
- BIO_printf(lstream, "%s\n", message);
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
- }
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_hwcrhk_id) != 0) &&
- (strcmp(id, engine_hwcrhk_id_alt) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif /* !OPENSSL_NO_HW_CHIL */
-#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/engines/e_chil.ec b/crypto/openssl/engines/e_chil.ec
deleted file mode 100644
index b5a76e1..0000000
--- a/crypto/openssl/engines/e_chil.ec
+++ /dev/null
@@ -1 +0,0 @@
-L HWCRHK e_chil_err.h e_chil_err.c
diff --git a/crypto/openssl/engines/e_chil_err.c b/crypto/openssl/engines/e_chil_err.c
deleted file mode 100644
index 3fec95a..0000000
--- a/crypto/openssl/engines/e_chil_err.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/* e_chil_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_chil_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA HWCRHK_str_functs[]=
- {
-{ERR_FUNC(HWCRHK_F_HWCRHK_CTRL), "HWCRHK_CTRL"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_FINISH), "HWCRHK_FINISH"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_GET_PASS), "HWCRHK_GET_PASS"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_INIT), "HWCRHK_INIT"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_INSERT_CARD), "HWCRHK_INSERT_CARD"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PRIVKEY), "HWCRHK_LOAD_PRIVKEY"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_LOAD_PUBKEY), "HWCRHK_LOAD_PUBKEY"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_MOD_EXP), "HWCRHK_MOD_EXP"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_RAND_BYTES), "HWCRHK_RAND_BYTES"},
-{ERR_FUNC(HWCRHK_F_HWCRHK_RSA_MOD_EXP), "HWCRHK_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA HWCRHK_str_reasons[]=
- {
-{ERR_REASON(HWCRHK_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(HWCRHK_R_BIO_WAS_FREED) ,"bio was freed"},
-{ERR_REASON(HWCRHK_R_CHIL_ERROR) ,"chil error"},
-{ERR_REASON(HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(HWCRHK_R_DSO_FAILURE) ,"dso failure"},
-{ERR_REASON(HWCRHK_R_LOCKING_MISSING) ,"locking missing"},
-{ERR_REASON(HWCRHK_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(HWCRHK_R_NOT_INITIALISED) ,"not initialised"},
-{ERR_REASON(HWCRHK_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(HWCRHK_R_NO_CALLBACK) ,"no callback"},
-{ERR_REASON(HWCRHK_R_NO_KEY) ,"no key"},
-{ERR_REASON(HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED),"private key algorithms disabled"},
-{ERR_REASON(HWCRHK_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(HWCRHK_R_REQUEST_FALLBACK) ,"request fallback"},
-{ERR_REASON(HWCRHK_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef HWCRHK_LIB_NAME
-static ERR_STRING_DATA HWCRHK_lib_name[]=
- {
-{0 ,HWCRHK_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int HWCRHK_lib_error_code=0;
-static int HWCRHK_error_init=1;
-
-static void ERR_load_HWCRHK_strings(void)
- {
- if (HWCRHK_lib_error_code == 0)
- HWCRHK_lib_error_code=ERR_get_next_error_library();
-
- if (HWCRHK_error_init)
- {
- HWCRHK_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
- ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
-#endif
-
-#ifdef HWCRHK_LIB_NAME
- HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code,0,0);
- ERR_load_strings(0,HWCRHK_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_HWCRHK_strings(void)
- {
- if (HWCRHK_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
- ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
-#endif
-
-#ifdef HWCRHK_LIB_NAME
- ERR_unload_strings(0,HWCRHK_lib_name);
-#endif
- HWCRHK_error_init=1;
- }
- }
-
-static void ERR_HWCRHK_error(int function, int reason, char *file, int line)
- {
- if (HWCRHK_lib_error_code == 0)
- HWCRHK_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(HWCRHK_lib_error_code,function,reason,file,line);
- }
diff --git a/crypto/openssl/engines/e_chil_err.h b/crypto/openssl/engines/e_chil_err.h
deleted file mode 100644
index 482086e..0000000
--- a/crypto/openssl/engines/e_chil_err.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_HWCRHK_ERR_H
-#define HEADER_HWCRHK_ERR_H
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_HWCRHK_strings(void);
-static void ERR_unload_HWCRHK_strings(void);
-static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
-#define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the HWCRHK functions. */
-
-/* Function codes. */
-#define HWCRHK_F_HWCRHK_CTRL 100
-#define HWCRHK_F_HWCRHK_FINISH 101
-#define HWCRHK_F_HWCRHK_GET_PASS 102
-#define HWCRHK_F_HWCRHK_INIT 103
-#define HWCRHK_F_HWCRHK_INSERT_CARD 104
-#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY 105
-#define HWCRHK_F_HWCRHK_LOAD_PUBKEY 106
-#define HWCRHK_F_HWCRHK_MOD_EXP 107
-#define HWCRHK_F_HWCRHK_RAND_BYTES 108
-#define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109
-
-/* Reason codes. */
-#define HWCRHK_R_ALREADY_LOADED 100
-#define HWCRHK_R_BIO_WAS_FREED 101
-#define HWCRHK_R_CHIL_ERROR 102
-#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103
-#define HWCRHK_R_DSO_FAILURE 104
-#define HWCRHK_R_LOCKING_MISSING 114
-#define HWCRHK_R_MISSING_KEY_COMPONENTS 105
-#define HWCRHK_R_NOT_INITIALISED 106
-#define HWCRHK_R_NOT_LOADED 107
-#define HWCRHK_R_NO_CALLBACK 108
-#define HWCRHK_R_NO_KEY 109
-#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED 110
-#define HWCRHK_R_REQUEST_FAILED 111
-#define HWCRHK_R_REQUEST_FALLBACK 112
-#define HWCRHK_R_UNIT_FAILURE 113
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/engines/e_cswift.c b/crypto/openssl/engines/e_cswift.c
deleted file mode 100644
index bc65179..0000000
--- a/crypto/openssl/engines/e_cswift.c
+++ /dev/null
@@ -1,1131 +0,0 @@
-/* crypto/engine/hw_cswift.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/rand.h>
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_CSWIFT
-
-/* Attribution notice: Rainbow have generously allowed me to reproduce
- * the necessary definitions here from their API. This means the support
- * can build independently of whether application builders have the
- * API or hardware. This will allow developers to easily produce software
- * that has latent hardware support for any users that have accelerators
- * installed, without the developers themselves needing anything extra.
- *
- * I have only clipped the parts from the CryptoSwift header files that
- * are (or seem) relevant to the CryptoSwift support code. This is
- * simply to keep the file sizes reasonable.
- * [Geoff]
- */
-#ifdef FLAT_INC
-#include "cswift.h"
-#else
-#include "vendor_defns/cswift.h"
-#endif
-
-#define CSWIFT_LIB_NAME "cswift engine"
-#include "e_cswift_err.c"
-
-#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1)
-
-static int cswift_destroy(ENGINE *e);
-static int cswift_init(ENGINE *e);
-static int cswift_finish(ENGINE *e);
-static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-#ifndef OPENSSL_NO_RSA
-static int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in);
-#endif
-
-/* BIGNUM stuff */
-static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
-static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
- const BIGNUM *iqmp, BN_CTX *ctx);
-#endif
-
-#ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* DSA stuff */
-static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* DH stuff */
-/* This function is alised to mod_exp (with the DH and mont dropped). */
-static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#endif
-
-/* RAND stuff */
-static int cswift_rand_bytes(unsigned char *buf, int num);
-static int cswift_rand_status(void);
-
-/* The definitions for control commands specific to this engine */
-#define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
- {CSWIFT_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'cswift' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD cswift_rsa =
- {
- "CryptoSwift RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- cswift_rsa_mod_exp,
- cswift_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD cswift_dsa =
- {
- "CryptoSwift DSA method",
- cswift_dsa_sign,
- NULL, /* dsa_sign_setup */
- cswift_dsa_verify,
- NULL, /* dsa_mod_exp */
- NULL, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD cswift_dh =
- {
- "CryptoSwift DH method",
- NULL,
- NULL,
- cswift_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
-
-static RAND_METHOD cswift_random =
- {
- /* "CryptoSwift RAND method", */
- NULL,
- cswift_rand_bytes,
- NULL,
- NULL,
- cswift_rand_bytes,
- cswift_rand_status,
- };
-
-
-/* Constants used when creating the ENGINE */
-static const char *engine_cswift_id = "cswift";
-static const char *engine_cswift_name = "CryptoSwift hardware engine support";
-
-/* This internal function is used by ENGINE_cswift() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth2;
-#endif
- if(!ENGINE_set_id(e, engine_cswift_id) ||
- !ENGINE_set_name(e, engine_cswift_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &cswift_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &cswift_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &cswift_dh) ||
-#endif
- !ENGINE_set_RAND(e, &cswift_random) ||
- !ENGINE_set_destroy_function(e, cswift_destroy) ||
- !ENGINE_set_init_function(e, cswift_init) ||
- !ENGINE_set_finish_function(e, cswift_finish) ||
- !ENGINE_set_ctrl_function(e, cswift_ctrl) ||
- !ENGINE_set_cmd_defns(e, cswift_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the cswift-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth2 = DH_OpenSSL();
- cswift_dh.generate_key = meth2->generate_key;
- cswift_dh.compute_key = meth2->compute_key;
-#endif
-
- /* Ensure the cswift error handling is set up */
- ERR_load_CSWIFT_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_cswift(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_cswift(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_cswift();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This is a process-global DSO handle used for loading and unloading
- * the CryptoSwift library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-static DSO *cswift_dso = NULL;
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
-t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
-t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
-t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
-
-/* Used in the DSO operations. */
-static const char *CSWIFT_LIBNAME = NULL;
-static const char *get_CSWIFT_LIBNAME(void)
- {
- if(CSWIFT_LIBNAME)
- return CSWIFT_LIBNAME;
- return "swift";
- }
-static void free_CSWIFT_LIBNAME(void)
- {
- if(CSWIFT_LIBNAME)
- OPENSSL_free((void*)CSWIFT_LIBNAME);
- CSWIFT_LIBNAME = NULL;
- }
-static long set_CSWIFT_LIBNAME(const char *name)
- {
- free_CSWIFT_LIBNAME();
- return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
-static const char *CSWIFT_F1 = "swAcquireAccContext";
-static const char *CSWIFT_F2 = "swAttachKeyParam";
-static const char *CSWIFT_F3 = "swSimpleRequest";
-static const char *CSWIFT_F4 = "swReleaseAccContext";
-
-
-/* CryptoSwift library functions and mechanics - these are used by the
- * higher-level functions further down. NB: As and where there's no
- * error checking, take a look lower down where these functions are
- * called, the checking and error handling is probably down there. */
-
-/* utility function to obtain a context */
-static int get_context(SW_CONTEXT_HANDLE *hac)
- {
- SW_STATUS status;
-
- status = p_CSwift_AcquireAccContext(hac);
- if(status != SW_OK)
- return 0;
- return 1;
- }
-
-/* similarly to release one. */
-static void release_context(SW_CONTEXT_HANDLE hac)
- {
- p_CSwift_ReleaseAccContext(hac);
- }
-
-/* Destructor (complements the "ENGINE_cswift()" constructor) */
-static int cswift_destroy(ENGINE *e)
- {
- free_CSWIFT_LIBNAME();
- ERR_unload_CSWIFT_strings();
- return 1;
- }
-
-/* (de)initialisation functions. */
-static int cswift_init(ENGINE *e)
- {
- SW_CONTEXT_HANDLE hac;
- t_swAcquireAccContext *p1;
- t_swAttachKeyParam *p2;
- t_swSimpleRequest *p3;
- t_swReleaseAccContext *p4;
-
- if(cswift_dso != NULL)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libswift.so/swift.dll/whatever. */
- cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
- if(cswift_dso == NULL)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
- goto err;
- }
- if(!(p1 = (t_swAcquireAccContext *)
- DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
- !(p2 = (t_swAttachKeyParam *)
- DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
- !(p3 = (t_swSimpleRequest *)
- DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
- !(p4 = (t_swReleaseAccContext *)
- DSO_bind_func(cswift_dso, CSWIFT_F4)))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
- goto err;
- }
- /* Copy the pointers */
- p_CSwift_AcquireAccContext = p1;
- p_CSwift_AttachKeyParam = p2;
- p_CSwift_SimpleRequest = p3;
- p_CSwift_ReleaseAccContext = p4;
- /* Try and get a context - if not, we may have a DSO but no
- * accelerator! */
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- release_context(hac);
- /* Everything's fine. */
- return 1;
-err:
- if(cswift_dso)
- {
- DSO_free(cswift_dso);
- cswift_dso = NULL;
- }
- p_CSwift_AcquireAccContext = NULL;
- p_CSwift_AttachKeyParam = NULL;
- p_CSwift_SimpleRequest = NULL;
- p_CSwift_ReleaseAccContext = NULL;
- return 0;
- }
-
-static int cswift_finish(ENGINE *e)
- {
- free_CSWIFT_LIBNAME();
- if(cswift_dso == NULL)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(cswift_dso))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE);
- return 0;
- }
- cswift_dso = NULL;
- p_CSwift_AcquireAccContext = NULL;
- p_CSwift_AttachKeyParam = NULL;
- p_CSwift_SimpleRequest = NULL;
- p_CSwift_ReleaseAccContext = NULL;
- return 1;
- }
-
-static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((cswift_dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case CSWIFT_CMD_SO_PATH:
- if(p == NULL)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED);
- return 0;
- }
- return set_CSWIFT_LIBNAME((const char *)p);
- default:
- break;
- }
- CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-/* Un petit mod_exp */
-static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- /* I need somewhere to store temporary serialised values for
- * use with the CryptoSwift API calls. A neat cheat - I'll use
- * BIGNUMs from the BN_CTX but access their arrays directly as
- * byte arrays <grin>. This way I don't have to clean anything
- * up. */
- BIGNUM *modulus;
- BIGNUM *exponent;
- BIGNUM *argument;
- BIGNUM *result;
- SW_STATUS sw_status;
- SW_LARGENUMBER arg, res;
- SW_PARAM sw_param;
- SW_CONTEXT_HANDLE hac;
- int to_return, acquired;
-
- modulus = exponent = argument = result = NULL;
- to_return = 0; /* expect failure */
- acquired = 0;
-
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
- /* Prepare the params */
- BN_CTX_start(ctx);
- modulus = BN_CTX_get(ctx);
- exponent = BN_CTX_get(ctx);
- argument = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- if(!result)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);
- goto err;
- }
- if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
- !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- sw_param.type = SW_ALG_EXP;
- sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
- (unsigned char *)modulus->d);
- sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
- sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
- (unsigned char *)exponent->d);
- sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
- /* Attach the key params */
- sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
- switch(sw_status)
- {
- case SW_OK:
- break;
- case SW_ERR_INPUT_SIZE:
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);
- goto err;
- default:
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- }
- goto err;
- }
- /* Prepare the argument and response */
- arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
- arg.value = (unsigned char *)argument->d;
- res.nbytes = BN_num_bytes(m);
- memset(result->d, 0, res.nbytes);
- res.value = (unsigned char *)result->d;
- /* Perform the operation */
- if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
- &res, 1)) != SW_OK)
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- goto err;
- }
- /* Convert the response */
- BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
- to_return = 1;
-err:
- if(acquired)
- release_context(hac);
- BN_CTX_end(ctx);
- return to_return;
- }
-
-
-#ifndef OPENSSL_NO_RSA
-int cswift_bn_32copy(SW_LARGENUMBER * out, const BIGNUM * in)
-{
- int mod;
- int numbytes = BN_num_bytes(in);
-
- mod = 0;
- while( ((out->nbytes = (numbytes+mod)) % 32) )
- {
- mod++;
- }
- out->value = (unsigned char*)OPENSSL_malloc(out->nbytes);
- if(!out->value)
- {
- return 0;
- }
- BN_bn2bin(in, &out->value[mod]);
- if(mod)
- memset(out->value, 0, mod);
-
- return 1;
-}
-#endif
-
-#ifndef OPENSSL_NO_RSA
-/* Un petit mod_exp chinois */
-static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dmp1,
- const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
- {
- SW_STATUS sw_status;
- SW_LARGENUMBER arg, res;
- SW_PARAM sw_param;
- SW_CONTEXT_HANDLE hac;
- BIGNUM *result = NULL;
- BIGNUM *argument = NULL;
- int to_return = 0; /* expect failure */
- int acquired = 0;
-
- sw_param.up.crt.p.value = NULL;
- sw_param.up.crt.q.value = NULL;
- sw_param.up.crt.dmp1.value = NULL;
- sw_param.up.crt.dmq1.value = NULL;
- sw_param.up.crt.iqmp.value = NULL;
-
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
-
- /* Prepare the params */
- argument = BN_new();
- result = BN_new();
- if(!result || !argument)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
- goto err;
- }
-
-
- sw_param.type = SW_ALG_CRT;
- /************************************************************************/
- /* 04/02/2003 */
- /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
- /* limitation of cswift with values not a multiple of 32 */
- /************************************************************************/
- if(!cswift_bn_32copy(&sw_param.up.crt.p, p))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if(!cswift_bn_32copy(&sw_param.up.crt.q, q))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if(!cswift_bn_32copy(&sw_param.up.crt.dmp1, dmp1))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if(!cswift_bn_32copy(&sw_param.up.crt.dmq1, dmq1))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if(!cswift_bn_32copy(&sw_param.up.crt.iqmp, iqmp))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- if( !bn_wexpand(argument, a->top) ||
- !bn_wexpand(result, p->top + q->top))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- /* Attach the key params */
- sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
- switch(sw_status)
- {
- case SW_OK:
- break;
- case SW_ERR_INPUT_SIZE:
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);
- goto err;
- default:
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- }
- goto err;
- }
- /* Prepare the argument and response */
- arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
- arg.value = (unsigned char *)argument->d;
- res.nbytes = 2 * BN_num_bytes(p);
- memset(result->d, 0, res.nbytes);
- res.value = (unsigned char *)result->d;
- /* Perform the operation */
- if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
- &res, 1)) != SW_OK)
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- goto err;
- }
- /* Convert the response */
- BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
- to_return = 1;
-err:
- if(sw_param.up.crt.p.value)
- OPENSSL_free(sw_param.up.crt.p.value);
- if(sw_param.up.crt.q.value)
- OPENSSL_free(sw_param.up.crt.q.value);
- if(sw_param.up.crt.dmp1.value)
- OPENSSL_free(sw_param.up.crt.dmp1.value);
- if(sw_param.up.crt.dmq1.value)
- OPENSSL_free(sw_param.up.crt.dmq1.value);
- if(sw_param.up.crt.iqmp.value)
- OPENSSL_free(sw_param.up.crt.iqmp.value);
- if(result)
- BN_free(result);
- if(argument)
- BN_free(argument);
- if(acquired)
- release_context(hac);
- return to_return;
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
-static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- int to_return = 0;
- const RSA_METHOD * def_rsa_method;
-
- if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- /* Try the limits of RSA (2048 bits) */
- if(BN_num_bytes(rsa->p) > 128 ||
- BN_num_bytes(rsa->q) > 128 ||
- BN_num_bytes(rsa->dmp1) > 128 ||
- BN_num_bytes(rsa->dmq1) > 128 ||
- BN_num_bytes(rsa->iqmp) > 128)
- {
-#ifdef RSA_NULL
- def_rsa_method=RSA_null_method();
-#else
-#if 0
- def_rsa_method=RSA_PKCS1_RSAref();
-#else
- def_rsa_method=RSA_PKCS1_SSLeay();
-#endif
-#endif
- if(def_rsa_method)
- return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx);
- }
-
- to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
- rsa->dmq1, rsa->iqmp, ctx);
-err:
- return to_return;
- }
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- const RSA_METHOD * def_rsa_method;
-
- /* Try the limits of RSA (2048 bits) */
- if(BN_num_bytes(r) > 256 ||
- BN_num_bytes(a) > 256 ||
- BN_num_bytes(m) > 256)
- {
-#ifdef RSA_NULL
- def_rsa_method=RSA_null_method();
-#else
-#if 0
- def_rsa_method=RSA_PKCS1_RSAref();
-#else
- def_rsa_method=RSA_PKCS1_SSLeay();
-#endif
-#endif
- if(def_rsa_method)
- return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
- }
-
- return cswift_mod_exp(r, a, p, m, ctx);
- }
-#endif /* OPENSSL_NO_RSA */
-
-#ifndef OPENSSL_NO_DSA
-static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
- SW_CONTEXT_HANDLE hac;
- SW_PARAM sw_param;
- SW_STATUS sw_status;
- SW_LARGENUMBER arg, res;
- unsigned char *ptr;
- BN_CTX *ctx;
- BIGNUM *dsa_p = NULL;
- BIGNUM *dsa_q = NULL;
- BIGNUM *dsa_g = NULL;
- BIGNUM *dsa_key = NULL;
- BIGNUM *result = NULL;
- DSA_SIG *to_return = NULL;
- int acquired = 0;
-
- if((ctx = BN_CTX_new()) == NULL)
- goto err;
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
- /* Prepare the params */
- BN_CTX_start(ctx);
- dsa_p = BN_CTX_get(ctx);
- dsa_q = BN_CTX_get(ctx);
- dsa_g = BN_CTX_get(ctx);
- dsa_key = BN_CTX_get(ctx);
- result = BN_CTX_get(ctx);
- if(!result)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);
- goto err;
- }
- if(!bn_wexpand(dsa_p, dsa->p->top) ||
- !bn_wexpand(dsa_q, dsa->q->top) ||
- !bn_wexpand(dsa_g, dsa->g->top) ||
- !bn_wexpand(dsa_key, dsa->priv_key->top) ||
- !bn_wexpand(result, dsa->p->top))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- sw_param.type = SW_ALG_DSA;
- sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
- (unsigned char *)dsa_p->d);
- sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
- sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
- (unsigned char *)dsa_q->d);
- sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
- sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
- (unsigned char *)dsa_g->d);
- sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
- sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
- (unsigned char *)dsa_key->d);
- sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
- /* Attach the key params */
- sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
- switch(sw_status)
- {
- case SW_OK:
- break;
- case SW_ERR_INPUT_SIZE:
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);
- goto err;
- default:
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- }
- goto err;
- }
- /* Prepare the argument and response */
- arg.nbytes = dlen;
- arg.value = (unsigned char *)dgst;
- res.nbytes = BN_num_bytes(dsa->p);
- memset(result->d, 0, res.nbytes);
- res.value = (unsigned char *)result->d;
- /* Perform the operation */
- sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
- &res, 1);
- if(sw_status != SW_OK)
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- goto err;
- }
- /* Convert the response */
- ptr = (unsigned char *)result->d;
- if((to_return = DSA_SIG_new()) == NULL)
- goto err;
- to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
- to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
-
-err:
- if(acquired)
- release_context(hac);
- if(ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return to_return;
- }
-
-static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa)
- {
- SW_CONTEXT_HANDLE hac;
- SW_PARAM sw_param;
- SW_STATUS sw_status;
- SW_LARGENUMBER arg[2], res;
- unsigned long sig_result;
- BN_CTX *ctx;
- BIGNUM *dsa_p = NULL;
- BIGNUM *dsa_q = NULL;
- BIGNUM *dsa_g = NULL;
- BIGNUM *dsa_key = NULL;
- BIGNUM *argument = NULL;
- int to_return = -1;
- int acquired = 0;
-
- if((ctx = BN_CTX_new()) == NULL)
- goto err;
- if(!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
- /* Prepare the params */
- BN_CTX_start(ctx);
- dsa_p = BN_CTX_get(ctx);
- dsa_q = BN_CTX_get(ctx);
- dsa_g = BN_CTX_get(ctx);
- dsa_key = BN_CTX_get(ctx);
- argument = BN_CTX_get(ctx);
- if(!argument)
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);
- goto err;
- }
- if(!bn_wexpand(dsa_p, dsa->p->top) ||
- !bn_wexpand(dsa_q, dsa->q->top) ||
- !bn_wexpand(dsa_g, dsa->g->top) ||
- !bn_wexpand(dsa_key, dsa->pub_key->top) ||
- !bn_wexpand(argument, 40))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);
- goto err;
- }
- sw_param.type = SW_ALG_DSA;
- sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
- (unsigned char *)dsa_p->d);
- sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
- sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
- (unsigned char *)dsa_q->d);
- sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
- sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
- (unsigned char *)dsa_g->d);
- sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
- sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
- (unsigned char *)dsa_key->d);
- sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
- /* Attach the key params */
- sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
- switch(sw_status)
- {
- case SW_OK:
- break;
- case SW_ERR_INPUT_SIZE:
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);
- goto err;
- default:
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- }
- goto err;
- }
- /* Prepare the argument and response */
- arg[0].nbytes = dgst_len;
- arg[0].value = (unsigned char *)dgst;
- arg[1].nbytes = 40;
- arg[1].value = (unsigned char *)argument->d;
- memset(arg[1].value, 0, 40);
- BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
- BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
- res.nbytes = 4; /* unsigned long */
- res.value = (unsigned char *)(&sig_result);
- /* Perform the operation */
- sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
- &res, 1);
- if(sw_status != SW_OK)
- {
- char tmpbuf[DECIMAL_SIZE(sw_status)+1];
- CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", sw_status);
- ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
- goto err;
- }
- /* Convert the response */
- to_return = ((sig_result == 0) ? 0 : 1);
-
-err:
- if(acquired)
- release_context(hac);
- if(ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- return to_return;
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return cswift_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-/* Random bytes are good */
-static int cswift_rand_bytes(unsigned char *buf, int num)
-{
- SW_CONTEXT_HANDLE hac;
- SW_STATUS swrc;
- SW_LARGENUMBER largenum;
- int acquired = 0;
- int to_return = 0; /* assume failure */
- unsigned char buf32[1024];
-
-
- if (!get_context(&hac))
- {
- CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_UNIT_FAILURE);
- goto err;
- }
- acquired = 1;
-
- /************************************************************************/
- /* 04/02/2003 */
- /* Modified by Frederic Giudicelli (deny-all.com) to overcome the */
- /* limitation of cswift with values not a multiple of 32 */
- /************************************************************************/
-
- while(num >= (int)sizeof(buf32))
- {
- largenum.value = buf;
- largenum.nbytes = sizeof(buf32);
- /* tell CryptoSwift how many bytes we want and where we want it.
- * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
- * - CryptoSwift can only do multiple of 32-bits. */
- swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
- if (swrc != SW_OK)
- {
- char tmpbuf[20];
- CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", swrc);
- ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
- goto err;
- }
- buf += sizeof(buf32);
- num -= sizeof(buf32);
- }
- if(num)
- {
- largenum.nbytes = sizeof(buf32);
- largenum.value = buf32;
- swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
- if (swrc != SW_OK)
- {
- char tmpbuf[20];
- CSWIFTerr(CSWIFT_F_CSWIFT_RAND_BYTES, CSWIFT_R_REQUEST_FAILED);
- sprintf(tmpbuf, "%ld", swrc);
- ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
- goto err;
- }
- memcpy(buf, largenum.value, num);
- }
-
- to_return = 1; /* success */
-err:
- if (acquired)
- release_context(hac);
-
- return to_return;
-}
-
-static int cswift_rand_status(void)
-{
- return 1;
-}
-
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_cswift_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif /* !OPENSSL_NO_HW_CSWIFT */
-#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/engines/e_cswift.ec b/crypto/openssl/engines/e_cswift.ec
deleted file mode 100644
index a7f9d11..0000000
--- a/crypto/openssl/engines/e_cswift.ec
+++ /dev/null
@@ -1 +0,0 @@
-L CSWIFT e_cswift_err.h e_cswift_err.c
diff --git a/crypto/openssl/engines/e_cswift_err.c b/crypto/openssl/engines/e_cswift_err.c
deleted file mode 100644
index c7942a3..0000000
--- a/crypto/openssl/engines/e_cswift_err.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/* e_cswift_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_cswift_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA CSWIFT_str_functs[]=
- {
-{ERR_FUNC(CSWIFT_F_CSWIFT_CTRL), "CSWIFT_CTRL"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_DSA_SIGN), "CSWIFT_DSA_SIGN"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_DSA_VERIFY), "CSWIFT_DSA_VERIFY"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_FINISH), "CSWIFT_FINISH"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_INIT), "CSWIFT_INIT"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP), "CSWIFT_MOD_EXP"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_MOD_EXP_CRT), "CSWIFT_MOD_EXP_CRT"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_RAND_BYTES), "CSWIFT_RAND_BYTES"},
-{ERR_FUNC(CSWIFT_F_CSWIFT_RSA_MOD_EXP), "CSWIFT_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA CSWIFT_str_reasons[]=
- {
-{ERR_REASON(CSWIFT_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(CSWIFT_R_BAD_KEY_SIZE) ,"bad key size"},
-{ERR_REASON(CSWIFT_R_BN_CTX_FULL) ,"bn ctx full"},
-{ERR_REASON(CSWIFT_R_BN_EXPAND_FAIL) ,"bn expand fail"},
-{ERR_REASON(CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(CSWIFT_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(CSWIFT_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(CSWIFT_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(CSWIFT_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef CSWIFT_LIB_NAME
-static ERR_STRING_DATA CSWIFT_lib_name[]=
- {
-{0 ,CSWIFT_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int CSWIFT_lib_error_code=0;
-static int CSWIFT_error_init=1;
-
-static void ERR_load_CSWIFT_strings(void)
- {
- if (CSWIFT_lib_error_code == 0)
- CSWIFT_lib_error_code=ERR_get_next_error_library();
-
- if (CSWIFT_error_init)
- {
- CSWIFT_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
- ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
-#endif
-
-#ifdef CSWIFT_LIB_NAME
- CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code,0,0);
- ERR_load_strings(0,CSWIFT_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_CSWIFT_strings(void)
- {
- if (CSWIFT_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
- ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
-#endif
-
-#ifdef CSWIFT_LIB_NAME
- ERR_unload_strings(0,CSWIFT_lib_name);
-#endif
- CSWIFT_error_init=1;
- }
- }
-
-static void ERR_CSWIFT_error(int function, int reason, char *file, int line)
- {
- if (CSWIFT_lib_error_code == 0)
- CSWIFT_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(CSWIFT_lib_error_code,function,reason,file,line);
- }
diff --git a/crypto/openssl/engines/e_cswift_err.h b/crypto/openssl/engines/e_cswift_err.h
deleted file mode 100644
index 9072cbe..0000000
--- a/crypto/openssl/engines/e_cswift_err.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_CSWIFT_ERR_H
-#define HEADER_CSWIFT_ERR_H
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_CSWIFT_strings(void);
-static void ERR_unload_CSWIFT_strings(void);
-static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
-#define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the CSWIFT functions. */
-
-/* Function codes. */
-#define CSWIFT_F_CSWIFT_CTRL 100
-#define CSWIFT_F_CSWIFT_DSA_SIGN 101
-#define CSWIFT_F_CSWIFT_DSA_VERIFY 102
-#define CSWIFT_F_CSWIFT_FINISH 103
-#define CSWIFT_F_CSWIFT_INIT 104
-#define CSWIFT_F_CSWIFT_MOD_EXP 105
-#define CSWIFT_F_CSWIFT_MOD_EXP_CRT 106
-#define CSWIFT_F_CSWIFT_RAND_BYTES 108
-#define CSWIFT_F_CSWIFT_RSA_MOD_EXP 107
-
-/* Reason codes. */
-#define CSWIFT_R_ALREADY_LOADED 100
-#define CSWIFT_R_BAD_KEY_SIZE 101
-#define CSWIFT_R_BN_CTX_FULL 102
-#define CSWIFT_R_BN_EXPAND_FAIL 103
-#define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED 104
-#define CSWIFT_R_MISSING_KEY_COMPONENTS 105
-#define CSWIFT_R_NOT_LOADED 106
-#define CSWIFT_R_REQUEST_FAILED 107
-#define CSWIFT_R_UNIT_FAILURE 108
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/engines/e_gmp.c b/crypto/openssl/engines/e_gmp.c
deleted file mode 100644
index 39da65f..0000000
--- a/crypto/openssl/engines/e_gmp.c
+++ /dev/null
@@ -1,435 +0,0 @@
-/* crypto/engine/e_gmp.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2003.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* This engine is not (currently) compiled in by default. Do enable it,
- * reconfigure OpenSSL with "-DOPENSSL_USE_GMP -lgmp". The GMP libraries and
- * headers must reside in one of the paths searched by the compiler/linker,
- * otherwise paths must be specified - eg. try configuring with
- * "-DOPENSSL_USE_GMP -I<includepath> -L<libpath> -lgmp". YMMV. */
-
-/* As for what this does - it's a largely unoptimised implementation of an
- * ENGINE that uses the GMP library to perform RSA private key operations. To
- * obtain more information about what "unoptimised" means, see my original mail
- * on the subject (though ignore the build instructions which have since
- * changed);
- *
- * http://www.mail-archive.com/openssl-dev@openssl.org/msg12227.html
- *
- * On my athlon system at least, it appears the builtin OpenSSL code is now
- * slightly faster, which is to say that the RSA-related MPI performance
- * between OpenSSL's BIGNUM and GMP's mpz implementations is probably pretty
- * balanced for this chip, and so the performance degradation in this ENGINE by
- * having to convert to/from GMP formats (and not being able to cache
- * montgomery forms) is probably the difference. However, if some unconfirmed
- * reports from users is anything to go by, the situation on some other
- * chipsets might be a good deal more favourable to the GMP version (eg. PPC).
- * Feedback welcome. */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/engine.h>
-
-#ifndef OPENSSL_NO_HW
-#if defined(OPENSSL_USE_GMP) && !defined(OPENSSL_NO_HW_GMP)
-
-#include <gmp.h>
-
-#define E_GMP_LIB_NAME "gmp engine"
-#include "e_gmp_err.c"
-
-static int e_gmp_destroy(ENGINE *e);
-static int e_gmp_init(ENGINE *e);
-static int e_gmp_finish(ENGINE *e);
-static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-
-#ifndef OPENSSL_NO_RSA
-/* RSA stuff */
-static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-static int e_gmp_rsa_finish(RSA *r);
-#endif
-
-/* The definitions for control commands specific to this engine */
-/* #define E_GMP_CMD_SO_PATH ENGINE_CMD_BASE */
-static const ENGINE_CMD_DEFN e_gmp_cmd_defns[] = {
-#if 0
- {E_GMP_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'e_gmp' shared library",
- ENGINE_CMD_FLAG_STRING},
-#endif
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD e_gmp_rsa =
- {
- "GMP RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- e_gmp_rsa_mod_exp,
- NULL,
- NULL,
- e_gmp_rsa_finish,
- /* These flags initialise montgomery crud that GMP ignores, however it
- * makes sure the public key ops (which are done in openssl) don't seem
- * *slower* than usual :-) */
- RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_e_gmp_id = "gmp";
-static const char *engine_e_gmp_name = "GMP engine support";
-
-/* This internal function is used by ENGINE_gmp() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
- if(!ENGINE_set_id(e, engine_e_gmp_id) ||
- !ENGINE_set_name(e, engine_e_gmp_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &e_gmp_rsa) ||
-#endif
- !ENGINE_set_destroy_function(e, e_gmp_destroy) ||
- !ENGINE_set_init_function(e, e_gmp_init) ||
- !ENGINE_set_finish_function(e, e_gmp_finish) ||
- !ENGINE_set_ctrl_function(e, e_gmp_ctrl) ||
- !ENGINE_set_cmd_defns(e, e_gmp_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- meth1 = RSA_PKCS1_SSLeay();
- e_gmp_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- e_gmp_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- e_gmp_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- e_gmp_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
- e_gmp_rsa.bn_mod_exp = meth1->bn_mod_exp;
-#endif
-
- /* Ensure the e_gmp error handling is set up */
- ERR_load_GMP_strings();
- return 1;
- }
-
-static ENGINE *engine_gmp(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_gmp(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_gmp();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-
-#ifndef OPENSSL_NO_RSA
-/* Used to attach our own key-data to an RSA structure */
-static int hndidx_rsa = -1;
-#endif
-
-static int e_gmp_destroy(ENGINE *e)
- {
- ERR_unload_GMP_strings();
- return 1;
- }
-
-/* (de)initialisation functions. */
-static int e_gmp_init(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- if (hndidx_rsa == -1)
- hndidx_rsa = RSA_get_ex_new_index(0,
- "GMP-based RSA key handle",
- NULL, NULL, NULL);
-#endif
- if (hndidx_rsa == -1)
- return 0;
- return 1;
- }
-
-static int e_gmp_finish(ENGINE *e)
- {
- return 1;
- }
-
-static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int to_return = 1;
-
- switch(cmd)
- {
-#if 0
- case E_GMP_CMD_SO_PATH:
- /* ... */
-#endif
- /* The command isn't understood by this engine */
- default:
- GMPerr(GMP_F_E_GMP_CTRL,
- GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- to_return = 0;
- break;
- }
-
- return to_return;
- }
-
-/* HACK - use text I/O functions in openssl and GMP to handle conversions. This
- * is vile. */
-static int bn2gmp(const BIGNUM *bn, mpz_t g)
- {
- int toret;
- char *tmpchar = BN_bn2hex(bn);
- if(!tmpchar) return 0;
- toret = (mpz_set_str(g, tmpchar, 16) == 0 ? 1 : 0);
- OPENSSL_free(tmpchar);
- return toret;
- }
-
-static int gmp2bn(mpz_t g, BIGNUM *bn)
- {
- int toret;
- char *tmpchar = OPENSSL_malloc(mpz_sizeinbase(g, 16) + 10);
- if(!tmpchar) return 0;
- mpz_get_str(tmpchar, 16, g);
- toret = BN_hex2bn(&bn, tmpchar);
- OPENSSL_free(tmpchar);
- return toret;
- }
-
-#ifndef OPENSSL_NO_RSA
-typedef struct st_e_gmp_rsa_ctx
- {
- int public_only;
- mpz_t n;
- mpz_t d;
- mpz_t e;
- mpz_t p;
- mpz_t q;
- mpz_t dmp1;
- mpz_t dmq1;
- mpz_t iqmp;
- mpz_t r0, r1, I0, m1;
- } E_GMP_RSA_CTX;
-
-static E_GMP_RSA_CTX *e_gmp_get_rsa(RSA *rsa)
- {
- E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
- if(hptr) return hptr;
- hptr = OPENSSL_malloc(sizeof(E_GMP_RSA_CTX));
- if(!hptr) return NULL;
- /* These inits could probably be replaced by more intelligent
- * mpz_init2() versions, to reduce malloc-thrashing. */
- mpz_init(hptr->n);
- mpz_init(hptr->d);
- mpz_init(hptr->e);
- mpz_init(hptr->p);
- mpz_init(hptr->q);
- mpz_init(hptr->dmp1);
- mpz_init(hptr->dmq1);
- mpz_init(hptr->iqmp);
- mpz_init(hptr->r0);
- mpz_init(hptr->r1);
- mpz_init(hptr->I0);
- mpz_init(hptr->m1);
- if(!bn2gmp(rsa->n, hptr->n) || !bn2gmp(rsa->e, hptr->e))
- goto err;
- if(!rsa->p || !rsa->q || !rsa->d || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
- {
- hptr->public_only = 1;
- return hptr;
- }
- if(!bn2gmp(rsa->d, hptr->d) || !bn2gmp(rsa->p, hptr->p) ||
- !bn2gmp(rsa->q, hptr->q) || !bn2gmp(rsa->dmp1, hptr->dmp1) ||
- !bn2gmp(rsa->dmq1, hptr->dmq1) || !bn2gmp(rsa->iqmp, hptr->iqmp))
- goto err;
- hptr->public_only = 0;
- RSA_set_ex_data(rsa, hndidx_rsa, hptr);
- return hptr;
-err:
- mpz_clear(hptr->n);
- mpz_clear(hptr->d);
- mpz_clear(hptr->e);
- mpz_clear(hptr->p);
- mpz_clear(hptr->q);
- mpz_clear(hptr->dmp1);
- mpz_clear(hptr->dmq1);
- mpz_clear(hptr->iqmp);
- mpz_clear(hptr->r0);
- mpz_clear(hptr->r1);
- mpz_clear(hptr->I0);
- mpz_clear(hptr->m1);
- OPENSSL_free(hptr);
- return NULL;
- }
-
-static int e_gmp_rsa_finish(RSA *rsa)
- {
- E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa);
- if(!hptr) return 0;
- mpz_clear(hptr->n);
- mpz_clear(hptr->d);
- mpz_clear(hptr->e);
- mpz_clear(hptr->p);
- mpz_clear(hptr->q);
- mpz_clear(hptr->dmp1);
- mpz_clear(hptr->dmq1);
- mpz_clear(hptr->iqmp);
- mpz_clear(hptr->r0);
- mpz_clear(hptr->r1);
- mpz_clear(hptr->I0);
- mpz_clear(hptr->m1);
- OPENSSL_free(hptr);
- RSA_set_ex_data(rsa, hndidx_rsa, NULL);
- return 1;
- }
-
-static int e_gmp_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- E_GMP_RSA_CTX *hptr;
- int to_return = 0;
-
- hptr = e_gmp_get_rsa(rsa);
- if(!hptr)
- {
- GMPerr(GMP_F_E_GMP_RSA_MOD_EXP,
- GMP_R_KEY_CONTEXT_ERROR);
- return 0;
- }
- if(hptr->public_only)
- {
- GMPerr(GMP_F_E_GMP_RSA_MOD_EXP,
- GMP_R_MISSING_KEY_COMPONENTS);
- return 0;
- }
-
- /* ugh!!! */
- if(!bn2gmp(I, hptr->I0))
- return 0;
-
- /* This is basically the CRT logic in crypto/rsa/rsa_eay.c reworded into
- * GMP-speak. It may be that GMP's API facilitates cleaner formulations
- * of this stuff, eg. better handling of negatives, or functions that
- * combine operations. */
-
- mpz_mod(hptr->r1, hptr->I0, hptr->q);
- mpz_powm(hptr->m1, hptr->r1, hptr->dmq1, hptr->q);
-
- mpz_mod(hptr->r1, hptr->I0, hptr->p);
- mpz_powm(hptr->r0, hptr->r1, hptr->dmp1, hptr->p);
-
- mpz_sub(hptr->r0, hptr->r0, hptr->m1);
-
- if(mpz_sgn(hptr->r0) < 0)
- mpz_add(hptr->r0, hptr->r0, hptr->p);
- mpz_mul(hptr->r1, hptr->r0, hptr->iqmp);
- mpz_mod(hptr->r0, hptr->r1, hptr->p);
-
- if(mpz_sgn(hptr->r0) < 0)
- mpz_add(hptr->r0, hptr->r0, hptr->p);
- mpz_mul(hptr->r1, hptr->r0, hptr->q);
- mpz_add(hptr->r0, hptr->r1, hptr->m1);
-
- /* ugh!!! */
- if(gmp2bn(hptr->r0, r))
- to_return = 1;
-
- return 1;
- }
-#endif
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_e_gmp_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* ENGINE_DYNAMIC_SUPPORT */
-
-#endif /* !OPENSSL_NO_HW_GMP */
-#endif /* !OPENSSL_NO_HW */
-
diff --git a/crypto/openssl/engines/e_gmp.ec b/crypto/openssl/engines/e_gmp.ec
deleted file mode 100644
index 72ec447..0000000
--- a/crypto/openssl/engines/e_gmp.ec
+++ /dev/null
@@ -1 +0,0 @@
-L GMP e_gmp_err.h e_gmp_err.c
diff --git a/crypto/openssl/engines/e_gmp_err.c b/crypto/openssl/engines/e_gmp_err.c
deleted file mode 100644
index 61db956..0000000
--- a/crypto/openssl/engines/e_gmp_err.c
+++ /dev/null
@@ -1,141 +0,0 @@
-/* e_gmp_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_gmp_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA GMP_str_functs[]=
- {
-{ERR_FUNC(GMP_F_E_GMP_CTRL), "E_GMP_CTRL"},
-{ERR_FUNC(GMP_F_E_GMP_RSA_MOD_EXP), "E_GMP_RSA_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA GMP_str_reasons[]=
- {
-{ERR_REASON(GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(GMP_R_KEY_CONTEXT_ERROR) ,"key context error"},
-{ERR_REASON(GMP_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef GMP_LIB_NAME
-static ERR_STRING_DATA GMP_lib_name[]=
- {
-{0 ,GMP_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int GMP_lib_error_code=0;
-static int GMP_error_init=1;
-
-static void ERR_load_GMP_strings(void)
- {
- if (GMP_lib_error_code == 0)
- GMP_lib_error_code=ERR_get_next_error_library();
-
- if (GMP_error_init)
- {
- GMP_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(GMP_lib_error_code,GMP_str_functs);
- ERR_load_strings(GMP_lib_error_code,GMP_str_reasons);
-#endif
-
-#ifdef GMP_LIB_NAME
- GMP_lib_name->error = ERR_PACK(GMP_lib_error_code,0,0);
- ERR_load_strings(0,GMP_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_GMP_strings(void)
- {
- if (GMP_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(GMP_lib_error_code,GMP_str_functs);
- ERR_unload_strings(GMP_lib_error_code,GMP_str_reasons);
-#endif
-
-#ifdef GMP_LIB_NAME
- ERR_unload_strings(0,GMP_lib_name);
-#endif
- GMP_error_init=1;
- }
- }
-
-static void ERR_GMP_error(int function, int reason, char *file, int line)
- {
- if (GMP_lib_error_code == 0)
- GMP_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(GMP_lib_error_code,function,reason,file,line);
- }
diff --git a/crypto/openssl/engines/e_gmp_err.h b/crypto/openssl/engines/e_gmp_err.h
deleted file mode 100644
index cf46f0e..0000000
--- a/crypto/openssl/engines/e_gmp_err.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_GMP_ERR_H
-#define HEADER_GMP_ERR_H
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_GMP_strings(void);
-static void ERR_unload_GMP_strings(void);
-static void ERR_GMP_error(int function, int reason, char *file, int line);
-#define GMPerr(f,r) ERR_GMP_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the GMP functions. */
-
-/* Function codes. */
-#define GMP_F_E_GMP_CTRL 100
-#define GMP_F_E_GMP_RSA_MOD_EXP 101
-
-/* Reason codes. */
-#define GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED 100
-#define GMP_R_KEY_CONTEXT_ERROR 101
-#define GMP_R_MISSING_KEY_COMPONENTS 102
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/engines/e_nuron.c b/crypto/openssl/engines/e_nuron.c
deleted file mode 100644
index 4c2537c..0000000
--- a/crypto/openssl/engines/e_nuron.c
+++ /dev/null
@@ -1,434 +0,0 @@
-/* crypto/engine/hw_nuron.c */
-/* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
- * Thorpe's Atalla implementation.
- */
-/* ====================================================================
- * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_NURON
-
-#define NURON_LIB_NAME "nuron engine"
-#include "e_nuron_err.c"
-
-static const char *NURON_LIBNAME = NULL;
-static const char *get_NURON_LIBNAME(void)
- {
- if(NURON_LIBNAME)
- return NURON_LIBNAME;
- return "nuronssl";
- }
-static void free_NURON_LIBNAME(void)
- {
- if(NURON_LIBNAME)
- OPENSSL_free((void*)NURON_LIBNAME);
- NURON_LIBNAME = NULL;
- }
-static long set_NURON_LIBNAME(const char *name)
- {
- free_NURON_LIBNAME();
- return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
-static const char *NURON_F1 = "nuron_mod_exp";
-
-/* The definitions for control commands specific to this engine */
-#define NURON_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
- {NURON_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'nuronssl' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m);
-static tfnModExp *pfnModExp = NULL;
-
-static DSO *pvDSOHandle = NULL;
-
-static int nuron_destroy(ENGINE *e)
- {
- free_NURON_LIBNAME();
- ERR_unload_NURON_strings();
- return 1;
- }
-
-static int nuron_init(ENGINE *e)
- {
- if(pvDSOHandle != NULL)
- {
- NURONerr(NURON_F_NURON_INIT,NURON_R_ALREADY_LOADED);
- return 0;
- }
-
- pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
- DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
- if(!pvDSOHandle)
- {
- NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_NOT_FOUND);
- return 0;
- }
-
- pfnModExp = (tfnModExp *)DSO_bind_func(pvDSOHandle, NURON_F1);
- if(!pfnModExp)
- {
- NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_FUNCTION_NOT_FOUND);
- return 0;
- }
-
- return 1;
- }
-
-static int nuron_finish(ENGINE *e)
- {
- free_NURON_LIBNAME();
- if(pvDSOHandle == NULL)
- {
- NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(pvDSOHandle))
- {
- NURONerr(NURON_F_NURON_FINISH,NURON_R_DSO_FAILURE);
- return 0;
- }
- pvDSOHandle=NULL;
- pfnModExp=NULL;
- return 1;
- }
-
-static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
- switch(cmd)
- {
- case NURON_CMD_SO_PATH:
- if(p == NULL)
- {
- NURONerr(NURON_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED);
- return 0;
- }
- return set_NURON_LIBNAME((const char *)p);
- default:
- break;
- }
- NURONerr(NURON_F_NURON_CTRL,NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
-}
-
-static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,
- const BIGNUM *m,BN_CTX *ctx)
- {
- if(!pvDSOHandle)
- {
- NURONerr(NURON_F_NURON_MOD_EXP,NURON_R_NOT_LOADED);
- return 0;
- }
- return pfnModExp(r,a,p,m);
- }
-
-#ifndef OPENSSL_NO_RSA
-static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- return nuron_mod_exp(r0,I,rsa->d,rsa->n,ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* This code was liberated and adapted from the commented-out code in
- * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
- * (it doesn't have a CRT form for RSA), this function means that an
- * Atalla system running with a DSA server certificate can handshake
- * around 5 or 6 times faster/more than an equivalent system running with
- * RSA. Just check out the "signs" statistics from the RSA and DSA parts
- * of "openssl speed -engine atalla dsa1024 rsa1024". */
-static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int to_return = 0;
-
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!nuron_mod_exp(rr,a1,p1,m,ctx))
- goto end;
- /* let t = a2 ^ p2 mod m */
- if (!nuron_mod_exp(&t,a2,p2,m,ctx))
- goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx))
- goto end;
- to_return = 1;
-end:
- BN_free(&t);
- return to_return;
- }
-
-
-static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return nuron_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-#ifndef OPENSSL_NO_RSA
-static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return nuron_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
- const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- return nuron_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
-static RSA_METHOD nuron_rsa =
- {
- "Nuron RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- nuron_rsa_mod_exp,
- nuron_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
-static DSA_METHOD nuron_dsa =
- {
- "Nuron DSA method",
- NULL, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- NULL, /* dsa_do_verify */
- nuron_dsa_mod_exp, /* dsa_mod_exp */
- nuron_mod_exp_dsa, /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-static DH_METHOD nuron_dh =
- {
- "Nuron DH method",
- NULL,
- NULL,
- nuron_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_nuron_id = "nuron";
-static const char *engine_nuron_name = "Nuron hardware engine support";
-
-/* This internal function is used by ENGINE_nuron() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth2;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth3;
-#endif
- if(!ENGINE_set_id(e, engine_nuron_id) ||
- !ENGINE_set_name(e, engine_nuron_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &nuron_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &nuron_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &nuron_dh) ||
-#endif
- !ENGINE_set_destroy_function(e, nuron_destroy) ||
- !ENGINE_set_init_function(e, nuron_init) ||
- !ENGINE_set_finish_function(e, nuron_finish) ||
- !ENGINE_set_ctrl_function(e, nuron_ctrl) ||
- !ENGINE_set_cmd_defns(e, nuron_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the nuron-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1=RSA_PKCS1_SSLeay();
- nuron_rsa.rsa_pub_enc=meth1->rsa_pub_enc;
- nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec;
- nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc;
- nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DSA
- /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
- * bits. */
- meth2=DSA_OpenSSL();
- nuron_dsa.dsa_do_sign=meth2->dsa_do_sign;
- nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup;
- nuron_dsa.dsa_do_verify=meth2->dsa_do_verify;
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth3=DH_OpenSSL();
- nuron_dh.generate_key=meth3->generate_key;
- nuron_dh.compute_key=meth3->compute_key;
-#endif
-
- /* Ensure the nuron error handling is set up */
- ERR_load_NURON_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_nuron(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_nuron(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_nuron();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_nuron_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif /* !OPENSSL_NO_HW_NURON */
-#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/engines/e_nuron.ec b/crypto/openssl/engines/e_nuron.ec
deleted file mode 100644
index cfa430d..0000000
--- a/crypto/openssl/engines/e_nuron.ec
+++ /dev/null
@@ -1 +0,0 @@
-L NURON e_nuron_err.h e_nuron_err.c
diff --git a/crypto/openssl/engines/e_nuron_err.c b/crypto/openssl/engines/e_nuron_err.c
deleted file mode 100644
index 9a7864f..0000000
--- a/crypto/openssl/engines/e_nuron_err.c
+++ /dev/null
@@ -1,146 +0,0 @@
-/* e_nuron_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_nuron_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA NURON_str_functs[]=
- {
-{ERR_FUNC(NURON_F_NURON_CTRL), "NURON_CTRL"},
-{ERR_FUNC(NURON_F_NURON_FINISH), "NURON_FINISH"},
-{ERR_FUNC(NURON_F_NURON_INIT), "NURON_INIT"},
-{ERR_FUNC(NURON_F_NURON_MOD_EXP), "NURON_MOD_EXP"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA NURON_str_reasons[]=
- {
-{ERR_REASON(NURON_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(NURON_R_DSO_FAILURE) ,"dso failure"},
-{ERR_REASON(NURON_R_DSO_FUNCTION_NOT_FOUND),"dso function not found"},
-{ERR_REASON(NURON_R_DSO_NOT_FOUND) ,"dso not found"},
-{ERR_REASON(NURON_R_NOT_LOADED) ,"not loaded"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef NURON_LIB_NAME
-static ERR_STRING_DATA NURON_lib_name[]=
- {
-{0 ,NURON_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int NURON_lib_error_code=0;
-static int NURON_error_init=1;
-
-static void ERR_load_NURON_strings(void)
- {
- if (NURON_lib_error_code == 0)
- NURON_lib_error_code=ERR_get_next_error_library();
-
- if (NURON_error_init)
- {
- NURON_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(NURON_lib_error_code,NURON_str_functs);
- ERR_load_strings(NURON_lib_error_code,NURON_str_reasons);
-#endif
-
-#ifdef NURON_LIB_NAME
- NURON_lib_name->error = ERR_PACK(NURON_lib_error_code,0,0);
- ERR_load_strings(0,NURON_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_NURON_strings(void)
- {
- if (NURON_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(NURON_lib_error_code,NURON_str_functs);
- ERR_unload_strings(NURON_lib_error_code,NURON_str_reasons);
-#endif
-
-#ifdef NURON_LIB_NAME
- ERR_unload_strings(0,NURON_lib_name);
-#endif
- NURON_error_init=1;
- }
- }
-
-static void ERR_NURON_error(int function, int reason, char *file, int line)
- {
- if (NURON_lib_error_code == 0)
- NURON_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(NURON_lib_error_code,function,reason,file,line);
- }
diff --git a/crypto/openssl/engines/e_nuron_err.h b/crypto/openssl/engines/e_nuron_err.h
deleted file mode 100644
index a56bfdf..0000000
--- a/crypto/openssl/engines/e_nuron_err.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_NURON_ERR_H
-#define HEADER_NURON_ERR_H
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_NURON_strings(void);
-static void ERR_unload_NURON_strings(void);
-static void ERR_NURON_error(int function, int reason, char *file, int line);
-#define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the NURON functions. */
-
-/* Function codes. */
-#define NURON_F_NURON_CTRL 100
-#define NURON_F_NURON_FINISH 101
-#define NURON_F_NURON_INIT 102
-#define NURON_F_NURON_MOD_EXP 103
-
-/* Reason codes. */
-#define NURON_R_ALREADY_LOADED 100
-#define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED 101
-#define NURON_R_DSO_FAILURE 102
-#define NURON_R_DSO_FUNCTION_NOT_FOUND 103
-#define NURON_R_DSO_NOT_FOUND 104
-#define NURON_R_NOT_LOADED 105
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/engines/e_sureware.c b/crypto/openssl/engines/e_sureware.c
deleted file mode 100644
index 58fa9a98..0000000
--- a/crypto/openssl/engines/e_sureware.c
+++ /dev/null
@@ -1,1057 +0,0 @@
-/* Written by Corinne Dive-Reclus(cdive@baltimore.com)
-*
-*
-* Redistribution and use in source and binary forms, with or without
-* modification, are permitted provided that the following conditions
-* are met:
-*
-* 1. Redistributions of source code must retain the above copyright
-* notice, this list of conditions and the following disclaimer.
-*
-* 2. Redistributions in binary form must reproduce the above copyright
-* notice, this list of conditions and the following disclaimer in
-* the documentation and/or other materials provided with the
-* distribution.
-*
-* 3. All advertising materials mentioning features or use of this
-* software must display the following acknowledgment:
-* "This product includes software developed by the OpenSSL Project
-* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-*
-* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-* endorse or promote products derived from this software without
-* prior written permission. For written permission, please contact
-* licensing@OpenSSL.org.
-*
-* 5. Products derived from this software may not be called "OpenSSL"
-* nor may "OpenSSL" appear in their names without prior written
-* permission of the OpenSSL Project.
-*
-* 6. Redistributions of any form whatsoever must retain the following
-* acknowledgment:
-* "This product includes software developed by the OpenSSL Project
-* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-*
-* Written by Corinne Dive-Reclus(cdive@baltimore.com)
-*
-* Copyright@2001 Baltimore Technologies Ltd.
-* All right Reserved.
-* *
-* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
-* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
-* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
-* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
-* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
-* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
-* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
-* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
-* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
-* SUCH DAMAGE. *
-====================================================================*/
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/pem.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_SUREWARE
-
-#ifdef FLAT_INC
-#include "sureware.h"
-#else
-#include "vendor_defns/sureware.h"
-#endif
-
-#define SUREWARE_LIB_NAME "sureware engine"
-#include "e_sureware_err.c"
-
-static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-static int surewarehk_destroy(ENGINE *e);
-static int surewarehk_init(ENGINE *e);
-static int surewarehk_finish(ENGINE *e);
-static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-
-/* RSA stuff */
-#ifndef OPENSSL_NO_RSA
-static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
- RSA *rsa,int padding);
-static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
- RSA *rsa,int padding);
-#endif
-
-/* RAND stuff */
-static int surewarehk_rand_bytes(unsigned char *buf, int num);
-static void surewarehk_rand_seed(const void *buf, int num);
-static void surewarehk_rand_add(const void *buf, int num, double entropy);
-
-/* KM stuff */
-static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
-static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data);
-static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp);
-#if 0
-static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp);
-#endif
-
-#ifndef OPENSSL_NO_RSA
-/* This function is aliased to mod_exp (with the mont stuff dropped). */
-static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
- return surewarehk_modexp(r, a, p, m, ctx);
-}
-
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD surewarehk_rsa =
- {
- "SureWare RSA method",
- NULL, /* pub_enc*/
- NULL, /* pub_dec*/
- surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/
- surewarehk_rsa_priv_dec, /* priv_dec*/
- NULL, /*mod_exp*/
- surewarehk_mod_exp_mont, /*mod_exp_mongomery*/
- NULL, /* init*/
- NULL, /* finish*/
- 0, /* RSA flag*/
- NULL,
- NULL, /* OpenSSL sign*/
- NULL, /* OpenSSL verify*/
- NULL /* keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
- return surewarehk_modexp(r, a, p, m, ctx);
-}
-
-static DH_METHOD surewarehk_dh =
- {
- "SureWare DH method",
- NULL,/*gen_key*/
- NULL,/*agree,*/
- surewarehk_modexp_dh, /*dh mod exp*/
- NULL, /* init*/
- NULL, /* finish*/
- 0, /* flags*/
- NULL,
- NULL
- };
-#endif
-
-static RAND_METHOD surewarehk_rand =
- {
- /* "SureWare RAND method", */
- surewarehk_rand_seed,
- surewarehk_rand_bytes,
- NULL,/*cleanup*/
- surewarehk_rand_add,
- surewarehk_rand_bytes,
- NULL,/*rand_status*/
- };
-
-#ifndef OPENSSL_NO_DSA
-/* DSA stuff */
-static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
-{
- BIGNUM t;
- int to_return = 0;
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- to_return = 1;
-end:
- BN_free(&t);
- return to_return;
-}
-
-static DSA_METHOD surewarehk_dsa =
- {
- "SureWare DSA method",
- surewarehk_dsa_do_sign,
- NULL,/*sign setup*/
- NULL,/*verify,*/
- surewarehk_dsa_mod_exp,/*mod exp*/
- NULL,/*bn mod exp*/
- NULL, /*init*/
- NULL,/*finish*/
- 0,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-static const char *engine_sureware_id = "sureware";
-static const char *engine_sureware_name = "SureWare hardware engine support";
-
-/* Now, to our own code */
-
-/* As this is only ever called once, there's no need for locking
- * (indeed - the lock will already be held by our caller!!!) */
-static int bind_sureware(ENGINE *e)
-{
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DSA
- const DSA_METHOD *meth2;
-#endif
-#ifndef OPENSSL_NO_DH
- const DH_METHOD *meth3;
-#endif
-
- if(!ENGINE_set_id(e, engine_sureware_id) ||
- !ENGINE_set_name(e, engine_sureware_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &surewarehk_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &surewarehk_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &surewarehk_dh) ||
-#endif
- !ENGINE_set_RAND(e, &surewarehk_rand) ||
- !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
- !ENGINE_set_init_function(e, surewarehk_init) ||
- !ENGINE_set_finish_function(e, surewarehk_finish) ||
- !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
- !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
- !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the cswift-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- if (meth1)
- {
- surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
- /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
- * bits. */
- meth2 = DSA_OpenSSL();
- if (meth2)
- {
- surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
- /* Much the same for Diffie-Hellman */
- meth3 = DH_OpenSSL();
- if (meth3)
- {
- surewarehk_dh.generate_key = meth3->generate_key;
- surewarehk_dh.compute_key = meth3->compute_key;
- }
-#endif
-
- /* Ensure the sureware error handling is set up */
- ERR_load_SUREWARE_strings();
- return 1;
-}
-
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_helper(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_sureware_id) != 0))
- return 0;
- if(!bind_sureware(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
-#else
-static ENGINE *engine_sureware(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_sureware(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_sureware(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_sureware();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This is a process-global DSO handle used for loading and unloading
- * the SureWareHook library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-static DSO *surewarehk_dso = NULL;
-#ifndef OPENSSL_NO_RSA
-static int rsaHndidx = -1; /* Index for KM handle. Not really used yet. */
-#endif
-#ifndef OPENSSL_NO_DSA
-static int dsaHndidx = -1; /* Index for KM handle. Not really used yet. */
-#endif
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-static SureWareHook_Init_t *p_surewarehk_Init = NULL;
-static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
-static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
-static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
-static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
-static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
-static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
-static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
-static SureWareHook_Free_t *p_surewarehk_Free=NULL;
-static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;
-static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;
-static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;
-static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;
-
-/* Used in the DSO operations. */
-static const char *surewarehk_LIBNAME = "SureWareHook";
-static const char *n_surewarehk_Init = "SureWareHook_Init";
-static const char *n_surewarehk_Finish = "SureWareHook_Finish";
-static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";
-static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";
-static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";
-static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";
-static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";
-static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";
-static const char *n_surewarehk_Free="SureWareHook_Free";
-static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";
-static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";
-static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";
-static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";
-static BIO *logstream = NULL;
-
-/* SureWareHook library functions and mechanics - these are used by the
- * higher-level functions further down. NB: As and where there's no
- * error checking, take a look lower down where these functions are
- * called, the checking and error handling is probably down there.
-*/
-static int threadsafe=1;
-static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-{
- int to_return = 1;
-
- switch(cmd)
- {
- case ENGINE_CTRL_SET_LOGSTREAM:
- {
- BIO *bio = (BIO *)p;
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- if (logstream)
- {
- BIO_free(logstream);
- logstream = NULL;
- }
- if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
- logstream = bio;
- else
- SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
- /* This will prevent the initialisation function from "installing"
- * the mutex-handling callbacks, even if they are available from
- * within the library (or were provided to the library from the
- * calling application). This is to remove any baggage for
- * applications not using multithreading. */
- case ENGINE_CTRL_CHIL_NO_LOCKING:
- CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
- threadsafe = 0;
- CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
- break;
-
- /* The command isn't understood by this engine */
- default:
- SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
- ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- to_return = 0;
- break;
- }
-
- return to_return;
-}
-
-/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
-static int surewarehk_destroy(ENGINE *e)
-{
- ERR_unload_SUREWARE_strings();
- return 1;
-}
-
-/* (de)initialisation functions. */
-static int surewarehk_init(ENGINE *e)
-{
- char msg[64]="ENGINE_init";
- SureWareHook_Init_t *p1=NULL;
- SureWareHook_Finish_t *p2=NULL;
- SureWareHook_Rand_Bytes_t *p3=NULL;
- SureWareHook_Rand_Seed_t *p4=NULL;
- SureWareHook_Load_Privkey_t *p5=NULL;
- SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
- SureWareHook_Free_t *p7=NULL;
- SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
- SureWareHook_Rsa_Sign_t *p9=NULL;
- SureWareHook_Dsa_Sign_t *p12=NULL;
- SureWareHook_Info_Pubkey_t *p13=NULL;
- SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
- SureWareHook_Mod_Exp_t *p15=NULL;
-
- if(surewarehk_dso != NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
- goto err;
- }
- /* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
- surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
- if(surewarehk_dso == NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
- goto err;
- }
- if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
- !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
- !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
- !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
- !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
- !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
- !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
- !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
- !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
- !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
- !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
- !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
- !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
- goto err;
- }
- /* Copy the pointers */
- p_surewarehk_Init = p1;
- p_surewarehk_Finish = p2;
- p_surewarehk_Rand_Bytes = p3;
- p_surewarehk_Rand_Seed = p4;
- p_surewarehk_Load_Privkey = p5;
- p_surewarehk_Load_Rsa_Pubkey = p6;
- p_surewarehk_Free = p7;
- p_surewarehk_Rsa_Priv_Dec = p8;
- p_surewarehk_Rsa_Sign = p9;
- p_surewarehk_Dsa_Sign = p12;
- p_surewarehk_Info_Pubkey = p13;
- p_surewarehk_Load_Dsa_Pubkey = p14;
- p_surewarehk_Mod_Exp = p15;
- /* Contact the hardware and initialises it. */
- if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
- goto err;
- }
- if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
- goto err;
- }
- /* try to load the default private key, if failed does not return a failure but
- wait for an explicit ENGINE_load_privakey */
- surewarehk_load_privkey(e,NULL,NULL,NULL);
-
- /* Everything's fine. */
-#ifndef OPENSSL_NO_RSA
- if (rsaHndidx == -1)
- rsaHndidx = RSA_get_ex_new_index(0,
- "SureWareHook RSA key handle",
- NULL, NULL, surewarehk_ex_free);
-#endif
-#ifndef OPENSSL_NO_DSA
- if (dsaHndidx == -1)
- dsaHndidx = DSA_get_ex_new_index(0,
- "SureWareHook DSA key handle",
- NULL, NULL, surewarehk_ex_free);
-#endif
-
- return 1;
-err:
- if(surewarehk_dso)
- DSO_free(surewarehk_dso);
- surewarehk_dso = NULL;
- p_surewarehk_Init = NULL;
- p_surewarehk_Finish = NULL;
- p_surewarehk_Rand_Bytes = NULL;
- p_surewarehk_Rand_Seed = NULL;
- p_surewarehk_Load_Privkey = NULL;
- p_surewarehk_Load_Rsa_Pubkey = NULL;
- p_surewarehk_Free = NULL;
- p_surewarehk_Rsa_Priv_Dec = NULL;
- p_surewarehk_Rsa_Sign = NULL;
- p_surewarehk_Dsa_Sign = NULL;
- p_surewarehk_Info_Pubkey = NULL;
- p_surewarehk_Load_Dsa_Pubkey = NULL;
- p_surewarehk_Mod_Exp = NULL;
- return 0;
-}
-
-static int surewarehk_finish(ENGINE *e)
-{
- int to_return = 1;
- if(surewarehk_dso == NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);
- to_return = 0;
- goto err;
- }
- p_surewarehk_Finish();
- if(!DSO_free(surewarehk_dso))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);
- to_return = 0;
- goto err;
- }
- err:
- if (logstream)
- BIO_free(logstream);
- surewarehk_dso = NULL;
- p_surewarehk_Init = NULL;
- p_surewarehk_Finish = NULL;
- p_surewarehk_Rand_Bytes = NULL;
- p_surewarehk_Rand_Seed = NULL;
- p_surewarehk_Load_Privkey = NULL;
- p_surewarehk_Load_Rsa_Pubkey = NULL;
- p_surewarehk_Free = NULL;
- p_surewarehk_Rsa_Priv_Dec = NULL;
- p_surewarehk_Rsa_Sign = NULL;
- p_surewarehk_Dsa_Sign = NULL;
- p_surewarehk_Info_Pubkey = NULL;
- p_surewarehk_Load_Dsa_Pubkey = NULL;
- p_surewarehk_Mod_Exp = NULL;
- return to_return;
-}
-
-static void surewarehk_error_handling(char *const msg,int func,int ret)
-{
- switch (ret)
- {
- case SUREWAREHOOK_ERROR_UNIT_FAILURE:
- ENGINEerr(func,SUREWARE_R_UNIT_FAILURE);
- break;
- case SUREWAREHOOK_ERROR_FALLBACK:
- ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK);
- break;
- case SUREWAREHOOK_ERROR_DATA_SIZE:
- ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- break;
- case SUREWAREHOOK_ERROR_INVALID_PAD:
- ENGINEerr(func,SUREWARE_R_PADDING_CHECK_FAILED);
- break;
- default:
- ENGINEerr(func,SUREWARE_R_REQUEST_FAILED);
- break;
- case 1:/*nothing*/
- msg[0]='\0';
- }
- if (*msg)
- {
- ERR_add_error_data(1,msg);
- if (logstream)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_BIO);
- BIO_write(logstream, msg, strlen(msg));
- CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
- }
- }
-}
-
-static int surewarehk_rand_bytes(unsigned char *buf, int num)
-{
- int ret=0;
- char msg[64]="ENGINE_rand_bytes";
- if(!p_surewarehk_Rand_Bytes)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- ret = p_surewarehk_Rand_Bytes(msg,buf, num);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret);
- }
- return ret==1 ? 1 : 0;
-}
-
-static void surewarehk_rand_seed(const void *buf, int num)
-{
- int ret=0;
- char msg[64]="ENGINE_rand_seed";
- if(!p_surewarehk_Rand_Seed)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- ret = p_surewarehk_Rand_Seed(msg,buf, num);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret);
- }
-}
-
-static void surewarehk_rand_add(const void *buf, int num, double entropy)
-{
- surewarehk_rand_seed(buf,num);
-}
-
-static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
-{
- EVP_PKEY *res = NULL;
-#ifndef OPENSSL_NO_RSA
- RSA *rsatmp = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
- DSA *dsatmp=NULL;
-#endif
- char msg[64]="sureware_load_public";
- int ret=0;
- if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
- {
- SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_NOT_INITIALISED);
- goto err;
- }
- switch (keytype)
- {
-#ifndef OPENSSL_NO_RSA
- case 1: /*RSA*/
- /* set private external reference */
- rsatmp = RSA_new_method(e);
- RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
- rsatmp->flags |= RSA_FLAG_EXT_PKEY;
-
- /* set public big nums*/
- rsatmp->e = BN_new();
- rsatmp->n = BN_new();
- bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
- bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
- if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))||
- !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
- goto err;
- ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
- (unsigned long *)rsatmp->n->d,
- (unsigned long *)rsatmp->e->d);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
- if (ret!=1)
- {
- SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
- goto err;
- }
- /* normalise pub e and pub n */
- rsatmp->e->top=el/sizeof(BN_ULONG);
- bn_fix_top(rsatmp->e);
- rsatmp->n->top=el/sizeof(BN_ULONG);
- bn_fix_top(rsatmp->n);
- /* create an EVP object: engine + rsa key */
- res = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(res, rsatmp);
- break;
-#endif
-
-#ifndef OPENSSL_NO_DSA
- case 2:/*DSA*/
- /* set private/public external reference */
- dsatmp = DSA_new_method(e);
- DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
- /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
-
- /* set public key*/
- dsatmp->pub_key = BN_new();
- dsatmp->p = BN_new();
- dsatmp->q = BN_new();
- dsatmp->g = BN_new();
- bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
- bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
- bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
- bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
- if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))||
- !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
- !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
- !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
- goto err;
-
- ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
- (unsigned long *)dsatmp->pub_key->d,
- (unsigned long *)dsatmp->p->d,
- (unsigned long *)dsatmp->q->d,
- (unsigned long *)dsatmp->g->d);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
- if (ret!=1)
- {
- SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
- goto err;
- }
- /* set parameters */
- /* normalise pubkey and parameters in case of */
- dsatmp->pub_key->top=el/sizeof(BN_ULONG);
- bn_fix_top(dsatmp->pub_key);
- dsatmp->p->top=el/sizeof(BN_ULONG);
- bn_fix_top(dsatmp->p);
- dsatmp->q->top=20/sizeof(BN_ULONG);
- bn_fix_top(dsatmp->q);
- dsatmp->g->top=el/sizeof(BN_ULONG);
- bn_fix_top(dsatmp->g);
-
- /* create an EVP object: engine + rsa key */
- res = EVP_PKEY_new();
- EVP_PKEY_assign_DSA(res, dsatmp);
- break;
-#endif
-
- default:
- SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
- goto err;
- }
- return res;
- err:
- if (res)
- EVP_PKEY_free(res);
-#ifndef OPENSSL_NO_RSA
- if (rsatmp)
- RSA_free(rsatmp);
-#endif
-#ifndef OPENSSL_NO_DSA
- if (dsatmp)
- DSA_free(dsatmp);
-#endif
- return NULL;
-}
-
-static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
-{
- EVP_PKEY *res = NULL;
- int ret=0;
- unsigned long el=0;
- char *hptr=NULL;
- char keytype=0;
- char msg[64]="ENGINE_load_privkey";
-
- if(!p_surewarehk_Load_Privkey)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);
- if (ret!=1)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
- ERR_add_error_data(1,msg);
- }
- else
- res=sureware_load_public(e,key_id,hptr,el,keytype);
- }
- return res;
-}
-
-static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
- UI_METHOD *ui_method, void *callback_data)
-{
- EVP_PKEY *res = NULL;
- int ret=0;
- unsigned long el=0;
- char *hptr=NULL;
- char keytype=0;
- char msg[64]="ENGINE_load_pubkey";
-
- if(!p_surewarehk_Info_Pubkey)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- /* call once to identify if DSA or RSA */
- ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);
- if (ret!=1)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
- ERR_add_error_data(1,msg);
- }
- else
- res=sureware_load_public(e,key_id,hptr,el,keytype);
- }
- return res;
-}
-
-/* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
-, called when ex_data is freed */
-static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp)
-{
- if(!p_surewarehk_Free)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
- }
- else
- p_surewarehk_Free((char *)item,0);
-}
-
-#if 0
-/* not currently used (bug?) */
-/* This cleans up an DH KM key (destroys the key into hardware),
-called when ex_data is freed */
-static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
- int idx,long argl, void *argp)
-{
- if(!p_surewarehk_Free)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_DH_EX_FREE,ENGINE_R_NOT_INITIALISED);
- }
- else
- p_surewarehk_Free((char *)item,1);
-}
-#endif
-
-/*
-* return number of decrypted bytes
-*/
-#ifndef OPENSSL_NO_RSA
-static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
- RSA *rsa,int padding)
-{
- int ret=0,tlen;
- char *buf=NULL,*hptr=NULL;
- char msg[64]="ENGINE_rsa_priv_dec";
- if (!p_surewarehk_Rsa_Priv_Dec)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
- }
- /* extract ref to private key */
- else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
- /* analyse what padding we can do into the hardware */
- if (padding==RSA_PKCS1_PADDING)
- {
- /* do it one shot */
- ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
- if (ret!=1)
- goto err;
- ret=tlen;
- }
- else /* do with no padding into hardware */
- {
- ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
- if (ret!=1)
- goto err;
- /* intermediate buffer for padding */
- if ((buf=OPENSSL_malloc(tlen)) == NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- memcpy(buf,to,tlen);/* transfert to into buf */
- switch (padding) /* check padding in software */
- {
-#ifndef OPENSSL_NO_SHA
- case RSA_PKCS1_OAEP_PADDING:
- ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
- break;
-#endif
- case RSA_SSLV23_PADDING:
- ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
- break;
- case RSA_NO_PADDING:
- ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
- break;
- default:
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_UNKNOWN_PADDING_TYPE);
- goto err;
- }
- if (ret < 0)
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_PADDING_CHECK_FAILED);
- }
-err:
- if (buf)
- {
- OPENSSL_cleanse(buf,tlen);
- OPENSSL_free(buf);
- }
- return ret;
-}
-
-/*
-* Does what OpenSSL rsa_priv_enc does.
-*/
-static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
- RSA *rsa,int padding)
-{
- int ret=0,tlen;
- char *hptr=NULL;
- char msg[64]="ENGINE_rsa_sign";
- if (!p_surewarehk_Rsa_Sign)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,ENGINE_R_NOT_INITIALISED);
- }
- /* extract ref to private key */
- else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
- }
- else
- {
- switch (padding)
- {
- case RSA_PKCS1_PADDING: /* do it in one shot */
- ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_SIGN,ret);
- break;
- case RSA_NO_PADDING:
- default:
- SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN,SUREWARE_R_UNKNOWN_PADDING_TYPE);
- }
- }
- return ret==1 ? tlen : ret;
-}
-
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* DSA sign and verify */
-static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
-{
- int ret=0;
- char *hptr=NULL;
- DSA_SIG *psign=NULL;
- char msg[64]="ENGINE_dsa_do_sign";
- if (!p_surewarehk_Dsa_Sign)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
- goto err;
- }
- /* extract ref to private key */
- else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
- else
- {
- if((psign = DSA_SIG_new()) == NULL)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- psign->r=BN_new();
- psign->s=BN_new();
- bn_expand2(psign->r, 20/sizeof(BN_ULONG));
- bn_expand2(psign->s, 20/sizeof(BN_ULONG));
- if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
- !psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
- goto err;
- ret=p_surewarehk_Dsa_Sign(msg,flen,from,
- (unsigned long *)psign->r->d,
- (unsigned long *)psign->s->d,
- hptr);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
- }
- psign->r->top=20/sizeof(BN_ULONG);
- bn_fix_top(psign->r);
- psign->s->top=20/sizeof(BN_ULONG);
- bn_fix_top(psign->s);
-
-err:
- if (psign)
- {
- DSA_SIG_free(psign);
- psign=NULL;
- }
- return psign;
-}
-#endif
-
-static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
-{
- int ret=0;
- char msg[64]="ENGINE_modexp";
- if (!p_surewarehk_Mod_Exp)
- {
- SUREWAREerr(SUREWARE_F_SUREWAREHK_MODEXP,ENGINE_R_NOT_INITIALISED);
- }
- else
- {
- bn_expand2(r,m->top);
- if (r && r->dmax==m->top)
- {
- /* do it*/
- ret=p_surewarehk_Mod_Exp(msg,
- m->top*sizeof(BN_ULONG),
- (unsigned long *)m->d,
- p->top*sizeof(BN_ULONG),
- (unsigned long *)p->d,
- a->top*sizeof(BN_ULONG),
- (unsigned long *)a->d,
- (unsigned long *)r->d);
- surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MODEXP,ret);
- if (ret==1)
- {
- /* normalise result */
- r->top=m->top;
- bn_fix_top(r);
- }
- }
- }
- return ret;
-}
-#endif /* !OPENSSL_NO_HW_SureWare */
-#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/engines/e_sureware.ec b/crypto/openssl/engines/e_sureware.ec
deleted file mode 100644
index 3d266b8..0000000
--- a/crypto/openssl/engines/e_sureware.ec
+++ /dev/null
@@ -1 +0,0 @@
-L SUREWARE e_sureware_err.h e_sureware_err.c
diff --git a/crypto/openssl/engines/e_sureware_err.c b/crypto/openssl/engines/e_sureware_err.c
deleted file mode 100644
index d4ca68c..0000000
--- a/crypto/openssl/engines/e_sureware_err.c
+++ /dev/null
@@ -1,158 +0,0 @@
-/* e_sureware_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_sureware_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA SUREWARE_str_functs[]=
- {
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_CTRL), "SUREWAREHK_CTRL"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_DH_EX_FREE), "SUREWAREHK_DH_EX_FREE"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN), "SUREWAREHK_DSA_DO_SIGN"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_EX_FREE), "SUREWAREHK_EX_FREE"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_FINISH), "SUREWAREHK_FINISH"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_INIT), "SUREWAREHK_INIT"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY), "SUREWAREHK_LOAD_PRIVKEY"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_LOAD_PUBKEY), "SUREWAREHK_LOAD_PUBKEY"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_MODEXP), "SUREWAREHK_MODEXP"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_BYTES), "SUREWAREHK_RAND_BYTES"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RAND_SEED), "SUREWAREHK_RAND_SEED"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC), "SUREWAREHK_RSA_PRIV_DEC"},
-{ERR_FUNC(SUREWARE_F_SUREWAREHK_RSA_SIGN), "SUREWAREHK_RSA_SIGN"},
-{ERR_FUNC(SUREWARE_F_SUREWARE_LOAD_PUBLIC), "SUREWARE_LOAD_PUBLIC"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA SUREWARE_str_reasons[]=
- {
-{ERR_REASON(SUREWARE_R_BIO_WAS_FREED) ,"bio was freed"},
-{ERR_REASON(SUREWARE_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(SUREWARE_R_PADDING_CHECK_FAILED),"padding check failed"},
-{ERR_REASON(SUREWARE_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(SUREWARE_R_REQUEST_FALLBACK) ,"request fallback"},
-{ERR_REASON(SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},
-{ERR_REASON(SUREWARE_R_UNIT_FAILURE) ,"unit failure"},
-{ERR_REASON(SUREWARE_R_UNKNOWN_PADDING_TYPE),"unknown padding type"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef SUREWARE_LIB_NAME
-static ERR_STRING_DATA SUREWARE_lib_name[]=
- {
-{0 ,SUREWARE_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int SUREWARE_lib_error_code=0;
-static int SUREWARE_error_init=1;
-
-static void ERR_load_SUREWARE_strings(void)
- {
- if (SUREWARE_lib_error_code == 0)
- SUREWARE_lib_error_code=ERR_get_next_error_library();
-
- if (SUREWARE_error_init)
- {
- SUREWARE_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
- ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
-#endif
-
-#ifdef SUREWARE_LIB_NAME
- SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code,0,0);
- ERR_load_strings(0,SUREWARE_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_SUREWARE_strings(void)
- {
- if (SUREWARE_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
- ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
-#endif
-
-#ifdef SUREWARE_LIB_NAME
- ERR_unload_strings(0,SUREWARE_lib_name);
-#endif
- SUREWARE_error_init=1;
- }
- }
-
-static void ERR_SUREWARE_error(int function, int reason, char *file, int line)
- {
- if (SUREWARE_lib_error_code == 0)
- SUREWARE_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(SUREWARE_lib_error_code,function,reason,file,line);
- }
diff --git a/crypto/openssl/engines/e_sureware_err.h b/crypto/openssl/engines/e_sureware_err.h
deleted file mode 100644
index 82af229..0000000
--- a/crypto/openssl/engines/e_sureware_err.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_SUREWARE_ERR_H
-#define HEADER_SUREWARE_ERR_H
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_SUREWARE_strings(void);
-static void ERR_unload_SUREWARE_strings(void);
-static void ERR_SUREWARE_error(int function, int reason, char *file, int line);
-#define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the SUREWARE functions. */
-
-/* Function codes. */
-#define SUREWARE_F_SUREWAREHK_CTRL 100
-#define SUREWARE_F_SUREWAREHK_DH_EX_FREE 112
-#define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN 101
-#define SUREWARE_F_SUREWAREHK_EX_FREE 102
-#define SUREWARE_F_SUREWAREHK_FINISH 103
-#define SUREWARE_F_SUREWAREHK_INIT 104
-#define SUREWARE_F_SUREWAREHK_LOAD_PRIVKEY 105
-#define SUREWARE_F_SUREWAREHK_LOAD_PUBKEY 113
-#define SUREWARE_F_SUREWAREHK_MODEXP 107
-#define SUREWARE_F_SUREWAREHK_RAND_BYTES 108
-#define SUREWARE_F_SUREWAREHK_RAND_SEED 109
-#define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC 110
-#define SUREWARE_F_SUREWAREHK_RSA_SIGN 111
-#define SUREWARE_F_SUREWARE_LOAD_PUBLIC 106
-
-/* Reason codes. */
-#define SUREWARE_R_BIO_WAS_FREED 100
-#define SUREWARE_R_MISSING_KEY_COMPONENTS 105
-#define SUREWARE_R_PADDING_CHECK_FAILED 106
-#define SUREWARE_R_REQUEST_FAILED 101
-#define SUREWARE_R_REQUEST_FALLBACK 102
-#define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 103
-#define SUREWARE_R_UNIT_FAILURE 104
-#define SUREWARE_R_UNKNOWN_PADDING_TYPE 107
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/engines/e_ubsec.c b/crypto/openssl/engines/e_ubsec.c
deleted file mode 100644
index 8b6c98b..0000000
--- a/crypto/openssl/engines/e_ubsec.c
+++ /dev/null
@@ -1,1070 +0,0 @@
-/* crypto/engine/hw_ubsec.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- *
- * Cloned shamelessly by Joe Tardo.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <openssl/crypto.h>
-#include <openssl/buffer.h>
-#include <openssl/dso.h>
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_UBSEC
-
-#ifdef FLAT_INC
-#include "hw_ubsec.h"
-#else
-#include "vendor_defns/hw_ubsec.h"
-#endif
-
-#define UBSEC_LIB_NAME "ubsec engine"
-#include "e_ubsec_err.c"
-
-#define FAIL_TO_SOFTWARE -15
-
-static int ubsec_destroy(ENGINE *e);
-static int ubsec_init(ENGINE *e);
-static int ubsec_finish(ENGINE *e);
-static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
-static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx);
-static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dp,
- const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
-static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
-#endif
-static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-#ifndef OPENSSL_NO_DSA
-#ifdef NOT_USED
-static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont);
-static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-#endif
-static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa);
-#endif
-#ifndef OPENSSL_NO_DH
-static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx);
-static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
-static int ubsec_dh_generate_key(DH *dh);
-#endif
-
-#ifdef NOT_USED
-static int ubsec_rand_bytes(unsigned char *buf, int num);
-static int ubsec_rand_status(void);
-#endif
-
-#define UBSEC_CMD_SO_PATH ENGINE_CMD_BASE
-static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
- {UBSEC_CMD_SO_PATH,
- "SO_PATH",
- "Specifies the path to the 'ubsec' shared library",
- ENGINE_CMD_FLAG_STRING},
- {0, NULL, NULL, 0}
- };
-
-#ifndef OPENSSL_NO_RSA
-/* Our internal RSA_METHOD that we provide pointers to */
-static RSA_METHOD ubsec_rsa =
- {
- "UBSEC RSA method",
- NULL,
- NULL,
- NULL,
- NULL,
- ubsec_rsa_mod_exp,
- ubsec_mod_exp_mont,
- NULL,
- NULL,
- 0,
- NULL,
- NULL,
- NULL,
- NULL
- };
-#endif
-
-#ifndef OPENSSL_NO_DSA
-/* Our internal DSA_METHOD that we provide pointers to */
-static DSA_METHOD ubsec_dsa =
- {
- "UBSEC DSA method",
- ubsec_dsa_do_sign, /* dsa_do_sign */
- NULL, /* dsa_sign_setup */
- ubsec_dsa_verify, /* dsa_do_verify */
- NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */
- NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */
- NULL, /* init */
- NULL, /* finish */
- 0, /* flags */
- NULL, /* app_data */
- NULL, /* dsa_paramgen */
- NULL /* dsa_keygen */
- };
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* Our internal DH_METHOD that we provide pointers to */
-static DH_METHOD ubsec_dh =
- {
- "UBSEC DH method",
- ubsec_dh_generate_key,
- ubsec_dh_compute_key,
- ubsec_mod_exp_dh,
- NULL,
- NULL,
- 0,
- NULL,
- NULL
- };
-#endif
-
-/* Constants used when creating the ENGINE */
-static const char *engine_ubsec_id = "ubsec";
-static const char *engine_ubsec_name = "UBSEC hardware engine support";
-
-/* This internal function is used by ENGINE_ubsec() and possibly by the
- * "dynamic" ENGINE support too */
-static int bind_helper(ENGINE *e)
- {
-#ifndef OPENSSL_NO_RSA
- const RSA_METHOD *meth1;
-#endif
-#ifndef OPENSSL_NO_DH
-#ifndef HAVE_UBSEC_DH
- const DH_METHOD *meth3;
-#endif /* HAVE_UBSEC_DH */
-#endif
- if(!ENGINE_set_id(e, engine_ubsec_id) ||
- !ENGINE_set_name(e, engine_ubsec_name) ||
-#ifndef OPENSSL_NO_RSA
- !ENGINE_set_RSA(e, &ubsec_rsa) ||
-#endif
-#ifndef OPENSSL_NO_DSA
- !ENGINE_set_DSA(e, &ubsec_dsa) ||
-#endif
-#ifndef OPENSSL_NO_DH
- !ENGINE_set_DH(e, &ubsec_dh) ||
-#endif
- !ENGINE_set_destroy_function(e, ubsec_destroy) ||
- !ENGINE_set_init_function(e, ubsec_init) ||
- !ENGINE_set_finish_function(e, ubsec_finish) ||
- !ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
- !ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
- return 0;
-
-#ifndef OPENSSL_NO_RSA
- /* We know that the "PKCS1_SSLeay()" functions hook properly
- * to the Broadcom-specific mod_exp and mod_exp_crt so we use
- * those functions. NB: We don't use ENGINE_openssl() or
- * anything "more generic" because something like the RSAref
- * code may not hook properly, and if you own one of these
- * cards then you have the right to do RSA operations on it
- * anyway! */
- meth1 = RSA_PKCS1_SSLeay();
- ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
- ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
- ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
- ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
-#endif
-
-#ifndef OPENSSL_NO_DH
-#ifndef HAVE_UBSEC_DH
- /* Much the same for Diffie-Hellman */
- meth3 = DH_OpenSSL();
- ubsec_dh.generate_key = meth3->generate_key;
- ubsec_dh.compute_key = meth3->compute_key;
-#endif /* HAVE_UBSEC_DH */
-#endif
-
- /* Ensure the ubsec error handling is set up */
- ERR_load_UBSEC_strings();
- return 1;
- }
-
-#ifdef OPENSSL_NO_DYNAMIC_ENGINE
-static ENGINE *engine_ubsec(void)
- {
- ENGINE *ret = ENGINE_new();
- if(!ret)
- return NULL;
- if(!bind_helper(ret))
- {
- ENGINE_free(ret);
- return NULL;
- }
- return ret;
- }
-
-void ENGINE_load_ubsec(void)
- {
- /* Copied from eng_[openssl|dyn].c */
- ENGINE *toadd = engine_ubsec();
- if(!toadd) return;
- ENGINE_add(toadd);
- ENGINE_free(toadd);
- ERR_clear_error();
- }
-#endif
-
-/* This is a process-global DSO handle used for loading and unloading
- * the UBSEC library. NB: This is only set (or unset) during an
- * init() or finish() call (reference counts permitting) and they're
- * operating with global locks, so this should be thread-safe
- * implicitly. */
-
-static DSO *ubsec_dso = NULL;
-
-/* These are the function pointers that are (un)set when the library has
- * successfully (un)loaded. */
-
-static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
-static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
-static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
-static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
-#ifndef OPENSSL_NO_DH
-static t_UBSEC_diffie_hellman_generate_ioctl
- *p_UBSEC_diffie_hellman_generate_ioctl = NULL;
-static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
-#endif
-/* #ifndef OPENSSL_NO_RSA */
-static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
-static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
-/* #endif */
-#ifndef OPENSSL_NO_DSA
-static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
-static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
-#endif
-static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
-static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
-static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL;
-
-static int max_key_len = 1024; /* ??? */
-
-/*
- * These are the static string constants for the DSO file name and the function
- * symbol names to bind to.
- */
-
-static const char *UBSEC_LIBNAME = NULL;
-static const char *get_UBSEC_LIBNAME(void)
- {
- if(UBSEC_LIBNAME)
- return UBSEC_LIBNAME;
- return "ubsec";
- }
-static void free_UBSEC_LIBNAME(void)
- {
- if(UBSEC_LIBNAME)
- OPENSSL_free((void*)UBSEC_LIBNAME);
- UBSEC_LIBNAME = NULL;
- }
-static long set_UBSEC_LIBNAME(const char *name)
- {
- free_UBSEC_LIBNAME();
- return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
- }
-static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
-static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
-static const char *UBSEC_F3 = "ubsec_open";
-static const char *UBSEC_F4 = "ubsec_close";
-#ifndef OPENSSL_NO_DH
-static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
-static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
-#endif
-/* #ifndef OPENSSL_NO_RSA */
-static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
-static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
-/* #endif */
-#ifndef OPENSSL_NO_DSA
-static const char *UBSEC_F9 = "dsa_sign_ioctl";
-static const char *UBSEC_F10 = "dsa_verify_ioctl";
-#endif
-static const char *UBSEC_F11 = "math_accelerate_ioctl";
-static const char *UBSEC_F12 = "rng_ioctl";
-static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl";
-
-/* Destructor (complements the "ENGINE_ubsec()" constructor) */
-static int ubsec_destroy(ENGINE *e)
- {
- free_UBSEC_LIBNAME();
- ERR_unload_UBSEC_strings();
- return 1;
- }
-
-/* (de)initialisation functions. */
-static int ubsec_init(ENGINE *e)
- {
- t_UBSEC_ubsec_bytes_to_bits *p1;
- t_UBSEC_ubsec_bits_to_bytes *p2;
- t_UBSEC_ubsec_open *p3;
- t_UBSEC_ubsec_close *p4;
-#ifndef OPENSSL_NO_DH
- t_UBSEC_diffie_hellman_generate_ioctl *p5;
- t_UBSEC_diffie_hellman_agree_ioctl *p6;
-#endif
-/* #ifndef OPENSSL_NO_RSA */
- t_UBSEC_rsa_mod_exp_ioctl *p7;
- t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
-/* #endif */
-#ifndef OPENSSL_NO_DSA
- t_UBSEC_dsa_sign_ioctl *p9;
- t_UBSEC_dsa_verify_ioctl *p10;
-#endif
- t_UBSEC_math_accelerate_ioctl *p11;
- t_UBSEC_rng_ioctl *p12;
- t_UBSEC_max_key_len_ioctl *p13;
- int fd = 0;
-
- if(ubsec_dso != NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
- goto err;
- }
- /*
- * Attempt to load libubsec.so/ubsec.dll/whatever.
- */
- ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
- if(ubsec_dso == NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
- goto err;
- }
-
- if (
- !(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) ||
- !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||
- !(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||
- !(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||
-#ifndef OPENSSL_NO_DH
- !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *)
- DSO_bind_func(ubsec_dso, UBSEC_F5)) ||
- !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *)
- DSO_bind_func(ubsec_dso, UBSEC_F6)) ||
-#endif
-/* #ifndef OPENSSL_NO_RSA */
- !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||
- !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||
-/* #endif */
-#ifndef OPENSSL_NO_DSA
- !(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||
- !(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||
-#endif
- !(p11 = (t_UBSEC_math_accelerate_ioctl *)
- DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
- !(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) ||
- !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13)))
- {
- UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
- goto err;
- }
-
- /* Copy the pointers */
- p_UBSEC_ubsec_bytes_to_bits = p1;
- p_UBSEC_ubsec_bits_to_bytes = p2;
- p_UBSEC_ubsec_open = p3;
- p_UBSEC_ubsec_close = p4;
-#ifndef OPENSSL_NO_DH
- p_UBSEC_diffie_hellman_generate_ioctl = p5;
- p_UBSEC_diffie_hellman_agree_ioctl = p6;
-#endif
-#ifndef OPENSSL_NO_RSA
- p_UBSEC_rsa_mod_exp_ioctl = p7;
- p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
-#endif
-#ifndef OPENSSL_NO_DSA
- p_UBSEC_dsa_sign_ioctl = p9;
- p_UBSEC_dsa_verify_ioctl = p10;
-#endif
- p_UBSEC_math_accelerate_ioctl = p11;
- p_UBSEC_rng_ioctl = p12;
- p_UBSEC_max_key_len_ioctl = p13;
-
- /* Perform an open to see if there's actually any unit running. */
- if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0) && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0))
- {
- p_UBSEC_ubsec_close(fd);
- return 1;
- }
- else
- {
- UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
- }
-
-err:
- if(ubsec_dso)
- DSO_free(ubsec_dso);
- ubsec_dso = NULL;
- p_UBSEC_ubsec_bytes_to_bits = NULL;
- p_UBSEC_ubsec_bits_to_bytes = NULL;
- p_UBSEC_ubsec_open = NULL;
- p_UBSEC_ubsec_close = NULL;
-#ifndef OPENSSL_NO_DH
- p_UBSEC_diffie_hellman_generate_ioctl = NULL;
- p_UBSEC_diffie_hellman_agree_ioctl = NULL;
-#endif
-#ifndef OPENSSL_NO_RSA
- p_UBSEC_rsa_mod_exp_ioctl = NULL;
- p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
- p_UBSEC_dsa_sign_ioctl = NULL;
- p_UBSEC_dsa_verify_ioctl = NULL;
-#endif
- p_UBSEC_math_accelerate_ioctl = NULL;
- p_UBSEC_rng_ioctl = NULL;
- p_UBSEC_max_key_len_ioctl = NULL;
-
- return 0;
- }
-
-static int ubsec_finish(ENGINE *e)
- {
- free_UBSEC_LIBNAME();
- if(ubsec_dso == NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
- return 0;
- }
- if(!DSO_free(ubsec_dso))
- {
- UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
- return 0;
- }
- ubsec_dso = NULL;
- p_UBSEC_ubsec_bytes_to_bits = NULL;
- p_UBSEC_ubsec_bits_to_bytes = NULL;
- p_UBSEC_ubsec_open = NULL;
- p_UBSEC_ubsec_close = NULL;
-#ifndef OPENSSL_NO_DH
- p_UBSEC_diffie_hellman_generate_ioctl = NULL;
- p_UBSEC_diffie_hellman_agree_ioctl = NULL;
-#endif
-#ifndef OPENSSL_NO_RSA
- p_UBSEC_rsa_mod_exp_ioctl = NULL;
- p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
-#endif
-#ifndef OPENSSL_NO_DSA
- p_UBSEC_dsa_sign_ioctl = NULL;
- p_UBSEC_dsa_verify_ioctl = NULL;
-#endif
- p_UBSEC_math_accelerate_ioctl = NULL;
- p_UBSEC_rng_ioctl = NULL;
- p_UBSEC_max_key_len_ioctl = NULL;
- return 1;
- }
-
-static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
- {
- int initialised = ((ubsec_dso == NULL) ? 0 : 1);
- switch(cmd)
- {
- case UBSEC_CMD_SO_PATH:
- if(p == NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if(initialised)
- {
- UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED);
- return 0;
- }
- return set_UBSEC_LIBNAME((const char *)p);
- default:
- break;
- }
- UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
- return 0;
- }
-
-static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx)
- {
- int y_len = 0;
- int fd;
-
- if(ubsec_dso == NULL)
- {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
- return 0;
- }
-
- /* Check if hardware can't handle this argument. */
- y_len = BN_num_bits(m);
- if (y_len > max_key_len) {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- if(!bn_wexpand(r, m->top))
- {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
- return 0;
- }
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
- fd = 0;
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_UNIT_FAILURE);
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
- (unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d,
- BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0)
- {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
-
- return BN_mod_exp(r, a, p, m, ctx);
- }
-
- p_UBSEC_ubsec_close(fd);
-
- r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2;
- return 1;
- }
-
-#ifndef OPENSSL_NO_RSA
-static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
- {
- int to_return = 0;
-
- if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
- {
- UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
- goto err;
- }
-
- to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
- rsa->dmq1, rsa->iqmp, ctx);
- if (to_return == FAIL_TO_SOFTWARE)
- {
- /*
- * Do in software as hardware failed.
- */
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- to_return = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
- }
-err:
- return to_return;
- }
-#endif
-
-static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *q, const BIGNUM *dp,
- const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
- {
- int y_len,
- m_len,
- fd;
-
- m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
- y_len = BN_num_bits(p) + BN_num_bits(q);
-
- /* Check if hardware can't handle this argument. */
- if (y_len > max_key_len) {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
- return FAIL_TO_SOFTWARE;
- }
-
- if (!bn_wexpand(r, p->top + q->top + 1)) {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
- return 0;
- }
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
- fd = 0;
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_UNIT_FAILURE);
- return FAIL_TO_SOFTWARE;
- }
-
- if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
- (unsigned char *)a->d, BN_num_bits(a),
- (unsigned char *)qinv->d, BN_num_bits(qinv),
- (unsigned char *)dp->d, BN_num_bits(dp),
- (unsigned char *)p->d, BN_num_bits(p),
- (unsigned char *)dq->d, BN_num_bits(dq),
- (unsigned char *)q->d, BN_num_bits(q),
- (unsigned char *)r->d, &y_len) != 0) {
- UBSECerr(UBSEC_F_UBSEC_MOD_EXP_CRT, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
- return FAIL_TO_SOFTWARE;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2;
- return 1;
-}
-
-#ifndef OPENSSL_NO_DSA
-#ifdef NOT_USED
-static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
- BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
- BN_CTX *ctx, BN_MONT_CTX *in_mont)
- {
- BIGNUM t;
- int to_return = 0;
-
- BN_init(&t);
- /* let rr = a1 ^ p1 mod m */
- if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end;
- /* let t = a2 ^ p2 mod m */
- if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end;
- /* let rr = rr * t mod m */
- if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
- to_return = 1;
-end:
- BN_free(&t);
- return to_return;
- }
-
-static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return ubsec_mod_exp(r, a, p, m, ctx);
- }
-#endif
-#endif
-
-/*
- * This function is aliased to mod_exp (with the mont stuff dropped).
- */
-static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
- {
- int ret = 0;
-
-#ifndef OPENSSL_NO_RSA
- /* Do in software if the key is too large for the hardware. */
- if (BN_num_bits(m) > max_key_len)
- {
- const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
- ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
- }
- else
-#endif
- {
- ret = ubsec_mod_exp(r, a, p, m, ctx);
- }
-
- return ret;
- }
-
-#ifndef OPENSSL_NO_DH
-/* This function is aliased to mod_exp (with the dh and mont dropped). */
-static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
- const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
- BN_MONT_CTX *m_ctx)
- {
- return ubsec_mod_exp(r, a, p, m, ctx);
- }
-#endif
-
-#ifndef OPENSSL_NO_DSA
-static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
- {
- DSA_SIG *to_return = NULL;
- int s_len = 160, r_len = 160, d_len, fd;
- BIGNUM m, *r=NULL, *s=NULL;
-
- BN_init(&m);
-
- s = BN_new();
- r = BN_new();
- if ((s == NULL) || (r==NULL))
- goto err;
-
- d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
-
- if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
- (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- if (BN_bin2bn(dgst,dlen,&m) == NULL) {
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
- const DSA_METHOD *meth;
- fd = 0;
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_UNIT_FAILURE);
- meth = DSA_OpenSSL();
- to_return = meth->dsa_do_sign(dgst, dlen, dsa);
- goto err;
- }
-
- if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
- (unsigned char *)dgst, d_len,
- NULL, 0, /* compute random value */
- (unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
- (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
- (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
- (unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
- (unsigned char *)r->d, &r_len,
- (unsigned char *)s->d, &s_len ) != 0) {
- const DSA_METHOD *meth;
-
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
- meth = DSA_OpenSSL();
- to_return = meth->dsa_do_sign(dgst, dlen, dsa);
-
- goto err;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- r->top = (160+BN_BITS2-1)/BN_BITS2;
- s->top = (160+BN_BITS2-1)/BN_BITS2;
-
- to_return = DSA_SIG_new();
- if(to_return == NULL) {
- UBSECerr(UBSEC_F_UBSEC_DSA_DO_SIGN, UBSEC_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- to_return->r = r;
- to_return->s = s;
-
-err:
- if (!to_return) {
- if (r) BN_free(r);
- if (s) BN_free(s);
- }
- BN_clear_free(&m);
- return to_return;
-}
-
-static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
- DSA_SIG *sig, DSA *dsa)
- {
- int v_len, d_len;
- int to_return = 0;
- int fd;
- BIGNUM v;
-
- BN_init(&v);
-
- if(!bn_wexpand(&v, dsa->p->top)) {
- UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_BN_EXPAND_FAIL);
- goto err;
- }
-
- v_len = BN_num_bits(dsa->p);
-
- d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
- const DSA_METHOD *meth;
- fd = 0;
- UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_UNIT_FAILURE);
- meth = DSA_OpenSSL();
- to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
- goto err;
- }
-
- if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
- (unsigned char *)dgst, d_len,
- (unsigned char *)dsa->p->d, BN_num_bits(dsa->p),
- (unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
- (unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
- (unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key),
- (unsigned char *)sig->r->d, BN_num_bits(sig->r),
- (unsigned char *)sig->s->d, BN_num_bits(sig->s),
- (unsigned char *)v.d, &v_len) != 0) {
- const DSA_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
-
- meth = DSA_OpenSSL();
- to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
-
- goto err;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- to_return = 1;
-err:
- BN_clear_free(&v);
- return to_return;
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh)
- {
- int ret = -1,
- k_len,
- fd;
-
- k_len = BN_num_bits(dh->p);
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
- {
- const DH_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_UNIT_FAILURE);
- meth = DH_OpenSSL();
- ret = meth->compute_key(key, pub_key, dh);
- goto err;
- }
-
- if (p_UBSEC_diffie_hellman_agree_ioctl(fd,
- (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key),
- (unsigned char *)pub_key->d, BN_num_bits(pub_key),
- (unsigned char *)dh->p->d, BN_num_bits(dh->p),
- key, &k_len) != 0)
- {
- /* Hardware's a no go, failover to software */
- const DH_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
-
- meth = DH_OpenSSL();
- ret = meth->compute_key(key, pub_key, dh);
-
- goto err;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- ret = p_UBSEC_ubsec_bits_to_bytes(k_len);
-err:
- return ret;
- }
-
-static int ubsec_dh_generate_key(DH *dh)
- {
- int ret = 0,
- random_bits = 0,
- pub_key_len = 0,
- priv_key_len = 0,
- fd;
- BIGNUM *pub_key = NULL;
- BIGNUM *priv_key = NULL;
-
- /*
- * How many bits should Random x be? dh_key.c
- * sets the range from 0 to num_bits(modulus) ???
- */
-
- if (dh->priv_key == NULL)
- {
- priv_key = BN_new();
- if (priv_key == NULL) goto err;
- priv_key_len = BN_num_bits(dh->p);
- bn_wexpand(priv_key, dh->p->top);
- do
- if (!BN_rand_range(priv_key, dh->p)) goto err;
- while (BN_is_zero(priv_key));
- random_bits = BN_num_bits(priv_key);
- }
- else
- {
- priv_key = dh->priv_key;
- }
-
- if (dh->pub_key == NULL)
- {
- pub_key = BN_new();
- pub_key_len = BN_num_bits(dh->p);
- bn_wexpand(pub_key, dh->p->top);
- if(pub_key == NULL) goto err;
- }
- else
- {
- pub_key = dh->pub_key;
- }
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
- {
- const DH_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_UNIT_FAILURE);
- meth = DH_OpenSSL();
- ret = meth->generate_key(dh);
- goto err;
- }
-
- if (p_UBSEC_diffie_hellman_generate_ioctl(fd,
- (unsigned char *)priv_key->d, &priv_key_len,
- (unsigned char *)pub_key->d, &pub_key_len,
- (unsigned char *)dh->g->d, BN_num_bits(dh->g),
- (unsigned char *)dh->p->d, BN_num_bits(dh->p),
- 0, 0, random_bits) != 0)
- {
- /* Hardware's a no go, failover to software */
- const DH_METHOD *meth;
-
- UBSECerr(UBSEC_F_UBSEC_DH_GENERATE_KEY, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
-
- meth = DH_OpenSSL();
- ret = meth->generate_key(dh);
-
- goto err;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- dh->pub_key = pub_key;
- dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2;
- dh->priv_key = priv_key;
- dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2;
-
- ret = 1;
-err:
- return ret;
- }
-#endif
-
-#ifdef NOT_USED
-static int ubsec_rand_bytes(unsigned char * buf,
- int num)
- {
- int ret = 0,
- fd;
-
- if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
- {
- const RAND_METHOD *meth;
- UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_UNIT_FAILURE);
- num = p_UBSEC_ubsec_bits_to_bytes(num);
- meth = RAND_SSLeay();
- meth->seed(buf, num);
- ret = meth->bytes(buf, num);
- goto err;
- }
-
- num *= 8; /* bytes to bits */
-
- if (p_UBSEC_rng_ioctl(fd,
- UBSEC_RNG_DIRECT,
- buf,
- &num) != 0)
- {
- /* Hardware's a no go, failover to software */
- const RAND_METHOD *meth;
-
- UBSECerr(UBSEC_F_UBSEC_RAND_BYTES, UBSEC_R_REQUEST_FAILED);
- p_UBSEC_ubsec_close(fd);
-
- num = p_UBSEC_ubsec_bits_to_bytes(num);
- meth = RAND_SSLeay();
- meth->seed(buf, num);
- ret = meth->bytes(buf, num);
-
- goto err;
- }
-
- p_UBSEC_ubsec_close(fd);
-
- ret = 1;
-err:
- return(ret);
- }
-
-
-static int ubsec_rand_status(void)
- {
- return 0;
- }
-#endif
-
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-static int bind_fn(ENGINE *e, const char *id)
- {
- if(id && (strcmp(id, engine_ubsec_id) != 0))
- return 0;
- if(!bind_helper(e))
- return 0;
- return 1;
- }
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
-
-#endif /* !OPENSSL_NO_HW_UBSEC */
-#endif /* !OPENSSL_NO_HW */
diff --git a/crypto/openssl/engines/e_ubsec.ec b/crypto/openssl/engines/e_ubsec.ec
deleted file mode 100644
index 99b9233..0000000
--- a/crypto/openssl/engines/e_ubsec.ec
+++ /dev/null
@@ -1 +0,0 @@
-L UBSEC e_ubsec_err.h e_ubsec_err.c
diff --git a/crypto/openssl/engines/e_ubsec_err.c b/crypto/openssl/engines/e_ubsec_err.c
deleted file mode 100644
index 14c3d61..0000000
--- a/crypto/openssl/engines/e_ubsec_err.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/* e_ubsec_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include "e_ubsec_err.h"
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(0,func,0)
-#define ERR_REASON(reason) ERR_PACK(0,0,reason)
-
-static ERR_STRING_DATA UBSEC_str_functs[]=
- {
-{ERR_FUNC(UBSEC_F_UBSEC_CTRL), "UBSEC_CTRL"},
-{ERR_FUNC(UBSEC_F_UBSEC_DH_COMPUTE_KEY), "UBSEC_DH_COMPUTE_KEY"},
-{ERR_FUNC(UBSEC_F_UBSEC_DH_GENERATE_KEY), "UBSEC_DH_GENERATE_KEY"},
-{ERR_FUNC(UBSEC_F_UBSEC_DSA_DO_SIGN), "UBSEC_DSA_DO_SIGN"},
-{ERR_FUNC(UBSEC_F_UBSEC_DSA_VERIFY), "UBSEC_DSA_VERIFY"},
-{ERR_FUNC(UBSEC_F_UBSEC_FINISH), "UBSEC_FINISH"},
-{ERR_FUNC(UBSEC_F_UBSEC_INIT), "UBSEC_INIT"},
-{ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP), "UBSEC_MOD_EXP"},
-{ERR_FUNC(UBSEC_F_UBSEC_MOD_EXP_CRT), "UBSEC_MOD_EXP_CRT"},
-{ERR_FUNC(UBSEC_F_UBSEC_RAND_BYTES), "UBSEC_RAND_BYTES"},
-{ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP), "UBSEC_RSA_MOD_EXP"},
-{ERR_FUNC(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT), "UBSEC_RSA_MOD_EXP_CRT"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA UBSEC_str_reasons[]=
- {
-{ERR_REASON(UBSEC_R_ALREADY_LOADED) ,"already loaded"},
-{ERR_REASON(UBSEC_R_BN_EXPAND_FAIL) ,"bn expand fail"},
-{ERR_REASON(UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(UBSEC_R_DSO_FAILURE) ,"dso failure"},
-{ERR_REASON(UBSEC_R_MISSING_KEY_COMPONENTS),"missing key components"},
-{ERR_REASON(UBSEC_R_NOT_LOADED) ,"not loaded"},
-{ERR_REASON(UBSEC_R_REQUEST_FAILED) ,"request failed"},
-{ERR_REASON(UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL),"size too large or too small"},
-{ERR_REASON(UBSEC_R_UNIT_FAILURE) ,"unit failure"},
-{0,NULL}
- };
-
-#endif
-
-#ifdef UBSEC_LIB_NAME
-static ERR_STRING_DATA UBSEC_lib_name[]=
- {
-{0 ,UBSEC_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int UBSEC_lib_error_code=0;
-static int UBSEC_error_init=1;
-
-static void ERR_load_UBSEC_strings(void)
- {
- if (UBSEC_lib_error_code == 0)
- UBSEC_lib_error_code=ERR_get_next_error_library();
-
- if (UBSEC_error_init)
- {
- UBSEC_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_functs);
- ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
-#endif
-
-#ifdef UBSEC_LIB_NAME
- UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code,0,0);
- ERR_load_strings(0,UBSEC_lib_name);
-#endif
- }
- }
-
-static void ERR_unload_UBSEC_strings(void)
- {
- if (UBSEC_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_functs);
- ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
-#endif
-
-#ifdef UBSEC_LIB_NAME
- ERR_unload_strings(0,UBSEC_lib_name);
-#endif
- UBSEC_error_init=1;
- }
- }
-
-static void ERR_UBSEC_error(int function, int reason, char *file, int line)
- {
- if (UBSEC_lib_error_code == 0)
- UBSEC_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(UBSEC_lib_error_code,function,reason,file,line);
- }
diff --git a/crypto/openssl/engines/e_ubsec_err.h b/crypto/openssl/engines/e_ubsec_err.h
deleted file mode 100644
index 3229eca..0000000
--- a/crypto/openssl/engines/e_ubsec_err.h
+++ /dev/null
@@ -1,97 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_UBSEC_ERR_H
-#define HEADER_UBSEC_ERR_H
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-static void ERR_load_UBSEC_strings(void);
-static void ERR_unload_UBSEC_strings(void);
-static void ERR_UBSEC_error(int function, int reason, char *file, int line);
-#define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
-
-/* Error codes for the UBSEC functions. */
-
-/* Function codes. */
-#define UBSEC_F_UBSEC_CTRL 100
-#define UBSEC_F_UBSEC_DH_COMPUTE_KEY 101
-#define UBSEC_F_UBSEC_DH_GENERATE_KEY 111
-#define UBSEC_F_UBSEC_DSA_DO_SIGN 102
-#define UBSEC_F_UBSEC_DSA_VERIFY 103
-#define UBSEC_F_UBSEC_FINISH 104
-#define UBSEC_F_UBSEC_INIT 105
-#define UBSEC_F_UBSEC_MOD_EXP 106
-#define UBSEC_F_UBSEC_MOD_EXP_CRT 110
-#define UBSEC_F_UBSEC_RAND_BYTES 107
-#define UBSEC_F_UBSEC_RSA_MOD_EXP 108
-#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT 109
-
-/* Reason codes. */
-#define UBSEC_R_ALREADY_LOADED 100
-#define UBSEC_R_BN_EXPAND_FAIL 101
-#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED 102
-#define UBSEC_R_DSO_FAILURE 103
-#define UBSEC_R_MISSING_KEY_COMPONENTS 104
-#define UBSEC_R_NOT_LOADED 105
-#define UBSEC_R_REQUEST_FAILED 106
-#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107
-#define UBSEC_R_UNIT_FAILURE 108
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/engines/engine_vector.mar b/crypto/openssl/engines/engine_vector.mar
deleted file mode 100644
index 7d968e7..0000000
--- a/crypto/openssl/engines/engine_vector.mar
+++ /dev/null
@@ -1,24 +0,0 @@
-;
-; Transfer vector for VAX shareable image
-;
- .TITLE ENGINE
- .IDENT /ENGINE/
-;
-; Define macro to assist in building transfer vector entries. Each entry
-; should take no more than 8 bytes.
-;
- .MACRO FTRANSFER_ENTRY routine
- .ALIGN QUAD
- .TRANSFER routine
- .MASK routine
- JMP routine+2
- .ENDM FTRANSFER_ENTRY
-;
-; Place entries in own program section.
-;
- .PSECT $$ENGINE,QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT
-ENGINE_xfer:
- FTRANSFER_ENTRY bind_engine
- FTRANSFER_ENTRY v_check
- .BLKB 32768-<.-ENGINE_xfer> ; 64 pages total.
- .END
diff --git a/crypto/openssl/engines/vax.opt b/crypto/openssl/engines/vax.opt
deleted file mode 100644
index 72e6bd8..0000000
--- a/crypto/openssl/engines/vax.opt
+++ /dev/null
@@ -1,9 +0,0 @@
-!
-! Ensure transfer vector is at beginning of image
-!
-CLUSTER=FIRST
-COLLECT=FIRST,$$ENGINE
-!
-! make psects nonshareable so image can be installed.
-!
-PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
diff --git a/crypto/openssl/engines/vendor_defns/aep.h b/crypto/openssl/engines/vendor_defns/aep.h
deleted file mode 100644
index 5e9754f..0000000
--- a/crypto/openssl/engines/vendor_defns/aep.h
+++ /dev/null
@@ -1,178 +0,0 @@
-/* This header declares the necessary definitions for using the exponentiation
- * acceleration capabilities, and rnd number generation of the AEP card.
- *
- */
-
-/*
- *
- * Some AEP defines
- *
- */
-
-/*Successful return value*/
-#define AEP_R_OK 0x00000000
-
-/*Miscelleanous unsuccessful return value*/
-#define AEP_R_GENERAL_ERROR 0x10000001
-
-/*Insufficient host memory*/
-#define AEP_R_HOST_MEMORY 0x10000002
-
-#define AEP_R_FUNCTION_FAILED 0x10000006
-
-/*Invalid arguments in function call*/
-#define AEP_R_ARGUMENTS_BAD 0x10020000
-
-#define AEP_R_NO_TARGET_RESOURCES 0x10030000
-
-/*Error occuring on socket operation*/
-#define AEP_R_SOCKERROR 0x10000010
-
-/*Socket has been closed from the other end*/
-#define AEP_R_SOCKEOF 0x10000011
-
-/*Invalid handles*/
-#define AEP_R_CONNECTION_HANDLE_INVALID 0x100000B3
-
-#define AEP_R_TRANSACTION_HANDLE_INVALID 0x10040000
-
-/*Transaction has not yet returned from accelerator*/
-#define AEP_R_TRANSACTION_NOT_READY 0x00010000
-
-/*There is already a thread waiting on this transaction*/
-#define AEP_R_TRANSACTION_CLAIMED 0x10050000
-
-/*The transaction timed out*/
-#define AEP_R_TIMED_OUT 0x10060000
-
-#define AEP_R_FXN_NOT_IMPLEMENTED 0x10070000
-
-#define AEP_R_TARGET_ERROR 0x10080000
-
-/*Error in the AEP daemon process*/
-#define AEP_R_DAEMON_ERROR 0x10090000
-
-/*Invalid ctx id*/
-#define AEP_R_INVALID_CTX_ID 0x10009000
-
-#define AEP_R_NO_KEY_MANAGER 0x1000a000
-
-/*Error obtaining a mutex*/
-#define AEP_R_MUTEX_BAD 0x000001A0
-
-/*Fxn call before AEP_Initialise ot after AEP_Finialise*/
-#define AEP_R_AEPAPI_NOT_INITIALIZED 0x10000190
-
-/*AEP_Initialise has already been called*/
-#define AEP_R_AEPAPI_ALREADY_INITIALIZED 0x10000191
-
-/*Maximum number of connections to daemon reached*/
-#define AEP_R_NO_MORE_CONNECTION_HNDLS 0x10000200
-
-/*
- *
- * Some AEP Type definitions
- *
- */
-
-/* an unsigned 8-bit value */
-typedef unsigned char AEP_U8;
-
-/* an unsigned 8-bit character */
-typedef char AEP_CHAR;
-
-/* a BYTE-sized Boolean flag */
-typedef AEP_U8 AEP_BBOOL;
-
-/*Unsigned value, at least 16 bits long*/
-typedef unsigned short AEP_U16;
-
-/* an unsigned value, at least 32 bits long */
-#ifdef SIXTY_FOUR_BIT_LONG
-typedef unsigned int AEP_U32;
-#else
-typedef unsigned long AEP_U32;
-#endif
-
-#ifdef SIXTY_FOUR_BIT_LONG
-typedef unsigned long AEP_U64;
-#else
-typedef struct { unsigned long l1, l2; } AEP_U64;
-#endif
-
-/* at least 32 bits; each bit is a Boolean flag */
-typedef AEP_U32 AEP_FLAGS;
-
-typedef AEP_U8 *AEP_U8_PTR;
-typedef AEP_CHAR *AEP_CHAR_PTR;
-typedef AEP_U32 *AEP_U32_PTR;
-typedef AEP_U64 *AEP_U64_PTR;
-typedef void *AEP_VOID_PTR;
-
-/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */
-typedef AEP_VOID_PTR *AEP_VOID_PTR_PTR;
-
-/*Used to identify an AEP connection handle*/
-typedef AEP_U32 AEP_CONNECTION_HNDL;
-
-/*Pointer to an AEP connection handle*/
-typedef AEP_CONNECTION_HNDL *AEP_CONNECTION_HNDL_PTR;
-
-/*Used by an application (in conjunction with the apps process id) to
-identify an individual transaction*/
-typedef AEP_U32 AEP_TRANSACTION_ID;
-
-/*Pointer to an applications transaction identifier*/
-typedef AEP_TRANSACTION_ID *AEP_TRANSACTION_ID_PTR;
-
-/*Return value type*/
-typedef AEP_U32 AEP_RV;
-
-#define MAX_PROCESS_CONNECTIONS 256
-
-#define RAND_BLK_SIZE 1024
-
-typedef enum{
- NotConnected= 0,
- Connected= 1,
- InUse= 2
-} AEP_CONNECTION_STATE;
-
-
-typedef struct AEP_CONNECTION_ENTRY{
- AEP_CONNECTION_STATE conn_state;
- AEP_CONNECTION_HNDL conn_hndl;
-} AEP_CONNECTION_ENTRY;
-
-
-typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);
-typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);
-
-typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,
- AEP_VOID_PTR pA, AEP_VOID_PTR pP,
- AEP_VOID_PTR pN,
- AEP_VOID_PTR pResult,
- AEP_TRANSACTION_ID* pidTransID);
-
-typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,
- AEP_VOID_PTR pA, AEP_VOID_PTR pP,
- AEP_VOID_PTR pQ,
- AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
- AEP_VOID_PTR pIqmp,
- AEP_VOID_PTR pResult,
- AEP_TRANSACTION_ID* pidTransID);
-
-#ifdef AEPRAND
-typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,
- AEP_U32 Len,
- AEP_U32 Type,
- AEP_VOID_PTR pResult,
- AEP_TRANSACTION_ID* pidTransID);
-#endif
-
-typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
-typedef AEP_RV t_AEP_Finalize(void);
-typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize),
- AEP_RV (*MakeAEPBigNumFunc)(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum),
- AEP_RV (*ConverAEPBigNumFunc)(void* ArbBigNum, AEP_U32 BigNumSize, unsigned char* AEP_BigNum));
-
diff --git a/crypto/openssl/engines/vendor_defns/atalla.h b/crypto/openssl/engines/vendor_defns/atalla.h
deleted file mode 100644
index 149970d..0000000
--- a/crypto/openssl/engines/vendor_defns/atalla.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/* This header declares the necessary definitions for using the exponentiation
- * acceleration capabilities of Atalla cards. The only cryptographic operation
- * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
- * defines an "RSA private key". However, it is really only performing a
- * regular mod_exp using the supplied modulus and exponent - no CRT form is
- * being used. Hence, it is a generic mod_exp function in disguise, and we use
- * it as such.
- *
- * Thanks to the people at Atalla for letting me know these definitions are
- * fine and that they can be reproduced here.
- *
- * Geoff.
- */
-
-typedef struct ItemStr
- {
- unsigned char *data;
- int len;
- } Item;
-
-typedef struct RSAPrivateKeyStr
- {
- void *reserved;
- Item version;
- Item modulus;
- Item publicExponent;
- Item privateExponent;
- Item prime[2];
- Item exponent[2];
- Item coefficient;
- } RSAPrivateKey;
-
-/* Predeclare the function pointer types that we dynamically load from the DSO.
- * These use the same names and form that Ben's original support code had (in
- * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
- * somewhere along the way!
- */
-
-typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
- unsigned int *ret_buf);
-
-typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
-
-typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
- unsigned char *output,
- unsigned char *input,
- unsigned int modulus_len);
-
diff --git a/crypto/openssl/engines/vendor_defns/cswift.h b/crypto/openssl/engines/vendor_defns/cswift.h
deleted file mode 100644
index 6007932..0000000
--- a/crypto/openssl/engines/vendor_defns/cswift.h
+++ /dev/null
@@ -1,234 +0,0 @@
-/* Attribution notice: Rainbow have generously allowed me to reproduce
- * the necessary definitions here from their API. This means the support
- * can build independently of whether application builders have the
- * API or hardware. This will allow developers to easily produce software
- * that has latent hardware support for any users that have accelertors
- * installed, without the developers themselves needing anything extra.
- *
- * I have only clipped the parts from the CryptoSwift header files that
- * are (or seem) relevant to the CryptoSwift support code. This is
- * simply to keep the file sizes reasonable.
- * [Geoff]
- */
-
-
-/* NB: These type widths do *not* seem right in general, in particular
- * they're not terribly friendly to 64-bit architectures (unsigned long)
- * will be 64-bit on IA-64 for a start. I'm leaving these alone as they
- * agree with Rainbow's API and this will only be called into question
- * on platforms with Rainbow support anyway! ;-) */
-
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-typedef long SW_STATUS; /* status */
-typedef unsigned char SW_BYTE; /* 8 bit byte */
-typedef unsigned short SW_U16; /* 16 bit number */
-#if defined(_IRIX)
-#include <sgidefs.h>
-typedef __uint32_t SW_U32;
-#else
-typedef unsigned long SW_U32; /* 32 bit integer */
-#endif
-
-#if defined(OPENSSL_SYS_WIN32)
- typedef struct _SW_U64 {
- SW_U32 low32;
- SW_U32 high32;
- } SW_U64; /* 64 bit integer */
-#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
- typedef longlong SW_U64
-#else /* Unix variants */
- typedef struct _SW_U64 {
- SW_U32 low32;
- SW_U32 high32;
- } SW_U64; /* 64 bit integer */
-#endif
-
-/* status codes */
-#define SW_OK (0L)
-#define SW_ERR_BASE (-10000L)
-#define SW_ERR_NO_CARD (SW_ERR_BASE-1) /* The Card is not present */
-#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered */
- /* up yet */
-#define SW_ERR_TIME_OUT (SW_ERR_BASE-3) /* Execution of a command */
- /* time out */
-#define SW_ERR_NO_EXECUTE (SW_ERR_BASE-4) /* The Card failed to */
- /* execute the command */
-#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is */
- /* NULL */
-#define SW_ERR_INPUT_SIZE (SW_ERR_BASE-6) /* size is invalid, too */
- /* small, too large. */
-#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT */
- /* handle */
-#define SW_ERR_PENDING (SW_ERR_BASE-8) /* A request is already out- */
- /* standing at this */
- /* context handle */
-#define SW_ERR_AVAILABLE (SW_ERR_BASE-9) /* A result is available. */
-#define SW_ERR_NO_PENDING (SW_ERR_BASE-10)/* No request is pending. */
-#define SW_ERR_NO_MEMORY (SW_ERR_BASE-11)/* Not enough memory */
-#define SW_ERR_BAD_ALGORITHM (SW_ERR_BASE-12)/* Invalid algorithm type */
- /* in SW_PARAM structure */
-#define SW_ERR_MISSING_KEY (SW_ERR_BASE-13)/* No key is associated with */
- /* context. */
- /* swAttachKeyParam() is */
- /* not called. */
-#define SW_ERR_KEY_CMD_MISMATCH \
- (SW_ERR_BASE-14)/* Cannot perform requested */
- /* SW_COMMAND_CODE since */
- /* key attached via */
- /* swAttachKeyParam() */
- /* cannot be used for this*/
- /* SW_COMMAND_CODE. */
-#define SW_ERR_NOT_IMPLEMENTED \
- (SW_ERR_BASE-15)/* Not implemented */
-#define SW_ERR_BAD_COMMAND (SW_ERR_BASE-16)/* Bad command code */
-#define SW_ERR_BAD_ITEM_SIZE (SW_ERR_BASE-17)/* too small or too large in */
- /* the "initems" or */
- /* "outitems". */
-#define SW_ERR_BAD_ACCNUM (SW_ERR_BASE-18)/* Bad accelerator number */
-#define SW_ERR_SELFTEST_FAIL (SW_ERR_BASE-19)/* At least one of the self */
- /* test fail, look at the */
- /* selfTestBitmap in */
- /* SW_ACCELERATOR_INFO for*/
- /* details. */
-#define SW_ERR_MISALIGN (SW_ERR_BASE-20)/* Certain alogrithms require*/
- /* key materials aligned */
- /* in certain order, e.g. */
- /* 128 bit for CRT */
-#define SW_ERR_OUTPUT_NULL_PTR \
- (SW_ERR_BASE-21)/* a required pointer is */
- /* NULL */
-#define SW_ERR_OUTPUT_SIZE \
- (SW_ERR_BASE-22)/* size is invalid, too */
- /* small, too large. */
-#define SW_ERR_FIRMWARE_CHECKSUM \
- (SW_ERR_BASE-23)/* firmware checksum mismatch*/
- /* download failed. */
-#define SW_ERR_UNKNOWN_FIRMWARE \
- (SW_ERR_BASE-24)/* unknown firmware error */
-#define SW_ERR_INTERRUPT (SW_ERR_BASE-25)/* request is abort when */
- /* it's waiting to be */
- /* completed. */
-#define SW_ERR_NVWRITE_FAIL (SW_ERR_BASE-26)/* error in writing to Non- */
- /* volatile memory */
-#define SW_ERR_NVWRITE_RANGE (SW_ERR_BASE-27)/* out of range error in */
- /* writing to NV memory */
-#define SW_ERR_RNG_ERROR (SW_ERR_BASE-28)/* Random Number Generation */
- /* failure */
-#define SW_ERR_DSS_FAILURE (SW_ERR_BASE-29)/* DSS Sign or Verify failure*/
-#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30)/* Failure in various math */
- /* calculations */
-#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31)/* Error in accessing on - */
- /* board memory */
-#define SW_ERR_FIRMWARE_VERSION \
- (SW_ERR_BASE-32)/* Wrong version in firmware */
- /* update */
-#define SW_ERR_ZERO_WORKING_ACCELERATOR \
- (SW_ERR_BASE-44)/* All accelerators are bad */
-
-
- /* algorithm type */
-#define SW_ALG_CRT 1
-#define SW_ALG_EXP 2
-#define SW_ALG_DSA 3
-#define SW_ALG_NVDATA 4
-
- /* command code */
-#define SW_CMD_MODEXP_CRT 1 /* perform Modular Exponentiation using */
- /* Chinese Remainder Theorem (CRT) */
-#define SW_CMD_MODEXP 2 /* perform Modular Exponentiation */
-#define SW_CMD_DSS_SIGN 3 /* perform DSS sign */
-#define SW_CMD_DSS_VERIFY 4 /* perform DSS verify */
-#define SW_CMD_RAND 5 /* perform random number generation */
-#define SW_CMD_NVREAD 6 /* perform read to nonvolatile RAM */
-#define SW_CMD_NVWRITE 7 /* perform write to nonvolatile RAM */
-
-typedef SW_U32 SW_ALGTYPE; /* alogrithm type */
-typedef SW_U32 SW_STATE; /* state */
-typedef SW_U32 SW_COMMAND_CODE; /* command code */
-typedef SW_U32 SW_COMMAND_BITMAP[4]; /* bitmap */
-
-typedef struct _SW_LARGENUMBER {
- SW_U32 nbytes; /* number of bytes in the buffer "value" */
- SW_BYTE* value; /* the large integer as a string of */
- /* bytes in network (big endian) order */
-} SW_LARGENUMBER;
-
-#if defined(OPENSSL_SYS_WIN32)
- #include <windows.h>
- typedef HANDLE SW_OSHANDLE; /* handle to kernel object */
- #define SW_OS_INVALID_HANDLE INVALID_HANDLE_VALUE
- #define SW_CALLCONV _stdcall
-#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
- /* async callback mechanisms */
- /* swiftCallbackLevel */
- #define SW_MAC_CALLBACK_LEVEL_NO 0
- #define SW_MAC_CALLBACK_LEVEL_HARDWARE 1 /* from the hardware ISR */
- #define SW_MAC_CALLBACK_LEVEL_SECONDARY 2 /* as secondary ISR */
- typedef int SW_MAC_CALLBACK_LEVEL;
- typedef int SW_OSHANDLE;
- #define SW_OS_INVALID_HANDLE (-1)
- #define SW_CALLCONV
-#else /* Unix variants */
- typedef int SW_OSHANDLE; /* handle to driver */
- #define SW_OS_INVALID_HANDLE (-1)
- #define SW_CALLCONV
-#endif
-
-typedef struct _SW_CRT {
- SW_LARGENUMBER p; /* prime number p */
- SW_LARGENUMBER q; /* prime number q */
- SW_LARGENUMBER dmp1; /* exponent1 */
- SW_LARGENUMBER dmq1; /* exponent2 */
- SW_LARGENUMBER iqmp; /* CRT coefficient */
-} SW_CRT;
-
-typedef struct _SW_EXP {
- SW_LARGENUMBER modulus; /* modulus */
- SW_LARGENUMBER exponent;/* exponent */
-} SW_EXP;
-
-typedef struct _SW_DSA {
- SW_LARGENUMBER p; /* */
- SW_LARGENUMBER q; /* */
- SW_LARGENUMBER g; /* */
- SW_LARGENUMBER key; /* private/public key */
-} SW_DSA;
-
-typedef struct _SW_NVDATA {
- SW_U32 accnum; /* accelerator board number */
- SW_U32 offset; /* offset in byte */
-} SW_NVDATA;
-
-typedef struct _SW_PARAM {
- SW_ALGTYPE type; /* type of the alogrithm */
- union {
- SW_CRT crt;
- SW_EXP exp;
- SW_DSA dsa;
- SW_NVDATA nvdata;
- } up;
-} SW_PARAM;
-
-typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
-
-
-/* Now the OpenSSL bits, these function types are the for the function
- * pointers that will bound into the Rainbow shared libraries. */
-typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac);
-typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
- SW_PARAM *key_params);
-typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
- SW_COMMAND_CODE cmd,
- SW_LARGENUMBER pin[],
- SW_U32 pin_count,
- SW_LARGENUMBER pout[],
- SW_U32 pout_count);
-typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE hac);
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
diff --git a/crypto/openssl/engines/vendor_defns/hw_4758_cca.h b/crypto/openssl/engines/vendor_defns/hw_4758_cca.h
deleted file mode 100644
index 296636e..0000000
--- a/crypto/openssl/engines/vendor_defns/hw_4758_cca.h
+++ /dev/null
@@ -1,149 +0,0 @@
-/**********************************************************************/
-/* */
-/* Prototypes of the CCA verbs used by the 4758 CCA openssl driver */
-/* */
-/* Maurice Gittens <maurice@gittens.nl> */
-/* */
-/**********************************************************************/
-
-#ifndef __HW_4758_CCA__
-#define __HW_4758_CCA__
-
-/*
- * Only WIN32 support for now
- */
-#if defined(WIN32)
-
- #define CCA_LIB_NAME "CSUNSAPI"
-
- #define CSNDPKX "CSNDPKX_32"
- #define CSNDKRR "CSNDKRR_32"
- #define CSNDPKE "CSNDPKE_32"
- #define CSNDPKD "CSNDPKD_32"
- #define CSNDDSV "CSNDDSV_32"
- #define CSNDDSG "CSNDDSG_32"
- #define CSNBRNG "CSNBRNG_32"
-
- #define SECURITYAPI __stdcall
-#else
- /* Fixme!!
- Find out the values of these constants for other platforms.
- */
- #define CCA_LIB_NAME "CSUNSAPI"
-
- #define CSNDPKX "CSNDPKX"
- #define CSNDKRR "CSNDKRR"
- #define CSNDPKE "CSNDPKE"
- #define CSNDPKD "CSNDPKD"
- #define CSNDDSV "CSNDDSV"
- #define CSNDDSG "CSNDDSG"
- #define CSNBRNG "CSNBRNG"
-
- #define SECURITYAPI
-#endif
-
-/*
- * security API prototypes
- */
-
-/* PKA Key Record Read */
-typedef void (SECURITYAPI *F_KEYRECORDREAD)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- unsigned char * key_label,
- long * key_token_length,
- unsigned char * key_token);
-
-/* Random Number Generate */
-typedef void (SECURITYAPI *F_RANDOMNUMBERGENERATE)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- unsigned char * form,
- unsigned char * random_number);
-
-/* Digital Signature Generate */
-typedef void (SECURITYAPI *F_DIGITALSIGNATUREGENERATE)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * PKA_private_key_id_length,
- unsigned char * PKA_private_key_id,
- long * hash_length,
- unsigned char * hash,
- long * signature_field_length,
- long * signature_bit_length,
- unsigned char * signature_field);
-
-/* Digital Signature Verify */
-typedef void (SECURITYAPI *F_DIGITALSIGNATUREVERIFY)(
- long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * PKA_public_key_id_length,
- unsigned char * PKA_public_key_id,
- long * hash_length,
- unsigned char * hash,
- long * signature_field_length,
- unsigned char * signature_field);
-
-/* PKA Public Key Extract */
-typedef void (SECURITYAPI *F_PUBLICKEYEXTRACT)(
- long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * source_key_identifier_length,
- unsigned char * source_key_identifier,
- long * target_key_token_length,
- unsigned char * target_key_token);
-
-/* PKA Encrypt */
-typedef void (SECURITYAPI *F_PKAENCRYPT)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * key_value_length,
- unsigned char * key_value,
- long * data_struct_length,
- unsigned char * data_struct,
- long * RSA_public_key_length,
- unsigned char * RSA_public_key,
- long * RSA_encipher_length,
- unsigned char * RSA_encipher );
-
-/* PKA Decrypt */
-typedef void (SECURITYAPI *F_PKADECRYPT)
- (long * return_code,
- long * reason_code,
- long * exit_data_length,
- unsigned char * exit_data,
- long * rule_array_count,
- unsigned char * rule_array,
- long * enciphered_key_length,
- unsigned char * enciphered_key,
- long * data_struct_length,
- unsigned char * data_struct,
- long * RSA_private_key_length,
- unsigned char * RSA_private_key,
- long * key_value_length,
- unsigned char * key_value );
-
-
-#endif
diff --git a/crypto/openssl/engines/vendor_defns/hw_ubsec.h b/crypto/openssl/engines/vendor_defns/hw_ubsec.h
deleted file mode 100644
index b6619d4..0000000
--- a/crypto/openssl/engines/vendor_defns/hw_ubsec.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/******************************************************************************
- *
- * Copyright 2000
- * Broadcom Corporation
- * 16215 Alton Parkway
- * PO Box 57013
- * Irvine CA 92619-7013
- *
- *****************************************************************************/
-/*
- * Broadcom Corporation uBSec SDK
- */
-/*
- * Character device header file.
- */
-/*
- * Revision History:
- *
- * October 2000 JTT Created.
- */
-
-#define MAX_PUBLIC_KEY_BITS (1024)
-#define MAX_PUBLIC_KEY_BYTES (1024/8)
-#define SHA_BIT_SIZE (160)
-#define MAX_CRYPTO_KEY_LENGTH 24
-#define MAX_MAC_KEY_LENGTH 64
-#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")
-#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")
-
-/* Math command types. */
-#define UBSEC_MATH_MODADD 0x0001
-#define UBSEC_MATH_MODSUB 0x0002
-#define UBSEC_MATH_MODMUL 0x0004
-#define UBSEC_MATH_MODEXP 0x0008
-#define UBSEC_MATH_MODREM 0x0010
-#define UBSEC_MATH_MODINV 0x0020
-
-typedef long ubsec_MathCommand_t;
-typedef long ubsec_RNGCommand_t;
-
-typedef struct ubsec_crypto_context_s {
- unsigned int flags;
- unsigned char crypto[MAX_CRYPTO_KEY_LENGTH];
- unsigned char auth[MAX_MAC_KEY_LENGTH];
-} ubsec_crypto_context_t, *ubsec_crypto_context_p;
-
-/*
- * Predeclare the function pointer types that we dynamically load from the DSO.
- */
-
-typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);
-
-typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);
-
-typedef int t_UBSEC_ubsec_open(unsigned char *device);
-
-typedef int t_UBSEC_ubsec_close(int fd);
-
-typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd,
- unsigned char *x, int *x_len, unsigned char *y, int *y_len,
- unsigned char *g, int g_len, unsigned char *m, int m_len,
- unsigned char *userX, int userX_len, int random_bits);
-
-typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd,
- unsigned char *x, int x_len, unsigned char *y, int y_len,
- unsigned char *m, int m_len, unsigned char *k, int *k_len);
-
-typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd,
- unsigned char *x, int x_len, unsigned char *m, int m_len,
- unsigned char *e, int e_len, unsigned char *y, int *y_len);
-
-typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd,
- unsigned char *x, int x_len, unsigned char *qinv, int qinv_len,
- unsigned char *edq, int edq_len, unsigned char *q, int q_len,
- unsigned char *edp, int edp_len, unsigned char *p, int p_len,
- unsigned char *y, int *y_len);
-
-typedef int t_UBSEC_dsa_sign_ioctl (int fd,
- int hash, unsigned char *data, int data_len,
- unsigned char *rndom, int random_len,
- unsigned char *p, int p_len, unsigned char *q, int q_len,
- unsigned char *g, int g_len, unsigned char *key, int key_len,
- unsigned char *r, int *r_len, unsigned char *s, int *s_len);
-
-typedef int t_UBSEC_dsa_verify_ioctl (int fd,
- int hash, unsigned char *data, int data_len,
- unsigned char *p, int p_len, unsigned char *q, int q_len,
- unsigned char *g, int g_len, unsigned char *key, int key_len,
- unsigned char *r, int r_len, unsigned char *s, int s_len,
- unsigned char *v, int *v_len);
-
-typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
- unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len,
- unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len,
- unsigned char *Result, int *Result_len);
-
-typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
- unsigned char *Result, int *Result_len);
-
-typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);
diff --git a/crypto/openssl/engines/vendor_defns/hwcryptohook.h b/crypto/openssl/engines/vendor_defns/hwcryptohook.h
deleted file mode 100644
index 482f1f2..0000000
--- a/crypto/openssl/engines/vendor_defns/hwcryptohook.h
+++ /dev/null
@@ -1,486 +0,0 @@
-/*
- * ModExp / RSA (with/without KM) plugin API
- *
- * The application will load a dynamic library which
- * exports entrypoint(s) defined in this file.
- *
- * This set of entrypoints provides only a multithreaded,
- * synchronous-within-each-thread, facility.
- *
- *
- * This file is Copyright 1998-2000 nCipher Corporation Limited.
- *
- * Redistribution and use in source and binary forms, with opr without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the copyright notice,
- * this list of conditions, and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above
- * copyright notice, this list of conditions, and the following
- * disclaimer, in the documentation and/or other materials provided
- * with the distribution
- *
- * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
- * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
- * damages arising directly or indirectly from this file, its use or
- * this licence. Without prejudice to the generality of the
- * foregoing: all liability shall be excluded for direct, indirect,
- * special, incidental, consequential or other damages or any loss of
- * profits, business, revenue goodwill or anticipated savings;
- * liability shall be excluded even if nCipher or anyone else has been
- * advised of the possibility of damage. In any event, if the
- * exclusion of liability is not effective, the liability of nCipher
- * or any author or distributor shall be limited to the lesser of the
- * price paid and 1,000 pounds sterling. This licence only fails to
- * exclude or limit liability for death or personal injury arising out
- * of negligence, and only to the extent that such an exclusion or
- * limitation is not effective.
- *
- * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
- * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
- * limited to, any implied warranties of merchantability, fitness for
- * a particular purpose, satisfactory quality, and/or non-infringement
- * of any third party rights.
- *
- * US Government use: This software and documentation is Commercial
- * Computer Software and Computer Software Documentation, as defined in
- * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
- * Noncommercial Computer Software and Noncommercial Computer Software
- * Documentation." Use, duplication or disclosure by the Government is
- * subject to the terms and conditions specified here.
- *
- * By using or distributing this file you will be accepting these
- * terms and conditions, including the limitation of liability and
- * lack of warranty. If you do not wish to accept these terms and
- * conditions, DO NOT USE THE FILE.
- *
- *
- * The actual dynamically loadable plugin, and the library files for
- * static linking, which are also provided in some distributions, are
- * not covered by the licence described above. You should have
- * received a separate licence with terms and conditions for these
- * library files; if you received the library files without a licence,
- * please contact nCipher.
- *
- *
- * $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $
- */
-
-#ifndef HWCRYPTOHOOK_H
-#define HWCRYPTOHOOK_H
-
-#include <sys/types.h>
-#include <stdio.h>
-
-#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
-#define HWCRYPTOHOOK_DECLARE_APPTYPES 1
-#endif
-
-#define HWCRYPTOHOOK_ERROR_FAILED -1
-#define HWCRYPTOHOOK_ERROR_FALLBACK -2
-#define HWCRYPTOHOOK_ERROR_MPISIZE -3
-
-#if HWCRYPTOHOOK_DECLARE_APPTYPES
-
-/* These structs are defined by the application and opaque to the
- * crypto plugin. The application may define these as it sees fit.
- * Default declarations are provided here, but the application may
- * #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
- * to prevent these declarations, and instead provide its own
- * declarations of these types. (Pointers to them must still be
- * ordinary pointers to structs or unions, or the resulting combined
- * program will have a type inconsistency.)
- */
-typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
-typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
-typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;
-typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
-
-#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
-
-/* These next two structs are opaque to the application. The crypto
- * plugin will return pointers to them; the caller simply manipulates
- * the pointers.
- */
-typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
-typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
-
-typedef struct {
- char *buf;
- size_t size;
-} HWCryptoHook_ErrMsgBuf;
-/* Used for error reporting. When a HWCryptoHook function fails it
- * will return a sentinel value (0 for pointer-valued functions, or a
- * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
- * integer-valued ones). It will, if an ErrMsgBuf is passed, also put
- * an error message there.
- *
- * size is the size of the buffer, and will not be modified. If you
- * pass 0 for size you must pass 0 for buf, and nothing will be
- * recorded (just as if you passed 0 for the struct pointer).
- * Messages written to the buffer will always be null-terminated, even
- * when truncated to fit within size bytes.
- *
- * The contents of the buffer are not defined if there is no error.
- */
-
-typedef struct HWCryptoHook_MPIStruct {
- unsigned char *buf;
- size_t size;
-} HWCryptoHook_MPI;
-/* When one of these is returned, a pointer is passed to the function.
- * At call, size is the space available. Afterwards it is updated to
- * be set to the actual length (which may be more than the space available,
- * if there was not enough room and the result was truncated).
- * buf (the pointer) is not updated.
- *
- * size is in bytes and may be zero at call or return, but must be a
- * multiple of the limb size. Zero limbs at the MS end are not
- * permitted.
- */
-
-#define HWCryptoHook_InitFlags_FallbackModExp 0x0002UL
-#define HWCryptoHook_InitFlags_FallbackRSAImmed 0x0004UL
-/* Enable requesting fallback to software in case of problems with the
- * hardware support. This indicates to the crypto provider that the
- * application is prepared to fall back to software operation if the
- * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
- * Without this flag those calls will never return
- * HWCRYPTOHOOK_ERROR_FALLBACK. The flag will also cause the crypto
- * provider to avoid repeatedly attempting to contact dead hardware
- * within a short interval, if appropriate.
- */
-
-#define HWCryptoHook_InitFlags_SimpleForkCheck 0x0010UL
-/* Without _SimpleForkCheck the library is allowed to assume that the
- * application will not fork and call the library in the child(ren).
- *
- * When it is specified, this is allowed. However, after a fork
- * neither parent nor child may unload any loaded keys or call
- * _Finish. Instead, they should call exit (or die with a signal)
- * without calling _Finish. After all the children have died the
- * parent may unload keys or call _Finish.
- *
- * This flag only has any effect on UN*X platforms.
- */
-
-typedef struct {
- unsigned long flags;
- void *logstream; /* usually a FILE*. See below. */
-
- size_t limbsize; /* bignum format - size of radix type, must be power of 2 */
- int mslimbfirst; /* 0 or 1 */
- int msbytefirst; /* 0 or 1; -1 = native */
-
- /* All the callback functions should return 0 on success, or a
- * nonzero integer (whose value will be visible in the error message
- * put in the buffer passed to the call).
- *
- * If a callback is not available pass a null function pointer.
- *
- * The callbacks may not call down again into the crypto plugin.
- */
-
- /* For thread-safety. Set everything to 0 if you promise only to be
- * singlethreaded. maxsimultaneous is the number of calls to
- * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA. If you don't know what to
- * put there then say 0 and the hook library will use a default.
- *
- * maxmutexes is a small limit on the number of simultaneous mutexes
- * which will be requested by the library. If there is no small
- * limit, set it to 0. If the crypto plugin cannot create the
- * advertised number of mutexes the calls to its functions may fail.
- * If a low number of mutexes is advertised the plugin will try to
- * do the best it can. Making larger numbers of mutexes available
- * may improve performance and parallelism by reducing contention
- * over critical sections. Unavailability of any mutexes, implying
- * single-threaded operation, should be indicated by the setting
- * mutex_init et al to 0.
- */
- int maxmutexes;
- int maxsimultaneous;
- size_t mutexsize;
- int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);
- int (*mutex_acquire)(HWCryptoHook_Mutex*);
- void (*mutex_release)(HWCryptoHook_Mutex*);
- void (*mutex_destroy)(HWCryptoHook_Mutex*);
-
- /* For greater efficiency, can use condition vars internally for
- * synchronisation. In this case maxsimultaneous is ignored, but
- * the other mutex stuff must be available. In singlethreaded
- * programs, set everything to 0.
- */
- size_t condvarsize;
- int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);
- int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);
- void (*condvar_signal)(HWCryptoHook_CondVar*);
- void (*condvar_broadcast)(HWCryptoHook_CondVar*);
- void (*condvar_destroy)(HWCryptoHook_CondVar*);
-
- /* The semantics of acquiring and releasing mutexes and broadcasting
- * and waiting on condition variables are expected to be those from
- * POSIX threads (pthreads). The mutexes may be (in pthread-speak)
- * fast mutexes, recursive mutexes, or nonrecursive ones.
- *
- * The _release/_signal/_broadcast and _destroy functions must
- * always succeed when given a valid argument; if they are given an
- * invalid argument then the program (crypto plugin + application)
- * has an internal error, and they should abort the program.
- */
-
- int (*getpassphrase)(const char *prompt_info,
- int *len_io, char *buf,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx);
- /* Passphrases and the prompt_info, if they contain high-bit-set
- * characters, are UTF-8. The prompt_info may be a null pointer if
- * no prompt information is available (it should not be an empty
- * string). It will not contain text like `enter passphrase';
- * instead it might say something like `Operator Card for John
- * Smith' or `SmartCard in nFast Module #1, Slot #1'.
- *
- * buf points to a buffer in which to return the passphrase; on
- * entry *len_io is the length of the buffer. It should be updated
- * by the callback. The returned passphrase should not be
- * null-terminated by the callback.
- */
-
- int (*getphystoken)(const char *prompt_info,
- const char *wrong_info,
- HWCryptoHook_PassphraseContext *ppctx,
- HWCryptoHook_CallerContext *cactx);
- /* Requests that the human user physically insert a different
- * smartcard, DataKey, etc. The plugin should check whether the
- * currently inserted token(s) are appropriate, and if they are it
- * should not make this call.
- *
- * prompt_info is as before. wrong_info is a description of the
- * currently inserted token(s) so that the user is told what
- * something is. wrong_info, like prompt_info, may be null, but
- * should not be an empty string. Its contents should be
- * syntactically similar to that of prompt_info.
- */
-
- /* Note that a single LoadKey operation might cause several calls to
- * getpassphrase and/or requestphystoken. If requestphystoken is
- * not provided (ie, a null pointer is passed) then the plugin may
- * not support loading keys for which authorisation by several cards
- * is required. If getpassphrase is not provided then cards with
- * passphrases may not be supported.
- *
- * getpassphrase and getphystoken do not need to check that the
- * passphrase has been entered correctly or the correct token
- * inserted; the crypto plugin will do that. If this is not the
- * case then the crypto plugin is responsible for calling these
- * routines again as appropriate until the correct token(s) and
- * passphrase(s) are supplied as required, or until any retry limits
- * implemented by the crypto plugin are reached.
- *
- * In either case, the application must allow the user to say `no'
- * or `cancel' to indicate that they do not know the passphrase or
- * have the appropriate token; this should cause the callback to
- * return nonzero indicating error.
- */
-
- void (*logmessage)(void *logstream, const char *message);
- /* A log message will be generated at least every time something goes
- * wrong and an ErrMsgBuf is filled in (or would be if one was
- * provided). Other diagnostic information may be written there too,
- * including more detailed reasons for errors which are reported in an
- * ErrMsgBuf.
- *
- * When a log message is generated, this callback is called. It
- * should write a message to the relevant logging arrangements.
- *
- * The message string passed will be null-terminated and may be of arbitrary
- * length. It will not be prefixed by the time and date, nor by the
- * name of the library that is generating it - if this is required,
- * the logmessage callback must do it. The message will not have a
- * trailing newline (though it may contain internal newlines).
- *
- * If a null pointer is passed for logmessage a default function is
- * used. The default function treats logstream as a FILE* which has
- * been converted to a void*. If logstream is 0 it does nothing.
- * Otherwise it prepends the date and time and library name and
- * writes the message to logstream. Each line will be prefixed by a
- * descriptive string containing the date, time and identity of the
- * crypto plugin. Errors on the logstream are not reported
- * anywhere, and the default function doesn't flush the stream, so
- * the application must set the buffering how it wants it.
- *
- * The crypto plugin may also provide a facility to have copies of
- * log messages sent elsewhere, and or for adjusting the verbosity
- * of the log messages; any such facilities will be configured by
- * external means.
- */
-
-} HWCryptoHook_InitInfo;
-
-typedef
-HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,
- size_t initinfosize,
- const HWCryptoHook_ErrMsgBuf *errors,
- HWCryptoHook_CallerContext *cactx);
-extern HWCryptoHook_Init_t HWCryptoHook_Init;
-
-/* Caller should set initinfosize to the size of the HWCryptoHook struct,
- * so it can be extended later.
- *
- * On success, a message for display or logging by the server,
- * including the name and version number of the plugin, will be filled
- * in into *errors; on failure *errors is used for error handling, as
- * usual.
- */
-
-/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
- * on most failures. HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
- * the output MPI buffer(s) was too small; the sizes of all have been
- * set to the desired size (and for those where the buffer was large
- * enough, the value may have been copied in), and no error message
- * has been recorded.
- *
- * You may pass 0 for the errors struct. In any case, unless you set
- * _NoStderr at init time then messages may be reported to stderr.
- */
-
-/* The RSAImmed* functions (and key managed RSA) only work with
- * modules which have an RSA patent licence - currently that means KM
- * units; the ModExp* ones work with all modules, so you need a patent
- * licence in the software in the US. They are otherwise identical.
- */
-
-typedef
-void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
-extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
-/* You must not have any calls going or keys loaded when you call this. */
-
-typedef
-int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
- unsigned char *buf, size_t len,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
-
-typedef
-int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
- HWCryptoHook_MPI a,
- HWCryptoHook_MPI p,
- HWCryptoHook_MPI n,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
-
-typedef
-int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
- HWCryptoHook_MPI m,
- HWCryptoHook_MPI e,
- HWCryptoHook_MPI n,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
-
-typedef
-int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
- HWCryptoHook_MPI a,
- HWCryptoHook_MPI p,
- HWCryptoHook_MPI q,
- HWCryptoHook_MPI dmp1,
- HWCryptoHook_MPI dmq1,
- HWCryptoHook_MPI iqmp,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
-
-typedef
-int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
- HWCryptoHook_MPI m,
- HWCryptoHook_MPI p,
- HWCryptoHook_MPI q,
- HWCryptoHook_MPI dmp1,
- HWCryptoHook_MPI dmq1,
- HWCryptoHook_MPI iqmp,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
-
-/* The RSAImmed* and ModExp* functions may return E_FAILED or
- * E_FALLBACK for failure.
- *
- * E_FAILED means the failure is permanent and definite and there
- * should be no attempt to fall back to software. (Eg, for some
- * applications, which support only the acceleration-only
- * functions, the `key material' may actually be an encoded key
- * identifier, and doing the operation in software would give wrong
- * answers.)
- *
- * E_FALLBACK means that doing the computation in software would seem
- * reasonable. If an application pays attention to this and is
- * able to fall back, it should also set the Fallback init flags.
- */
-
-typedef
-int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
- const char *key_ident,
- HWCryptoHook_RSAKeyHandle *keyhandle_r,
- const HWCryptoHook_ErrMsgBuf *errors,
- HWCryptoHook_PassphraseContext *ppctx);
-extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
-/* The key_ident is a null-terminated string configured by the
- * user via the application's usual configuration mechanisms.
- * It is provided to the user by the crypto provider's key management
- * system. The user must be able to enter at least any string of between
- * 1 and 1023 characters inclusive, consisting of printable 7-bit
- * ASCII characters. The provider should avoid using
- * any characters except alphanumerics and the punctuation
- * characters _ - + . / @ ~ (the user is expected to be able
- * to enter these without quoting). The string may be case-sensitive.
- * The application may allow the user to enter other NULL-terminated strings,
- * and the provider must cope (returning an error if the string is not
- * valid).
- *
- * If the key does not exist, no error is recorded and 0 is returned;
- * keyhandle_r will be set to 0 instead of to a key handle.
- */
-
-typedef
-int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
- HWCryptoHook_MPI *n,
- HWCryptoHook_MPI *e,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
-/* The crypto plugin will not store certificates.
- *
- * Although this function for acquiring the public key value is
- * provided, it is not the purpose of this API to deal fully with the
- * handling of the public key.
- *
- * It is expected that the crypto supplier's key generation program
- * will provide general facilities for producing X.509
- * self-certificates and certificate requests in PEM format. These
- * will be given to the user so that they can configure them in the
- * application, send them to CAs, or whatever.
- *
- * In case this kind of certificate handling is not appropriate, the
- * crypto supplier's key generation program should be able to be
- * configured not to generate such a self-certificate or certificate
- * request. Then the application will need to do all of this, and
- * will need to store and handle the public key and certificates
- * itself.
- */
-
-typedef
-int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
-/* Might fail due to locking problems, or other serious internal problems. */
-
-typedef
-int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
- HWCryptoHook_RSAKeyHandle k,
- HWCryptoHook_MPI *r,
- const HWCryptoHook_ErrMsgBuf *errors);
-extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
-/* RSA private key operation (sign or decrypt) - raw, unpadded. */
-
-#endif /*HWCRYPTOHOOK_H*/
diff --git a/crypto/openssl/engines/vendor_defns/sureware.h b/crypto/openssl/engines/vendor_defns/sureware.h
deleted file mode 100644
index e46b000..0000000
--- a/crypto/openssl/engines/vendor_defns/sureware.h
+++ /dev/null
@@ -1,239 +0,0 @@
-/*
-* Written by Corinne Dive-Reclus(cdive@baltimore.com)
-*
-* Copyright@2001 Baltimore Technologies Ltd.
-* *
-* THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND *
-* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE *
-* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE *
-* ARE DISCLAIMED. IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE *
-* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *
-* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS *
-* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) *
-* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT *
-* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY *
-* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF *
-* SUCH DAMAGE. *
-*
-*
-*/
-#ifdef WIN32
-#define SW_EXPORT __declspec ( dllexport )
-#else
-#define SW_EXPORT
-#endif
-
-/*
-* List of exposed SureWare errors
-*/
-#define SUREWAREHOOK_ERROR_FAILED -1
-#define SUREWAREHOOK_ERROR_FALLBACK -2
-#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
-#define SUREWAREHOOK_ERROR_DATA_SIZE -4
-#define SUREWAREHOOK_ERROR_INVALID_PAD -5
-/*
-* -----------------WARNING-----------------------------------
-* In all the following functions:
-* msg is a string with at least 24 bytes free.
-* A 24 bytes string will be concatenated to the existing content of msg.
-*/
-/*
-* SureWare Initialisation function
-* in param threadsafe, if !=0, thread safe enabled
-* return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
-*/
-typedef int SureWareHook_Init_t(char*const msg,int threadsafe);
-extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
-/*
-* SureWare Finish function
-*/
-typedef void SureWareHook_Finish_t(void);
-extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
-/*
-* PRE_CONDITION:
-* DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
-*/
-/*
-* SureWare RAND Bytes function
-* In case of failure, the content of buf is unpredictable.
-* return 1 if success
-* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-* in/out param buf : a num bytes long buffer where random bytes will be put
-* in param num : the number of bytes into buf
-*/
-typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num);
-extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
-
-/*
-* SureWare RAND Seed function
-* Adds some seed to the Hardware Random Number Generator
-* return 1 if success
-* SureWareHOOK_ERROR_FALLBACK if function not available in hardware
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-* in param buf : the seed to add into the HRNG
-* in param num : the number of bytes into buf
-*/
-typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num);
-extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
-
-/*
-* SureWare Load Private Key function
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* No hardware is contact for this function.
-*
-* in param key_id :the name of the private protected key file without the extension
- ".sws"
-* out param hptr : a pointer to a buffer allocated by SureWare_Hook
-* out param num: the effective key length in bytes
-* out param keytype: 1 if RSA 2 if DSA
-*/
-typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype);
-extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
-
-/*
-* SureWare Info Public Key function
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* No hardware is contact for this function.
-*
-* in param key_id :the name of the private protected key file without the extension
- ".swp"
-* out param hptr : a pointer to a buffer allocated by SureWare_Hook
-* out param num: the effective key length in bytes
-* out param keytype: 1 if RSA 2 if DSA
-*/
-typedef int SureWareHook_Info_Pubkey_t(char*const msg,const char *key_id,unsigned long *num,
- char *keytype);
-extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
-
-/*
-* SureWare Load Public Key function
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* No hardware is contact for this function.
-*
-* in param key_id :the name of the public protected key file without the extension
- ".swp"
-* in param num : the bytes size of n and e
-* out param n: where to write modulus in bn format
-* out param e: where to write exponent in bn format
-*/
-typedef int SureWareHook_Load_Rsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
- unsigned long *n, unsigned long *e);
-extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
-
-/*
-* SureWare Load DSA Public Key function
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* No hardware is contact for this function.
-*
-* in param key_id :the name of the public protected key file without the extension
- ".swp"
-* in param num : the bytes size of n and e
-* out param pub: where to write pub key in bn format
-* out param p: where to write prime in bn format
-* out param q: where to write sunprime (length 20 bytes) in bn format
-* out param g: where to write base in bn format
-*/
-typedef int SureWareHook_Load_Dsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
- unsigned long *pub, unsigned long *p,unsigned long*q,
- unsigned long *g);
-extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
-
-/*
-* SureWare Free function
-* Destroy the key into the hardware if destroy==1
-*/
-typedef void SureWareHook_Free_t(char *p,int destroy);
-extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
-
-#define SUREWARE_PKCS1_PAD 1
-#define SUREWARE_ISO9796_PAD 2
-#define SUREWARE_NO_PAD 0
-/*
-* SureWare RSA Private Decryption
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-* in param flen : byte size of from and to
-* in param from : encrypted data buffer, should be a not-null valid pointer
-* out param tlen: byte size of decrypted data, if error, unexpected value
-* out param to : decrypted data buffer, should be a not-null valid pointer
-* in param prsa: a protected key pointer, should be a not-null valid pointer
-* int padding: padding id as follow
-* SUREWARE_PKCS1_PAD
-* SUREWARE_NO_PAD
-*
-*/
-typedef int SureWareHook_Rsa_Priv_Dec_t(char*const msg,int flen,unsigned char *from,
- int *tlen,unsigned char *to,
- char *prsa,int padding);
-extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
-/*
-* SureWare RSA Signature
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-* in param flen : byte size of from and to
-* in param from : encrypted data buffer, should be a not-null valid pointer
-* out param tlen: byte size of decrypted data, if error, unexpected value
-* out param to : decrypted data buffer, should be a not-null valid pointer
-* in param prsa: a protected key pointer, should be a not-null valid pointer
-* int padding: padding id as follow
-* SUREWARE_PKCS1_PAD
-* SUREWARE_ISO9796_PAD
-*
-*/
-typedef int SureWareHook_Rsa_Sign_t(char*const msg,int flen,unsigned char *from,
- int *tlen,unsigned char *to,
- char *prsa,int padding);
-extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
-/*
-* SureWare DSA Signature
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-* in param flen : byte size of from and to
-* in param from : encrypted data buffer, should be a not-null valid pointer
-* out param to : decrypted data buffer, should be a 40bytes valid pointer
-* in param pdsa: a protected key pointer, should be a not-null valid pointer
-*
-*/
-typedef int SureWareHook_Dsa_Sign_t(char*const msg,int flen,const unsigned char *from,
- unsigned long *r,unsigned long *s,char *pdsa);
-extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
-
-
-/*
-* SureWare Mod Exp
-* return 1 if success
-* SureWareHOOK_ERROR_FAILED if error while processing
-* SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
-* SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
-*
-* mod and res are mlen bytes long.
-* exp is elen bytes long
-* data is dlen bytes long
-* mlen,elen and dlen are all multiple of sizeof(unsigned long)
-*/
-typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod,
- int elen,const unsigned long *exponent,
- int dlen,unsigned long *data,
- unsigned long *res);
-extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;
-
diff --git a/crypto/openssl/openssl.doxy b/crypto/openssl/openssl.doxy
deleted file mode 100644
index 479c311..0000000
--- a/crypto/openssl/openssl.doxy
+++ /dev/null
@@ -1,7 +0,0 @@
-PROJECT_NAME=OpenSSL
-GENERATE_LATEX=no
-OUTPUT_DIRECTORY=doxygen
-INPUT=ssl include
-FILE_PATTERNS=*.c *.h
-RECURSIVE=yes
-PREDEFINED=DOXYGEN
diff --git a/crypto/openssl/openssl.spec b/crypto/openssl/openssl.spec
deleted file mode 100644
index 7ac3573..0000000
--- a/crypto/openssl/openssl.spec
+++ /dev/null
@@ -1,209 +0,0 @@
-%define libmaj 0
-%define libmin 9
-%define librel 8
-%define librev e
-Release: 1
-
-%define openssldir /var/ssl
-
-Summary: Secure Sockets Layer and cryptography libraries and tools
-Name: openssl
-#Version: %{libmaj}.%{libmin}.%{librel}
-Version: %{libmaj}.%{libmin}.%{librel}%{librev}
-Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-Copyright: Freely distributable
-Group: System Environment/Libraries
-Provides: SSL
-URL: http://www.openssl.org/
-Packager: Damien Miller <djm@mindrot.org>
-BuildRoot: /var/tmp/%{name}-%{version}-root
-
-%description
-The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, fully featured, and Open Source toolkit implementing the
-Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols as well as a full-strength general purpose cryptography library.
-The project is managed by a worldwide community of volunteers that use the
-Internet to communicate, plan, and develop the OpenSSL tookit and its related
-documentation.
-
-OpenSSL is based on the excellent SSLeay library developed from Eric A.
-Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
-Apache-style licence, which basically means that you are free to get and
-use it for commercial and non-commercial purposes.
-
-This package contains the base OpenSSL cryptography and SSL/TLS
-libraries and tools.
-
-%package devel
-Summary: Secure Sockets Layer and cryptography static libraries and headers
-Group: Development/Libraries
-Requires: openssl
-%description devel
-The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, fully featured, and Open Source toolkit implementing the
-Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols as well as a full-strength general purpose cryptography library.
-The project is managed by a worldwide community of volunteers that use the
-Internet to communicate, plan, and develop the OpenSSL tookit and its related
-documentation.
-
-OpenSSL is based on the excellent SSLeay library developed from Eric A.
-Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
-Apache-style licence, which basically means that you are free to get and
-use it for commercial and non-commercial purposes.
-
-This package contains the the OpenSSL cryptography and SSL/TLS
-static libraries and header files required when developing applications.
-
-%package doc
-Summary: OpenSSL miscellaneous files
-Group: Documentation
-Requires: openssl
-%description doc
-The OpenSSL Project is a collaborative effort to develop a robust,
-commercial-grade, fully featured, and Open Source toolkit implementing the
-Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
-protocols as well as a full-strength general purpose cryptography library.
-The project is managed by a worldwide community of volunteers that use the
-Internet to communicate, plan, and develop the OpenSSL tookit and its related
-documentation.
-
-OpenSSL is based on the excellent SSLeay library developed from Eric A.
-Young and Tim J. Hudson. The OpenSSL toolkit is licensed under an
-Apache-style licence, which basically means that you are free to get and
-use it for commercial and non-commercial purposes.
-
-This package contains the the OpenSSL cryptography and SSL/TLS extra
-documentation and POD files from which the man pages were produced.
-
-%prep
-
-%setup -q
-
-%build
-
-%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr --openssldir=%{openssldir}
-
-perl util/perlpath.pl /usr/bin/perl
-
-%ifarch i386 i486 i586 i686
-./Configure %{CONFIG_FLAGS} linux-elf shared
-%endif
-%ifarch ppc
-./Configure %{CONFIG_FLAGS} linux-ppc shared
-%endif
-%ifarch alpha
-./Configure %{CONFIG_FLAGS} linux-alpha shared
-%endif
-LD_LIBRARY_PATH=`pwd` make
-LD_LIBRARY_PATH=`pwd` make rehash
-LD_LIBRARY_PATH=`pwd` make test
-
-%install
-rm -rf $RPM_BUILD_ROOT
-make MANDIR=/usr/man MANSUFFIX=ssl INSTALL_PREFIX="$RPM_BUILD_ROOT" install
-
-# Make backwards-compatibility symlink to ssleay
-ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%files
-%defattr(0644,root,root,0755)
-%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
-
-%attr(0755,root,root) /usr/bin/*
-%attr(0755,root,root) /usr/lib/*.so*
-%attr(0755,root,root) %{openssldir}/misc/*
-%attr(0644,root,root) /usr/man/man[157]/*
-
-%config %attr(0644,root,root) %{openssldir}/openssl.cnf
-%dir %attr(0755,root,root) %{openssldir}/certs
-%dir %attr(0755,root,root) %{openssldir}/misc
-%dir %attr(0750,root,root) %{openssldir}/private
-
-%files devel
-%defattr(0644,root,root,0755)
-%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
-
-%attr(0644,root,root) /usr/lib/*.a
-%attr(0644,root,root) /usr/lib/pkgconfig/openssl.pc
-%attr(0644,root,root) /usr/include/openssl/*
-%attr(0644,root,root) /usr/man/man[3]/*
-
-%files doc
-%defattr(0644,root,root,0755)
-%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
-%doc doc
-
-%post
-ldconfig
-
-%postun
-ldconfig
-
-%changelog
-* Sun Jun 6 2005 Richard Levitte <richard@levitte.org>
-- Remove the incorrect installation of '%{openssldir}/lib'.
-* Wed May 7 2003 Richard Levitte <richard@levitte.org>
-- Add /usr/lib/pkgconfig/openssl.pc to the development section.
-* Thu Mar 22 2001 Richard Levitte <richard@levitte.org>
-- Removed redundant subsection that re-installed libcrypto.a and libssl.a
- as well. Also remove RSAref stuff completely, since it's not needed
- any more.
-* Thu Mar 15 2001 Jeremiah Johnson <jjohnson@penguincomputing.com>
-- Removed redundant subsection that re-installed libcrypto.so.0.9.6 and
- libssl.so.0.9.6. As well as the subsection that created symlinks for
- these. make install handles all this.
-* Sat Oct 21 2000 Horms <horms@vergenet.net>
-- Make sure symlinks are created by using -f flag to ln.
- Otherwise some .so libraries are copied rather than
- linked in the resulting binary RPM. This causes the package
- to be larger than neccessary and makes ldconfig complain.
-* Fri Oct 13 2000 Horms <horms@vergenet.net>
-- Make defattr is set for files in all packages so packages built as
- non-root will still be installed with files owned by root.
-* Thu Sep 14 2000 Richard Levitte <richard@levitte.org>
-- Changed to adapt to the new (supported) way of making shared libraries
-- Installs all static libraries, not just libRSAglue.a
-- Extra documents now end up in a separate document package
-* Sun Feb 27 2000 Damien Miller <djm@mindrot.org>
-- Merged patches to spec
-- Updated to 0.9.5beta2 (now with manpages)
-* Sat Feb 5 2000 Michal Jaegermann <michal@harddata.com>
-- added 'linux-alpha' to configuration
-- fixed nasty absolute links
-* Tue Jan 25 2000 Bennett Todd <bet@rahul.net>
-- Added -DSSL_ALLOW_ADH, bumped Release to 4
-* Thu Oct 14 1999 Damien Miller <djm@mindrot.org>
-- Set default permissions
-- Removed documentation from devel sub-package
-* Thu Sep 30 1999 Damien Miller <djm@mindrot.org>
-- Added "make test" stage
-- GPG signed
-* Tue Sep 10 1999 Damien Miller <damien@ibs.com.au>
-- Updated to version 0.9.4
-* Tue May 25 1999 Damien Miller <damien@ibs.com.au>
-- Updated to version 0.9.3
-- Added attributes for all files
-- Paramatised openssl directory
-* Sat Mar 20 1999 Carlo M. Arenas Belon <carenas@jmconsultores.com.pe>
-- Added "official" bnrec patch and taking other out
-- making a link from ssleay to openssl binary
-- putting all changelog together on SPEC file
-* Fri Mar 5 1999 Henri Gomez <gomez@slib.fr>
-- Added bnrec patch
-* Tue Dec 29 1998 Jonathan Ruano <kobalt@james.encomix.es>
-- minimum spec and patches changes for openssl
-- modified for openssl sources
-* Sat Aug 8 1998 Khimenko Victor <khim@sch57.msk.ru>
-- shared library creating process honours $RPM_OPT_FLAGS
-- shared libarry supports threads (as well as static library)
-* Wed Jul 22 1998 Khimenko Victor <khim@sch57.msk.ru>
-- building of shared library completely reworked
-* Tue Jul 21 1998 Khimenko Victor <khim@sch57.msk.ru>
-- RPM is BuildRoot'ed
-* Tue Feb 10 1998 Khimenko Victor <khim@sch57.msk.ru>
-- all stuff is moved out of /usr/local
diff --git a/crypto/openssl/shlib/README b/crypto/openssl/shlib/README
deleted file mode 100644
index fea07a5..0000000
--- a/crypto/openssl/shlib/README
+++ /dev/null
@@ -1 +0,0 @@
-Only the windows NT and, linux builds have been tested for SSLeay 0.8.0
diff --git a/crypto/openssl/ssl/Makefile b/crypto/openssl/ssl/Makefile
deleted file mode 100644
index ca1f0eb..0000000
--- a/crypto/openssl/ssl/Makefile
+++ /dev/null
@@ -1,970 +0,0 @@
-#
-# OpenSSL/ssl/Makefile
-#
-
-DIR= ssl
-TOP= ..
-CC= cc
-INCLUDES= -I../crypto -I$(TOP) -I../include $(KRB5_INCLUDES)
-CFLAG=-g
-MAKEFILE= Makefile
-AR= ar r
-# KRB5 stuff
-KRB5_INCLUDES=
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile README ssl-lib.com install.com
-TEST=ssltest.c
-APPS=
-
-LIB=$(TOP)/libssl.a
-SHARED_LIB= libssl$(SHLIB_EXT)
-LIBSRC= \
- s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c \
- s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c \
- s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \
- t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c \
- d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c d1_pkt.c \
- d1_both.c d1_enc.c \
- ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
- ssl_ciph.c ssl_stat.c ssl_rsa.c \
- ssl_asn1.c ssl_txt.c ssl_algs.c \
- bio_ssl.c ssl_err.c kssl.c
-LIBOBJ= \
- s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \
- s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o \
- s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \
- t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o \
- d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o d1_pkt.o \
- d1_both.o d1_enc.o \
- ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
- ssl_ciph.o ssl_stat.o ssl_rsa.o \
- ssl_asn1.o ssl_txt.o ssl_algs.o \
- bio_ssl.o ssl_err.o kssl.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h kssl.h
-HEADER= $(EXHEADER) ssl_locl.h kssl_lcl.h
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd ..; $(MAKE) DIRS=$(DIR) all)
-
-all: shared
-
-lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
- @touch lib
-
-shared: lib
- if [ -n "$(SHARED_LIBS)" ]; then \
- (cd ..; $(MAKE) $(SHARED_LIB)); \
- fi
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
-
-install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-
-tags:
- ctags $(SRC)
-
-tests:
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- @if [ -z "$(THIS)" ]; then \
- $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
- else \
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \
- fi
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-bio_ssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-bio_ssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-bio_ssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-bio_ssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-bio_ssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-bio_ssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-bio_ssl.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-bio_ssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-bio_ssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c
-d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-d1_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-d1_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-d1_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-d1_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-d1_both.o: ../include/openssl/err.h ../include/openssl/evp.h
-d1_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-d1_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_both.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-d1_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-d1_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-d1_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_both.o: ../include/openssl/x509_vfy.h d1_both.c ssl_locl.h
-d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-d1_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_clnt.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-d1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-d1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-d1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-d1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-d1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_clnt.o: ../include/openssl/x509_vfy.h d1_clnt.c kssl_lcl.h ssl_locl.h
-d1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-d1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-d1_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-d1_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-d1_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-d1_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-d1_enc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-d1_enc.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-d1_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_enc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-d1_enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-d1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-d1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_enc.o: ../include/openssl/x509_vfy.h d1_enc.c ssl_locl.h
-d1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-d1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-d1_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-d1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-d1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-d1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-d1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-d1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-d1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-d1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c
-d1_lib.o: ssl_locl.h
-d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-d1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-d1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-d1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-d1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-d1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
-d1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-d1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-d1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-d1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-d1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_meth.c
-d1_meth.o: ssl_locl.h
-d1_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-d1_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-d1_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-d1_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-d1_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-d1_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
-d1_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-d1_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-d1_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-d1_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-d1_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_pkt.c
-d1_pkt.o: ssl_locl.h
-d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-d1_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-d1_srvr.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-d1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-d1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-d1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-d1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-d1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-d1_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-d1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-d1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-d1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_srvr.o: ../include/openssl/x509_vfy.h d1_srvr.c ssl_locl.h
-kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-kssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-kssl.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-kssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-kssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-kssl.o: ../include/openssl/ecdsa.h ../include/openssl/evp.h
-kssl.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h
-kssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-kssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-kssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-kssl.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-kssl.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-kssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-kssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-kssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-kssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-kssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl.c
-s23_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s23_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s23_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s23_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
-s23_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s23_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s23_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s23_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_clnt.o: ../include/openssl/x509_vfy.h s23_clnt.c ssl_locl.h
-s23_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s23_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s23_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s23_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-s23_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s23_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s23_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s23_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_lib.c
-s23_lib.o: ssl_locl.h
-s23_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s23_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s23_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s23_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
-s23_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s23_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s23_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s23_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_meth.c
-s23_meth.o: ssl_locl.h
-s23_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s23_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s23_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s23_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
-s23_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s23_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s23_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s23_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_pkt.c
-s23_pkt.o: ssl_locl.h
-s23_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s23_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s23_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s23_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s23_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
-s23_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s23_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s23_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s23_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s23_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_srvr.o: ../include/openssl/x509_vfy.h s23_srvr.c ssl_locl.h
-s2_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s2_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h
-s2_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s2_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_enc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c
-s2_enc.o: ssl_locl.h
-s2_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s2_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-s2_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h
-s2_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s2_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s2_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_meth.c
-s2_meth.o: ssl_locl.h
-s2_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s2_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c
-s2_pkt.o: ssl_locl.h
-s2_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s2_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
-s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s2_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h
-s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_both.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s3_both.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s3_both.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s3_both.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_both.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s3_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h
-s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_clnt.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_clnt.c ssl_locl.h
-s3_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s3_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s3_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-s3_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s3_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_enc.o: ../include/openssl/x509_vfy.h s3_enc.c ssl_locl.h
-s3_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_lib.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-s3_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
-s3_lib.o: s3_lib.c ssl_locl.h
-s3_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s3_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s3_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_meth.c
-s3_meth.o: ssl_locl.h
-s3_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-s3_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-s3_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
-s3_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-s3_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-s3_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_pkt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_pkt.c
-s3_pkt.o: ssl_locl.h
-s3_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-s3_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-s3_srvr.o: ../include/openssl/evp.h ../include/openssl/krb5_asn.h
-s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-s3_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-s3_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
-s3_srvr.o: s3_srvr.c ssl_locl.h
-ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_algs.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssl_algs.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_algs.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_algs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_algs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_algs.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_algs.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_algs.c
-ssl_algs.o: ssl_locl.h
-ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
-ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/bn.h
-ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
-ssl_asn1.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_asn1.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_asn1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-ssl_asn1.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h
-ssl_cert.o: ../crypto/o_dir.h ../e_os.h ../include/openssl/asn1.h
-ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h
-ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h
-ssl_cert.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
-ssl_cert.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_cert.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_cert.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_cert.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_cert.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-ssl_cert.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-ssl_cert.o: ssl_cert.c ssl_locl.h
-ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_ciph.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_ciph.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssl_ciph.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_ciph.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_ciph.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_ciph.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_ciph.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_ciph.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_ciph.c
-ssl_ciph.o: ssl_locl.h
-ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_err.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_err.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_err.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_err.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_err.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_err.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-ssl_err.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-ssl_err.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-ssl_err.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_err.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_err.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err.c
-ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_err2.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_err2.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_err2.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
-ssl_err2.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-ssl_err2.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-ssl_err2.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-ssl_err2.o: ../include/openssl/pqueue.h ../include/openssl/safestack.h
-ssl_err2.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.c
-ssl_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_lib.o: ../include/openssl/x509v3.h kssl_lcl.h ssl_lib.c ssl_locl.h
-ssl_rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_rsa.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_rsa.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssl_rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_rsa.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_rsa.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_rsa.o: ssl_rsa.c
-ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_sess.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_sess.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_sess.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_sess.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_sess.c
-ssl_stat.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_stat.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_stat.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssl_stat.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_stat.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_stat.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_stat.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_stat.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_stat.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_stat.o: ssl_stat.c
-ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssl_txt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssl_txt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssl_txt.o: ../include/openssl/err.h ../include/openssl/evp.h
-ssl_txt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-ssl_txt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-ssl_txt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-ssl_txt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-ssl_txt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-ssl_txt.o: ssl_txt.c
-t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-t1_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-t1_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
-t1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_clnt.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_clnt.c
-t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_enc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-t1_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-t1_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-t1_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
-t1_enc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
-t1_enc.o: ../include/openssl/lhash.h ../include/openssl/md5.h
-t1_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-t1_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_enc.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-t1_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-t1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_enc.o: t1_enc.c
-t1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-t1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-t1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-t1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
-t1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-t1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_lib.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_lib.o: t1_lib.c
-t1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-t1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_meth.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-t1_meth.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-t1_meth.o: ../include/openssl/err.h ../include/openssl/evp.h
-t1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_meth.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_meth.o: t1_meth.c
-t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-t1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
-t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-t1_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-t1_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
-t1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
-t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
-t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_srvr.o: ../include/openssl/pq_compat.h ../include/openssl/pqueue.h
-t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_srvr.c
diff --git a/crypto/openssl/ssl/bio_ssl.c b/crypto/openssl/ssl/bio_ssl.c
deleted file mode 100644
index 420deb7..0000000
--- a/crypto/openssl/ssl/bio_ssl.c
+++ /dev/null
@@ -1,598 +0,0 @@
-/* ssl/bio_ssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <openssl/crypto.h>
-#include <openssl/bio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-static int ssl_write(BIO *h, const char *buf, int num);
-static int ssl_read(BIO *h, char *buf, int size);
-static int ssl_puts(BIO *h, const char *str);
-static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int ssl_new(BIO *h);
-static int ssl_free(BIO *data);
-static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-typedef struct bio_ssl_st
- {
- SSL *ssl; /* The ssl handle :-) */
- /* re-negotiate every time the total number of bytes is this size */
- int num_renegotiates;
- unsigned long renegotiate_count;
- unsigned long byte_count;
- unsigned long renegotiate_timeout;
- unsigned long last_time;
- } BIO_SSL;
-
-static BIO_METHOD methods_sslp=
- {
- BIO_TYPE_SSL,"ssl",
- ssl_write,
- ssl_read,
- ssl_puts,
- NULL, /* ssl_gets, */
- ssl_ctrl,
- ssl_new,
- ssl_free,
- ssl_callback_ctrl,
- };
-
-BIO_METHOD *BIO_f_ssl(void)
- {
- return(&methods_sslp);
- }
-
-static int ssl_new(BIO *bi)
- {
- BIO_SSL *bs;
-
- bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
- if (bs == NULL)
- {
- BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- memset(bs,0,sizeof(BIO_SSL));
- bi->init=0;
- bi->ptr=(char *)bs;
- bi->flags=0;
- return(1);
- }
-
-static int ssl_free(BIO *a)
- {
- BIO_SSL *bs;
-
- if (a == NULL) return(0);
- bs=(BIO_SSL *)a->ptr;
- if (bs->ssl != NULL) SSL_shutdown(bs->ssl);
- if (a->shutdown)
- {
- if (a->init && (bs->ssl != NULL))
- SSL_free(bs->ssl);
- a->init=0;
- a->flags=0;
- }
- if (a->ptr != NULL)
- OPENSSL_free(a->ptr);
- return(1);
- }
-
-static int ssl_read(BIO *b, char *out, int outl)
- {
- int ret=1;
- BIO_SSL *sb;
- SSL *ssl;
- int retry_reason=0;
- int r=0;
-
- if (out == NULL) return(0);
- sb=(BIO_SSL *)b->ptr;
- ssl=sb->ssl;
-
- BIO_clear_retry_flags(b);
-
-#if 0
- if (!SSL_is_init_finished(ssl))
- {
-/* ret=SSL_do_handshake(ssl); */
- if (ret > 0)
- {
-
- outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
- ret= -1;
- goto end;
- }
- }
-#endif
-/* if (ret > 0) */
- ret=SSL_read(ssl,out,outl);
-
- switch (SSL_get_error(ssl,ret))
- {
- case SSL_ERROR_NONE:
- if (ret <= 0) break;
- if (sb->renegotiate_count > 0)
- {
- sb->byte_count+=ret;
- if (sb->byte_count > sb->renegotiate_count)
- {
- sb->byte_count=0;
- sb->num_renegotiates++;
- SSL_renegotiate(ssl);
- r=1;
- }
- }
- if ((sb->renegotiate_timeout > 0) && (!r))
- {
- unsigned long tm;
-
- tm=(unsigned long)time(NULL);
- if (tm > sb->last_time+sb->renegotiate_timeout)
- {
- sb->last_time=tm;
- sb->num_renegotiates++;
- SSL_renegotiate(ssl);
- }
- }
-
- break;
- case SSL_ERROR_WANT_READ:
- BIO_set_retry_read(b);
- break;
- case SSL_ERROR_WANT_WRITE:
- BIO_set_retry_write(b);
- break;
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_SSL_X509_LOOKUP;
- break;
- case SSL_ERROR_WANT_ACCEPT:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_ACCEPT;
- break;
- case SSL_ERROR_WANT_CONNECT:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_CONNECT;
- break;
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- case SSL_ERROR_ZERO_RETURN:
- default:
- break;
- }
-
- b->retry_reason=retry_reason;
- return(ret);
- }
-
-static int ssl_write(BIO *b, const char *out, int outl)
- {
- int ret,r=0;
- int retry_reason=0;
- SSL *ssl;
- BIO_SSL *bs;
-
- if (out == NULL) return(0);
- bs=(BIO_SSL *)b->ptr;
- ssl=bs->ssl;
-
- BIO_clear_retry_flags(b);
-
-/* ret=SSL_do_handshake(ssl);
- if (ret > 0) */
- ret=SSL_write(ssl,out,outl);
-
- switch (SSL_get_error(ssl,ret))
- {
- case SSL_ERROR_NONE:
- if (ret <= 0) break;
- if (bs->renegotiate_count > 0)
- {
- bs->byte_count+=ret;
- if (bs->byte_count > bs->renegotiate_count)
- {
- bs->byte_count=0;
- bs->num_renegotiates++;
- SSL_renegotiate(ssl);
- r=1;
- }
- }
- if ((bs->renegotiate_timeout > 0) && (!r))
- {
- unsigned long tm;
-
- tm=(unsigned long)time(NULL);
- if (tm > bs->last_time+bs->renegotiate_timeout)
- {
- bs->last_time=tm;
- bs->num_renegotiates++;
- SSL_renegotiate(ssl);
- }
- }
- break;
- case SSL_ERROR_WANT_WRITE:
- BIO_set_retry_write(b);
- break;
- case SSL_ERROR_WANT_READ:
- BIO_set_retry_read(b);
- break;
- case SSL_ERROR_WANT_X509_LOOKUP:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_SSL_X509_LOOKUP;
- break;
- case SSL_ERROR_WANT_CONNECT:
- BIO_set_retry_special(b);
- retry_reason=BIO_RR_CONNECT;
- case SSL_ERROR_SYSCALL:
- case SSL_ERROR_SSL:
- default:
- break;
- }
-
- b->retry_reason=retry_reason;
- return(ret);
- }
-
-static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
- {
- SSL **sslp,*ssl;
- BIO_SSL *bs;
- BIO *dbio,*bio;
- long ret=1;
-
- bs=(BIO_SSL *)b->ptr;
- ssl=bs->ssl;
- if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
- return(0);
- switch (cmd)
- {
- case BIO_CTRL_RESET:
- SSL_shutdown(ssl);
-
- if (ssl->handshake_func == ssl->method->ssl_connect)
- SSL_set_connect_state(ssl);
- else if (ssl->handshake_func == ssl->method->ssl_accept)
- SSL_set_accept_state(ssl);
-
- SSL_clear(ssl);
-
- if (b->next_bio != NULL)
- ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
- else if (ssl->rbio != NULL)
- ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
- else
- ret=1;
- break;
- case BIO_CTRL_INFO:
- ret=0;
- break;
- case BIO_C_SSL_MODE:
- if (num) /* client mode */
- SSL_set_connect_state(ssl);
- else
- SSL_set_accept_state(ssl);
- break;
- case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
- ret=bs->renegotiate_timeout;
- if (num < 60) num=5;
- bs->renegotiate_timeout=(unsigned long)num;
- bs->last_time=(unsigned long)time(NULL);
- break;
- case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
- ret=bs->renegotiate_count;
- if ((long)num >=512)
- bs->renegotiate_count=(unsigned long)num;
- break;
- case BIO_C_GET_SSL_NUM_RENEGOTIATES:
- ret=bs->num_renegotiates;
- break;
- case BIO_C_SET_SSL:
- if (ssl != NULL)
- ssl_free(b);
- b->shutdown=(int)num;
- ssl=(SSL *)ptr;
- ((BIO_SSL *)b->ptr)->ssl=ssl;
- bio=SSL_get_rbio(ssl);
- if (bio != NULL)
- {
- if (b->next_bio != NULL)
- BIO_push(bio,b->next_bio);
- b->next_bio=bio;
- CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO);
- }
- b->init=1;
- break;
- case BIO_C_GET_SSL:
- if (ptr != NULL)
- {
- sslp=(SSL **)ptr;
- *sslp=ssl;
- }
- else
- ret=0;
- break;
- case BIO_CTRL_GET_CLOSE:
- ret=b->shutdown;
- break;
- case BIO_CTRL_SET_CLOSE:
- b->shutdown=(int)num;
- break;
- case BIO_CTRL_WPENDING:
- ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
- break;
- case BIO_CTRL_PENDING:
- ret=SSL_pending(ssl);
- if (ret == 0)
- ret=BIO_pending(ssl->rbio);
- break;
- case BIO_CTRL_FLUSH:
- BIO_clear_retry_flags(b);
- ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
- BIO_copy_next_retry(b);
- break;
- case BIO_CTRL_PUSH:
- if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio))
- {
- SSL_set_bio(ssl,b->next_bio,b->next_bio);
- CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
- }
- break;
- case BIO_CTRL_POP:
- /* ugly bit of a hack */
- if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */
- {
- BIO_free_all(ssl->wbio);
- }
- if (b->next_bio != NULL)
- {
- CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
- }
- ssl->wbio=NULL;
- ssl->rbio=NULL;
- break;
- case BIO_C_DO_STATE_MACHINE:
- BIO_clear_retry_flags(b);
-
- b->retry_reason=0;
- ret=(int)SSL_do_handshake(ssl);
-
- switch (SSL_get_error(ssl,(int)ret))
- {
- case SSL_ERROR_WANT_READ:
- BIO_set_flags(b,
- BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
- break;
- case SSL_ERROR_WANT_WRITE:
- BIO_set_flags(b,
- BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
- break;
- case SSL_ERROR_WANT_CONNECT:
- BIO_set_flags(b,
- BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
- b->retry_reason=b->next_bio->retry_reason;
- break;
- default:
- break;
- }
- break;
- case BIO_CTRL_DUP:
- dbio=(BIO *)ptr;
- if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
- SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
- ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl);
- ((BIO_SSL *)dbio->ptr)->renegotiate_count=
- ((BIO_SSL *)b->ptr)->renegotiate_count;
- ((BIO_SSL *)dbio->ptr)->byte_count=
- ((BIO_SSL *)b->ptr)->byte_count;
- ((BIO_SSL *)dbio->ptr)->renegotiate_timeout=
- ((BIO_SSL *)b->ptr)->renegotiate_timeout;
- ((BIO_SSL *)dbio->ptr)->last_time=
- ((BIO_SSL *)b->ptr)->last_time;
- ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL);
- break;
- case BIO_C_GET_FD:
- ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
- break;
- case BIO_CTRL_SET_CALLBACK:
- {
-#if 0 /* FIXME: Should this be used? -- Richard Levitte */
- SSLerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- ret = -1;
-#else
- ret=0;
-#endif
- }
- break;
- case BIO_CTRL_GET_CALLBACK:
- {
- void (**fptr)(const SSL *xssl,int type,int val);
-
- fptr=(void (**)(const SSL *xssl,int type,int val))ptr;
- *fptr=SSL_get_info_callback(ssl);
- }
- break;
- default:
- ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
- break;
- }
- return(ret);
- }
-
-static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
- {
- SSL *ssl;
- BIO_SSL *bs;
- long ret=1;
-
- bs=(BIO_SSL *)b->ptr;
- ssl=bs->ssl;
- switch (cmd)
- {
- case BIO_CTRL_SET_CALLBACK:
- {
- /* FIXME: setting this via a completely different prototype
- seems like a crap idea */
- SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
- }
- break;
- default:
- ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
- break;
- }
- return(ret);
- }
-
-static int ssl_puts(BIO *bp, const char *str)
- {
- int n,ret;
-
- n=strlen(str);
- ret=BIO_write(bp,str,n);
- return(ret);
- }
-
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
- {
-#ifndef OPENSSL_NO_SOCK
- BIO *ret=NULL,*buf=NULL,*ssl=NULL;
-
- if ((buf=BIO_new(BIO_f_buffer())) == NULL)
- return(NULL);
- if ((ssl=BIO_new_ssl_connect(ctx)) == NULL)
- goto err;
- if ((ret=BIO_push(buf,ssl)) == NULL)
- goto err;
- return(ret);
-err:
- if (buf != NULL) BIO_free(buf);
- if (ssl != NULL) BIO_free(ssl);
-#endif
- return(NULL);
- }
-
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
- {
- BIO *ret=NULL,*con=NULL,*ssl=NULL;
-
- if ((con=BIO_new(BIO_s_connect())) == NULL)
- return(NULL);
- if ((ssl=BIO_new_ssl(ctx,1)) == NULL)
- goto err;
- if ((ret=BIO_push(ssl,con)) == NULL)
- goto err;
- return(ret);
-err:
- if (con != NULL) BIO_free(con);
- if (ret != NULL) BIO_free(ret);
- return(NULL);
- }
-
-BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
- {
- BIO *ret;
- SSL *ssl;
-
- if ((ret=BIO_new(BIO_f_ssl())) == NULL)
- return(NULL);
- if ((ssl=SSL_new(ctx)) == NULL)
- {
- BIO_free(ret);
- return(NULL);
- }
- if (client)
- SSL_set_connect_state(ssl);
- else
- SSL_set_accept_state(ssl);
-
- BIO_set_ssl(ret,ssl,BIO_CLOSE);
- return(ret);
- }
-
-int BIO_ssl_copy_session_id(BIO *t, BIO *f)
- {
- t=BIO_find_type(t,BIO_TYPE_SSL);
- f=BIO_find_type(f,BIO_TYPE_SSL);
- if ((t == NULL) || (f == NULL))
- return(0);
- if ( (((BIO_SSL *)t->ptr)->ssl == NULL) ||
- (((BIO_SSL *)f->ptr)->ssl == NULL))
- return(0);
- SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl);
- return(1);
- }
-
-void BIO_ssl_shutdown(BIO *b)
- {
- SSL *s;
-
- while (b != NULL)
- {
- if (b->method->type == BIO_TYPE_SSL)
- {
- s=((BIO_SSL *)b->ptr)->ssl;
- SSL_shutdown(s);
- break;
- }
- b=b->next_bio;
- }
- }
diff --git a/crypto/openssl/ssl/d1_both.c b/crypto/openssl/ssl/d1_both.c
deleted file mode 100644
index 22bd28a..0000000
--- a/crypto/openssl/ssl/d1_both.c
+++ /dev/null
@@ -1,1191 +0,0 @@
-/* ssl/d1_both.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <limits.h>
-#include <string.h>
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-
-/* XDTLS: figure out the right values */
-static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
-
-static unsigned int dtls1_min_mtu(void);
-static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
-static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
- unsigned long frag_len);
-static unsigned char *dtls1_write_message_header(SSL *s,
- unsigned char *p);
-static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
- unsigned long len, unsigned short seq_num, unsigned long frag_off,
- unsigned long frag_len);
-static int dtls1_retransmit_buffered_messages(SSL *s);
-static long dtls1_get_message_fragment(SSL *s, int st1, int stn,
- long max, int *ok);
-
-static hm_fragment *
-dtls1_hm_fragment_new(unsigned long frag_len)
- {
- hm_fragment *frag = NULL;
- unsigned char *buf = NULL;
-
- frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment));
- if ( frag == NULL)
- return NULL;
-
- if (frag_len)
- {
- buf = (unsigned char *)OPENSSL_malloc(frag_len);
- if ( buf == NULL)
- {
- OPENSSL_free(frag);
- return NULL;
- }
- }
-
- /* zero length fragment gets zero frag->fragment */
- frag->fragment = buf;
-
- return frag;
- }
-
-static void
-dtls1_hm_fragment_free(hm_fragment *frag)
- {
- if (frag->fragment) OPENSSL_free(frag->fragment);
- OPENSSL_free(frag);
- }
-
-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
-int dtls1_do_write(SSL *s, int type)
- {
- int ret;
- int curr_mtu;
- unsigned int len, frag_off;
-
- /* AHA! Figure out the MTU, and stick to the right size */
- if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
- {
- s->d1->mtu =
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-
- /* I've seen the kernel return bogus numbers when it doesn't know
- * (initial write), so just make sure we have a reasonable number */
- if ( s->d1->mtu < dtls1_min_mtu())
- {
- s->d1->mtu = 0;
- s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
- BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
- s->d1->mtu, NULL);
- }
- }
-#if 0
- mtu = s->d1->mtu;
-
- fprintf(stderr, "using MTU = %d\n", mtu);
-
- mtu -= (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
-
- curr_mtu = mtu - BIO_wpending(SSL_get_wbio(s));
-
- if ( curr_mtu > 0)
- mtu = curr_mtu;
- else if ( ( ret = BIO_flush(SSL_get_wbio(s))) <= 0)
- return ret;
-
- if ( BIO_wpending(SSL_get_wbio(s)) + s->init_num >= mtu)
- {
- ret = BIO_flush(SSL_get_wbio(s));
- if ( ret <= 0)
- return ret;
- mtu = s->d1->mtu - (DTLS1_HM_HEADER_LENGTH + DTLS1_RT_HEADER_LENGTH);
- }
-
- OPENSSL_assert(mtu > 0); /* should have something reasonable now */
-
-#endif
-
- if ( s->init_off == 0 && type == SSL3_RT_HANDSHAKE)
- OPENSSL_assert(s->init_num ==
- (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
-
- frag_off = 0;
- while( s->init_num)
- {
- curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
- DTLS1_RT_HEADER_LENGTH;
-
- if ( curr_mtu <= DTLS1_HM_HEADER_LENGTH)
- {
- /* grr.. we could get an error if MTU picked was wrong */
- ret = BIO_flush(SSL_get_wbio(s));
- if ( ret <= 0)
- return ret;
- curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH;
- }
-
- if ( s->init_num > curr_mtu)
- len = curr_mtu;
- else
- len = s->init_num;
-
-
- /* XDTLS: this function is too long. split out the CCS part */
- if ( type == SSL3_RT_HANDSHAKE)
- {
- if ( s->init_off != 0)
- {
- OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
- s->init_off -= DTLS1_HM_HEADER_LENGTH;
- s->init_num += DTLS1_HM_HEADER_LENGTH;
-
- /* write atleast DTLS1_HM_HEADER_LENGTH bytes */
- if ( len <= DTLS1_HM_HEADER_LENGTH)
- len += DTLS1_HM_HEADER_LENGTH;
- }
-
- dtls1_fix_message_header(s, frag_off,
- len - DTLS1_HM_HEADER_LENGTH);
-
- dtls1_write_message_header(s, (unsigned char *)&s->init_buf->data[s->init_off]);
-
- OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
- }
-
- ret=dtls1_write_bytes(s,type,&s->init_buf->data[s->init_off],
- len);
- if (ret < 0)
- {
- /* might need to update MTU here, but we don't know
- * which previous packet caused the failure -- so can't
- * really retransmit anything. continue as if everything
- * is fine and wait for an alert to handle the
- * retransmit
- */
- if ( BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL))
- s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
- BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
- else
- return(-1);
- }
- else
- {
-
- /* bad if this assert fails, only part of the handshake
- * message got sent. but why would this happen? */
- OPENSSL_assert(len == (unsigned int)ret);
-
- if (type == SSL3_RT_HANDSHAKE && ! s->d1->retransmitting)
- {
- /* should not be done for 'Hello Request's, but in that case
- * we'll ignore the result anyway */
- unsigned char *p = &s->init_buf->data[s->init_off];
- const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
- int len;
-
- if (frag_off == 0 && s->client_version != DTLS1_BAD_VER)
- {
- /* reconstruct message header is if it
- * is being sent in single fragment */
- *p++ = msg_hdr->type;
- l2n3(msg_hdr->msg_len,p);
- s2n (msg_hdr->seq,p);
- l2n3(0,p);
- l2n3(msg_hdr->msg_len,p);
- p -= DTLS1_HM_HEADER_LENGTH;
- len = ret;
- }
- else
- {
- p += DTLS1_HM_HEADER_LENGTH;
- len = ret - DTLS1_HM_HEADER_LENGTH;
- }
-
- ssl3_finish_mac(s, p, len);
- }
-
- if (ret == s->init_num)
- {
- if (s->msg_callback)
- s->msg_callback(1, s->version, type, s->init_buf->data,
- (size_t)(s->init_off + s->init_num), s,
- s->msg_callback_arg);
-
- s->init_off = 0; /* done writing this message */
- s->init_num = 0;
-
- return(1);
- }
- s->init_off+=ret;
- s->init_num-=ret;
- frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
- }
- }
- return(0);
- }
-
-
-/* Obtain handshake message of message type 'mt' (any if mt == -1),
- * maximum acceptable body length 'max'.
- * Read an entire handshake message. Handshake messages arrive in
- * fragments.
- */
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
- {
- int i, al;
- struct hm_header_st *msg_hdr;
-
- /* s3->tmp is used to store messages that are unexpected, caused
- * by the absence of an optional handshake message */
- if (s->s3->tmp.reuse_message)
- {
- s->s3->tmp.reuse_message=0;
- if ((mt >= 0) && (s->s3->tmp.message_type != mt))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
- }
- *ok=1;
- s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
- s->init_num = (int)s->s3->tmp.message_size;
- return s->init_num;
- }
-
- msg_hdr = &s->d1->r_msg_hdr;
- do
- {
- if ( msg_hdr->frag_off == 0)
- {
- /* s->d1->r_message_header.msg_len = 0; */
- memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
- }
-
- i = dtls1_get_message_fragment(s, st1, stn, max, ok);
- if ( i == DTLS1_HM_BAD_FRAGMENT ||
- i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */
- continue;
- else if ( i <= 0 && !*ok)
- return i;
-
- /* Note that s->init_sum is used as a counter summing
- * up fragments' lengths: as soon as they sum up to
- * handshake packet length, we assume we have got all
- * the fragments. Overlapping fragments would cause
- * premature termination, so we don't expect overlaps.
- * Well, handling overlaps would require something more
- * drastic. Indeed, as it is now there is no way to
- * tell if out-of-order fragment from the middle was
- * the last. '>=' is the best/least we can do to control
- * the potential damage caused by malformed overlaps. */
- if ((unsigned int)s->init_num >= msg_hdr->msg_len)
- {
- unsigned char *p = s->init_buf->data;
- unsigned long msg_len = msg_hdr->msg_len;
-
- /* reconstruct message header as if it was
- * sent in single fragment */
- *(p++) = msg_hdr->type;
- l2n3(msg_len,p);
- s2n (msg_hdr->seq,p);
- l2n3(0,p);
- l2n3(msg_len,p);
- if (s->client_version != DTLS1_BAD_VER)
- p -= DTLS1_HM_HEADER_LENGTH,
- msg_len += DTLS1_HM_HEADER_LENGTH;
-
- ssl3_finish_mac(s, p, msg_len);
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
- p, msg_len,
- s, s->msg_callback_arg);
-
- memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
-
- s->d1->handshake_read_seq++;
- /* we just read a handshake message from the other side:
- * this means that we don't need to retransmit of the
- * buffered messages.
- * XDTLS: may be able clear out this
- * buffer a little sooner (i.e if an out-of-order
- * handshake message/record is received at the record
- * layer.
- * XDTLS: exception is that the server needs to
- * know that change cipher spec and finished messages
- * have been received by the client before clearing this
- * buffer. this can simply be done by waiting for the
- * first data segment, but is there a better way? */
- dtls1_clear_record_buffer(s);
-
- s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
- return s->init_num;
- }
- else
- msg_hdr->frag_off = i;
- } while(1) ;
-
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- *ok = 0;
- return -1;
- }
-
-
-static int dtls1_preprocess_fragment(SSL *s,struct hm_header_st *msg_hdr,int max)
- {
- size_t frag_off,frag_len,msg_len;
-
- msg_len = msg_hdr->msg_len;
- frag_off = msg_hdr->frag_off;
- frag_len = msg_hdr->frag_len;
-
- /* sanity checking */
- if ( (frag_off+frag_len) > msg_len)
- {
- SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
- return SSL_AD_ILLEGAL_PARAMETER;
- }
-
- if ( (frag_off+frag_len) > (unsigned long)max)
- {
- SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
- return SSL_AD_ILLEGAL_PARAMETER;
- }
-
- if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
- {
- /* msg_len is limited to 2^24, but is effectively checked
- * against max above */
- if (!BUF_MEM_grow_clean(s->init_buf,(int)msg_len+DTLS1_HM_HEADER_LENGTH))
- {
- SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,ERR_R_BUF_LIB);
- return SSL_AD_INTERNAL_ERROR;
- }
-
- s->s3->tmp.message_size = msg_len;
- s->d1->r_msg_hdr.msg_len = msg_len;
- s->s3->tmp.message_type = msg_hdr->type;
- s->d1->r_msg_hdr.type = msg_hdr->type;
- s->d1->r_msg_hdr.seq = msg_hdr->seq;
- }
- else if (msg_len != s->d1->r_msg_hdr.msg_len)
- {
- /* They must be playing with us! BTW, failure to enforce
- * upper limit would open possibility for buffer overrun. */
- SSLerr(SSL_F_DTLS1_PREPROCESS_FRAGMENT,SSL_R_EXCESSIVE_MESSAGE_SIZE);
- return SSL_AD_ILLEGAL_PARAMETER;
- }
-
- return 0; /* no error */
- }
-
-
-static int
-dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
- {
- /* (0) check whether the desired fragment is available
- * if so:
- * (1) copy over the fragment to s->init_buf->data[]
- * (2) update s->init_num
- */
- pitem *item;
- hm_fragment *frag;
- int al;
-
- *ok = 0;
- item = pqueue_peek(s->d1->buffered_messages);
- if ( item == NULL)
- return 0;
-
- frag = (hm_fragment *)item->data;
-
- if ( s->d1->handshake_read_seq == frag->msg_header.seq)
- {
- pqueue_pop(s->d1->buffered_messages);
-
- al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
-
- if (al==0) /* no alert */
- {
- unsigned char *p = s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
- memcpy(&p[frag->msg_header.frag_off],
- frag->fragment,frag->msg_header.frag_len);
- }
-
- dtls1_hm_fragment_free(frag);
- pitem_free(item);
-
- if (al==0)
- {
- *ok = 1;
- return frag->msg_header.frag_len;
- }
-
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- s->init_num = 0;
- *ok = 0;
- return -1;
- }
- else
- return 0;
- }
-
-
-static int
-dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
-{
- int i=-1;
- hm_fragment *frag = NULL;
- pitem *item = NULL;
- PQ_64BIT seq64;
- unsigned long frag_len = msg_hdr->frag_len;
-
- if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
- goto err;
-
- if (msg_hdr->seq <= s->d1->handshake_read_seq)
- {
- unsigned char devnull [256];
-
- while (frag_len)
- {
- i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- devnull,
- frag_len>sizeof(devnull)?sizeof(devnull):frag_len,0);
- if (i<=0) goto err;
- frag_len -= i;
- }
- }
-
- frag = dtls1_hm_fragment_new(frag_len);
- if ( frag == NULL)
- goto err;
-
- memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
-
- if (frag_len)
- {
- /* read the body of the fragment (header has already been read */
- i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- frag->fragment,frag_len,0);
- if (i<=0 || (unsigned long)i!=frag_len)
- goto err;
- }
-
- pq_64bit_init(&seq64);
- pq_64bit_assign_word(&seq64, msg_hdr->seq);
-
- item = pitem_new(seq64, frag);
- pq_64bit_free(&seq64);
- if ( item == NULL)
- goto err;
-
- pqueue_insert(s->d1->buffered_messages, item);
- return DTLS1_HM_FRAGMENT_RETRY;
-
-err:
- if ( frag != NULL) dtls1_hm_fragment_free(frag);
- if ( item != NULL) OPENSSL_free(item);
- *ok = 0;
- return i;
- }
-
-
-static long
-dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
- {
- unsigned char wire[DTLS1_HM_HEADER_LENGTH];
- unsigned long l, frag_off, frag_len;
- int i,al;
- struct hm_header_st msg_hdr;
-
- /* see if we have the required fragment already */
- if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok)
- {
- if (*ok) s->init_num += frag_len;
- return frag_len;
- }
-
- /* read handshake message header */
- i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,wire,
- DTLS1_HM_HEADER_LENGTH, 0);
- if (i <= 0) /* nbio, or an error */
- {
- s->rwstate=SSL_READING;
- *ok = 0;
- return i;
- }
- OPENSSL_assert(i == DTLS1_HM_HEADER_LENGTH);
-
- /* parse the message fragment header */
- dtls1_get_message_header(wire, &msg_hdr);
-
- /*
- * if this is a future (or stale) message it gets buffered
- * (or dropped)--no further processing at this time
- */
- if ( msg_hdr.seq != s->d1->handshake_read_seq)
- return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
-
- l = msg_hdr.msg_len;
- frag_off = msg_hdr.frag_off;
- frag_len = msg_hdr.frag_len;
-
- if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
- wire[0] == SSL3_MT_HELLO_REQUEST)
- {
- /* The server may always send 'Hello Request' messages --
- * we are doing a handshake anyway now, so ignore them
- * if their format is correct. Does not count for
- * 'Finished' MAC. */
- if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0)
- {
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
- wire, DTLS1_HM_HEADER_LENGTH, s,
- s->msg_callback_arg);
-
- s->init_num = 0;
- return dtls1_get_message_fragment(s, st1, stn,
- max, ok);
- }
- else /* Incorrectly formated Hello request */
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT,SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
- }
- }
-
- if ((al=dtls1_preprocess_fragment(s,&msg_hdr,max)))
- goto f_err;
-
- /* XDTLS: ressurect this when restart is in place */
- s->state=stn;
-
- if ( frag_len > 0)
- {
- unsigned char *p=s->init_buf->data+DTLS1_HM_HEADER_LENGTH;
-
- i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- &p[frag_off],frag_len,0);
- /* XDTLS: fix this--message fragments cannot span multiple packets */
- if (i <= 0)
- {
- s->rwstate=SSL_READING;
- *ok = 0;
- return i;
- }
- }
- else
- i = 0;
-
- /* XDTLS: an incorrectly formatted fragment should cause the
- * handshake to fail */
- OPENSSL_assert(i == (int)frag_len);
-
- *ok = 1;
-
- /* Note that s->init_num is *not* used as current offset in
- * s->init_buf->data, but as a counter summing up fragments'
- * lengths: as soon as they sum up to handshake packet
- * length, we assume we have got all the fragments. */
- s->init_num += frag_len;
- return frag_len;
-
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- s->init_num = 0;
-
- *ok=0;
- return(-1);
- }
-
-int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen)
- {
- unsigned char *p,*d;
- int i;
- unsigned long l;
-
- if (s->state == a)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[DTLS1_HM_HEADER_LENGTH]);
-
- i=s->method->ssl3_enc->final_finish_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->finish_dgst2),
- sender,slen,s->s3->tmp.finish_md);
- s->s3->tmp.finish_md_len = i;
- memcpy(p, s->s3->tmp.finish_md, i);
- p+=i;
- l=i;
-
-#ifdef OPENSSL_SYS_WIN16
- /* MSVC 1.5 does not clear the top bytes of the word unless
- * I do this.
- */
- l&=0xffff;
-#endif
-
- d = dtls1_set_message_header(s, d, SSL3_MT_FINISHED, l, 0, l);
- s->init_num=(int)l+DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
-
- s->state=b;
- }
-
- /* SSL3_ST_SEND_xxxxxx_HELLO_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-/* for these 2 messages, we need to
- * ssl->enc_read_ctx re-init
- * ssl->s3->read_sequence zero
- * ssl->s3->read_mac_secret re-init
- * ssl->session->read_sym_enc assign
- * ssl->session->read_compression assign
- * ssl->session->read_hash assign
- */
-int dtls1_send_change_cipher_spec(SSL *s, int a, int b)
- {
- unsigned char *p;
-
- if (s->state == a)
- {
- p=(unsigned char *)s->init_buf->data;
- *p++=SSL3_MT_CCS;
- s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
- s->d1->next_handshake_write_seq++;
- s->init_num=DTLS1_CCS_HEADER_LENGTH;
-
- if (s->client_version == DTLS1_BAD_VER)
- {
- s2n(s->d1->handshake_write_seq,p);
- s->init_num+=2;
- }
-
- s->init_off=0;
-
- dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
- s->d1->handshake_write_seq, 0, 0);
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 1);
-
- s->state=b;
- }
-
- /* SSL3_ST_CW_CHANGE_B */
- return(dtls1_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
- }
-
-unsigned long dtls1_output_cert_chain(SSL *s, X509 *x)
- {
- unsigned char *p;
- int n,i;
- unsigned long l= 3 + DTLS1_HM_HEADER_LENGTH;
- BUF_MEM *buf;
- X509_STORE_CTX xs_ctx;
- X509_OBJECT obj;
-
- /* TLSv1 sends a chain with nothing in it, instead of an alert */
- buf=s->init_buf;
- if (!BUF_MEM_grow_clean(buf,10))
- {
- SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
- return(0);
- }
- if (x != NULL)
- {
- if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
- {
- SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
- return(0);
- }
-
- for (;;)
- {
- n=i2d_X509(x,NULL);
- if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
- {
- SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
- return(0);
- }
- p=(unsigned char *)&(buf->data[l]);
- l2n3(n,p);
- i2d_X509(x,&p);
- l+=n+3;
- if (X509_NAME_cmp(X509_get_subject_name(x),
- X509_get_issuer_name(x)) == 0) break;
-
- i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
- X509_get_issuer_name(x),&obj);
- if (i <= 0) break;
- x=obj.data.x509;
- /* Count is one too high since the X509_STORE_get uped the
- * ref count */
- X509_free(x);
- }
-
- X509_STORE_CTX_cleanup(&xs_ctx);
- }
-
- /* Thawte special :-) */
- if (s->ctx->extra_certs != NULL)
- for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
- {
- x=sk_X509_value(s->ctx->extra_certs,i);
- n=i2d_X509(x,NULL);
- if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
- {
- SSLerr(SSL_F_DTLS1_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
- return(0);
- }
- p=(unsigned char *)&(buf->data[l]);
- l2n3(n,p);
- i2d_X509(x,&p);
- l+=n+3;
- }
-
- l-= (3 + DTLS1_HM_HEADER_LENGTH);
-
- p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
- l2n3(l,p);
- l+=3;
- p=(unsigned char *)&(buf->data[0]);
- p = dtls1_set_message_header(s, p, SSL3_MT_CERTIFICATE, l, 0, l);
-
- l+=DTLS1_HM_HEADER_LENGTH;
- return(l);
- }
-
-int dtls1_read_failed(SSL *s, int code)
- {
- DTLS1_STATE *state;
- BIO *bio;
- int send_alert = 0;
-
- if ( code > 0)
- {
- fprintf( stderr, "invalid state reached %s:%d", __FILE__, __LINE__);
- return 1;
- }
-
- bio = SSL_get_rbio(s);
- if ( ! BIO_dgram_recv_timedout(bio))
- {
- /* not a timeout, none of our business,
- let higher layers handle this. in fact it's probably an error */
- return code;
- }
-
- if ( ! SSL_in_init(s)) /* done, no need to send a retransmit */
- {
- BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
- return code;
- }
-
- state = s->d1;
- state->timeout.num_alerts++;
- if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
- {
- /* fail the connection, enough alerts have been sent */
- SSLerr(SSL_F_DTLS1_READ_FAILED,SSL_R_READ_TIMEOUT_EXPIRED);
- return 0;
- }
-
- state->timeout.read_timeouts++;
- if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
- {
- send_alert = 1;
- state->timeout.read_timeouts = 1;
- }
-
-
-#if 0 /* for now, each alert contains only one record number */
- item = pqueue_peek(state->rcvd_records);
- if ( item )
- {
- /* send an alert immediately for all the missing records */
- }
- else
-#endif
-
-#if 0 /* no more alert sending, just retransmit the last set of messages */
- if ( send_alert)
- ssl3_send_alert(s,SSL3_AL_WARNING,
- DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
-#endif
-
- return dtls1_retransmit_buffered_messages(s) ;
- }
-
-
-static int
-dtls1_retransmit_buffered_messages(SSL *s)
- {
- pqueue sent = s->d1->sent_messages;
- piterator iter;
- pitem *item;
- hm_fragment *frag;
- int found = 0;
-
- iter = pqueue_iterator(sent);
-
- for ( item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter))
- {
- frag = (hm_fragment *)item->data;
- if ( dtls1_retransmit_message(s, frag->msg_header.seq, 0, &found) <= 0 &&
- found)
- {
- fprintf(stderr, "dtls1_retransmit_message() failed\n");
- return -1;
- }
- }
-
- return 1;
- }
-
-int
-dtls1_buffer_message(SSL *s, int is_ccs)
- {
- pitem *item;
- hm_fragment *frag;
- PQ_64BIT seq64;
-
- /* this function is called immediately after a message has
- * been serialized */
- OPENSSL_assert(s->init_off == 0);
-
- frag = dtls1_hm_fragment_new(s->init_num);
-
- memcpy(frag->fragment, s->init_buf->data, s->init_num);
-
- if ( is_ccs)
- {
- OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- DTLS1_CCS_HEADER_LENGTH <= (unsigned int)s->init_num);
- }
- else
- {
- OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
- DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num);
- }
-
- frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
- frag->msg_header.seq = s->d1->w_msg_hdr.seq;
- frag->msg_header.type = s->d1->w_msg_hdr.type;
- frag->msg_header.frag_off = 0;
- frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
- frag->msg_header.is_ccs = is_ccs;
-
- pq_64bit_init(&seq64);
- pq_64bit_assign_word(&seq64, frag->msg_header.seq);
-
- item = pitem_new(seq64, frag);
- pq_64bit_free(&seq64);
- if ( item == NULL)
- {
- dtls1_hm_fragment_free(frag);
- return 0;
- }
-
-#if 0
- fprintf( stderr, "buffered messge: \ttype = %xx\n", msg_buf->type);
- fprintf( stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len);
- fprintf( stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num);
-#endif
-
- pqueue_insert(s->d1->sent_messages, item);
- return 1;
- }
-
-int
-dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
- int *found)
- {
- int ret;
- /* XDTLS: for now assuming that read/writes are blocking */
- pitem *item;
- hm_fragment *frag ;
- unsigned long header_length;
- PQ_64BIT seq64;
-
- /*
- OPENSSL_assert(s->init_num == 0);
- OPENSSL_assert(s->init_off == 0);
- */
-
- /* XDTLS: the requested message ought to be found, otherwise error */
- pq_64bit_init(&seq64);
- pq_64bit_assign_word(&seq64, seq);
-
- item = pqueue_find(s->d1->sent_messages, seq64);
- pq_64bit_free(&seq64);
- if ( item == NULL)
- {
- fprintf(stderr, "retransmit: message %d non-existant\n", seq);
- *found = 0;
- return 0;
- }
-
- *found = 1;
- frag = (hm_fragment *)item->data;
-
- if ( frag->msg_header.is_ccs)
- header_length = DTLS1_CCS_HEADER_LENGTH;
- else
- header_length = DTLS1_HM_HEADER_LENGTH;
-
- memcpy(s->init_buf->data, frag->fragment,
- frag->msg_header.msg_len + header_length);
- s->init_num = frag->msg_header.msg_len + header_length;
-
- dtls1_set_message_header_int(s, frag->msg_header.type,
- frag->msg_header.msg_len, frag->msg_header.seq, 0,
- frag->msg_header.frag_len);
-
- s->d1->retransmitting = 1;
- ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
- SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
- s->d1->retransmitting = 0;
-
- (void)BIO_flush(SSL_get_wbio(s));
- return ret;
- }
-
-/* call this function when the buffered messages are no longer needed */
-void
-dtls1_clear_record_buffer(SSL *s)
- {
- pitem *item;
-
- for(item = pqueue_pop(s->d1->sent_messages);
- item != NULL; item = pqueue_pop(s->d1->sent_messages))
- {
- dtls1_hm_fragment_free((hm_fragment *)item->data);
- pitem_free(item);
- }
- }
-
-
-unsigned char *
-dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
- unsigned long len, unsigned long frag_off, unsigned long frag_len)
- {
- if ( frag_off == 0)
- {
- s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
- s->d1->next_handshake_write_seq++;
- }
-
- dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
- frag_off, frag_len);
-
- return p += DTLS1_HM_HEADER_LENGTH;
- }
-
-
-/* don't actually do the writing, wait till the MTU has been retrieved */
-static void
-dtls1_set_message_header_int(SSL *s, unsigned char mt,
- unsigned long len, unsigned short seq_num, unsigned long frag_off,
- unsigned long frag_len)
- {
- struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-
- msg_hdr->type = mt;
- msg_hdr->msg_len = len;
- msg_hdr->seq = seq_num;
- msg_hdr->frag_off = frag_off;
- msg_hdr->frag_len = frag_len;
- }
-
-static void
-dtls1_fix_message_header(SSL *s, unsigned long frag_off,
- unsigned long frag_len)
- {
- struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-
- msg_hdr->frag_off = frag_off;
- msg_hdr->frag_len = frag_len;
- }
-
-static unsigned char *
-dtls1_write_message_header(SSL *s, unsigned char *p)
- {
- struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-
- *p++ = msg_hdr->type;
- l2n3(msg_hdr->msg_len, p);
-
- s2n(msg_hdr->seq, p);
- l2n3(msg_hdr->frag_off, p);
- l2n3(msg_hdr->frag_len, p);
-
- return p;
- }
-
-static unsigned int
-dtls1_min_mtu(void)
- {
- return (g_probable_mtu[(sizeof(g_probable_mtu) /
- sizeof(g_probable_mtu[0])) - 1]);
- }
-
-static unsigned int
-dtls1_guess_mtu(unsigned int curr_mtu)
- {
- size_t i;
-
- if ( curr_mtu == 0 )
- return g_probable_mtu[0] ;
-
- for ( i = 0; i < sizeof(g_probable_mtu)/sizeof(g_probable_mtu[0]); i++)
- if ( curr_mtu > g_probable_mtu[i])
- return g_probable_mtu[i];
-
- return curr_mtu;
- }
-
-void
-dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
- {
- memset(msg_hdr, 0x00, sizeof(struct hm_header_st));
- msg_hdr->type = *(data++);
- n2l3(data, msg_hdr->msg_len);
-
- n2s(data, msg_hdr->seq);
- n2l3(data, msg_hdr->frag_off);
- n2l3(data, msg_hdr->frag_len);
- }
-
-void
-dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
- {
- memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st));
-
- ccs_hdr->type = *(data++);
- }
diff --git a/crypto/openssl/ssl/d1_clnt.c b/crypto/openssl/ssl/d1_clnt.c
deleted file mode 100644
index e8b60a4..0000000
--- a/crypto/openssl/ssl/d1_clnt.c
+++ /dev/null
@@ -1,1143 +0,0 @@
-/* ssl/d1_clnt.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-static SSL_METHOD *dtls1_get_client_method(int ver);
-static int dtls1_get_hello_verify(SSL *s);
-
-static SSL_METHOD *dtls1_get_client_method(int ver)
- {
- if (ver == DTLS1_VERSION)
- return(DTLSv1_client_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_dtls1_meth_func(DTLSv1_client_method,
- ssl_undefined_function,
- dtls1_connect,
- dtls1_get_client_method)
-
-int dtls1_connect(SSL *s)
- {
- BUF_MEM *buf=NULL;
- unsigned long Time=(unsigned long)time(NULL),l;
- long num1;
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int ret= -1;
- int new_state,state,skip=0;;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- for (;;)
- {
- state=s->state;
-
- switch(s->state)
- {
- case SSL_ST_RENEGOTIATE:
- s->new_session=1;
- s->state=SSL_ST_CONNECT;
- s->ctx->stats.sess_connect_renegotiate++;
- /* break */
- case SSL_ST_BEFORE:
- case SSL_ST_CONNECT:
- case SSL_ST_BEFORE|SSL_ST_CONNECT:
- case SSL_ST_OK|SSL_ST_CONNECT:
-
- s->server=0;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
- {
- SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
- ret = -1;
- goto end;
- }
-
- /* s->version=SSL3_VERSION; */
- s->type=SSL_ST_CONNECT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- buf=NULL;
- }
-
- if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
-
- /* setup buffing BIO */
- if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
-
- /* don't push the buffering BIO quite yet */
-
- ssl3_init_finished_mac(s);
-
- s->state=SSL3_ST_CW_CLNT_HELLO_A;
- s->ctx->stats.sess_connect++;
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_CLNT_HELLO_A:
- case SSL3_ST_CW_CLNT_HELLO_B:
-
- s->shutdown=0;
- ret=dtls1_client_hello(s);
- if (ret <= 0) goto end;
-
- if ( s->d1->send_cookie)
- {
- s->state=SSL3_ST_CW_FLUSH;
- s->s3->tmp.next_state=SSL3_ST_CR_SRVR_HELLO_A;
- }
- else
- s->state=SSL3_ST_CR_SRVR_HELLO_A;
-
- s->init_num=0;
-
- /* turn on buffering for the next lot of output */
- if (s->bbio != s->wbio)
- s->wbio=BIO_push(s->bbio,s->wbio);
-
- break;
-
- case SSL3_ST_CR_SRVR_HELLO_A:
- case SSL3_ST_CR_SRVR_HELLO_B:
- ret=ssl3_get_server_hello(s);
- if (ret <= 0) goto end;
- else
- {
- if (s->hit)
- s->state=SSL3_ST_CR_FINISHED_A;
- else
- s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
- }
- s->init_num=0;
- break;
-
- case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
- case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
-
- ret = dtls1_get_hello_verify(s);
- if ( ret <= 0)
- goto end;
- if ( s->d1->send_cookie) /* start again, with a cookie */
- s->state=SSL3_ST_CW_CLNT_HELLO_A;
- else
- s->state = SSL3_ST_CR_CERT_A;
- s->init_num = 0;
- break;
-
- case SSL3_ST_CR_CERT_A:
- case SSL3_ST_CR_CERT_B:
- /* Check if it is anon DH */
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- ret=ssl3_get_server_certificate(s);
- if (ret <= 0) goto end;
- }
- else
- skip=1;
- s->state=SSL3_ST_CR_KEY_EXCH_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_KEY_EXCH_A:
- case SSL3_ST_CR_KEY_EXCH_B:
- ret=ssl3_get_key_exchange(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_CERT_REQ_A;
- s->init_num=0;
-
- /* at this point we check that we have the
- * required stuff from the server */
- if (!ssl3_check_cert_and_algorithm(s))
- {
- ret= -1;
- goto end;
- }
- break;
-
- case SSL3_ST_CR_CERT_REQ_A:
- case SSL3_ST_CR_CERT_REQ_B:
- ret=ssl3_get_certificate_request(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_SRVR_DONE_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_SRVR_DONE_A:
- case SSL3_ST_CR_SRVR_DONE_B:
- ret=ssl3_get_server_done(s);
- if (ret <= 0) goto end;
- if (s->s3->tmp.cert_req)
- s->state=SSL3_ST_CW_CERT_A;
- else
- s->state=SSL3_ST_CW_KEY_EXCH_A;
- s->init_num=0;
-
- break;
-
- case SSL3_ST_CW_CERT_A:
- case SSL3_ST_CW_CERT_B:
- case SSL3_ST_CW_CERT_C:
- case SSL3_ST_CW_CERT_D:
- ret=dtls1_send_client_certificate(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_KEY_EXCH_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_KEY_EXCH_A:
- case SSL3_ST_CW_KEY_EXCH_B:
- ret=dtls1_send_client_key_exchange(s);
- if (ret <= 0) goto end;
- l=s->s3->tmp.new_cipher->algorithms;
- /* EAY EAY EAY need to check for DH fix cert
- * sent back */
- /* For TLS, cert_req is set to 2, so a cert chain
- * of nothing is sent, but no verify packet is sent */
- if (s->s3->tmp.cert_req == 1)
- {
- s->state=SSL3_ST_CW_CERT_VRFY_A;
- }
- else
- {
- s->state=SSL3_ST_CW_CHANGE_A;
- s->s3->change_cipher_spec=0;
- }
-
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_CERT_VRFY_A:
- case SSL3_ST_CW_CERT_VRFY_B:
- ret=dtls1_send_client_verify(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_CHANGE_A;
- s->init_num=0;
- s->s3->change_cipher_spec=0;
- break;
-
- case SSL3_ST_CW_CHANGE_A:
- case SSL3_ST_CW_CHANGE_B:
- ret=dtls1_send_change_cipher_spec(s,
- SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_FINISHED_A;
- s->init_num=0;
-
- s->session->cipher=s->s3->tmp.new_cipher;
-#ifdef OPENSSL_NO_COMP
- s->session->compress_meth=0;
-#else
- if (s->s3->tmp.new_compression == NULL)
- s->session->compress_meth=0;
- else
- s->session->compress_meth=
- s->s3->tmp.new_compression->id;
-#endif
- if (!s->method->ssl3_enc->setup_key_block(s))
- {
- ret= -1;
- goto end;
- }
-
- if (!s->method->ssl3_enc->change_cipher_state(s,
- SSL3_CHANGE_CIPHER_CLIENT_WRITE))
- {
- ret= -1;
- goto end;
- }
-
- dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
- break;
-
- case SSL3_ST_CW_FINISHED_A:
- case SSL3_ST_CW_FINISHED_B:
- ret=dtls1_send_finished(s,
- SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
- s->method->ssl3_enc->client_finished_label,
- s->method->ssl3_enc->client_finished_label_len);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_FLUSH;
-
- /* clear flags */
- s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
- if (s->hit)
- {
- s->s3->tmp.next_state=SSL_ST_OK;
- if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
- {
- s->state=SSL_ST_OK;
- s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
- s->s3->delay_buf_pop_ret=0;
- }
- }
- else
- {
- s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
- }
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_FINISHED_A:
- case SSL3_ST_CR_FINISHED_B:
-
- ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
- SSL3_ST_CR_FINISHED_B);
- if (ret <= 0) goto end;
-
- if (s->hit)
- s->state=SSL3_ST_CW_CHANGE_A;
- else
- s->state=SSL_ST_OK;
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_FLUSH:
- /* number of bytes to be flushed */
- num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
- if (num1 > 0)
- {
- s->rwstate=SSL_WRITING;
- num1=BIO_flush(s->wbio);
- if (num1 <= 0) { ret= -1; goto end; }
- s->rwstate=SSL_NOTHING;
- }
-
- s->state=s->s3->tmp.next_state;
- break;
-
- case SSL_ST_OK:
- /* clean a few things up */
- ssl3_cleanup_key_block(s);
-
-#if 0
- if (s->init_buf != NULL)
- {
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
- }
-#endif
-
- /* If we are not 'joining' the last two packets,
- * remove the buffering now */
- if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
- ssl_free_wbio_buffer(s);
- /* else do it later in ssl3_write */
-
- s->init_num=0;
- s->new_session=0;
-
- ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
- if (s->hit) s->ctx->stats.sess_hit++;
-
- ret=1;
- /* s->server=0; */
- s->handshake_func=dtls1_connect;
- s->ctx->stats.sess_connect_good++;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
- /* done with handshaking */
- s->d1->handshake_read_seq = 0;
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_DTLS1_CONNECT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- /* did we do anything */
- if (!s->s3->tmp.reuse_message && !skip)
- {
- if (s->debug)
- {
- if ((ret=BIO_flush(s->wbio)) <= 0)
- goto end;
- }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_CONNECT_LOOP,1);
- s->state=new_state;
- }
- }
- skip=0;
- }
-end:
- s->in_handshake--;
- if (buf != NULL)
- BUF_MEM_free(buf);
- if (cb != NULL)
- cb(s,SSL_CB_CONNECT_EXIT,ret);
- return(ret);
- }
-
-int dtls1_client_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- unsigned int i,j;
- unsigned long Time,l;
- SSL_COMP *comp;
-
- buf=(unsigned char *)s->init_buf->data;
- if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
- {
- if ((s->session == NULL) ||
- (s->session->ssl_version != s->version) ||
- (s->session->not_resumable))
- {
- if (!ssl_get_new_session(s,0))
- goto err;
- }
- /* else use the pre-loaded session */
-
- p=s->s3->client_random;
- Time=(unsigned long)time(NULL); /* Time */
- l2n(Time,p);
- RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
-
- /* Do the message type and length last */
- d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
-
- *(p++)=s->version>>8;
- *(p++)=s->version&0xff;
- s->client_version=s->version;
-
- /* Random stuff */
- memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* Session ID */
- if (s->new_session)
- i=0;
- else
- i=s->session->session_id_length;
- *(p++)=i;
- if (i != 0)
- {
- if (i > sizeof s->session->session_id)
- {
- SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- memcpy(p,s->session->session_id,i);
- p+=i;
- }
-
- /* cookie stuff */
- if ( s->d1->cookie_len > sizeof(s->d1->cookie))
- {
- SSLerr(SSL_F_DTLS1_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- *(p++) = s->d1->cookie_len;
- memcpy(p, s->d1->cookie, s->d1->cookie_len);
- p += s->d1->cookie_len;
-
- /* Ciphers supported */
- i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
- if (i == 0)
- {
- SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
- goto err;
- }
- s2n(i,p);
- p+=i;
-
- /* COMPRESSION */
- if (s->ctx->comp_methods == NULL)
- j=0;
- else
- j=sk_SSL_COMP_num(s->ctx->comp_methods);
- *(p++)=1+j;
- for (i=0; i<j; i++)
- {
- comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
- *(p++)=comp->id;
- }
- *(p++)=0; /* Add the NULL method */
-
- l=(p-d);
- d=buf;
-
- d = dtls1_set_message_header(s, d, SSL3_MT_CLIENT_HELLO, l, 0, l);
-
- s->state=SSL3_ST_CW_CLNT_HELLO_B;
- /* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
-
- /* SSL3_ST_CW_CLNT_HELLO_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-static int dtls1_get_hello_verify(SSL *s)
- {
- int n, al, ok = 0;
- unsigned char *data;
- unsigned int cookie_len;
-
- n=s->method->ssl_get_message(s,
- DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
- DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B,
- -1,
- s->max_cert_list,
- &ok);
-
- if (!ok) return((int)n);
-
- if (s->s3->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST)
- {
- s->d1->send_cookie = 0;
- s->s3->tmp.reuse_message=1;
- return(1);
- }
-
- data = (unsigned char *)s->init_msg;
-
- if ((data[0] != (s->version>>8)) || (data[1] != (s->version&0xff)))
- {
- SSLerr(SSL_F_DTLS1_GET_HELLO_VERIFY,SSL_R_WRONG_SSL_VERSION);
- s->version=(s->version&0xff00)|data[1];
- al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- }
- data+=2;
-
- cookie_len = *(data++);
- if ( cookie_len > sizeof(s->d1->cookie))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- goto f_err;
- }
-
- memcpy(s->d1->cookie, data, cookie_len);
- s->d1->cookie_len = cookie_len;
-
- s->d1->send_cookie = 1;
- return 1;
-
-f_err:
- ssl3_send_alert(s, SSL3_AL_FATAL, al);
- return -1;
- }
-
-int dtls1_send_client_key_exchange(SSL *s)
- {
- unsigned char *p,*d;
- int n;
- unsigned long l;
-#ifndef OPENSSL_NO_RSA
- unsigned char *q;
- EVP_PKEY *pkey=NULL;
-#endif
-#ifndef OPENSSL_NO_KRB5
- KSSL_ERR kssl_err;
-#endif /* OPENSSL_NO_KRB5 */
-
- if (s->state == SSL3_ST_CW_KEY_EXCH_A)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[DTLS1_HM_HEADER_LENGTH]);
-
- l=s->s3->tmp.new_cipher->algorithms;
-
- /* Fool emacs indentation */
- if (0) {}
-#ifndef OPENSSL_NO_RSA
- else if (l & SSL_kRSA)
- {
- RSA *rsa;
- unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-
- if (s->session->sess_cert->peer_rsa_tmp != NULL)
- rsa=s->session->sess_cert->peer_rsa_tmp;
- else
- {
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
- if ((pkey == NULL) ||
- (pkey->type != EVP_PKEY_RSA) ||
- (pkey->pkey.rsa == NULL))
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- goto err;
- }
- rsa=pkey->pkey.rsa;
- EVP_PKEY_free(pkey);
- }
-
- tmp_buf[0]=s->client_version>>8;
- tmp_buf[1]=s->client_version&0xff;
- if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
- goto err;
-
- s->session->master_key_length=sizeof tmp_buf;
-
- q=p;
- /* Fix buf for TLS and beyond */
- if (s->version > SSL3_VERSION)
- p+=2;
- n=RSA_public_encrypt(sizeof tmp_buf,
- tmp_buf,p,rsa,RSA_PKCS1_PADDING);
-#ifdef PKCS1_CHECK
- if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
- if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
-#endif
- if (n <= 0)
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
- goto err;
- }
-
- /* Fix buf for TLS and beyond */
- if (s->version > SSL3_VERSION)
- {
- s2n(n,q);
- n+=2;
- }
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,
- tmp_buf,sizeof tmp_buf);
- OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
- }
-#endif
-#ifndef OPENSSL_NO_KRB5
- else if (l & SSL_kKRB5)
- {
- krb5_error_code krb5rc;
- KSSL_CTX *kssl_ctx = s->kssl_ctx;
- /* krb5_data krb5_ap_req; */
- krb5_data *enc_ticket;
- krb5_data authenticator, *authp = NULL;
- EVP_CIPHER_CTX ciph_ctx;
- EVP_CIPHER *enc = NULL;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
- unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
- + EVP_MAX_IV_LENGTH];
- int padl, outl = sizeof(epms);
-
- EVP_CIPHER_CTX_init(&ciph_ctx);
-
-#ifdef KSSL_DEBUG
- printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
- l, SSL_kKRB5);
-#endif /* KSSL_DEBUG */
-
- authp = NULL;
-#ifdef KRB5SENDAUTH
- if (KRB5SENDAUTH) authp = &authenticator;
-#endif /* KRB5SENDAUTH */
-
- krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
- &kssl_err);
- enc = kssl_map_enc(kssl_ctx->enctype);
- if (enc == NULL)
- goto err;
-#ifdef KSSL_DEBUG
- {
- printf("kssl_cget_tkt rtn %d\n", krb5rc);
- if (krb5rc && kssl_err.text)
- printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
- }
-#endif /* KSSL_DEBUG */
-
- if (krb5rc)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,
- SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,
- kssl_err.reason);
- goto err;
- }
-
- /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
- ** in place of RFC 2712 KerberosWrapper, as in:
- **
- ** Send ticket (copy to *p, set n = length)
- ** n = krb5_ap_req.length;
- ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
- ** if (krb5_ap_req.data)
- ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
- **
- ** Now using real RFC 2712 KerberosWrapper
- ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
- ** Note: 2712 "opaque" types are here replaced
- ** with a 2-byte length followed by the value.
- ** Example:
- ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
- ** Where "xx xx" = length bytes. Shown here with
- ** optional authenticator omitted.
- */
-
- /* KerberosWrapper.Ticket */
- s2n(enc_ticket->length,p);
- memcpy(p, enc_ticket->data, enc_ticket->length);
- p+= enc_ticket->length;
- n = enc_ticket->length + 2;
-
- /* KerberosWrapper.Authenticator */
- if (authp && authp->length)
- {
- s2n(authp->length,p);
- memcpy(p, authp->data, authp->length);
- p+= authp->length;
- n+= authp->length + 2;
-
- free(authp->data);
- authp->data = NULL;
- authp->length = 0;
- }
- else
- {
- s2n(0,p);/* null authenticator length */
- n+=2;
- }
-
- if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
- goto err;
-
- /* 20010420 VRS. Tried it this way; failed.
- ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
- ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
- ** kssl_ctx->length);
- ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
- */
-
- memset(iv, 0, sizeof iv); /* per RFC 1510 */
- EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
- kssl_ctx->key,iv);
- EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
- sizeof tmp_buf);
- EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
- outl += padl;
- if (outl > sizeof epms)
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
- /* KerberosWrapper.EncryptedPreMasterSecret */
- s2n(outl,p);
- memcpy(p, epms, outl);
- p+=outl;
- n+=outl + 2;
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,
- tmp_buf, sizeof tmp_buf);
-
- OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
- OPENSSL_cleanse(epms, outl);
- }
-#endif
-#ifndef OPENSSL_NO_DH
- else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- {
- DH *dh_srvr,*dh_clnt;
-
- if (s->session->sess_cert->peer_dh_tmp != NULL)
- dh_srvr=s->session->sess_cert->peer_dh_tmp;
- else
- {
- /* we get them from the cert */
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
- goto err;
- }
-
- /* generate a new random key */
- if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- if (!DH_generate_key(dh_clnt))
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- /* use the 'p' output buffer for the DH key, but
- * make sure to clear it out afterwards */
-
- n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
-
- if (n <= 0)
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- /* generate master key from the result */
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,p,n);
- /* clean up */
- memset(p,0,n);
-
- /* send off the data */
- n=BN_num_bytes(dh_clnt->pub_key);
- s2n(n,p);
- BN_bn2bin(dh_clnt->pub_key,p);
- n+=2;
-
- DH_free(dh_clnt);
-
- /* perhaps clean things up a bit EAY EAY EAY EAY*/
- }
-#endif
- else
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- d = dtls1_set_message_header(s, d,
- SSL3_MT_CLIENT_KEY_EXCHANGE, n, 0, n);
- /*
- *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
- l2n3(n,d);
- l2n(s->d1->handshake_write_seq,d);
- s->d1->handshake_write_seq++;
- */
-
- s->state=SSL3_ST_CW_KEY_EXCH_B;
- /* number of bytes to write */
- s->init_num=n+DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
-
- /* SSL3_ST_CW_KEY_EXCH_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-int dtls1_send_client_verify(SSL *s)
- {
- unsigned char *p,*d;
- unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
- EVP_PKEY *pkey;
-#ifndef OPENSSL_NO_RSA
- unsigned u=0;
-#endif
- unsigned long n;
-#ifndef OPENSSL_NO_DSA
- int j;
-#endif
-
- if (s->state == SSL3_ST_CW_CERT_VRFY_A)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[DTLS1_HM_HEADER_LENGTH]);
- pkey=s->cert->key->privatekey;
-
- s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
- &(data[MD5_DIGEST_LENGTH]));
-
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst1),&(data[0]));
- if (RSA_sign(NID_md5_sha1, data,
- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
- &(p[2]), &u, pkey->pkey.rsa) <= 0 )
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
- goto err;
- }
- s2n(u,p);
- n=u+2;
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- if (!DSA_sign(pkey->save_type,
- &(data[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,&(p[2]),
- (unsigned int *)&j,pkey->pkey.dsa))
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
- goto err;
- }
- s2n(j,p);
- n=j+2;
- }
- else
-#endif
- {
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- d = dtls1_set_message_header(s, d,
- SSL3_MT_CERTIFICATE_VERIFY, n, 0, n) ;
-
- s->init_num=(int)n+DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
-
- s->state = SSL3_ST_CW_CERT_VRFY_B;
- }
-
- /* s->state = SSL3_ST_CW_CERT_VRFY_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-int dtls1_send_client_certificate(SSL *s)
- {
- X509 *x509=NULL;
- EVP_PKEY *pkey=NULL;
- int i;
- unsigned long l;
-
- if (s->state == SSL3_ST_CW_CERT_A)
- {
- if ((s->cert == NULL) ||
- (s->cert->key->x509 == NULL) ||
- (s->cert->key->privatekey == NULL))
- s->state=SSL3_ST_CW_CERT_B;
- else
- s->state=SSL3_ST_CW_CERT_C;
- }
-
- /* We need to get a client cert */
- if (s->state == SSL3_ST_CW_CERT_B)
- {
- /* If we get an error, we need to
- * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
- * We then get retied later */
- i=0;
- if (s->ctx->client_cert_cb != NULL)
- i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
- if (i < 0)
- {
- s->rwstate=SSL_X509_LOOKUP;
- return(-1);
- }
- s->rwstate=SSL_NOTHING;
- if ((i == 1) && (pkey != NULL) && (x509 != NULL))
- {
- s->state=SSL3_ST_CW_CERT_B;
- if ( !SSL_use_certificate(s,x509) ||
- !SSL_use_PrivateKey(s,pkey))
- i=0;
- }
- else if (i == 1)
- {
- i=0;
- SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
- }
-
- if (x509 != NULL) X509_free(x509);
- if (pkey != NULL) EVP_PKEY_free(pkey);
- if (i == 0)
- {
- if (s->version == SSL3_VERSION)
- {
- s->s3->tmp.cert_req=0;
- ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
- return(1);
- }
- else
- {
- s->s3->tmp.cert_req=2;
- }
- }
-
- /* Ok, we have a cert */
- s->state=SSL3_ST_CW_CERT_C;
- }
-
- if (s->state == SSL3_ST_CW_CERT_C)
- {
- s->state=SSL3_ST_CW_CERT_D;
- l=dtls1_output_cert_chain(s,
- (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
- s->init_num=(int)l;
- s->init_off=0;
-
- /* set header called by dtls1_output_cert_chain() */
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
- /* SSL3_ST_CW_CERT_D */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-
diff --git a/crypto/openssl/ssl/d1_enc.c b/crypto/openssl/ssl/d1_enc.c
deleted file mode 100644
index cbff749..0000000
--- a/crypto/openssl/ssl/d1_enc.c
+++ /dev/null
@@ -1,281 +0,0 @@
-/* ssl/d1_enc.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/comp.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/md5.h>
-#include <openssl/rand.h>
-
-
-int dtls1_enc(SSL *s, int send)
- {
- SSL3_RECORD *rec;
- EVP_CIPHER_CTX *ds;
- unsigned long l;
- int bs,i,ii,j,k,n=0;
- const EVP_CIPHER *enc;
-
- if (send)
- {
- if (s->write_hash != NULL)
- n=EVP_MD_size(s->write_hash);
- ds=s->enc_write_ctx;
- rec= &(s->s3->wrec);
- if (s->enc_write_ctx == NULL)
- enc=NULL;
- else
- {
- enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
- if ( rec->data != rec->input)
- /* we can't write into the input stream */
- fprintf(stderr, "%s:%d: rec->data != rec->input\n",
- __FILE__, __LINE__);
- else if ( EVP_CIPHER_block_size(ds->cipher) > 1)
- {
- if (!RAND_bytes(rec->input, EVP_CIPHER_block_size(ds->cipher)))
- return -1;
- }
- }
- }
- else
- {
- if (s->read_hash != NULL)
- n=EVP_MD_size(s->read_hash);
- ds=s->enc_read_ctx;
- rec= &(s->s3->rrec);
- if (s->enc_read_ctx == NULL)
- enc=NULL;
- else
- enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
- }
-
-#ifdef KSSL_DEBUG
- printf("dtls1_enc(%d)\n", send);
-#endif /* KSSL_DEBUG */
-
- if ((s->session == NULL) || (ds == NULL) ||
- (enc == NULL))
- {
- memmove(rec->data,rec->input,rec->length);
- rec->input=rec->data;
- }
- else
- {
- l=rec->length;
- bs=EVP_CIPHER_block_size(ds->cipher);
-
- if ((bs != 1) && send)
- {
- i=bs-((int)l%bs);
-
- /* Add weird padding of upto 256 bytes */
-
- /* we need to add 'i' padding bytes of value j */
- j=i-1;
- if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
- {
- if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
- j++;
- }
- for (k=(int)l; k<(int)(l+i); k++)
- rec->input[k]=j;
- l+=i;
- rec->length+=i;
- }
-
-#ifdef KSSL_DEBUG
- {
- unsigned long ui;
- printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
- ds,rec->data,rec->input,l);
- printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
- ds->buf_len, ds->cipher->key_len,
- DES_KEY_SZ, DES_SCHEDULE_SZ,
- ds->cipher->iv_len);
- printf("\t\tIV: ");
- for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
- printf("\n");
- printf("\trec->input=");
- for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
- if (!send)
- {
- if (l == 0 || l%bs != 0)
- {
- SSLerr(SSL_F_DTLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
- return 0;
- }
- }
-
- EVP_Cipher(ds,rec->data,rec->input,l);
-
-#ifdef KSSL_DEBUG
- {
- unsigned long i;
- printf("\trec->data=");
- for (i=0; i<l; i++)
- printf(" %02x", rec->data[i]); printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
- if ((bs != 1) && !send)
- {
- ii=i=rec->data[l-1]; /* padding_length */
- i++;
- if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
- {
- /* First packet is even in size, so check */
- if ((memcmp(s->s3->read_sequence,
- "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
- s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
- if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
- i--;
- }
- /* TLS 1.0 does not bound the number of padding bytes by the block size.
- * All of them must have value 'padding_length'. */
- if (i > (int)rec->length)
- {
- /* Incorrect padding. SSLerr() and ssl3_alert are done
- * by caller: we don't want to reveal whether this is
- * a decryption error or a MAC verification failure
- * (see http://www.openssl.org/~bodo/tls-cbc.txt)
- */
- return -1;
- }
- for (j=(int)(l-i); j<(int)l; j++)
- {
- if (rec->data[j] != ii)
- {
- /* Incorrect padding */
- return -1;
- }
- }
- rec->length-=i;
-
- rec->data += bs; /* skip the implicit IV */
- rec->input += bs;
- rec->length -= bs;
- }
- }
- return(1);
- }
-
diff --git a/crypto/openssl/ssl/d1_lib.c b/crypto/openssl/ssl/d1_lib.c
deleted file mode 100644
index d07a212..0000000
--- a/crypto/openssl/ssl/d1_lib.c
+++ /dev/null
@@ -1,190 +0,0 @@
-/* ssl/d1_lib.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-const char dtls1_version_str[]="DTLSv1" OPENSSL_VERSION_PTEXT;
-
-SSL3_ENC_METHOD DTLSv1_enc_data={
- dtls1_enc,
- tls1_mac,
- tls1_setup_key_block,
- tls1_generate_master_secret,
- tls1_change_cipher_state,
- tls1_final_finish_mac,
- TLS1_FINISH_MAC_LENGTH,
- tls1_cert_verify_mac,
- TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
- TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
- tls1_alert_code,
- };
-
-long dtls1_default_timeout(void)
- {
- /* 2 hours, the 24 hours mentioned in the DTLSv1 spec
- * is way too long for http, the cache would over fill */
- return(60*60*2);
- }
-
-IMPLEMENT_dtls1_meth_func(dtlsv1_base_method,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl_bad_method)
-
-int dtls1_new(SSL *s)
- {
- DTLS1_STATE *d1;
-
- if (!ssl3_new(s)) return(0);
- if ((d1=OPENSSL_malloc(sizeof *d1)) == NULL) return (0);
- memset(d1,0, sizeof *d1);
-
- /* d1->handshake_epoch=0; */
-#if defined(OPENSSL_SYS_VMS) || defined(VMS_TEST)
- d1->bitmap.length=64;
-#else
- d1->bitmap.length=sizeof(d1->bitmap.map) * 8;
-#endif
- pq_64bit_init(&(d1->bitmap.map));
- pq_64bit_init(&(d1->bitmap.max_seq_num));
-
- pq_64bit_init(&(d1->next_bitmap.map));
- pq_64bit_init(&(d1->next_bitmap.max_seq_num));
-
- d1->unprocessed_rcds.q=pqueue_new();
- d1->processed_rcds.q=pqueue_new();
- d1->buffered_messages = pqueue_new();
- d1->sent_messages=pqueue_new();
-
- if ( s->server)
- {
- d1->cookie_len = sizeof(s->d1->cookie);
- }
-
- if( ! d1->unprocessed_rcds.q || ! d1->processed_rcds.q
- || ! d1->buffered_messages || ! d1->sent_messages)
- {
- if ( d1->unprocessed_rcds.q) pqueue_free(d1->unprocessed_rcds.q);
- if ( d1->processed_rcds.q) pqueue_free(d1->processed_rcds.q);
- if ( d1->buffered_messages) pqueue_free(d1->buffered_messages);
- if ( d1->sent_messages) pqueue_free(d1->sent_messages);
- OPENSSL_free(d1);
- return (0);
- }
-
- s->d1=d1;
- s->method->ssl_clear(s);
- return(1);
- }
-
-void dtls1_free(SSL *s)
- {
- pitem *item = NULL;
- hm_fragment *frag = NULL;
-
- ssl3_free(s);
-
- while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
- {
- OPENSSL_free(item->data);
- pitem_free(item);
- }
- pqueue_free(s->d1->unprocessed_rcds.q);
-
- while( (item = pqueue_pop(s->d1->processed_rcds.q)) != NULL)
- {
- OPENSSL_free(item->data);
- pitem_free(item);
- }
- pqueue_free(s->d1->processed_rcds.q);
-
- while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
- {
- frag = (hm_fragment *)item->data;
- OPENSSL_free(frag->fragment);
- OPENSSL_free(frag);
- pitem_free(item);
- }
- pqueue_free(s->d1->buffered_messages);
-
- while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
- {
- frag = (hm_fragment *)item->data;
- OPENSSL_free(frag->fragment);
- OPENSSL_free(frag);
- pitem_free(item);
- }
- pqueue_free(s->d1->sent_messages);
-
- pq_64bit_free(&(s->d1->bitmap.map));
- pq_64bit_free(&(s->d1->bitmap.max_seq_num));
-
- pq_64bit_free(&(s->d1->next_bitmap.map));
- pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
-
- OPENSSL_free(s->d1);
- }
-
-void dtls1_clear(SSL *s)
- {
- ssl3_clear(s);
- s->version=DTLS1_VERSION;
- }
diff --git a/crypto/openssl/ssl/d1_meth.c b/crypto/openssl/ssl/d1_meth.c
deleted file mode 100644
index 8a6cf31..0000000
--- a/crypto/openssl/ssl/d1_meth.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/* ssl/d1_meth.h */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *dtls1_get_method(int ver);
-static SSL_METHOD *dtls1_get_method(int ver)
- {
- if (ver == DTLS1_VERSION)
- return(DTLSv1_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_dtls1_meth_func(DTLSv1_method,
- dtls1_accept,
- dtls1_connect,
- dtls1_get_method)
-
diff --git a/crypto/openssl/ssl/d1_pkt.c b/crypto/openssl/ssl/d1_pkt.c
deleted file mode 100644
index 8270419..0000000
--- a/crypto/openssl/ssl/d1_pkt.c
+++ /dev/null
@@ -1,1772 +0,0 @@
-/* ssl/d1_pkt.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-#include <openssl/pqueue.h>
-
-static int have_handshake_fragment(SSL *s, int type, unsigned char *buf,
- int len, int peek);
-static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
- PQ_64BIT *seq_num);
-static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
-static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
- unsigned int *is_next_epoch);
-#if 0
-static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
- unsigned short *priority, unsigned long *offset);
-#endif
-static int dtls1_buffer_record(SSL *s, record_pqueue *q,
- PQ_64BIT priority);
-static int dtls1_process_record(SSL *s);
-#if PQ_64BIT_IS_INTEGER
-static PQ_64BIT bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num);
-#endif
-static void dtls1_clear_timeouts(SSL *s);
-
-/* copy buffered record into SSL structure */
-static int
-dtls1_copy_record(SSL *s, pitem *item)
- {
- DTLS1_RECORD_DATA *rdata;
-
- rdata = (DTLS1_RECORD_DATA *)item->data;
-
- if (s->s3->rbuf.buf != NULL)
- OPENSSL_free(s->s3->rbuf.buf);
-
- s->packet = rdata->packet;
- s->packet_length = rdata->packet_length;
- memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
- memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
-
- return(1);
- }
-
-
-static int
-dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority)
-{
- DTLS1_RECORD_DATA *rdata;
- pitem *item;
-
- rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
- item = pitem_new(priority, rdata);
- if (rdata == NULL || item == NULL)
- {
- if (rdata != NULL) OPENSSL_free(rdata);
- if (item != NULL) pitem_free(item);
-
- SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
- return(0);
- }
-
- rdata->packet = s->packet;
- rdata->packet_length = s->packet_length;
- memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER));
- memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD));
-
- item->data = rdata;
-
- /* insert should not fail, since duplicates are dropped */
- if (pqueue_insert(queue->q, item) == NULL)
- {
- OPENSSL_free(rdata);
- pitem_free(item);
- return(0);
- }
-
- s->packet = NULL;
- s->packet_length = 0;
- memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER));
- memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD));
-
- if (!ssl3_setup_buffers(s))
- {
- SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR);
- OPENSSL_free(rdata);
- pitem_free(item);
- return(0);
- }
-
- return(1);
- }
-
-
-static int
-dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
- {
- pitem *item;
-
- item = pqueue_pop(queue->q);
- if (item)
- {
- dtls1_copy_record(s, item);
-
- OPENSSL_free(item->data);
- pitem_free(item);
-
- return(1);
- }
-
- return(0);
- }
-
-
-/* retrieve a buffered record that belongs to the new epoch, i.e., not processed
- * yet */
-#define dtls1_get_unprocessed_record(s) \
- dtls1_retrieve_buffered_record((s), \
- &((s)->d1->unprocessed_rcds))
-
-/* retrieve a buffered record that belongs to the current epoch, ie, processed */
-#define dtls1_get_processed_record(s) \
- dtls1_retrieve_buffered_record((s), \
- &((s)->d1->processed_rcds))
-
-static int
-dtls1_process_buffered_records(SSL *s)
- {
- pitem *item;
-
- item = pqueue_peek(s->d1->unprocessed_rcds.q);
- if (item)
- {
- DTLS1_RECORD_DATA *rdata;
- rdata = (DTLS1_RECORD_DATA *)item->data;
-
- /* Check if epoch is current. */
- if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
- return(1); /* Nothing to do. */
-
- /* Process all the records. */
- while (pqueue_peek(s->d1->unprocessed_rcds.q))
- {
- dtls1_get_unprocessed_record(s);
- if ( ! dtls1_process_record(s))
- return(0);
- dtls1_buffer_record(s, &(s->d1->processed_rcds),
- s->s3->rrec.seq_num);
- }
- }
-
- /* sync epoch numbers once all the unprocessed records
- * have been processed */
- s->d1->processed_rcds.epoch = s->d1->r_epoch;
- s->d1->unprocessed_rcds.epoch = s->d1->r_epoch + 1;
-
- return(1);
- }
-
-
-#if 0
-
-static int
-dtls1_get_buffered_record(SSL *s)
- {
- pitem *item;
- PQ_64BIT priority =
- (((PQ_64BIT)s->d1->handshake_read_seq) << 32) |
- ((PQ_64BIT)s->d1->r_msg_hdr.frag_off);
-
- if ( ! SSL_in_init(s)) /* if we're not (re)negotiating,
- nothing buffered */
- return 0;
-
-
- item = pqueue_peek(s->d1->rcvd_records);
- if (item && item->priority == priority)
- {
- /* Check if we've received the record of interest. It must be
- * a handshake record, since data records as passed up without
- * buffering */
- DTLS1_RECORD_DATA *rdata;
- item = pqueue_pop(s->d1->rcvd_records);
- rdata = (DTLS1_RECORD_DATA *)item->data;
-
- if (s->s3->rbuf.buf != NULL)
- OPENSSL_free(s->s3->rbuf.buf);
-
- s->packet = rdata->packet;
- s->packet_length = rdata->packet_length;
- memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER));
- memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD));
-
- OPENSSL_free(item->data);
- pitem_free(item);
-
- /* s->d1->next_expected_seq_num++; */
- return(1);
- }
-
- return 0;
- }
-
-#endif
-
-static int
-dtls1_process_record(SSL *s)
-{
- int i,al;
- int clear=0;
- int enc_err;
- SSL_SESSION *sess;
- SSL3_RECORD *rr;
- unsigned int mac_size;
- unsigned char md[EVP_MAX_MD_SIZE];
-
-
- rr= &(s->s3->rrec);
- sess = s->session;
-
- /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
- * and we have that many bytes in s->packet
- */
- rr->input= &(s->packet[DTLS1_RT_HEADER_LENGTH]);
-
- /* ok, we can now read from 's->packet' data into 'rr'
- * rr->input points at rr->length bytes, which
- * need to be copied into rr->data by either
- * the decryption or by the decompression
- * When the data is 'copied' into the rr->data buffer,
- * rr->input will be pointed at the new buffer */
-
- /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
- * rr->length bytes of encrypted compressed stuff. */
-
- /* check is not needed I believe */
- if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
- goto f_err;
- }
-
- /* decrypt in place in 'rr->input' */
- rr->data=rr->input;
-
- enc_err = s->method->ssl3_enc->enc(s,0);
- if (enc_err <= 0)
- {
- if (enc_err == 0)
- /* SSLerr() and ssl3_send_alert() have been called */
- goto err;
-
- /* otherwise enc_err == -1 */
- goto decryption_failed_or_bad_record_mac;
- }
-
-#ifdef TLS_DEBUG
-printf("dec %d\n",rr->length);
-{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
-printf("\n");
-#endif
-
- /* r->length is now the compressed data plus mac */
-if ( (sess == NULL) ||
- (s->enc_read_ctx == NULL) ||
- (s->read_hash == NULL))
- clear=1;
-
- if (!clear)
- {
- mac_size=EVP_MD_size(s->read_hash);
-
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
- {
-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
- goto f_err;
-#else
- goto decryption_failed_or_bad_record_mac;
-#endif
- }
- /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
- if (rr->length < mac_size)
- {
-#if 0 /* OK only for stream ciphers */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-#else
- goto decryption_failed_or_bad_record_mac;
-#endif
- }
- rr->length-=mac_size;
- i=s->method->ssl3_enc->mac(s,md,0);
- if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
- {
- goto decryption_failed_or_bad_record_mac;
- }
- }
-
- /* r->length is now just compressed */
- if (s->expand != NULL)
- {
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
- goto f_err;
- }
- if (!ssl3_do_uncompress(s))
- {
- al=SSL_AD_DECOMPRESSION_FAILURE;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_BAD_DECOMPRESSION);
- goto f_err;
- }
- }
-
- if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
- goto f_err;
- }
-
- rr->off=0;
- /* So at this point the following is true
- * ssl->s3->rrec.type is the type of record
- * ssl->s3->rrec.length == number of bytes in record
- * ssl->s3->rrec.off == offset to first valid byte
- * ssl->s3->rrec.data == where to take bytes from, increment
- * after use :-).
- */
-
- /* we have pulled in a full packet so zero things */
- s->packet_length=0;
- dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */
- return(1);
-
-decryption_failed_or_bad_record_mac:
- /* Separate 'decryption_failed' alert was introduced with TLS 1.0,
- * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
- * failure is directly visible from the ciphertext anyway,
- * we should not reveal which kind of error occured -- this
- * might become visible to an attacker (e.g. via logfile) */
- al=SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(0);
-}
-
-
-/* Call this to get a new input record.
- * It will return <= 0 if more data is needed, normally due to an error
- * or non-blocking IO.
- * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type - is the type of record
- * ssl->s3->rrec.data, - data
- * ssl->s3->rrec.length, - number of bytes
- */
-/* used only by dtls1_read_bytes */
-int dtls1_get_record(SSL *s)
- {
- int ssl_major,ssl_minor,al;
- int i,n;
- SSL3_RECORD *rr;
- SSL_SESSION *sess;
- unsigned char *p;
- short version;
- DTLS1_BITMAP *bitmap;
- unsigned int is_next_epoch;
-
- rr= &(s->s3->rrec);
- sess=s->session;
-
- /* The epoch may have changed. If so, process all the
- * pending records. This is a non-blocking operation. */
- if ( ! dtls1_process_buffered_records(s))
- return 0;
-
- /* if we're renegotiating, then there may be buffered records */
- if (dtls1_get_processed_record(s))
- return 1;
-
- /* get something from the wire */
-again:
- /* check if we have the header */
- if ( (s->rstate != SSL_ST_READ_BODY) ||
- (s->packet_length < DTLS1_RT_HEADER_LENGTH))
- {
- n=ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
- /* read timeout is handled by dtls1_read_bytes */
- if (n <= 0) return(n); /* error or non-blocking */
-
- OPENSSL_assert(s->packet_length == DTLS1_RT_HEADER_LENGTH);
-
- s->rstate=SSL_ST_READ_BODY;
-
- p=s->packet;
-
- /* Pull apart the header into the DTLS1_RECORD */
- rr->type= *(p++);
- ssl_major= *(p++);
- ssl_minor= *(p++);
- version=(ssl_major<<8)|ssl_minor;
-
- /* sequence number is 64 bits, with top 2 bytes = epoch */
- n2s(p,rr->epoch);
-
- memcpy(&(s->s3->read_sequence[2]), p, 6);
- p+=6;
-
- n2s(p,rr->length);
-
- /* Lets check version */
- if (!s->first_packet)
- {
- if (version != s->version)
- {
- SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
- /* Send back error using their
- * version number :-) */
- s->version=version;
- al=SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- }
- }
-
- if ((version & 0xff00) != (DTLS1_VERSION & 0xff00))
- {
- SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
- goto err;
- }
-
- if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_DTLS1_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
- goto f_err;
- }
-
- /* now s->rstate == SSL_ST_READ_BODY */
- }
-
- /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
-
- if (rr->length > s->packet_length-DTLS1_RT_HEADER_LENGTH)
- {
- /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
- i=rr->length;
- n=ssl3_read_n(s,i,i,1);
- if (n <= 0) return(n); /* error or non-blocking io */
-
- /* this packet contained a partial record, dump it */
- if ( n != i)
- {
- s->packet_length = 0;
- goto again;
- }
-
- /* now n == rr->length,
- * and s->packet_length == DTLS1_RT_HEADER_LENGTH + rr->length */
- }
- s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
-
- /* match epochs. NULL means the packet is dropped on the floor */
- bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
- if ( bitmap == NULL)
- {
- s->packet_length = 0; /* dump this record */
- goto again; /* get another record */
- }
-
- /* check whether this is a repeat, or aged record */
- if ( ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num)))
- {
- s->packet_length=0; /* dump this record */
- goto again; /* get another record */
- }
-
- /* just read a 0 length packet */
- if (rr->length == 0) goto again;
-
- /* If this record is from the next epoch (either HM or ALERT), buffer it
- * since it cannot be processed at this time.
- * Records from the next epoch are marked as received even though they are
- * not processed, so as to prevent any potential resource DoS attack */
- if (is_next_epoch)
- {
- dtls1_record_bitmap_update(s, bitmap);
- dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num);
- s->packet_length = 0;
- goto again;
- }
-
- if ( ! dtls1_process_record(s))
- return(0);
-
- dtls1_clear_timeouts(s); /* done waiting */
- return(1);
-
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(0);
- }
-
-/* Return up to 'len' payload bytes received in 'type' records.
- * 'type' is one of the following:
- *
- * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
- * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
- * - 0 (during a shutdown, no data has to be returned)
- *
- * If we don't have stored data to work from, read a SSL/TLS record first
- * (possibly multiple records if we still don't have anything to return).
- *
- * This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
- * Also if record payloads contain fragments too small to process, we store
- * them until there is enough for the respective protocol (the record protocol
- * may use arbitrary fragmentation and even interleaving):
- * Change cipher spec protocol
- * just 1 byte needed, no need for keeping anything stored
- * Alert protocol
- * 2 bytes needed (AlertLevel, AlertDescription)
- * Handshake protocol
- * 4 bytes needed (HandshakeType, uint24 length) -- we just have
- * to detect unexpected Client Hello and Hello Request messages
- * here, anything else is handled by higher layers
- * Application data protocol
- * none of our business
- */
-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
- {
- int al,i,j,ret;
- unsigned int n;
- SSL3_RECORD *rr;
- void (*cb)(const SSL *ssl,int type2,int val)=NULL;
-
- if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
- if (!ssl3_setup_buffers(s))
- return(-1);
-
- /* XXX: check what the second '&& type' is about */
- if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
- (type != SSL3_RT_HANDSHAKE) && type) ||
- (peek && (type != SSL3_RT_APPLICATION_DATA)))
- {
- SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR);
- return -1;
- }
-
- /* check whether there's a handshake message (client hello?) waiting */
- if ( (ret = have_handshake_fragment(s, type, buf, len, peek)))
- return ret;
-
- /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
-
- if (!s->in_handshake && SSL_in_init(s))
- {
- /* type == SSL3_RT_APPLICATION_DATA */
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- }
-
-start:
- s->rwstate=SSL_NOTHING;
-
- /* s->s3->rrec.type - is the type of record
- * s->s3->rrec.data, - data
- * s->s3->rrec.off, - offset into 'data' for next read
- * s->s3->rrec.length, - number of bytes. */
- rr = &(s->s3->rrec);
-
- /* get new packet if necessary */
- if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
- {
- ret=dtls1_get_record(s);
- if (ret <= 0)
- {
- ret = dtls1_read_failed(s, ret);
- /* anything other than a timeout is an error */
- if (ret <= 0)
- return(ret);
- else
- goto start;
- }
- }
-
- /* we now have a packet which can be read and processed */
-
- if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
- * reset by ssl3_get_finished */
- && (rr->type != SSL3_RT_HANDSHAKE))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
- goto err;
- }
-
- /* If the other end has shut down, throw anything we read away
- * (even in 'peek' mode) */
- if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
- {
- rr->length=0;
- s->rwstate=SSL_NOTHING;
- return(0);
- }
-
-
- if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
- {
- /* make sure that we are not getting application data when we
- * are doing a handshake for the first time */
- if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
- (s->enc_read_ctx == NULL))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
- goto f_err;
- }
-
- if (len <= 0) return(len);
-
- if ((unsigned int)len > rr->length)
- n = rr->length;
- else
- n = (unsigned int)len;
-
- memcpy(buf,&(rr->data[rr->off]),n);
- if (!peek)
- {
- rr->length-=n;
- rr->off+=n;
- if (rr->length == 0)
- {
- s->rstate=SSL_ST_READ_HEADER;
- rr->off=0;
- }
- }
- return(n);
- }
-
-
- /* If we get here, then type != rr->type; if we have a handshake
- * message, then it was unexpected (Hello Request or Client Hello). */
-
- /* In case of record types for which we have 'fragment' storage,
- * fill that so that we can process the data at a fixed place.
- */
- {
- unsigned int k, dest_maxlen = 0;
- unsigned char *dest = NULL;
- unsigned int *dest_len = NULL;
-
- if (rr->type == SSL3_RT_HANDSHAKE)
- {
- dest_maxlen = sizeof s->d1->handshake_fragment;
- dest = s->d1->handshake_fragment;
- dest_len = &s->d1->handshake_fragment_len;
- }
- else if (rr->type == SSL3_RT_ALERT)
- {
- dest_maxlen = sizeof(s->d1->alert_fragment);
- dest = s->d1->alert_fragment;
- dest_len = &s->d1->alert_fragment_len;
- }
- /* else it's a CCS message, or it's wrong */
- else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
- {
- /* Not certain if this is the right error handling */
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
- goto f_err;
- }
-
-
- if (dest_maxlen > 0)
- {
- /* XDTLS: In a pathalogical case, the Client Hello
- * may be fragmented--don't always expect dest_maxlen bytes */
- if ( rr->length < dest_maxlen)
- {
- s->rstate=SSL_ST_READ_HEADER;
- rr->length = 0;
- goto start;
- }
-
- /* now move 'n' bytes: */
- for ( k = 0; k < dest_maxlen; k++)
- {
- dest[k] = rr->data[rr->off++];
- rr->length--;
- }
- *dest_len = dest_maxlen;
- }
- }
-
- /* s->d1->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE;
- * s->d1->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT.
- * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
-
- /* If we are a client, check for an incoming 'Hello Request': */
- if ((!s->server) &&
- (s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
- (s->d1->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
- (s->session != NULL) && (s->session->cipher != NULL))
- {
- s->d1->handshake_fragment_len = 0;
-
- if ((s->d1->handshake_fragment[1] != 0) ||
- (s->d1->handshake_fragment[2] != 0) ||
- (s->d1->handshake_fragment[3] != 0))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
- goto err;
- }
-
- /* no need to check sequence number on HELLO REQUEST messages */
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
- s->d1->handshake_fragment, 4, s, s->msg_callback_arg);
-
- if (SSL_is_init_finished(s) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !s->s3->renegotiate)
- {
- ssl3_renegotiate(s);
- if (ssl3_renegotiate_check(s))
- {
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
-
- if (!(s->mode & SSL_MODE_AUTO_RETRY))
- {
- if (s->s3->rbuf.left == 0) /* no read-ahead left? */
- {
- BIO *bio;
- /* In the case where we try to read application data,
- * but we trigger an SSL handshake, we return -1 with
- * the retry option set. Otherwise renegotiation may
- * cause nasty problems in the blocking world */
- s->rwstate=SSL_READING;
- bio=SSL_get_rbio(s);
- BIO_clear_retry_flags(bio);
- BIO_set_retry_read(bio);
- return(-1);
- }
- }
- }
- }
- /* we either finished a handshake or ignored the request,
- * now try again to obtain the (application) data we were asked for */
- goto start;
- }
-
- if (s->d1->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH)
- {
- int alert_level = s->d1->alert_fragment[0];
- int alert_descr = s->d1->alert_fragment[1];
-
- s->d1->alert_fragment_len = 0;
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_ALERT,
- s->d1->alert_fragment, 2, s, s->msg_callback_arg);
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- if (cb != NULL)
- {
- j = (alert_level << 8) | alert_descr;
- cb(s, SSL_CB_READ_ALERT, j);
- }
-
- if (alert_level == 1) /* warning */
- {
- s->s3->warn_alert = alert_descr;
- if (alert_descr == SSL_AD_CLOSE_NOTIFY)
- {
- s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- return(0);
- }
-#if 0
- /* XXX: this is a possible improvement in the future */
- /* now check if it's a missing record */
- if (alert_descr == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
- {
- unsigned short seq;
- unsigned int frag_off;
- unsigned char *p = &(s->d1->alert_fragment[2]);
-
- n2s(p, seq);
- n2l3(p, frag_off);
-
- dtls1_retransmit_message(s, seq, frag_off, &found);
- if ( ! found && SSL_in_init(s))
- {
- /* fprintf( stderr,"in init = %d\n", SSL_in_init(s)); */
- /* requested a message not yet sent,
- send an alert ourselves */
- ssl3_send_alert(s,SSL3_AL_WARNING,
- DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
- }
- }
-#endif
- }
- else if (alert_level == 2) /* fatal */
- {
- char tmp[16];
-
- s->rwstate=SSL_NOTHING;
- s->s3->fatal_alert = alert_descr;
- SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
- BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
- ERR_add_error_data(2,"SSL alert number ",tmp);
- s->shutdown|=SSL_RECEIVED_SHUTDOWN;
- SSL_CTX_remove_session(s->ctx,s->session);
- return(0);
- }
- else
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
- goto f_err;
- }
-
- goto start;
- }
-
- if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
- {
- s->rwstate=SSL_NOTHING;
- rr->length=0;
- return(0);
- }
-
- if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
- {
- struct ccs_header_st ccs_hdr;
-
- dtls1_get_ccs_header(rr->data, &ccs_hdr);
-
- if ( ccs_hdr.seq == s->d1->handshake_read_seq)
- {
- /* 'Change Cipher Spec' is just a single byte, so we know
- * exactly what the record payload has to look like */
- /* XDTLS: check that epoch is consistent */
- if ( (rr->length != DTLS1_CCS_HEADER_LENGTH) ||
- (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
- {
- i=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
- goto err;
- }
-
- rr->length=0;
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
- rr->data, 1, s, s->msg_callback_arg);
-
- s->s3->change_cipher_spec=1;
- if (!ssl3_do_change_cipher_spec(s))
- goto err;
-
- /* do this whenever CCS is processed */
- dtls1_reset_seq_numbers(s, SSL3_CC_READ);
-
- /* handshake read seq is reset upon handshake completion */
- s->d1->handshake_read_seq++;
-
- goto start;
- }
- else
- {
- rr->length = 0;
- goto start;
- }
- }
-
- /* Unexpected handshake message (Client Hello, or protocol violation) */
- if ((s->d1->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) &&
- !s->in_handshake)
- {
- struct hm_header_st msg_hdr;
-
- /* this may just be a stale retransmit */
- dtls1_get_message_header(rr->data, &msg_hdr);
- if( rr->epoch != s->d1->r_epoch)
- {
- rr->length = 0;
- goto start;
- }
-
- if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
- {
-#if 0 /* worked only because C operator preferences are not as expected (and
- * because this is not really needed for clients except for detecting
- * protocol violations): */
- s->state=SSL_ST_BEFORE|(s->server)
- ?SSL_ST_ACCEPT
- :SSL_ST_CONNECT;
-#else
- s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
- s->new_session=1;
- }
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
-
- if (!(s->mode & SSL_MODE_AUTO_RETRY))
- {
- if (s->s3->rbuf.left == 0) /* no read-ahead left? */
- {
- BIO *bio;
- /* In the case where we try to read application data,
- * but we trigger an SSL handshake, we return -1 with
- * the retry option set. Otherwise renegotiation may
- * cause nasty problems in the blocking world */
- s->rwstate=SSL_READING;
- bio=SSL_get_rbio(s);
- BIO_clear_retry_flags(bio);
- BIO_set_retry_read(bio);
- return(-1);
- }
- }
- goto start;
- }
-
- switch (rr->type)
- {
- default:
-#ifndef OPENSSL_NO_TLS
- /* TLS just ignores unknown message types */
- if (s->version == TLS1_VERSION)
- {
- rr->length = 0;
- goto start;
- }
-#endif
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
- goto f_err;
- case SSL3_RT_CHANGE_CIPHER_SPEC:
- case SSL3_RT_ALERT:
- case SSL3_RT_HANDSHAKE:
- /* we already handled all of these, with the possible exception
- * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
- * should not happen when type != rr->type */
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES,ERR_R_INTERNAL_ERROR);
- goto f_err;
- case SSL3_RT_APPLICATION_DATA:
- /* At this point, we were expecting handshake data,
- * but have application data. If the library was
- * running inside ssl3_read() (i.e. in_read_app_data
- * is set) and it makes sense to read application data
- * at this point (session renegotiation not yet started),
- * we will indulge it.
- */
- if (s->s3->in_read_app_data &&
- (s->s3->total_renegotiations != 0) &&
- ((
- (s->state & SSL_ST_CONNECT) &&
- (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
- (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
- ) || (
- (s->state & SSL_ST_ACCEPT) &&
- (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
- (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
- )
- ))
- {
- s->s3->in_read_app_data=2;
- return(-1);
- }
- else
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
- goto f_err;
- }
- }
- /* not reached */
-
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(-1);
- }
-
-int
-dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
- {
- unsigned int n,tot;
- int i;
-
- if (SSL_in_init(s) && !s->in_handshake)
- {
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return -1;
- }
- }
-
- tot = s->s3->wnum;
- n = len - tot;
-
- while( n)
- {
- /* dtls1_write_bytes sends one record at a time, sized according to
- * the currently known MTU */
- i = dtls1_write_bytes(s, type, buf_, len);
- if (i <= 0) return i;
-
- if ((i == (int)n) ||
- (type == SSL3_RT_APPLICATION_DATA &&
- (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
- {
- /* next chunk of data should get another prepended empty fragment
- * in ciphersuites with known-IV weakness: */
- s->s3->empty_fragment_done = 0;
- return tot+i;
- }
-
- tot += i;
- n-=i;
- }
-
- return tot;
- }
-
-
- /* this only happens when a client hello is received and a handshake
- * is started. */
-static int
-have_handshake_fragment(SSL *s, int type, unsigned char *buf,
- int len, int peek)
- {
-
- if ((type == SSL3_RT_HANDSHAKE) && (s->d1->handshake_fragment_len > 0))
- /* (partially) satisfy request from storage */
- {
- unsigned char *src = s->d1->handshake_fragment;
- unsigned char *dst = buf;
- unsigned int k,n;
-
- /* peek == 0 */
- n = 0;
- while ((len > 0) && (s->d1->handshake_fragment_len > 0))
- {
- *dst++ = *src++;
- len--; s->d1->handshake_fragment_len--;
- n++;
- }
- /* move any remaining fragment bytes: */
- for (k = 0; k < s->d1->handshake_fragment_len; k++)
- s->d1->handshake_fragment[k] = *src++;
- return n;
- }
-
- return 0;
- }
-
-
-
-
-/* Call this to write data in records of type 'type'
- * It will return <= 0 if not all data has been sent or non-blocking IO.
- */
-int dtls1_write_bytes(SSL *s, int type, const void *buf_, int len)
- {
- const unsigned char *buf=buf_;
- unsigned int tot,n,nw;
- int i;
- unsigned int mtu;
-
- s->rwstate=SSL_NOTHING;
- tot=s->s3->wnum;
-
- n=(len-tot);
-
- /* handshake layer figures out MTU for itself, but data records
- * are also sent through this interface, so need to figure out MTU */
-#if 0
- mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_MTU, 0, NULL);
- mtu += DTLS1_HM_HEADER_LENGTH; /* HM already inserted */
-#endif
- mtu = s->d1->mtu;
-
- if (mtu > SSL3_RT_MAX_PLAIN_LENGTH)
- mtu = SSL3_RT_MAX_PLAIN_LENGTH;
-
- if (n > mtu)
- nw=mtu;
- else
- nw=n;
-
- i=do_dtls1_write(s, type, &(buf[tot]), nw, 0);
- if (i <= 0)
- {
- s->s3->wnum=tot;
- return i;
- }
-
- if ( (int)s->s3->wnum + i == len)
- s->s3->wnum = 0;
- else
- s->s3->wnum += i;
-
- return tot + i;
- }
-
-int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment)
- {
- unsigned char *p,*pseq;
- int i,mac_size,clear=0;
- int prefix_len = 0;
- SSL3_RECORD *wr;
- SSL3_BUFFER *wb;
- SSL_SESSION *sess;
- int bs;
-
- /* first check if there is a SSL3_BUFFER still being written
- * out. This will happen with non blocking IO */
- if (s->s3->wbuf.left != 0)
- {
- OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */
- return(ssl3_write_pending(s,type,buf,len));
- }
-
- /* If we have an alert to send, lets send it */
- if (s->s3->alert_dispatch)
- {
- i=s->method->ssl_dispatch_alert(s);
- if (i <= 0)
- return(i);
- /* if it went, fall through and send more stuff */
- }
-
- if (len == 0 && !create_empty_fragment)
- return 0;
-
- wr= &(s->s3->wrec);
- wb= &(s->s3->wbuf);
- sess=s->session;
-
- if ( (sess == NULL) ||
- (s->enc_write_ctx == NULL) ||
- (s->write_hash == NULL))
- clear=1;
-
- if (clear)
- mac_size=0;
- else
- mac_size=EVP_MD_size(s->write_hash);
-
- /* DTLS implements explicit IV, so no need for empty fragments */
-#if 0
- /* 'create_empty_fragment' is true only when this function calls itself */
- if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
- && SSL_version(s) != DTLS1_VERSION)
- {
- /* countermeasure against known-IV weakness in CBC ciphersuites
- * (see http://www.openssl.org/~bodo/tls-cbc.txt)
- */
-
- if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
- {
- /* recursive function call with 'create_empty_fragment' set;
- * this prepares and buffers the data for an empty fragment
- * (these 'prefix_len' bytes are sent out later
- * together with the actual payload) */
- prefix_len = s->method->do_ssl_write(s, type, buf, 0, 1);
- if (prefix_len <= 0)
- goto err;
-
- if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
- {
- /* insufficient space */
- SSLerr(SSL_F_DO_DTLS1_WRITE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- s->s3->empty_fragment_done = 1;
- }
-#endif
-
- p = wb->buf + prefix_len;
-
- /* write the header */
-
- *(p++)=type&0xff;
- wr->type=type;
-
- *(p++)=(s->version>>8);
- *(p++)=s->version&0xff;
-
- /* field where we are to write out packet epoch, seq num and len */
- pseq=p;
- p+=10;
-
- /* lets setup the record stuff. */
-
- /* Make space for the explicit IV in case of CBC.
- * (this is a bit of a boundary violation, but what the heck).
- */
- if ( s->enc_write_ctx &&
- (EVP_CIPHER_mode( s->enc_write_ctx->cipher ) & EVP_CIPH_CBC_MODE))
- bs = EVP_CIPHER_block_size(s->enc_write_ctx->cipher);
- else
- bs = 0;
-
- wr->data=p + bs; /* make room for IV in case of CBC */
- wr->length=(int)len;
- wr->input=(unsigned char *)buf;
-
- /* we now 'read' from wr->input, wr->length bytes into
- * wr->data */
-
- /* first we compress */
- if (s->compress != NULL)
- {
- if (!ssl3_do_compress(s))
- {
- SSLerr(SSL_F_DO_DTLS1_WRITE,SSL_R_COMPRESSION_FAILURE);
- goto err;
- }
- }
- else
- {
- memcpy(wr->data,wr->input,wr->length);
- wr->input=wr->data;
- }
-
- /* we should still have the output to wr->data and the input
- * from wr->input. Length should be wr->length.
- * wr->data still points in the wb->buf */
-
- if (mac_size != 0)
- {
- s->method->ssl3_enc->mac(s,&(p[wr->length + bs]),1);
- wr->length+=mac_size;
- }
-
- /* this is true regardless of mac size */
- wr->input=p;
- wr->data=p;
-
-
- /* ssl3_enc can only have an error on read */
- wr->length += bs; /* bs != 0 in case of CBC. The enc fn provides
- * the randomness */
- s->method->ssl3_enc->enc(s,1);
-
- /* record length after mac and block padding */
-/* if (type == SSL3_RT_APPLICATION_DATA ||
- (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */
-
- /* there's only one epoch between handshake and app data */
-
- s2n(s->d1->w_epoch, pseq);
-
- /* XDTLS: ?? */
-/* else
- s2n(s->d1->handshake_epoch, pseq); */
-
- memcpy(pseq, &(s->s3->write_sequence[2]), 6);
- pseq+=6;
- s2n(wr->length,pseq);
-
- /* we should now have
- * wr->data pointing to the encrypted data, which is
- * wr->length long */
- wr->type=type; /* not needed but helps for debugging */
- wr->length+=DTLS1_RT_HEADER_LENGTH;
-
-#if 0 /* this is now done at the message layer */
- /* buffer the record, making it easy to handle retransmits */
- if ( type == SSL3_RT_HANDSHAKE || type == SSL3_RT_CHANGE_CIPHER_SPEC)
- dtls1_buffer_record(s, wr->data, wr->length,
- *((PQ_64BIT *)&(s->s3->write_sequence[0])));
-#endif
-
- ssl3_record_sequence_update(&(s->s3->write_sequence[0]));
-
- if (create_empty_fragment)
- {
- /* we are in a recursive call;
- * just return the length, don't write out anything here
- */
- return wr->length;
- }
-
- /* now let's set up wb */
- wb->left = prefix_len + wr->length;
- wb->offset = 0;
-
- /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
- s->s3->wpend_tot=len;
- s->s3->wpend_buf=buf;
- s->s3->wpend_type=type;
- s->s3->wpend_ret=len;
-
- /* we now just need to write the buffer */
- return ssl3_write_pending(s,type,buf,len);
-err:
- return -1;
- }
-
-
-
-static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
- PQ_64BIT *seq_num)
- {
-#if PQ_64BIT_IS_INTEGER
- PQ_64BIT mask = 0x0000000000000001L;
-#endif
- PQ_64BIT rcd_num, tmp;
-
- pq_64bit_init(&rcd_num);
- pq_64bit_init(&tmp);
-
- /* this is the sequence number for the record just read */
- pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
-
-
- if (pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
- pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))
- {
- pq_64bit_assign(seq_num, &rcd_num);
- pq_64bit_free(&rcd_num);
- pq_64bit_free(&tmp);
- return 1; /* this record is new */
- }
-
- pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
-
- if ( pq_64bit_get_word(&tmp) > bitmap->length)
- {
- pq_64bit_free(&rcd_num);
- pq_64bit_free(&tmp);
- return 0; /* stale, outside the window */
- }
-
-#if PQ_64BIT_IS_BIGNUM
- {
- int offset;
- pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
- pq_64bit_sub_word(&tmp, 1);
- offset = pq_64bit_get_word(&tmp);
- if ( pq_64bit_is_bit_set(&(bitmap->map), offset))
- {
- pq_64bit_free(&rcd_num);
- pq_64bit_free(&tmp);
- return 0;
- }
- }
-#else
- mask <<= (bitmap->max_seq_num - rcd_num - 1);
- if (bitmap->map & mask)
- return 0; /* record previously received */
-#endif
-
- pq_64bit_assign(seq_num, &rcd_num);
- pq_64bit_free(&rcd_num);
- pq_64bit_free(&tmp);
- return 1;
- }
-
-
-static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
- {
- unsigned int shift;
- PQ_64BIT rcd_num;
- PQ_64BIT tmp;
- PQ_64BIT_CTX *ctx;
-
- pq_64bit_init(&rcd_num);
- pq_64bit_init(&tmp);
-
- pq_64bit_bin2num(&rcd_num, s->s3->read_sequence, 8);
-
- /* unfortunate code complexity due to 64-bit manipulation support
- * on 32-bit machines */
- if ( pq_64bit_gt(&rcd_num, &(bitmap->max_seq_num)) ||
- pq_64bit_eq(&rcd_num, &(bitmap->max_seq_num)))
- {
- pq_64bit_sub(&tmp, &rcd_num, &(bitmap->max_seq_num));
- pq_64bit_add_word(&tmp, 1);
-
- shift = (unsigned int)pq_64bit_get_word(&tmp);
-
- pq_64bit_lshift(&(tmp), &(bitmap->map), shift);
- pq_64bit_assign(&(bitmap->map), &tmp);
-
- pq_64bit_set_bit(&(bitmap->map), 0);
- pq_64bit_add_word(&rcd_num, 1);
- pq_64bit_assign(&(bitmap->max_seq_num), &rcd_num);
-
- pq_64bit_assign_word(&tmp, 1);
- pq_64bit_lshift(&tmp, &tmp, bitmap->length);
- ctx = pq_64bit_ctx_new(&ctx);
- pq_64bit_mod(&(bitmap->map), &(bitmap->map), &tmp, ctx);
- pq_64bit_ctx_free(ctx);
- }
- else
- {
- pq_64bit_sub(&tmp, &(bitmap->max_seq_num), &rcd_num);
- pq_64bit_sub_word(&tmp, 1);
- shift = (unsigned int)pq_64bit_get_word(&tmp);
-
- pq_64bit_set_bit(&(bitmap->map), shift);
- }
-
- pq_64bit_free(&rcd_num);
- pq_64bit_free(&tmp);
- }
-
-
-int dtls1_dispatch_alert(SSL *s)
- {
- int i,j;
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- unsigned char buf[2 + 2 + 3]; /* alert level + alert desc + message seq +frag_off */
- unsigned char *ptr = &buf[0];
-
- s->s3->alert_dispatch=0;
-
- memset(buf, 0x00, sizeof(buf));
- *ptr++ = s->s3->send_alert[0];
- *ptr++ = s->s3->send_alert[1];
-
- if (s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
- {
- s2n(s->d1->handshake_read_seq, ptr);
-#if 0
- if ( s->d1->r_msg_hdr.frag_off == 0) /* waiting for a new msg */
-
- else
- s2n(s->d1->r_msg_hdr.seq, ptr); /* partial msg read */
-#endif
-
-#if 0
- fprintf(stderr, "s->d1->handshake_read_seq = %d, s->d1->r_msg_hdr.seq = %d\n",s->d1->handshake_read_seq,s->d1->r_msg_hdr.seq);
-#endif
- l2n3(s->d1->r_msg_hdr.frag_off, ptr);
- }
-
- i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0);
- if (i <= 0)
- {
- s->s3->alert_dispatch=1;
- /* fprintf( stderr, "not done with alert\n" ); */
- }
- else
- {
- if ( s->s3->send_alert[0] == SSL3_AL_FATAL ||
- s->s3->send_alert[1] == DTLS1_AD_MISSING_HANDSHAKE_MESSAGE)
- (void)BIO_flush(s->wbio);
-
- if (s->msg_callback)
- s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
- 2, s, s->msg_callback_arg);
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- if (cb != NULL)
- {
- j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
- cb(s,SSL_CB_WRITE_ALERT,j);
- }
- }
- return(i);
- }
-
-
-static DTLS1_BITMAP *
-dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch)
- {
-
- *is_next_epoch = 0;
-
- /* In current epoch, accept HM, CCS, DATA, & ALERT */
- if (rr->epoch == s->d1->r_epoch)
- return &s->d1->bitmap;
-
- /* Only HM and ALERT messages can be from the next epoch */
- else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
- (rr->type == SSL3_RT_HANDSHAKE ||
- rr->type == SSL3_RT_ALERT))
- {
- *is_next_epoch = 1;
- return &s->d1->next_bitmap;
- }
-
- return NULL;
- }
-
-#if 0
-static int
-dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr, unsigned short *priority,
- unsigned long *offset)
- {
-
- /* alerts are passed up immediately */
- if ( rr->type == SSL3_RT_APPLICATION_DATA ||
- rr->type == SSL3_RT_ALERT)
- return 0;
-
- /* Only need to buffer if a handshake is underway.
- * (this implies that Hello Request and Client Hello are passed up
- * immediately) */
- if ( SSL_in_init(s))
- {
- unsigned char *data = rr->data;
- /* need to extract the HM/CCS sequence number here */
- if ( rr->type == SSL3_RT_HANDSHAKE ||
- rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
- {
- unsigned short seq_num;
- struct hm_header_st msg_hdr;
- struct ccs_header_st ccs_hdr;
-
- if ( rr->type == SSL3_RT_HANDSHAKE)
- {
- dtls1_get_message_header(data, &msg_hdr);
- seq_num = msg_hdr.seq;
- *offset = msg_hdr.frag_off;
- }
- else
- {
- dtls1_get_ccs_header(data, &ccs_hdr);
- seq_num = ccs_hdr.seq;
- *offset = 0;
- }
-
- /* this is either a record we're waiting for, or a
- * retransmit of something we happened to previously
- * receive (higher layers will drop the repeat silently */
- if ( seq_num < s->d1->handshake_read_seq)
- return 0;
- if (rr->type == SSL3_RT_HANDSHAKE &&
- seq_num == s->d1->handshake_read_seq &&
- msg_hdr.frag_off < s->d1->r_msg_hdr.frag_off)
- return 0;
- else if ( seq_num == s->d1->handshake_read_seq &&
- (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC ||
- msg_hdr.frag_off == s->d1->r_msg_hdr.frag_off))
- return 0;
- else
- {
- *priority = seq_num;
- return 1;
- }
- }
- else /* unknown record type */
- return 0;
- }
-
- return 0;
- }
-#endif
-
-void
-dtls1_reset_seq_numbers(SSL *s, int rw)
- {
- unsigned char *seq;
- unsigned int seq_bytes = sizeof(s->s3->read_sequence);
-
- if ( rw & SSL3_CC_READ)
- {
- seq = s->s3->read_sequence;
- s->d1->r_epoch++;
-
- pq_64bit_assign(&(s->d1->bitmap.map), &(s->d1->next_bitmap.map));
- s->d1->bitmap.length = s->d1->next_bitmap.length;
- pq_64bit_assign(&(s->d1->bitmap.max_seq_num),
- &(s->d1->next_bitmap.max_seq_num));
-
- pq_64bit_free(&(s->d1->next_bitmap.map));
- pq_64bit_free(&(s->d1->next_bitmap.max_seq_num));
- memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
- pq_64bit_init(&(s->d1->next_bitmap.map));
- pq_64bit_init(&(s->d1->next_bitmap.max_seq_num));
- }
- else
- {
- seq = s->s3->write_sequence;
- s->d1->w_epoch++;
- }
-
- memset(seq, 0x00, seq_bytes);
- }
-
-#if PQ_64BIT_IS_INTEGER
-static PQ_64BIT
-bytes_to_long_long(unsigned char *bytes, PQ_64BIT *num)
- {
- PQ_64BIT _num;
-
- _num = (((PQ_64BIT)bytes[0]) << 56) |
- (((PQ_64BIT)bytes[1]) << 48) |
- (((PQ_64BIT)bytes[2]) << 40) |
- (((PQ_64BIT)bytes[3]) << 32) |
- (((PQ_64BIT)bytes[4]) << 24) |
- (((PQ_64BIT)bytes[5]) << 16) |
- (((PQ_64BIT)bytes[6]) << 8) |
- (((PQ_64BIT)bytes[7]) );
-
- *num = _num ;
- return _num;
- }
-#endif
-
-
-static void
-dtls1_clear_timeouts(SSL *s)
- {
- memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
- }
diff --git a/crypto/openssl/ssl/d1_srvr.c b/crypto/openssl/ssl/d1_srvr.c
deleted file mode 100644
index 475e609..0000000
--- a/crypto/openssl/ssl/d1_srvr.c
+++ /dev/null
@@ -1,1130 +0,0 @@
-/* ssl/d1_srvr.c */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/md5.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-static SSL_METHOD *dtls1_get_server_method(int ver);
-static int dtls1_send_hello_verify_request(SSL *s);
-
-static SSL_METHOD *dtls1_get_server_method(int ver)
- {
- if (ver == DTLS1_VERSION)
- return(DTLSv1_server_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_dtls1_meth_func(DTLSv1_server_method,
- dtls1_accept,
- ssl_undefined_function,
- dtls1_get_server_method)
-
-int dtls1_accept(SSL *s)
- {
- BUF_MEM *buf;
- unsigned long l,Time=(unsigned long)time(NULL);
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- long num1;
- int ret= -1;
- int new_state,state,skip=0;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- /* init things to blank */
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- if (s->cert == NULL)
- {
- SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
- return(-1);
- }
-
- for (;;)
- {
- state=s->state;
-
- switch (s->state)
- {
- case SSL_ST_RENEGOTIATE:
- s->new_session=1;
- /* s->state=SSL_ST_ACCEPT; */
-
- case SSL_ST_BEFORE:
- case SSL_ST_ACCEPT:
- case SSL_ST_BEFORE|SSL_ST_ACCEPT:
- case SSL_ST_OK|SSL_ST_ACCEPT:
-
- s->server=1;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00))
- {
- SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- s->type=SSL_ST_ACCEPT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- }
-
- if (!ssl3_setup_buffers(s))
- {
- ret= -1;
- goto end;
- }
-
- s->init_num=0;
-
- if (s->state != SSL_ST_RENEGOTIATE)
- {
- /* Ok, we now need to push on a buffering BIO so that
- * the output is sent in a way that TCP likes :-)
- */
- if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
-
- ssl3_init_finished_mac(s);
- s->state=SSL3_ST_SR_CLNT_HELLO_A;
- s->ctx->stats.sess_accept++;
- }
- else
- {
- /* s->state == SSL_ST_RENEGOTIATE,
- * we will just send a HelloRequest */
- s->ctx->stats.sess_accept_renegotiate++;
- s->state=SSL3_ST_SW_HELLO_REQ_A;
- }
-
- if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
- s->d1->send_cookie = 1;
- else
- s->d1->send_cookie = 0;
-
- break;
-
- case SSL3_ST_SW_HELLO_REQ_A:
- case SSL3_ST_SW_HELLO_REQ_B:
-
- s->shutdown=0;
- ret=dtls1_send_hello_request(s);
- if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
- s->state=SSL3_ST_SW_FLUSH;
- s->init_num=0;
-
- ssl3_init_finished_mac(s);
- break;
-
- case SSL3_ST_SW_HELLO_REQ_C:
- s->state=SSL_ST_OK;
- break;
-
- case SSL3_ST_SR_CLNT_HELLO_A:
- case SSL3_ST_SR_CLNT_HELLO_B:
- case SSL3_ST_SR_CLNT_HELLO_C:
-
- s->shutdown=0;
- ret=ssl3_get_client_hello(s);
- if (ret <= 0) goto end;
- s->new_session = 2;
-
- if ( s->d1->send_cookie)
- s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
- else
- s->state = SSL3_ST_SW_SRVR_HELLO_A;
-
- s->init_num=0;
- break;
-
- case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
- case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
-
- ret = dtls1_send_hello_verify_request(s);
- if ( ret <= 0) goto end;
- s->d1->send_cookie = 0;
- s->state=SSL3_ST_SW_FLUSH;
- s->s3->tmp.next_state=SSL3_ST_SR_CLNT_HELLO_A;
- break;
-
- case SSL3_ST_SW_SRVR_HELLO_A:
- case SSL3_ST_SW_SRVR_HELLO_B:
- ret=dtls1_send_server_hello(s);
- if (ret <= 0) goto end;
-
- if (s->hit)
- s->state=SSL3_ST_SW_CHANGE_A;
- else
- s->state=SSL3_ST_SW_CERT_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CERT_A:
- case SSL3_ST_SW_CERT_B:
- /* Check if it is anon DH */
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- ret=dtls1_send_server_certificate(s);
- if (ret <= 0) goto end;
- }
- else
- skip=1;
- s->state=SSL3_ST_SW_KEY_EXCH_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_KEY_EXCH_A:
- case SSL3_ST_SW_KEY_EXCH_B:
- l=s->s3->tmp.new_cipher->algorithms;
-
- /* clear this, it may get reset by
- * send_server_key_exchange */
- if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
- && !(l & SSL_KRB5)
-#endif /* OPENSSL_NO_KRB5 */
- )
- /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
- * even when forbidden by protocol specs
- * (handshake may fail as clients are not required to
- * be able to handle this) */
- s->s3->tmp.use_rsa_tmp=1;
- else
- s->s3->tmp.use_rsa_tmp=0;
-
- /* only send if a DH key exchange, fortezza or
- * RSA but we have a sign only certificate */
- if (s->s3->tmp.use_rsa_tmp
- || (l & (SSL_DH|SSL_kFZA))
- || ((l & SSL_kRSA)
- && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
- || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
- && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
- )
- )
- )
- )
- {
- ret=dtls1_send_server_key_exchange(s);
- if (ret <= 0) goto end;
- }
- else
- skip=1;
-
- s->state=SSL3_ST_SW_CERT_REQ_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CERT_REQ_A:
- case SSL3_ST_SW_CERT_REQ_B:
- if (/* don't request cert unless asked for it: */
- !(s->verify_mode & SSL_VERIFY_PEER) ||
- /* if SSL_VERIFY_CLIENT_ONCE is set,
- * don't request cert during re-negotiation: */
- ((s->session->peer != NULL) &&
- (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
- /* never request cert in anonymous ciphersuites
- * (see section "Certificate request" in SSL 3 drafts
- * and in RFC 2246): */
- ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
- /* ... except when the application insists on verification
- * (against the specs, but s3_clnt.c accepts this for SSL 3) */
- !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
- /* never request cert in Kerberos ciphersuites */
- (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
- {
- /* no cert request */
- skip=1;
- s->s3->tmp.cert_request=0;
- s->state=SSL3_ST_SW_SRVR_DONE_A;
- }
- else
- {
- s->s3->tmp.cert_request=1;
- ret=dtls1_send_certificate_request(s);
- if (ret <= 0) goto end;
-#ifndef NETSCAPE_HANG_BUG
- s->state=SSL3_ST_SW_SRVR_DONE_A;
-#else
- s->state=SSL3_ST_SW_FLUSH;
- s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
-#endif
- s->init_num=0;
- }
- break;
-
- case SSL3_ST_SW_SRVR_DONE_A:
- case SSL3_ST_SW_SRVR_DONE_B:
- ret=dtls1_send_server_done(s);
- if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
- s->state=SSL3_ST_SW_FLUSH;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_FLUSH:
- /* number of bytes to be flushed */
- num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
- if (num1 > 0)
- {
- s->rwstate=SSL_WRITING;
- num1=BIO_flush(s->wbio);
- if (num1 <= 0) { ret= -1; goto end; }
- s->rwstate=SSL_NOTHING;
- }
-
- s->state=s->s3->tmp.next_state;
- break;
-
- case SSL3_ST_SR_CERT_A:
- case SSL3_ST_SR_CERT_B:
- /* Check for second client hello (MS SGC) */
- ret = ssl3_check_client_hello(s);
- if (ret <= 0)
- goto end;
- if (ret == 2)
- s->state = SSL3_ST_SR_CLNT_HELLO_C;
- else {
- /* could be sent for a DH cert, even if we
- * have not asked for it :-) */
- ret=ssl3_get_client_certificate(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL3_ST_SR_KEY_EXCH_A;
- }
- break;
-
- case SSL3_ST_SR_KEY_EXCH_A:
- case SSL3_ST_SR_KEY_EXCH_B:
- ret=ssl3_get_client_key_exchange(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SR_CERT_VRFY_A;
- s->init_num=0;
-
- /* We need to get hashes here so if there is
- * a client cert, it can be verified */
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->tmp.cert_verify_md[0]));
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst2),
- &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
-
- break;
-
- case SSL3_ST_SR_CERT_VRFY_A:
- case SSL3_ST_SR_CERT_VRFY_B:
-
- /* we should decide if we expected this one */
- ret=ssl3_get_cert_verify(s);
- if (ret <= 0) goto end;
-
- s->state=SSL3_ST_SR_FINISHED_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SR_FINISHED_A:
- case SSL3_ST_SR_FINISHED_B:
- ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
- SSL3_ST_SR_FINISHED_B);
- if (ret <= 0) goto end;
- if (s->hit)
- s->state=SSL_ST_OK;
- else
- s->state=SSL3_ST_SW_CHANGE_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CHANGE_A:
- case SSL3_ST_SW_CHANGE_B:
-
- s->session->cipher=s->s3->tmp.new_cipher;
- if (!s->method->ssl3_enc->setup_key_block(s))
- { ret= -1; goto end; }
-
- ret=dtls1_send_change_cipher_spec(s,
- SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
-
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_FINISHED_A;
- s->init_num=0;
-
- if (!s->method->ssl3_enc->change_cipher_state(s,
- SSL3_CHANGE_CIPHER_SERVER_WRITE))
- {
- ret= -1;
- goto end;
- }
-
- dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
- break;
-
- case SSL3_ST_SW_FINISHED_A:
- case SSL3_ST_SW_FINISHED_B:
- ret=dtls1_send_finished(s,
- SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
- s->method->ssl3_enc->server_finished_label,
- s->method->ssl3_enc->server_finished_label_len);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_FLUSH;
- if (s->hit)
- s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
- else
- s->s3->tmp.next_state=SSL_ST_OK;
- s->init_num=0;
- break;
-
- case SSL_ST_OK:
- /* clean a few things up */
- ssl3_cleanup_key_block(s);
-
-#if 0
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
-#endif
-
- /* remove buffering on output */
- ssl_free_wbio_buffer(s);
-
- s->init_num=0;
-
- if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
- {
- /* actually not necessarily a 'new' session unless
- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-
- s->new_session=0;
-
- ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
- s->ctx->stats.sess_accept_good++;
- /* s->server=1; */
- s->handshake_func=dtls1_accept;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
- }
-
- ret = 1;
-
- /* done handshaking, next message is client hello */
- s->d1->handshake_read_seq = 0;
- /* next message is server hello */
- s->d1->handshake_write_seq = 0;
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_DTLS1_ACCEPT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- if (!s->s3->tmp.reuse_message && !skip)
- {
- if (s->debug)
- {
- if ((ret=BIO_flush(s->wbio)) <= 0)
- goto end;
- }
-
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_ACCEPT_LOOP,1);
- s->state=new_state;
- }
- }
- skip=0;
- }
-end:
- /* BIO_flush(s->wbio); */
-
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_ACCEPT_EXIT,ret);
- return(ret);
- }
-
-int dtls1_send_hello_request(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL3_ST_SW_HELLO_REQ_A)
- {
- p=(unsigned char *)s->init_buf->data;
- p = dtls1_set_message_header(s, p, SSL3_MT_HELLO_REQUEST, 0, 0, 0);
-
- s->state=SSL3_ST_SW_HELLO_REQ_B;
- /* number of bytes to write */
- s->init_num=DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
-
- /* no need to buffer this message, since there are no retransmit
- * requests for it */
- }
-
- /* SSL3_ST_SW_HELLO_REQ_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int dtls1_send_hello_verify_request(SSL *s)
- {
- unsigned int msg_len;
- unsigned char *msg, *buf, *p;
-
- if (s->state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A)
- {
- buf = (unsigned char *)s->init_buf->data;
-
- msg = p = &(buf[DTLS1_HM_HEADER_LENGTH]);
- *(p++) = s->version >> 8;
- *(p++) = s->version & 0xFF;
-
- *(p++) = (unsigned char) s->d1->cookie_len;
- if ( s->ctx->app_gen_cookie_cb != NULL &&
- s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
- &(s->d1->cookie_len)) == 0)
- {
- SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST,ERR_R_INTERNAL_ERROR);
- return 0;
- }
- /* else the cookie is assumed to have
- * been initialized by the application */
-
- memcpy(p, s->d1->cookie, s->d1->cookie_len);
- p += s->d1->cookie_len;
- msg_len = p - msg;
-
- dtls1_set_message_header(s, buf,
- DTLS1_MT_HELLO_VERIFY_REQUEST, msg_len, 0, msg_len);
-
- s->state=DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
- /* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
-
- /* s->state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int dtls1_send_server_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i;
- unsigned int sl;
- unsigned long l,Time;
-
- if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
- {
- buf=(unsigned char *)s->init_buf->data;
- p=s->s3->server_random;
- Time=(unsigned long)time(NULL); /* Time */
- l2n(Time,p);
- RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
- /* Do the message type and length last */
- d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
-
- *(p++)=s->version>>8;
- *(p++)=s->version&0xff;
-
- /* Random stuff */
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* now in theory we have 3 options to sending back the
- * session id. If it is a re-use, we send back the
- * old session-id, if it is a new session, we send
- * back the new session-id or we send back a 0 length
- * session-id if we want it to be single use.
- * Currently I will not implement the '0' length session-id
- * 12-Jan-98 - I'll now support the '0' length stuff.
- */
- if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
- s->session->session_id_length=0;
-
- sl=s->session->session_id_length;
- if (sl > sizeof s->session->session_id)
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- *(p++)=sl;
- memcpy(p,s->session->session_id,sl);
- p+=sl;
-
- /* put the cipher */
- i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
- p+=i;
-
- /* put the compression method */
-#ifdef OPENSSL_NO_COMP
- *(p++)=0;
-#else
- if (s->s3->tmp.new_compression == NULL)
- *(p++)=0;
- else
- *(p++)=s->s3->tmp.new_compression->id;
-#endif
-
- /* do the header */
- l=(p-d);
- d=buf;
-
- d = dtls1_set_message_header(s, d, SSL3_MT_SERVER_HELLO, l, 0, l);
-
- s->state=SSL3_ST_CW_CLNT_HELLO_B;
- /* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
-
- /* SSL3_ST_CW_CLNT_HELLO_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int dtls1_send_server_done(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL3_ST_SW_SRVR_DONE_A)
- {
- p=(unsigned char *)s->init_buf->data;
-
- /* do the header */
- p = dtls1_set_message_header(s, p, SSL3_MT_SERVER_DONE, 0, 0, 0);
-
- s->state=SSL3_ST_SW_SRVR_DONE_B;
- /* number of bytes to write */
- s->init_num=DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
-
- /* SSL3_ST_CW_CLNT_HELLO_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int dtls1_send_server_key_exchange(SSL *s)
- {
-#ifndef OPENSSL_NO_RSA
- unsigned char *q;
- int j,num;
- RSA *rsa;
- unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
- unsigned int u;
-#endif
-#ifndef OPENSSL_NO_DH
- DH *dh=NULL,*dhp;
-#endif
- EVP_PKEY *pkey;
- unsigned char *p,*d;
- int al,i;
- unsigned long type;
- int n;
- CERT *cert;
- BIGNUM *r[4];
- int nr[4],kn;
- BUF_MEM *buf;
- EVP_MD_CTX md_ctx;
-
- EVP_MD_CTX_init(&md_ctx);
- if (s->state == SSL3_ST_SW_KEY_EXCH_A)
- {
- type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
- cert=s->cert;
-
- buf=s->init_buf;
-
- r[0]=r[1]=r[2]=r[3]=NULL;
- n=0;
-#ifndef OPENSSL_NO_RSA
- if (type & SSL_kRSA)
- {
- rsa=cert->rsa_tmp;
- if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
- {
- rsa=s->cert->rsa_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- if(rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
- goto f_err;
- }
- RSA_up_ref(rsa);
- cert->rsa_tmp=rsa;
- }
- if (rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
- goto f_err;
- }
- r[0]=rsa->n;
- r[1]=rsa->e;
- s->s3->tmp.use_rsa_tmp=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_DH
- if (type & SSL_kEDH)
- {
- dhp=cert->dh_tmp;
- if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
- dhp=s->cert->dh_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- if (dhp == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
- }
-
- if (s->s3->tmp.dh != NULL)
- {
- DH_free(dh);
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if ((dh=DHparams_dup(dhp)) == NULL)
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- s->s3->tmp.dh=dh;
- if ((dhp->pub_key == NULL ||
- dhp->priv_key == NULL ||
- (s->options & SSL_OP_SINGLE_DH_USE)))
- {
- if(!DH_generate_key(dh))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,
- ERR_R_DH_LIB);
- goto err;
- }
- }
- else
- {
- dh->pub_key=BN_dup(dhp->pub_key);
- dh->priv_key=BN_dup(dhp->priv_key);
- if ((dh->pub_key == NULL) ||
- (dh->priv_key == NULL))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- }
- r[0]=dh->p;
- r[1]=dh->g;
- r[2]=dh->pub_key;
- }
- else
-#endif
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
- goto f_err;
- }
- for (i=0; r[i] != NULL; i++)
- {
- nr[i]=BN_num_bytes(r[i]);
- n+=2+nr[i];
- }
-
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
- == NULL)
- {
- al=SSL_AD_DECODE_ERROR;
- goto f_err;
- }
- kn=EVP_PKEY_size(pkey);
- }
- else
- {
- pkey=NULL;
- kn=0;
- }
-
- if (!BUF_MEM_grow_clean(buf,n+DTLS1_HM_HEADER_LENGTH+kn))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
- goto err;
- }
- d=(unsigned char *)s->init_buf->data;
- p= &(d[DTLS1_HM_HEADER_LENGTH]);
-
- for (i=0; r[i] != NULL; i++)
- {
- s2n(nr[i],p);
- BN_bn2bin(r[i],p);
- p+=nr[i];
- }
-
- /* not anonymous */
- if (pkey != NULL)
- {
- /* n is the length of the params, they start at
- * &(d[DTLS1_HM_HEADER_LENGTH]) and p points to the space
- * at the end. */
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- q=md_buf;
- j=0;
- for (num=2; num > 0; num--)
- {
- EVP_DigestInit_ex(&md_ctx,(num == 2)
- ?s->ctx->md5:s->ctx->sha1, NULL);
- EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
- EVP_DigestFinal_ex(&md_ctx,q,
- (unsigned int *)&i);
- q+=i;
- j+=i;
- }
- if (RSA_sign(NID_md5_sha1, md_buf, j,
- &(p[2]), &u, pkey->pkey.rsa) <= 0)
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
- goto err;
- }
- s2n(u,p);
- n+=u+2;
- }
- else
-#endif
-#if !defined(OPENSSL_NO_DSA)
- if (pkey->type == EVP_PKEY_DSA)
- {
- /* lets do DSS */
- EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
- EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(d[DTLS1_HM_HEADER_LENGTH]),n);
- if (!EVP_SignFinal(&md_ctx,&(p[2]),
- (unsigned int *)&i,pkey))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
- goto err;
- }
- s2n(i,p);
- n+=i+2;
- }
- else
-#endif
- {
- /* Is this error check actually needed? */
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
- goto f_err;
- }
- }
-
- d = dtls1_set_message_header(s, d,
- SSL3_MT_SERVER_KEY_EXCHANGE, n, 0, n);
-
- /* we should now have things packed up, so lets send
- * it off */
- s->init_num=n+DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
-
- s->state = SSL3_ST_SW_KEY_EXCH_B;
- EVP_MD_CTX_cleanup(&md_ctx);
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- EVP_MD_CTX_cleanup(&md_ctx);
- return(-1);
- }
-
-int dtls1_send_certificate_request(SSL *s)
- {
- unsigned char *p,*d;
- int i,j,nl,off,n;
- STACK_OF(X509_NAME) *sk=NULL;
- X509_NAME *name;
- BUF_MEM *buf;
-
- if (s->state == SSL3_ST_SW_CERT_REQ_A)
- {
- buf=s->init_buf;
-
- d=p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH]);
-
- /* get the list of acceptable cert types */
- p++;
- n=ssl3_get_req_cert_type(s,p);
- d[0]=n;
- p+=n;
- n++;
-
- off=n;
- p+=2;
- n+=2;
-
- sk=SSL_get_client_CA_list(s);
- nl=0;
- if (sk != NULL)
- {
- for (i=0; i<sk_X509_NAME_num(sk); i++)
- {
- name=sk_X509_NAME_value(sk,i);
- j=i2d_X509_NAME(name,NULL);
- if (!BUF_MEM_grow_clean(buf,DTLS1_HM_HEADER_LENGTH+n+j+2))
- {
- SSLerr(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
- goto err;
- }
- p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+n]);
- if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
- {
- s2n(j,p);
- i2d_X509_NAME(name,&p);
- n+=2+j;
- nl+=2+j;
- }
- else
- {
- d=p;
- i2d_X509_NAME(name,&p);
- j-=2; s2n(j,d); j+=2;
- n+=j;
- nl+=j;
- }
- }
- }
- /* else no CA names */
- p=(unsigned char *)&(buf->data[DTLS1_HM_HEADER_LENGTH+off]);
- s2n(nl,p);
-
- d=(unsigned char *)buf->data;
- *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
- l2n3(n,d);
- s2n(s->d1->handshake_write_seq,d);
- s->d1->handshake_write_seq++;
-
- /* we should now have things packed up, so lets send
- * it off */
-
- s->init_num=n+DTLS1_HM_HEADER_LENGTH;
- s->init_off=0;
-#ifdef NETSCAPE_HANG_BUG
-/* XXX: what to do about this? */
- p=(unsigned char *)s->init_buf->data + s->init_num;
-
- /* do the header */
- *(p++)=SSL3_MT_SERVER_DONE;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
- s->init_num += 4;
-#endif
-
- /* XDTLS: set message header ? */
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
-
- s->state = SSL3_ST_SW_CERT_REQ_B;
- }
-
- /* SSL3_ST_SW_CERT_REQ_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-int dtls1_send_server_certificate(SSL *s)
- {
- unsigned long l;
- X509 *x;
-
- if (s->state == SSL3_ST_SW_CERT_A)
- {
- x=ssl_get_server_send_cert(s);
- if (x == NULL &&
- /* VRS: allow null cert if auth == KRB5 */
- (s->s3->tmp.new_cipher->algorithms
- & (SSL_MKEY_MASK|SSL_AUTH_MASK))
- != (SSL_aKRB5|SSL_kKRB5))
- {
- SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
- return(0);
- }
-
- l=dtls1_output_cert_chain(s,x);
- s->state=SSL3_ST_SW_CERT_B;
- s->init_num=(int)l;
- s->init_off=0;
-
- /* buffer the message to handle re-xmits */
- dtls1_buffer_message(s, 0);
- }
-
- /* SSL3_ST_SW_CERT_B */
- return(dtls1_do_write(s,SSL3_RT_HANDSHAKE));
- }
diff --git a/crypto/openssl/ssl/dtls1.h b/crypto/openssl/ssl/dtls1.h
deleted file mode 100644
index a663cf8..0000000
--- a/crypto/openssl/ssl/dtls1.h
+++ /dev/null
@@ -1,211 +0,0 @@
-/* ssl/dtls1.h */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DTLS1_H
-#define HEADER_DTLS1_H
-
-#include <openssl/buffer.h>
-#include <openssl/pqueue.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define DTLS1_VERSION 0xFEFF
-#define DTLS1_BAD_VER 0x0100
-
-#define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110
-
-/* lengths of messages */
-#define DTLS1_COOKIE_LENGTH 32
-
-#define DTLS1_RT_HEADER_LENGTH 13
-
-#define DTLS1_HM_HEADER_LENGTH 12
-
-#define DTLS1_HM_BAD_FRAGMENT -2
-#define DTLS1_HM_FRAGMENT_RETRY -3
-
-#define DTLS1_CCS_HEADER_LENGTH 1
-
-#define DTLS1_AL_HEADER_LENGTH 7
-
-
-typedef struct dtls1_bitmap_st
- {
- PQ_64BIT map;
- unsigned long length; /* sizeof the bitmap in bits */
- PQ_64BIT max_seq_num; /* max record number seen so far */
- } DTLS1_BITMAP;
-
-struct hm_header_st
- {
- unsigned char type;
- unsigned long msg_len;
- unsigned short seq;
- unsigned long frag_off;
- unsigned long frag_len;
- unsigned int is_ccs;
- };
-
-struct ccs_header_st
- {
- unsigned char type;
- unsigned short seq;
- };
-
-struct dtls1_timeout_st
- {
- /* Number of read timeouts so far */
- unsigned int read_timeouts;
-
- /* Number of write timeouts so far */
- unsigned int write_timeouts;
-
- /* Number of alerts received so far */
- unsigned int num_alerts;
- };
-
-typedef struct record_pqueue_st
- {
- unsigned short epoch;
- pqueue q;
- } record_pqueue;
-
-typedef struct hm_fragment_st
- {
- struct hm_header_st msg_header;
- unsigned char *fragment;
- } hm_fragment;
-
-typedef struct dtls1_state_st
- {
- unsigned int send_cookie;
- unsigned char cookie[DTLS1_COOKIE_LENGTH];
- unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
- unsigned int cookie_len;
-
- /*
- * The current data and handshake epoch. This is initially
- * undefined, and starts at zero once the initial handshake is
- * completed
- */
- unsigned short r_epoch;
- unsigned short w_epoch;
-
- /* records being received in the current epoch */
- DTLS1_BITMAP bitmap;
-
- /* renegotiation starts a new set of sequence numbers */
- DTLS1_BITMAP next_bitmap;
-
- /* handshake message numbers */
- unsigned short handshake_write_seq;
- unsigned short next_handshake_write_seq;
-
- unsigned short handshake_read_seq;
-
- /* Received handshake records (processed and unprocessed) */
- record_pqueue unprocessed_rcds;
- record_pqueue processed_rcds;
-
- /* Buffered handshake messages */
- pqueue buffered_messages;
-
- /* Buffered (sent) handshake records */
- pqueue sent_messages;
-
- unsigned int mtu; /* max wire packet size */
-
- struct hm_header_st w_msg_hdr;
- struct hm_header_st r_msg_hdr;
-
- struct dtls1_timeout_st timeout;
-
- /* storage for Alert/Handshake protocol data received but not
- * yet processed by ssl3_read_bytes: */
- unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH];
- unsigned int alert_fragment_len;
- unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH];
- unsigned int handshake_fragment_len;
-
- unsigned int retransmitting;
-
- } DTLS1_STATE;
-
-typedef struct dtls1_record_data_st
- {
- unsigned char *packet;
- unsigned int packet_length;
- SSL3_BUFFER rbuf;
- SSL3_RECORD rrec;
- } DTLS1_RECORD_DATA;
-
-
-/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
-#define DTLS1_TMO_READ_COUNT 2
-#define DTLS1_TMO_WRITE_COUNT 2
-
-#define DTLS1_TMO_ALERT_COUNT 12
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
diff --git a/crypto/openssl/ssl/kssl.c b/crypto/openssl/ssl/kssl.c
deleted file mode 100644
index 1064282..0000000
--- a/crypto/openssl/ssl/kssl.c
+++ /dev/null
@@ -1,2203 +0,0 @@
-/* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-
-/* ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl
-**
-** 19990701 VRS Started.
-** 200011?? Jeffrey Altman, Richard Levitte
-** Generalized for Heimdal, Newer MIT, & Win32.
-** Integrated into main OpenSSL 0.9.7 snapshots.
-** 20010413 Simon Wilkinson, VRS
-** Real RFC2712 KerberosWrapper replaces AP_REQ.
-*/
-
-#include <openssl/opensslconf.h>
-
-#define _XOPEN_SOURCE 500 /* glibc2 needs this to declare strptime() */
-#include <time.h>
-#if 0 /* experimental */
-#undef _XOPEN_SOURCE /* To avoid clashes with anything else... */
-#endif
-#include <string.h>
-
-#define KRB5_PRIVATE 1
-
-#include <openssl/ssl.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/krb5_asn.h>
-
-#ifndef OPENSSL_NO_KRB5
-
-#ifndef ENOMEM
-#define ENOMEM KRB5KRB_ERR_GENERIC
-#endif
-
-/*
- * When OpenSSL is built on Windows, we do not want to require that
- * the Kerberos DLLs be available in order for the OpenSSL DLLs to
- * work. Therefore, all Kerberos routines are loaded at run time
- * and we do not link to a .LIB file.
- */
-
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-/*
- * The purpose of the following pre-processor statements is to provide
- * compatibility with different releases of MIT Kerberos for Windows.
- * All versions up to 1.2 used macros. But macros do not allow for
- * a binary compatible interface for DLLs. Therefore, all macros are
- * being replaced by function calls. The following code will allow
- * an OpenSSL DLL built on Windows to work whether or not the macro
- * or function form of the routines are utilized.
- */
-#ifdef krb5_cc_get_principal
-#define NO_DEF_KRB5_CCACHE
-#undef krb5_cc_get_principal
-#endif
-#define krb5_cc_get_principal kssl_krb5_cc_get_principal
-
-#define krb5_free_data_contents kssl_krb5_free_data_contents
-#define krb5_free_context kssl_krb5_free_context
-#define krb5_auth_con_free kssl_krb5_auth_con_free
-#define krb5_free_principal kssl_krb5_free_principal
-#define krb5_mk_req_extended kssl_krb5_mk_req_extended
-#define krb5_get_credentials kssl_krb5_get_credentials
-#define krb5_cc_default kssl_krb5_cc_default
-#define krb5_sname_to_principal kssl_krb5_sname_to_principal
-#define krb5_init_context kssl_krb5_init_context
-#define krb5_free_ticket kssl_krb5_free_ticket
-#define krb5_rd_req kssl_krb5_rd_req
-#define krb5_kt_default kssl_krb5_kt_default
-#define krb5_kt_resolve kssl_krb5_kt_resolve
-/* macros in mit 1.2.2 and earlier; functions in mit 1.2.3 and greater */
-#ifndef krb5_kt_close
-#define krb5_kt_close kssl_krb5_kt_close
-#endif /* krb5_kt_close */
-#ifndef krb5_kt_get_entry
-#define krb5_kt_get_entry kssl_krb5_kt_get_entry
-#endif /* krb5_kt_get_entry */
-#define krb5_auth_con_init kssl_krb5_auth_con_init
-
-#define krb5_principal_compare kssl_krb5_principal_compare
-#define krb5_decrypt_tkt_part kssl_krb5_decrypt_tkt_part
-#define krb5_timeofday kssl_krb5_timeofday
-#define krb5_rc_default kssl_krb5_rc_default
-
-#ifdef krb5_rc_initialize
-#undef krb5_rc_initialize
-#endif
-#define krb5_rc_initialize kssl_krb5_rc_initialize
-
-#ifdef krb5_rc_get_lifespan
-#undef krb5_rc_get_lifespan
-#endif
-#define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan
-
-#ifdef krb5_rc_destroy
-#undef krb5_rc_destroy
-#endif
-#define krb5_rc_destroy kssl_krb5_rc_destroy
-
-#define valid_cksumtype kssl_valid_cksumtype
-#define krb5_checksum_size kssl_krb5_checksum_size
-#define krb5_kt_free_entry kssl_krb5_kt_free_entry
-#define krb5_auth_con_setrcache kssl_krb5_auth_con_setrcache
-#define krb5_auth_con_getrcache kssl_krb5_auth_con_getrcache
-#define krb5_get_server_rcache kssl_krb5_get_server_rcache
-
-/* Prototypes for built in stubs */
-void kssl_krb5_free_data_contents(krb5_context, krb5_data *);
-void kssl_krb5_free_principal(krb5_context, krb5_principal );
-krb5_error_code kssl_krb5_kt_resolve(krb5_context,
- krb5_const char *,
- krb5_keytab *);
-krb5_error_code kssl_krb5_kt_default(krb5_context,
- krb5_keytab *);
-krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *);
-krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *,
- krb5_const krb5_data *,
- krb5_const_principal, krb5_keytab,
- krb5_flags *,krb5_ticket **);
-
-krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal,
- krb5_const_principal);
-krb5_error_code kssl_krb5_mk_req_extended(krb5_context,
- krb5_auth_context *,
- krb5_const krb5_flags,
- krb5_data *,
- krb5_creds *,
- krb5_data * );
-krb5_error_code kssl_krb5_init_context(krb5_context *);
-void kssl_krb5_free_context(krb5_context);
-krb5_error_code kssl_krb5_cc_default(krb5_context,krb5_ccache *);
-krb5_error_code kssl_krb5_sname_to_principal(krb5_context,
- krb5_const char *,
- krb5_const char *,
- krb5_int32,
- krb5_principal *);
-krb5_error_code kssl_krb5_get_credentials(krb5_context,
- krb5_const krb5_flags,
- krb5_ccache,
- krb5_creds *,
- krb5_creds * *);
-krb5_error_code kssl_krb5_auth_con_init(krb5_context,
- krb5_auth_context *);
-krb5_error_code kssl_krb5_cc_get_principal(krb5_context context,
- krb5_ccache cache,
- krb5_principal *principal);
-krb5_error_code kssl_krb5_auth_con_free(krb5_context,krb5_auth_context);
-size_t kssl_krb5_checksum_size(krb5_context context,krb5_cksumtype ctype);
-krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype);
-krb5_error_code krb5_kt_free_entry(krb5_context,krb5_keytab_entry FAR * );
-krb5_error_code kssl_krb5_auth_con_setrcache(krb5_context,
- krb5_auth_context,
- krb5_rcache);
-krb5_error_code kssl_krb5_get_server_rcache(krb5_context,
- krb5_const krb5_data *,
- krb5_rcache *);
-krb5_error_code kssl_krb5_auth_con_getrcache(krb5_context,
- krb5_auth_context,
- krb5_rcache *);
-
-/* Function pointers (almost all Kerberos functions are _stdcall) */
-static void (_stdcall *p_krb5_free_data_contents)(krb5_context, krb5_data *)
- =NULL;
-static void (_stdcall *p_krb5_free_principal)(krb5_context, krb5_principal )
- =NULL;
-static krb5_error_code(_stdcall *p_krb5_kt_resolve)
- (krb5_context, krb5_const char *, krb5_keytab *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_kt_default)(krb5_context,
- krb5_keytab *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_free_ticket)(krb5_context,
- krb5_ticket *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rd_req)(krb5_context,
- krb5_auth_context *,
- krb5_const krb5_data *,
- krb5_const_principal,
- krb5_keytab, krb5_flags *,
- krb5_ticket **)=NULL;
-static krb5_error_code (_stdcall *p_krb5_mk_req_extended)
- (krb5_context, krb5_auth_context *,
- krb5_const krb5_flags, krb5_data *, krb5_creds *,
- krb5_data * )=NULL;
-static krb5_error_code (_stdcall *p_krb5_init_context)(krb5_context *)=NULL;
-static void (_stdcall *p_krb5_free_context)(krb5_context)=NULL;
-static krb5_error_code (_stdcall *p_krb5_cc_default)(krb5_context,
- krb5_ccache *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_sname_to_principal)
- (krb5_context, krb5_const char *, krb5_const char *,
- krb5_int32, krb5_principal *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_get_credentials)
- (krb5_context, krb5_const krb5_flags, krb5_ccache,
- krb5_creds *, krb5_creds **)=NULL;
-static krb5_error_code (_stdcall *p_krb5_auth_con_init)
- (krb5_context, krb5_auth_context *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_cc_get_principal)
- (krb5_context context, krb5_ccache cache,
- krb5_principal *principal)=NULL;
-static krb5_error_code (_stdcall *p_krb5_auth_con_free)
- (krb5_context, krb5_auth_context)=NULL;
-static krb5_error_code (_stdcall *p_krb5_decrypt_tkt_part)
- (krb5_context, krb5_const krb5_keyblock *,
- krb5_ticket *)=NULL;
-static krb5_error_code (_stdcall *p_krb5_timeofday)
- (krb5_context context, krb5_int32 *timeret)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rc_default)
- (krb5_context context, krb5_rcache *rc)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rc_initialize)
- (krb5_context context, krb5_rcache rc,
- krb5_deltat lifespan)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rc_get_lifespan)
- (krb5_context context, krb5_rcache rc,
- krb5_deltat *lifespan)=NULL;
-static krb5_error_code (_stdcall *p_krb5_rc_destroy)
- (krb5_context context, krb5_rcache rc)=NULL;
-static krb5_boolean (_stdcall *p_krb5_principal_compare)
- (krb5_context, krb5_const_principal, krb5_const_principal)=NULL;
-static size_t (_stdcall *p_krb5_checksum_size)(krb5_context context,krb5_cksumtype ctype)=NULL;
-static krb5_boolean (_stdcall *p_valid_cksumtype)(krb5_cksumtype ctype)=NULL;
-static krb5_error_code (_stdcall *p_krb5_kt_free_entry)
- (krb5_context,krb5_keytab_entry * )=NULL;
-static krb5_error_code (_stdcall * p_krb5_auth_con_setrcache)(krb5_context,
- krb5_auth_context,
- krb5_rcache)=NULL;
-static krb5_error_code (_stdcall * p_krb5_get_server_rcache)(krb5_context,
- krb5_const krb5_data *,
- krb5_rcache *)=NULL;
-static krb5_error_code (* p_krb5_auth_con_getrcache)(krb5_context,
- krb5_auth_context,
- krb5_rcache *)=NULL;
-static krb5_error_code (_stdcall * p_krb5_kt_close)(krb5_context context,
- krb5_keytab keytab)=NULL;
-static krb5_error_code (_stdcall * p_krb5_kt_get_entry)(krb5_context context,
- krb5_keytab keytab,
- krb5_const_principal principal, krb5_kvno vno,
- krb5_enctype enctype, krb5_keytab_entry *entry)=NULL;
-static int krb5_loaded = 0; /* only attempt to initialize func ptrs once */
-
-/* Function to Load the Kerberos 5 DLL and initialize function pointers */
-void
-load_krb5_dll(void)
- {
- HANDLE hKRB5_32;
-
- krb5_loaded++;
- hKRB5_32 = LoadLibrary(TEXT("KRB5_32"));
- if (!hKRB5_32)
- return;
-
- (FARPROC) p_krb5_free_data_contents =
- GetProcAddress( hKRB5_32, "krb5_free_data_contents" );
- (FARPROC) p_krb5_free_context =
- GetProcAddress( hKRB5_32, "krb5_free_context" );
- (FARPROC) p_krb5_auth_con_free =
- GetProcAddress( hKRB5_32, "krb5_auth_con_free" );
- (FARPROC) p_krb5_free_principal =
- GetProcAddress( hKRB5_32, "krb5_free_principal" );
- (FARPROC) p_krb5_mk_req_extended =
- GetProcAddress( hKRB5_32, "krb5_mk_req_extended" );
- (FARPROC) p_krb5_get_credentials =
- GetProcAddress( hKRB5_32, "krb5_get_credentials" );
- (FARPROC) p_krb5_cc_get_principal =
- GetProcAddress( hKRB5_32, "krb5_cc_get_principal" );
- (FARPROC) p_krb5_cc_default =
- GetProcAddress( hKRB5_32, "krb5_cc_default" );
- (FARPROC) p_krb5_sname_to_principal =
- GetProcAddress( hKRB5_32, "krb5_sname_to_principal" );
- (FARPROC) p_krb5_init_context =
- GetProcAddress( hKRB5_32, "krb5_init_context" );
- (FARPROC) p_krb5_free_ticket =
- GetProcAddress( hKRB5_32, "krb5_free_ticket" );
- (FARPROC) p_krb5_rd_req =
- GetProcAddress( hKRB5_32, "krb5_rd_req" );
- (FARPROC) p_krb5_principal_compare =
- GetProcAddress( hKRB5_32, "krb5_principal_compare" );
- (FARPROC) p_krb5_decrypt_tkt_part =
- GetProcAddress( hKRB5_32, "krb5_decrypt_tkt_part" );
- (FARPROC) p_krb5_timeofday =
- GetProcAddress( hKRB5_32, "krb5_timeofday" );
- (FARPROC) p_krb5_rc_default =
- GetProcAddress( hKRB5_32, "krb5_rc_default" );
- (FARPROC) p_krb5_rc_initialize =
- GetProcAddress( hKRB5_32, "krb5_rc_initialize" );
- (FARPROC) p_krb5_rc_get_lifespan =
- GetProcAddress( hKRB5_32, "krb5_rc_get_lifespan" );
- (FARPROC) p_krb5_rc_destroy =
- GetProcAddress( hKRB5_32, "krb5_rc_destroy" );
- (FARPROC) p_krb5_kt_default =
- GetProcAddress( hKRB5_32, "krb5_kt_default" );
- (FARPROC) p_krb5_kt_resolve =
- GetProcAddress( hKRB5_32, "krb5_kt_resolve" );
- (FARPROC) p_krb5_auth_con_init =
- GetProcAddress( hKRB5_32, "krb5_auth_con_init" );
- (FARPROC) p_valid_cksumtype =
- GetProcAddress( hKRB5_32, "valid_cksumtype" );
- (FARPROC) p_krb5_checksum_size =
- GetProcAddress( hKRB5_32, "krb5_checksum_size" );
- (FARPROC) p_krb5_kt_free_entry =
- GetProcAddress( hKRB5_32, "krb5_kt_free_entry" );
- (FARPROC) p_krb5_auth_con_setrcache =
- GetProcAddress( hKRB5_32, "krb5_auth_con_setrcache" );
- (FARPROC) p_krb5_get_server_rcache =
- GetProcAddress( hKRB5_32, "krb5_get_server_rcache" );
- (FARPROC) p_krb5_auth_con_getrcache =
- GetProcAddress( hKRB5_32, "krb5_auth_con_getrcache" );
- (FARPROC) p_krb5_kt_close =
- GetProcAddress( hKRB5_32, "krb5_kt_close" );
- (FARPROC) p_krb5_kt_get_entry =
- GetProcAddress( hKRB5_32, "krb5_kt_get_entry" );
- }
-
-/* Stubs for each function to be dynamicly loaded */
-void
-kssl_krb5_free_data_contents(krb5_context CO, krb5_data * data)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_free_data_contents )
- p_krb5_free_data_contents(CO,data);
- }
-
-krb5_error_code
-kssl_krb5_mk_req_extended (krb5_context CO,
- krb5_auth_context * pACO,
- krb5_const krb5_flags F,
- krb5_data * pD1,
- krb5_creds * pC,
- krb5_data * pD2)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_mk_req_extended )
- return(p_krb5_mk_req_extended(CO,pACO,F,pD1,pC,pD2));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-krb5_error_code
-kssl_krb5_auth_con_init(krb5_context CO,
- krb5_auth_context * pACO)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_auth_con_init )
- return(p_krb5_auth_con_init(CO,pACO));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-krb5_error_code
-kssl_krb5_auth_con_free (krb5_context CO,
- krb5_auth_context ACO)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_auth_con_free )
- return(p_krb5_auth_con_free(CO,ACO));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-krb5_error_code
-kssl_krb5_get_credentials(krb5_context CO,
- krb5_const krb5_flags F,
- krb5_ccache CC,
- krb5_creds * pCR,
- krb5_creds ** ppCR)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_get_credentials )
- return(p_krb5_get_credentials(CO,F,CC,pCR,ppCR));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-krb5_error_code
-kssl_krb5_sname_to_principal(krb5_context CO,
- krb5_const char * pC1,
- krb5_const char * pC2,
- krb5_int32 I,
- krb5_principal * pPR)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_sname_to_principal )
- return(p_krb5_sname_to_principal(CO,pC1,pC2,I,pPR));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_cc_default(krb5_context CO,
- krb5_ccache * pCC)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_cc_default )
- return(p_krb5_cc_default(CO,pCC));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_init_context(krb5_context * pCO)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_init_context )
- return(p_krb5_init_context(pCO));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-void
-kssl_krb5_free_context(krb5_context CO)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_free_context )
- p_krb5_free_context(CO);
- }
-
-void
-kssl_krb5_free_principal(krb5_context c, krb5_principal p)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_free_principal )
- p_krb5_free_principal(c,p);
- }
-
-krb5_error_code
-kssl_krb5_kt_resolve(krb5_context con,
- krb5_const char * sz,
- krb5_keytab * kt)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_kt_resolve )
- return(p_krb5_kt_resolve(con,sz,kt));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_kt_default(krb5_context con,
- krb5_keytab * kt)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_kt_default )
- return(p_krb5_kt_default(con,kt));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_free_ticket(krb5_context con,
- krb5_ticket * kt)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_free_ticket )
- return(p_krb5_free_ticket(con,kt));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_rd_req(krb5_context con, krb5_auth_context * pacon,
- krb5_const krb5_data * data,
- krb5_const_principal princ, krb5_keytab keytab,
- krb5_flags * flags, krb5_ticket ** pptkt)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_rd_req )
- return(p_krb5_rd_req(con,pacon,data,princ,keytab,flags,pptkt));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_boolean
-krb5_principal_compare(krb5_context con, krb5_const_principal princ1,
- krb5_const_principal princ2)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_principal_compare )
- return(p_krb5_principal_compare(con,princ1,princ2));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-krb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys,
- krb5_ticket *ticket)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_decrypt_tkt_part )
- return(p_krb5_decrypt_tkt_part(con,keys,ticket));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-krb5_timeofday(krb5_context con, krb5_int32 *timeret)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_timeofday )
- return(p_krb5_timeofday(con,timeret));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-krb5_rc_default(krb5_context con, krb5_rcache *rc)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_rc_default )
- return(p_krb5_rc_default(con,rc));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-krb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_rc_initialize )
- return(p_krb5_rc_initialize(con, rc, lifespan));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-krb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_rc_get_lifespan )
- return(p_krb5_rc_get_lifespan(con, rc, lifespanp));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-krb5_rc_destroy(krb5_context con, krb5_rcache rc)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_rc_destroy )
- return(p_krb5_rc_destroy(con, rc));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-size_t
-krb5_checksum_size(krb5_context context,krb5_cksumtype ctype)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_checksum_size )
- return(p_krb5_checksum_size(context, ctype));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_boolean
-valid_cksumtype(krb5_cksumtype ctype)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_valid_cksumtype )
- return(p_valid_cksumtype(ctype));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-krb5_kt_free_entry(krb5_context con,krb5_keytab_entry * entry)
- {
- if (!krb5_loaded)
- load_krb5_dll();
-
- if ( p_krb5_kt_free_entry )
- return(p_krb5_kt_free_entry(con,entry));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-/* Structure definitions */
-#ifndef NO_DEF_KRB5_CCACHE
-#ifndef krb5_x
-#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
-#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
-#endif
-
-typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */
-
-typedef struct _krb5_ccache
- {
- krb5_magic magic;
- struct _krb5_cc_ops FAR *ops;
- krb5_pointer data;
- } *krb5_ccache;
-
-typedef struct _krb5_cc_ops
- {
- krb5_magic magic;
- char *prefix;
- char * (KRB5_CALLCONV *get_name)
- (krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *resolve)
- (krb5_context, krb5_ccache *, const char *);
- krb5_error_code (KRB5_CALLCONV *gen_new)
- (krb5_context, krb5_ccache *);
- krb5_error_code (KRB5_CALLCONV *init)
- (krb5_context, krb5_ccache, krb5_principal);
- krb5_error_code (KRB5_CALLCONV *destroy)
- (krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *close)
- (krb5_context, krb5_ccache);
- krb5_error_code (KRB5_CALLCONV *store)
- (krb5_context, krb5_ccache, krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *retrieve)
- (krb5_context, krb5_ccache,
- krb5_flags, krb5_creds *, krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *get_princ)
- (krb5_context, krb5_ccache, krb5_principal *);
- krb5_error_code (KRB5_CALLCONV *get_first)
- (krb5_context, krb5_ccache, krb5_cc_cursor *);
- krb5_error_code (KRB5_CALLCONV *get_next)
- (krb5_context, krb5_ccache,
- krb5_cc_cursor *, krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *end_get)
- (krb5_context, krb5_ccache, krb5_cc_cursor *);
- krb5_error_code (KRB5_CALLCONV *remove_cred)
- (krb5_context, krb5_ccache,
- krb5_flags, krb5_creds *);
- krb5_error_code (KRB5_CALLCONV *set_flags)
- (krb5_context, krb5_ccache, krb5_flags);
- } krb5_cc_ops;
-#endif /* NO_DEF_KRB5_CCACHE */
-
-krb5_error_code
-kssl_krb5_cc_get_principal
- (krb5_context context, krb5_ccache cache,
- krb5_principal *principal)
- {
- if ( p_krb5_cc_get_principal )
- return(p_krb5_cc_get_principal(context,cache,principal));
- else
- return(krb5_x
- ((cache)->ops->get_princ,(context, cache, principal)));
- }
-
-krb5_error_code
-kssl_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon,
- krb5_rcache rcache)
- {
- if ( p_krb5_auth_con_setrcache )
- return(p_krb5_auth_con_setrcache(con,acon,rcache));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data * data,
- krb5_rcache * rcache)
- {
- if ( p_krb5_get_server_rcache )
- return(p_krb5_get_server_rcache(con,data,rcache));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon,
- krb5_rcache * prcache)
- {
- if ( p_krb5_auth_con_getrcache )
- return(p_krb5_auth_con_getrcache(con,acon, prcache));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_kt_close(krb5_context context, krb5_keytab keytab)
- {
- if ( p_krb5_kt_close )
- return(p_krb5_kt_close(context,keytab));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-
-krb5_error_code
-kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
- krb5_const_principal principal, krb5_kvno vno,
- krb5_enctype enctype, krb5_keytab_entry *entry)
- {
- if ( p_krb5_kt_get_entry )
- return(p_krb5_kt_get_entry(context,keytab,principal,vno,enctype,entry));
- else
- return KRB5KRB_ERR_GENERIC;
- }
-#endif /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */
-
-
-/* memory allocation functions for non-temporary storage
- * (e.g. stuff that gets saved into the kssl context) */
-static void* kssl_calloc(size_t nmemb, size_t size)
-{
- void* p;
-
- p=OPENSSL_malloc(nmemb*size);
- if (p){
- memset(p, 0, nmemb*size);
- }
- return p;
-}
-
-#define kssl_malloc(size) OPENSSL_malloc((size))
-#define kssl_realloc(ptr, size) OPENSSL_realloc(ptr, size)
-#define kssl_free(ptr) OPENSSL_free((ptr))
-
-
-char
-*kstring(char *string)
- {
- static char *null = "[NULL]";
-
- return ((string == NULL)? null: string);
- }
-
-/* Given KRB5 enctype (basically DES or 3DES),
-** return closest match openssl EVP_ encryption algorithm.
-** Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes.
-** Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK.
-*/
-const EVP_CIPHER *
-kssl_map_enc(krb5_enctype enctype)
- {
- switch (enctype)
- {
- case ENCTYPE_DES_HMAC_SHA1: /* EVP_des_cbc(); */
- case ENCTYPE_DES_CBC_CRC:
- case ENCTYPE_DES_CBC_MD4:
- case ENCTYPE_DES_CBC_MD5:
- case ENCTYPE_DES_CBC_RAW:
- return EVP_des_cbc();
- break;
- case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
- case ENCTYPE_DES3_CBC_SHA:
- case ENCTYPE_DES3_CBC_RAW:
- return EVP_des_ede3_cbc();
- break;
- default: return NULL;
- break;
- }
- }
-
-
-/* Return true:1 if p "looks like" the start of the real authenticator
-** described in kssl_skip_confound() below. The ASN.1 pattern is
-** "62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and
-** xx and yy are possibly multi-byte length fields.
-*/
-int kssl_test_confound(unsigned char *p)
- {
- int len = 2;
- int xx = 0, yy = 0;
-
- if (*p++ != 0x62) return 0;
- if (*p > 0x82) return 0;
- switch(*p) {
- case 0x82: p++; xx = (*p++ << 8); xx += *p++; break;
- case 0x81: p++; xx = *p++; break;
- case 0x80: return 0;
- default: xx = *p++; break;
- }
- if (*p++ != 0x30) return 0;
- if (*p > 0x82) return 0;
- switch(*p) {
- case 0x82: p++; len+=2; yy = (*p++ << 8); yy += *p++; break;
- case 0x81: p++; len++; yy = *p++; break;
- case 0x80: return 0;
- default: yy = *p++; break;
- }
-
- return (xx - len == yy)? 1: 0;
- }
-
-/* Allocate, fill, and return cksumlens array of checksum lengths.
-** This array holds just the unique elements from the krb5_cksumarray[].
-** array[n] == 0 signals end of data.
-**
-** The krb5_cksumarray[] was an internal variable that has since been
-** replaced by a more general method for storing the data. It should
-** not be used. Instead we use real API calls and make a guess for
-** what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2
-** it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010.
-*/
-size_t *populate_cksumlens(void)
- {
- int i, j, n;
- static size_t *cklens = NULL;
-
-#ifdef KRB5_MIT_OLD11
- n = krb5_max_cksum;
-#else
- n = 0x0010;
-#endif /* KRB5_MIT_OLD11 */
-
-#ifdef KRB5CHECKAUTH
- if (!cklens && !(cklens = (size_t *) calloc(sizeof(int),n+1))) return NULL;
-
- for (i=0; i < n; i++) {
- if (!valid_cksumtype(i)) continue; /* array has holes */
- for (j=0; j < n; j++) {
- if (cklens[j] == 0) {
- cklens[j] = krb5_checksum_size(NULL,i);
- break; /* krb5 elem was new: add */
- }
- if (cklens[j] == krb5_checksum_size(NULL,i)) {
- break; /* ignore duplicate elements */
- }
- }
- }
-#endif /* KRB5CHECKAUTH */
-
- return cklens;
- }
-
-/* Return pointer to start of real authenticator within authenticator, or
-** return NULL on error.
-** Decrypted authenticator looks like this:
-** [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r]
-** This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the
-** krb5_auth_con_getcksumtype() function advertised in its krb5.h.
-*/
-unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a)
- {
- int i, conlen;
- size_t cklen;
- static size_t *cksumlens = NULL;
- unsigned char *test_auth;
-
- conlen = (etype)? 8: 0;
-
- if (!cksumlens && !(cksumlens = populate_cksumlens())) return NULL;
- for (i=0; (cklen = cksumlens[i]) != 0; i++)
- {
- test_auth = a + conlen + cklen;
- if (kssl_test_confound(test_auth)) return test_auth;
- }
-
- return NULL;
- }
-
-
-/* Set kssl_err error info when reason text is a simple string
-** kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; }
-*/
-void
-kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text)
- {
- if (kssl_err == NULL) return;
-
- kssl_err->reason = reason;
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, text);
- return;
- }
-
-
-/* Display contents of krb5_data struct, for debugging
-*/
-void
-print_krb5_data(char *label, krb5_data *kdata)
- {
- int i;
-
- printf("%s[%d] ", label, kdata->length);
- for (i=0; i < (int)kdata->length; i++)
- {
- if (0 && isprint((int) kdata->data[i]))
- printf( "%c ", kdata->data[i]);
- else
- printf( "%02x ", (unsigned char) kdata->data[i]);
- }
- printf("\n");
- }
-
-
-/* Display contents of krb5_authdata struct, for debugging
-*/
-void
-print_krb5_authdata(char *label, krb5_authdata **adata)
- {
- if (adata == NULL)
- {
- printf("%s, authdata==0\n", label);
- return;
- }
- printf("%s [%p]\n", label, (void *)adata);
-#if 0
- {
- int i;
- printf("%s[at%d:%d] ", label, adata->ad_type, adata->length);
- for (i=0; i < adata->length; i++)
- {
- printf((isprint(adata->contents[i]))? "%c ": "%02x",
- adata->contents[i]);
- }
- printf("\n");
- }
-#endif
- }
-
-
-/* Display contents of krb5_keyblock struct, for debugging
-*/
-void
-print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
- {
- int i;
-
- if (keyblk == NULL)
- {
- printf("%s, keyblk==0\n", label);
- return;
- }
-#ifdef KRB5_HEIMDAL
- printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype,
- keyblk->keyvalue->length);
- for (i=0; i < (int)keyblk->keyvalue->length; i++)
- {
- printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
- }
- printf("\n");
-#else
- printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
- for (i=0; i < (int)keyblk->length; i++)
- {
- printf("%02x",keyblk->contents[i]);
- }
- printf("\n");
-#endif
- }
-
-
-/* Display contents of krb5_principal_data struct, for debugging
-** (krb5_principal is typedef'd == krb5_principal_data *)
-*/
-void
-print_krb5_princ(char *label, krb5_principal_data *princ)
- {
- int i, ui, uj;
-
- printf("%s principal Realm: ", label);
- if (princ == NULL) return;
- for (ui=0; ui < (int)princ->realm.length; ui++) putchar(princ->realm.data[ui]);
- printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);
- for (i=0; i < (int)princ->length; i++)
- {
- printf("\t%d [%d]: ", i, princ->data[i].length);
- for (uj=0; uj < (int)princ->data[i].length; uj++) {
- putchar(princ->data[i].data[uj]);
- }
- printf("\n");
- }
- return;
- }
-
-
-/* Given krb5 service (typically "kssl") and hostname in kssl_ctx,
-** Return encrypted Kerberos ticket for service @ hostname.
-** If authenp is non-NULL, also return encrypted authenticator,
-** whose data should be freed by caller.
-** (Originally was: Create Kerberos AP_REQ message for SSL Client.)
-**
-** 19990628 VRS Started; Returns Kerberos AP_REQ message.
-** 20010409 VRS Modified for RFC2712; Returns enc tkt.
-** 20010606 VRS May also return optional authenticator.
-*/
-krb5_error_code
-kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
- /* OUT */ krb5_data **enc_ticketp,
- /* UPDATE */ krb5_data *authenp,
- /* OUT */ KSSL_ERR *kssl_err)
- {
- krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
- krb5_context krb5context = NULL;
- krb5_auth_context krb5auth_context = NULL;
- krb5_ccache krb5ccdef = NULL;
- krb5_creds krb5creds, *krb5credsp = NULL;
- krb5_data krb5_app_req;
-
- kssl_err_set(kssl_err, 0, "");
- memset((char *)&krb5creds, 0, sizeof(krb5creds));
-
- if (!kssl_ctx)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "No kssl_ctx defined.\n");
- goto err;
- }
- else if (!kssl_ctx->service_host)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "kssl_ctx service_host undefined.\n");
- goto err;
- }
-
- if ((krb5rc = krb5_init_context(&krb5context)) != 0)
- {
- BIO_snprintf(kssl_err->text,KSSL_ERR_MAX,
- "krb5_init_context() fails: %d\n", krb5rc);
- kssl_err->reason = SSL_R_KRB5_C_INIT;
- goto err;
- }
-
- if ((krb5rc = krb5_sname_to_principal(krb5context,
- kssl_ctx->service_host,
- (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
- KRB5_NT_SRV_HST, &krb5creds.server)) != 0)
- {
- BIO_snprintf(kssl_err->text,KSSL_ERR_MAX,
- "krb5_sname_to_principal() fails for %s/%s\n",
- kssl_ctx->service_host,
- (kssl_ctx->service_name)? kssl_ctx->service_name:
- KRB5SVC);
- kssl_err->reason = SSL_R_KRB5_C_INIT;
- goto err;
- }
-
- if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
- "krb5_cc_default fails.\n");
- goto err;
- }
-
- if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
- &krb5creds.client)) != 0)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
- "krb5_cc_get_principal() fails.\n");
- goto err;
- }
-
- if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
- &krb5creds, &krb5credsp)) != 0)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED,
- "krb5_get_credentials() fails.\n");
- goto err;
- }
-
- *enc_ticketp = &krb5credsp->ticket;
-#ifdef KRB5_HEIMDAL
- kssl_ctx->enctype = krb5credsp->session.keytype;
-#else
- kssl_ctx->enctype = krb5credsp->keyblock.enctype;
-#endif
-
- krb5rc = KRB5KRB_ERR_GENERIC;
- /* caller should free data of krb5_app_req */
- /* 20010406 VRS deleted for real KerberosWrapper
- ** 20010605 VRS reinstated to offer Authenticator to KerberosWrapper
- */
- krb5_app_req.length = 0;
- if (authenp)
- {
- krb5_data krb5in_data;
- const unsigned char *p;
- long arlen;
- KRB5_APREQBODY *ap_req;
-
- authenp->length = 0;
- krb5in_data.data = NULL;
- krb5in_data.length = 0;
- if ((krb5rc = krb5_mk_req_extended(krb5context,
- &krb5auth_context, 0, &krb5in_data, krb5credsp,
- &krb5_app_req)) != 0)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ,
- "krb5_mk_req_extended() fails.\n");
- goto err;
- }
-
- arlen = krb5_app_req.length;
- p = (unsigned char *)krb5_app_req.data;
- ap_req = (KRB5_APREQBODY *) d2i_KRB5_APREQ(NULL, &p, arlen);
- if (ap_req)
- {
- authenp->length = i2d_KRB5_ENCDATA(
- ap_req->authenticator, NULL);
- if (authenp->length &&
- (authenp->data = malloc(authenp->length)))
- {
- unsigned char *adp = (unsigned char *)authenp->data;
- authenp->length = i2d_KRB5_ENCDATA(
- ap_req->authenticator, &adp);
- }
- }
-
- if (ap_req) KRB5_APREQ_free((KRB5_APREQ *) ap_req);
- if (krb5_app_req.length)
- kssl_krb5_free_data_contents(krb5context,&krb5_app_req);
- }
-#ifdef KRB5_HEIMDAL
- if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
- "kssl_ctx_setkey() fails.\n");
- }
-#else
- if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
- "kssl_ctx_setkey() fails.\n");
- }
-#endif
- else krb5rc = 0;
-
- err:
-#ifdef KSSL_DEBUG
- kssl_ctx_show(kssl_ctx);
-#endif /* KSSL_DEBUG */
-
- if (krb5creds.client) krb5_free_principal(krb5context,
- krb5creds.client);
- if (krb5creds.server) krb5_free_principal(krb5context,
- krb5creds.server);
- if (krb5auth_context) krb5_auth_con_free(krb5context,
- krb5auth_context);
- if (krb5context) krb5_free_context(krb5context);
- return (krb5rc);
- }
-
-
-/* Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.
-** Return Kerberos error code and kssl_err struct on error.
-** Allocates krb5_ticket and krb5_principal; caller should free these.
-**
-** 20010410 VRS Implemented krb5_decode_ticket() as
-** old_krb5_decode_ticket(). Missing from MIT1.0.6.
-** 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions.
-** Re-used some of the old krb5_decode_ticket()
-** code here. This tkt should alloc/free just
-** like the real thing.
-*/
-krb5_error_code
-kssl_TKT2tkt( /* IN */ krb5_context krb5context,
- /* IN */ KRB5_TKTBODY *asn1ticket,
- /* OUT */ krb5_ticket **krb5ticket,
- /* OUT */ KSSL_ERR *kssl_err )
- {
- krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
- krb5_ticket *new5ticket = NULL;
- ASN1_GENERALSTRING *gstr_svc, *gstr_host;
-
- *krb5ticket = NULL;
-
- if (asn1ticket == NULL || asn1ticket->realm == NULL ||
- asn1ticket->sname == NULL ||
- sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2)
- {
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "Null field in asn1ticket.\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- return KRB5KRB_ERR_GENERIC;
- }
-
- if ((new5ticket = (krb5_ticket *) calloc(1, sizeof(krb5_ticket)))==NULL)
- {
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "Unable to allocate new krb5_ticket.\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- return ENOMEM; /* or KRB5KRB_ERR_GENERIC; */
- }
-
- gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0);
- gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1);
-
- if ((krb5rc = kssl_build_principal_2(krb5context,
- &new5ticket->server,
- asn1ticket->realm->length, (char *)asn1ticket->realm->data,
- gstr_svc->length, (char *)gstr_svc->data,
- gstr_host->length, (char *)gstr_host->data)) != 0)
- {
- free(new5ticket);
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "Error building ticket server principal.\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- return krb5rc; /* or KRB5KRB_ERR_GENERIC; */
- }
-
- krb5_princ_type(krb5context, new5ticket->server) =
- asn1ticket->sname->nametype->data[0];
- new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0];
- new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0];
- new5ticket->enc_part.ciphertext.length =
- asn1ticket->encdata->cipher->length;
- if ((new5ticket->enc_part.ciphertext.data =
- calloc(1, asn1ticket->encdata->cipher->length)) == NULL)
- {
- free(new5ticket);
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "Error allocating cipher in krb5ticket.\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- return KRB5KRB_ERR_GENERIC;
- }
- else
- {
- memcpy(new5ticket->enc_part.ciphertext.data,
- asn1ticket->encdata->cipher->data,
- asn1ticket->encdata->cipher->length);
- }
-
- *krb5ticket = new5ticket;
- return 0;
- }
-
-
-/* Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
-** and krb5 AP_REQ message & message length,
-** Return Kerberos session key and client principle
-** to SSL Server in KSSL_CTX *kssl_ctx.
-**
-** 19990702 VRS Started.
-*/
-krb5_error_code
-kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx,
- /* IN */ krb5_data *indata,
- /* OUT */ krb5_ticket_times *ttimes,
- /* OUT */ KSSL_ERR *kssl_err )
- {
- krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
- static krb5_context krb5context = NULL;
- static krb5_auth_context krb5auth_context = NULL;
- krb5_ticket *krb5ticket = NULL;
- KRB5_TKTBODY *asn1ticket = NULL;
- const unsigned char *p;
- krb5_keytab krb5keytab = NULL;
- krb5_keytab_entry kt_entry;
- krb5_principal krb5server;
- krb5_rcache rcache = NULL;
-
- kssl_err_set(kssl_err, 0, "");
-
- if (!kssl_ctx)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "No kssl_ctx defined.\n");
- goto err;
- }
-
-#ifdef KSSL_DEBUG
- printf("in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name));
-#endif /* KSSL_DEBUG */
-
- if (!krb5context && (krb5rc = krb5_init_context(&krb5context)))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_init_context() fails.\n");
- goto err;
- }
- if (krb5auth_context &&
- (krb5rc = krb5_auth_con_free(krb5context, krb5auth_context)))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_auth_con_free() fails.\n");
- goto err;
- }
- else krb5auth_context = NULL;
- if (!krb5auth_context &&
- (krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context)))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_auth_con_init() fails.\n");
- goto err;
- }
-
-
- if ((krb5rc = krb5_auth_con_getrcache(krb5context, krb5auth_context,
- &rcache)))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_auth_con_getrcache() fails.\n");
- goto err;
- }
-
- if ((krb5rc = krb5_sname_to_principal(krb5context, NULL,
- (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
- KRB5_NT_SRV_HST, &krb5server)) != 0)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_sname_to_principal() fails.\n");
- goto err;
- }
-
- if (rcache == NULL)
- {
- if ((krb5rc = krb5_get_server_rcache(krb5context,
- krb5_princ_component(krb5context, krb5server, 0),
- &rcache)))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_get_server_rcache() fails.\n");
- goto err;
- }
- }
-
- if ((krb5rc = krb5_auth_con_setrcache(krb5context, krb5auth_context, rcache)))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_auth_con_setrcache() fails.\n");
- goto err;
- }
-
-
- /* kssl_ctx->keytab_file == NULL ==> use Kerberos default
- */
- if (kssl_ctx->keytab_file)
- {
- krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
- &krb5keytab);
- if (krb5rc)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_kt_resolve() fails.\n");
- goto err;
- }
- }
- else
- {
- krb5rc = krb5_kt_default(krb5context,&krb5keytab);
- if (krb5rc)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "krb5_kt_default() fails.\n");
- goto err;
- }
- }
-
- /* Actual Kerberos5 krb5_recvauth() has initial conversation here
- ** o check KRB5_SENDAUTH_BADAUTHVERS
- ** unless KRB5_RECVAUTH_SKIP_VERSION
- ** o check KRB5_SENDAUTH_BADAPPLVERS
- ** o send "0" msg if all OK
- */
-
- /* 20010411 was using AP_REQ instead of true KerberosWrapper
- **
- ** if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context,
- ** &krb5in_data, krb5server, krb5keytab,
- ** &ap_option, &krb5ticket)) != 0) { Error }
- */
-
- p = (unsigned char *)indata->data;
- if ((asn1ticket = (KRB5_TKTBODY *) d2i_KRB5_TICKET(NULL, &p,
- (long) indata->length)) == NULL)
- {
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "d2i_KRB5_TICKET() ASN.1 decode failure.\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- goto err;
- }
-
- /* Was: krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0) */
- if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket,
- kssl_err)) != 0)
- {
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "Error converting ASN.1 ticket to krb5_ticket.\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- goto err;
- }
-
- if (! krb5_principal_compare(krb5context, krb5server,
- krb5ticket->server)) {
- krb5rc = KRB5_PRINC_NOMATCH;
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "server principal != ticket principal\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- goto err;
- }
- if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
- krb5ticket->server, krb5ticket->enc_part.kvno,
- krb5ticket->enc_part.enctype, &kt_entry)) != 0) {
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "krb5_kt_get_entry() fails with %x.\n", krb5rc);
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- goto err;
- }
- if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key,
- krb5ticket)) != 0) {
- BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
- "krb5_decrypt_tkt_part() failed.\n");
- kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
- goto err;
- }
- else {
- krb5_kt_free_entry(krb5context, &kt_entry);
-#ifdef KSSL_DEBUG
- {
- int i; krb5_address **paddr = krb5ticket->enc_part2->caddrs;
- printf("Decrypted ticket fields:\n");
- printf("\tflags: %X, transit-type: %X",
- krb5ticket->enc_part2->flags,
- krb5ticket->enc_part2->transited.tr_type);
- print_krb5_data("\ttransit-data: ",
- &(krb5ticket->enc_part2->transited.tr_contents));
- printf("\tcaddrs: %p, authdata: %p\n",
- krb5ticket->enc_part2->caddrs,
- krb5ticket->enc_part2->authorization_data);
- if (paddr)
- {
- printf("\tcaddrs:\n");
- for (i=0; paddr[i] != NULL; i++)
- {
- krb5_data d;
- d.length=paddr[i]->length;
- d.data=paddr[i]->contents;
- print_krb5_data("\t\tIP: ", &d);
- }
- }
- printf("\tstart/auth/end times: %d / %d / %d\n",
- krb5ticket->enc_part2->times.starttime,
- krb5ticket->enc_part2->times.authtime,
- krb5ticket->enc_part2->times.endtime);
- }
-#endif /* KSSL_DEBUG */
- }
-
- krb5rc = KRB5_NO_TKT_SUPPLIED;
- if (!krb5ticket || !krb5ticket->enc_part2 ||
- !krb5ticket->enc_part2->client ||
- !krb5ticket->enc_part2->client->data ||
- !krb5ticket->enc_part2->session)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
- "bad ticket from krb5_rd_req.\n");
- }
- else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
- &krb5ticket->enc_part2->client->realm,
- krb5ticket->enc_part2->client->data,
- krb5ticket->enc_part2->client->length))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
- "kssl_ctx_setprinc() fails.\n");
- }
- else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
- "kssl_ctx_setkey() fails.\n");
- }
- else if (krb5ticket->enc_part2->flags & TKT_FLG_INVALID)
- {
- krb5rc = KRB5KRB_AP_ERR_TKT_INVALID;
- kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
- "invalid ticket from krb5_rd_req.\n");
- }
- else krb5rc = 0;
-
- kssl_ctx->enctype = krb5ticket->enc_part.enctype;
- ttimes->authtime = krb5ticket->enc_part2->times.authtime;
- ttimes->starttime = krb5ticket->enc_part2->times.starttime;
- ttimes->endtime = krb5ticket->enc_part2->times.endtime;
- ttimes->renew_till = krb5ticket->enc_part2->times.renew_till;
-
- err:
-#ifdef KSSL_DEBUG
- kssl_ctx_show(kssl_ctx);
-#endif /* KSSL_DEBUG */
-
- if (asn1ticket) KRB5_TICKET_free((KRB5_TICKET *) asn1ticket);
- if (krb5keytab) krb5_kt_close(krb5context, krb5keytab);
- if (krb5ticket) krb5_free_ticket(krb5context, krb5ticket);
- if (krb5server) krb5_free_principal(krb5context, krb5server);
- return (krb5rc);
- }
-
-
-/* Allocate & return a new kssl_ctx struct.
-*/
-KSSL_CTX *
-kssl_ctx_new(void)
- {
- return ((KSSL_CTX *) kssl_calloc(1, sizeof(KSSL_CTX)));
- }
-
-
-/* Frees a kssl_ctx struct and any allocated memory it holds.
-** Returns NULL.
-*/
-KSSL_CTX *
-kssl_ctx_free(KSSL_CTX *kssl_ctx)
- {
- if (kssl_ctx == NULL) return kssl_ctx;
-
- if (kssl_ctx->key) OPENSSL_cleanse(kssl_ctx->key,
- kssl_ctx->length);
- if (kssl_ctx->key) kssl_free(kssl_ctx->key);
- if (kssl_ctx->client_princ) kssl_free(kssl_ctx->client_princ);
- if (kssl_ctx->service_host) kssl_free(kssl_ctx->service_host);
- if (kssl_ctx->service_name) kssl_free(kssl_ctx->service_name);
- if (kssl_ctx->keytab_file) kssl_free(kssl_ctx->keytab_file);
-
- kssl_free(kssl_ctx);
- return (KSSL_CTX *) NULL;
- }
-
-
-/* Given an array of (krb5_data *) entity (and optional realm),
-** set the plain (char *) client_princ or service_host member
-** of the kssl_ctx struct.
-*/
-krb5_error_code
-kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
- krb5_data *realm, krb5_data *entity, int nentities)
- {
- char **princ;
- int length;
- int i;
-
- if (kssl_ctx == NULL || entity == NULL) return KSSL_CTX_ERR;
-
- switch (which)
- {
- case KSSL_CLIENT: princ = &kssl_ctx->client_princ; break;
- case KSSL_SERVER: princ = &kssl_ctx->service_host; break;
- default: return KSSL_CTX_ERR; break;
- }
- if (*princ) kssl_free(*princ);
-
- /* Add up all the entity->lengths */
- length = 0;
- for (i=0; i < nentities; i++)
- {
- length += entity[i].length;
- }
- /* Add in space for the '/' character(s) (if any) */
- length += nentities-1;
- /* Space for the ('@'+realm+NULL | NULL) */
- length += ((realm)? realm->length + 2: 1);
-
- if ((*princ = kssl_calloc(1, length)) == NULL)
- return KSSL_CTX_ERR;
- else
- {
- for (i = 0; i < nentities; i++)
- {
- strncat(*princ, entity[i].data, entity[i].length);
- if (i < nentities-1)
- {
- strcat (*princ, "/");
- }
- }
- if (realm)
- {
- strcat (*princ, "@");
- (void) strncat(*princ, realm->data, realm->length);
- }
- }
-
- return KSSL_CTX_OK;
- }
-
-
-/* Set one of the plain (char *) string members of the kssl_ctx struct.
-** Default values should be:
-** which == KSSL_SERVICE => "khost" (KRB5SVC)
-** which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB)
-*/
-krb5_error_code
-kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)
- {
- char **string;
-
- if (!kssl_ctx) return KSSL_CTX_ERR;
-
- switch (which)
- {
- case KSSL_SERVICE: string = &kssl_ctx->service_name; break;
- case KSSL_SERVER: string = &kssl_ctx->service_host; break;
- case KSSL_CLIENT: string = &kssl_ctx->client_princ; break;
- case KSSL_KEYTAB: string = &kssl_ctx->keytab_file; break;
- default: return KSSL_CTX_ERR; break;
- }
- if (*string) kssl_free(*string);
-
- if (!text)
- {
- *string = '\0';
- return KSSL_CTX_OK;
- }
-
- if ((*string = kssl_calloc(1, strlen(text) + 1)) == NULL)
- return KSSL_CTX_ERR;
- else
- strcpy(*string, text);
-
- return KSSL_CTX_OK;
- }
-
-
-/* Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx
-** struct. Clear kssl_ctx->key if Kerberos session key is NULL.
-*/
-krb5_error_code
-kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
- {
- int length;
- krb5_enctype enctype;
- krb5_octet FAR *contents = NULL;
-
- if (!kssl_ctx) return KSSL_CTX_ERR;
-
- if (kssl_ctx->key)
- {
- OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
- kssl_free(kssl_ctx->key);
- }
-
- if (session)
- {
-
-#ifdef KRB5_HEIMDAL
- length = session->keyvalue->length;
- enctype = session->keytype;
- contents = session->keyvalue->contents;
-#else
- length = session->length;
- enctype = session->enctype;
- contents = session->contents;
-#endif
- kssl_ctx->enctype = enctype;
- kssl_ctx->length = length;
- }
- else
- {
- kssl_ctx->enctype = ENCTYPE_UNKNOWN;
- kssl_ctx->length = 0;
- return KSSL_CTX_OK;
- }
-
- if ((kssl_ctx->key =
- (krb5_octet FAR *) kssl_calloc(1, kssl_ctx->length)) == NULL)
- {
- kssl_ctx->length = 0;
- return KSSL_CTX_ERR;
- }
- else
- memcpy(kssl_ctx->key, contents, length);
-
- return KSSL_CTX_OK;
- }
-
-
-/* Display contents of kssl_ctx struct
-*/
-void
-kssl_ctx_show(KSSL_CTX *kssl_ctx)
- {
- int i;
-
- printf("kssl_ctx: ");
- if (kssl_ctx == NULL)
- {
- printf("NULL\n");
- return;
- }
- else
- printf("%p\n", (void *)kssl_ctx);
-
- printf("\tservice:\t%s\n",
- (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL");
- printf("\tclient:\t%s\n",
- (kssl_ctx->client_princ)? kssl_ctx->client_princ: "NULL");
- printf("\tserver:\t%s\n",
- (kssl_ctx->service_host)? kssl_ctx->service_host: "NULL");
- printf("\tkeytab:\t%s\n",
- (kssl_ctx->keytab_file)? kssl_ctx->keytab_file: "NULL");
- printf("\tkey [%d:%d]:\t",
- kssl_ctx->enctype, kssl_ctx->length);
-
- for (i=0; i < kssl_ctx->length && kssl_ctx->key; i++)
- {
- printf("%02x", kssl_ctx->key[i]);
- }
- printf("\n");
- return;
- }
-
- int
- kssl_keytab_is_available(KSSL_CTX *kssl_ctx)
-{
- krb5_context krb5context = NULL;
- krb5_keytab krb5keytab = NULL;
- krb5_keytab_entry entry;
- krb5_principal princ = NULL;
- krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
- int rc = 0;
-
- if ((krb5rc = krb5_init_context(&krb5context)))
- return(0);
-
- /* kssl_ctx->keytab_file == NULL ==> use Kerberos default
- */
- if (kssl_ctx->keytab_file)
- {
- krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
- &krb5keytab);
- if (krb5rc)
- goto exit;
- }
- else
- {
- krb5rc = krb5_kt_default(krb5context,&krb5keytab);
- if (krb5rc)
- goto exit;
- }
-
- /* the host key we are looking for */
- krb5rc = krb5_sname_to_principal(krb5context, NULL,
- kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC,
- KRB5_NT_SRV_HST, &princ);
-
- krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
- princ,
- 0 /* IGNORE_VNO */,
- 0 /* IGNORE_ENCTYPE */,
- &entry);
- if ( krb5rc == KRB5_KT_NOTFOUND ) {
- rc = 1;
- goto exit;
- } else if ( krb5rc )
- goto exit;
-
- krb5_kt_free_entry(krb5context, &entry);
- rc = 1;
-
- exit:
- if (krb5keytab) krb5_kt_close(krb5context, krb5keytab);
- if (princ) krb5_free_principal(krb5context, princ);
- if (krb5context) krb5_free_context(krb5context);
- return(rc);
-}
-
-int
-kssl_tgt_is_available(KSSL_CTX *kssl_ctx)
- {
- krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC;
- krb5_context krb5context = NULL;
- krb5_ccache krb5ccdef = NULL;
- krb5_creds krb5creds, *krb5credsp = NULL;
- int rc = 0;
-
- memset((char *)&krb5creds, 0, sizeof(krb5creds));
-
- if (!kssl_ctx)
- return(0);
-
- if (!kssl_ctx->service_host)
- return(0);
-
- if ((krb5rc = krb5_init_context(&krb5context)) != 0)
- goto err;
-
- if ((krb5rc = krb5_sname_to_principal(krb5context,
- kssl_ctx->service_host,
- (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
- KRB5_NT_SRV_HST, &krb5creds.server)) != 0)
- goto err;
-
- if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
- goto err;
-
- if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
- &krb5creds.client)) != 0)
- goto err;
-
- if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
- &krb5creds, &krb5credsp)) != 0)
- goto err;
-
- rc = 1;
-
- err:
-#ifdef KSSL_DEBUG
- kssl_ctx_show(kssl_ctx);
-#endif /* KSSL_DEBUG */
-
- if (krb5creds.client) krb5_free_principal(krb5context, krb5creds.client);
- if (krb5creds.server) krb5_free_principal(krb5context, krb5creds.server);
- if (krb5context) krb5_free_context(krb5context);
- return(rc);
- }
-
-#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32)
-void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
- {
-#ifdef KRB5_HEIMDAL
- data->length = 0;
- if (data->data)
- free(data->data);
-#elif defined(KRB5_MIT_OLD11)
- if (data->data) {
- krb5_xfree(data->data);
- data->data = 0;
- }
-#else
- krb5_free_data_contents(NULL, data);
-#endif
- }
-#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
-
-
-/* Given pointers to KerberosTime and struct tm structs, convert the
-** KerberosTime string to struct tm. Note that KerberosTime is a
-** ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional
-** seconds as defined in RFC 1510.
-** Return pointer to the (partially) filled in struct tm on success,
-** return NULL on failure.
-*/
-struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
- {
- char c, *p;
-
- if (!k_tm) return NULL;
- if (gtime == NULL || gtime->length < 14) return NULL;
- if (gtime->data == NULL) return NULL;
-
- p = (char *)&gtime->data[14];
-
- c = *p; *p = '\0'; p -= 2; k_tm->tm_sec = atoi(p); *(p+2) = c;
- c = *p; *p = '\0'; p -= 2; k_tm->tm_min = atoi(p); *(p+2) = c;
- c = *p; *p = '\0'; p -= 2; k_tm->tm_hour = atoi(p); *(p+2) = c;
- c = *p; *p = '\0'; p -= 2; k_tm->tm_mday = atoi(p); *(p+2) = c;
- c = *p; *p = '\0'; p -= 2; k_tm->tm_mon = atoi(p)-1; *(p+2) = c;
- c = *p; *p = '\0'; p -= 4; k_tm->tm_year = atoi(p)-1900; *(p+4) = c;
-
- return k_tm;
- }
-
-
-/* Helper function for kssl_validate_times().
-** We need context->clockskew, but krb5_context is an opaque struct.
-** So we try to sneek the clockskew out through the replay cache.
-** If that fails just return a likely default (300 seconds).
-*/
-krb5_deltat get_rc_clockskew(krb5_context context)
- {
- krb5_rcache rc;
- krb5_deltat clockskew;
-
- if (krb5_rc_default(context, &rc)) return KSSL_CLOCKSKEW;
- if (krb5_rc_initialize(context, rc, 0)) return KSSL_CLOCKSKEW;
- if (krb5_rc_get_lifespan(context, rc, &clockskew)) {
- clockskew = KSSL_CLOCKSKEW;
- }
- (void) krb5_rc_destroy(context, rc);
- return clockskew;
- }
-
-
-/* kssl_validate_times() combines (and more importantly exposes)
-** the MIT KRB5 internal function krb5_validate_times() and the
-** in_clock_skew() macro. The authenticator client time is checked
-** to be within clockskew secs of the current time and the current
-** time is checked to be within the ticket start and expire times.
-** Either check may be omitted by supplying a NULL value.
-** Returns 0 for valid times, SSL_R_KRB5* error codes otherwise.
-** See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c
-** 20010420 VRS
-*/
-krb5_error_code kssl_validate_times( krb5_timestamp atime,
- krb5_ticket_times *ttimes)
- {
- krb5_deltat skew;
- krb5_timestamp start, now;
- krb5_error_code rc;
- krb5_context context;
-
- if ((rc = krb5_init_context(&context))) return SSL_R_KRB5_S_BAD_TICKET;
- skew = get_rc_clockskew(context);
- if ((rc = krb5_timeofday(context,&now))) return SSL_R_KRB5_S_BAD_TICKET;
- krb5_free_context(context);
-
- if (atime && labs(atime - now) >= skew) return SSL_R_KRB5_S_TKT_SKEW;
-
- if (! ttimes) return 0;
-
- start = (ttimes->starttime != 0)? ttimes->starttime: ttimes->authtime;
- if (start - now > skew) return SSL_R_KRB5_S_TKT_NYV;
- if ((now - ttimes->endtime) > skew) return SSL_R_KRB5_S_TKT_EXPIRED;
-
-#ifdef KSSL_DEBUG
- printf("kssl_validate_times: %d |<- | %d - %d | < %d ->| %d\n",
- start, atime, now, skew, ttimes->endtime);
-#endif /* KSSL_DEBUG */
-
- return 0;
- }
-
-
-/* Decode and decrypt given DER-encoded authenticator, then pass
-** authenticator ctime back in *atimep (or 0 if time unavailable).
-** Returns krb5_error_code and kssl_err on error. A NULL
-** authenticator (authentp->length == 0) is not considered an error.
-** Note that kssl_check_authent() makes use of the KRB5 session key;
-** you must call kssl_sget_tkt() to get the key before calling this routine.
-*/
-krb5_error_code kssl_check_authent(
- /* IN */ KSSL_CTX *kssl_ctx,
- /* IN */ krb5_data *authentp,
- /* OUT */ krb5_timestamp *atimep,
- /* OUT */ KSSL_ERR *kssl_err )
- {
- krb5_error_code krb5rc = 0;
- KRB5_ENCDATA *dec_authent = NULL;
- KRB5_AUTHENTBODY *auth = NULL;
- krb5_enctype enctype;
- EVP_CIPHER_CTX ciph_ctx;
- const EVP_CIPHER *enc = NULL;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- const unsigned char *p;
- unsigned char *unenc_authent;
- int outl, unencbufsize;
- struct tm tm_time, *tm_l, *tm_g;
- time_t now, tl, tg, tr, tz_offset;
-
- EVP_CIPHER_CTX_init(&ciph_ctx);
- *atimep = 0;
- kssl_err_set(kssl_err, 0, "");
-
-#ifndef KRB5CHECKAUTH
- authentp = NULL;
-#else
-#if KRB5CHECKAUTH == 0
- authentp = NULL;
-#endif
-#endif /* KRB5CHECKAUTH */
-
- if (authentp == NULL || authentp->length == 0) return 0;
-
-#ifdef KSSL_DEBUG
- {
- unsigned int ui;
- printf("kssl_check_authent: authenticator[%d]:\n",authentp->length);
- p = authentp->data;
- for (ui=0; ui < authentp->length; ui++) printf("%02x ",p[ui]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
- unencbufsize = 2 * authentp->length;
- if ((unenc_authent = calloc(1, unencbufsize)) == NULL)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "Unable to allocate authenticator buffer.\n");
- krb5rc = KRB5KRB_ERR_GENERIC;
- goto err;
- }
-
- p = (unsigned char *)authentp->data;
- if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p,
- (long) authentp->length)) == NULL)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "Error decoding authenticator.\n");
- krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- goto err;
- }
-
- enctype = dec_authent->etype->data[0]; /* should = kssl_ctx->enctype */
-#if !defined(KRB5_MIT_OLD11)
- switch ( enctype ) {
- case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */
- case ENCTYPE_DES3_CBC_SHA:
- case ENCTYPE_DES3_CBC_RAW:
- krb5rc = 0; /* Skip, can't handle derived keys */
- goto err;
- }
-#endif
- enc = kssl_map_enc(enctype);
- memset(iv, 0, sizeof iv); /* per RFC 1510 */
-
- if (enc == NULL)
- {
- /* Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1.
- ** This enctype indicates the authenticator was encrypted
- ** using key-usage derived keys which openssl cannot decrypt.
- */
- goto err;
- }
-
- if (!EVP_CipherInit(&ciph_ctx,enc,kssl_ctx->key,iv,0))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "EVP_CipherInit error decrypting authenticator.\n");
- krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- goto err;
- }
- outl = dec_authent->cipher->length;
- if (!EVP_Cipher(&ciph_ctx,unenc_authent,dec_authent->cipher->data,outl))
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "EVP_Cipher error decrypting authenticator.\n");
- krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- goto err;
- }
- EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
-#ifdef KSSL_DEBUG
- printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl);
- for (padl=0; padl < outl; padl++) printf("%02x ",unenc_authent[padl]);
- printf("\n");
-#endif /* KSSL_DEBUG */
-
- if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "confounded by authenticator.\n");
- krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- goto err;
- }
- outl -= p - unenc_authent;
-
- if ((auth = (KRB5_AUTHENTBODY *) d2i_KRB5_AUTHENT(NULL, &p,
- (long) outl))==NULL)
- {
- kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
- "Error decoding authenticator body.\n");
- krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
- goto err;
- }
-
- memset(&tm_time,0,sizeof(struct tm));
- if (k_gmtime(auth->ctime, &tm_time) &&
- ((tr = mktime(&tm_time)) != (time_t)(-1)))
- {
- now = time(&now);
- tm_l = localtime(&now); tl = mktime(tm_l);
- tm_g = gmtime(&now); tg = mktime(tm_g);
- tz_offset = tg - tl;
-
- *atimep = tr - tz_offset;
- }
-
-#ifdef KSSL_DEBUG
- printf("kssl_check_authent: returns %d for client time ", *atimep);
- if (auth && auth->ctime && auth->ctime->length && auth->ctime->data)
- printf("%.*s\n", auth->ctime->length, auth->ctime->data);
- else printf("NULL\n");
-#endif /* KSSL_DEBUG */
-
- err:
- if (auth) KRB5_AUTHENT_free((KRB5_AUTHENT *) auth);
- if (dec_authent) KRB5_ENCDATA_free(dec_authent);
- if (unenc_authent) free(unenc_authent);
- EVP_CIPHER_CTX_cleanup(&ciph_ctx);
- return krb5rc;
- }
-
-
-/* Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host),
-** because I dont't know how to stub varargs.
-** Returns krb5_error_code == ENOMEM on alloc error, otherwise
-** passes back newly constructed principal, which should be freed by caller.
-*/
-krb5_error_code kssl_build_principal_2(
- /* UPDATE */ krb5_context context,
- /* OUT */ krb5_principal *princ,
- /* IN */ int rlen, const char *realm,
- /* IN */ int slen, const char *svc,
- /* IN */ int hlen, const char *host)
- {
- krb5_data *p_data = NULL;
- krb5_principal new_p = NULL;
- char *new_r = NULL;
-
- if ((p_data = (krb5_data *) calloc(2, sizeof(krb5_data))) == NULL ||
- (new_p = (krb5_principal) calloc(1, sizeof(krb5_principal_data)))
- == NULL) goto err;
- new_p->length = 2;
- new_p->data = p_data;
-
- if ((new_r = calloc(1, rlen + 1)) == NULL) goto err;
- memcpy(new_r, realm, rlen);
- krb5_princ_set_realm_length(context, new_p, rlen);
- krb5_princ_set_realm_data(context, new_p, new_r);
-
- if ((new_p->data[0].data = calloc(1, slen + 1)) == NULL) goto err;
- memcpy(new_p->data[0].data, svc, slen);
- new_p->data[0].length = slen;
-
- if ((new_p->data[1].data = calloc(1, hlen + 1)) == NULL) goto err;
- memcpy(new_p->data[1].data, host, hlen);
- new_p->data[1].length = hlen;
-
- krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN;
- *princ = new_p;
- return 0;
-
- err:
- if (new_p && new_p[0].data) free(new_p[0].data);
- if (new_p && new_p[1].data) free(new_p[1].data);
- if (new_p) free(new_p);
- if (new_r) free(new_r);
- return ENOMEM;
- }
-
-
-#else /* !OPENSSL_NO_KRB5 */
-
-#if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS)
-static int dummy=(int)&dummy;
-#endif
-
-#endif /* !OPENSSL_NO_KRB5 */
-
diff --git a/crypto/openssl/ssl/kssl.h b/crypto/openssl/ssl/kssl.h
deleted file mode 100644
index a3d20e1..0000000
--- a/crypto/openssl/ssl/kssl.h
+++ /dev/null
@@ -1,179 +0,0 @@
-/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/*
-** 19990701 VRS Started.
-*/
-
-#ifndef KSSL_H
-#define KSSL_H
-
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_NO_KRB5
-
-#include <stdio.h>
-#include <ctype.h>
-#include <krb5.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
-** Depending on which KRB5 implementation used, some types from
-** the other may be missing. Resolve that here and now
-*/
-#ifdef KRB5_HEIMDAL
-typedef unsigned char krb5_octet;
-#define FAR
-#else
-
-#ifndef FAR
-#define FAR
-#endif
-
-#endif
-
-/* Uncomment this to debug kssl problems or
-** to trace usage of the Kerberos session key
-**
-** #define KSSL_DEBUG
-*/
-
-#ifndef KRB5SVC
-#define KRB5SVC "host"
-#endif
-
-#ifndef KRB5KEYTAB
-#define KRB5KEYTAB "/etc/krb5.keytab"
-#endif
-
-#ifndef KRB5SENDAUTH
-#define KRB5SENDAUTH 1
-#endif
-
-#ifndef KRB5CHECKAUTH
-#define KRB5CHECKAUTH 1
-#endif
-
-#ifndef KSSL_CLOCKSKEW
-#define KSSL_CLOCKSKEW 300;
-#endif
-
-#define KSSL_ERR_MAX 255
-typedef struct kssl_err_st {
- int reason;
- char text[KSSL_ERR_MAX+1];
- } KSSL_ERR;
-
-
-/* Context for passing
-** (1) Kerberos session key to SSL, and
-** (2) Config data between application and SSL lib
-*/
-typedef struct kssl_ctx_st
- {
- /* used by: disposition: */
- char *service_name; /* C,S default ok (kssl) */
- char *service_host; /* C input, REQUIRED */
- char *client_princ; /* S output from krb5 ticket */
- char *keytab_file; /* S NULL (/etc/krb5.keytab) */
- char *cred_cache; /* C NULL (default) */
- krb5_enctype enctype;
- int length;
- krb5_octet FAR *key;
- } KSSL_CTX;
-
-#define KSSL_CLIENT 1
-#define KSSL_SERVER 2
-#define KSSL_SERVICE 3
-#define KSSL_KEYTAB 4
-
-#define KSSL_CTX_OK 0
-#define KSSL_CTX_ERR 1
-#define KSSL_NOMEM 2
-
-/* Public (for use by applications that use OpenSSL with Kerberos 5 support */
-krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
-KSSL_CTX *kssl_ctx_new(void);
-KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
-void kssl_ctx_show(KSSL_CTX *kssl_ctx);
-krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
- krb5_data *realm, krb5_data *entity, int nentities);
-krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
- krb5_data *authenp, KSSL_ERR *kssl_err);
-krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
- krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
-krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
-void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
-void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
-krb5_error_code kssl_build_principal_2(krb5_context context,
- krb5_principal *princ, int rlen, const char *realm,
- int slen, const char *svc, int hlen, const char *host);
-krb5_error_code kssl_validate_times(krb5_timestamp atime,
- krb5_ticket_times *ttimes);
-krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
- krb5_timestamp *atimep, KSSL_ERR *kssl_err);
-unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
-
-#ifdef __cplusplus
-}
-#endif
-#endif /* OPENSSL_NO_KRB5 */
-#endif /* KSSL_H */
diff --git a/crypto/openssl/ssl/kssl_lcl.h b/crypto/openssl/ssl/kssl_lcl.h
deleted file mode 100644
index 4cd8dd2..0000000
--- a/crypto/openssl/ssl/kssl_lcl.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef KSSL_LCL_H
-#define KSSL_LCL_H
-
-#include <openssl/kssl.h>
-
-#ifndef OPENSSL_NO_KRB5
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Private (internal to OpenSSL) */
-void print_krb5_data(char *label, krb5_data *kdata);
-void print_krb5_authdata(char *label, krb5_authdata **adata);
-void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
-
-char *kstring(char *string);
-char *knumber(int len, krb5_octet *contents);
-
-EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
-
-int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
-int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
-
-#ifdef __cplusplus
-}
-#endif
-#endif /* OPENSSL_NO_KRB5 */
-#endif /* KSSL_LCL_H */
diff --git a/crypto/openssl/ssl/s23_clnt.c b/crypto/openssl/ssl/s23_clnt.c
deleted file mode 100644
index 769dabd..0000000
--- a/crypto/openssl/ssl/s23_clnt.c
+++ /dev/null
@@ -1,581 +0,0 @@
-/* ssl/s23_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static SSL_METHOD *ssl23_get_client_method(int ver);
-static int ssl23_client_hello(SSL *s);
-static int ssl23_get_server_hello(SSL *s);
-static SSL_METHOD *ssl23_get_client_method(int ver)
- {
-#ifndef OPENSSL_NO_SSL2
- if (ver == SSL2_VERSION)
- return(SSLv2_client_method());
-#endif
- if (ver == SSL3_VERSION)
- return(SSLv3_client_method());
- else if (ver == TLS1_VERSION)
- return(TLSv1_client_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl23_meth_func(SSLv23_client_method,
- ssl_undefined_function,
- ssl23_connect,
- ssl23_get_client_method)
-
-int ssl23_connect(SSL *s)
- {
- BUF_MEM *buf=NULL;
- unsigned long Time=(unsigned long)time(NULL);
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int ret= -1;
- int new_state,state;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- for (;;)
- {
- state=s->state;
-
- switch(s->state)
- {
- case SSL_ST_BEFORE:
- case SSL_ST_CONNECT:
- case SSL_ST_BEFORE|SSL_ST_CONNECT:
- case SSL_ST_OK|SSL_ST_CONNECT:
-
- if (s->session != NULL)
- {
- SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
- ret= -1;
- goto end;
- }
- s->server=0;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- /* s->version=TLS1_VERSION; */
- s->type=SSL_ST_CONNECT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- buf=NULL;
- }
-
- if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
-
- ssl3_init_finished_mac(s);
-
- s->state=SSL23_ST_CW_CLNT_HELLO_A;
- s->ctx->stats.sess_connect++;
- s->init_num=0;
- break;
-
- case SSL23_ST_CW_CLNT_HELLO_A:
- case SSL23_ST_CW_CLNT_HELLO_B:
-
- s->shutdown=0;
- ret=ssl23_client_hello(s);
- if (ret <= 0) goto end;
- s->state=SSL23_ST_CR_SRVR_HELLO_A;
- s->init_num=0;
-
- break;
-
- case SSL23_ST_CR_SRVR_HELLO_A:
- case SSL23_ST_CR_SRVR_HELLO_B:
- ret=ssl23_get_server_hello(s);
- if (ret >= 0) cb=NULL;
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- if (s->debug) { (void)BIO_flush(s->wbio); }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_CONNECT_LOOP,1);
- s->state=new_state;
- }
- }
-end:
- s->in_handshake--;
- if (buf != NULL)
- BUF_MEM_free(buf);
- if (cb != NULL)
- cb(s,SSL_CB_CONNECT_EXIT,ret);
- return(ret);
- }
-
-
-static int ssl23_client_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i,j,ch_len;
- unsigned long Time,l;
- int ssl2_compat;
- int version = 0, version_major, version_minor;
- SSL_COMP *comp;
- int ret;
-
- ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
-
- if (!(s->options & SSL_OP_NO_TLSv1))
- {
- version = TLS1_VERSION;
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- version = SSL3_VERSION;
- }
- else if (!(s->options & SSL_OP_NO_SSLv2))
- {
- version = SSL2_VERSION;
- }
-
- buf=(unsigned char *)s->init_buf->data;
- if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
- {
-#if 0
- /* don't reuse session-id's */
- if (!ssl_get_new_session(s,0))
- {
- return(-1);
- }
-#endif
-
- p=s->s3->client_random;
- Time=(unsigned long)time(NULL); /* Time */
- l2n(Time,p);
- if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
- return -1;
-
- if (version == TLS1_VERSION)
- {
- version_major = TLS1_VERSION_MAJOR;
- version_minor = TLS1_VERSION_MINOR;
- }
- else if (version == SSL3_VERSION)
- {
- version_major = SSL3_VERSION_MAJOR;
- version_minor = SSL3_VERSION_MINOR;
- }
- else if (version == SSL2_VERSION)
- {
- version_major = SSL2_VERSION_MAJOR;
- version_minor = SSL2_VERSION_MINOR;
- }
- else
- {
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE);
- return(-1);
- }
-
- s->client_version = version;
-
- if (ssl2_compat)
- {
- /* create SSL 2.0 compatible Client Hello */
-
- /* two byte record header will be written last */
- d = &(buf[2]);
- p = d + 9; /* leave space for message type, version, individual length fields */
-
- *(d++) = SSL2_MT_CLIENT_HELLO;
- *(d++) = version_major;
- *(d++) = version_minor;
-
- /* Ciphers supported */
- i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0);
- if (i == 0)
- {
- /* no ciphers */
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
- return -1;
- }
- s2n(i,d);
- p+=i;
-
- /* put in the session-id length (zero since there is no reuse) */
-#if 0
- s->session->session_id_length=0;
-#endif
- s2n(0,d);
-
- if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
- ch_len=SSL2_CHALLENGE_LENGTH;
- else
- ch_len=SSL2_MAX_CHALLENGE_LENGTH;
-
- /* write out sslv2 challenge */
- if (SSL3_RANDOM_SIZE < ch_len)
- i=SSL3_RANDOM_SIZE;
- else
- i=ch_len;
- s2n(i,d);
- memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
- if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0)
- return -1;
-
- memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
- p+=i;
-
- i= p- &(buf[2]);
- buf[0]=((i>>8)&0xff)|0x80;
- buf[1]=(i&0xff);
-
- /* number of bytes to write */
- s->init_num=i+2;
- s->init_off=0;
-
- ssl3_finish_mac(s,&(buf[2]),i);
- }
- else
- {
- /* create Client Hello in SSL 3.0/TLS 1.0 format */
-
- /* do the record header (5 bytes) and handshake message header (4 bytes) last */
- d = p = &(buf[9]);
-
- *(p++) = version_major;
- *(p++) = version_minor;
-
- /* Random stuff */
- memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
- p += SSL3_RANDOM_SIZE;
-
- /* Session ID (zero since there is no reuse) */
- *(p++) = 0;
-
- /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */
- i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
- return -1;
- }
- s2n(i,p);
- p+=i;
-
- /* COMPRESSION */
- if (s->ctx->comp_methods == NULL)
- j=0;
- else
- j=sk_SSL_COMP_num(s->ctx->comp_methods);
- *(p++)=1+j;
- for (i=0; i<j; i++)
- {
- comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
- *(p++)=comp->id;
- }
- *(p++)=0; /* Add the NULL method */
-
- l = p-d;
- *p = 42;
-
- /* fill in 4-byte handshake header */
- d=&(buf[5]);
- *(d++)=SSL3_MT_CLIENT_HELLO;
- l2n3(l,d);
-
- l += 4;
-
- if (l > SSL3_RT_MAX_PLAIN_LENGTH)
- {
- SSLerr(SSL_F_SSL23_CLIENT_HELLO,ERR_R_INTERNAL_ERROR);
- return -1;
- }
-
- /* fill in 5-byte record header */
- d=buf;
- *(d++) = SSL3_RT_HANDSHAKE;
- *(d++) = version_major;
- *(d++) = version_minor; /* arguably we should send the *lowest* suported version here
- * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
- s2n((int)l,d);
-
- /* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
-
- ssl3_finish_mac(s,&(buf[5]), s->init_num - 5);
- }
-
- s->state=SSL23_ST_CW_CLNT_HELLO_B;
- s->init_off=0;
- }
-
- /* SSL3_ST_CW_CLNT_HELLO_B */
- ret = ssl23_write_bytes(s);
-
- if ((ret >= 2) && s->msg_callback)
- {
- /* Client Hello has been sent; tell msg_callback */
-
- if (ssl2_compat)
- s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg);
- else
- s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data+5, ret-5, s, s->msg_callback_arg);
- }
-
- return ret;
- }
-
-static int ssl23_get_server_hello(SSL *s)
- {
- char buf[8];
- unsigned char *p;
- int i;
- int n;
-
- n=ssl23_read_bytes(s,7);
-
- if (n != 7) return(n);
- p=s->packet;
-
- memcpy(buf,p,n);
-
- if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
- (p[5] == 0x00) && (p[6] == 0x02))
- {
-#ifdef OPENSSL_NO_SSL2
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- goto err;
-#else
- /* we are talking sslv2 */
- /* we need to clean up the SSLv3 setup and put in the
- * sslv2 stuff. */
- int ch_len;
-
- if (s->options & SSL_OP_NO_SSLv2)
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- goto err;
- }
- if (s->s2 == NULL)
- {
- if (!ssl2_new(s))
- goto err;
- }
- else
- ssl2_clear(s);
-
- if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG)
- ch_len=SSL2_CHALLENGE_LENGTH;
- else
- ch_len=SSL2_MAX_CHALLENGE_LENGTH;
-
- /* write out sslv2 challenge */
- i=(SSL3_RANDOM_SIZE < ch_len)
- ?SSL3_RANDOM_SIZE:ch_len;
- s->s2->challenge_length=i;
- memcpy(s->s2->challenge,
- &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
-
- if (s->s3 != NULL) ssl3_free(s);
-
- if (!BUF_MEM_grow_clean(s->init_buf,
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
- goto err;
- }
-
- s->state=SSL2_ST_GET_SERVER_HELLO_A;
- if (!(s->client_version == SSL2_VERSION))
- /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
- s->s2->ssl2_rollback=1;
-
- /* setup the 5 bytes we have read so we get them from
- * the sslv2 buffer */
- s->rstate=SSL_ST_READ_HEADER;
- s->packet_length=n;
- s->packet= &(s->s2->rbuf[0]);
- memcpy(s->packet,buf,n);
- s->s2->rbuf_left=n;
- s->s2->rbuf_offs=0;
-
- /* we have already written one */
- s->s2->write_sequence=1;
-
- s->method=SSLv2_client_method();
- s->handshake_func=s->method->ssl_connect;
-#endif
- }
- else if ((p[0] == SSL3_RT_HANDSHAKE) &&
- (p[1] == SSL3_VERSION_MAJOR) &&
- ((p[2] == SSL3_VERSION_MINOR) ||
- (p[2] == TLS1_VERSION_MINOR)) &&
- (p[5] == SSL3_MT_SERVER_HELLO))
- {
- /* we have sslv3 or tls1 */
-
- if (!ssl_init_wbio_buffer(s,1)) goto err;
-
- /* we are in this state */
- s->state=SSL3_ST_CR_SRVR_HELLO_A;
-
- /* put the 5 bytes we have read into the input buffer
- * for SSLv3 */
- s->rstate=SSL_ST_READ_HEADER;
- s->packet_length=n;
- s->packet= &(s->s3->rbuf.buf[0]);
- memcpy(s->packet,buf,n);
- s->s3->rbuf.left=n;
- s->s3->rbuf.offset=0;
-
- if ((p[2] == SSL3_VERSION_MINOR) &&
- !(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- s->method=SSLv3_client_method();
- }
- else if ((p[2] == TLS1_VERSION_MINOR) &&
- !(s->options & SSL_OP_NO_TLSv1))
- {
- s->version=TLS1_VERSION;
- s->method=TLSv1_client_method();
- }
- else
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- goto err;
- }
-
- s->handshake_func=s->method->ssl_connect;
- }
- else if ((p[0] == SSL3_RT_ALERT) &&
- (p[1] == SSL3_VERSION_MAJOR) &&
- ((p[2] == SSL3_VERSION_MINOR) ||
- (p[2] == TLS1_VERSION_MINOR)) &&
- (p[3] == 0) &&
- (p[4] == 2))
- {
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int j;
-
- /* An alert */
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- i=p[5];
- if (cb != NULL)
- {
- j=(i<<8)|p[6];
- cb(s,SSL_CB_READ_ALERT,j);
- }
-
- s->rwstate=SSL_NOTHING;
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]);
- goto err;
- }
- else
- {
- SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL);
- goto err;
- }
- s->init_num=0;
-
- /* Since, if we are sending a ssl23 client hello, we are not
- * reusing a session-id */
- if (!ssl_get_new_session(s,0))
- goto err;
-
- return(SSL_connect(s));
-err:
- return(-1);
- }
-
diff --git a/crypto/openssl/ssl/s23_lib.c b/crypto/openssl/ssl/s23_lib.c
deleted file mode 100644
index fc29813..0000000
--- a/crypto/openssl/ssl/s23_lib.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/* ssl/s23_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-long ssl23_default_timeout(void)
- {
- return(300);
- }
-
-IMPLEMENT_ssl23_meth_func(sslv23_base_method,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl_bad_method)
-
-int ssl23_num_ciphers(void)
- {
- return(ssl3_num_ciphers()
-#ifndef OPENSSL_NO_SSL2
- + ssl2_num_ciphers()
-#endif
- );
- }
-
-SSL_CIPHER *ssl23_get_cipher(unsigned int u)
- {
- unsigned int uu=ssl3_num_ciphers();
-
- if (u < uu)
- return(ssl3_get_cipher(u));
- else
-#ifndef OPENSSL_NO_SSL2
- return(ssl2_get_cipher(u-uu));
-#else
- return(NULL);
-#endif
- }
-
-/* This function needs to check if the ciphers required are actually
- * available */
-SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
- {
- SSL_CIPHER c,*cp;
- unsigned long id;
- int n;
-
- n=ssl3_num_ciphers();
- id=0x03000000|((unsigned long)p[0]<<16L)|
- ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
- c.id=id;
- cp=ssl3_get_cipher_by_char(p);
-#ifndef OPENSSL_NO_SSL2
- if (cp == NULL)
- cp=ssl2_get_cipher_by_char(p);
-#endif
- return(cp);
- }
-
-int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
- {
- long l;
-
- /* We can write SSLv2 and SSLv3 ciphers */
- if (p != NULL)
- {
- l=c->id;
- p[0]=((unsigned char)(l>>16L))&0xFF;
- p[1]=((unsigned char)(l>> 8L))&0xFF;
- p[2]=((unsigned char)(l ))&0xFF;
- }
- return(3);
- }
-
-int ssl23_read(SSL *s, void *buf, int len)
- {
- int n;
-
- clear_sys_error();
- if (SSL_in_init(s) && (!s->in_handshake))
- {
- n=s->handshake_func(s);
- if (n < 0) return(n);
- if (n == 0)
- {
- SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- return(SSL_read(s,buf,len));
- }
- else
- {
- ssl_undefined_function(s);
- return(-1);
- }
- }
-
-int ssl23_peek(SSL *s, void *buf, int len)
- {
- int n;
-
- clear_sys_error();
- if (SSL_in_init(s) && (!s->in_handshake))
- {
- n=s->handshake_func(s);
- if (n < 0) return(n);
- if (n == 0)
- {
- SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- return(SSL_peek(s,buf,len));
- }
- else
- {
- ssl_undefined_function(s);
- return(-1);
- }
- }
-
-int ssl23_write(SSL *s, const void *buf, int len)
- {
- int n;
-
- clear_sys_error();
- if (SSL_in_init(s) && (!s->in_handshake))
- {
- n=s->handshake_func(s);
- if (n < 0) return(n);
- if (n == 0)
- {
- SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- return(SSL_write(s,buf,len));
- }
- else
- {
- ssl_undefined_function(s);
- return(-1);
- }
- }
diff --git a/crypto/openssl/ssl/s23_meth.c b/crypto/openssl/ssl/s23_meth.c
deleted file mode 100644
index 950d9aa..0000000
--- a/crypto/openssl/ssl/s23_meth.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* ssl/s23_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *ssl23_get_method(int ver);
-static SSL_METHOD *ssl23_get_method(int ver)
- {
-#ifndef OPENSSL_NO_SSL2
- if (ver == SSL2_VERSION)
- return(SSLv2_method());
- else
-#endif
-#ifndef OPENSSL_NO_SSL3
- if (ver == SSL3_VERSION)
- return(SSLv3_method());
- else
-#endif
-#ifndef OPENSSL_NO_TLS1
- if (ver == TLS1_VERSION)
- return(TLSv1_method());
- else
-#endif
- return(NULL);
- }
-
-IMPLEMENT_ssl23_meth_func(SSLv23_method,
- ssl23_accept,
- ssl23_connect,
- ssl23_get_method)
-
diff --git a/crypto/openssl/ssl/s23_pkt.c b/crypto/openssl/ssl/s23_pkt.c
deleted file mode 100644
index 4ca6a1b..0000000
--- a/crypto/openssl/ssl/s23_pkt.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/* ssl/s23_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-
-int ssl23_write_bytes(SSL *s)
- {
- int i,num,tot;
- char *buf;
-
- buf=s->init_buf->data;
- tot=s->init_off;
- num=s->init_num;
- for (;;)
- {
- s->rwstate=SSL_WRITING;
- i=BIO_write(s->wbio,&(buf[tot]),num);
- if (i <= 0)
- {
- s->init_off=tot;
- s->init_num=num;
- return(i);
- }
- s->rwstate=SSL_NOTHING;
- if (i == num) return(tot+i);
-
- num-=i;
- tot+=i;
- }
- }
-
-/* return regularly only when we have read (at least) 'n' bytes */
-int ssl23_read_bytes(SSL *s, int n)
- {
- unsigned char *p;
- int j;
-
- if (s->packet_length < (unsigned int)n)
- {
- p=s->packet;
-
- for (;;)
- {
- s->rwstate=SSL_READING;
- j=BIO_read(s->rbio,(char *)&(p[s->packet_length]),
- n-s->packet_length);
- if (j <= 0)
- return(j);
- s->rwstate=SSL_NOTHING;
- s->packet_length+=j;
- if (s->packet_length >= (unsigned int)n)
- return(s->packet_length);
- }
- }
- return(n);
- }
-
diff --git a/crypto/openssl/ssl/s23_srvr.c b/crypto/openssl/ssl/s23_srvr.c
deleted file mode 100644
index 6637bb95..0000000
--- a/crypto/openssl/ssl/s23_srvr.c
+++ /dev/null
@@ -1,572 +0,0 @@
-/* ssl/s23_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static SSL_METHOD *ssl23_get_server_method(int ver);
-int ssl23_get_client_hello(SSL *s);
-static SSL_METHOD *ssl23_get_server_method(int ver)
- {
-#ifndef OPENSSL_NO_SSL2
- if (ver == SSL2_VERSION)
- return(SSLv2_server_method());
-#endif
- if (ver == SSL3_VERSION)
- return(SSLv3_server_method());
- else if (ver == TLS1_VERSION)
- return(TLSv1_server_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl23_meth_func(SSLv23_server_method,
- ssl23_accept,
- ssl_undefined_function,
- ssl23_get_server_method)
-
-int ssl23_accept(SSL *s)
- {
- BUF_MEM *buf;
- unsigned long Time=(unsigned long)time(NULL);
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int ret= -1;
- int new_state,state;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- for (;;)
- {
- state=s->state;
-
- switch(s->state)
- {
- case SSL_ST_BEFORE:
- case SSL_ST_ACCEPT:
- case SSL_ST_BEFORE|SSL_ST_ACCEPT:
- case SSL_ST_OK|SSL_ST_ACCEPT:
-
- s->server=1;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- /* s->version=SSL3_VERSION; */
- s->type=SSL_ST_ACCEPT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- }
-
- ssl3_init_finished_mac(s);
-
- s->state=SSL23_ST_SR_CLNT_HELLO_A;
- s->ctx->stats.sess_accept++;
- s->init_num=0;
- break;
-
- case SSL23_ST_SR_CLNT_HELLO_A:
- case SSL23_ST_SR_CLNT_HELLO_B:
-
- s->shutdown=0;
- ret=ssl23_get_client_hello(s);
- if (ret >= 0) cb=NULL;
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_ACCEPT_LOOP,1);
- s->state=new_state;
- }
- }
-end:
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_ACCEPT_EXIT,ret);
- return(ret);
- }
-
-
-int ssl23_get_client_hello(SSL *s)
- {
- char buf_space[11]; /* Request this many bytes in initial read.
- * We can detect SSL 3.0/TLS 1.0 Client Hellos
- * ('type == 3') correctly only when the following
- * is in a single record, which is not guaranteed by
- * the protocol specification:
- * Byte Content
- * 0 type \
- * 1/2 version > record header
- * 3/4 length /
- * 5 msg_type \
- * 6-8 length > Client Hello message
- * 9/10 client_version /
- */
- char *buf= &(buf_space[0]);
- unsigned char *p,*d,*d_len,*dd;
- unsigned int i;
- unsigned int csl,sil,cl;
- int n=0,j;
- int type=0;
- int v[2];
-
- if (s->state == SSL23_ST_SR_CLNT_HELLO_A)
- {
- /* read the initial header */
- v[0]=v[1]=0;
-
- if (!ssl3_setup_buffers(s)) goto err;
-
- n=ssl23_read_bytes(s, sizeof buf_space);
- if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
-
- p=s->packet;
-
- memcpy(buf,p,n);
-
- if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
- {
- /*
- * SSLv2 header
- */
- if ((p[3] == 0x00) && (p[4] == 0x02))
- {
- v[0]=p[3]; v[1]=p[4];
- /* SSLv2 */
- if (!(s->options & SSL_OP_NO_SSLv2))
- type=1;
- }
- else if (p[3] == SSL3_VERSION_MAJOR)
- {
- v[0]=p[3]; v[1]=p[4];
- /* SSLv3/TLSv1 */
- if (p[4] >= TLS1_VERSION_MINOR)
- {
- if (!(s->options & SSL_OP_NO_TLSv1))
- {
- s->version=TLS1_VERSION;
- /* type=2; */ /* done later to survive restarts */
- s->state=SSL23_ST_SR_CLNT_HELLO_B;
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- /* type=2; */
- s->state=SSL23_ST_SR_CLNT_HELLO_B;
- }
- else if (!(s->options & SSL_OP_NO_SSLv2))
- {
- type=1;
- }
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- /* type=2; */
- s->state=SSL23_ST_SR_CLNT_HELLO_B;
- }
- else if (!(s->options & SSL_OP_NO_SSLv2))
- type=1;
-
- }
- }
- else if ((p[0] == SSL3_RT_HANDSHAKE) &&
- (p[1] == SSL3_VERSION_MAJOR) &&
- (p[5] == SSL3_MT_CLIENT_HELLO) &&
- ((p[3] == 0 && p[4] < 5 /* silly record length? */)
- || (p[9] == p[1])))
- {
- /*
- * SSLv3 or tls1 header
- */
-
- v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
- /* We must look at client_version inside the Client Hello message
- * to get the correct minor version.
- * However if we have only a pathologically small fragment of the
- * Client Hello message, this would be difficult, and we'd have
- * to read more records to find out.
- * No known SSL 3.0 client fragments ClientHello like this,
- * so we simply assume TLS 1.0 to avoid protocol version downgrade
- * attacks. */
- if (p[3] == 0 && p[4] < 6)
- {
-#if 0
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
- goto err;
-#else
- v[1] = TLS1_VERSION_MINOR;
-#endif
- }
- else
- v[1]=p[10]; /* minor version according to client_version */
- if (v[1] >= TLS1_VERSION_MINOR)
- {
- if (!(s->options & SSL_OP_NO_TLSv1))
- {
- s->version=TLS1_VERSION;
- type=3;
- }
- else if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- type=3;
- }
- }
- else
- {
- /* client requests SSL 3.0 */
- if (!(s->options & SSL_OP_NO_SSLv3))
- {
- s->version=SSL3_VERSION;
- type=3;
- }
- else if (!(s->options & SSL_OP_NO_TLSv1))
- {
- /* we won't be able to use TLS of course,
- * but this will send an appropriate alert */
- s->version=TLS1_VERSION;
- type=3;
- }
- }
- }
- else if ((strncmp("GET ", (char *)p,4) == 0) ||
- (strncmp("POST ",(char *)p,5) == 0) ||
- (strncmp("HEAD ",(char *)p,5) == 0) ||
- (strncmp("PUT ", (char *)p,4) == 0))
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST);
- goto err;
- }
- else if (strncmp("CONNECT",(char *)p,7) == 0)
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST);
- goto err;
- }
- }
-
- if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
- {
- /* we have SSLv3/TLSv1 in an SSLv2 header
- * (other cases skip this state) */
-
- type=2;
- p=s->packet;
- v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
- v[1] = p[4];
-
- n=((p[0]&0x7f)<<8)|p[1];
- if (n > (1024*4))
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
- goto err;
- }
-
- j=ssl23_read_bytes(s,n+2);
- if (j <= 0) return(j);
-
- ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
- if (s->msg_callback)
- s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
-
- p=s->packet;
- p+=5;
- n2s(p,csl);
- n2s(p,sil);
- n2s(p,cl);
- d=(unsigned char *)s->init_buf->data;
- if ((csl+sil+cl+11) != s->packet_length)
- {
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
- goto err;
- }
-
- /* record header: msg_type ... */
- *(d++) = SSL3_MT_CLIENT_HELLO;
- /* ... and length (actual value will be written later) */
- d_len = d;
- d += 3;
-
- /* client_version */
- *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
- *(d++) = v[1];
-
- /* lets populate the random area */
- /* get the challenge_length */
- i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
- memset(d,0,SSL3_RANDOM_SIZE);
- memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
- d+=SSL3_RANDOM_SIZE;
-
- /* no session-id reuse */
- *(d++)=0;
-
- /* ciphers */
- j=0;
- dd=d;
- d+=2;
- for (i=0; i<csl; i+=3)
- {
- if (p[i] != 0) continue;
- *(d++)=p[i+1];
- *(d++)=p[i+2];
- j+=2;
- }
- s2n(j,dd);
-
- /* COMPRESSION */
- *(d++)=1;
- *(d++)=0;
-
- i = (d-(unsigned char *)s->init_buf->data) - 4;
- l2n3((long)i, d_len);
-
- /* get the data reused from the init_buf */
- s->s3->tmp.reuse_message=1;
- s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
- s->s3->tmp.message_size=i;
- }
-
- /* imaginary new state (for program structure): */
- /* s->state = SSL23_SR_CLNT_HELLO_C */
-
- if (type == 1)
- {
-#ifdef OPENSSL_NO_SSL2
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
- goto err;
-#else
- /* we are talking sslv2 */
- /* we need to clean up the SSLv3/TLSv1 setup and put in the
- * sslv2 stuff. */
-
- if (s->s2 == NULL)
- {
- if (!ssl2_new(s))
- goto err;
- }
- else
- ssl2_clear(s);
-
- if (s->s3 != NULL) ssl3_free(s);
-
- if (!BUF_MEM_grow_clean(s->init_buf,
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- {
- goto err;
- }
-
- s->state=SSL2_ST_GET_CLIENT_HELLO_A;
- if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
- s->s2->ssl2_rollback=0;
- else
- /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
- * (SSL 3.0 draft/RFC 2246, App. E.2) */
- s->s2->ssl2_rollback=1;
-
- /* setup the n bytes we have read so we get them from
- * the sslv2 buffer */
- s->rstate=SSL_ST_READ_HEADER;
- s->packet_length=n;
- s->packet= &(s->s2->rbuf[0]);
- memcpy(s->packet,buf,n);
- s->s2->rbuf_left=n;
- s->s2->rbuf_offs=0;
-
- s->method=SSLv2_server_method();
- s->handshake_func=s->method->ssl_accept;
-#endif
- }
-
- if ((type == 2) || (type == 3))
- {
- /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
-
- if (!ssl_init_wbio_buffer(s,1)) goto err;
-
- /* we are in this state */
- s->state=SSL3_ST_SR_CLNT_HELLO_A;
-
- if (type == 3)
- {
- /* put the 'n' bytes we have read into the input buffer
- * for SSLv3 */
- s->rstate=SSL_ST_READ_HEADER;
- s->packet_length=n;
- s->packet= &(s->s3->rbuf.buf[0]);
- memcpy(s->packet,buf,n);
- s->s3->rbuf.left=n;
- s->s3->rbuf.offset=0;
- }
- else
- {
- s->packet_length=0;
- s->s3->rbuf.left=0;
- s->s3->rbuf.offset=0;
- }
-
- if (s->version == TLS1_VERSION)
- s->method = TLSv1_server_method();
- else
- s->method = SSLv3_server_method();
-#if 0 /* ssl3_get_client_hello does this */
- s->client_version=(v[0]<<8)|v[1];
-#endif
- s->handshake_func=s->method->ssl_accept;
- }
-
- if ((type < 1) || (type > 3))
- {
- /* bad, very bad */
- SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
- goto err;
- }
- s->init_num=0;
-
- if (buf != buf_space) OPENSSL_free(buf);
- return(SSL_accept(s));
-err:
- if (buf != buf_space) OPENSSL_free(buf);
- return(-1);
- }
diff --git a/crypto/openssl/ssl/s2_clnt.c b/crypto/openssl/ssl/s2_clnt.c
deleted file mode 100644
index ce60de6..0000000
--- a/crypto/openssl/ssl/s2_clnt.c
+++ /dev/null
@@ -1,1123 +0,0 @@
-/* ssl/s2_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <openssl/rand.h>
-#include <openssl/buffer.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static SSL_METHOD *ssl2_get_client_method(int ver);
-static int get_server_finished(SSL *s);
-static int get_server_verify(SSL *s);
-static int get_server_hello(SSL *s);
-static int client_hello(SSL *s);
-static int client_master_key(SSL *s);
-static int client_finished(SSL *s);
-static int client_certificate(SSL *s);
-static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
- unsigned char *to,int padding);
-#define BREAK break
-
-static SSL_METHOD *ssl2_get_client_method(int ver)
- {
- if (ver == SSL2_VERSION)
- return(SSLv2_client_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl2_meth_func(SSLv2_client_method,
- ssl_undefined_function,
- ssl2_connect,
- ssl2_get_client_method)
-
-int ssl2_connect(SSL *s)
- {
- unsigned long l=(unsigned long)time(NULL);
- BUF_MEM *buf=NULL;
- int ret= -1;
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int new_state,state;
-
- RAND_add(&l,sizeof(l),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- /* init things to blank */
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- for (;;)
- {
- state=s->state;
-
- switch (s->state)
- {
- case SSL_ST_BEFORE:
- case SSL_ST_CONNECT:
- case SSL_ST_BEFORE|SSL_ST_CONNECT:
- case SSL_ST_OK|SSL_ST_CONNECT:
-
- s->server=0;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- s->version=SSL2_VERSION;
- s->type=SSL_ST_CONNECT;
-
- buf=s->init_buf;
- if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- {
- if (buf == s->init_buf)
- buf=NULL;
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- buf=NULL;
- s->init_num=0;
- s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
- s->ctx->stats.sess_connect++;
- s->handshake_func=ssl2_connect;
- BREAK;
-
- case SSL2_ST_SEND_CLIENT_HELLO_A:
- case SSL2_ST_SEND_CLIENT_HELLO_B:
- s->shutdown=0;
- ret=client_hello(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_GET_SERVER_HELLO_A;
- BREAK;
-
- case SSL2_ST_GET_SERVER_HELLO_A:
- case SSL2_ST_GET_SERVER_HELLO_B:
- ret=get_server_hello(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- if (!s->hit) /* new session */
- {
- s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_A;
- BREAK;
- }
- else
- {
- s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
- break;
- }
-
- case SSL2_ST_SEND_CLIENT_MASTER_KEY_A:
- case SSL2_ST_SEND_CLIENT_MASTER_KEY_B:
- ret=client_master_key(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_CLIENT_START_ENCRYPTION;
- break;
-
- case SSL2_ST_CLIENT_START_ENCRYPTION:
- /* Ok, we now have all the stuff needed to
- * start encrypting, so lets fire it up :-) */
- if (!ssl2_enc_init(s,1))
- {
- ret= -1;
- goto end;
- }
- s->s2->clear_text=0;
- s->state=SSL2_ST_SEND_CLIENT_FINISHED_A;
- break;
-
- case SSL2_ST_SEND_CLIENT_FINISHED_A:
- case SSL2_ST_SEND_CLIENT_FINISHED_B:
- ret=client_finished(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_GET_SERVER_VERIFY_A;
- break;
-
- case SSL2_ST_GET_SERVER_VERIFY_A:
- case SSL2_ST_GET_SERVER_VERIFY_B:
- ret=get_server_verify(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_GET_SERVER_FINISHED_A;
- break;
-
- case SSL2_ST_GET_SERVER_FINISHED_A:
- case SSL2_ST_GET_SERVER_FINISHED_B:
- ret=get_server_finished(s);
- if (ret <= 0) goto end;
- break;
-
- case SSL2_ST_SEND_CLIENT_CERTIFICATE_A:
- case SSL2_ST_SEND_CLIENT_CERTIFICATE_B:
- case SSL2_ST_SEND_CLIENT_CERTIFICATE_C:
- case SSL2_ST_SEND_CLIENT_CERTIFICATE_D:
- case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:
- ret=client_certificate(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_GET_SERVER_FINISHED_A;
- break;
-
- case SSL_ST_OK:
- if (s->init_buf != NULL)
- {
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
- }
- s->init_num=0;
- /* ERR_clear_error();*/
-
- /* If we want to cache session-ids in the client
- * and we successfully add the session-id to the
- * cache, and there is a callback, then pass it out.
- * 26/11/96 - eay - only add if not a re-used session.
- */
-
- ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
- if (s->hit) s->ctx->stats.sess_hit++;
-
- ret=1;
- /* s->server=0; */
- s->ctx->stats.sess_connect_good++;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
- goto end;
- /* break; */
- default:
- SSLerr(SSL_F_SSL2_CONNECT,SSL_R_UNKNOWN_STATE);
- return(-1);
- /* break; */
- }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_CONNECT_LOOP,1);
- s->state=new_state;
- }
- }
-end:
- s->in_handshake--;
- if (buf != NULL)
- BUF_MEM_free(buf);
- if (cb != NULL)
- cb(s,SSL_CB_CONNECT_EXIT,ret);
- return(ret);
- }
-
-static int get_server_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p;
- int i,j;
- unsigned long len;
- STACK_OF(SSL_CIPHER) *sk=NULL,*cl, *prio, *allow;
-
- buf=(unsigned char *)s->init_buf->data;
- p=buf;
- if (s->state == SSL2_ST_GET_SERVER_HELLO_A)
- {
- i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num);
- if (i < (11-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
- s->init_num = 11;
-
- if (*(p++) != SSL2_MT_SERVER_HELLO)
- {
- if (p[-1] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_HELLO,
- SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- SSLerr(SSL_F_GET_SERVER_HELLO,
- SSL_R_PEER_ERROR);
- return(-1);
- }
-#ifdef __APPLE_CC__
- /* The Rhapsody 5.5 (a.k.a. MacOS X) compiler bug
- * workaround. <appro@fy.chalmers.se> */
- s->hit=(i=*(p++))?1:0;
-#else
- s->hit=(*(p++))?1:0;
-#endif
- s->s2->tmp.cert_type= *(p++);
- n2s(p,i);
- if (i < s->version) s->version=i;
- n2s(p,i); s->s2->tmp.cert_length=i;
- n2s(p,i); s->s2->tmp.csl=i;
- n2s(p,i); s->s2->tmp.conn_id_length=i;
- s->state=SSL2_ST_GET_SERVER_HELLO_B;
- }
-
- /* SSL2_ST_GET_SERVER_HELLO_B */
- len = 11 + (unsigned long)s->s2->tmp.cert_length + (unsigned long)s->s2->tmp.csl + (unsigned long)s->s2->tmp.conn_id_length;
- if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- {
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_MESSAGE_TOO_LONG);
- return -1;
- }
- j = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(buf[s->init_num]),j);
- if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, buf, (size_t)len, s, s->msg_callback_arg); /* SERVER-HELLO */
-
- /* things are looking good */
-
- p = buf + 11;
- if (s->hit)
- {
- if (s->s2->tmp.cert_length != 0)
- {
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_LENGTH_NOT_ZERO);
- return(-1);
- }
- if (s->s2->tmp.cert_type != 0)
- {
- if (!(s->options &
- SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG))
- {
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CERT_TYPE_NOT_ZERO);
- return(-1);
- }
- }
- if (s->s2->tmp.csl != 0)
- {
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_REUSE_CIPHER_LIST_NOT_ZERO);
- return(-1);
- }
- }
- else
- {
-#ifdef undef
- /* very bad */
- memset(s->session->session_id,0,
- SSL_MAX_SSL_SESSION_ID_LENGTH_IN_BYTES);
- s->session->session_id_length=0;
- */
-#endif
-
- /* we need to do this in case we were trying to reuse a
- * client session but others are already reusing it.
- * If this was a new 'blank' session ID, the session-id
- * length will still be 0 */
- if (s->session->session_id_length > 0)
- {
- if (!ssl_get_new_session(s,0))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
-
- if (ssl2_set_certificate(s,s->s2->tmp.cert_type,
- s->s2->tmp.cert_length,p) <= 0)
- {
- ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
- return(-1);
- }
- p+=s->s2->tmp.cert_length;
-
- if (s->s2->tmp.csl == 0)
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_LIST);
- return(-1);
- }
-
- /* We have just received a list of ciphers back from the
- * server. We need to get the ones that match, then select
- * the one we want the most :-). */
-
- /* load the ciphers */
- sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl,
- &s->session->ciphers);
- p+=s->s2->tmp.csl;
- if (sk == NULL)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
- return(-1);
- }
-
- sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
-
- /* get the array of ciphers we will accept */
- cl=SSL_get_ciphers(s);
- sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp);
-
- /*
- * If server preference flag set, choose the first
- * (highest priority) cipher the server sends, otherwise
- * client preference has priority.
- */
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
- {
- prio = sk;
- allow = cl;
- }
- else
- {
- prio = cl;
- allow = sk;
- }
- /* In theory we could have ciphers sent back that we
- * don't want to use but that does not matter since we
- * will check against the list we originally sent and
- * for performance reasons we should not bother to match
- * the two lists up just to check. */
- for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
- {
- if (sk_SSL_CIPHER_find(allow,
- sk_SSL_CIPHER_value(prio,i)) >= 0)
- break;
- }
-
- if (i >= sk_SSL_CIPHER_num(prio))
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH);
- return(-1);
- }
- s->session->cipher=sk_SSL_CIPHER_value(prio,i);
-
-
- if (s->session->peer != NULL) /* can't happen*/
- {
- ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
- return(-1);
- }
-
- s->session->peer = s->session->sess_cert->peer_key->x509;
- /* peer_key->x509 has been set by ssl2_set_certificate. */
- CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
- }
-
- if (s->session->sess_cert == NULL
- || s->session->peer != s->session->sess_cert->peer_key->x509)
- /* can't happen */
- {
- ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
- return(-1);
- }
-
- s->s2->conn_id_length=s->s2->tmp.conn_id_length;
- if (s->s2->conn_id_length > sizeof s->s2->conn_id)
- {
- ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
- return -1;
- }
- memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
- return(1);
- }
-
-static int client_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
-/* CIPHER **cipher;*/
- int i,n,j;
-
- buf=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_SEND_CLIENT_HELLO_A)
- {
- if ((s->session == NULL) ||
- (s->session->ssl_version != s->version))
- {
- if (!ssl_get_new_session(s,0))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
- /* else use the pre-loaded session */
-
- p=buf; /* header */
- d=p+9; /* data section */
- *(p++)=SSL2_MT_CLIENT_HELLO; /* type */
- s2n(SSL2_VERSION,p); /* version */
- n=j=0;
-
- n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d,0);
- d+=n;
-
- if (n == 0)
- {
- SSLerr(SSL_F_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
- return(-1);
- }
-
- s2n(n,p); /* cipher spec num bytes */
-
- if ((s->session->session_id_length > 0) &&
- (s->session->session_id_length <=
- SSL2_MAX_SSL_SESSION_ID_LENGTH))
- {
- i=s->session->session_id_length;
- s2n(i,p); /* session id length */
- memcpy(d,s->session->session_id,(unsigned int)i);
- d+=i;
- }
- else
- {
- s2n(0,p);
- }
-
- s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
- s2n(SSL2_CHALLENGE_LENGTH,p); /* challenge length */
- /*challenge id data*/
- if (RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH) <= 0)
- return -1;
- memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
- d+=SSL2_CHALLENGE_LENGTH;
-
- s->state=SSL2_ST_SEND_CLIENT_HELLO_B;
- s->init_num=d-buf;
- s->init_off=0;
- }
- /* SSL2_ST_SEND_CLIENT_HELLO_B */
- return(ssl2_do_write(s));
- }
-
-static int client_master_key(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int clear,enc,karg,i;
- SSL_SESSION *sess;
- const EVP_CIPHER *c;
- const EVP_MD *md;
-
- buf=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
- {
-
- if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
- return(-1);
- }
- sess=s->session;
- p=buf;
- d=p+10;
- *(p++)=SSL2_MT_CLIENT_MASTER_KEY;/* type */
-
- i=ssl_put_cipher_by_char(s,sess->cipher,p);
- p+=i;
-
- /* make key_arg data */
- i=EVP_CIPHER_iv_length(c);
- sess->key_arg_length=i;
- if (i > SSL_MAX_KEY_ARG_LENGTH)
- {
- ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- if (i > 0)
- if (RAND_pseudo_bytes(sess->key_arg,i) <= 0)
- return -1;
-
- /* make a master key */
- i=EVP_CIPHER_key_length(c);
- sess->master_key_length=i;
- if (i > 0)
- {
- if (i > (int)sizeof(sess->master_key))
- {
- ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- if (RAND_bytes(sess->master_key,i) <= 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
-
- if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
- enc=8;
- else if (SSL_C_IS_EXPORT(sess->cipher))
- enc=5;
- else
- enc=i;
-
- if ((int)i < enc)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_CIPHER_TABLE_SRC_ERROR);
- return(-1);
- }
- clear=i-enc;
- s2n(clear,p);
- memcpy(d,sess->master_key,(unsigned int)clear);
- d+=clear;
-
- enc=ssl_rsa_public_encrypt(sess->sess_cert,enc,
- &(sess->master_key[clear]),d,
- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
- if (enc <= 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PUBLIC_KEY_ENCRYPT_ERROR);
- return(-1);
- }
-#ifdef PKCS1_CHECK
- if (s->options & SSL_OP_PKCS1_CHECK_1) d[1]++;
- if (s->options & SSL_OP_PKCS1_CHECK_2)
- sess->master_key[clear]++;
-#endif
- s2n(enc,p);
- d+=enc;
- karg=sess->key_arg_length;
- s2n(karg,p); /* key arg size */
- if (karg > (int)sizeof(sess->key_arg))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- memcpy(d,sess->key_arg,(unsigned int)karg);
- d+=karg;
-
- s->state=SSL2_ST_SEND_CLIENT_MASTER_KEY_B;
- s->init_num=d-buf;
- s->init_off=0;
- }
-
- /* SSL2_ST_SEND_CLIENT_MASTER_KEY_B */
- return(ssl2_do_write(s));
- }
-
-static int client_finished(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL2_ST_SEND_CLIENT_FINISHED_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_CLIENT_FINISHED;
- if (s->s2->conn_id_length > sizeof s->s2->conn_id)
- {
- SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
-
- s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
- s->init_num=s->s2->conn_id_length+1;
- s->init_off=0;
- }
- return(ssl2_do_write(s));
- }
-
-/* read the data and then respond */
-static int client_certificate(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i;
- unsigned int n;
- int cert_ch_len;
- unsigned char *cert_ch;
-
- buf=(unsigned char *)s->init_buf->data;
-
- /* We have a cert associated with the SSL, so attach it to
- * the session if it does not have one */
-
- if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
- {
- i=ssl2_read(s,(char *)&(buf[s->init_num]),
- SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);
- if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))
- return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
- s->init_num += i;
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* REQUEST-CERTIFICATE */
-
- /* type=buf[0]; */
- /* type eq x509 */
- if (buf[1] != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
- {
- ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
- SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE);
- return(-1);
- }
-
- if ((s->cert == NULL) ||
- (s->cert->key->x509 == NULL) ||
- (s->cert->key->privatekey == NULL))
- {
- s->state=SSL2_ST_X509_GET_CLIENT_CERTIFICATE;
- }
- else
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
- }
-
- cert_ch = buf + 2;
- cert_ch_len = s->init_num - 2;
-
- if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE)
- {
- X509 *x509=NULL;
- EVP_PKEY *pkey=NULL;
-
- /* If we get an error we need to
- * ssl->rwstate=SSL_X509_LOOKUP;
- * return(error);
- * We should then be retried when things are ok and we
- * can get a cert or not */
-
- i=0;
- if (s->ctx->client_cert_cb != NULL)
- {
- i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
- }
-
- if (i < 0)
- {
- s->rwstate=SSL_X509_LOOKUP;
- return(-1);
- }
- s->rwstate=SSL_NOTHING;
-
- if ((i == 1) && (pkey != NULL) && (x509 != NULL))
- {
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
- if ( !SSL_use_certificate(s,x509) ||
- !SSL_use_PrivateKey(s,pkey))
- {
- i=0;
- }
- X509_free(x509);
- EVP_PKEY_free(pkey);
- }
- else if (i == 1)
- {
- if (x509 != NULL) X509_free(x509);
- if (pkey != NULL) EVP_PKEY_free(pkey);
- SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
- i=0;
- }
-
- if (i == 0)
- {
- /* We have no client certificate to respond with
- * so send the correct error message back */
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_B;
- p=buf;
- *(p++)=SSL2_MT_ERROR;
- s2n(SSL2_PE_NO_CERTIFICATE,p);
- s->init_off=0;
- s->init_num=3;
- /* Write is done at the end */
- }
- }
-
- if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_B)
- {
- return(ssl2_do_write(s));
- }
-
- if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_C)
- {
- EVP_MD_CTX ctx;
-
- /* ok, now we calculate the checksum
- * do it first so we can reuse buf :-) */
- p=buf;
- EVP_MD_CTX_init(&ctx);
- EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL);
- EVP_SignUpdate(&ctx,s->s2->key_material,
- s->s2->key_material_length);
- EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
- n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
- EVP_SignUpdate(&ctx,buf,(unsigned int)n);
-
- p=buf;
- d=p+6;
- *(p++)=SSL2_MT_CLIENT_CERTIFICATE;
- *(p++)=SSL2_CT_X509_CERTIFICATE;
- n=i2d_X509(s->cert->key->x509,&d);
- s2n(n,p);
-
- if (!EVP_SignFinal(&ctx,d,&n,s->cert->key->privatekey))
- {
- /* this is not good. If things have failed it
- * means there so something wrong with the key.
- * We will continue with a 0 length signature
- */
- }
- EVP_MD_CTX_cleanup(&ctx);
- s2n(n,p);
- d+=n;
-
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_D;
- s->init_num=d-buf;
- s->init_off=0;
- }
- /* if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_D) */
- return(ssl2_do_write(s));
- }
-
-static int get_server_verify(SSL *s)
- {
- unsigned char *p;
- int i, n, len;
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)
- {
- i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
- if (i < (1-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
- s->init_num += i;
-
- s->state= SSL2_ST_GET_SERVER_VERIFY_B;
- if (*p != SSL2_MT_SERVER_VERIFY)
- {
- if (p[0] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_VERIFY,
- SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- {
- SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_PEER_ERROR);
- /* try to read the error message */
- i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
- return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
- }
- return(-1);
- }
- }
-
- p=(unsigned char *)s->init_buf->data;
- len = 1 + s->s2->challenge_length;
- n = len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),n);
- if (i < n)
- return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
- p += 1;
-
- if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
- return(-1);
- }
- return(1);
- }
-
-static int get_server_finished(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p;
- int i, n, len;
-
- buf=(unsigned char *)s->init_buf->data;
- p=buf;
- if (s->state == SSL2_ST_GET_SERVER_FINISHED_A)
- {
- i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);
- if (i < (1-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
- s->init_num += i;
-
- if (*p == SSL2_MT_REQUEST_CERTIFICATE)
- {
- s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
- return(1);
- }
- else if (*p != SSL2_MT_SERVER_FINISHED)
- {
- if (p[0] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- {
- SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
- /* try to read the error message */
- i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
- return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
- }
- return(-1);
- }
- s->state=SSL2_ST_GET_SERVER_FINISHED_B;
- }
-
- len = 1 + SSL2_SSL_SESSION_ID_LENGTH;
- n = len - s->init_num;
- i = ssl2_read(s,(char *)&(buf[s->init_num]), n);
- if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */
- return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
- s->init_num += i;
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* SERVER-FINISHED */
-
- if (!s->hit) /* new session */
- {
- /* new session-id */
- /* Make sure we were not trying to re-use an old SSL_SESSION
- * or bad things can happen */
- /* ZZZZZZZZZZZZZ */
- s->session->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
- memcpy(s->session->session_id,p+1,SSL2_SSL_SESSION_ID_LENGTH);
- }
- else
- {
- if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
- {
- if ((s->session->session_id_length > sizeof s->session->session_id)
- || (0 != memcmp(buf + 1, s->session->session_id,
- (unsigned int)s->session->session_id_length)))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
- return(-1);
- }
- }
- }
- s->state = SSL_ST_OK;
- return(1);
- }
-
-/* loads in the certificate from the server */
-int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data)
- {
- STACK_OF(X509) *sk=NULL;
- EVP_PKEY *pkey=NULL;
- SESS_CERT *sc=NULL;
- int i;
- X509 *x509=NULL;
- int ret=0;
-
- x509=d2i_X509(NULL,&data,(long)len);
- if (x509 == NULL)
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_X509_LIB);
- goto err;
- }
-
- if ((sk=sk_X509_new_null()) == NULL || !sk_X509_push(sk,x509))
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- i=ssl_verify_cert_chain(s,sk);
-
- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
- goto err;
- }
- ERR_clear_error(); /* but we keep s->verify_result */
- s->session->verify_result = s->verify_result;
-
- /* server's cert for this session */
- sc=ssl_sess_cert_new();
- if (sc == NULL)
- {
- ret= -1;
- goto err;
- }
- if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
- s->session->sess_cert=sc;
-
- sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509;
- sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);
-
- pkey=X509_get_pubkey(x509);
- x509=NULL;
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY);
- goto err;
- }
- if (pkey->type != EVP_PKEY_RSA)
- {
- SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_PUBLIC_KEY_NOT_RSA);
- goto err;
- }
-
- if (!ssl_set_peer_cert_type(sc,SSL2_CT_X509_CERTIFICATE))
- goto err;
- ret=1;
-err:
- sk_X509_free(sk);
- X509_free(x509);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
- unsigned char *to, int padding)
- {
- EVP_PKEY *pkey=NULL;
- int i= -1;
-
- if ((sc == NULL) || (sc->peer_key->x509 == NULL) ||
- ((pkey=X509_get_pubkey(sc->peer_key->x509)) == NULL))
- {
- SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY);
- return(-1);
- }
- if (pkey->type != EVP_PKEY_RSA)
- {
- SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
- goto end;
- }
-
- /* we have the public key */
- i=RSA_public_encrypt(len,from,to,pkey->pkey.rsa,padding);
- if (i < 0)
- SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
-end:
- EVP_PKEY_free(pkey);
- return(i);
- }
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/ssl/s2_enc.c b/crypto/openssl/ssl/s2_enc.c
deleted file mode 100644
index 1f62acd..0000000
--- a/crypto/openssl/ssl/s2_enc.c
+++ /dev/null
@@ -1,194 +0,0 @@
-/* ssl/s2_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-
-int ssl2_enc_init(SSL *s, int client)
- {
- /* Max number of bytes needed */
- EVP_CIPHER_CTX *rs,*ws;
- const EVP_CIPHER *c;
- const EVP_MD *md;
- int num;
-
- if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
- return(0);
- }
-
- s->read_hash=md;
- s->write_hash=md;
-
- if ((s->enc_read_ctx == NULL) &&
- ((s->enc_read_ctx=(EVP_CIPHER_CTX *)
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
- goto err;
-
- /* make sure it's intialized in case the malloc for enc_write_ctx fails
- * and we exit with an error */
- rs= s->enc_read_ctx;
- EVP_CIPHER_CTX_init(rs);
-
- if ((s->enc_write_ctx == NULL) &&
- ((s->enc_write_ctx=(EVP_CIPHER_CTX *)
- OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
- goto err;
-
- ws= s->enc_write_ctx;
- EVP_CIPHER_CTX_init(ws);
-
- num=c->key_len;
- s->s2->key_material_length=num*2;
- OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
-
- if (ssl2_generate_key_material(s) <= 0)
- return 0;
-
- OPENSSL_assert(c->iv_len <= (int)sizeof(s->session->key_arg));
- EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
- s->session->key_arg);
- EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
- s->session->key_arg);
- s->s2->read_key= &(s->s2->key_material[(client)?0:num]);
- s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
- return(1);
-err:
- SSLerr(SSL_F_SSL2_ENC_INIT,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-/* read/writes from s->s2->mac_data using length for encrypt and
- * decrypt. It sets s->s2->padding and s->[rw]length
- * if we are encrypting */
-void ssl2_enc(SSL *s, int send)
- {
- EVP_CIPHER_CTX *ds;
- unsigned long l;
- int bs;
-
- if (send)
- {
- ds=s->enc_write_ctx;
- l=s->s2->wlength;
- }
- else
- {
- ds=s->enc_read_ctx;
- l=s->s2->rlength;
- }
-
- /* check for NULL cipher */
- if (ds == NULL) return;
-
-
- bs=ds->cipher->block_size;
- /* This should be using (bs-1) and bs instead of 7 and 8, but
- * what the hell. */
- if (bs == 8)
- l=(l+7)/8*8;
-
- EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
- }
-
-void ssl2_mac(SSL *s, unsigned char *md, int send)
- {
- EVP_MD_CTX c;
- unsigned char sequence[4],*p,*sec,*act;
- unsigned long seq;
- unsigned int len;
-
- if (send)
- {
- seq=s->s2->write_sequence;
- sec=s->s2->write_key;
- len=s->s2->wact_data_length;
- act=s->s2->wact_data;
- }
- else
- {
- seq=s->s2->read_sequence;
- sec=s->s2->read_key;
- len=s->s2->ract_data_length;
- act=s->s2->ract_data;
- }
-
- p= &(sequence[0]);
- l2n(seq,p);
-
- /* There has to be a MAC algorithm. */
- EVP_MD_CTX_init(&c);
- EVP_DigestInit_ex(&c, s->read_hash, NULL);
- EVP_DigestUpdate(&c,sec,
- EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
- EVP_DigestUpdate(&c,act,len);
- /* the above line also does the pad data */
- EVP_DigestUpdate(&c,sequence,4);
- EVP_DigestFinal_ex(&c,md,NULL);
- EVP_MD_CTX_cleanup(&c);
- }
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/ssl/s2_lib.c b/crypto/openssl/ssl/s2_lib.c
deleted file mode 100644
index 10751b2..0000000
--- a/crypto/openssl/ssl/s2_lib.c
+++ /dev/null
@@ -1,478 +0,0 @@
-/* ssl/s2_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-
-const char ssl2_version_str[]="SSLv2" OPENSSL_VERSION_PTEXT;
-
-#define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
-
-/* list of available SSLv2 ciphers (sorted by id) */
-OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
-/* NULL_WITH_MD5 v3 */
-#if 0
- {
- 1,
- SSL2_TXT_NULL_WITH_MD5,
- SSL2_CK_NULL_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
- SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-/* RC4_128_WITH_MD5 */
- {
- 1,
- SSL2_TXT_RC4_128_WITH_MD5,
- SSL2_CK_RC4_128_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* RC4_128_EXPORT40_WITH_MD5 */
- {
- 1,
- SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
- SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
- SSL_EXPORT|SSL_EXP40,
- SSL2_CF_5_BYTE_ENC,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* RC2_128_CBC_WITH_MD5 */
- {
- 1,
- SSL2_TXT_RC2_128_CBC_WITH_MD5,
- SSL2_CK_RC2_128_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* RC2_128_CBC_EXPORT40_WITH_MD5 */
- {
- 1,
- SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
- SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
- SSL_EXPORT|SSL_EXP40,
- SSL2_CF_5_BYTE_ENC,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* IDEA_128_CBC_WITH_MD5 */
-#ifndef OPENSSL_NO_IDEA
- {
- 1,
- SSL2_TXT_IDEA_128_CBC_WITH_MD5,
- SSL2_CK_IDEA_128_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-/* DES_64_CBC_WITH_MD5 */
- {
- 1,
- SSL2_TXT_DES_64_CBC_WITH_MD5,
- SSL2_CK_DES_64_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* DES_192_EDE3_CBC_WITH_MD5 */
- {
- 1,
- SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
- SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* RC4_64_WITH_MD5 */
-#if 0
- {
- 1,
- SSL2_TXT_RC4_64_WITH_MD5,
- SSL2_CK_RC4_64_WITH_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
- SSL_NOT_EXP|SSL_LOW,
- SSL2_CF_8_BYTE_ENC,
- 64,
- 64,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-/* NULL SSLeay (testing) */
-#if 0
- {
- 0,
- SSL2_TXT_NULL,
- SSL2_CK_NULL,
- 0,
- SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-
-/* end of list :-) */
- };
-
-long ssl2_default_timeout(void)
- {
- return(300);
- }
-
-IMPLEMENT_ssl2_meth_func(sslv2_base_method,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl_bad_method)
-
-int ssl2_num_ciphers(void)
- {
- return(SSL2_NUM_CIPHERS);
- }
-
-SSL_CIPHER *ssl2_get_cipher(unsigned int u)
- {
- if (u < SSL2_NUM_CIPHERS)
- return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
- else
- return(NULL);
- }
-
-int ssl2_pending(const SSL *s)
- {
- return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
- }
-
-int ssl2_new(SSL *s)
- {
- SSL2_STATE *s2;
-
- if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
- memset(s2,0,sizeof *s2);
-
-#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
-# error "assertion failed"
-#endif
-
- if ((s2->rbuf=OPENSSL_malloc(
- SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
- /* wbuf needs one byte more because when using two-byte headers,
- * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
- if ((s2->wbuf=OPENSSL_malloc(
- SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
- s->s2=s2;
-
- ssl2_clear(s);
- return(1);
-err:
- if (s2 != NULL)
- {
- if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
- if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
- OPENSSL_free(s2);
- }
- return(0);
- }
-
-void ssl2_free(SSL *s)
- {
- SSL2_STATE *s2;
-
- if(s == NULL)
- return;
-
- s2=s->s2;
- if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
- if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
- OPENSSL_cleanse(s2,sizeof *s2);
- OPENSSL_free(s2);
- s->s2=NULL;
- }
-
-void ssl2_clear(SSL *s)
- {
- SSL2_STATE *s2;
- unsigned char *rbuf,*wbuf;
-
- s2=s->s2;
-
- rbuf=s2->rbuf;
- wbuf=s2->wbuf;
-
- memset(s2,0,sizeof *s2);
-
- s2->rbuf=rbuf;
- s2->wbuf=wbuf;
- s2->clear_text=1;
- s->packet=s2->rbuf;
- s->version=SSL2_VERSION;
- s->packet_length=0;
- }
-
-long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
- {
- int ret=0;
-
- switch(cmd)
- {
- case SSL_CTRL_GET_SESSION_REUSED:
- ret=s->hit;
- break;
- default:
- break;
- }
- return(ret);
- }
-
-long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
- {
- return(0);
- }
-
-long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
- {
- return(0);
- }
-
-long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
- {
- return(0);
- }
-
-/* This function needs to check if the ciphers required are actually
- * available */
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
- {
- SSL_CIPHER c,*cp;
- unsigned long id;
-
- id=0x02000000L|((unsigned long)p[0]<<16L)|
- ((unsigned long)p[1]<<8L)|(unsigned long)p[2];
- c.id=id;
- cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
- (char *)ssl2_ciphers,
- SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER),
- FP_ICC ssl_cipher_id_cmp);
- if ((cp == NULL) || (cp->valid == 0))
- return NULL;
- else
- return cp;
- }
-
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
- {
- long l;
-
- if (p != NULL)
- {
- l=c->id;
- if ((l & 0xff000000) != 0x02000000) return(0);
- p[0]=((unsigned char)(l>>16L))&0xFF;
- p[1]=((unsigned char)(l>> 8L))&0xFF;
- p[2]=((unsigned char)(l ))&0xFF;
- }
- return(3);
- }
-
-int ssl2_generate_key_material(SSL *s)
- {
- unsigned int i;
- EVP_MD_CTX ctx;
- unsigned char *km;
- unsigned char c='0';
- const EVP_MD *md5;
-
- md5 = EVP_md5();
-
-#ifdef CHARSET_EBCDIC
- c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
- see SSLv2 docu */
-#endif
- EVP_MD_CTX_init(&ctx);
- km=s->s2->key_material;
-
- if (s->session->master_key_length < 0 ||
- s->session->master_key_length > (int)sizeof(s->session->master_key))
- {
- SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
- {
- if (((km - s->s2->key_material) + EVP_MD_size(md5)) >
- (int)sizeof(s->s2->key_material))
- {
- /* EVP_DigestFinal_ex() below would write beyond buffer */
- SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- EVP_DigestInit_ex(&ctx, md5, NULL);
-
- OPENSSL_assert(s->session->master_key_length >= 0
- && s->session->master_key_length
- < (int)sizeof(s->session->master_key));
- EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
- EVP_DigestUpdate(&ctx,&c,1);
- c++;
- EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
- EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
- EVP_DigestFinal_ex(&ctx,km,NULL);
- km += EVP_MD_size(md5);
- }
-
- EVP_MD_CTX_cleanup(&ctx);
- return 1;
- }
-
-void ssl2_return_error(SSL *s, int err)
- {
- if (!s->error)
- {
- s->error=3;
- s->error_code=err;
-
- ssl2_write_error(s);
- }
- }
-
-
-void ssl2_write_error(SSL *s)
- {
- unsigned char buf[3];
- int i,error;
-
- buf[0]=SSL2_MT_ERROR;
- buf[1]=(s->error_code>>8)&0xff;
- buf[2]=(s->error_code)&0xff;
-
-/* state=s->rwstate;*/
-
- error=s->error; /* number of bytes left to write */
- s->error=0;
- OPENSSL_assert(error >= 0 && error <= (int)sizeof(buf));
- i=ssl2_write(s,&(buf[3-error]),error);
-
-/* if (i == error) s->rwstate=state; */
-
- if (i < 0)
- s->error=error;
- else
- {
- s->error=error-i;
-
- if (s->error == 0)
- if (s->msg_callback)
- s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */
- }
- }
-
-int ssl2_shutdown(SSL *s)
- {
- s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
- return(1);
- }
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/ssl/s2_meth.c b/crypto/openssl/ssl/s2_meth.c
deleted file mode 100644
index a35e435..0000000
--- a/crypto/openssl/ssl/s2_meth.c
+++ /dev/null
@@ -1,84 +0,0 @@
-/* ssl/s2_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <openssl/objects.h>
-
-static SSL_METHOD *ssl2_get_method(int ver);
-static SSL_METHOD *ssl2_get_method(int ver)
- {
- if (ver == SSL2_VERSION)
- return(SSLv2_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl2_meth_func(SSLv2_method,
- ssl2_accept,
- ssl2_connect,
- ssl2_get_method)
-
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/ssl/s2_pkt.c b/crypto/openssl/ssl/s2_pkt.c
deleted file mode 100644
index a10929a..0000000
--- a/crypto/openssl/ssl/s2_pkt.c
+++ /dev/null
@@ -1,737 +0,0 @@
-/* ssl/s2_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-
-static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
-static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
-static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
-static int ssl_mt_error(int n);
-
-
-/* SSL 2.0 imlementation for SSL_read/SSL_peek -
- * This routine will return 0 to len bytes, decrypted etc if required.
- */
-static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
- {
- int n;
- unsigned char mac[MAX_MAC_SIZE];
- unsigned char *p;
- int i;
- unsigned int mac_size;
-
- ssl2_read_again:
- if (SSL_in_init(s) && !s->in_handshake)
- {
- n=s->handshake_func(s);
- if (n < 0) return(n);
- if (n == 0)
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- }
-
- clear_sys_error();
- s->rwstate=SSL_NOTHING;
- if (len <= 0) return(len);
-
- if (s->s2->ract_data_length != 0) /* read from buffer */
- {
- if (len > s->s2->ract_data_length)
- n=s->s2->ract_data_length;
- else
- n=len;
-
- memcpy(buf,s->s2->ract_data,(unsigned int)n);
- if (!peek)
- {
- s->s2->ract_data_length-=n;
- s->s2->ract_data+=n;
- if (s->s2->ract_data_length == 0)
- s->rstate=SSL_ST_READ_HEADER;
- }
-
- return(n);
- }
-
- /* s->s2->ract_data_length == 0
- *
- * Fill the buffer, then goto ssl2_read_again.
- */
-
- if (s->rstate == SSL_ST_READ_HEADER)
- {
- if (s->first_packet)
- {
- n=read_n(s,5,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
- if (n <= 0) return(n); /* error or non-blocking */
- s->first_packet=0;
- p=s->packet;
- if (!((p[0] & 0x80) && (
- (p[2] == SSL2_MT_CLIENT_HELLO) ||
- (p[2] == SSL2_MT_SERVER_HELLO))))
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);
- return(-1);
- }
- }
- else
- {
- n=read_n(s,2,SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2,0);
- if (n <= 0) return(n); /* error or non-blocking */
- }
- /* part read stuff */
-
- s->rstate=SSL_ST_READ_BODY;
- p=s->packet;
- /* Do header */
- /*s->s2->padding=0;*/
- s->s2->escape=0;
- s->s2->rlength=(((unsigned int)p[0])<<8)|((unsigned int)p[1]);
- if ((p[0] & TWO_BYTE_BIT)) /* Two byte header? */
- {
- s->s2->three_byte_header=0;
- s->s2->rlength&=TWO_BYTE_MASK;
- }
- else
- {
- s->s2->three_byte_header=1;
- s->s2->rlength&=THREE_BYTE_MASK;
-
- /* security >s2->escape */
- s->s2->escape=((p[0] & SEC_ESC_BIT))?1:0;
- }
- }
-
- if (s->rstate == SSL_ST_READ_BODY)
- {
- n=s->s2->rlength+2+s->s2->three_byte_header;
- if (n > (int)s->packet_length)
- {
- n-=s->packet_length;
- i=read_n(s,(unsigned int)n,(unsigned int)n,1);
- if (i <= 0) return(i); /* ERROR */
- }
-
- p= &(s->packet[2]);
- s->rstate=SSL_ST_READ_HEADER;
- if (s->s2->three_byte_header)
- s->s2->padding= *(p++);
- else s->s2->padding=0;
-
- /* Data portion */
- if (s->s2->clear_text)
- {
- mac_size = 0;
- s->s2->mac_data=p;
- s->s2->ract_data=p;
- if (s->s2->padding)
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
- return(-1);
- }
- }
- else
- {
- mac_size=EVP_MD_size(s->read_hash);
- OPENSSL_assert(mac_size <= MAX_MAC_SIZE);
- s->s2->mac_data=p;
- s->s2->ract_data= &p[mac_size];
- if (s->s2->padding + mac_size > s->s2->rlength)
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
- return(-1);
- }
- }
-
- s->s2->ract_data_length=s->s2->rlength;
- /* added a check for length > max_size in case
- * encryption was not turned on yet due to an error */
- if ((!s->s2->clear_text) &&
- (s->s2->rlength >= mac_size))
- {
- ssl2_enc(s,0);
- s->s2->ract_data_length-=mac_size;
- ssl2_mac(s,mac,0);
- s->s2->ract_data_length-=s->s2->padding;
- if ( (memcmp(mac,s->s2->mac_data,
- (unsigned int)mac_size) != 0) ||
- (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
- return(-1);
- }
- }
- INC32(s->s2->read_sequence); /* expect next number */
- /* s->s2->ract_data is now available for processing */
-
- /* Possibly the packet that we just read had 0 actual data bytes.
- * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
- * In this case, returning 0 would be interpreted by the caller
- * as indicating EOF, so it's not a good idea. Instead, we just
- * continue reading; thus ssl2_read_internal may have to process
- * multiple packets before it can return.
- *
- * [Note that using select() for blocking sockets *never* guarantees
- * that the next SSL_read will not block -- the available
- * data may contain incomplete packets, and except for SSL 2,
- * renegotiation can confuse things even more.] */
-
- goto ssl2_read_again; /* This should really be
- * "return ssl2_read(s,buf,len)",
- * but that would allow for
- * denial-of-service attacks if a
- * C compiler is used that does not
- * recognize end-recursion. */
- }
- else
- {
- SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);
- return(-1);
- }
- }
-
-int ssl2_read(SSL *s, void *buf, int len)
- {
- return ssl2_read_internal(s, buf, len, 0);
- }
-
-int ssl2_peek(SSL *s, void *buf, int len)
- {
- return ssl2_read_internal(s, buf, len, 1);
- }
-
-static int read_n(SSL *s, unsigned int n, unsigned int max,
- unsigned int extend)
- {
- int i,off,newb;
-
- /* if there is stuff still in the buffer from a previous read,
- * and there is more than we want, take some. */
- if (s->s2->rbuf_left >= (int)n)
- {
- if (extend)
- s->packet_length+=n;
- else
- {
- s->packet= &(s->s2->rbuf[s->s2->rbuf_offs]);
- s->packet_length=n;
- }
- s->s2->rbuf_left-=n;
- s->s2->rbuf_offs+=n;
- return(n);
- }
-
- if (!s->read_ahead) max=n;
- if (max > (unsigned int)(SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2))
- max=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2;
-
-
- /* Else we want more than we have.
- * First, if there is some left or we want to extend */
- off=0;
- if ((s->s2->rbuf_left != 0) || ((s->packet_length != 0) && extend))
- {
- newb=s->s2->rbuf_left;
- if (extend)
- {
- off=s->packet_length;
- if (s->packet != s->s2->rbuf)
- memcpy(s->s2->rbuf,s->packet,
- (unsigned int)newb+off);
- }
- else if (s->s2->rbuf_offs != 0)
- {
- memcpy(s->s2->rbuf,&(s->s2->rbuf[s->s2->rbuf_offs]),
- (unsigned int)newb);
- s->s2->rbuf_offs=0;
- }
- s->s2->rbuf_left=0;
- }
- else
- newb=0;
-
- /* off is the offset to start writing too.
- * r->s2->rbuf_offs is the 'unread data', now 0.
- * newb is the number of new bytes so far
- */
- s->packet=s->s2->rbuf;
- while (newb < (int)n)
- {
- clear_sys_error();
- if (s->rbio != NULL)
- {
- s->rwstate=SSL_READING;
- i=BIO_read(s->rbio,(char *)&(s->s2->rbuf[off+newb]),
- max-newb);
- }
- else
- {
- SSLerr(SSL_F_READ_N,SSL_R_READ_BIO_NOT_SET);
- i= -1;
- }
-#ifdef PKT_DEBUG
- if (s->debug & 0x01) sleep(1);
-#endif
- if (i <= 0)
- {
- s->s2->rbuf_left+=newb;
- return(i);
- }
- newb+=i;
- }
-
- /* record unread data */
- if (newb > (int)n)
- {
- s->s2->rbuf_offs=n+off;
- s->s2->rbuf_left=newb-n;
- }
- else
- {
- s->s2->rbuf_offs=0;
- s->s2->rbuf_left=0;
- }
- if (extend)
- s->packet_length+=n;
- else
- s->packet_length=n;
- s->rwstate=SSL_NOTHING;
- return(n);
- }
-
-int ssl2_write(SSL *s, const void *_buf, int len)
- {
- const unsigned char *buf=_buf;
- unsigned int n,tot;
- int i;
-
- if (SSL_in_init(s) && !s->in_handshake)
- {
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL2_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- }
-
- if (s->error)
- {
- ssl2_write_error(s);
- if (s->error)
- return(-1);
- }
-
- clear_sys_error();
- s->rwstate=SSL_NOTHING;
- if (len <= 0) return(len);
-
- tot=s->s2->wnum;
- s->s2->wnum=0;
-
- n=(len-tot);
- for (;;)
- {
- i=do_ssl_write(s,&(buf[tot]),n);
- if (i <= 0)
- {
- s->s2->wnum=tot;
- return(i);
- }
- if ((i == (int)n) ||
- (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))
- {
- return(tot+i);
- }
-
- n-=i;
- tot+=i;
- }
- }
-
-static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
- {
- int i;
-
- /* s->s2->wpend_len != 0 MUST be true. */
-
- /* check that they have given us the same buffer to
- * write */
- if ((s->s2->wpend_tot > (int)len) ||
- ((s->s2->wpend_buf != buf) &&
- !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)))
- {
- SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
- return(-1);
- }
-
- for (;;)
- {
- clear_sys_error();
- if (s->wbio != NULL)
- {
- s->rwstate=SSL_WRITING;
- i=BIO_write(s->wbio,
- (char *)&(s->s2->write_ptr[s->s2->wpend_off]),
- (unsigned int)s->s2->wpend_len);
- }
- else
- {
- SSLerr(SSL_F_WRITE_PENDING,SSL_R_WRITE_BIO_NOT_SET);
- i= -1;
- }
-#ifdef PKT_DEBUG
- if (s->debug & 0x01) sleep(1);
-#endif
- if (i == s->s2->wpend_len)
- {
- s->s2->wpend_len=0;
- s->rwstate=SSL_NOTHING;
- return(s->s2->wpend_ret);
- }
- else if (i <= 0)
- return(i);
- s->s2->wpend_off+=i;
- s->s2->wpend_len-=i;
- }
- }
-
-static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
- {
- unsigned int j,k,olen,p,mac_size,bs;
- register unsigned char *pp;
-
- olen=len;
-
- /* first check if there is data from an encryption waiting to
- * be sent - it must be sent because the other end is waiting.
- * This will happen with non-blocking IO. We print it and then
- * return.
- */
- if (s->s2->wpend_len != 0) return(write_pending(s,buf,len));
-
- /* set mac_size to mac size */
- if (s->s2->clear_text)
- mac_size=0;
- else
- mac_size=EVP_MD_size(s->write_hash);
-
- /* lets set the pad p */
- if (s->s2->clear_text)
- {
- if (len > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
- len=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
- p=0;
- s->s2->three_byte_header=0;
- /* len=len; */
- }
- else
- {
- bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
- j=len+mac_size;
- /* Two-byte headers allow for a larger record length than
- * three-byte headers, but we can't use them if we need
- * padding or if we have to set the escape bit. */
- if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
- (!s->s2->escape))
- {
- if (j > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER)
- j=SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER;
- /* set k to the max number of bytes with 2
- * byte header */
- k=j-(j%bs);
- /* how many data bytes? */
- len=k-mac_size;
- s->s2->three_byte_header=0;
- p=0;
- }
- else if ((bs <= 1) && (!s->s2->escape))
- {
- /* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
- * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
- s->s2->three_byte_header=0;
- p=0;
- }
- else /* we may have to use a 3 byte header */
- {
- /* If s->s2->escape is not set, then
- * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
- * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
- p=(j%bs);
- p=(p == 0)?0:(bs-p);
- if (s->s2->escape)
- {
- s->s2->three_byte_header=1;
- if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
- }
- else
- s->s2->three_byte_header=(p == 0)?0:1;
- }
- }
-
- /* Now
- * j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
- * holds, and if s->s2->three_byte_header is set, then even
- * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
- */
-
- /* mac_size is the number of MAC bytes
- * len is the number of data bytes we are going to send
- * p is the number of padding bytes
- * (if it is a two-byte header, then p == 0) */
-
- s->s2->wlength=len;
- s->s2->padding=p;
- s->s2->mac_data= &(s->s2->wbuf[3]);
- s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);
- /* we copy the data into s->s2->wbuf */
- memcpy(s->s2->wact_data,buf,len);
- if (p)
- memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */
-
- if (!s->s2->clear_text)
- {
- s->s2->wact_data_length=len+p;
- ssl2_mac(s,s->s2->mac_data,1);
- s->s2->wlength+=p+mac_size;
- ssl2_enc(s,1);
- }
-
- /* package up the header */
- s->s2->wpend_len=s->s2->wlength;
- if (s->s2->three_byte_header) /* 3 byte header */
- {
- pp=s->s2->mac_data;
- pp-=3;
- pp[0]=(s->s2->wlength>>8)&(THREE_BYTE_MASK>>8);
- if (s->s2->escape) pp[0]|=SEC_ESC_BIT;
- pp[1]=s->s2->wlength&0xff;
- pp[2]=s->s2->padding;
- s->s2->wpend_len+=3;
- }
- else
- {
- pp=s->s2->mac_data;
- pp-=2;
- pp[0]=((s->s2->wlength>>8)&(TWO_BYTE_MASK>>8))|TWO_BYTE_BIT;
- pp[1]=s->s2->wlength&0xff;
- s->s2->wpend_len+=2;
- }
- s->s2->write_ptr=pp;
-
- INC32(s->s2->write_sequence); /* expect next number */
-
- /* lets try to actually write the data */
- s->s2->wpend_tot=olen;
- s->s2->wpend_buf=buf;
-
- s->s2->wpend_ret=len;
-
- s->s2->wpend_off=0;
- return(write_pending(s,buf,olen));
- }
-
-int ssl2_part_read(SSL *s, unsigned long f, int i)
- {
- unsigned char *p;
- int j;
-
- if (i < 0)
- {
- /* ssl2_return_error(s); */
- /* for non-blocking io,
- * this is not necessarily fatal */
- return(i);
- }
- else
- {
- s->init_num+=i;
-
- /* Check for error. While there are recoverable errors,
- * this function is not called when those must be expected;
- * any error detected here is fatal. */
- if (s->init_num >= 3)
- {
- p=(unsigned char *)s->init_buf->data;
- if (p[0] == SSL2_MT_ERROR)
- {
- j=(p[1]<<8)|p[2];
- SSLerr((int)f,ssl_mt_error(j));
- s->init_num -= 3;
- if (s->init_num > 0)
- memmove(p, p+3, s->init_num);
- }
- }
-
- /* If it's not an error message, we have some error anyway --
- * the message was shorter than expected. This too is treated
- * as fatal (at least if SSL_get_error is asked for its opinion). */
- return(0);
- }
- }
-
-int ssl2_do_write(SSL *s)
- {
- int ret;
-
- ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);
- if (ret == s->init_num)
- {
- if (s->msg_callback)
- s->msg_callback(1, s->version, 0, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
- return(1);
- }
- if (ret < 0)
- return(-1);
- s->init_off+=ret;
- s->init_num-=ret;
- return(0);
- }
-
-static int ssl_mt_error(int n)
- {
- int ret;
-
- switch (n)
- {
- case SSL2_PE_NO_CIPHER:
- ret=SSL_R_PEER_ERROR_NO_CIPHER;
- break;
- case SSL2_PE_NO_CERTIFICATE:
- ret=SSL_R_PEER_ERROR_NO_CERTIFICATE;
- break;
- case SSL2_PE_BAD_CERTIFICATE:
- ret=SSL_R_PEER_ERROR_CERTIFICATE;
- break;
- case SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE:
- ret=SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE;
- break;
- default:
- ret=SSL_R_UNKNOWN_REMOTE_ERROR_TYPE;
- break;
- }
- return(ret);
- }
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/ssl/s2_srvr.c b/crypto/openssl/ssl/s2_srvr.c
deleted file mode 100644
index 27d71a2..0000000
--- a/crypto/openssl/ssl/s2_srvr.c
+++ /dev/null
@@ -1,1143 +0,0 @@
-/* ssl/s2_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include "ssl_locl.h"
-#ifndef OPENSSL_NO_SSL2
-#include <stdio.h>
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static SSL_METHOD *ssl2_get_server_method(int ver);
-static int get_client_master_key(SSL *s);
-static int get_client_hello(SSL *s);
-static int server_hello(SSL *s);
-static int get_client_finished(SSL *s);
-static int server_verify(SSL *s);
-static int server_finish(SSL *s);
-static int request_certificate(SSL *s);
-static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
- unsigned char *to,int padding);
-#define BREAK break
-
-static SSL_METHOD *ssl2_get_server_method(int ver)
- {
- if (ver == SSL2_VERSION)
- return(SSLv2_server_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl2_meth_func(SSLv2_server_method,
- ssl2_accept,
- ssl_undefined_function,
- ssl2_get_server_method)
-
-int ssl2_accept(SSL *s)
- {
- unsigned long l=(unsigned long)time(NULL);
- BUF_MEM *buf=NULL;
- int ret= -1;
- long num1;
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int new_state,state;
-
- RAND_add(&l,sizeof(l),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- /* init things to blank */
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- if (s->cert == NULL)
- {
- SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
- return(-1);
- }
-
- clear_sys_error();
- for (;;)
- {
- state=s->state;
-
- switch (s->state)
- {
- case SSL_ST_BEFORE:
- case SSL_ST_ACCEPT:
- case SSL_ST_BEFORE|SSL_ST_ACCEPT:
- case SSL_ST_OK|SSL_ST_ACCEPT:
-
- s->server=1;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- s->version=SSL2_VERSION;
- s->type=SSL_ST_ACCEPT;
-
- buf=s->init_buf;
- if ((buf == NULL) && ((buf=BUF_MEM_new()) == NULL))
- { ret= -1; goto end; }
- if (!BUF_MEM_grow(buf,(int)
- SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
- { ret= -1; goto end; }
- s->init_buf=buf;
- s->init_num=0;
- s->ctx->stats.sess_accept++;
- s->handshake_func=ssl2_accept;
- s->state=SSL2_ST_GET_CLIENT_HELLO_A;
- BREAK;
-
- case SSL2_ST_GET_CLIENT_HELLO_A:
- case SSL2_ST_GET_CLIENT_HELLO_B:
- case SSL2_ST_GET_CLIENT_HELLO_C:
- s->shutdown=0;
- ret=get_client_hello(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_SEND_SERVER_HELLO_A;
- BREAK;
-
- case SSL2_ST_SEND_SERVER_HELLO_A:
- case SSL2_ST_SEND_SERVER_HELLO_B:
- ret=server_hello(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- if (!s->hit)
- {
- s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_A;
- BREAK;
- }
- else
- {
- s->state=SSL2_ST_SERVER_START_ENCRYPTION;
- BREAK;
- }
- case SSL2_ST_GET_CLIENT_MASTER_KEY_A:
- case SSL2_ST_GET_CLIENT_MASTER_KEY_B:
- ret=get_client_master_key(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_SERVER_START_ENCRYPTION;
- BREAK;
-
- case SSL2_ST_SERVER_START_ENCRYPTION:
- /* Ok we how have sent all the stuff needed to
- * start encrypting, the next packet back will
- * be encrypted. */
- if (!ssl2_enc_init(s,0))
- { ret= -1; goto end; }
- s->s2->clear_text=0;
- s->state=SSL2_ST_SEND_SERVER_VERIFY_A;
- BREAK;
-
- case SSL2_ST_SEND_SERVER_VERIFY_A:
- case SSL2_ST_SEND_SERVER_VERIFY_B:
- ret=server_verify(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- if (s->hit)
- {
- /* If we are in here, we have been
- * buffering the output, so we need to
- * flush it and remove buffering from
- * future traffic */
- s->state=SSL2_ST_SEND_SERVER_VERIFY_C;
- BREAK;
- }
- else
- {
- s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
- break;
- }
-
- case SSL2_ST_SEND_SERVER_VERIFY_C:
- /* get the number of bytes to write */
- num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
- if (num1 != 0)
- {
- s->rwstate=SSL_WRITING;
- num1=BIO_flush(s->wbio);
- if (num1 <= 0) { ret= -1; goto end; }
- s->rwstate=SSL_NOTHING;
- }
-
- /* flushed and now remove buffering */
- s->wbio=BIO_pop(s->wbio);
-
- s->state=SSL2_ST_GET_CLIENT_FINISHED_A;
- BREAK;
-
- case SSL2_ST_GET_CLIENT_FINISHED_A:
- case SSL2_ST_GET_CLIENT_FINISHED_B:
- ret=get_client_finished(s);
- if (ret <= 0)
- goto end;
- s->init_num=0;
- s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_A;
- BREAK;
-
- case SSL2_ST_SEND_REQUEST_CERTIFICATE_A:
- case SSL2_ST_SEND_REQUEST_CERTIFICATE_B:
- case SSL2_ST_SEND_REQUEST_CERTIFICATE_C:
- case SSL2_ST_SEND_REQUEST_CERTIFICATE_D:
- /* don't do a 'request certificate' if we
- * don't want to, or we already have one, and
- * we only want to do it once. */
- if (!(s->verify_mode & SSL_VERIFY_PEER) ||
- ((s->session->peer != NULL) &&
- (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))
- {
- s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
- break;
- }
- else
- {
- ret=request_certificate(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL2_ST_SEND_SERVER_FINISHED_A;
- }
- BREAK;
-
- case SSL2_ST_SEND_SERVER_FINISHED_A:
- case SSL2_ST_SEND_SERVER_FINISHED_B:
- ret=server_finish(s);
- if (ret <= 0) goto end;
- s->init_num=0;
- s->state=SSL_ST_OK;
- break;
-
- case SSL_ST_OK:
- BUF_MEM_free(s->init_buf);
- ssl_free_wbio_buffer(s);
- s->init_buf=NULL;
- s->init_num=0;
- /* ERR_clear_error();*/
-
- ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
- s->ctx->stats.sess_accept_good++;
- /* s->server=1; */
- ret=1;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
- goto end;
- /* BREAK; */
-
- default:
- SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* BREAK; */
- }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_ACCEPT_LOOP,1);
- s->state=new_state;
- }
- }
-end:
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_ACCEPT_EXIT,ret);
- return(ret);
- }
-
-static int get_client_master_key(SSL *s)
- {
- int is_export,i,n,keya,ek;
- unsigned long len;
- unsigned char *p;
- SSL_CIPHER *cp;
- const EVP_CIPHER *c;
- const EVP_MD *md;
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A)
- {
- i=ssl2_read(s,(char *)&(p[s->init_num]),10-s->init_num);
-
- if (i < (10-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
- s->init_num = 10;
-
- if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY)
- {
- if (p[-1] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
- return(-1);
- }
-
- cp=ssl2_get_cipher_by_char(p);
- if (cp == NULL)
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
- return(-1);
- }
- s->session->cipher= cp;
-
- p+=3;
- n2s(p,i); s->s2->tmp.clear=i;
- n2s(p,i); s->s2->tmp.enc=i;
- n2s(p,i); s->session->key_arg_length=i;
- if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
- return -1;
- }
- s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
- }
-
- /* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
- p=(unsigned char *)s->init_buf->data;
- if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- keya=s->session->key_arg_length;
- len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
- if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
- return -1;
- }
- n = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),n);
- if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-MASTER-KEY */
- p += 10;
-
- memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
- (unsigned int)keya);
-
- if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
- return(-1);
- }
- i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
- &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
-
- is_export=SSL_C_IS_EXPORT(s->session->cipher);
-
- if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
- {
- ssl2_return_error(s,SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
- return(0);
- }
-
- if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
- {
- is_export=1;
- ek=8;
- }
- else
- ek=5;
-
- /* bad decrypt */
-#if 1
- /* If a bad decrypt, continue with protocol but with a
- * random master secret (Bleichenbacher attack) */
- if ((i < 0) ||
- ((!is_export && (i != EVP_CIPHER_key_length(c)))
- || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
- (unsigned int)EVP_CIPHER_key_length(c))))))
- {
- ERR_clear_error();
- if (is_export)
- i=ek;
- else
- i=EVP_CIPHER_key_length(c);
- if (RAND_pseudo_bytes(p,i) <= 0)
- return 0;
- }
-#else
- if (i < 0)
- {
- error=1;
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT);
- }
- /* incorrect number of key bytes for non export cipher */
- else if ((!is_export && (i != EVP_CIPHER_key_length(c)))
- || (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
- EVP_CIPHER_key_length(c)))))
- {
- error=1;
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_WRONG_NUMBER_OF_KEY_BITS);
- }
- if (error)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
-#endif
-
- if (is_export) i+=s->s2->tmp.clear;
-
- if (i > SSL_MAX_MASTER_KEY_LENGTH)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- s->session->master_key_length=i;
- memcpy(s->session->master_key,p,(unsigned int)i);
- return(1);
- }
-
-static int get_client_hello(SSL *s)
- {
- int i,n;
- unsigned long len;
- unsigned char *p;
- STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
- STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
- STACK_OF(SSL_CIPHER) *prio, *allow;
- int z;
-
- /* This is a bit of a hack to check for the correct packet
- * type the first time round. */
- if (s->state == SSL2_ST_GET_CLIENT_HELLO_A)
- {
- s->first_packet=1;
- s->state=SSL2_ST_GET_CLIENT_HELLO_B;
- }
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_GET_CLIENT_HELLO_B)
- {
- i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num);
- if (i < (9-s->init_num))
- return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
- s->init_num = 9;
-
- if (*(p++) != SSL2_MT_CLIENT_HELLO)
- {
- if (p[-1] != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_PEER_ERROR);
- return(-1);
- }
- n2s(p,i);
- if (i < s->version) s->version=i;
- n2s(p,i); s->s2->tmp.cipher_spec_length=i;
- n2s(p,i); s->s2->tmp.session_id_length=i;
- n2s(p,i); s->s2->challenge_length=i;
- if ( (i < SSL2_MIN_CHALLENGE_LENGTH) ||
- (i > SSL2_MAX_CHALLENGE_LENGTH))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
- return(-1);
- }
- s->state=SSL2_ST_GET_CLIENT_HELLO_C;
- }
-
- /* SSL2_ST_GET_CLIENT_HELLO_C */
- p=(unsigned char *)s->init_buf->data;
- len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
- if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
- return -1;
- }
- n = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),n);
- if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-HELLO */
- p += 9;
-
- /* get session-id before cipher stuff so we can get out session
- * structure if it is cached */
- /* session-id */
- if ((s->s2->tmp.session_id_length != 0) &&
- (s->s2->tmp.session_id_length != SSL2_SSL_SESSION_ID_LENGTH))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_BAD_SSL_SESSION_ID_LENGTH);
- return(-1);
- }
-
- if (s->s2->tmp.session_id_length == 0)
- {
- if (!ssl_get_new_session(s,1))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
- else
- {
- i=ssl_get_prev_session(s,&(p[s->s2->tmp.cipher_spec_length]),
- s->s2->tmp.session_id_length);
- if (i == 1)
- { /* previous session */
- s->hit=1;
- }
- else if (i == -1)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- else
- {
- if (s->cert == NULL)
- {
- ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
- SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_NO_CERTIFICATE_SET);
- return(-1);
- }
-
- if (!ssl_get_new_session(s,1))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- return(-1);
- }
- }
- }
-
- if (!s->hit)
- {
- cs=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.cipher_spec_length,
- &s->session->ciphers);
- if (cs == NULL) goto mem_err;
-
- cl=SSL_get_ciphers(s);
-
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
- {
- prio=sk_SSL_CIPHER_dup(cl);
- if (prio == NULL) goto mem_err;
- allow = cs;
- }
- else
- {
- prio = cs;
- allow = cl;
- }
- for (z=0; z<sk_SSL_CIPHER_num(prio); z++)
- {
- if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0)
- {
- sk_SSL_CIPHER_delete(prio,z);
- z--;
- }
- }
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
- {
- sk_SSL_CIPHER_free(s->session->ciphers);
- s->session->ciphers = prio;
- }
- /* s->session->ciphers should now have a list of
- * ciphers that are on both the client and server.
- * This list is ordered by the order the client sent
- * the ciphers or in the order of the server's preference
- * if SSL_OP_CIPHER_SERVER_PREFERENCE was set.
- */
- }
- p+=s->s2->tmp.cipher_spec_length;
- /* done cipher selection */
-
- /* session id extracted already */
- p+=s->s2->tmp.session_id_length;
-
- /* challenge */
- if (s->s2->challenge_length > sizeof s->s2->challenge)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
- return(1);
-mem_err:
- SSLerr(SSL_F_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-static int server_hello(SSL *s)
- {
- unsigned char *p,*d;
- int n,hit;
- STACK_OF(SSL_CIPHER) *sk;
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_SEND_SERVER_HELLO_A)
- {
- d=p+11;
- *(p++)=SSL2_MT_SERVER_HELLO; /* type */
- hit=s->hit;
- *(p++)=(unsigned char)hit;
-#if 1
- if (!hit)
- {
- if (s->session->sess_cert != NULL)
- /* This can't really happen because get_client_hello
- * has called ssl_get_new_session, which does not set
- * sess_cert. */
- ssl_sess_cert_free(s->session->sess_cert);
- s->session->sess_cert = ssl_sess_cert_new();
- if (s->session->sess_cert == NULL)
- {
- SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
- return(-1);
- }
- }
- /* If 'hit' is set, then s->sess_cert may be non-NULL or NULL,
- * depending on whether it survived in the internal cache
- * or was retrieved from an external cache.
- * If it is NULL, we cannot put any useful data in it anyway,
- * so we don't touch it.
- */
-
-#else /* That's what used to be done when cert_st and sess_cert_st were
- * the same. */
- if (!hit)
- { /* else add cert to session */
- CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);
- if (s->session->sess_cert != NULL)
- ssl_cert_free(s->session->sess_cert);
- s->session->sess_cert=s->cert;
- }
- else /* We have a session id-cache hit, if the
- * session-id has no certificate listed against
- * the 'cert' structure, grab the 'old' one
- * listed against the SSL connection */
- {
- if (s->session->sess_cert == NULL)
- {
- CRYPTO_add(&s->cert->references,1,
- CRYPTO_LOCK_SSL_CERT);
- s->session->sess_cert=s->cert;
- }
- }
-#endif
-
- if (s->cert == NULL)
- {
- ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
- SSLerr(SSL_F_SERVER_HELLO,SSL_R_NO_CERTIFICATE_SPECIFIED);
- return(-1);
- }
-
- if (hit)
- {
- *(p++)=0; /* no certificate type */
- s2n(s->version,p); /* version */
- s2n(0,p); /* cert len */
- s2n(0,p); /* ciphers len */
- }
- else
- {
- /* EAY EAY */
- /* put certificate type */
- *(p++)=SSL2_CT_X509_CERTIFICATE;
- s2n(s->version,p); /* version */
- n=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
- s2n(n,p); /* certificate length */
- i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&d);
- n=0;
-
- /* lets send out the ciphers we like in the
- * prefered order */
- sk= s->session->ciphers;
- n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0);
- d+=n;
- s2n(n,p); /* add cipher length */
- }
-
- /* make and send conn_id */
- s2n(SSL2_CONNECTION_ID_LENGTH,p); /* add conn_id length */
- s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
- if (RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length) <= 0)
- return -1;
- memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
- d+=SSL2_CONNECTION_ID_LENGTH;
-
- s->state=SSL2_ST_SEND_SERVER_HELLO_B;
- s->init_num=d-(unsigned char *)s->init_buf->data;
- s->init_off=0;
- }
- /* SSL2_ST_SEND_SERVER_HELLO_B */
- /* If we are using TCP/IP, the performance is bad if we do 2
- * writes without a read between them. This occurs when
- * Session-id reuse is used, so I will put in a buffering module
- */
- if (s->hit)
- {
- if (!ssl_init_wbio_buffer(s,1)) return(-1);
- }
-
- return(ssl2_do_write(s));
- }
-
-static int get_client_finished(SSL *s)
- {
- unsigned char *p;
- int i, n;
- unsigned long len;
-
- p=(unsigned char *)s->init_buf->data;
- if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)
- {
- i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
- if (i < 1-s->init_num)
- return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
- s->init_num += i;
-
- if (*p != SSL2_MT_CLIENT_FINISHED)
- {
- if (*p != SSL2_MT_ERROR)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
- }
- else
- {
- SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);
- /* try to read the error message */
- i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
- return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
- }
- return(-1);
- }
- s->state=SSL2_ST_GET_CLIENT_FINISHED_B;
- }
-
- /* SSL2_ST_GET_CLIENT_FINISHED_B */
- if (s->s2->conn_id_length > sizeof s->s2->conn_id)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- len = 1 + (unsigned long)s->s2->conn_id_length;
- n = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),n);
- if (i < n)
- {
- return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
- }
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */
- p += 1;
- if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0)
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
- return(-1);
- }
- return(1);
- }
-
-static int server_verify(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL2_ST_SEND_SERVER_VERIFY_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_SERVER_VERIFY;
- if (s->s2->challenge_length > sizeof s->s2->challenge)
- {
- SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
- /* p+=s->s2->challenge_length; */
-
- s->state=SSL2_ST_SEND_SERVER_VERIFY_B;
- s->init_num=s->s2->challenge_length+1;
- s->init_off=0;
- }
- return(ssl2_do_write(s));
- }
-
-static int server_finish(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL2_ST_SEND_SERVER_FINISHED_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_SERVER_FINISHED;
-
- if (s->session->session_id_length > sizeof s->session->session_id)
- {
- SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
- /* p+=s->session->session_id_length; */
-
- s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
- s->init_num=s->session->session_id_length+1;
- s->init_off=0;
- }
-
- /* SSL2_ST_SEND_SERVER_FINISHED_B */
- return(ssl2_do_write(s));
- }
-
-/* send the request and check the response */
-static int request_certificate(SSL *s)
- {
- const unsigned char *cp;
- unsigned char *p,*p2,*buf2;
- unsigned char *ccd;
- int i,j,ctype,ret= -1;
- unsigned long len;
- X509 *x509=NULL;
- STACK_OF(X509) *sk=NULL;
-
- ccd=s->s2->tmp.ccl;
- if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL2_MT_REQUEST_CERTIFICATE;
- *(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
- if (RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH) <= 0)
- return -1;
- memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
-
- s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
- s->init_num=SSL2_MIN_CERT_CHALLENGE_LENGTH+2;
- s->init_off=0;
- }
-
- if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_B)
- {
- i=ssl2_do_write(s);
- if (i <= 0)
- {
- ret=i;
- goto end;
- }
-
- s->init_num=0;
- s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_C;
- }
-
- if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C)
- {
- p=(unsigned char *)s->init_buf->data;
- i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to read 6 octets ... */
- if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3
- * (probably NO-CERTIFICATE-ERROR) */
- {
- ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
- goto end;
- }
- s->init_num += i;
-
- if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR))
- {
- n2s(p,i);
- if (i != SSL2_PE_NO_CERTIFICATE)
- {
- /* not the error message we expected -- let ssl2_part_read handle it */
- s->init_num -= 3;
- ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3);
- goto end;
- }
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, 3, s, s->msg_callback_arg); /* ERROR */
-
- /* this is the one place where we can recover from an SSL 2.0 error */
-
- if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
- {
- ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
- SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- goto end;
- }
- ret=1;
- goto end;
- }
- if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6))
- {
- ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
- SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ);
- goto end;
- }
- if (s->init_num != 6)
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR);
- goto end;
- }
-
- /* ok we have a response */
- /* certificate type, there is only one right now. */
- ctype= *(p++);
- if (ctype != SSL2_AT_MD5_WITH_RSA_ENCRYPTION)
- {
- ssl2_return_error(s,SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE);
- SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_RESPONSE_ARGUMENT);
- goto end;
- }
- n2s(p,i); s->s2->tmp.clen=i;
- n2s(p,i); s->s2->tmp.rlen=i;
- s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
- }
-
- /* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
- p=(unsigned char *)s->init_buf->data;
- len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
- if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
- goto end;
- }
- j = (int)len - s->init_num;
- i = ssl2_read(s,(char *)&(p[s->init_num]),j);
- if (i < j)
- {
- ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
- goto end;
- }
- if (s->msg_callback)
- s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */
- p += 6;
-
- cp = p;
- x509=(X509 *)d2i_X509(NULL,&cp,(long)s->s2->tmp.clen);
- if (x509 == NULL)
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_X509_LIB);
- goto msg_end;
- }
-
- if (((sk=sk_X509_new_null()) == NULL) || (!sk_X509_push(sk,x509)))
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto msg_end;
- }
-
- i=ssl_verify_cert_chain(s,sk);
-
- if (i) /* we like the packet, now check the chksum */
- {
- EVP_MD_CTX ctx;
- EVP_PKEY *pkey=NULL;
-
- EVP_MD_CTX_init(&ctx);
- EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
- EVP_VerifyUpdate(&ctx,s->s2->key_material,
- s->s2->key_material_length);
- EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
-
- i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
- buf2=OPENSSL_malloc((unsigned int)i);
- if (buf2 == NULL)
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto msg_end;
- }
- p2=buf2;
- i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
- EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
- OPENSSL_free(buf2);
-
- pkey=X509_get_pubkey(x509);
- if (pkey == NULL) goto end;
- i=EVP_VerifyFinal(&ctx,cp,s->s2->tmp.rlen,pkey);
- EVP_PKEY_free(pkey);
- EVP_MD_CTX_cleanup(&ctx);
-
- if (i)
- {
- if (s->session->peer != NULL)
- X509_free(s->session->peer);
- s->session->peer=x509;
- CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
- s->session->verify_result = s->verify_result;
- ret=1;
- goto end;
- }
- else
- {
- SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_BAD_CHECKSUM);
- goto msg_end;
- }
- }
- else
- {
-msg_end:
- ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
- }
-end:
- sk_X509_free(sk);
- X509_free(x509);
- return(ret);
- }
-
-static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
- unsigned char *to, int padding)
- {
- RSA *rsa;
- int i;
-
- if ((c == NULL) || (c->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL))
- {
- SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_NO_PRIVATEKEY);
- return(-1);
- }
- if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey->type != EVP_PKEY_RSA)
- {
- SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,SSL_R_PUBLIC_KEY_IS_NOT_RSA);
- return(-1);
- }
- rsa=c->pkeys[SSL_PKEY_RSA_ENC].privatekey->pkey.rsa;
-
- /* we have the public key */
- i=RSA_private_decrypt(len,from,to,rsa,padding);
- if (i < 0)
- SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
- return(i);
- }
-#else /* !OPENSSL_NO_SSL2 */
-
-# if PEDANTIC
-static void *dummy=&dummy;
-# endif
-
-#endif
diff --git a/crypto/openssl/ssl/s3_both.c b/crypto/openssl/ssl/s3_both.c
deleted file mode 100644
index 2ecfbb7..0000000
--- a/crypto/openssl/ssl/s3_both.c
+++ /dev/null
@@ -1,622 +0,0 @@
-/* ssl/s3_both.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <limits.h>
-#include <string.h>
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
-int ssl3_do_write(SSL *s, int type)
- {
- int ret;
-
- ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
- s->init_num);
- if (ret < 0) return(-1);
- if (type == SSL3_RT_HANDSHAKE)
- /* should not be done for 'Hello Request's, but in that case
- * we'll ignore the result anyway */
- ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
-
- if (ret == s->init_num)
- {
- if (s->msg_callback)
- s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
- return(1);
- }
- s->init_off+=ret;
- s->init_num-=ret;
- return(0);
- }
-
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
- {
- unsigned char *p,*d;
- int i;
- unsigned long l;
-
- if (s->state == a)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
-
- i=s->method->ssl3_enc->final_finish_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->finish_dgst2),
- sender,slen,s->s3->tmp.finish_md);
- s->s3->tmp.finish_md_len = i;
- memcpy(p, s->s3->tmp.finish_md, i);
- p+=i;
- l=i;
-
-#ifdef OPENSSL_SYS_WIN16
- /* MSVC 1.5 does not clear the top bytes of the word unless
- * I do this.
- */
- l&=0xffff;
-#endif
-
- *(d++)=SSL3_MT_FINISHED;
- l2n3(l,d);
- s->init_num=(int)l+4;
- s->init_off=0;
-
- s->state=b;
- }
-
- /* SSL3_ST_SEND_xxxxxx_HELLO_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int ssl3_get_finished(SSL *s, int a, int b)
- {
- int al,i,ok;
- long n;
- unsigned char *p;
-
- /* the mac has already been generated when we received the
- * change cipher spec message and is in s->s3->tmp.peer_finish_md
- */
-
- n=s->method->ssl_get_message(s,
- a,
- b,
- SSL3_MT_FINISHED,
- 64, /* should actually be 36+4 :-) */
- &ok);
-
- if (!ok) return((int)n);
-
- /* If this occurs, we have missed a message */
- if (!s->s3->change_cipher_spec)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
- goto f_err;
- }
- s->s3->change_cipher_spec=0;
-
- p = (unsigned char *)s->init_msg;
- i = s->s3->tmp.peer_finish_md_len;
-
- if (i != n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
- goto f_err;
- }
-
- if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
- {
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
- goto f_err;
- }
-
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- return(0);
- }
-
-/* for these 2 messages, we need to
- * ssl->enc_read_ctx re-init
- * ssl->s3->read_sequence zero
- * ssl->s3->read_mac_secret re-init
- * ssl->session->read_sym_enc assign
- * ssl->session->read_compression assign
- * ssl->session->read_hash assign
- */
-int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
- {
- unsigned char *p;
-
- if (s->state == a)
- {
- p=(unsigned char *)s->init_buf->data;
- *p=SSL3_MT_CCS;
- s->init_num=1;
- s->init_off=0;
-
- s->state=b;
- }
-
- /* SSL3_ST_CW_CHANGE_B */
- return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
- }
-
-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
- {
- unsigned char *p;
- int n,i;
- unsigned long l=7;
- BUF_MEM *buf;
- X509_STORE_CTX xs_ctx;
- X509_OBJECT obj;
-
- int no_chain;
-
- if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
- no_chain = 1;
- else
- no_chain = 0;
-
- /* TLSv1 sends a chain with nothing in it, instead of an alert */
- buf=s->init_buf;
- if (!BUF_MEM_grow_clean(buf,10))
- {
- SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
- return(0);
- }
- if (x != NULL)
- {
- if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
- {
- SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
- return(0);
- }
-
- for (;;)
- {
- n=i2d_X509(x,NULL);
- if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
- {
- SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
- return(0);
- }
- p=(unsigned char *)&(buf->data[l]);
- l2n3(n,p);
- i2d_X509(x,&p);
- l+=n+3;
-
- if (no_chain)
- break;
-
- if (X509_NAME_cmp(X509_get_subject_name(x),
- X509_get_issuer_name(x)) == 0) break;
-
- i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
- X509_get_issuer_name(x),&obj);
- if (i <= 0) break;
- x=obj.data.x509;
- /* Count is one too high since the X509_STORE_get uped the
- * ref count */
- X509_free(x);
- }
- if (!no_chain)
- X509_STORE_CTX_cleanup(&xs_ctx);
- }
-
- /* Thawte special :-) */
- if (s->ctx->extra_certs != NULL)
- for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
- {
- x=sk_X509_value(s->ctx->extra_certs,i);
- n=i2d_X509(x,NULL);
- if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
- {
- SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
- return(0);
- }
- p=(unsigned char *)&(buf->data[l]);
- l2n3(n,p);
- i2d_X509(x,&p);
- l+=n+3;
- }
-
- l-=7;
- p=(unsigned char *)&(buf->data[4]);
- l2n3(l,p);
- l+=3;
- p=(unsigned char *)&(buf->data[0]);
- *(p++)=SSL3_MT_CERTIFICATE;
- l2n3(l,p);
- l+=4;
- return(l);
- }
-
-/* Obtain handshake message of message type 'mt' (any if mt == -1),
- * maximum acceptable body length 'max'.
- * The first four bytes (msg_type and length) are read in state 'st1',
- * the body is read in state 'stn'.
- */
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
- {
- unsigned char *p;
- unsigned long l;
- long n;
- int i,al;
-
- if (s->s3->tmp.reuse_message)
- {
- s->s3->tmp.reuse_message=0;
- if ((mt >= 0) && (s->s3->tmp.message_type != mt))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
- }
- *ok=1;
- s->init_msg = s->init_buf->data + 4;
- s->init_num = (int)s->s3->tmp.message_size;
- return s->init_num;
- }
-
- p=(unsigned char *)s->init_buf->data;
-
- if (s->state == st1) /* s->init_num < 4 */
- {
- int skip_message;
-
- do
- {
- while (s->init_num < 4)
- {
- i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- &p[s->init_num],4 - s->init_num, 0);
- if (i <= 0)
- {
- s->rwstate=SSL_READING;
- *ok = 0;
- return i;
- }
- s->init_num+=i;
- }
-
- skip_message = 0;
- if (!s->server)
- if (p[0] == SSL3_MT_HELLO_REQUEST)
- /* The server may always send 'Hello Request' messages --
- * we are doing a handshake anyway now, so ignore them
- * if their format is correct. Does not count for
- * 'Finished' MAC. */
- if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
- {
- s->init_num = 0;
- skip_message = 1;
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
- }
- }
- while (skip_message);
-
- /* s->init_num == 4 */
-
- if ((mt >= 0) && (*p != mt))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
- }
- if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
- (st1 == SSL3_ST_SR_CERT_A) &&
- (stn == SSL3_ST_SR_CERT_B))
- {
- /* At this point we have got an MS SGC second client
- * hello (maybe we should always allow the client to
- * start a new handshake?). We need to restart the mac.
- * Don't increment {num,total}_renegotiations because
- * we have not completed the handshake. */
- ssl3_init_finished_mac(s);
- }
-
- s->s3->tmp.message_type= *(p++);
-
- n2l3(p,l);
- if (l > (unsigned long)max)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
- goto f_err;
- }
- if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
- goto f_err;
- }
- if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
- {
- SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
- goto err;
- }
- s->s3->tmp.message_size=l;
- s->state=stn;
-
- s->init_msg = s->init_buf->data + 4;
- s->init_num = 0;
- }
-
- /* next state (stn) */
- p = s->init_msg;
- n = s->s3->tmp.message_size - s->init_num;
- while (n > 0)
- {
- i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
- if (i <= 0)
- {
- s->rwstate=SSL_READING;
- *ok = 0;
- return i;
- }
- s->init_num += i;
- n -= i;
- }
- ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
- *ok=1;
- return s->init_num;
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- *ok=0;
- return(-1);
- }
-
-int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
- {
- EVP_PKEY *pk;
- int ret= -1,i;
-
- if (pkey == NULL)
- pk=X509_get_pubkey(x);
- else
- pk=pkey;
- if (pk == NULL) goto err;
-
- i=pk->type;
- if (i == EVP_PKEY_RSA)
- {
- ret=SSL_PKEY_RSA_ENC;
- }
- else if (i == EVP_PKEY_DSA)
- {
- ret=SSL_PKEY_DSA_SIGN;
- }
-#ifndef OPENSSL_NO_EC
- else if (i == EVP_PKEY_EC)
- {
- ret = SSL_PKEY_ECC;
- }
-#endif
-
-err:
- if(!pkey) EVP_PKEY_free(pk);
- return(ret);
- }
-
-int ssl_verify_alarm_type(long type)
- {
- int al;
-
- switch(type)
- {
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- case X509_V_ERR_UNABLE_TO_GET_CRL:
- case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
- al=SSL_AD_UNKNOWN_CA;
- break;
- case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
- case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
- case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
- case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_CRL_NOT_YET_VALID:
- case X509_V_ERR_CERT_UNTRUSTED:
- case X509_V_ERR_CERT_REJECTED:
- al=SSL_AD_BAD_CERTIFICATE;
- break;
- case X509_V_ERR_CERT_SIGNATURE_FAILURE:
- case X509_V_ERR_CRL_SIGNATURE_FAILURE:
- al=SSL_AD_DECRYPT_ERROR;
- break;
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_CRL_HAS_EXPIRED:
- al=SSL_AD_CERTIFICATE_EXPIRED;
- break;
- case X509_V_ERR_CERT_REVOKED:
- al=SSL_AD_CERTIFICATE_REVOKED;
- break;
- case X509_V_ERR_OUT_OF_MEM:
- al=SSL_AD_INTERNAL_ERROR;
- break;
- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
- case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
- case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
- case X509_V_ERR_CERT_CHAIN_TOO_LONG:
- case X509_V_ERR_PATH_LENGTH_EXCEEDED:
- case X509_V_ERR_INVALID_CA:
- al=SSL_AD_UNKNOWN_CA;
- break;
- case X509_V_ERR_APPLICATION_VERIFICATION:
- al=SSL_AD_HANDSHAKE_FAILURE;
- break;
- case X509_V_ERR_INVALID_PURPOSE:
- al=SSL_AD_UNSUPPORTED_CERTIFICATE;
- break;
- default:
- al=SSL_AD_CERTIFICATE_UNKNOWN;
- break;
- }
- return(al);
- }
-
-int ssl3_setup_buffers(SSL *s)
- {
- unsigned char *p;
- unsigned int extra;
- size_t len;
-
- if (s->s3->rbuf.buf == NULL)
- {
- if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
- extra=SSL3_RT_MAX_EXTRA;
- else
- extra=0;
- len = SSL3_RT_MAX_PACKET_SIZE + extra;
- if ((p=OPENSSL_malloc(len)) == NULL)
- goto err;
- s->s3->rbuf.buf = p;
- s->s3->rbuf.len = len;
- }
-
- if (s->s3->wbuf.buf == NULL)
- {
- len = SSL3_RT_MAX_PACKET_SIZE;
- len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
- if ((p=OPENSSL_malloc(len)) == NULL)
- goto err;
- s->s3->wbuf.buf = p;
- s->s3->wbuf.len = len;
- }
- s->packet= &(s->s3->rbuf.buf[0]);
- return(1);
-err:
- SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE);
- return(0);
- }
diff --git a/crypto/openssl/ssl/s3_clnt.c b/crypto/openssl/ssl/s3_clnt.c
deleted file mode 100644
index 278be82..0000000
--- a/crypto/openssl/ssl/s3_clnt.c
+++ /dev/null
@@ -1,2458 +0,0 @@
-/* ssl/s3_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-static SSL_METHOD *ssl3_get_client_method(int ver);
-static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
-
-#ifndef OPENSSL_NO_ECDH
-static int curve_id2nid(int curve_id);
-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
-#endif
-
-static SSL_METHOD *ssl3_get_client_method(int ver)
- {
- if (ver == SSL3_VERSION)
- return(SSLv3_client_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
- ssl_undefined_function,
- ssl3_connect,
- ssl3_get_client_method)
-
-int ssl3_connect(SSL *s)
- {
- BUF_MEM *buf=NULL;
- unsigned long Time=(unsigned long)time(NULL),l;
- long num1;
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- int ret= -1;
- int new_state,state,skip=0;;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- for (;;)
- {
- state=s->state;
-
- switch(s->state)
- {
- case SSL_ST_RENEGOTIATE:
- s->new_session=1;
- s->state=SSL_ST_CONNECT;
- s->ctx->stats.sess_connect_renegotiate++;
- /* break */
- case SSL_ST_BEFORE:
- case SSL_ST_CONNECT:
- case SSL_ST_BEFORE|SSL_ST_CONNECT:
- case SSL_ST_OK|SSL_ST_CONNECT:
-
- s->server=0;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- if ((s->version & 0xff00 ) != 0x0300)
- {
- SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
- ret = -1;
- goto end;
- }
-
- /* s->version=SSL3_VERSION; */
- s->type=SSL_ST_CONNECT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- buf=NULL;
- }
-
- if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
-
- /* setup buffing BIO */
- if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; }
-
- /* don't push the buffering BIO quite yet */
-
- ssl3_init_finished_mac(s);
-
- s->state=SSL3_ST_CW_CLNT_HELLO_A;
- s->ctx->stats.sess_connect++;
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_CLNT_HELLO_A:
- case SSL3_ST_CW_CLNT_HELLO_B:
-
- s->shutdown=0;
- ret=ssl3_client_hello(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_SRVR_HELLO_A;
- s->init_num=0;
-
- /* turn on buffering for the next lot of output */
- if (s->bbio != s->wbio)
- s->wbio=BIO_push(s->bbio,s->wbio);
-
- break;
-
- case SSL3_ST_CR_SRVR_HELLO_A:
- case SSL3_ST_CR_SRVR_HELLO_B:
- ret=ssl3_get_server_hello(s);
- if (ret <= 0) goto end;
- if (s->hit)
- s->state=SSL3_ST_CR_FINISHED_A;
- else
- s->state=SSL3_ST_CR_CERT_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_CERT_A:
- case SSL3_ST_CR_CERT_B:
- /* Check if it is anon DH/ECDH */
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- ret=ssl3_get_server_certificate(s);
- if (ret <= 0) goto end;
- }
- else
- skip=1;
- s->state=SSL3_ST_CR_KEY_EXCH_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_KEY_EXCH_A:
- case SSL3_ST_CR_KEY_EXCH_B:
- ret=ssl3_get_key_exchange(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_CERT_REQ_A;
- s->init_num=0;
-
- /* at this point we check that we have the
- * required stuff from the server */
- if (!ssl3_check_cert_and_algorithm(s))
- {
- ret= -1;
- goto end;
- }
- break;
-
- case SSL3_ST_CR_CERT_REQ_A:
- case SSL3_ST_CR_CERT_REQ_B:
- ret=ssl3_get_certificate_request(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CR_SRVR_DONE_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_SRVR_DONE_A:
- case SSL3_ST_CR_SRVR_DONE_B:
- ret=ssl3_get_server_done(s);
- if (ret <= 0) goto end;
- if (s->s3->tmp.cert_req)
- s->state=SSL3_ST_CW_CERT_A;
- else
- s->state=SSL3_ST_CW_KEY_EXCH_A;
- s->init_num=0;
-
- break;
-
- case SSL3_ST_CW_CERT_A:
- case SSL3_ST_CW_CERT_B:
- case SSL3_ST_CW_CERT_C:
- case SSL3_ST_CW_CERT_D:
- ret=ssl3_send_client_certificate(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_KEY_EXCH_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_KEY_EXCH_A:
- case SSL3_ST_CW_KEY_EXCH_B:
- ret=ssl3_send_client_key_exchange(s);
- if (ret <= 0) goto end;
- l=s->s3->tmp.new_cipher->algorithms;
- /* EAY EAY EAY need to check for DH fix cert
- * sent back */
- /* For TLS, cert_req is set to 2, so a cert chain
- * of nothing is sent, but no verify packet is sent */
- /* XXX: For now, we do not support client
- * authentication in ECDH cipher suites with
- * ECDH (rather than ECDSA) certificates.
- * We need to skip the certificate verify
- * message when client's ECDH public key is sent
- * inside the client certificate.
- */
- if (s->s3->tmp.cert_req == 1)
- {
- s->state=SSL3_ST_CW_CERT_VRFY_A;
- }
- else
- {
- s->state=SSL3_ST_CW_CHANGE_A;
- s->s3->change_cipher_spec=0;
- }
-
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_CERT_VRFY_A:
- case SSL3_ST_CW_CERT_VRFY_B:
- ret=ssl3_send_client_verify(s);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_CHANGE_A;
- s->init_num=0;
- s->s3->change_cipher_spec=0;
- break;
-
- case SSL3_ST_CW_CHANGE_A:
- case SSL3_ST_CW_CHANGE_B:
- ret=ssl3_send_change_cipher_spec(s,
- SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_FINISHED_A;
- s->init_num=0;
-
- s->session->cipher=s->s3->tmp.new_cipher;
-#ifdef OPENSSL_NO_COMP
- s->session->compress_meth=0;
-#else
- if (s->s3->tmp.new_compression == NULL)
- s->session->compress_meth=0;
- else
- s->session->compress_meth=
- s->s3->tmp.new_compression->id;
-#endif
- if (!s->method->ssl3_enc->setup_key_block(s))
- {
- ret= -1;
- goto end;
- }
-
- if (!s->method->ssl3_enc->change_cipher_state(s,
- SSL3_CHANGE_CIPHER_CLIENT_WRITE))
- {
- ret= -1;
- goto end;
- }
-
- break;
-
- case SSL3_ST_CW_FINISHED_A:
- case SSL3_ST_CW_FINISHED_B:
- ret=ssl3_send_finished(s,
- SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
- s->method->ssl3_enc->client_finished_label,
- s->method->ssl3_enc->client_finished_label_len);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_CW_FLUSH;
-
- /* clear flags */
- s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
- if (s->hit)
- {
- s->s3->tmp.next_state=SSL_ST_OK;
- if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
- {
- s->state=SSL_ST_OK;
- s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
- s->s3->delay_buf_pop_ret=0;
- }
- }
- else
- {
- s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
- }
- s->init_num=0;
- break;
-
- case SSL3_ST_CR_FINISHED_A:
- case SSL3_ST_CR_FINISHED_B:
-
- ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A,
- SSL3_ST_CR_FINISHED_B);
- if (ret <= 0) goto end;
-
- if (s->hit)
- s->state=SSL3_ST_CW_CHANGE_A;
- else
- s->state=SSL_ST_OK;
- s->init_num=0;
- break;
-
- case SSL3_ST_CW_FLUSH:
- /* number of bytes to be flushed */
- num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
- if (num1 > 0)
- {
- s->rwstate=SSL_WRITING;
- num1=BIO_flush(s->wbio);
- if (num1 <= 0) { ret= -1; goto end; }
- s->rwstate=SSL_NOTHING;
- }
-
- s->state=s->s3->tmp.next_state;
- break;
-
- case SSL_ST_OK:
- /* clean a few things up */
- ssl3_cleanup_key_block(s);
-
- if (s->init_buf != NULL)
- {
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
- }
-
- /* If we are not 'joining' the last two packets,
- * remove the buffering now */
- if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
- ssl_free_wbio_buffer(s);
- /* else do it later in ssl3_write */
-
- s->init_num=0;
- s->new_session=0;
-
- ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
- if (s->hit) s->ctx->stats.sess_hit++;
-
- ret=1;
- /* s->server=0; */
- s->handshake_func=ssl3_connect;
- s->ctx->stats.sess_connect_good++;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- /* did we do anything */
- if (!s->s3->tmp.reuse_message && !skip)
- {
- if (s->debug)
- {
- if ((ret=BIO_flush(s->wbio)) <= 0)
- goto end;
- }
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_CONNECT_LOOP,1);
- s->state=new_state;
- }
- }
- skip=0;
- }
-end:
- s->in_handshake--;
- if (buf != NULL)
- BUF_MEM_free(buf);
- if (cb != NULL)
- cb(s,SSL_CB_CONNECT_EXIT,ret);
- return(ret);
- }
-
-
-int ssl3_client_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i;
- unsigned long Time,l;
-#ifndef OPENSSL_NO_COMP
- int j;
- SSL_COMP *comp;
-#endif
-
- buf=(unsigned char *)s->init_buf->data;
- if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
- {
- if ((s->session == NULL) ||
- (s->session->ssl_version != s->version) ||
- (s->session->not_resumable))
- {
- if (!ssl_get_new_session(s,0))
- goto err;
- }
- /* else use the pre-loaded session */
-
- p=s->s3->client_random;
- Time=(unsigned long)time(NULL); /* Time */
- l2n(Time,p);
- if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
- goto err;
-
- /* Do the message type and length last */
- d=p= &(buf[4]);
-
- *(p++)=s->version>>8;
- *(p++)=s->version&0xff;
- s->client_version=s->version;
-
- /* Random stuff */
- memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* Session ID */
- if (s->new_session)
- i=0;
- else
- i=s->session->session_id_length;
- *(p++)=i;
- if (i != 0)
- {
- if (i > (int)sizeof(s->session->session_id))
- {
- SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- memcpy(p,s->session->session_id,i);
- p+=i;
- }
-
- /* Ciphers supported */
- i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),0);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
- goto err;
- }
- s2n(i,p);
- p+=i;
-
- /* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
- *(p++)=1;
-#else
- if (s->ctx->comp_methods == NULL)
- j=0;
- else
- j=sk_SSL_COMP_num(s->ctx->comp_methods);
- *(p++)=1+j;
- for (i=0; i<j; i++)
- {
- comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
- *(p++)=comp->id;
- }
-#endif
- *(p++)=0; /* Add the NULL method */
-
- l=(p-d);
- d=buf;
- *(d++)=SSL3_MT_CLIENT_HELLO;
- l2n3(l,d);
-
- s->state=SSL3_ST_CW_CLNT_HELLO_B;
- /* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
- }
-
- /* SSL3_ST_CW_CLNT_HELLO_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-int ssl3_get_server_hello(SSL *s)
- {
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *c;
- unsigned char *p,*d;
- int i,al,ok;
- unsigned int j;
- long n;
-#ifndef OPENSSL_NO_COMP
- SSL_COMP *comp;
-#endif
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_SRVR_HELLO_A,
- SSL3_ST_CR_SRVR_HELLO_B,
- -1,
- 300, /* ?? */
- &ok);
-
- if (!ok) return((int)n);
-
- if ( SSL_version(s) == DTLS1_VERSION)
- {
- if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
- {
- if ( s->d1->send_cookie == 0)
- {
- s->s3->tmp.reuse_message = 1;
- return 1;
- }
- else /* already sent a cookie */
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
- }
- }
- }
-
- if ( s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
- }
-
- d=p=(unsigned char *)s->init_msg;
-
- if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
- {
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION);
- s->version=(s->version&0xff00)|p[1];
- al=SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- }
- p+=2;
-
- /* load the server hello data */
- /* load the server random */
- memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* get the session-id */
- j= *(p++);
-
- if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
- goto f_err;
- }
-
- if (j != 0 && j == s->session->session_id_length
- && memcmp(p,s->session->session_id,j) == 0)
- {
- if(s->sid_ctx_length != s->session->sid_ctx_length
- || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
- {
- /* actually a client application bug */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
- goto f_err;
- }
- s->hit=1;
- }
- else /* a miss or crap from the other end */
- {
- /* If we were trying for session-id reuse, make a new
- * SSL_SESSION so we don't stuff up other people */
- s->hit=0;
- if (s->session->session_id_length > 0)
- {
- if (!ssl_get_new_session(s,0))
- {
- al=SSL_AD_INTERNAL_ERROR;
- goto f_err;
- }
- }
- s->session->session_id_length=j;
- memcpy(s->session->session_id,p,j); /* j could be 0 */
- }
- p+=j;
- c=ssl_get_cipher_by_char(s,p);
- if (c == NULL)
- {
- /* unknown cipher */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
- goto f_err;
- }
- p+=ssl_put_cipher_by_char(s,NULL,NULL);
-
- sk=ssl_get_ciphers_by_id(s);
- i=sk_SSL_CIPHER_find(sk,c);
- if (i < 0)
- {
- /* we did not say we would use this cipher */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
- goto f_err;
- }
-
- /* Depending on the session caching (internal/external), the cipher
- and/or cipher_id values may not be set. Make sure that
- cipher_id is set and use it for comparison. */
- if (s->session->cipher)
- s->session->cipher_id = s->session->cipher->id;
- if (s->hit && (s->session->cipher_id != c->id))
- {
- if (!(s->options &
- SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
- goto f_err;
- }
- }
- s->s3->tmp.new_cipher=c;
-
- /* lets get the compression algorithm */
- /* COMPRESSION */
-#ifdef OPENSSL_NO_COMP
- if (*(p++) != 0)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
- goto f_err;
- }
-#else
- j= *(p++);
- if (j == 0)
- comp=NULL;
- else
- comp=ssl3_comp_find(s->ctx->comp_methods,j);
-
- if ((j != 0) && (comp == NULL))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
- goto f_err;
- }
- else
- {
- s->s3->tmp.new_compression=comp;
- }
-#endif
-
- if (p != (d+n))
- {
- /* wrong packet length */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH);
- goto err;
- }
-
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(-1);
- }
-
-int ssl3_get_server_certificate(SSL *s)
- {
- int al,i,ok,ret= -1;
- unsigned long n,nc,llen,l;
- X509 *x=NULL;
- const unsigned char *q,*p;
- unsigned char *d;
- STACK_OF(X509) *sk=NULL;
- SESS_CERT *sc;
- EVP_PKEY *pkey=NULL;
- int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_CERT_A,
- SSL3_ST_CR_CERT_B,
- -1,
- s->max_cert_list,
- &ok);
-
- if (!ok) return((int)n);
-
- if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)
- {
- s->s3->tmp.reuse_message=1;
- return(1);
- }
-
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
- goto f_err;
- }
- p=d=(unsigned char *)s->init_msg;
-
- if ((sk=sk_X509_new_null()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- n2l3(p,llen);
- if (llen+3 != n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- for (nc=0; nc<llen; )
- {
- n2l3(p,l);
- if ((l+nc+3) > llen)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
- }
-
- q=p;
- x=d2i_X509(NULL,&q,l);
- if (x == NULL)
- {
- al=SSL_AD_BAD_CERTIFICATE;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB);
- goto f_err;
- }
- if (q != (p+l))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
- }
- if (!sk_X509_push(sk,x))
- {
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- x=NULL;
- nc+=l+3;
- p=q;
- }
-
- i=ssl_verify_cert_chain(s,sk);
- if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
-#ifndef OPENSSL_NO_KRB5
- && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
- != (SSL_aKRB5|SSL_kKRB5)
-#endif /* OPENSSL_NO_KRB5 */
- )
- {
- al=ssl_verify_alarm_type(s->verify_result);
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
- goto f_err;
- }
- ERR_clear_error(); /* but we keep s->verify_result */
-
- sc=ssl_sess_cert_new();
- if (sc == NULL) goto err;
-
- if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
- s->session->sess_cert=sc;
-
- sc->cert_chain=sk;
- /* Inconsistency alert: cert_chain does include the peer's
- * certificate, which we don't include in s3_srvr.c */
- x=sk_X509_value(sk,0);
- sk=NULL;
- /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
-
- pkey=X509_get_pubkey(x);
-
- /* VRS: allow null cert if auth == KRB5 */
- need_cert = ((s->s3->tmp.new_cipher->algorithms
- & (SSL_MKEY_MASK|SSL_AUTH_MASK))
- == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
-
-#ifdef KSSL_DEBUG
- printf("pkey,x = %p, %p\n", pkey,x);
- printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
- printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
- s->s3->tmp.new_cipher->algorithms, need_cert);
-#endif /* KSSL_DEBUG */
-
- if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
- {
- x=NULL;
- al=SSL3_AL_FATAL;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
- SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
- goto f_err;
- }
-
- i=ssl_cert_type(x,pkey);
- if (need_cert && i < 0)
- {
- x=NULL;
- al=SSL3_AL_FATAL;
- SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
- SSL_R_UNKNOWN_CERTIFICATE_TYPE);
- goto f_err;
- }
-
- if (need_cert)
- {
- sc->peer_cert_type=i;
- CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
- /* Why would the following ever happen?
- * We just created sc a couple of lines ago. */
- if (sc->peer_pkeys[i].x509 != NULL)
- X509_free(sc->peer_pkeys[i].x509);
- sc->peer_pkeys[i].x509=x;
- sc->peer_key= &(sc->peer_pkeys[i]);
-
- if (s->session->peer != NULL)
- X509_free(s->session->peer);
- CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
- s->session->peer=x;
- }
- else
- {
- sc->peer_cert_type=i;
- sc->peer_key= NULL;
-
- if (s->session->peer != NULL)
- X509_free(s->session->peer);
- s->session->peer=NULL;
- }
- s->session->verify_result = s->verify_result;
-
- x=NULL;
- ret=1;
-
- if (0)
- {
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
-err:
- EVP_PKEY_free(pkey);
- X509_free(x);
- sk_X509_pop_free(sk,X509_free);
- return(ret);
- }
-
-int ssl3_get_key_exchange(SSL *s)
- {
-#ifndef OPENSSL_NO_RSA
- unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
-#endif
- EVP_MD_CTX md_ctx;
- unsigned char *param,*p;
- int al,i,j,param_len,ok;
- long n,alg;
- EVP_PKEY *pkey=NULL;
-#ifndef OPENSSL_NO_RSA
- RSA *rsa=NULL;
-#endif
-#ifndef OPENSSL_NO_DH
- DH *dh=NULL;
-#endif
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *ecdh = NULL;
- BN_CTX *bn_ctx = NULL;
- EC_POINT *srvr_ecpoint = NULL;
- int curve_nid = 0;
- int encoded_pt_len = 0;
-#endif
-
- /* use same message size as in ssl3_get_certificate_request()
- * as ServerKeyExchange message may be skipped */
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_KEY_EXCH_A,
- SSL3_ST_CR_KEY_EXCH_B,
- -1,
- s->max_cert_list,
- &ok);
-
- if (!ok) return((int)n);
-
- if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE)
- {
- s->s3->tmp.reuse_message=1;
- return(1);
- }
-
- param=p=(unsigned char *)s->init_msg;
-
- if (s->session->sess_cert != NULL)
- {
-#ifndef OPENSSL_NO_RSA
- if (s->session->sess_cert->peer_rsa_tmp != NULL)
- {
- RSA_free(s->session->sess_cert->peer_rsa_tmp);
- s->session->sess_cert->peer_rsa_tmp=NULL;
- }
-#endif
-#ifndef OPENSSL_NO_DH
- if (s->session->sess_cert->peer_dh_tmp)
- {
- DH_free(s->session->sess_cert->peer_dh_tmp);
- s->session->sess_cert->peer_dh_tmp=NULL;
- }
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (s->session->sess_cert->peer_ecdh_tmp)
- {
- EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
- s->session->sess_cert->peer_ecdh_tmp=NULL;
- }
-#endif
- }
- else
- {
- s->session->sess_cert=ssl_sess_cert_new();
- }
-
- param_len=0;
- alg=s->s3->tmp.new_cipher->algorithms;
- EVP_MD_CTX_init(&md_ctx);
-
-#ifndef OPENSSL_NO_RSA
- if (alg & SSL_kRSA)
- {
- if ((rsa=RSA_new()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- n2s(p,i);
- param_len=i+2;
- if (param_len > n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH);
- goto f_err;
- }
- if (!(rsa->n=BN_bin2bn(p,i,rsa->n)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
-
- n2s(p,i);
- param_len+=i+2;
- if (param_len > n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH);
- goto f_err;
- }
- if (!(rsa->e=BN_bin2bn(p,i,rsa->e)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
- n-=param_len;
-
- /* this should be because we are using an export cipher */
- if (alg & SSL_aRSA)
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
- else
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- goto err;
- }
- s->session->sess_cert->peer_rsa_tmp=rsa;
- rsa=NULL;
- }
-#else /* OPENSSL_NO_RSA */
- if (0)
- ;
-#endif
-#ifndef OPENSSL_NO_DH
- else if (alg & SSL_kEDH)
- {
- if ((dh=DH_new()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- n2s(p,i);
- param_len=i+2;
- if (param_len > n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH);
- goto f_err;
- }
- if (!(dh->p=BN_bin2bn(p,i,NULL)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
-
- n2s(p,i);
- param_len+=i+2;
- if (param_len > n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH);
- goto f_err;
- }
- if (!(dh->g=BN_bin2bn(p,i,NULL)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
-
- n2s(p,i);
- param_len+=i+2;
- if (param_len > n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH);
- goto f_err;
- }
- if (!(dh->pub_key=BN_bin2bn(p,i,NULL)))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
- goto err;
- }
- p+=i;
- n-=param_len;
-
-#ifndef OPENSSL_NO_RSA
- if (alg & SSL_aRSA)
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#else
- if (0)
- ;
-#endif
-#ifndef OPENSSL_NO_DSA
- else if (alg & SSL_aDSS)
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
-#endif
- /* else anonymous DH, so no certificate or pkey. */
-
- s->session->sess_cert->peer_dh_tmp=dh;
- dh=NULL;
- }
- else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
- goto f_err;
- }
-#endif /* !OPENSSL_NO_DH */
-
-#ifndef OPENSSL_NO_ECDH
- else if (alg & SSL_kECDHE)
- {
- EC_GROUP *ngroup;
- const EC_GROUP *group;
-
- if ((ecdh=EC_KEY_new()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* Extract elliptic curve parameters and the
- * server's ephemeral ECDH public key.
- * Keep accumulating lengths of various components in
- * param_len and make sure it never exceeds n.
- */
-
- /* XXX: For now we only support named (not generic) curves
- * and the ECParameters in this case is just three bytes.
- */
- param_len=3;
- if ((param_len > n) ||
- (*p != NAMED_CURVE_TYPE) ||
- ((curve_nid = curve_id2nid(*(p + 2))) == 0))
- {
- al=SSL_AD_INTERNAL_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
- goto f_err;
- }
-
- ngroup = EC_GROUP_new_by_curve_name(curve_nid);
- if (ngroup == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
- goto err;
- }
- if (EC_KEY_set_group(ecdh, ngroup) == 0)
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
- goto err;
- }
- EC_GROUP_free(ngroup);
-
- group = EC_KEY_get0_group(ecdh);
-
- if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
- (EC_GROUP_get_degree(group) > 163))
- {
- al=SSL_AD_EXPORT_RESTRICTION;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
- goto f_err;
- }
-
- p+=3;
-
- /* Next, get the encoded ECPoint */
- if (((srvr_ecpoint = EC_POINT_new(group)) == NULL) ||
- ((bn_ctx = BN_CTX_new()) == NULL))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- encoded_pt_len = *p; /* length of encoded point */
- p+=1;
- param_len += (1 + encoded_pt_len);
- if ((param_len > n) ||
- (EC_POINT_oct2point(group, srvr_ecpoint,
- p, encoded_pt_len, bn_ctx) == 0))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
- goto f_err;
- }
-
- n-=param_len;
- p+=encoded_pt_len;
-
- /* The ECC/TLS specification does not mention
- * the use of DSA to sign ECParameters in the server
- * key exchange message. We do support RSA and ECDSA.
- */
- if (0) ;
-#ifndef OPENSSL_NO_RSA
- else if (alg & SSL_aRSA)
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
-#endif
-#ifndef OPENSSL_NO_ECDSA
- else if (alg & SSL_aECDSA)
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
-#endif
- /* else anonymous ECDH, so no certificate or pkey. */
- EC_KEY_set_public_key(ecdh, srvr_ecpoint);
- s->session->sess_cert->peer_ecdh_tmp=ecdh;
- ecdh=NULL;
- BN_CTX_free(bn_ctx);
- EC_POINT_free(srvr_ecpoint);
- srvr_ecpoint = NULL;
- }
- else if (alg & SSL_kECDH)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
- goto f_err;
- }
-#endif /* !OPENSSL_NO_ECDH */
- if (alg & SSL_aFZA)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
- goto f_err;
- }
-
-
- /* p points to the next byte, there are 'n' bytes left */
-
- /* if it was signed, check the signature */
- if (pkey != NULL)
- {
- n2s(p,i);
- n-=2;
- j=EVP_PKEY_size(pkey);
-
- if ((i != n) || (n > j) || (n <= 0))
- {
- /* wrong packet length */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH);
- goto f_err;
- }
-
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- int num;
-
- j=0;
- q=md_buf;
- for (num=2; num > 0; num--)
- {
- EVP_DigestInit_ex(&md_ctx,(num == 2)
- ?s->ctx->md5:s->ctx->sha1, NULL);
- EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,param,param_len);
- EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
- q+=i;
- j+=i;
- }
- i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,
- pkey->pkey.rsa);
- if (i < 0)
- {
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
- goto f_err;
- }
- if (i == 0)
- {
- /* bad signature */
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- /* lets do DSS */
- EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL);
- EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_VerifyUpdate(&md_ctx,param,param_len);
- if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
- {
- /* bad signature */
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- {
- /* let's do ECDSA */
- EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);
- EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_VerifyUpdate(&md_ctx,param,param_len);
- if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
- {
- /* bad signature */
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
- else
- {
- /* still data left over */
- if (!(alg & SSL_aNULL))
- {
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- goto err;
- }
- if (n != 0)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE);
- goto f_err;
- }
- }
- EVP_PKEY_free(pkey);
- EVP_MD_CTX_cleanup(&md_ctx);
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- EVP_PKEY_free(pkey);
-#ifndef OPENSSL_NO_RSA
- if (rsa != NULL)
- RSA_free(rsa);
-#endif
-#ifndef OPENSSL_NO_DH
- if (dh != NULL)
- DH_free(dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
- BN_CTX_free(bn_ctx);
- EC_POINT_free(srvr_ecpoint);
- if (ecdh != NULL)
- EC_KEY_free(ecdh);
-#endif
- EVP_MD_CTX_cleanup(&md_ctx);
- return(-1);
- }
-
-int ssl3_get_certificate_request(SSL *s)
- {
- int ok,ret=0;
- unsigned long n,nc,l;
- unsigned int llen,ctype_num,i;
- X509_NAME *xn=NULL;
- const unsigned char *p,*q;
- unsigned char *d;
- STACK_OF(X509_NAME) *ca_sk=NULL;
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_CERT_REQ_A,
- SSL3_ST_CR_CERT_REQ_B,
- -1,
- s->max_cert_list,
- &ok);
-
- if (!ok) return((int)n);
-
- s->s3->tmp.cert_req=0;
-
- if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
- {
- s->s3->tmp.reuse_message=1;
- return(1);
- }
-
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE);
- goto err;
- }
-
- /* TLS does not like anon-DH with client cert */
- if (s->version > SSL3_VERSION)
- {
- l=s->s3->tmp.new_cipher->algorithms;
- if (l & SSL_aNULL)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
- goto err;
- }
- }
-
- p=d=(unsigned char *)s->init_msg;
-
- if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* get the certificate types */
- ctype_num= *(p++);
- if (ctype_num > SSL3_CT_NUMBER)
- ctype_num=SSL3_CT_NUMBER;
- for (i=0; i<ctype_num; i++)
- s->s3->tmp.ctype[i]= p[i];
- p+=ctype_num;
-
- /* get the CA RDNs */
- n2s(p,llen);
-#if 0
-{
-FILE *out;
-out=fopen("/tmp/vsign.der","w");
-fwrite(p,1,llen,out);
-fclose(out);
-}
-#endif
-
- if ((llen+ctype_num+2+1) != n)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
- goto err;
- }
-
- for (nc=0; nc<llen; )
- {
- n2s(p,l);
- if ((l+nc+2) > llen)
- {
- if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
- goto cont; /* netscape bugs */
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG);
- goto err;
- }
-
- q=p;
-
- if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
- {
- /* If netscape tolerance is on, ignore errors */
- if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
- goto cont;
- else
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB);
- goto err;
- }
- }
-
- if (q != (p+l))
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
- goto err;
- }
- if (!sk_X509_NAME_push(ca_sk,xn))
- {
- SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- p+=l;
- nc+=l+2;
- }
-
- if (0)
- {
-cont:
- ERR_clear_error();
- }
-
- /* we should setup a certificate to return.... */
- s->s3->tmp.cert_req=1;
- s->s3->tmp.ctype_num=ctype_num;
- if (s->s3->tmp.ca_names != NULL)
- sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
- s->s3->tmp.ca_names=ca_sk;
- ca_sk=NULL;
-
- ret=1;
-err:
- if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
- return(ret);
- }
-
-static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
- {
- return(X509_NAME_cmp(*a,*b));
- }
-
-int ssl3_get_server_done(SSL *s)
- {
- int ok,ret=0;
- long n;
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_CR_SRVR_DONE_A,
- SSL3_ST_CR_SRVR_DONE_B,
- SSL3_MT_SERVER_DONE,
- 30, /* should be very small, like 0 :-) */
- &ok);
-
- if (!ok) return((int)n);
- if (n > 0)
- {
- /* should contain no data */
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
- SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
- return -1;
- }
- ret=1;
- return(ret);
- }
-
-
-int ssl3_send_client_key_exchange(SSL *s)
- {
- unsigned char *p,*d;
- int n;
- unsigned long l;
-#ifndef OPENSSL_NO_RSA
- unsigned char *q;
- EVP_PKEY *pkey=NULL;
-#endif
-#ifndef OPENSSL_NO_KRB5
- KSSL_ERR kssl_err;
-#endif /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *clnt_ecdh = NULL;
- const EC_POINT *srvr_ecpoint = NULL;
- EVP_PKEY *srvr_pub_pkey = NULL;
- unsigned char *encodedPoint = NULL;
- int encoded_pt_len = 0;
- BN_CTX * bn_ctx = NULL;
-#endif
-
- if (s->state == SSL3_ST_CW_KEY_EXCH_A)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
-
- l=s->s3->tmp.new_cipher->algorithms;
-
- /* Fool emacs indentation */
- if (0) {}
-#ifndef OPENSSL_NO_RSA
- else if (l & SSL_kRSA)
- {
- RSA *rsa;
- unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
-
- if (s->session->sess_cert->peer_rsa_tmp != NULL)
- rsa=s->session->sess_cert->peer_rsa_tmp;
- else
- {
- pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
- if ((pkey == NULL) ||
- (pkey->type != EVP_PKEY_RSA) ||
- (pkey->pkey.rsa == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
- goto err;
- }
- rsa=pkey->pkey.rsa;
- EVP_PKEY_free(pkey);
- }
-
- tmp_buf[0]=s->client_version>>8;
- tmp_buf[1]=s->client_version&0xff;
- if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
- goto err;
-
- s->session->master_key_length=sizeof tmp_buf;
-
- q=p;
- /* Fix buf for TLS and beyond */
- if (s->version > SSL3_VERSION)
- p+=2;
- n=RSA_public_encrypt(sizeof tmp_buf,
- tmp_buf,p,rsa,RSA_PKCS1_PADDING);
-#ifdef PKCS1_CHECK
- if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
- if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70;
-#endif
- if (n <= 0)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT);
- goto err;
- }
-
- /* Fix buf for TLS and beyond */
- if (s->version > SSL3_VERSION)
- {
- s2n(n,q);
- n+=2;
- }
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,
- tmp_buf,sizeof tmp_buf);
- OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
- }
-#endif
-#ifndef OPENSSL_NO_KRB5
- else if (l & SSL_kKRB5)
- {
- krb5_error_code krb5rc;
- KSSL_CTX *kssl_ctx = s->kssl_ctx;
- /* krb5_data krb5_ap_req; */
- krb5_data *enc_ticket;
- krb5_data authenticator, *authp = NULL;
- EVP_CIPHER_CTX ciph_ctx;
- EVP_CIPHER *enc = NULL;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
- unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH
- + EVP_MAX_IV_LENGTH];
- int padl, outl = sizeof(epms);
-
- EVP_CIPHER_CTX_init(&ciph_ctx);
-
-#ifdef KSSL_DEBUG
- printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
- l, SSL_kKRB5);
-#endif /* KSSL_DEBUG */
-
- authp = NULL;
-#ifdef KRB5SENDAUTH
- if (KRB5SENDAUTH) authp = &authenticator;
-#endif /* KRB5SENDAUTH */
-
- krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
- &kssl_err);
- enc = kssl_map_enc(kssl_ctx->enctype);
- if (enc == NULL)
- goto err;
-#ifdef KSSL_DEBUG
- {
- printf("kssl_cget_tkt rtn %d\n", krb5rc);
- if (krb5rc && kssl_err.text)
- printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
- }
-#endif /* KSSL_DEBUG */
-
- if (krb5rc)
- {
- ssl3_send_alert(s,SSL3_AL_FATAL,
- SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- kssl_err.reason);
- goto err;
- }
-
- /* 20010406 VRS - Earlier versions used KRB5 AP_REQ
- ** in place of RFC 2712 KerberosWrapper, as in:
- **
- ** Send ticket (copy to *p, set n = length)
- ** n = krb5_ap_req.length;
- ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
- ** if (krb5_ap_req.data)
- ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
- **
- ** Now using real RFC 2712 KerberosWrapper
- ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
- ** Note: 2712 "opaque" types are here replaced
- ** with a 2-byte length followed by the value.
- ** Example:
- ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
- ** Where "xx xx" = length bytes. Shown here with
- ** optional authenticator omitted.
- */
-
- /* KerberosWrapper.Ticket */
- s2n(enc_ticket->length,p);
- memcpy(p, enc_ticket->data, enc_ticket->length);
- p+= enc_ticket->length;
- n = enc_ticket->length + 2;
-
- /* KerberosWrapper.Authenticator */
- if (authp && authp->length)
- {
- s2n(authp->length,p);
- memcpy(p, authp->data, authp->length);
- p+= authp->length;
- n+= authp->length + 2;
-
- free(authp->data);
- authp->data = NULL;
- authp->length = 0;
- }
- else
- {
- s2n(0,p);/* null authenticator length */
- n+=2;
- }
-
- tmp_buf[0]=s->client_version>>8;
- tmp_buf[1]=s->client_version&0xff;
- if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
- goto err;
-
- /* 20010420 VRS. Tried it this way; failed.
- ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
- ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
- ** kssl_ctx->length);
- ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
- */
-
- memset(iv, 0, sizeof iv); /* per RFC 1510 */
- EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
- kssl_ctx->key,iv);
- EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
- sizeof tmp_buf);
- EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
- outl += padl;
- if (outl > sizeof epms)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
- /* KerberosWrapper.EncryptedPreMasterSecret */
- s2n(outl,p);
- memcpy(p, epms, outl);
- p+=outl;
- n+=outl + 2;
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,
- tmp_buf, sizeof tmp_buf);
-
- OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
- OPENSSL_cleanse(epms, outl);
- }
-#endif
-#ifndef OPENSSL_NO_DH
- else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- {
- DH *dh_srvr,*dh_clnt;
-
- if (s->session->sess_cert->peer_dh_tmp != NULL)
- dh_srvr=s->session->sess_cert->peer_dh_tmp;
- else
- {
- /* we get them from the cert */
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
- goto err;
- }
-
- /* generate a new random key */
- if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- if (!DH_generate_key(dh_clnt))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- /* use the 'p' output buffer for the DH key, but
- * make sure to clear it out afterwards */
-
- n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt);
-
- if (n <= 0)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- /* generate master key from the result */
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,p,n);
- /* clean up */
- memset(p,0,n);
-
- /* send off the data */
- n=BN_num_bytes(dh_clnt->pub_key);
- s2n(n,p);
- BN_bn2bin(dh_clnt->pub_key,p);
- n+=2;
-
- DH_free(dh_clnt);
-
- /* perhaps clean things up a bit EAY EAY EAY EAY*/
- }
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- else if ((l & SSL_kECDH) || (l & SSL_kECDHE))
- {
- const EC_GROUP *srvr_group = NULL;
- EC_KEY *tkey;
- int ecdh_clnt_cert = 0;
- int field_size = 0;
-
- /* Did we send out the client's
- * ECDH share for use in premaster
- * computation as part of client certificate?
- * If so, set ecdh_clnt_cert to 1.
- */
- if ((l & SSL_kECDH) && (s->cert != NULL))
- {
- /* XXX: For now, we do not support client
- * authentication using ECDH certificates.
- * To add such support, one needs to add
- * code that checks for appropriate
- * conditions and sets ecdh_clnt_cert to 1.
- * For example, the cert have an ECC
- * key on the same curve as the server's
- * and the key should be authorized for
- * key agreement.
- *
- * One also needs to add code in ssl3_connect
- * to skip sending the certificate verify
- * message.
- *
- * if ((s->cert->key->privatekey != NULL) &&
- * (s->cert->key->privatekey->type ==
- * EVP_PKEY_EC) && ...)
- * ecdh_clnt_cert = 1;
- */
- }
-
- if (s->session->sess_cert->peer_ecdh_tmp != NULL)
- {
- tkey = s->session->sess_cert->peer_ecdh_tmp;
- }
- else
- {
- /* Get the Server Public Key from Cert */
- srvr_pub_pkey = X509_get_pubkey(s->session-> \
- sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
- if ((srvr_pub_pkey == NULL) ||
- (srvr_pub_pkey->type != EVP_PKEY_EC) ||
- (srvr_pub_pkey->pkey.ec == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- tkey = srvr_pub_pkey->pkey.ec;
- }
-
- srvr_group = EC_KEY_get0_group(tkey);
- srvr_ecpoint = EC_KEY_get0_public_key(tkey);
-
- if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if ((clnt_ecdh=EC_KEY_new()) == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!EC_KEY_set_group(clnt_ecdh, srvr_group))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
- goto err;
- }
- if (ecdh_clnt_cert)
- {
- /* Reuse key info from our certificate
- * We only need our private key to perform
- * the ECDH computation.
- */
- const BIGNUM *priv_key;
- tkey = s->cert->key->privatekey->pkey.ec;
- priv_key = EC_KEY_get0_private_key(tkey);
- if (priv_key == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- if (!EC_KEY_set_private_key(clnt_ecdh, priv_key))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_EC_LIB);
- goto err;
- }
- }
- else
- {
- /* Generate a new ECDH key pair */
- if (!(EC_KEY_generate_key(clnt_ecdh)))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
- goto err;
- }
- }
-
- /* use the 'p' output buffer for the ECDH key, but
- * make sure to clear it out afterwards
- */
-
- field_size = EC_GROUP_get_degree(srvr_group);
- if (field_size <= 0)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_ECDH_LIB);
- goto err;
- }
- n=ECDH_compute_key(p, (field_size+7)/8, srvr_ecpoint, clnt_ecdh, NULL);
- if (n <= 0)
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_ECDH_LIB);
- goto err;
- }
-
- /* generate master key from the result */
- s->session->master_key_length = s->method->ssl3_enc \
- -> generate_master_secret(s,
- s->session->master_key,
- p, n);
-
- memset(p, 0, n); /* clean up */
-
- if (ecdh_clnt_cert)
- {
- /* Send empty client key exch message */
- n = 0;
- }
- else
- {
- /* First check the size of encoding and
- * allocate memory accordingly.
- */
- encoded_pt_len =
- EC_POINT_point2oct(srvr_group,
- EC_KEY_get0_public_key(clnt_ecdh),
- POINT_CONVERSION_UNCOMPRESSED,
- NULL, 0, NULL);
-
- encodedPoint = (unsigned char *)
- OPENSSL_malloc(encoded_pt_len *
- sizeof(unsigned char));
- bn_ctx = BN_CTX_new();
- if ((encodedPoint == NULL) ||
- (bn_ctx == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* Encode the public key */
- n = EC_POINT_point2oct(srvr_group,
- EC_KEY_get0_public_key(clnt_ecdh),
- POINT_CONVERSION_UNCOMPRESSED,
- encodedPoint, encoded_pt_len, bn_ctx);
-
- *p = n; /* length of encoded point */
- /* Encoded point will be copied here */
- p += 1;
- /* copy the point */
- memcpy((unsigned char *)p, encodedPoint, n);
- /* increment n to account for length field */
- n += 1;
- }
-
- /* Free allocated memory */
- BN_CTX_free(bn_ctx);
- if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
- if (clnt_ecdh != NULL)
- EC_KEY_free(clnt_ecdh);
- EVP_PKEY_free(srvr_pub_pkey);
- }
-#endif /* !OPENSSL_NO_ECDH */
- else
- {
- ssl3_send_alert(s, SSL3_AL_FATAL,
- SSL_AD_HANDSHAKE_FAILURE);
- SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
- ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE;
- l2n3(n,d);
-
- s->state=SSL3_ST_CW_KEY_EXCH_B;
- /* number of bytes to write */
- s->init_num=n+4;
- s->init_off=0;
- }
-
- /* SSL3_ST_CW_KEY_EXCH_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
-#ifndef OPENSSL_NO_ECDH
- BN_CTX_free(bn_ctx);
- if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
- if (clnt_ecdh != NULL)
- EC_KEY_free(clnt_ecdh);
- EVP_PKEY_free(srvr_pub_pkey);
-#endif
- return(-1);
- }
-
-int ssl3_send_client_verify(SSL *s)
- {
- unsigned char *p,*d;
- unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
- EVP_PKEY *pkey;
-#ifndef OPENSSL_NO_RSA
- unsigned u=0;
-#endif
- unsigned long n;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
- int j;
-#endif
-
- if (s->state == SSL3_ST_CW_CERT_VRFY_A)
- {
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
- pkey=s->cert->key->privatekey;
-
- s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
- &(data[MD5_DIGEST_LENGTH]));
-
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst1),&(data[0]));
- if (RSA_sign(NID_md5_sha1, data,
- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
- &(p[2]), &u, pkey->pkey.rsa) <= 0 )
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
- goto err;
- }
- s2n(u,p);
- n=u+2;
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- if (!DSA_sign(pkey->save_type,
- &(data[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,&(p[2]),
- (unsigned int *)&j,pkey->pkey.dsa))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB);
- goto err;
- }
- s2n(j,p);
- n=j+2;
- }
- else
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- {
- if (!ECDSA_sign(pkey->save_type,
- &(data[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,&(p[2]),
- (unsigned int *)&j,pkey->pkey.ec))
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
- ERR_R_ECDSA_LIB);
- goto err;
- }
- s2n(j,p);
- n=j+2;
- }
- else
-#endif
- {
- SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
- goto err;
- }
- *(d++)=SSL3_MT_CERTIFICATE_VERIFY;
- l2n3(n,d);
-
- s->state=SSL3_ST_CW_CERT_VRFY_B;
- s->init_num=(int)n+4;
- s->init_off=0;
- }
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-int ssl3_send_client_certificate(SSL *s)
- {
- X509 *x509=NULL;
- EVP_PKEY *pkey=NULL;
- int i;
- unsigned long l;
-
- if (s->state == SSL3_ST_CW_CERT_A)
- {
- if ((s->cert == NULL) ||
- (s->cert->key->x509 == NULL) ||
- (s->cert->key->privatekey == NULL))
- s->state=SSL3_ST_CW_CERT_B;
- else
- s->state=SSL3_ST_CW_CERT_C;
- }
-
- /* We need to get a client cert */
- if (s->state == SSL3_ST_CW_CERT_B)
- {
- /* If we get an error, we need to
- * ssl->rwstate=SSL_X509_LOOKUP; return(-1);
- * We then get retied later */
- i=0;
- if (s->ctx->client_cert_cb != NULL)
- i=s->ctx->client_cert_cb(s,&(x509),&(pkey));
- if (i < 0)
- {
- s->rwstate=SSL_X509_LOOKUP;
- return(-1);
- }
- s->rwstate=SSL_NOTHING;
- if ((i == 1) && (pkey != NULL) && (x509 != NULL))
- {
- s->state=SSL3_ST_CW_CERT_B;
- if ( !SSL_use_certificate(s,x509) ||
- !SSL_use_PrivateKey(s,pkey))
- i=0;
- }
- else if (i == 1)
- {
- i=0;
- SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
- }
-
- if (x509 != NULL) X509_free(x509);
- if (pkey != NULL) EVP_PKEY_free(pkey);
- if (i == 0)
- {
- if (s->version == SSL3_VERSION)
- {
- s->s3->tmp.cert_req=0;
- ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE);
- return(1);
- }
- else
- {
- s->s3->tmp.cert_req=2;
- }
- }
-
- /* Ok, we have a cert */
- s->state=SSL3_ST_CW_CERT_C;
- }
-
- if (s->state == SSL3_ST_CW_CERT_C)
- {
- s->state=SSL3_ST_CW_CERT_D;
- l=ssl3_output_cert_chain(s,
- (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
- s->init_num=(int)l;
- s->init_off=0;
- }
- /* SSL3_ST_CW_CERT_D */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-#define has_bits(i,m) (((i)&(m)) == (m))
-
-int ssl3_check_cert_and_algorithm(SSL *s)
- {
- int i,idx;
- long algs;
- EVP_PKEY *pkey=NULL;
- SESS_CERT *sc;
-#ifndef OPENSSL_NO_RSA
- RSA *rsa;
-#endif
-#ifndef OPENSSL_NO_DH
- DH *dh;
-#endif
-
- sc=s->session->sess_cert;
-
- if (sc == NULL)
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- algs=s->s3->tmp.new_cipher->algorithms;
-
- /* we don't have a certificate */
- if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
- return(1);
-
-#ifndef OPENSSL_NO_RSA
- rsa=s->session->sess_cert->peer_rsa_tmp;
-#endif
-#ifndef OPENSSL_NO_DH
- dh=s->session->sess_cert->peer_dh_tmp;
-#endif
-
- /* This is the passed certificate */
-
- idx=sc->peer_cert_type;
-#ifndef OPENSSL_NO_ECDH
- if (idx == SSL_PKEY_ECC)
- {
- if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
- s->s3->tmp.new_cipher) == 0)
- { /* check failed */
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
- goto f_err;
- }
- else
- {
- return 1;
- }
- }
-#endif
- pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
- i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
- EVP_PKEY_free(pkey);
-
-
- /* Check that we have a certificate if we require one */
- if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
- goto f_err;
- }
-#ifndef OPENSSL_NO_DSA
- else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
- goto f_err;
- }
-#endif
-#ifndef OPENSSL_NO_RSA
- if ((algs & SSL_kRSA) &&
- !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
- goto f_err;
- }
-#endif
-#ifndef OPENSSL_NO_DH
- if ((algs & SSL_kEDH) &&
- !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
- goto f_err;
- }
- else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
- goto f_err;
- }
-#ifndef OPENSSL_NO_DSA
- else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
- goto f_err;
- }
-#endif
-#endif
-
- if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
- {
-#ifndef OPENSSL_NO_RSA
- if (algs & SSL_kRSA)
- {
- if (rsa == NULL
- || RSA_size(rsa)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
- goto f_err;
- }
- }
- else
-#endif
-#ifndef OPENSSL_NO_DH
- if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- {
- if (dh == NULL
- || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
- goto f_err;
- }
- }
- else
-#endif
- {
- SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
- goto f_err;
- }
- }
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-err:
- return(0);
- }
-
-
-#ifndef OPENSSL_NO_ECDH
-/* This is the complement of nid2curve_id in s3_srvr.c. */
-static int curve_id2nid(int curve_id)
-{
- /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
- * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
- static int nid_list[26] =
- {
- 0,
- NID_sect163k1, /* sect163k1 (1) */
- NID_sect163r1, /* sect163r1 (2) */
- NID_sect163r2, /* sect163r2 (3) */
- NID_sect193r1, /* sect193r1 (4) */
- NID_sect193r2, /* sect193r2 (5) */
- NID_sect233k1, /* sect233k1 (6) */
- NID_sect233r1, /* sect233r1 (7) */
- NID_sect239k1, /* sect239k1 (8) */
- NID_sect283k1, /* sect283k1 (9) */
- NID_sect283r1, /* sect283r1 (10) */
- NID_sect409k1, /* sect409k1 (11) */
- NID_sect409r1, /* sect409r1 (12) */
- NID_sect571k1, /* sect571k1 (13) */
- NID_sect571r1, /* sect571r1 (14) */
- NID_secp160k1, /* secp160k1 (15) */
- NID_secp160r1, /* secp160r1 (16) */
- NID_secp160r2, /* secp160r2 (17) */
- NID_secp192k1, /* secp192k1 (18) */
- NID_X9_62_prime192v1, /* secp192r1 (19) */
- NID_secp224k1, /* secp224k1 (20) */
- NID_secp224r1, /* secp224r1 (21) */
- NID_secp256k1, /* secp256k1 (22) */
- NID_X9_62_prime256v1, /* secp256r1 (23) */
- NID_secp384r1, /* secp384r1 (24) */
- NID_secp521r1 /* secp521r1 (25) */
- };
-
- if ((curve_id < 1) || (curve_id > 25)) return 0;
-
- return nid_list[curve_id];
-}
-#endif
diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c
deleted file mode 100644
index 2859351..0000000
--- a/crypto/openssl/ssl/s3_enc.c
+++ /dev/null
@@ -1,720 +0,0 @@
-/* ssl/s3_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-
-static unsigned char ssl3_pad_1[48]={
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
- 0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36 };
-
-static unsigned char ssl3_pad_2[48]={
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
- 0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };
-
-static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
- const char *sender, int len, unsigned char *p);
-
-static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
- {
- EVP_MD_CTX m5;
- EVP_MD_CTX s1;
- unsigned char buf[16],smd[SHA_DIGEST_LENGTH];
- unsigned char c='A';
- unsigned int i,j,k;
-
-#ifdef CHARSET_EBCDIC
- c = os_toascii[c]; /*'A' in ASCII */
-#endif
- k=0;
- EVP_MD_CTX_init(&m5);
- EVP_MD_CTX_init(&s1);
- for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
- {
- k++;
- if (k > sizeof buf)
- {
- /* bug: 'buf' is too small for this ciphersuite */
- SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- for (j=0; j<k; j++)
- buf[j]=c;
- c++;
- EVP_DigestInit_ex(&s1,EVP_sha1(), NULL);
- EVP_DigestUpdate(&s1,buf,k);
- EVP_DigestUpdate(&s1,s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(&s1,smd,NULL);
-
- EVP_DigestInit_ex(&m5,EVP_md5(), NULL);
- EVP_DigestUpdate(&m5,s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH);
- if ((int)(i+MD5_DIGEST_LENGTH) > num)
- {
- EVP_DigestFinal_ex(&m5,smd,NULL);
- memcpy(km,smd,(num-i));
- }
- else
- EVP_DigestFinal_ex(&m5,km,NULL);
-
- km+=MD5_DIGEST_LENGTH;
- }
- OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
- EVP_MD_CTX_cleanup(&m5);
- EVP_MD_CTX_cleanup(&s1);
- return 1;
- }
-
-int ssl3_change_cipher_state(SSL *s, int which)
- {
- unsigned char *p,*key_block,*mac_secret;
- unsigned char exp_key[EVP_MAX_KEY_LENGTH];
- unsigned char exp_iv[EVP_MAX_IV_LENGTH];
- unsigned char *ms,*key,*iv,*er1,*er2;
- EVP_CIPHER_CTX *dd;
- const EVP_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
- COMP_METHOD *comp;
-#endif
- const EVP_MD *m;
- EVP_MD_CTX md;
- int is_exp,n,i,j,k,cl;
- int reuse_dd = 0;
-
- is_exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
- c=s->s3->tmp.new_sym_enc;
- m=s->s3->tmp.new_hash;
-#ifndef OPENSSL_NO_COMP
- if (s->s3->tmp.new_compression == NULL)
- comp=NULL;
- else
- comp=s->s3->tmp.new_compression->method;
-#endif
- key_block=s->s3->tmp.key_block;
-
- if (which & SSL3_CC_READ)
- {
- if (s->enc_read_ctx != NULL)
- reuse_dd = 1;
- else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
- goto err;
- else
- /* make sure it's intialized in case we exit later with an error */
- EVP_CIPHER_CTX_init(s->enc_read_ctx);
- dd= s->enc_read_ctx;
- s->read_hash=m;
-#ifndef OPENSSL_NO_COMP
- /* COMPRESS */
- if (s->expand != NULL)
- {
- COMP_CTX_free(s->expand);
- s->expand=NULL;
- }
- if (comp != NULL)
- {
- s->expand=COMP_CTX_new(comp);
- if (s->expand == NULL)
- {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- if (s->s3->rrec.comp == NULL)
- s->s3->rrec.comp=(unsigned char *)
- OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH);
- if (s->s3->rrec.comp == NULL)
- goto err;
- }
-#endif
- memset(&(s->s3->read_sequence[0]),0,8);
- mac_secret= &(s->s3->read_mac_secret[0]);
- }
- else
- {
- if (s->enc_write_ctx != NULL)
- reuse_dd = 1;
- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
- goto err;
- else
- /* make sure it's intialized in case we exit later with an error */
- EVP_CIPHER_CTX_init(s->enc_write_ctx);
- dd= s->enc_write_ctx;
- s->write_hash=m;
-#ifndef OPENSSL_NO_COMP
- /* COMPRESS */
- if (s->compress != NULL)
- {
- COMP_CTX_free(s->compress);
- s->compress=NULL;
- }
- if (comp != NULL)
- {
- s->compress=COMP_CTX_new(comp);
- if (s->compress == NULL)
- {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- }
-#endif
- memset(&(s->s3->write_sequence[0]),0,8);
- mac_secret= &(s->s3->write_mac_secret[0]);
- }
-
- if (reuse_dd)
- EVP_CIPHER_CTX_cleanup(dd);
-
- p=s->s3->tmp.key_block;
- i=EVP_MD_size(m);
- cl=EVP_CIPHER_key_length(c);
- j=is_exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
- /* Was j=(is_exp)?5:EVP_CIPHER_key_length(c); */
- k=EVP_CIPHER_iv_length(c);
- if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
- (which == SSL3_CHANGE_CIPHER_SERVER_READ))
- {
- ms= &(p[ 0]); n=i+i;
- key= &(p[ n]); n+=j+j;
- iv= &(p[ n]); n+=k+k;
- er1= &(s->s3->client_random[0]);
- er2= &(s->s3->server_random[0]);
- }
- else
- {
- n=i;
- ms= &(p[ n]); n+=i+j;
- key= &(p[ n]); n+=j+k;
- iv= &(p[ n]); n+=k;
- er1= &(s->s3->server_random[0]);
- er2= &(s->s3->client_random[0]);
- }
-
- if (n > s->s3->tmp.key_block_length)
- {
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
- goto err2;
- }
-
- EVP_MD_CTX_init(&md);
- memcpy(mac_secret,ms,i);
- if (is_exp)
- {
- /* In here I set both the read and write key/iv to the
- * same value since only the correct one will be used :-).
- */
- EVP_DigestInit_ex(&md,EVP_md5(), NULL);
- EVP_DigestUpdate(&md,key,j);
- EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL);
- key= &(exp_key[0]);
-
- if (k > 0)
- {
- EVP_DigestInit_ex(&md,EVP_md5(), NULL);
- EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL);
- iv= &(exp_iv[0]);
- }
- }
-
- s->session->key_arg_length=0;
-
- EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
-
- OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
- OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
- EVP_MD_CTX_cleanup(&md);
- return(1);
-err:
- SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
-err2:
- return(0);
- }
-
-int ssl3_setup_key_block(SSL *s)
- {
- unsigned char *p;
- const EVP_CIPHER *c;
- const EVP_MD *hash;
- int num;
- int ret = 0;
- SSL_COMP *comp;
-
- if (s->s3->tmp.key_block_length != 0)
- return(1);
-
- if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
- {
- SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
- return(0);
- }
-
- s->s3->tmp.new_sym_enc=c;
- s->s3->tmp.new_hash=hash;
-#ifdef OPENSSL_NO_COMP
- s->s3->tmp.new_compression=NULL;
-#else
- s->s3->tmp.new_compression=comp;
-#endif
-
- num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
- num*=2;
-
- ssl3_cleanup_key_block(s);
-
- if ((p=OPENSSL_malloc(num)) == NULL)
- goto err;
-
- s->s3->tmp.key_block_length=num;
- s->s3->tmp.key_block=p;
-
- ret = ssl3_generate_key_block(s,p,num);
-
- if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
- {
- /* enable vulnerability countermeasure for CBC ciphers with
- * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
- */
- s->s3->need_empty_fragments = 1;
-
- if (s->session->cipher != NULL)
- {
- if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
- s->s3->need_empty_fragments = 0;
-
-#ifndef OPENSSL_NO_RC4
- if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
- s->s3->need_empty_fragments = 0;
-#endif
- }
- }
-
- return ret;
-
-err:
- SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-void ssl3_cleanup_key_block(SSL *s)
- {
- if (s->s3->tmp.key_block != NULL)
- {
- OPENSSL_cleanse(s->s3->tmp.key_block,
- s->s3->tmp.key_block_length);
- OPENSSL_free(s->s3->tmp.key_block);
- s->s3->tmp.key_block=NULL;
- }
- s->s3->tmp.key_block_length=0;
- }
-
-int ssl3_enc(SSL *s, int send)
- {
- SSL3_RECORD *rec;
- EVP_CIPHER_CTX *ds;
- unsigned long l;
- int bs,i;
- const EVP_CIPHER *enc;
-
- if (send)
- {
- ds=s->enc_write_ctx;
- rec= &(s->s3->wrec);
- if (s->enc_write_ctx == NULL)
- enc=NULL;
- else
- enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
- }
- else
- {
- ds=s->enc_read_ctx;
- rec= &(s->s3->rrec);
- if (s->enc_read_ctx == NULL)
- enc=NULL;
- else
- enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
- }
-
- if ((s->session == NULL) || (ds == NULL) ||
- (enc == NULL))
- {
- memmove(rec->data,rec->input,rec->length);
- rec->input=rec->data;
- }
- else
- {
- l=rec->length;
- bs=EVP_CIPHER_block_size(ds->cipher);
-
- /* COMPRESS */
-
- if ((bs != 1) && send)
- {
- i=bs-((int)l%bs);
-
- /* we need to add 'i-1' padding bytes */
- l+=i;
- rec->length+=i;
- rec->input[l-1]=(i-1);
- }
-
- if (!send)
- {
- if (l == 0 || l%bs != 0)
- {
- SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
- return 0;
- }
- /* otherwise, rec->length >= bs */
- }
-
- EVP_Cipher(ds,rec->data,rec->input,l);
-
- if ((bs != 1) && !send)
- {
- i=rec->data[l-1]+1;
- /* SSL 3.0 bounds the number of padding bytes by the block size;
- * padding bytes (except the last one) are arbitrary */
- if (i > bs)
- {
- /* Incorrect padding. SSLerr() and ssl3_alert are done
- * by caller: we don't want to reveal whether this is
- * a decryption error or a MAC verification failure
- * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
- return -1;
- }
- /* now i <= bs <= rec->length */
- rec->length-=i;
- }
- }
- return(1);
- }
-
-void ssl3_init_finished_mac(SSL *s)
- {
- EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL);
- EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL);
- }
-
-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
- {
- EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len);
- EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len);
- }
-
-int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p)
- {
- return(ssl3_handshake_mac(s,ctx,NULL,0,p));
- }
-
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
- const char *sender, int len, unsigned char *p)
- {
- int ret;
-
- ret=ssl3_handshake_mac(s,ctx1,sender,len,p);
- p+=ret;
- ret+=ssl3_handshake_mac(s,ctx2,sender,len,p);
- return(ret);
- }
-
-static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
- const char *sender, int len, unsigned char *p)
- {
- unsigned int ret;
- int npad,n;
- unsigned int i;
- unsigned char md_buf[EVP_MAX_MD_SIZE];
- EVP_MD_CTX ctx;
-
- EVP_MD_CTX_init(&ctx);
- EVP_MD_CTX_copy_ex(&ctx,in_ctx);
-
- n=EVP_MD_CTX_size(&ctx);
- npad=(48/n)*n;
-
- if (sender != NULL)
- EVP_DigestUpdate(&ctx,sender,len);
- EVP_DigestUpdate(&ctx,s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);
- EVP_DigestFinal_ex(&ctx,md_buf,&i);
-
- EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL);
- EVP_DigestUpdate(&ctx,s->session->master_key,
- s->session->master_key_length);
- EVP_DigestUpdate(&ctx,ssl3_pad_2,npad);
- EVP_DigestUpdate(&ctx,md_buf,i);
- EVP_DigestFinal_ex(&ctx,p,&ret);
-
- EVP_MD_CTX_cleanup(&ctx);
-
- return((int)ret);
- }
-
-int ssl3_mac(SSL *ssl, unsigned char *md, int send)
- {
- SSL3_RECORD *rec;
- unsigned char *mac_sec,*seq;
- EVP_MD_CTX md_ctx;
- const EVP_MD *hash;
- unsigned char *p,rec_char;
- unsigned int md_size;
- int npad;
-
- if (send)
- {
- rec= &(ssl->s3->wrec);
- mac_sec= &(ssl->s3->write_mac_secret[0]);
- seq= &(ssl->s3->write_sequence[0]);
- hash=ssl->write_hash;
- }
- else
- {
- rec= &(ssl->s3->rrec);
- mac_sec= &(ssl->s3->read_mac_secret[0]);
- seq= &(ssl->s3->read_sequence[0]);
- hash=ssl->read_hash;
- }
-
- md_size=EVP_MD_size(hash);
- npad=(48/md_size)*md_size;
-
- /* Chop the digest off the end :-) */
- EVP_MD_CTX_init(&md_ctx);
-
- EVP_DigestInit_ex( &md_ctx,hash, NULL);
- EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
- EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
- EVP_DigestUpdate(&md_ctx,seq,8);
- rec_char=rec->type;
- EVP_DigestUpdate(&md_ctx,&rec_char,1);
- p=md;
- s2n(rec->length,p);
- EVP_DigestUpdate(&md_ctx,md,2);
- EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
- EVP_DigestFinal_ex( &md_ctx,md,NULL);
-
- EVP_DigestInit_ex( &md_ctx,hash, NULL);
- EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
- EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
- EVP_DigestUpdate(&md_ctx,md,md_size);
- EVP_DigestFinal_ex( &md_ctx,md,&md_size);
-
- EVP_MD_CTX_cleanup(&md_ctx);
-
- ssl3_record_sequence_update(seq);
- return(md_size);
- }
-
-void ssl3_record_sequence_update(unsigned char *seq)
- {
- int i;
-
- for (i=7; i>=0; i--)
- {
- ++seq[i];
- if (seq[i] != 0) break;
- }
- }
-
-int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
- int len)
- {
- static const unsigned char *salt[3]={
-#ifndef CHARSET_EBCDIC
- (const unsigned char *)"A",
- (const unsigned char *)"BB",
- (const unsigned char *)"CCC",
-#else
- (const unsigned char *)"\x41",
- (const unsigned char *)"\x42\x42",
- (const unsigned char *)"\x43\x43\x43",
-#endif
- };
- unsigned char buf[EVP_MAX_MD_SIZE];
- EVP_MD_CTX ctx;
- int i,ret=0;
- unsigned int n;
-
- EVP_MD_CTX_init(&ctx);
- for (i=0; i<3; i++)
- {
- EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL);
- EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i]));
- EVP_DigestUpdate(&ctx,p,len);
- EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]),
- SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]),
- SSL3_RANDOM_SIZE);
- EVP_DigestFinal_ex(&ctx,buf,&n);
-
- EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL);
- EVP_DigestUpdate(&ctx,p,len);
- EVP_DigestUpdate(&ctx,buf,n);
- EVP_DigestFinal_ex(&ctx,out,&n);
- out+=n;
- ret+=n;
- }
- EVP_MD_CTX_cleanup(&ctx);
- return(ret);
- }
-
-int ssl3_alert_code(int code)
- {
- switch (code)
- {
- case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY);
- case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
- case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC);
- case SSL_AD_DECRYPTION_FAILED: return(SSL3_AD_BAD_RECORD_MAC);
- case SSL_AD_RECORD_OVERFLOW: return(SSL3_AD_BAD_RECORD_MAC);
- case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
- case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_NO_CERTIFICATE: return(SSL3_AD_NO_CERTIFICATE);
- case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE);
- case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
- case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
- case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
- case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
- case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER);
- case SSL_AD_UNKNOWN_CA: return(SSL3_AD_BAD_CERTIFICATE);
- case SSL_AD_ACCESS_DENIED: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_DECODE_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_DECRYPT_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_EXPORT_RESTRICTION: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_PROTOCOL_VERSION: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_INTERNAL_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_USER_CANCELLED: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_NO_RENEGOTIATION: return(-1); /* Don't send it :-) */
- default: return(-1);
- }
- }
-
diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c
deleted file mode 100644
index 28eaf9d..0000000
--- a/crypto/openssl/ssl/s3_lib.c
+++ /dev/null
@@ -1,2406 +0,0 @@
-/* ssl/s3_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/md5.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/pq_compat.h>
-
-const char ssl3_version_str[]="SSLv3" OPENSSL_VERSION_PTEXT;
-
-#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
-
-/* list of available SSLv3 ciphers (sorted by id) */
-OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
-/* The RSA ciphers */
-/* Cipher 01 */
- {
- 1,
- SSL3_TXT_RSA_NULL_MD5,
- SSL3_CK_RSA_NULL_MD5,
- SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 02 */
- {
- 1,
- SSL3_TXT_RSA_NULL_SHA,
- SSL3_CK_RSA_NULL_SHA,
- SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 03 */
- {
- 1,
- SSL3_TXT_RSA_RC4_40_MD5,
- SSL3_CK_RSA_RC4_40_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 04 */
- {
- 1,
- SSL3_TXT_RSA_RC4_128_MD5,
- SSL3_CK_RSA_RC4_128_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 05 */
- {
- 1,
- SSL3_TXT_RSA_RC4_128_SHA,
- SSL3_CK_RSA_RC4_128_SHA,
- SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 06 */
- {
- 1,
- SSL3_TXT_RSA_RC2_40_MD5,
- SSL3_CK_RSA_RC2_40_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 07 */
-#ifndef OPENSSL_NO_IDEA
- {
- 1,
- SSL3_TXT_RSA_IDEA_128_SHA,
- SSL3_CK_RSA_IDEA_128_SHA,
- SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-/* Cipher 08 */
- {
- 1,
- SSL3_TXT_RSA_DES_40_CBC_SHA,
- SSL3_CK_RSA_DES_40_CBC_SHA,
- SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 09 */
- {
- 1,
- SSL3_TXT_RSA_DES_64_CBC_SHA,
- SSL3_CK_RSA_DES_64_CBC_SHA,
- SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0A */
- {
- 1,
- SSL3_TXT_RSA_DES_192_CBC3_SHA,
- SSL3_CK_RSA_DES_192_CBC3_SHA,
- SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* The DH ciphers */
-/* Cipher 0B */
- {
- 0,
- SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
- SSL3_CK_DH_DSS_DES_40_CBC_SHA,
- SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0C */
- {
- 0,
- SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
- SSL3_CK_DH_DSS_DES_64_CBC_SHA,
- SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0D */
- {
- 0,
- SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
- SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
- SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0E */
- {
- 0,
- SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
- SSL3_CK_DH_RSA_DES_40_CBC_SHA,
- SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 0F */
- {
- 0,
- SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
- SSL3_CK_DH_RSA_DES_64_CBC_SHA,
- SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 10 */
- {
- 0,
- SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
- SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
- SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* The Ephemeral DH ciphers */
-/* Cipher 11 */
- {
- 1,
- SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
- SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
- SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 12 */
- {
- 1,
- SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
- SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
- SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 13 */
- {
- 1,
- SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
- SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
- SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 14 */
- {
- 1,
- SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
- SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
- SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 15 */
- {
- 1,
- SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
- SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
- SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 16 */
- {
- 1,
- SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
- SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
- SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 17 */
- {
- 1,
- SSL3_TXT_ADH_RC4_40_MD5,
- SSL3_CK_ADH_RC4_40_MD5,
- SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 18 */
- {
- 1,
- SSL3_TXT_ADH_RC4_128_MD5,
- SSL3_CK_ADH_RC4_128_MD5,
- SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 19 */
- {
- 1,
- SSL3_TXT_ADH_DES_40_CBC_SHA,
- SSL3_CK_ADH_DES_40_CBC_SHA,
- SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 1A */
- {
- 1,
- SSL3_TXT_ADH_DES_64_CBC_SHA,
- SSL3_CK_ADH_DES_64_CBC_SHA,
- SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 1B */
- {
- 1,
- SSL3_TXT_ADH_DES_192_CBC_SHA,
- SSL3_CK_ADH_DES_192_CBC_SHA,
- SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Fortezza */
-/* Cipher 1C */
- {
- 0,
- SSL3_TXT_FZA_DMS_NULL_SHA,
- SSL3_CK_FZA_DMS_NULL_SHA,
- SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 1D */
- {
- 0,
- SSL3_TXT_FZA_DMS_FZA_SHA,
- SSL3_CK_FZA_DMS_FZA_SHA,
- SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_STRONG_NONE,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-#if 0
-/* Cipher 1E */
- {
- 0,
- SSL3_TXT_FZA_DMS_RC4_SHA,
- SSL3_CK_FZA_DMS_RC4_SHA,
- SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
-
-#ifndef OPENSSL_NO_KRB5
-/* The Kerberos ciphers
-** 20000107 VRS: And the first shall be last,
-** in hopes of avoiding the lynx ssl renegotiation problem.
-*/
-/* Cipher 1E VRS */
- {
- 1,
- SSL3_TXT_KRB5_DES_64_CBC_SHA,
- SSL3_CK_KRB5_DES_64_CBC_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 1F VRS */
- {
- 1,
- SSL3_TXT_KRB5_DES_192_CBC3_SHA,
- SSL3_CK_KRB5_DES_192_CBC3_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 20 VRS */
- {
- 1,
- SSL3_TXT_KRB5_RC4_128_SHA,
- SSL3_CK_KRB5_RC4_128_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 21 VRS */
- {
- 1,
- SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
- SSL3_CK_KRB5_IDEA_128_CBC_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_SHA1 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 22 VRS */
- {
- 1,
- SSL3_TXT_KRB5_DES_64_CBC_MD5,
- SSL3_CK_KRB5_DES_64_CBC_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_LOW,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 23 VRS */
- {
- 1,
- SSL3_TXT_KRB5_DES_192_CBC3_MD5,
- SSL3_CK_KRB5_DES_192_CBC3_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 24 VRS */
- {
- 1,
- SSL3_TXT_KRB5_RC4_128_MD5,
- SSL3_CK_KRB5_RC4_128_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 25 VRS */
- {
- 1,
- SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
- SSL3_CK_KRB5_IDEA_128_CBC_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_IDEA|SSL_MD5 |SSL_SSLV3,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 26 VRS */
- {
- 1,
- SSL3_TXT_KRB5_DES_40_CBC_SHA,
- SSL3_CK_KRB5_DES_40_CBC_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 27 VRS */
- {
- 1,
- SSL3_TXT_KRB5_RC2_40_CBC_SHA,
- SSL3_CK_KRB5_RC2_40_CBC_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_SHA1 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 28 VRS */
- {
- 1,
- SSL3_TXT_KRB5_RC4_40_SHA,
- SSL3_CK_KRB5_RC4_40_SHA,
- SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_SHA1 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 29 VRS */
- {
- 1,
- SSL3_TXT_KRB5_DES_40_CBC_MD5,
- SSL3_CK_KRB5_DES_40_CBC_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 2A VRS */
- {
- 1,
- SSL3_TXT_KRB5_RC2_40_CBC_MD5,
- SSL3_CK_KRB5_RC2_40_CBC_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_RC2|SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 2B VRS */
- {
- 1,
- SSL3_TXT_KRB5_RC4_40_MD5,
- SSL3_CK_KRB5_RC4_40_MD5,
- SSL_kKRB5|SSL_aKRB5| SSL_RC4|SSL_MD5 |SSL_SSLV3,
- SSL_EXPORT|SSL_EXP40,
- 0,
- 40,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif /* OPENSSL_NO_KRB5 */
-/* New AES ciphersuites */
-
-/* Cipher 2F */
- {
- 1,
- TLS1_TXT_RSA_WITH_AES_128_SHA,
- TLS1_CK_RSA_WITH_AES_128_SHA,
- SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 30 */
- {
- 0,
- TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
- TLS1_CK_DH_DSS_WITH_AES_128_SHA,
- SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 31 */
- {
- 0,
- TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
- TLS1_CK_DH_RSA_WITH_AES_128_SHA,
- SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 32 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
- TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
- SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 33 */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
- TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
- SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 34 */
- {
- 1,
- TLS1_TXT_ADH_WITH_AES_128_SHA,
- TLS1_CK_ADH_WITH_AES_128_SHA,
- SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-/* Cipher 35 */
- {
- 1,
- TLS1_TXT_RSA_WITH_AES_256_SHA,
- TLS1_CK_RSA_WITH_AES_256_SHA,
- SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 36 */
- {
- 0,
- TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
- TLS1_CK_DH_DSS_WITH_AES_256_SHA,
- SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 37 */
- {
- 0,
- TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
- TLS1_CK_DH_RSA_WITH_AES_256_SHA,
- SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 38 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
- TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
- SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-/* Cipher 39 */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
- TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
- SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 3A */
- {
- 1,
- TLS1_TXT_ADH_WITH_AES_256_SHA,
- TLS1_CK_ADH_WITH_AES_256_SHA,
- SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
-#ifndef OPENSSL_NO_CAMELLIA
- /* Camellia ciphersuites from RFC4132 (128-bit portion) */
-
- /* Cipher 41 */
- {
- 1,
- TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 42 */
- {
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 43 */
- {
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 44 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 45 */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 46 */
- {
- 1,
- TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
- TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
-#endif /* OPENSSL_NO_CAMELLIA */
-
-#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
- /* New TLS Export CipherSuites from expired ID */
-#if 0
- /* Cipher 60 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
- TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 61 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
- TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
- SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif
- /* Cipher 62 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
- SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 63 */
- {
- 1,
- TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
- TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
- SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 56,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 64 */
- {
- 1,
- TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
- TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
- SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 65 */
- {
- 1,
- TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
- TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
- SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_EXPORT|SSL_EXP56,
- 0,
- 56,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
- /* Cipher 66 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
- TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
- SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_MEDIUM,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
-#endif
-
-#ifndef OPENSSL_NO_CAMELLIA
- /* Camellia ciphersuites from RFC4132 (256-bit portion) */
-
- /* Cipher 84 */
- {
- 1,
- TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kRSA|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 85 */
- {
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kDHd|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 86 */
- {
- 0, /* not implemented (non-ephemeral DH) */
- TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kDHr|SSL_aDH|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 87 */
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH|SSL_aDSS|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 88 */
- {
- 1,
- TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH|SSL_aRSA|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
- /* Cipher 89 */
- {
- 1,
- TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
- TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH|SSL_aNULL|SSL_CAMELLIA|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS
- },
-#endif /* OPENSSL_NO_CAMELLIA */
-
-#ifndef OPENSSL_NO_ECDH
- /* Cipher C001 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
- SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C002 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
- SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C003 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C004 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
- SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C005 */
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
- SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C006 */
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
- SSL_kECDHE|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C007 */
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
- SSL_kECDHE|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C008 */
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDHE|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C009 */
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C00A */
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C00B */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
- TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
- SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C00C */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
- SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C00D */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C00E */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
- SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C00F */
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
- SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C010 */
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
- TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
- SSL_kECDHE|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C011 */
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
- SSL_kECDHE|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C012 */
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
- SSL_kECDHE|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C013 */
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C014 */
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C015 */
- {
- 1,
- TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
- TLS1_CK_ECDH_anon_WITH_NULL_SHA,
- SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 0,
- 0,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C016 */
- {
- 1,
- TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
- TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
- SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C017 */
- {
- 1,
- TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
- TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
- SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 168,
- 168,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C018 */
- {
- 1,
- TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
- SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 128,
- 128,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-
- /* Cipher C019 */
- {
- 1,
- TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
- SSL_kECDHE|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
- SSL_NOT_EXP|SSL_HIGH,
- 0,
- 256,
- 256,
- SSL_ALL_CIPHERS,
- SSL_ALL_STRENGTHS,
- },
-#endif /* OPENSSL_NO_ECDH */
-
-
-/* end of list */
- };
-
-SSL3_ENC_METHOD SSLv3_enc_data={
- ssl3_enc,
- ssl3_mac,
- ssl3_setup_key_block,
- ssl3_generate_master_secret,
- ssl3_change_cipher_state,
- ssl3_final_finish_mac,
- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
- ssl3_cert_verify_mac,
- SSL3_MD_CLIENT_FINISHED_CONST,4,
- SSL3_MD_SERVER_FINISHED_CONST,4,
- ssl3_alert_code,
- };
-
-long ssl3_default_timeout(void)
- {
- /* 2 hours, the 24 hours mentioned in the SSLv3 spec
- * is way too long for http, the cache would over fill */
- return(60*60*2);
- }
-
-IMPLEMENT_ssl3_meth_func(sslv3_base_method,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl_bad_method)
-
-int ssl3_num_ciphers(void)
- {
- return(SSL3_NUM_CIPHERS);
- }
-
-SSL_CIPHER *ssl3_get_cipher(unsigned int u)
- {
- if (u < SSL3_NUM_CIPHERS)
- return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
- else
- return(NULL);
- }
-
-int ssl3_pending(const SSL *s)
- {
- if (s->rstate == SSL_ST_READ_BODY)
- return 0;
-
- return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
- }
-
-int ssl3_new(SSL *s)
- {
- SSL3_STATE *s3;
-
- if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
- memset(s3,0,sizeof *s3);
- EVP_MD_CTX_init(&s3->finish_dgst1);
- EVP_MD_CTX_init(&s3->finish_dgst2);
- pq_64bit_init(&(s3->rrec.seq_num));
- pq_64bit_init(&(s3->wrec.seq_num));
-
- s->s3=s3;
-
- s->method->ssl_clear(s);
- return(1);
-err:
- return(0);
- }
-
-void ssl3_free(SSL *s)
- {
- if(s == NULL)
- return;
-
- ssl3_cleanup_key_block(s);
- if (s->s3->rbuf.buf != NULL)
- OPENSSL_free(s->s3->rbuf.buf);
- if (s->s3->wbuf.buf != NULL)
- OPENSSL_free(s->s3->wbuf.buf);
- if (s->s3->rrec.comp != NULL)
- OPENSSL_free(s->s3->rrec.comp);
-#ifndef OPENSSL_NO_DH
- if (s->s3->tmp.dh != NULL)
- DH_free(s->s3->tmp.dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (s->s3->tmp.ecdh != NULL)
- EC_KEY_free(s->s3->tmp.ecdh);
-#endif
-
- if (s->s3->tmp.ca_names != NULL)
- sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
- EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
- EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
- pq_64bit_free(&(s->s3->rrec.seq_num));
- pq_64bit_free(&(s->s3->wrec.seq_num));
-
- OPENSSL_cleanse(s->s3,sizeof *s->s3);
- OPENSSL_free(s->s3);
- s->s3=NULL;
- }
-
-void ssl3_clear(SSL *s)
- {
- unsigned char *rp,*wp;
- size_t rlen, wlen;
-
- ssl3_cleanup_key_block(s);
- if (s->s3->tmp.ca_names != NULL)
- sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
-
- if (s->s3->rrec.comp != NULL)
- {
- OPENSSL_free(s->s3->rrec.comp);
- s->s3->rrec.comp=NULL;
- }
-#ifndef OPENSSL_NO_DH
- if (s->s3->tmp.dh != NULL)
- DH_free(s->s3->tmp.dh);
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (s->s3->tmp.ecdh != NULL)
- EC_KEY_free(s->s3->tmp.ecdh);
-#endif
-
- rp = s->s3->rbuf.buf;
- wp = s->s3->wbuf.buf;
- rlen = s->s3->rbuf.len;
- wlen = s->s3->wbuf.len;
-
- EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
- EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
-
- memset(s->s3,0,sizeof *s->s3);
- s->s3->rbuf.buf = rp;
- s->s3->wbuf.buf = wp;
- s->s3->rbuf.len = rlen;
- s->s3->wbuf.len = wlen;
-
- ssl_free_wbio_buffer(s);
-
- s->packet_length=0;
- s->s3->renegotiate=0;
- s->s3->total_renegotiations=0;
- s->s3->num_renegotiations=0;
- s->s3->in_read_app_data=0;
- s->version=SSL3_VERSION;
- }
-
-long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
- {
- int ret=0;
-
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
- if (
-#ifndef OPENSSL_NO_RSA
- cmd == SSL_CTRL_SET_TMP_RSA ||
- cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef OPENSSL_NO_DSA
- cmd == SSL_CTRL_SET_TMP_DH ||
- cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
- 0)
- {
- if (!ssl_cert_inst(&s->cert))
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
- return(0);
- }
- }
-#endif
-
- switch (cmd)
- {
- case SSL_CTRL_GET_SESSION_REUSED:
- ret=s->hit;
- break;
- case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
- break;
- case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
- ret=s->s3->num_renegotiations;
- break;
- case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
- ret=s->s3->num_renegotiations;
- s->s3->num_renegotiations=0;
- break;
- case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
- ret=s->s3->total_renegotiations;
- break;
- case SSL_CTRL_GET_FLAGS:
- ret=(int)(s->s3->flags);
- break;
-#ifndef OPENSSL_NO_RSA
- case SSL_CTRL_NEED_TMP_RSA:
- if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
- ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
- (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
- ret = 1;
- break;
- case SSL_CTRL_SET_TMP_RSA:
- {
- RSA *rsa = (RSA *)parg;
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
- return(ret);
- }
- if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
- return(ret);
- }
- if (s->cert->rsa_tmp != NULL)
- RSA_free(s->cert->rsa_tmp);
- s->cert->rsa_tmp = rsa;
- ret = 1;
- }
- break;
- case SSL_CTRL_SET_TMP_RSA_CB:
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(ret);
- }
- break;
-#endif
-#ifndef OPENSSL_NO_DH
- case SSL_CTRL_SET_TMP_DH:
- {
- DH *dh = (DH *)parg;
- if (dh == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
- return(ret);
- }
- if ((dh = DHparams_dup(dh)) == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
- return(ret);
- }
- if (!(s->options & SSL_OP_SINGLE_DH_USE))
- {
- if (!DH_generate_key(dh))
- {
- DH_free(dh);
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
- return(ret);
- }
- }
- if (s->cert->dh_tmp != NULL)
- DH_free(s->cert->dh_tmp);
- s->cert->dh_tmp = dh;
- ret = 1;
- }
- break;
- case SSL_CTRL_SET_TMP_DH_CB:
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(ret);
- }
- break;
-#endif
-#ifndef OPENSSL_NO_ECDH
- case SSL_CTRL_SET_TMP_ECDH:
- {
- EC_KEY *ecdh = NULL;
-
- if (parg == NULL)
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
- return(ret);
- }
- if (!EC_KEY_up_ref((EC_KEY *)parg))
- {
- SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
- return(ret);
- }
- ecdh = (EC_KEY *)parg;
- if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
- {
- if (!EC_KEY_generate_key(ecdh))
- {
- EC_KEY_free(ecdh);
- SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
- return(ret);
- }
- }
- if (s->cert->ecdh_tmp != NULL)
- EC_KEY_free(s->cert->ecdh_tmp);
- s->cert->ecdh_tmp = ecdh;
- ret = 1;
- }
- break;
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(ret);
- }
- break;
-#endif /* !OPENSSL_NO_ECDH */
- default:
- break;
- }
- return(ret);
- }
-
-long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
- {
- int ret=0;
-
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
- if (
-#ifndef OPENSSL_NO_RSA
- cmd == SSL_CTRL_SET_TMP_RSA_CB ||
-#endif
-#ifndef OPENSSL_NO_DSA
- cmd == SSL_CTRL_SET_TMP_DH_CB ||
-#endif
- 0)
- {
- if (!ssl_cert_inst(&s->cert))
- {
- SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
- return(0);
- }
- }
-#endif
-
- switch (cmd)
- {
-#ifndef OPENSSL_NO_RSA
- case SSL_CTRL_SET_TMP_RSA_CB:
- {
- s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_DH
- case SSL_CTRL_SET_TMP_DH_CB:
- {
- s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_ECDH
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
- default:
- break;
- }
- return(ret);
- }
-
-long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
- {
- CERT *cert;
-
- cert=ctx->cert;
-
- switch (cmd)
- {
-#ifndef OPENSSL_NO_RSA
- case SSL_CTRL_NEED_TMP_RSA:
- if ( (cert->rsa_tmp == NULL) &&
- ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
- (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))
- )
- return(1);
- else
- return(0);
- /* break; */
- case SSL_CTRL_SET_TMP_RSA:
- {
- RSA *rsa;
- int i;
-
- rsa=(RSA *)parg;
- i=1;
- if (rsa == NULL)
- i=0;
- else
- {
- if ((rsa=RSAPrivateKey_dup(rsa)) == NULL)
- i=0;
- }
- if (!i)
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB);
- return(0);
- }
- else
- {
- if (cert->rsa_tmp != NULL)
- RSA_free(cert->rsa_tmp);
- cert->rsa_tmp=rsa;
- return(1);
- }
- }
- /* break; */
- case SSL_CTRL_SET_TMP_RSA_CB:
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
- break;
-#endif
-#ifndef OPENSSL_NO_DH
- case SSL_CTRL_SET_TMP_DH:
- {
- DH *new=NULL,*dh;
-
- dh=(DH *)parg;
- if ((new=DHparams_dup(dh)) == NULL)
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
- return 0;
- }
- if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
- {
- if (!DH_generate_key(new))
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
- DH_free(new);
- return 0;
- }
- }
- if (cert->dh_tmp != NULL)
- DH_free(cert->dh_tmp);
- cert->dh_tmp=new;
- return 1;
- }
- /*break; */
- case SSL_CTRL_SET_TMP_DH_CB:
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
- break;
-#endif
-#ifndef OPENSSL_NO_ECDH
- case SSL_CTRL_SET_TMP_ECDH:
- {
- EC_KEY *ecdh = NULL;
-
- if (parg == NULL)
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
- return 0;
- }
- ecdh = EC_KEY_dup((EC_KEY *)parg);
- if (ecdh == NULL)
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_EC_LIB);
- return 0;
- }
- if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
- {
- if (!EC_KEY_generate_key(ecdh))
- {
- EC_KEY_free(ecdh);
- SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
- return 0;
- }
- }
-
- if (cert->ecdh_tmp != NULL)
- {
- EC_KEY_free(cert->ecdh_tmp);
- }
- cert->ecdh_tmp = ecdh;
- return 1;
- }
- /* break; */
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
- break;
-#endif /* !OPENSSL_NO_ECDH */
- /* A Thawte special :-) */
- case SSL_CTRL_EXTRA_CHAIN_CERT:
- if (ctx->extra_certs == NULL)
- {
- if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
- return(0);
- }
- sk_X509_push(ctx->extra_certs,(X509 *)parg);
- break;
-
- default:
- return(0);
- }
- return(1);
- }
-
-long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
- {
- CERT *cert;
-
- cert=ctx->cert;
-
- switch (cmd)
- {
-#ifndef OPENSSL_NO_RSA
- case SSL_CTRL_SET_TMP_RSA_CB:
- {
- cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_DH
- case SSL_CTRL_SET_TMP_DH_CB:
- {
- cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
-#ifndef OPENSSL_NO_ECDH
- case SSL_CTRL_SET_TMP_ECDH_CB:
- {
- cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
- }
- break;
-#endif
- default:
- return(0);
- }
- return(1);
- }
-
-/* This function needs to check if the ciphers required are actually
- * available */
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
- {
- SSL_CIPHER c,*cp;
- unsigned long id;
-
- id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
- c.id=id;
- cp = (SSL_CIPHER *)OBJ_bsearch((char *)&c,
- (char *)ssl3_ciphers,
- SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER),
- FP_ICC ssl_cipher_id_cmp);
- if (cp == NULL || cp->valid == 0)
- return NULL;
- else
- return cp;
- }
-
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
- {
- long l;
-
- if (p != NULL)
- {
- l=c->id;
- if ((l & 0xff000000) != 0x03000000) return(0);
- p[0]=((unsigned char)(l>> 8L))&0xFF;
- p[1]=((unsigned char)(l ))&0xFF;
- }
- return(2);
- }
-
-SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
- STACK_OF(SSL_CIPHER) *srvr)
- {
- SSL_CIPHER *c,*ret=NULL;
- STACK_OF(SSL_CIPHER) *prio, *allow;
- int i,j,ok;
- CERT *cert;
- unsigned long alg,mask,emask;
-
- /* Let's see which ciphers we can support */
- cert=s->cert;
-
-#if 0
- /* Do not set the compare functions, because this may lead to a
- * reordering by "id". We want to keep the original ordering.
- * We may pay a price in performance during sk_SSL_CIPHER_find(),
- * but would have to pay with the price of sk_SSL_CIPHER_dup().
- */
- sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
- sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
-#endif
-
-#ifdef CIPHER_DEBUG
- printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
- for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
- {
- c=sk_SSL_CIPHER_value(srvr,i);
- printf("%p:%s\n",c,c->name);
- }
- printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
- for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
- {
- c=sk_SSL_CIPHER_value(clnt,i);
- printf("%p:%s\n",c,c->name);
- }
-#endif
-
- if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
- {
- prio = srvr;
- allow = clnt;
- }
- else
- {
- prio = clnt;
- allow = srvr;
- }
-
- for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
- {
- c=sk_SSL_CIPHER_value(prio,i);
-
- ssl_set_cert_masks(cert,c);
- mask=cert->mask;
- emask=cert->export_mask;
-
-#ifdef KSSL_DEBUG
- printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
-#endif /* KSSL_DEBUG */
-
- alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
-#ifndef OPENSSL_NO_KRB5
- if (alg & SSL_KRB5)
- {
- if ( !kssl_keytab_is_available(s->kssl_ctx) )
- continue;
- }
-#endif /* OPENSSL_NO_KRB5 */
- if (SSL_C_IS_EXPORT(c))
- {
- ok=((alg & emask) == alg)?1:0;
-#ifdef CIPHER_DEBUG
- printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
- c,c->name);
-#endif
- }
- else
- {
- ok=((alg & mask) == alg)?1:0;
-#ifdef CIPHER_DEBUG
- printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
- c->name);
-#endif
- }
-
- if (!ok) continue;
- j=sk_SSL_CIPHER_find(allow,c);
- if (j >= 0)
- {
- ret=sk_SSL_CIPHER_value(allow,j);
- break;
- }
- }
- return(ret);
- }
-
-int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
- {
- int ret=0;
- unsigned long alg;
-
- alg=s->s3->tmp.new_cipher->algorithms;
-
-#ifndef OPENSSL_NO_DH
- if (alg & (SSL_kDHr|SSL_kEDH))
- {
-# ifndef OPENSSL_NO_RSA
- p[ret++]=SSL3_CT_RSA_FIXED_DH;
-# endif
-# ifndef OPENSSL_NO_DSA
- p[ret++]=SSL3_CT_DSS_FIXED_DH;
-# endif
- }
- if ((s->version == SSL3_VERSION) &&
- (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
- {
-# ifndef OPENSSL_NO_RSA
- p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
-# endif
-# ifndef OPENSSL_NO_DSA
- p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
-# endif
- }
-#endif /* !OPENSSL_NO_DH */
-#ifndef OPENSSL_NO_RSA
- p[ret++]=SSL3_CT_RSA_SIGN;
-#endif
-#ifndef OPENSSL_NO_DSA
- p[ret++]=SSL3_CT_DSS_SIGN;
-#endif
-#ifndef OPENSSL_NO_ECDH
- /* We should ask for fixed ECDH certificates only
- * for SSL_kECDH (and not SSL_kECDHE)
- */
- if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
- {
- p[ret++]=TLS_CT_RSA_FIXED_ECDH;
- p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
- }
-#endif
-
-#ifndef OPENSSL_NO_ECDSA
- /* ECDSA certs can be used with RSA cipher suites as well
- * so we don't need to check for SSL_kECDH or SSL_kECDHE
- */
- if (s->version >= TLS1_VERSION)
- {
- p[ret++]=TLS_CT_ECDSA_SIGN;
- }
-#endif
- return(ret);
- }
-
-int ssl3_shutdown(SSL *s)
- {
-
- /* Don't do anything much if we have not done the handshake or
- * we don't want to send messages :-) */
- if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE))
- {
- s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
- return(1);
- }
-
- if (!(s->shutdown & SSL_SENT_SHUTDOWN))
- {
- s->shutdown|=SSL_SENT_SHUTDOWN;
-#if 1
- ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY);
-#endif
- /* our shutdown alert has been sent now, and if it still needs
- * to be written, s->s3->alert_dispatch will be true */
- }
- else if (s->s3->alert_dispatch)
- {
- /* resend it if not sent */
-#if 1
- s->method->ssl_dispatch_alert(s);
-#endif
- }
- else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
- {
- /* If we are waiting for a close from our peer, we are closed */
- s->method->ssl_read_bytes(s,0,NULL,0,0);
- }
-
- if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
- !s->s3->alert_dispatch)
- return(1);
- else
- return(0);
- }
-
-int ssl3_write(SSL *s, const void *buf, int len)
- {
- int ret,n;
-
-#if 0
- if (s->shutdown & SSL_SEND_SHUTDOWN)
- {
- s->rwstate=SSL_NOTHING;
- return(0);
- }
-#endif
- clear_sys_error();
- if (s->s3->renegotiate) ssl3_renegotiate_check(s);
-
- /* This is an experimental flag that sends the
- * last handshake message in the same packet as the first
- * use data - used to see if it helps the TCP protocol during
- * session-id reuse */
- /* The second test is because the buffer may have been removed */
- if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
- {
- /* First time through, we write into the buffer */
- if (s->s3->delay_buf_pop_ret == 0)
- {
- ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
- buf,len);
- if (ret <= 0) return(ret);
-
- s->s3->delay_buf_pop_ret=ret;
- }
-
- s->rwstate=SSL_WRITING;
- n=BIO_flush(s->wbio);
- if (n <= 0) return(n);
- s->rwstate=SSL_NOTHING;
-
- /* We have flushed the buffer, so remove it */
- ssl_free_wbio_buffer(s);
- s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
-
- ret=s->s3->delay_buf_pop_ret;
- s->s3->delay_buf_pop_ret=0;
- }
- else
- {
- ret=s->method->ssl_write_bytes(s,SSL3_RT_APPLICATION_DATA,
- buf,len);
- if (ret <= 0) return(ret);
- }
-
- return(ret);
- }
-
-static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
- {
- int ret;
-
- clear_sys_error();
- if (s->s3->renegotiate) ssl3_renegotiate_check(s);
- s->s3->in_read_app_data=1;
- ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
- if ((ret == -1) && (s->s3->in_read_app_data == 2))
- {
- /* ssl3_read_bytes decided to call s->handshake_func, which
- * called ssl3_read_bytes to read handshake data.
- * However, ssl3_read_bytes actually found application data
- * and thinks that application data makes sense here; so disable
- * handshake processing and try to read application data again. */
- s->in_handshake++;
- ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
- s->in_handshake--;
- }
- else
- s->s3->in_read_app_data=0;
-
- return(ret);
- }
-
-int ssl3_read(SSL *s, void *buf, int len)
- {
- return ssl3_read_internal(s, buf, len, 0);
- }
-
-int ssl3_peek(SSL *s, void *buf, int len)
- {
- return ssl3_read_internal(s, buf, len, 1);
- }
-
-int ssl3_renegotiate(SSL *s)
- {
- if (s->handshake_func == NULL)
- return(1);
-
- if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
- return(0);
-
- s->s3->renegotiate=1;
- return(1);
- }
-
-int ssl3_renegotiate_check(SSL *s)
- {
- int ret=0;
-
- if (s->s3->renegotiate)
- {
- if ( (s->s3->rbuf.left == 0) &&
- (s->s3->wbuf.left == 0) &&
- !SSL_in_init(s))
- {
-/*
-if we are the server, and we have sent a 'RENEGOTIATE' message, we
-need to go to SSL_ST_ACCEPT.
-*/
- /* SSL_ST_ACCEPT */
- s->state=SSL_ST_RENEGOTIATE;
- s->s3->renegotiate=0;
- s->s3->num_renegotiations++;
- s->s3->total_renegotiations++;
- ret=1;
- }
- }
- return(ret);
- }
-
diff --git a/crypto/openssl/ssl/s3_meth.c b/crypto/openssl/ssl/s3_meth.c
deleted file mode 100644
index 6a6eb1c..0000000
--- a/crypto/openssl/ssl/s3_meth.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/* ssl/s3_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *ssl3_get_method(int ver);
-static SSL_METHOD *ssl3_get_method(int ver)
- {
- if (ver == SSL3_VERSION)
- return(SSLv3_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl3_meth_func(SSLv3_method,
- ssl3_accept,
- ssl3_connect,
- ssl3_get_method)
-
-
diff --git a/crypto/openssl/ssl/s3_pkt.c b/crypto/openssl/ssl/s3_pkt.c
deleted file mode 100644
index 44c7c14..0000000
--- a/crypto/openssl/ssl/s3_pkt.c
+++ /dev/null
@@ -1,1311 +0,0 @@
-/* ssl/s3_pkt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include <errno.h>
-#define USE_SOCKETS
-#include "ssl_locl.h"
-#include <openssl/evp.h>
-#include <openssl/buffer.h>
-
-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
- unsigned int len, int create_empty_fragment);
-static int ssl3_get_record(SSL *s);
-
-int ssl3_read_n(SSL *s, int n, int max, int extend)
- {
- /* If extend == 0, obtain new n-byte packet; if extend == 1, increase
- * packet by another n bytes.
- * The packet will be in the sub-array of s->s3->rbuf.buf specified
- * by s->packet and s->packet_length.
- * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
- * [plus s->packet_length bytes if extend == 1].)
- */
- int i,off,newb;
-
- if (!extend)
- {
- /* start with empty packet ... */
- if (s->s3->rbuf.left == 0)
- s->s3->rbuf.offset = 0;
- s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;
- s->packet_length = 0;
- /* ... now we can act as if 'extend' was set */
- }
-
- /* extend reads should not span multiple packets for DTLS */
- if ( SSL_version(s) == DTLS1_VERSION &&
- extend)
- {
- if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left)
- n = s->s3->rbuf.left;
- }
-
- /* if there is enough in the buffer from a previous read, take some */
- if (s->s3->rbuf.left >= (int)n)
- {
- s->packet_length+=n;
- s->s3->rbuf.left-=n;
- s->s3->rbuf.offset+=n;
- return(n);
- }
-
- /* else we need to read more data */
- if (!s->read_ahead)
- max=n;
-
- {
- /* avoid buffer overflow */
- int max_max = s->s3->rbuf.len - s->packet_length;
- if (max > max_max)
- max = max_max;
- }
- if (n > max) /* does not happen */
- {
- SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
- return -1;
- }
-
- off = s->packet_length;
- newb = s->s3->rbuf.left;
- /* Move any available bytes to front of buffer:
- * 'off' bytes already pointed to by 'packet',
- * 'newb' extra ones at the end */
- if (s->packet != s->s3->rbuf.buf)
- {
- /* off > 0 */
- memmove(s->s3->rbuf.buf, s->packet, off+newb);
- s->packet = s->s3->rbuf.buf;
- }
-
- while (newb < n)
- {
- /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need
- * to read in more until we have off+n (up to off+max if possible) */
-
- clear_sys_error();
- if (s->rbio != NULL)
- {
- s->rwstate=SSL_READING;
- i=BIO_read(s->rbio, &(s->s3->rbuf.buf[off+newb]), max-newb);
- }
- else
- {
- SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
- i = -1;
- }
-
- if (i <= 0)
- {
- s->s3->rbuf.left = newb;
- return(i);
- }
- newb+=i;
- }
-
- /* done reading, now the book-keeping */
- s->s3->rbuf.offset = off + n;
- s->s3->rbuf.left = newb - n;
- s->packet_length += n;
- s->rwstate=SSL_NOTHING;
- return(n);
- }
-
-/* Call this to get a new input record.
- * It will return <= 0 if more data is needed, normally due to an error
- * or non-blocking IO.
- * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type - is the type of record
- * ssl->s3->rrec.data, - data
- * ssl->s3->rrec.length, - number of bytes
- */
-/* used only by ssl3_read_bytes */
-static int ssl3_get_record(SSL *s)
- {
- int ssl_major,ssl_minor,al;
- int enc_err,n,i,ret= -1;
- SSL3_RECORD *rr;
- SSL_SESSION *sess;
- unsigned char *p;
- unsigned char md[EVP_MAX_MD_SIZE];
- short version;
- unsigned int mac_size;
- int clear=0;
- size_t extra;
- int decryption_failed_or_bad_record_mac = 0;
- unsigned char *mac = NULL;
-
- rr= &(s->s3->rrec);
- sess=s->session;
-
- if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
- extra=SSL3_RT_MAX_EXTRA;
- else
- extra=0;
- if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE)
- {
- /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
- * set after ssl3_setup_buffers() was done */
- SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
- return -1;
- }
-
-again:
- /* check if we have the header */
- if ( (s->rstate != SSL_ST_READ_BODY) ||
- (s->packet_length < SSL3_RT_HEADER_LENGTH))
- {
- n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
- if (n <= 0) return(n); /* error or non-blocking */
- s->rstate=SSL_ST_READ_BODY;
-
- p=s->packet;
-
- /* Pull apart the header into the SSL3_RECORD */
- rr->type= *(p++);
- ssl_major= *(p++);
- ssl_minor= *(p++);
- version=(ssl_major<<8)|ssl_minor;
- n2s(p,rr->length);
-
- /* Lets check version */
- if (!s->first_packet)
- {
- if (version != s->version)
- {
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
- /* Send back error using their
- * version number :-) */
- s->version=version;
- al=SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- }
- }
-
- if ((version>>8) != SSL3_VERSION_MAJOR)
- {
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
- goto err;
- }
-
- if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
- goto f_err;
- }
-
- /* now s->rstate == SSL_ST_READ_BODY */
- }
-
- /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
-
- if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
- {
- /* now s->packet_length == SSL3_RT_HEADER_LENGTH */
- i=rr->length;
- n=ssl3_read_n(s,i,i,1);
- if (n <= 0) return(n); /* error or non-blocking io */
- /* now n == rr->length,
- * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
- }
-
- s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
-
- /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
- * and we have that many bytes in s->packet
- */
- rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
-
- /* ok, we can now read from 's->packet' data into 'rr'
- * rr->input points at rr->length bytes, which
- * need to be copied into rr->data by either
- * the decryption or by the decompression
- * When the data is 'copied' into the rr->data buffer,
- * rr->input will be pointed at the new buffer */
-
- /* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
- * rr->length bytes of encrypted compressed stuff. */
-
- /* check is not needed I believe */
- if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
- goto f_err;
- }
-
- /* decrypt in place in 'rr->input' */
- rr->data=rr->input;
-
- enc_err = s->method->ssl3_enc->enc(s,0);
- if (enc_err <= 0)
- {
- if (enc_err == 0)
- /* SSLerr() and ssl3_send_alert() have been called */
- goto err;
-
- /* Otherwise enc_err == -1, which indicates bad padding
- * (rec->length has not been changed in this case).
- * To minimize information leaked via timing, we will perform
- * the MAC computation anyway. */
- decryption_failed_or_bad_record_mac = 1;
- }
-
-#ifdef TLS_DEBUG
-printf("dec %d\n",rr->length);
-{ unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
-printf("\n");
-#endif
-
- /* r->length is now the compressed data plus mac */
- if ( (sess == NULL) ||
- (s->enc_read_ctx == NULL) ||
- (s->read_hash == NULL))
- clear=1;
-
- if (!clear)
- {
- mac_size=EVP_MD_size(s->read_hash);
-
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
- {
-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
- goto f_err;
-#else
- decryption_failed_or_bad_record_mac = 1;
-#endif
- }
- /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
- if (rr->length >= mac_size)
- {
- rr->length -= mac_size;
- mac = &rr->data[rr->length];
- }
- else
- {
- /* record (minus padding) is too short to contain a MAC */
-#if 0 /* OK only for stream ciphers */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-#else
- decryption_failed_or_bad_record_mac = 1;
- rr->length = 0;
-#endif
- }
- i=s->method->ssl3_enc->mac(s,md,0);
- if (mac == NULL || memcmp(md, mac, mac_size) != 0)
- {
- decryption_failed_or_bad_record_mac = 1;
- }
- }
-
- if (decryption_failed_or_bad_record_mac)
- {
- /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
- * SSL 3.0 only has 'bad_record_mac'. But unless a decryption
- * failure is directly visible from the ciphertext anyway,
- * we should not reveal which kind of error occured -- this
- * might become visible to an attacker (e.g. via a logfile) */
- al=SSL_AD_BAD_RECORD_MAC;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
- goto f_err;
- }
-
- /* r->length is now just compressed */
- if (s->expand != NULL)
- {
- if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
- goto f_err;
- }
- if (!ssl3_do_uncompress(s))
- {
- al=SSL_AD_DECOMPRESSION_FAILURE;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION);
- goto f_err;
- }
- }
-
- if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
- {
- al=SSL_AD_RECORD_OVERFLOW;
- SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
- goto f_err;
- }
-
- rr->off=0;
- /* So at this point the following is true
- * ssl->s3->rrec.type is the type of record
- * ssl->s3->rrec.length == number of bytes in record
- * ssl->s3->rrec.off == offset to first valid byte
- * ssl->s3->rrec.data == where to take bytes from, increment
- * after use :-).
- */
-
- /* we have pulled in a full packet so zero things */
- s->packet_length=0;
-
- /* just read a 0 length packet */
- if (rr->length == 0) goto again;
-
- return(1);
-
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(ret);
- }
-
-int ssl3_do_uncompress(SSL *ssl)
- {
-#ifndef OPENSSL_NO_COMP
- int i;
- SSL3_RECORD *rr;
-
- rr= &(ssl->s3->rrec);
- i=COMP_expand_block(ssl->expand,rr->comp,
- SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length);
- if (i < 0)
- return(0);
- else
- rr->length=i;
- rr->data=rr->comp;
-#endif
- return(1);
- }
-
-int ssl3_do_compress(SSL *ssl)
- {
-#ifndef OPENSSL_NO_COMP
- int i;
- SSL3_RECORD *wr;
-
- wr= &(ssl->s3->wrec);
- i=COMP_compress_block(ssl->compress,wr->data,
- SSL3_RT_MAX_COMPRESSED_LENGTH,
- wr->input,(int)wr->length);
- if (i < 0)
- return(0);
- else
- wr->length=i;
-
- wr->input=wr->data;
-#endif
- return(1);
- }
-
-/* Call this to write data in records of type 'type'
- * It will return <= 0 if not all data has been sent or non-blocking IO.
- */
-int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
- {
- const unsigned char *buf=buf_;
- unsigned int tot,n,nw;
- int i;
-
- s->rwstate=SSL_NOTHING;
- tot=s->s3->wnum;
- s->s3->wnum=0;
-
- if (SSL_in_init(s) && !s->in_handshake)
- {
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return -1;
- }
- }
-
- n=(len-tot);
- for (;;)
- {
- if (n > SSL3_RT_MAX_PLAIN_LENGTH)
- nw=SSL3_RT_MAX_PLAIN_LENGTH;
- else
- nw=n;
-
- i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
- if (i <= 0)
- {
- s->s3->wnum=tot;
- return i;
- }
-
- if ((i == (int)n) ||
- (type == SSL3_RT_APPLICATION_DATA &&
- (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
- {
- /* next chunk of data should get another prepended empty fragment
- * in ciphersuites with known-IV weakness: */
- s->s3->empty_fragment_done = 0;
-
- return tot+i;
- }
-
- n-=i;
- tot+=i;
- }
- }
-
-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
- unsigned int len, int create_empty_fragment)
- {
- unsigned char *p,*plen;
- int i,mac_size,clear=0;
- int prefix_len = 0;
- SSL3_RECORD *wr;
- SSL3_BUFFER *wb;
- SSL_SESSION *sess;
-
- /* first check if there is a SSL3_BUFFER still being written
- * out. This will happen with non blocking IO */
- if (s->s3->wbuf.left != 0)
- return(ssl3_write_pending(s,type,buf,len));
-
- /* If we have an alert to send, lets send it */
- if (s->s3->alert_dispatch)
- {
- i=s->method->ssl_dispatch_alert(s);
- if (i <= 0)
- return(i);
- /* if it went, fall through and send more stuff */
- }
-
- if (len == 0 && !create_empty_fragment)
- return 0;
-
- wr= &(s->s3->wrec);
- wb= &(s->s3->wbuf);
- sess=s->session;
-
- if ( (sess == NULL) ||
- (s->enc_write_ctx == NULL) ||
- (s->write_hash == NULL))
- clear=1;
-
- if (clear)
- mac_size=0;
- else
- mac_size=EVP_MD_size(s->write_hash);
-
- /* 'create_empty_fragment' is true only when this function calls itself */
- if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
- {
- /* countermeasure against known-IV weakness in CBC ciphersuites
- * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
-
- if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
- {
- /* recursive function call with 'create_empty_fragment' set;
- * this prepares and buffers the data for an empty fragment
- * (these 'prefix_len' bytes are sent out later
- * together with the actual payload) */
- prefix_len = do_ssl3_write(s, type, buf, 0, 1);
- if (prefix_len <= 0)
- goto err;
-
- if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
- {
- /* insufficient space */
- SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
- }
-
- s->s3->empty_fragment_done = 1;
- }
-
- p = wb->buf + prefix_len;
-
- /* write the header */
-
- *(p++)=type&0xff;
- wr->type=type;
-
- *(p++)=(s->version>>8);
- *(p++)=s->version&0xff;
-
- /* field where we are to write out packet length */
- plen=p;
- p+=2;
-
- /* lets setup the record stuff. */
- wr->data=p;
- wr->length=(int)len;
- wr->input=(unsigned char *)buf;
-
- /* we now 'read' from wr->input, wr->length bytes into
- * wr->data */
-
- /* first we compress */
- if (s->compress != NULL)
- {
- if (!ssl3_do_compress(s))
- {
- SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE);
- goto err;
- }
- }
- else
- {
- memcpy(wr->data,wr->input,wr->length);
- wr->input=wr->data;
- }
-
- /* we should still have the output to wr->data and the input
- * from wr->input. Length should be wr->length.
- * wr->data still points in the wb->buf */
-
- if (mac_size != 0)
- {
- s->method->ssl3_enc->mac(s,&(p[wr->length]),1);
- wr->length+=mac_size;
- wr->input=p;
- wr->data=p;
- }
-
- /* ssl3_enc can only have an error on read */
- s->method->ssl3_enc->enc(s,1);
-
- /* record length after mac and block padding */
- s2n(wr->length,plen);
-
- /* we should now have
- * wr->data pointing to the encrypted data, which is
- * wr->length long */
- wr->type=type; /* not needed but helps for debugging */
- wr->length+=SSL3_RT_HEADER_LENGTH;
-
- if (create_empty_fragment)
- {
- /* we are in a recursive call;
- * just return the length, don't write out anything here
- */
- return wr->length;
- }
-
- /* now let's set up wb */
- wb->left = prefix_len + wr->length;
- wb->offset = 0;
-
- /* memorize arguments so that ssl3_write_pending can detect bad write retries later */
- s->s3->wpend_tot=len;
- s->s3->wpend_buf=buf;
- s->s3->wpend_type=type;
- s->s3->wpend_ret=len;
-
- /* we now just need to write the buffer */
- return ssl3_write_pending(s,type,buf,len);
-err:
- return -1;
- }
-
-/* if s->s3->wbuf.left != 0, we need to call this */
-int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
- unsigned int len)
- {
- int i;
-
-/* XXXX */
- if ((s->s3->wpend_tot > (int)len)
- || ((s->s3->wpend_buf != buf) &&
- !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
- || (s->s3->wpend_type != type))
- {
- SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
- return(-1);
- }
-
- for (;;)
- {
- clear_sys_error();
- if (s->wbio != NULL)
- {
- s->rwstate=SSL_WRITING;
- i=BIO_write(s->wbio,
- (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]),
- (unsigned int)s->s3->wbuf.left);
- }
- else
- {
- SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET);
- i= -1;
- }
- if (i == s->s3->wbuf.left)
- {
- s->s3->wbuf.left=0;
- s->rwstate=SSL_NOTHING;
- return(s->s3->wpend_ret);
- }
- else if (i <= 0)
- return(i);
- s->s3->wbuf.offset+=i;
- s->s3->wbuf.left-=i;
- }
- }
-
-/* Return up to 'len' payload bytes received in 'type' records.
- * 'type' is one of the following:
- *
- * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
- * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
- * - 0 (during a shutdown, no data has to be returned)
- *
- * If we don't have stored data to work from, read a SSL/TLS record first
- * (possibly multiple records if we still don't have anything to return).
- *
- * This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
- * Also if record payloads contain fragments too small to process, we store
- * them until there is enough for the respective protocol (the record protocol
- * may use arbitrary fragmentation and even interleaving):
- * Change cipher spec protocol
- * just 1 byte needed, no need for keeping anything stored
- * Alert protocol
- * 2 bytes needed (AlertLevel, AlertDescription)
- * Handshake protocol
- * 4 bytes needed (HandshakeType, uint24 length) -- we just have
- * to detect unexpected Client Hello and Hello Request messages
- * here, anything else is handled by higher layers
- * Application data protocol
- * none of our business
- */
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
- {
- int al,i,j,ret;
- unsigned int n;
- SSL3_RECORD *rr;
- void (*cb)(const SSL *ssl,int type2,int val)=NULL;
-
- if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
- if (!ssl3_setup_buffers(s))
- return(-1);
-
- if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
- (peek && (type != SSL3_RT_APPLICATION_DATA)))
- {
- SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
- return -1;
- }
-
- if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
- /* (partially) satisfy request from storage */
- {
- unsigned char *src = s->s3->handshake_fragment;
- unsigned char *dst = buf;
- unsigned int k;
-
- /* peek == 0 */
- n = 0;
- while ((len > 0) && (s->s3->handshake_fragment_len > 0))
- {
- *dst++ = *src++;
- len--; s->s3->handshake_fragment_len--;
- n++;
- }
- /* move any remaining fragment bytes: */
- for (k = 0; k < s->s3->handshake_fragment_len; k++)
- s->s3->handshake_fragment[k] = *src++;
- return n;
- }
-
- /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
-
- if (!s->in_handshake && SSL_in_init(s))
- {
- /* type == SSL3_RT_APPLICATION_DATA */
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
- }
-start:
- s->rwstate=SSL_NOTHING;
-
- /* s->s3->rrec.type - is the type of record
- * s->s3->rrec.data, - data
- * s->s3->rrec.off, - offset into 'data' for next read
- * s->s3->rrec.length, - number of bytes. */
- rr = &(s->s3->rrec);
-
- /* get new packet if necessary */
- if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
- {
- ret=ssl3_get_record(s);
- if (ret <= 0) return(ret);
- }
-
- /* we now have a packet which can be read and processed */
-
- if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
- * reset by ssl3_get_finished */
- && (rr->type != SSL3_RT_HANDSHAKE))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
- goto f_err;
- }
-
- /* If the other end has shut down, throw anything we read away
- * (even in 'peek' mode) */
- if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
- {
- rr->length=0;
- s->rwstate=SSL_NOTHING;
- return(0);
- }
-
-
- if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
- {
- /* make sure that we are not getting application data when we
- * are doing a handshake for the first time */
- if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
- (s->enc_read_ctx == NULL))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
- goto f_err;
- }
-
- if (len <= 0) return(len);
-
- if ((unsigned int)len > rr->length)
- n = rr->length;
- else
- n = (unsigned int)len;
-
- memcpy(buf,&(rr->data[rr->off]),n);
- if (!peek)
- {
- rr->length-=n;
- rr->off+=n;
- if (rr->length == 0)
- {
- s->rstate=SSL_ST_READ_HEADER;
- rr->off=0;
- }
- }
- return(n);
- }
-
-
- /* If we get here, then type != rr->type; if we have a handshake
- * message, then it was unexpected (Hello Request or Client Hello). */
-
- /* In case of record types for which we have 'fragment' storage,
- * fill that so that we can process the data at a fixed place.
- */
- {
- unsigned int dest_maxlen = 0;
- unsigned char *dest = NULL;
- unsigned int *dest_len = NULL;
-
- if (rr->type == SSL3_RT_HANDSHAKE)
- {
- dest_maxlen = sizeof s->s3->handshake_fragment;
- dest = s->s3->handshake_fragment;
- dest_len = &s->s3->handshake_fragment_len;
- }
- else if (rr->type == SSL3_RT_ALERT)
- {
- dest_maxlen = sizeof s->s3->alert_fragment;
- dest = s->s3->alert_fragment;
- dest_len = &s->s3->alert_fragment_len;
- }
-
- if (dest_maxlen > 0)
- {
- n = dest_maxlen - *dest_len; /* available space in 'dest' */
- if (rr->length < n)
- n = rr->length; /* available bytes */
-
- /* now move 'n' bytes: */
- while (n-- > 0)
- {
- dest[(*dest_len)++] = rr->data[rr->off++];
- rr->length--;
- }
-
- if (*dest_len < dest_maxlen)
- goto start; /* fragment was too small */
- }
- }
-
- /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE;
- * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT.
- * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
-
- /* If we are a client, check for an incoming 'Hello Request': */
- if ((!s->server) &&
- (s->s3->handshake_fragment_len >= 4) &&
- (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
- (s->session != NULL) && (s->session->cipher != NULL))
- {
- s->s3->handshake_fragment_len = 0;
-
- if ((s->s3->handshake_fragment[1] != 0) ||
- (s->s3->handshake_fragment[2] != 0) ||
- (s->s3->handshake_fragment[3] != 0))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
- goto f_err;
- }
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
-
- if (SSL_is_init_finished(s) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
- !s->s3->renegotiate)
- {
- ssl3_renegotiate(s);
- if (ssl3_renegotiate_check(s))
- {
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
-
- if (!(s->mode & SSL_MODE_AUTO_RETRY))
- {
- if (s->s3->rbuf.left == 0) /* no read-ahead left? */
- {
- BIO *bio;
- /* In the case where we try to read application data,
- * but we trigger an SSL handshake, we return -1 with
- * the retry option set. Otherwise renegotiation may
- * cause nasty problems in the blocking world */
- s->rwstate=SSL_READING;
- bio=SSL_get_rbio(s);
- BIO_clear_retry_flags(bio);
- BIO_set_retry_read(bio);
- return(-1);
- }
- }
- }
- }
- /* we either finished a handshake or ignored the request,
- * now try again to obtain the (application) data we were asked for */
- goto start;
- }
-
- if (s->s3->alert_fragment_len >= 2)
- {
- int alert_level = s->s3->alert_fragment[0];
- int alert_descr = s->s3->alert_fragment[1];
-
- s->s3->alert_fragment_len = 0;
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- if (cb != NULL)
- {
- j = (alert_level << 8) | alert_descr;
- cb(s, SSL_CB_READ_ALERT, j);
- }
-
- if (alert_level == 1) /* warning */
- {
- s->s3->warn_alert = alert_descr;
- if (alert_descr == SSL_AD_CLOSE_NOTIFY)
- {
- s->shutdown |= SSL_RECEIVED_SHUTDOWN;
- return(0);
- }
- }
- else if (alert_level == 2) /* fatal */
- {
- char tmp[16];
-
- s->rwstate=SSL_NOTHING;
- s->s3->fatal_alert = alert_descr;
- SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
- BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
- ERR_add_error_data(2,"SSL alert number ",tmp);
- s->shutdown|=SSL_RECEIVED_SHUTDOWN;
- SSL_CTX_remove_session(s->ctx,s->session);
- return(0);
- }
- else
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
- goto f_err;
- }
-
- goto start;
- }
-
- if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
- {
- s->rwstate=SSL_NOTHING;
- rr->length=0;
- return(0);
- }
-
- if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
- {
- /* 'Change Cipher Spec' is just a single byte, so we know
- * exactly what the record payload has to look like */
- if ( (rr->length != 1) || (rr->off != 0) ||
- (rr->data[0] != SSL3_MT_CCS))
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
- goto f_err;
- }
-
- /* Check we have a cipher to change to */
- if (s->s3->tmp.new_cipher == NULL)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY);
- goto f_err;
- }
-
- rr->length=0;
-
- if (s->msg_callback)
- s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
-
- s->s3->change_cipher_spec=1;
- if (!ssl3_do_change_cipher_spec(s))
- goto err;
- else
- goto start;
- }
-
- /* Unexpected handshake message (Client Hello, or protocol violation) */
- if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake)
- {
- if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
- !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
- {
-#if 0 /* worked only because C operator preferences are not as expected (and
- * because this is not really needed for clients except for detecting
- * protocol violations): */
- s->state=SSL_ST_BEFORE|(s->server)
- ?SSL_ST_ACCEPT
- :SSL_ST_CONNECT;
-#else
- s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
-#endif
- s->new_session=1;
- }
- i=s->handshake_func(s);
- if (i < 0) return(i);
- if (i == 0)
- {
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
- return(-1);
- }
-
- if (!(s->mode & SSL_MODE_AUTO_RETRY))
- {
- if (s->s3->rbuf.left == 0) /* no read-ahead left? */
- {
- BIO *bio;
- /* In the case where we try to read application data,
- * but we trigger an SSL handshake, we return -1 with
- * the retry option set. Otherwise renegotiation may
- * cause nasty problems in the blocking world */
- s->rwstate=SSL_READING;
- bio=SSL_get_rbio(s);
- BIO_clear_retry_flags(bio);
- BIO_set_retry_read(bio);
- return(-1);
- }
- }
- goto start;
- }
-
- switch (rr->type)
- {
- default:
-#ifndef OPENSSL_NO_TLS
- /* TLS just ignores unknown message types */
- if (s->version == TLS1_VERSION)
- {
- rr->length = 0;
- goto start;
- }
-#endif
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
- goto f_err;
- case SSL3_RT_CHANGE_CIPHER_SPEC:
- case SSL3_RT_ALERT:
- case SSL3_RT_HANDSHAKE:
- /* we already handled all of these, with the possible exception
- * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
- * should not happen when type != rr->type */
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);
- goto f_err;
- case SSL3_RT_APPLICATION_DATA:
- /* At this point, we were expecting handshake data,
- * but have application data. If the library was
- * running inside ssl3_read() (i.e. in_read_app_data
- * is set) and it makes sense to read application data
- * at this point (session renegotiation not yet started),
- * we will indulge it.
- */
- if (s->s3->in_read_app_data &&
- (s->s3->total_renegotiations != 0) &&
- ((
- (s->state & SSL_ST_CONNECT) &&
- (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
- (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
- ) || (
- (s->state & SSL_ST_ACCEPT) &&
- (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
- (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
- )
- ))
- {
- s->s3->in_read_app_data=2;
- return(-1);
- }
- else
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
- goto f_err;
- }
- }
- /* not reached */
-
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
- return(-1);
- }
-
-int ssl3_do_change_cipher_spec(SSL *s)
- {
- int i;
- const char *sender;
- int slen;
-
- if (s->state & SSL_ST_ACCEPT)
- i=SSL3_CHANGE_CIPHER_SERVER_READ;
- else
- i=SSL3_CHANGE_CIPHER_CLIENT_READ;
-
- if (s->s3->tmp.key_block == NULL)
- {
- s->session->cipher=s->s3->tmp.new_cipher;
- if (!s->method->ssl3_enc->setup_key_block(s)) return(0);
- }
-
- if (!s->method->ssl3_enc->change_cipher_state(s,i))
- return(0);
-
- /* we have to record the message digest at
- * this point so we can get it before we read
- * the finished message */
- if (s->state & SSL_ST_CONNECT)
- {
- sender=s->method->ssl3_enc->server_finished_label;
- slen=s->method->ssl3_enc->server_finished_label_len;
- }
- else
- {
- sender=s->method->ssl3_enc->client_finished_label;
- slen=s->method->ssl3_enc->client_finished_label_len;
- }
-
- s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->finish_dgst2),
- sender,slen,s->s3->tmp.peer_finish_md);
-
- return(1);
- }
-
-void ssl3_send_alert(SSL *s, int level, int desc)
- {
- /* Map tls/ssl alert value to correct one */
- desc=s->method->ssl3_enc->alert_value(desc);
- if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
- desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
- if (desc < 0) return;
- /* If a fatal one, remove from cache */
- if ((level == 2) && (s->session != NULL))
- SSL_CTX_remove_session(s->ctx,s->session);
-
- s->s3->alert_dispatch=1;
- s->s3->send_alert[0]=level;
- s->s3->send_alert[1]=desc;
- if (s->s3->wbuf.left == 0) /* data still being written out? */
- s->method->ssl_dispatch_alert(s);
- /* else data is still being written out, we will get written
- * some time in the future */
- }
-
-int ssl3_dispatch_alert(SSL *s)
- {
- int i,j;
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
-
- s->s3->alert_dispatch=0;
- i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
- if (i <= 0)
- {
- s->s3->alert_dispatch=1;
- }
- else
- {
- /* Alert sent to BIO. If it is important, flush it now.
- * If the message does not get sent due to non-blocking IO,
- * we will not worry too much. */
- if (s->s3->send_alert[0] == SSL3_AL_FATAL)
- (void)BIO_flush(s->wbio);
-
- if (s->msg_callback)
- s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- if (cb != NULL)
- {
- j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
- cb(s,SSL_CB_WRITE_ALERT,j);
- }
- }
- return(i);
- }
diff --git a/crypto/openssl/ssl/s3_srvr.c b/crypto/openssl/ssl/s3_srvr.c
deleted file mode 100644
index 9414cf0..0000000
--- a/crypto/openssl/ssl/s3_srvr.c
+++ /dev/null
@@ -1,2618 +0,0 @@
-/* ssl/s3_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-
-#define REUSE_CIPHER_BUG
-#define NETSCAPE_HANG_BUG
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-#ifndef OPENSSL_NO_KRB5
-#include <openssl/krb5_asn.h>
-#endif
-#include <openssl/md5.h>
-
-static SSL_METHOD *ssl3_get_server_method(int ver);
-
-#ifndef OPENSSL_NO_ECDH
-static int nid2curve_id(int nid);
-#endif
-
-static SSL_METHOD *ssl3_get_server_method(int ver)
- {
- if (ver == SSL3_VERSION)
- return(SSLv3_server_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
- ssl3_accept,
- ssl_undefined_function,
- ssl3_get_server_method)
-
-int ssl3_accept(SSL *s)
- {
- BUF_MEM *buf;
- unsigned long l,Time=(unsigned long)time(NULL);
- void (*cb)(const SSL *ssl,int type,int val)=NULL;
- long num1;
- int ret= -1;
- int new_state,state,skip=0;
-
- RAND_add(&Time,sizeof(Time),0);
- ERR_clear_error();
- clear_sys_error();
-
- if (s->info_callback != NULL)
- cb=s->info_callback;
- else if (s->ctx->info_callback != NULL)
- cb=s->ctx->info_callback;
-
- /* init things to blank */
- s->in_handshake++;
- if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
-
- if (s->cert == NULL)
- {
- SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
- return(-1);
- }
-
- for (;;)
- {
- state=s->state;
-
- switch (s->state)
- {
- case SSL_ST_RENEGOTIATE:
- s->new_session=1;
- /* s->state=SSL_ST_ACCEPT; */
-
- case SSL_ST_BEFORE:
- case SSL_ST_ACCEPT:
- case SSL_ST_BEFORE|SSL_ST_ACCEPT:
- case SSL_ST_OK|SSL_ST_ACCEPT:
-
- s->server=1;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
- if ((s->version>>8) != 3)
- {
- SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- s->type=SSL_ST_ACCEPT;
-
- if (s->init_buf == NULL)
- {
- if ((buf=BUF_MEM_new()) == NULL)
- {
- ret= -1;
- goto end;
- }
- if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
- {
- ret= -1;
- goto end;
- }
- s->init_buf=buf;
- }
-
- if (!ssl3_setup_buffers(s))
- {
- ret= -1;
- goto end;
- }
-
- s->init_num=0;
-
- if (s->state != SSL_ST_RENEGOTIATE)
- {
- /* Ok, we now need to push on a buffering BIO so that
- * the output is sent in a way that TCP likes :-)
- */
- if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
-
- ssl3_init_finished_mac(s);
- s->state=SSL3_ST_SR_CLNT_HELLO_A;
- s->ctx->stats.sess_accept++;
- }
- else
- {
- /* s->state == SSL_ST_RENEGOTIATE,
- * we will just send a HelloRequest */
- s->ctx->stats.sess_accept_renegotiate++;
- s->state=SSL3_ST_SW_HELLO_REQ_A;
- }
- break;
-
- case SSL3_ST_SW_HELLO_REQ_A:
- case SSL3_ST_SW_HELLO_REQ_B:
-
- s->shutdown=0;
- ret=ssl3_send_hello_request(s);
- if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C;
- s->state=SSL3_ST_SW_FLUSH;
- s->init_num=0;
-
- ssl3_init_finished_mac(s);
- break;
-
- case SSL3_ST_SW_HELLO_REQ_C:
- s->state=SSL_ST_OK;
- break;
-
- case SSL3_ST_SR_CLNT_HELLO_A:
- case SSL3_ST_SR_CLNT_HELLO_B:
- case SSL3_ST_SR_CLNT_HELLO_C:
-
- s->shutdown=0;
- ret=ssl3_get_client_hello(s);
- if (ret <= 0) goto end;
- s->new_session = 2;
- s->state=SSL3_ST_SW_SRVR_HELLO_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_SRVR_HELLO_A:
- case SSL3_ST_SW_SRVR_HELLO_B:
- ret=ssl3_send_server_hello(s);
- if (ret <= 0) goto end;
-
- if (s->hit)
- s->state=SSL3_ST_SW_CHANGE_A;
- else
- s->state=SSL3_ST_SW_CERT_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CERT_A:
- case SSL3_ST_SW_CERT_B:
- /* Check if it is anon DH or anon ECDH or KRB5 */
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)
- && !(s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
- {
- ret=ssl3_send_server_certificate(s);
- if (ret <= 0) goto end;
- }
- else
- skip=1;
- s->state=SSL3_ST_SW_KEY_EXCH_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_KEY_EXCH_A:
- case SSL3_ST_SW_KEY_EXCH_B:
- l=s->s3->tmp.new_cipher->algorithms;
-
- /* clear this, it may get reset by
- * send_server_key_exchange */
- if ((s->options & SSL_OP_EPHEMERAL_RSA)
-#ifndef OPENSSL_NO_KRB5
- && !(l & SSL_KRB5)
-#endif /* OPENSSL_NO_KRB5 */
- )
- /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
- * even when forbidden by protocol specs
- * (handshake may fail as clients are not required to
- * be able to handle this) */
- s->s3->tmp.use_rsa_tmp=1;
- else
- s->s3->tmp.use_rsa_tmp=0;
-
-
- /* only send if a DH key exchange, fortezza or
- * RSA but we have a sign only certificate
- *
- * For ECC ciphersuites, we send a serverKeyExchange
- * message only if the cipher suite is either
- * ECDH-anon or ECDHE. In other cases, the
- * server certificate contains the server's
- * public key for key exchange.
- */
- if (s->s3->tmp.use_rsa_tmp
- || (l & SSL_kECDHE)
- || (l & (SSL_DH|SSL_kFZA))
- || ((l & SSL_kRSA)
- && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
- || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
- && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
- )
- )
- )
- )
- {
- ret=ssl3_send_server_key_exchange(s);
- if (ret <= 0) goto end;
- }
- else
- skip=1;
-
- s->state=SSL3_ST_SW_CERT_REQ_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CERT_REQ_A:
- case SSL3_ST_SW_CERT_REQ_B:
- if (/* don't request cert unless asked for it: */
- !(s->verify_mode & SSL_VERIFY_PEER) ||
- /* if SSL_VERIFY_CLIENT_ONCE is set,
- * don't request cert during re-negotiation: */
- ((s->session->peer != NULL) &&
- (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
- /* never request cert in anonymous ciphersuites
- * (see section "Certificate request" in SSL 3 drafts
- * and in RFC 2246): */
- ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
- /* ... except when the application insists on verification
- * (against the specs, but s3_clnt.c accepts this for SSL 3) */
- !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
- /* never request cert in Kerberos ciphersuites */
- (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
- {
- /* no cert request */
- skip=1;
- s->s3->tmp.cert_request=0;
- s->state=SSL3_ST_SW_SRVR_DONE_A;
- }
- else
- {
- s->s3->tmp.cert_request=1;
- ret=ssl3_send_certificate_request(s);
- if (ret <= 0) goto end;
-#ifndef NETSCAPE_HANG_BUG
- s->state=SSL3_ST_SW_SRVR_DONE_A;
-#else
- s->state=SSL3_ST_SW_FLUSH;
- s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
-#endif
- s->init_num=0;
- }
- break;
-
- case SSL3_ST_SW_SRVR_DONE_A:
- case SSL3_ST_SW_SRVR_DONE_B:
- ret=ssl3_send_server_done(s);
- if (ret <= 0) goto end;
- s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
- s->state=SSL3_ST_SW_FLUSH;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_FLUSH:
- /* number of bytes to be flushed */
- num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
- if (num1 > 0)
- {
- s->rwstate=SSL_WRITING;
- num1=BIO_flush(s->wbio);
- if (num1 <= 0) { ret= -1; goto end; }
- s->rwstate=SSL_NOTHING;
- }
-
- s->state=s->s3->tmp.next_state;
- break;
-
- case SSL3_ST_SR_CERT_A:
- case SSL3_ST_SR_CERT_B:
- /* Check for second client hello (MS SGC) */
- ret = ssl3_check_client_hello(s);
- if (ret <= 0)
- goto end;
- if (ret == 2)
- s->state = SSL3_ST_SR_CLNT_HELLO_C;
- else {
- if (s->s3->tmp.cert_request)
- {
- ret=ssl3_get_client_certificate(s);
- if (ret <= 0) goto end;
- }
- s->init_num=0;
- s->state=SSL3_ST_SR_KEY_EXCH_A;
- }
- break;
-
- case SSL3_ST_SR_KEY_EXCH_A:
- case SSL3_ST_SR_KEY_EXCH_B:
- ret=ssl3_get_client_key_exchange(s);
- if (ret <= 0)
- goto end;
- if (ret == 2)
- {
- /* For the ECDH ciphersuites when
- * the client sends its ECDH pub key in
- * a certificate, the CertificateVerify
- * message is not sent.
- */
- s->state=SSL3_ST_SR_FINISHED_A;
- s->init_num = 0;
- }
- else
- {
- s->state=SSL3_ST_SR_CERT_VRFY_A;
- s->init_num=0;
-
- /* We need to get hashes here so if there is
- * a client cert, it can be verified
- */
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst1),
- &(s->s3->tmp.cert_verify_md[0]));
- s->method->ssl3_enc->cert_verify_mac(s,
- &(s->s3->finish_dgst2),
- &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
- }
- break;
-
- case SSL3_ST_SR_CERT_VRFY_A:
- case SSL3_ST_SR_CERT_VRFY_B:
-
- /* we should decide if we expected this one */
- ret=ssl3_get_cert_verify(s);
- if (ret <= 0) goto end;
-
- s->state=SSL3_ST_SR_FINISHED_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SR_FINISHED_A:
- case SSL3_ST_SR_FINISHED_B:
- ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
- SSL3_ST_SR_FINISHED_B);
- if (ret <= 0) goto end;
- if (s->hit)
- s->state=SSL_ST_OK;
- else
- s->state=SSL3_ST_SW_CHANGE_A;
- s->init_num=0;
- break;
-
- case SSL3_ST_SW_CHANGE_A:
- case SSL3_ST_SW_CHANGE_B:
-
- s->session->cipher=s->s3->tmp.new_cipher;
- if (!s->method->ssl3_enc->setup_key_block(s))
- { ret= -1; goto end; }
-
- ret=ssl3_send_change_cipher_spec(s,
- SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
-
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_FINISHED_A;
- s->init_num=0;
-
- if (!s->method->ssl3_enc->change_cipher_state(s,
- SSL3_CHANGE_CIPHER_SERVER_WRITE))
- {
- ret= -1;
- goto end;
- }
-
- break;
-
- case SSL3_ST_SW_FINISHED_A:
- case SSL3_ST_SW_FINISHED_B:
- ret=ssl3_send_finished(s,
- SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
- s->method->ssl3_enc->server_finished_label,
- s->method->ssl3_enc->server_finished_label_len);
- if (ret <= 0) goto end;
- s->state=SSL3_ST_SW_FLUSH;
- if (s->hit)
- s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
- else
- s->s3->tmp.next_state=SSL_ST_OK;
- s->init_num=0;
- break;
-
- case SSL_ST_OK:
- /* clean a few things up */
- ssl3_cleanup_key_block(s);
-
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
-
- /* remove buffering on output */
- ssl_free_wbio_buffer(s);
-
- s->init_num=0;
-
- if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
- {
- /* actually not necessarily a 'new' session unless
- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-
- s->new_session=0;
-
- ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
- s->ctx->stats.sess_accept_good++;
- /* s->server=1; */
- s->handshake_func=ssl3_accept;
-
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
- }
-
- ret = 1;
- goto end;
- /* break; */
-
- default:
- SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE);
- ret= -1;
- goto end;
- /* break; */
- }
-
- if (!s->s3->tmp.reuse_message && !skip)
- {
- if (s->debug)
- {
- if ((ret=BIO_flush(s->wbio)) <= 0)
- goto end;
- }
-
-
- if ((cb != NULL) && (s->state != state))
- {
- new_state=s->state;
- s->state=state;
- cb(s,SSL_CB_ACCEPT_LOOP,1);
- s->state=new_state;
- }
- }
- skip=0;
- }
-end:
- /* BIO_flush(s->wbio); */
-
- s->in_handshake--;
- if (cb != NULL)
- cb(s,SSL_CB_ACCEPT_EXIT,ret);
- return(ret);
- }
-
-int ssl3_send_hello_request(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL3_ST_SW_HELLO_REQ_A)
- {
- p=(unsigned char *)s->init_buf->data;
- *(p++)=SSL3_MT_HELLO_REQUEST;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
-
- s->state=SSL3_ST_SW_HELLO_REQ_B;
- /* number of bytes to write */
- s->init_num=4;
- s->init_off=0;
- }
-
- /* SSL3_ST_SW_HELLO_REQ_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int ssl3_check_client_hello(SSL *s)
- {
- int ok;
- long n;
-
- /* this function is called when we really expect a Certificate message,
- * so permit appropriate message length */
- n=s->method->ssl_get_message(s,
- SSL3_ST_SR_CERT_A,
- SSL3_ST_SR_CERT_B,
- -1,
- s->max_cert_list,
- &ok);
- if (!ok) return((int)n);
- s->s3->tmp.reuse_message = 1;
- if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
- {
- /* Throw away what we have done so far in the current handshake,
- * which will now be aborted. (A full SSL_clear would be too much.)
- * I hope that tmp.dh is the only thing that may need to be cleared
- * when a handshake is not completed ... */
-#ifndef OPENSSL_NO_DH
- if (s->s3->tmp.dh != NULL)
- {
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh = NULL;
- }
-#endif
- return 2;
- }
- return 1;
-}
-
-int ssl3_get_client_hello(SSL *s)
- {
- int i,j,ok,al,ret= -1;
- unsigned int cookie_len;
- long n;
- unsigned long id;
- unsigned char *p,*d,*q;
- SSL_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
- SSL_COMP *comp=NULL;
-#endif
- STACK_OF(SSL_CIPHER) *ciphers=NULL;
-
- /* We do this so that we will respond with our native type.
- * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
- * This down switching should be handled by a different method.
- * If we are SSLv3, we will respond with SSLv3, even if prompted with
- * TLSv1.
- */
- if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
- {
- s->state=SSL3_ST_SR_CLNT_HELLO_B;
- }
- s->first_packet=1;
- n=s->method->ssl_get_message(s,
- SSL3_ST_SR_CLNT_HELLO_B,
- SSL3_ST_SR_CLNT_HELLO_C,
- SSL3_MT_CLIENT_HELLO,
- SSL3_RT_MAX_PLAIN_LENGTH,
- &ok);
-
- if (!ok) return((int)n);
- s->first_packet=0;
- d=p=(unsigned char *)s->init_msg;
-
- /* use version from inside client hello, not from record header
- * (may differ: see RFC 2246, Appendix E, second paragraph) */
- s->client_version=(((int)p[0])<<8)|(int)p[1];
- p+=2;
-
- if (s->client_version < s->version)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
- if ((s->client_version>>8) == SSL3_VERSION_MAJOR)
- {
- /* similar to ssl3_get_record, send alert using remote version number */
- s->version = s->client_version;
- }
- al = SSL_AD_PROTOCOL_VERSION;
- goto f_err;
- }
-
- /* load the client random */
- memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* get the session-id */
- j= *(p++);
-
- s->hit=0;
- /* Versions before 0.9.7 always allow session reuse during renegotiation
- * (i.e. when s->new_session is true), option
- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
- * Maybe this optional behaviour should always have been the default,
- * but we cannot safely change the default behaviour (or new applications
- * might be written that become totally unsecure when compiled with
- * an earlier library version)
- */
- if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
- {
- if (!ssl_get_new_session(s,1))
- goto err;
- }
- else
- {
- i=ssl_get_prev_session(s,p,j);
- if (i == 1)
- { /* previous session */
- s->hit=1;
- }
- else if (i == -1)
- goto err;
- else /* i == 0 */
- {
- if (!ssl_get_new_session(s,1))
- goto err;
- }
- }
-
- p+=j;
-
- if (SSL_version(s) == DTLS1_VERSION)
- {
- /* cookie stuff */
- cookie_len = *(p++);
-
- if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
- s->d1->send_cookie == 0)
- {
- /* HelloVerifyMessage has already been sent */
- if ( cookie_len != s->d1->cookie_len)
- {
- al = SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
- goto f_err;
- }
- }
-
- /*
- * The ClientHello may contain a cookie even if the
- * HelloVerify message has not been sent--make sure that it
- * does not cause an overflow.
- */
- if ( cookie_len > sizeof(s->d1->rcvd_cookie))
- {
- /* too much data */
- al = SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH);
- goto f_err;
- }
-
- /* verify the cookie if appropriate option is set. */
- if ( (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
- cookie_len > 0)
- {
- memcpy(s->d1->rcvd_cookie, p, cookie_len);
-
- if ( s->ctx->app_verify_cookie_cb != NULL)
- {
- if ( s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie,
- cookie_len) == 0)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
- SSL_R_COOKIE_MISMATCH);
- goto f_err;
- }
- /* else cookie verification succeeded */
- }
- else if ( memcmp(s->d1->rcvd_cookie, s->d1->cookie,
- s->d1->cookie_len) != 0) /* default verification */
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,
- SSL_R_COOKIE_MISMATCH);
- goto f_err;
- }
- }
-
- p += cookie_len;
- }
-
- n2s(p,i);
- if ((i == 0) && (j != 0))
- {
- /* we need a cipher if we are not resuming a session */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
- goto f_err;
- }
- if ((p+i) >= (d+n))
- {
- /* not enough data */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers))
- == NULL))
- {
- goto err;
- }
- p+=i;
-
- /* If it is a hit, check that the cipher is in the list */
- if ((s->hit) && (i > 0))
- {
- j=0;
- id=s->session->cipher->id;
-
-#ifdef CIPHER_DEBUG
- printf("client sent %d ciphers\n",sk_num(ciphers));
-#endif
- for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
- {
- c=sk_SSL_CIPHER_value(ciphers,i);
-#ifdef CIPHER_DEBUG
- printf("client [%2d of %2d]:%s\n",
- i,sk_num(ciphers),SSL_CIPHER_get_name(c));
-#endif
- if (c->id == id)
- {
- j=1;
- break;
- }
- }
- if (j == 0)
- {
- if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
- {
- /* Very bad for multi-threading.... */
- s->session->cipher=sk_SSL_CIPHER_value(ciphers, 0);
- }
- else
- {
- /* we need to have the cipher in the cipher
- * list if we are asked to reuse it */
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING);
- goto f_err;
- }
- }
- }
-
- /* compression */
- i= *(p++);
- if ((p+i) > (d+n))
- {
- /* not enough data */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- q=p;
- for (j=0; j<i; j++)
- {
- if (p[j] == 0) break;
- }
-
- p+=i;
- if (j >= i)
- {
- /* no compress */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED);
- goto f_err;
- }
-
- /* Worst case, we will use the NULL compression, but if we have other
- * options, we will now look for them. We have i-1 compression
- * algorithms from the client, starting at q. */
- s->s3->tmp.new_compression=NULL;
-#ifndef OPENSSL_NO_COMP
- if (s->ctx->comp_methods != NULL)
- { /* See if we have a match */
- int m,nn,o,v,done=0;
-
- nn=sk_SSL_COMP_num(s->ctx->comp_methods);
- for (m=0; m<nn; m++)
- {
- comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
- v=comp->id;
- for (o=0; o<i; o++)
- {
- if (v == q[o])
- {
- done=1;
- break;
- }
- }
- if (done) break;
- }
- if (done)
- s->s3->tmp.new_compression=comp;
- else
- comp=NULL;
- }
-#endif
-
- /* TLS does not mind if there is extra stuff */
-#if 0 /* SSL 3.0 does not mind either, so we should disable this test
- * (was enabled in 0.9.6d through 0.9.6j and 0.9.7 through 0.9.7b,
- * in earlier SSLeay/OpenSSL releases this test existed but was buggy) */
- if (s->version == SSL3_VERSION)
- {
- if (p < (d+n))
- {
- /* wrong number of bytes,
- * there could be more to follow */
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- }
-#endif
-
- /* Given s->session->ciphers and SSL_get_ciphers, we must
- * pick a cipher */
-
- if (!s->hit)
- {
-#ifdef OPENSSL_NO_COMP
- s->session->compress_meth=0;
-#else
- s->session->compress_meth=(comp == NULL)?0:comp->id;
-#endif
- if (s->session->ciphers != NULL)
- sk_SSL_CIPHER_free(s->session->ciphers);
- s->session->ciphers=ciphers;
- if (ciphers == NULL)
- {
- al=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED);
- goto f_err;
- }
- ciphers=NULL;
- c=ssl3_choose_cipher(s,s->session->ciphers,
- SSL_get_ciphers(s));
-
- if (c == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER);
- goto f_err;
- }
- s->s3->tmp.new_cipher=c;
- }
- else
- {
- /* Session-id reuse */
-#ifdef REUSE_CIPHER_BUG
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *nc=NULL;
- SSL_CIPHER *ec=NULL;
-
- if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
- {
- sk=s->session->ciphers;
- for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- {
- c=sk_SSL_CIPHER_value(sk,i);
- if (c->algorithms & SSL_eNULL)
- nc=c;
- if (SSL_C_IS_EXPORT(c))
- ec=c;
- }
- if (nc != NULL)
- s->s3->tmp.new_cipher=nc;
- else if (ec != NULL)
- s->s3->tmp.new_cipher=ec;
- else
- s->s3->tmp.new_cipher=s->session->cipher;
- }
- else
-#endif
- s->s3->tmp.new_cipher=s->session->cipher;
- }
-
- /* we now have the following setup.
- * client_random
- * cipher_list - our prefered list of ciphers
- * ciphers - the clients prefered list of ciphers
- * compression - basically ignored right now
- * ssl version is set - sslv3
- * s->session - The ssl session has been setup.
- * s->hit - session reuse flag
- * s->tmp.new_cipher - the new cipher to use.
- */
-
- ret=1;
- if (0)
- {
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
-err:
- if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
- return(ret);
- }
-
-int ssl3_send_server_hello(SSL *s)
- {
- unsigned char *buf;
- unsigned char *p,*d;
- int i,sl;
- unsigned long l,Time;
-
- if (s->state == SSL3_ST_SW_SRVR_HELLO_A)
- {
- buf=(unsigned char *)s->init_buf->data;
- p=s->s3->server_random;
- Time=(unsigned long)time(NULL); /* Time */
- l2n(Time,p);
- if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
- return -1;
- /* Do the message type and length last */
- d=p= &(buf[4]);
-
- *(p++)=s->version>>8;
- *(p++)=s->version&0xff;
-
- /* Random stuff */
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- /* now in theory we have 3 options to sending back the
- * session id. If it is a re-use, we send back the
- * old session-id, if it is a new session, we send
- * back the new session-id or we send back a 0 length
- * session-id if we want it to be single use.
- * Currently I will not implement the '0' length session-id
- * 12-Jan-98 - I'll now support the '0' length stuff.
- */
- if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER))
- s->session->session_id_length=0;
-
- sl=s->session->session_id_length;
- if (sl > (int)sizeof(s->session->session_id))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
- return -1;
- }
- *(p++)=sl;
- memcpy(p,s->session->session_id,sl);
- p+=sl;
-
- /* put the cipher */
- i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p);
- p+=i;
-
- /* put the compression method */
-#ifdef OPENSSL_NO_COMP
- *(p++)=0;
-#else
- if (s->s3->tmp.new_compression == NULL)
- *(p++)=0;
- else
- *(p++)=s->s3->tmp.new_compression->id;
-#endif
-
- /* do the header */
- l=(p-d);
- d=buf;
- *(d++)=SSL3_MT_SERVER_HELLO;
- l2n3(l,d);
-
- s->state=SSL3_ST_CW_CLNT_HELLO_B;
- /* number of bytes to write */
- s->init_num=p-buf;
- s->init_off=0;
- }
-
- /* SSL3_ST_CW_CLNT_HELLO_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int ssl3_send_server_done(SSL *s)
- {
- unsigned char *p;
-
- if (s->state == SSL3_ST_SW_SRVR_DONE_A)
- {
- p=(unsigned char *)s->init_buf->data;
-
- /* do the header */
- *(p++)=SSL3_MT_SERVER_DONE;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
-
- s->state=SSL3_ST_SW_SRVR_DONE_B;
- /* number of bytes to write */
- s->init_num=4;
- s->init_off=0;
- }
-
- /* SSL3_ST_CW_CLNT_HELLO_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-int ssl3_send_server_key_exchange(SSL *s)
- {
-#ifndef OPENSSL_NO_RSA
- unsigned char *q;
- int j,num;
- RSA *rsa;
- unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
- unsigned int u;
-#endif
-#ifndef OPENSSL_NO_DH
- DH *dh=NULL,*dhp;
-#endif
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *ecdh=NULL, *ecdhp;
- unsigned char *encodedPoint = NULL;
- int encodedlen = 0;
- int curve_id = 0;
- BN_CTX *bn_ctx = NULL;
-#endif
- EVP_PKEY *pkey;
- unsigned char *p,*d;
- int al,i;
- unsigned long type;
- int n;
- CERT *cert;
- BIGNUM *r[4];
- int nr[4],kn;
- BUF_MEM *buf;
- EVP_MD_CTX md_ctx;
-
- EVP_MD_CTX_init(&md_ctx);
- if (s->state == SSL3_ST_SW_KEY_EXCH_A)
- {
- type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
- cert=s->cert;
-
- buf=s->init_buf;
-
- r[0]=r[1]=r[2]=r[3]=NULL;
- n=0;
-#ifndef OPENSSL_NO_RSA
- if (type & SSL_kRSA)
- {
- rsa=cert->rsa_tmp;
- if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
- {
- rsa=s->cert->rsa_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- if(rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
- goto f_err;
- }
- RSA_up_ref(rsa);
- cert->rsa_tmp=rsa;
- }
- if (rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY);
- goto f_err;
- }
- r[0]=rsa->n;
- r[1]=rsa->e;
- s->s3->tmp.use_rsa_tmp=1;
- }
- else
-#endif
-#ifndef OPENSSL_NO_DH
- if (type & SSL_kEDH)
- {
- dhp=cert->dh_tmp;
- if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
- dhp=s->cert->dh_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- if (dhp == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
- }
-
- if (s->s3->tmp.dh != NULL)
- {
- DH_free(dh);
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- if ((dh=DHparams_dup(dhp)) == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- s->s3->tmp.dh=dh;
- if ((dhp->pub_key == NULL ||
- dhp->priv_key == NULL ||
- (s->options & SSL_OP_SINGLE_DH_USE)))
- {
- if(!DH_generate_key(dh))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
- ERR_R_DH_LIB);
- goto err;
- }
- }
- else
- {
- dh->pub_key=BN_dup(dhp->pub_key);
- dh->priv_key=BN_dup(dhp->priv_key);
- if ((dh->pub_key == NULL) ||
- (dh->priv_key == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
- }
- r[0]=dh->p;
- r[1]=dh->g;
- r[2]=dh->pub_key;
- }
- else
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (type & SSL_kECDHE)
- {
- const EC_GROUP *group;
-
- ecdhp=cert->ecdh_tmp;
- if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
- {
- ecdhp=s->cert->ecdh_tmp_cb(s,
- SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
- SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
- }
- if (ecdhp == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
- goto f_err;
- }
-
- if (s->s3->tmp.ecdh != NULL)
- {
- EC_KEY_free(s->s3->tmp.ecdh);
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
- goto err;
- }
-
- /* Duplicate the ECDH structure. */
- if (ecdhp == NULL)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
- goto err;
- }
- if (!EC_KEY_up_ref(ecdhp))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
- goto err;
- }
- ecdh = ecdhp;
-
- s->s3->tmp.ecdh=ecdh;
- if ((EC_KEY_get0_public_key(ecdh) == NULL) ||
- (EC_KEY_get0_private_key(ecdh) == NULL) ||
- (s->options & SSL_OP_SINGLE_ECDH_USE))
- {
- if(!EC_KEY_generate_key(ecdh))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
- goto err;
- }
- }
-
- if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||
- (EC_KEY_get0_public_key(ecdh) == NULL) ||
- (EC_KEY_get0_private_key(ecdh) == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
- goto err;
- }
-
- if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
- (EC_GROUP_get_degree(group) > 163))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
- goto err;
- }
-
- /* XXX: For now, we only support ephemeral ECDH
- * keys over named (not generic) curves. For
- * supported named curves, curve_id is non-zero.
- */
- if ((curve_id =
- nid2curve_id(EC_GROUP_get_curve_name(group)))
- == 0)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
- goto err;
- }
-
- /* Encode the public key.
- * First check the size of encoding and
- * allocate memory accordingly.
- */
- encodedlen = EC_POINT_point2oct(group,
- EC_KEY_get0_public_key(ecdh),
- POINT_CONVERSION_UNCOMPRESSED,
- NULL, 0, NULL);
-
- encodedPoint = (unsigned char *)
- OPENSSL_malloc(encodedlen*sizeof(unsigned char));
- bn_ctx = BN_CTX_new();
- if ((encodedPoint == NULL) || (bn_ctx == NULL))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
-
- encodedlen = EC_POINT_point2oct(group,
- EC_KEY_get0_public_key(ecdh),
- POINT_CONVERSION_UNCOMPRESSED,
- encodedPoint, encodedlen, bn_ctx);
-
- if (encodedlen == 0)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
- goto err;
- }
-
- BN_CTX_free(bn_ctx); bn_ctx=NULL;
-
- /* XXX: For now, we only support named (not
- * generic) curves in ECDH ephemeral key exchanges.
- * In this situation, we need four additional bytes
- * to encode the entire ServerECDHParams
- * structure.
- */
- n = 4 + encodedlen;
-
- /* We'll generate the serverKeyExchange message
- * explicitly so we can set these to NULLs
- */
- r[0]=NULL;
- r[1]=NULL;
- r[2]=NULL;
- r[3]=NULL;
- }
- else
-#endif /* !OPENSSL_NO_ECDH */
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
- goto f_err;
- }
- for (i=0; r[i] != NULL; i++)
- {
- nr[i]=BN_num_bytes(r[i]);
- n+=2+nr[i];
- }
-
- if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
- {
- if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
- == NULL)
- {
- al=SSL_AD_DECODE_ERROR;
- goto f_err;
- }
- kn=EVP_PKEY_size(pkey);
- }
- else
- {
- pkey=NULL;
- kn=0;
- }
-
- if (!BUF_MEM_grow_clean(buf,n+4+kn))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
- goto err;
- }
- d=(unsigned char *)s->init_buf->data;
- p= &(d[4]);
-
- for (i=0; r[i] != NULL; i++)
- {
- s2n(nr[i],p);
- BN_bn2bin(r[i],p);
- p+=nr[i];
- }
-
-#ifndef OPENSSL_NO_ECDH
- if (type & SSL_kECDHE)
- {
- /* XXX: For now, we only support named (not generic) curves.
- * In this situation, the serverKeyExchange message has:
- * [1 byte CurveType], [2 byte CurveName]
- * [1 byte length of encoded point], followed by
- * the actual encoded point itself
- */
- *p = NAMED_CURVE_TYPE;
- p += 1;
- *p = 0;
- p += 1;
- *p = curve_id;
- p += 1;
- *p = encodedlen;
- p += 1;
- memcpy((unsigned char*)p,
- (unsigned char *)encodedPoint,
- encodedlen);
- OPENSSL_free(encodedPoint);
- p += encodedlen;
- }
-#endif
-
- /* not anonymous */
- if (pkey != NULL)
- {
- /* n is the length of the params, they start at &(d[4])
- * and p points to the space at the end. */
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- q=md_buf;
- j=0;
- for (num=2; num > 0; num--)
- {
- EVP_DigestInit_ex(&md_ctx,(num == 2)
- ?s->ctx->md5:s->ctx->sha1, NULL);
- EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_DigestUpdate(&md_ctx,&(d[4]),n);
- EVP_DigestFinal_ex(&md_ctx,q,
- (unsigned int *)&i);
- q+=i;
- j+=i;
- }
- if (RSA_sign(NID_md5_sha1, md_buf, j,
- &(p[2]), &u, pkey->pkey.rsa) <= 0)
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
- goto err;
- }
- s2n(u,p);
- n+=u+2;
- }
- else
-#endif
-#if !defined(OPENSSL_NO_DSA)
- if (pkey->type == EVP_PKEY_DSA)
- {
- /* lets do DSS */
- EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
- EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(d[4]),n);
- if (!EVP_SignFinal(&md_ctx,&(p[2]),
- (unsigned int *)&i,pkey))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
- goto err;
- }
- s2n(i,p);
- n+=i+2;
- }
- else
-#endif
-#if !defined(OPENSSL_NO_ECDSA)
- if (pkey->type == EVP_PKEY_EC)
- {
- /* let's do ECDSA */
- EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
- EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
- EVP_SignUpdate(&md_ctx,&(d[4]),n);
- if (!EVP_SignFinal(&md_ctx,&(p[2]),
- (unsigned int *)&i,pkey))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
- goto err;
- }
- s2n(i,p);
- n+=i+2;
- }
- else
-#endif
- {
- /* Is this error check actually needed? */
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE);
- goto f_err;
- }
- }
-
- *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE;
- l2n3(n,d);
-
- /* we should now have things packed up, so lets send
- * it off */
- s->init_num=n+4;
- s->init_off=0;
- }
-
- s->state = SSL3_ST_SW_KEY_EXCH_B;
- EVP_MD_CTX_cleanup(&md_ctx);
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-err:
-#ifndef OPENSSL_NO_ECDH
- if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
- BN_CTX_free(bn_ctx);
-#endif
- EVP_MD_CTX_cleanup(&md_ctx);
- return(-1);
- }
-
-int ssl3_send_certificate_request(SSL *s)
- {
- unsigned char *p,*d;
- int i,j,nl,off,n;
- STACK_OF(X509_NAME) *sk=NULL;
- X509_NAME *name;
- BUF_MEM *buf;
-
- if (s->state == SSL3_ST_SW_CERT_REQ_A)
- {
- buf=s->init_buf;
-
- d=p=(unsigned char *)&(buf->data[4]);
-
- /* get the list of acceptable cert types */
- p++;
- n=ssl3_get_req_cert_type(s,p);
- d[0]=n;
- p+=n;
- n++;
-
- off=n;
- p+=2;
- n+=2;
-
- sk=SSL_get_client_CA_list(s);
- nl=0;
- if (sk != NULL)
- {
- for (i=0; i<sk_X509_NAME_num(sk); i++)
- {
- name=sk_X509_NAME_value(sk,i);
- j=i2d_X509_NAME(name,NULL);
- if (!BUF_MEM_grow_clean(buf,4+n+j+2))
- {
- SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
- goto err;
- }
- p=(unsigned char *)&(buf->data[4+n]);
- if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG))
- {
- s2n(j,p);
- i2d_X509_NAME(name,&p);
- n+=2+j;
- nl+=2+j;
- }
- else
- {
- d=p;
- i2d_X509_NAME(name,&p);
- j-=2; s2n(j,d); j+=2;
- n+=j;
- nl+=j;
- }
- }
- }
- /* else no CA names */
- p=(unsigned char *)&(buf->data[4+off]);
- s2n(nl,p);
-
- d=(unsigned char *)buf->data;
- *(d++)=SSL3_MT_CERTIFICATE_REQUEST;
- l2n3(n,d);
-
- /* we should now have things packed up, so lets send
- * it off */
-
- s->init_num=n+4;
- s->init_off=0;
-#ifdef NETSCAPE_HANG_BUG
- p=(unsigned char *)s->init_buf->data + s->init_num;
-
- /* do the header */
- *(p++)=SSL3_MT_SERVER_DONE;
- *(p++)=0;
- *(p++)=0;
- *(p++)=0;
- s->init_num += 4;
-#endif
-
- s->state = SSL3_ST_SW_CERT_REQ_B;
- }
-
- /* SSL3_ST_SW_CERT_REQ_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-err:
- return(-1);
- }
-
-int ssl3_get_client_key_exchange(SSL *s)
- {
- int i,al,ok;
- long n;
- unsigned long l;
- unsigned char *p;
-#ifndef OPENSSL_NO_RSA
- RSA *rsa=NULL;
- EVP_PKEY *pkey=NULL;
-#endif
-#ifndef OPENSSL_NO_DH
- BIGNUM *pub=NULL;
- DH *dh_srvr;
-#endif
-#ifndef OPENSSL_NO_KRB5
- KSSL_ERR kssl_err;
-#endif /* OPENSSL_NO_KRB5 */
-
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *srvr_ecdh = NULL;
- EVP_PKEY *clnt_pub_pkey = NULL;
- EC_POINT *clnt_ecpoint = NULL;
- BN_CTX *bn_ctx = NULL;
-#endif
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_SR_KEY_EXCH_A,
- SSL3_ST_SR_KEY_EXCH_B,
- SSL3_MT_CLIENT_KEY_EXCHANGE,
- 2048, /* ??? */
- &ok);
-
- if (!ok) return((int)n);
- p=(unsigned char *)s->init_msg;
-
- l=s->s3->tmp.new_cipher->algorithms;
-
-#ifndef OPENSSL_NO_RSA
- if (l & SSL_kRSA)
- {
- /* FIX THIS UP EAY EAY EAY EAY */
- if (s->s3->tmp.use_rsa_tmp)
- {
- if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
- rsa=s->cert->rsa_tmp;
- /* Don't do a callback because rsa_tmp should
- * be sent already */
- if (rsa == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY);
- goto f_err;
-
- }
- }
- else
- {
- pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
- if ( (pkey == NULL) ||
- (pkey->type != EVP_PKEY_RSA) ||
- (pkey->pkey.rsa == NULL))
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE);
- goto f_err;
- }
- rsa=pkey->pkey.rsa;
- }
-
- /* TLS */
- if (s->version > SSL3_VERSION)
- {
- n2s(p,i);
- if (n != i+2)
- {
- if (!(s->options & SSL_OP_TLS_D5_BUG))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
- goto err;
- }
- else
- p-=2;
- }
- else
- n=i;
- }
-
- i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
-
- al = -1;
-
- if (i != SSL_MAX_MASTER_KEY_LENGTH)
- {
- al=SSL_AD_DECODE_ERROR;
- /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
- }
-
- if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
- {
- /* The premaster secret must contain the same version number as the
- * ClientHello to detect version rollback attacks (strangely, the
- * protocol does not offer such protection for DH ciphersuites).
- * However, buggy clients exist that send the negotiated protocol
- * version instead if the server does not support the requested
- * protocol version.
- * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
- if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
- (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
- {
- al=SSL_AD_DECODE_ERROR;
- /* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
-
- /* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
- * (http://eprint.iacr.org/2003/052/) exploits the version
- * number check as a "bad version oracle" -- an alert would
- * reveal that the plaintext corresponding to some ciphertext
- * made up by the adversary is properly formatted except
- * that the version number is wrong. To avoid such attacks,
- * we should treat this just like any other decryption error. */
- }
- }
-
- if (al != -1)
- {
- /* Some decryption failure -- use random value instead as countermeasure
- * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
- * (see RFC 2246, section 7.4.7.1). */
- ERR_clear_error();
- i = SSL_MAX_MASTER_KEY_LENGTH;
- p[0] = s->client_version >> 8;
- p[1] = s->client_version & 0xff;
- if (RAND_pseudo_bytes(p+2, i-2) <= 0) /* should be RAND_bytes, but we cannot work around a failure */
- goto err;
- }
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,
- p,i);
- OPENSSL_cleanse(p,i);
- }
- else
-#endif
-#ifndef OPENSSL_NO_DH
- if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- {
- n2s(p,i);
- if (n != i+2)
- {
- if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
- goto err;
- }
- else
- {
- p-=2;
- i=(int)n;
- }
- }
-
- if (n == 0L) /* the parameters are in the cert */
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS);
- goto f_err;
- }
- else
- {
- if (s->s3->tmp.dh == NULL)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
- goto f_err;
- }
- else
- dh_srvr=s->s3->tmp.dh;
- }
-
- pub=BN_bin2bn(p,i,NULL);
- if (pub == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB);
- goto err;
- }
-
- i=DH_compute_key(p,pub,dh_srvr);
-
- if (i <= 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB);
- goto err;
- }
-
- DH_free(s->s3->tmp.dh);
- s->s3->tmp.dh=NULL;
-
- BN_clear_free(pub);
- pub=NULL;
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key,p,i);
- OPENSSL_cleanse(p,i);
- }
- else
-#endif
-#ifndef OPENSSL_NO_KRB5
- if (l & SSL_kKRB5)
- {
- krb5_error_code krb5rc;
- krb5_data enc_ticket;
- krb5_data authenticator;
- krb5_data enc_pms;
- KSSL_CTX *kssl_ctx = s->kssl_ctx;
- EVP_CIPHER_CTX ciph_ctx;
- EVP_CIPHER *enc = NULL;
- unsigned char iv[EVP_MAX_IV_LENGTH];
- unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH
- + EVP_MAX_BLOCK_LENGTH];
- int padl, outl;
- krb5_timestamp authtime = 0;
- krb5_ticket_times ttimes;
-
- EVP_CIPHER_CTX_init(&ciph_ctx);
-
- if (!kssl_ctx) kssl_ctx = kssl_ctx_new();
-
- n2s(p,i);
- enc_ticket.length = i;
-
- if (n < (int)enc_ticket.length + 6)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
-
- enc_ticket.data = (char *)p;
- p+=enc_ticket.length;
-
- n2s(p,i);
- authenticator.length = i;
-
- if (n < (int)(enc_ticket.length + authenticator.length) + 6)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
-
- authenticator.data = (char *)p;
- p+=authenticator.length;
-
- n2s(p,i);
- enc_pms.length = i;
- enc_pms.data = (char *)p;
- p+=enc_pms.length;
-
- /* Note that the length is checked again below,
- ** after decryption
- */
- if(enc_pms.length > sizeof pms)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
-
- if (n != (long)(enc_ticket.length + authenticator.length +
- enc_pms.length + 6))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
-
- if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
- &kssl_err)) != 0)
- {
-#ifdef KSSL_DEBUG
- printf("kssl_sget_tkt rtn %d [%d]\n",
- krb5rc, kssl_err.reason);
- if (kssl_err.text)
- printf("kssl_err text= %s\n", kssl_err.text);
-#endif /* KSSL_DEBUG */
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- kssl_err.reason);
- goto err;
- }
-
- /* Note: no authenticator is not considered an error,
- ** but will return authtime == 0.
- */
- if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
- &authtime, &kssl_err)) != 0)
- {
-#ifdef KSSL_DEBUG
- printf("kssl_check_authent rtn %d [%d]\n",
- krb5rc, kssl_err.reason);
- if (kssl_err.text)
- printf("kssl_err text= %s\n", kssl_err.text);
-#endif /* KSSL_DEBUG */
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- kssl_err.reason);
- goto err;
- }
-
- if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc);
- goto err;
- }
-
-#ifdef KSSL_DEBUG
- kssl_ctx_show(kssl_ctx);
-#endif /* KSSL_DEBUG */
-
- enc = kssl_map_enc(kssl_ctx->enctype);
- if (enc == NULL)
- goto err;
-
- memset(iv, 0, sizeof iv); /* per RFC 1510 */
-
- if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DECRYPTION_FAILED);
- goto err;
- }
- if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
- (unsigned char *)enc_pms.data, enc_pms.length))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DECRYPTION_FAILED);
- goto err;
- }
- if (outl > SSL_MAX_MASTER_KEY_LENGTH)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
- if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DECRYPTION_FAILED);
- goto err;
- }
- outl += padl;
- if (outl > SSL_MAX_MASTER_KEY_LENGTH)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_DATA_LENGTH_TOO_LONG);
- goto err;
- }
- if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
- {
- /* The premaster secret must contain the same version number as the
- * ClientHello to detect version rollback attacks (strangely, the
- * protocol does not offer such protection for DH ciphersuites).
- * However, buggy clients exist that send random bytes instead of
- * the protocol version.
- * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients.
- * (Perhaps we should have a separate BUG value for the Kerberos cipher)
- */
- if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
- (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_AD_DECODE_ERROR);
- goto err;
- }
- }
-
- EVP_CIPHER_CTX_cleanup(&ciph_ctx);
-
- s->session->master_key_length=
- s->method->ssl3_enc->generate_master_secret(s,
- s->session->master_key, pms, outl);
-
- if (kssl_ctx->client_princ)
- {
- size_t len = strlen(kssl_ctx->client_princ);
- if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH )
- {
- s->session->krb5_client_princ_len = len;
- memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
- }
- }
-
-
- /* Was doing kssl_ctx_free() here,
- ** but it caused problems for apache.
- ** kssl_ctx = kssl_ctx_free(kssl_ctx);
- ** if (s->kssl_ctx) s->kssl_ctx = NULL;
- */
- }
- else
-#endif /* OPENSSL_NO_KRB5 */
-
-#ifndef OPENSSL_NO_ECDH
- if ((l & SSL_kECDH) || (l & SSL_kECDHE))
- {
- int ret = 1;
- int field_size = 0;
- const EC_KEY *tkey;
- const EC_GROUP *group;
- const BIGNUM *priv_key;
-
- /* initialize structures for server's ECDH key pair */
- if ((srvr_ecdh = EC_KEY_new()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* Let's get server private key and group information */
- if (l & SSL_kECDH)
- {
- /* use the certificate */
- tkey = s->cert->pkeys[SSL_PKEY_ECC].privatekey->pkey.ec;
- }
- else
- {
- /* use the ephermeral values we saved when
- * generating the ServerKeyExchange msg.
- */
- tkey = s->s3->tmp.ecdh;
- }
-
- group = EC_KEY_get0_group(tkey);
- priv_key = EC_KEY_get0_private_key(tkey);
-
- if (!EC_KEY_set_group(srvr_ecdh, group) ||
- !EC_KEY_set_private_key(srvr_ecdh, priv_key))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_EC_LIB);
- goto err;
- }
-
- /* Let's get client's public key */
- if ((clnt_ecpoint = EC_POINT_new(group)) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (n == 0L)
- {
- /* Client Publickey was in Client Certificate */
-
- if (l & SSL_kECDHE)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
- goto f_err;
- }
- if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
- == NULL) ||
- (clnt_pub_pkey->type != EVP_PKEY_EC))
- {
- /* XXX: For now, we do not support client
- * authentication using ECDH certificates
- * so this branch (n == 0L) of the code is
- * never executed. When that support is
- * added, we ought to ensure the key
- * received in the certificate is
- * authorized for key agreement.
- * ECDH_compute_key implicitly checks that
- * the two ECDH shares are for the same
- * group.
- */
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
- goto f_err;
- }
-
- if (EC_POINT_copy(clnt_ecpoint,
- EC_KEY_get0_public_key(clnt_pub_pkey->pkey.ec)) == 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_EC_LIB);
- goto err;
- }
- ret = 2; /* Skip certificate verify processing */
- }
- else
- {
- /* Get client's public key from encoded point
- * in the ClientKeyExchange message.
- */
- if ((bn_ctx = BN_CTX_new()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- /* Get encoded point length */
- i = *p;
- p += 1;
- if (EC_POINT_oct2point(group,
- clnt_ecpoint, p, i, bn_ctx) == 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_EC_LIB);
- goto err;
- }
- /* p is pointing to somewhere in the buffer
- * currently, so set it to the start
- */
- p=(unsigned char *)s->init_buf->data;
- }
-
- /* Compute the shared pre-master secret */
- field_size = EC_GROUP_get_degree(group);
- if (field_size <= 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_ECDH_LIB);
- goto err;
- }
- i = ECDH_compute_key(p, (field_size+7)/8, clnt_ecpoint, srvr_ecdh, NULL);
- if (i <= 0)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- ERR_R_ECDH_LIB);
- goto err;
- }
-
- EVP_PKEY_free(clnt_pub_pkey);
- EC_POINT_free(clnt_ecpoint);
- if (srvr_ecdh != NULL)
- EC_KEY_free(srvr_ecdh);
- BN_CTX_free(bn_ctx);
-
- /* Compute the master secret */
- s->session->master_key_length = s->method->ssl3_enc-> \
- generate_master_secret(s, s->session->master_key, p, i);
-
- OPENSSL_cleanse(p, i);
- return (ret);
- }
- else
-#endif
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
- SSL_R_UNKNOWN_CIPHER_TYPE);
- goto f_err;
- }
-
- return(1);
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH)
-err:
-#endif
-#ifndef OPENSSL_NO_ECDH
- EVP_PKEY_free(clnt_pub_pkey);
- EC_POINT_free(clnt_ecpoint);
- if (srvr_ecdh != NULL)
- EC_KEY_free(srvr_ecdh);
- BN_CTX_free(bn_ctx);
-#endif
- return(-1);
- }
-
-int ssl3_get_cert_verify(SSL *s)
- {
- EVP_PKEY *pkey=NULL;
- unsigned char *p;
- int al,ok,ret=0;
- long n;
- int type=0,i,j;
- X509 *peer;
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_SR_CERT_VRFY_A,
- SSL3_ST_SR_CERT_VRFY_B,
- -1,
- 514, /* 514? */
- &ok);
-
- if (!ok) return((int)n);
-
- if (s->session->peer != NULL)
- {
- peer=s->session->peer;
- pkey=X509_get_pubkey(peer);
- type=X509_certificate_type(peer,pkey);
- }
- else
- {
- peer=NULL;
- pkey=NULL;
- }
-
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
- {
- s->s3->tmp.reuse_message=1;
- if ((peer != NULL) && (type | EVP_PKT_SIGN))
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
- goto f_err;
- }
- ret=1;
- goto end;
- }
-
- if (peer == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED);
- al=SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
- }
-
- if (!(type & EVP_PKT_SIGN))
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
- al=SSL_AD_ILLEGAL_PARAMETER;
- goto f_err;
- }
-
- if (s->s3->change_cipher_spec)
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
- al=SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
- }
-
- /* we now have a signature that we need to verify */
- p=(unsigned char *)s->init_msg;
- n2s(p,i);
- n-=2;
- if (i > n)
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH);
- al=SSL_AD_DECODE_ERROR;
- goto f_err;
- }
-
- j=EVP_PKEY_size(pkey);
- if ((i > j) || (n > j) || (n <= 0))
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE);
- al=SSL_AD_DECODE_ERROR;
- goto f_err;
- }
-
-#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA)
- {
- i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
- MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i,
- pkey->pkey.rsa);
- if (i < 0)
- {
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
- goto f_err;
- }
- if (i == 0)
- {
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- {
- j=DSA_verify(pkey->save_type,
- &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
- if (j <= 0)
- {
- /* bad signature */
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- {
- j=ECDSA_verify(pkey->save_type,
- &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
- SHA_DIGEST_LENGTH,p,i,pkey->pkey.ec);
- if (j <= 0)
- {
- /* bad signature */
- al=SSL_AD_DECRYPT_ERROR;
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
- SSL_R_BAD_ECDSA_SIGNATURE);
- goto f_err;
- }
- }
- else
-#endif
- {
- SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
- al=SSL_AD_UNSUPPORTED_CERTIFICATE;
- goto f_err;
- }
-
-
- ret=1;
- if (0)
- {
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
-end:
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-int ssl3_get_client_certificate(SSL *s)
- {
- int i,ok,al,ret= -1;
- X509 *x=NULL;
- unsigned long l,nc,llen,n;
- const unsigned char *p,*q;
- unsigned char *d;
- STACK_OF(X509) *sk=NULL;
-
- n=s->method->ssl_get_message(s,
- SSL3_ST_SR_CERT_A,
- SSL3_ST_SR_CERT_B,
- -1,
- s->max_cert_list,
- &ok);
-
- if (!ok) return((int)n);
-
- if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE)
- {
- if ( (s->verify_mode & SSL_VERIFY_PEER) &&
- (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- al=SSL_AD_HANDSHAKE_FAILURE;
- goto f_err;
- }
- /* If tls asked for a client cert, the client must return a 0 list */
- if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
- al=SSL_AD_UNEXPECTED_MESSAGE;
- goto f_err;
- }
- s->s3->tmp.reuse_message=1;
- return(1);
- }
-
- if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
- {
- al=SSL_AD_UNEXPECTED_MESSAGE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
- goto f_err;
- }
- p=d=(unsigned char *)s->init_msg;
-
- if ((sk=sk_X509_new_null()) == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- n2l3(p,llen);
- if (llen+3 != n)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH);
- goto f_err;
- }
- for (nc=0; nc<llen; )
- {
- n2l3(p,l);
- if ((l+nc+3) > llen)
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
- }
-
- q=p;
- x=d2i_X509(NULL,&p,l);
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB);
- goto err;
- }
- if (p != (q+l))
- {
- al=SSL_AD_DECODE_ERROR;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
- goto f_err;
- }
- if (!sk_X509_push(sk,x))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- x=NULL;
- nc+=l+3;
- }
-
- if (sk_X509_num(sk) <= 0)
- {
- /* TLS does not mind 0 certs returned */
- if (s->version == SSL3_VERSION)
- {
- al=SSL_AD_HANDSHAKE_FAILURE;
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED);
- goto f_err;
- }
- /* Fail for TLS only if we required a certificate */
- else if ((s->verify_mode & SSL_VERIFY_PEER) &&
- (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
- al=SSL_AD_HANDSHAKE_FAILURE;
- goto f_err;
- }
- }
- else
- {
- i=ssl_verify_cert_chain(s,sk);
- if (!i)
- {
- al=ssl_verify_alarm_type(s->verify_result);
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
- goto f_err;
- }
- }
-
- if (s->session->peer != NULL) /* This should not be needed */
- X509_free(s->session->peer);
- s->session->peer=sk_X509_shift(sk);
- s->session->verify_result = s->verify_result;
-
- /* With the current implementation, sess_cert will always be NULL
- * when we arrive here. */
- if (s->session->sess_cert == NULL)
- {
- s->session->sess_cert = ssl_sess_cert_new();
- if (s->session->sess_cert == NULL)
- {
- SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- if (s->session->sess_cert->cert_chain != NULL)
- sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
- s->session->sess_cert->cert_chain=sk;
- /* Inconsistency alert: cert_chain does *not* include the
- * peer's own certificate, while we do include it in s3_clnt.c */
-
- sk=NULL;
-
- ret=1;
- if (0)
- {
-f_err:
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
- }
-err:
- if (x != NULL) X509_free(x);
- if (sk != NULL) sk_X509_pop_free(sk,X509_free);
- return(ret);
- }
-
-int ssl3_send_server_certificate(SSL *s)
- {
- unsigned long l;
- X509 *x;
-
- if (s->state == SSL3_ST_SW_CERT_A)
- {
- x=ssl_get_server_send_cert(s);
- if (x == NULL &&
- /* VRS: allow null cert if auth == KRB5 */
- (s->s3->tmp.new_cipher->algorithms
- & (SSL_MKEY_MASK|SSL_AUTH_MASK))
- != (SSL_aKRB5|SSL_kKRB5))
- {
- SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
- return(0);
- }
-
- l=ssl3_output_cert_chain(s,x);
- s->state=SSL3_ST_SW_CERT_B;
- s->init_num=(int)l;
- s->init_off=0;
- }
-
- /* SSL3_ST_SW_CERT_B */
- return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
- }
-
-
-#ifndef OPENSSL_NO_ECDH
-/* This is the complement of curve_id2nid in s3_clnt.c. */
-static int nid2curve_id(int nid)
-{
- /* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001)
- * (no changes in draft-ietf-tls-ecc-03.txt [June 2003]) */
- switch (nid) {
- case NID_sect163k1: /* sect163k1 (1) */
- return 1;
- case NID_sect163r1: /* sect163r1 (2) */
- return 2;
- case NID_sect163r2: /* sect163r2 (3) */
- return 3;
- case NID_sect193r1: /* sect193r1 (4) */
- return 4;
- case NID_sect193r2: /* sect193r2 (5) */
- return 5;
- case NID_sect233k1: /* sect233k1 (6) */
- return 6;
- case NID_sect233r1: /* sect233r1 (7) */
- return 7;
- case NID_sect239k1: /* sect239k1 (8) */
- return 8;
- case NID_sect283k1: /* sect283k1 (9) */
- return 9;
- case NID_sect283r1: /* sect283r1 (10) */
- return 10;
- case NID_sect409k1: /* sect409k1 (11) */
- return 11;
- case NID_sect409r1: /* sect409r1 (12) */
- return 12;
- case NID_sect571k1: /* sect571k1 (13) */
- return 13;
- case NID_sect571r1: /* sect571r1 (14) */
- return 14;
- case NID_secp160k1: /* secp160k1 (15) */
- return 15;
- case NID_secp160r1: /* secp160r1 (16) */
- return 16;
- case NID_secp160r2: /* secp160r2 (17) */
- return 17;
- case NID_secp192k1: /* secp192k1 (18) */
- return 18;
- case NID_X9_62_prime192v1: /* secp192r1 (19) */
- return 19;
- case NID_secp224k1: /* secp224k1 (20) */
- return 20;
- case NID_secp224r1: /* secp224r1 (21) */
- return 21;
- case NID_secp256k1: /* secp256k1 (22) */
- return 22;
- case NID_X9_62_prime256v1: /* secp256r1 (23) */
- return 23;
- case NID_secp384r1: /* secp384r1 (24) */
- return 24;
- case NID_secp521r1: /* secp521r1 (25) */
- return 25;
- default:
- return 0;
- }
-}
-#endif
diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h
deleted file mode 100644
index 85f72e0..0000000
--- a/crypto/openssl/ssl/ssl.h
+++ /dev/null
@@ -1,1961 +0,0 @@
-/* ssl/ssl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_SSL_H
-#define HEADER_SSL_H
-
-#include <openssl/e_os2.h>
-
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
-#endif
-#ifndef OPENSSL_NO_DEPRECATED
-#ifndef OPENSSL_NO_X509
-#include <openssl/x509.h>
-#endif
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-#include <openssl/buffer.h>
-#endif
-#include <openssl/pem.h>
-
-#include <openssl/kssl.h>
-#include <openssl/safestack.h>
-#include <openssl/symhacks.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* SSLeay version number for ASN.1 encoding of the session information */
-/* Version 0 - initial version
- * Version 1 - added the optional peer certificate
- */
-#define SSL_SESSION_ASN1_VERSION 0x0001
-
-/* text strings for the ciphers */
-#define SSL_TXT_NULL_WITH_MD5 SSL2_TXT_NULL_WITH_MD5
-#define SSL_TXT_RC4_128_WITH_MD5 SSL2_TXT_RC4_128_WITH_MD5
-#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
-#define SSL_TXT_RC2_128_CBC_WITH_MD5 SSL2_TXT_RC2_128_CBC_WITH_MD5
-#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
-#define SSL_TXT_IDEA_128_CBC_WITH_MD5 SSL2_TXT_IDEA_128_CBC_WITH_MD5
-#define SSL_TXT_DES_64_CBC_WITH_MD5 SSL2_TXT_DES_64_CBC_WITH_MD5
-#define SSL_TXT_DES_64_CBC_WITH_SHA SSL2_TXT_DES_64_CBC_WITH_SHA
-#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
-#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
-
-/* VRS Additional Kerberos5 entries
- */
-#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-#define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA
-#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
-#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
-#define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5
-#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5
-
-#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
-#define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA
-#define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA
-#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
-#define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5
-#define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5
-
-#define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA
-#define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5
-#define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA
-#define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5
-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
-#define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256
-
-#define SSL_MAX_SSL_SESSION_ID_LENGTH 32
-#define SSL_MAX_SID_CTX_LENGTH 32
-
-#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8)
-#define SSL_MAX_KEY_ARG_LENGTH 8
-#define SSL_MAX_MASTER_KEY_LENGTH 48
-
-/* These are used to specify which ciphers to use and not to use */
-#define SSL_TXT_LOW "LOW"
-#define SSL_TXT_MEDIUM "MEDIUM"
-#define SSL_TXT_HIGH "HIGH"
-#define SSL_TXT_kFZA "kFZA"
-#define SSL_TXT_aFZA "aFZA"
-#define SSL_TXT_eFZA "eFZA"
-#define SSL_TXT_FZA "FZA"
-
-#define SSL_TXT_aNULL "aNULL"
-#define SSL_TXT_eNULL "eNULL"
-#define SSL_TXT_NULL "NULL"
-
-#define SSL_TXT_kKRB5 "kKRB5"
-#define SSL_TXT_aKRB5 "aKRB5"
-#define SSL_TXT_KRB5 "KRB5"
-
-#define SSL_TXT_kRSA "kRSA"
-#define SSL_TXT_kDHr "kDHr"
-#define SSL_TXT_kDHd "kDHd"
-#define SSL_TXT_kEDH "kEDH"
-#define SSL_TXT_aRSA "aRSA"
-#define SSL_TXT_aDSS "aDSS"
-#define SSL_TXT_aDH "aDH"
-#define SSL_TXT_DSS "DSS"
-#define SSL_TXT_DH "DH"
-#define SSL_TXT_EDH "EDH"
-#define SSL_TXT_ADH "ADH"
-#define SSL_TXT_RSA "RSA"
-#define SSL_TXT_DES "DES"
-#define SSL_TXT_3DES "3DES"
-#define SSL_TXT_RC4 "RC4"
-#define SSL_TXT_RC2 "RC2"
-#define SSL_TXT_IDEA "IDEA"
-#define SSL_TXT_AES "AES"
-#define SSL_TXT_CAMELLIA "CAMELLIA"
-#define SSL_TXT_MD5 "MD5"
-#define SSL_TXT_SHA1 "SHA1"
-#define SSL_TXT_SHA "SHA"
-#define SSL_TXT_EXP "EXP"
-#define SSL_TXT_EXPORT "EXPORT"
-#define SSL_TXT_EXP40 "EXPORT40"
-#define SSL_TXT_EXP56 "EXPORT56"
-#define SSL_TXT_SSLV2 "SSLv2"
-#define SSL_TXT_SSLV3 "SSLv3"
-#define SSL_TXT_TLSV1 "TLSv1"
-#define SSL_TXT_ALL "ALL"
-#define SSL_TXT_ECC "ECCdraft" /* ECC ciphersuites are not yet official */
-
-/*
- * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
- * ciphers normally not being used.
- * Example: "RC4" will activate all ciphers using RC4 including ciphers
- * without authentication, which would normally disabled by DEFAULT (due
- * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
- * will make sure that it is also disabled in the specific selection.
- * COMPLEMENTOF* identifiers are portable between version, as adjustments
- * to the default cipher setup will also be included here.
- *
- * COMPLEMENTOFDEFAULT does not experience the same special treatment that
- * DEFAULT gets, as only selection is being done and no sorting as needed
- * for DEFAULT.
- */
-#define SSL_TXT_CMPALL "COMPLEMENTOFALL"
-#define SSL_TXT_CMPDEF "COMPLEMENTOFDEFAULT"
-
-/* The following cipher list is used by default.
- * It also is substituted when an application-defined cipher list string
- * starts with 'DEFAULT'. */
-#ifdef OPENSSL_NO_CAMELLIA
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
-#else
-# define SSL_DEFAULT_CIPHER_LIST "AES:CAMELLIA:ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
-#endif
-
-/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
-#define SSL_SENT_SHUTDOWN 1
-#define SSL_RECEIVED_SHUTDOWN 2
-
-#ifdef __cplusplus
-}
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
-#define OPENSSL_NO_SSL2
-#endif
-
-#define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1
-#define SSL_FILETYPE_PEM X509_FILETYPE_PEM
-
-/* This is needed to stop compilers complaining about the
- * 'struct ssl_st *' function parameters used to prototype callbacks
- * in SSL_CTX. */
-typedef struct ssl_st *ssl_crock_st;
-
-/* used to hold info on the particular ciphers used */
-typedef struct ssl_cipher_st
- {
- int valid;
- const char *name; /* text name */
- unsigned long id; /* id, 4 bytes, first is version */
- unsigned long algorithms; /* what ciphers are used */
- unsigned long algo_strength; /* strength and export flags */
- unsigned long algorithm2; /* Extra flags */
- int strength_bits; /* Number of bits really used */
- int alg_bits; /* Number of bits for algorithm */
- unsigned long mask; /* used for matching */
- unsigned long mask_strength; /* also used for matching */
- } SSL_CIPHER;
-
-DECLARE_STACK_OF(SSL_CIPHER)
-
-typedef struct ssl_st SSL;
-typedef struct ssl_ctx_st SSL_CTX;
-
-/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-typedef struct ssl_method_st
- {
- int version;
- int (*ssl_new)(SSL *s);
- void (*ssl_clear)(SSL *s);
- void (*ssl_free)(SSL *s);
- int (*ssl_accept)(SSL *s);
- int (*ssl_connect)(SSL *s);
- int (*ssl_read)(SSL *s,void *buf,int len);
- int (*ssl_peek)(SSL *s,void *buf,int len);
- int (*ssl_write)(SSL *s,const void *buf,int len);
- int (*ssl_shutdown)(SSL *s);
- int (*ssl_renegotiate)(SSL *s);
- int (*ssl_renegotiate_check)(SSL *s);
- long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
- max, int *ok);
- int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len,
- int peek);
- int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
- int (*ssl_dispatch_alert)(SSL *s);
- long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
- long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
- SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
- int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
- int (*ssl_pending)(const SSL *s);
- int (*num_ciphers)(void);
- SSL_CIPHER *(*get_cipher)(unsigned ncipher);
- struct ssl_method_st *(*get_ssl_method)(int version);
- long (*get_timeout)(void);
- struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
- int (*ssl_version)(void);
- long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
- long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
- } SSL_METHOD;
-
-/* Lets make this into an ASN.1 type structure as follows
- * SSL_SESSION_ID ::= SEQUENCE {
- * version INTEGER, -- structure version number
- * SSLversion INTEGER, -- SSL version number
- * Cipher OCTET_STRING, -- the 3 byte cipher ID
- * Session_ID OCTET_STRING, -- the Session ID
- * Master_key OCTET_STRING, -- the master key
- * KRB5_principal OCTET_STRING -- optional Kerberos principal
- * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument
- * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time
- * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds
- * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate
- * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context
- * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer'
- * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX
- * }
- * Look in ssl/ssl_asn1.c for more details
- * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
- */
-typedef struct ssl_session_st
- {
- int ssl_version; /* what ssl version session info is
- * being kept in here? */
-
- /* only really used in SSLv2 */
- unsigned int key_arg_length;
- unsigned char key_arg[SSL_MAX_KEY_ARG_LENGTH];
- int master_key_length;
- unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
- /* session_id - valid? */
- unsigned int session_id_length;
- unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
- /* this is used to determine whether the session is being reused in
- * the appropriate context. It is up to the application to set this,
- * via SSL_new */
- unsigned int sid_ctx_length;
- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
-#ifndef OPENSSL_NO_KRB5
- unsigned int krb5_client_princ_len;
- unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
-#endif /* OPENSSL_NO_KRB5 */
-
- int not_resumable;
-
- /* The cert is the certificate used to establish this connection */
- struct sess_cert_st /* SESS_CERT */ *sess_cert;
-
- /* This is the cert for the other end.
- * On clients, it will be the same as sess_cert->peer_key->x509
- * (the latter is not enough as sess_cert is not retained
- * in the external representation of sessions, see ssl_asn1.c). */
- X509 *peer;
- /* when app_verify_callback accepts a session where the peer's certificate
- * is not ok, we must remember the error for session reuse: */
- long verify_result; /* only for servers */
-
- int references;
- long timeout;
- long time;
-
- int compress_meth; /* Need to lookup the method */
-
- SSL_CIPHER *cipher;
- unsigned long cipher_id; /* when ASN.1 loaded, this
- * needs to be used to load
- * the 'cipher' structure */
-
- STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
-
- CRYPTO_EX_DATA ex_data; /* application specific data */
-
- /* These are used to make removal of session-ids more
- * efficient and to implement a maximum cache size. */
- struct ssl_session_st *prev,*next;
- } SSL_SESSION;
-
-
-#define SSL_OP_MICROSOFT_SESS_ID_BUG 0x00000001L
-#define SSL_OP_NETSCAPE_CHALLENGE_BUG 0x00000002L
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L
-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x00000010L
-#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L /* no effect since 0.9.7h and 0.9.8b */
-#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L
-#define SSL_OP_TLS_D5_BUG 0x00000100L
-#define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L
-
-/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
- * in OpenSSL 0.9.6d. Usually (depending on the application protocol)
- * the workaround is not needed. Unfortunately some broken SSL/TLS
- * implementations cannot handle it at all, which is why we include
- * it in SSL_OP_ALL. */
-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS 0x00000800L /* added in 0.9.6e */
-
-/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
- * This used to be 0x000FFFFFL before 0.9.7. */
-#define SSL_OP_ALL 0x00000FFFL
-
-/* DTLS options */
-#define SSL_OP_NO_QUERY_MTU 0x00001000L
-/* Turn on Cookie Exchange (on relevant for servers) */
-#define SSL_OP_COOKIE_EXCHANGE 0x00002000L
-
-/* As server, disallow session resumption on renegotiation */
-#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
-/* If set, always create a new key when using tmp_ecdh parameters */
-#define SSL_OP_SINGLE_ECDH_USE 0x00080000L
-/* If set, always create a new key when using tmp_dh parameters */
-#define SSL_OP_SINGLE_DH_USE 0x00100000L
-/* Set to always use the tmp_rsa key when doing RSA operations,
- * even when this violates protocol specs */
-#define SSL_OP_EPHEMERAL_RSA 0x00200000L
-/* Set on servers to choose the cipher according to the server's
- * preferences */
-#define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L
-/* If set, a server will allow a client to issue a SSLv3.0 version number
- * as latest version supported in the premaster secret, even when TLSv1.0
- * (version 3.1) was announced in the client hello. Normally this is
- * forbidden to prevent version rollback attacks. */
-#define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L
-
-#define SSL_OP_NO_SSLv2 0x01000000L
-#define SSL_OP_NO_SSLv3 0x02000000L
-#define SSL_OP_NO_TLSv1 0x04000000L
-
-/* The next flag deliberately changes the ciphertest, this is a check
- * for the PKCS#1 attack */
-#define SSL_OP_PKCS1_CHECK_1 0x08000000L
-#define SSL_OP_PKCS1_CHECK_2 0x10000000L
-#define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L
-
-
-/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
- * when just a single record has been written): */
-#define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L
-/* Make it possible to retry SSL_write() with changed buffer location
- * (buffer contents must stay the same!); this is not the default to avoid
- * the misconception that non-blocking SSL_write() behaves like
- * non-blocking write(): */
-#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
-/* Never bother the application with retries if the transport
- * is blocking: */
-#define SSL_MODE_AUTO_RETRY 0x00000004L
-/* Don't attempt to automatically build certificate chain */
-#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
-
-
-/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
- * they cannot be used to clear bits. */
-
-#define SSL_CTX_set_options(ctx,op) \
- SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
-#define SSL_CTX_get_options(ctx) \
- SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
-#define SSL_set_options(ssl,op) \
- SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
-#define SSL_get_options(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
-
-#define SSL_CTX_set_mode(ctx,op) \
- SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
-#define SSL_CTX_get_mode(ctx) \
- SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
-#define SSL_set_mode(ssl,op) \
- SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
-#define SSL_get_mode(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
-#define SSL_set_mtu(ssl, mtu) \
- SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
-
-
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-
-
-
-#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
-#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
-#else
-#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
-#endif
-
-#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20)
-
-/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
- * them. It is used to override the generation of SSL/TLS session IDs in a
- * server. Return value should be zero on an error, non-zero to proceed. Also,
- * callbacks should themselves check if the id they generate is unique otherwise
- * the SSL handshake will fail with an error - callbacks can do this using the
- * 'ssl' value they're passed by;
- * SSL_has_matching_session_id(ssl, id, *id_len)
- * The length value passed in is set at the maximum size the session ID can be.
- * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
- * can alter this length to be less if desired, but under SSLv2 session IDs are
- * supposed to be fixed at 16 bytes so the id will be padded after the callback
- * returns in this case. It is also an error for the callback to set the size to
- * zero. */
-typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
- unsigned int *id_len);
-
-typedef struct ssl_comp_st
- {
- int id;
- const char *name;
-#ifndef OPENSSL_NO_COMP
- COMP_METHOD *method;
-#else
- char *method;
-#endif
- } SSL_COMP;
-
-DECLARE_STACK_OF(SSL_COMP)
-
-struct ssl_ctx_st
- {
- SSL_METHOD *method;
-
- STACK_OF(SSL_CIPHER) *cipher_list;
- /* same as above but sorted for lookup */
- STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-
- struct x509_store_st /* X509_STORE */ *cert_store;
- struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */
- /* Most session-ids that will be cached, default is
- * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
- unsigned long session_cache_size;
- struct ssl_session_st *session_cache_head;
- struct ssl_session_st *session_cache_tail;
-
- /* This can have one of 2 values, ored together,
- * SSL_SESS_CACHE_CLIENT,
- * SSL_SESS_CACHE_SERVER,
- * Default is SSL_SESSION_CACHE_SERVER, which means only
- * SSL_accept which cache SSL_SESSIONS. */
- int session_cache_mode;
-
- /* If timeout is not 0, it is the default timeout value set
- * when SSL_new() is called. This has been put in to make
- * life easier to set things up */
- long session_timeout;
-
- /* If this callback is not null, it will be called each
- * time a session id is added to the cache. If this function
- * returns 1, it means that the callback will do a
- * SSL_SESSION_free() when it has finished using it. Otherwise,
- * on 0, it means the callback has finished with it.
- * If remove_session_cb is not null, it will be called when
- * a session-id is removed from the cache. After the call,
- * OpenSSL will SSL_SESSION_free() it. */
- int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
- void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
- SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
- unsigned char *data,int len,int *copy);
-
- struct
- {
- int sess_connect; /* SSL new conn - started */
- int sess_connect_renegotiate;/* SSL reneg - requested */
- int sess_connect_good; /* SSL new conne/reneg - finished */
- int sess_accept; /* SSL new accept - started */
- int sess_accept_renegotiate;/* SSL reneg - requested */
- int sess_accept_good; /* SSL accept/reneg - finished */
- int sess_miss; /* session lookup misses */
- int sess_timeout; /* reuse attempt on timeouted session */
- int sess_cache_full; /* session removed due to full cache */
- int sess_hit; /* session reuse actually done */
- int sess_cb_hit; /* session-id that was not
- * in the cache was
- * passed back via the callback. This
- * indicates that the application is
- * supplying session-id's from other
- * processes - spooky :-) */
- } stats;
-
- int references;
-
- /* if defined, these override the X509_verify_cert() calls */
- int (*app_verify_callback)(X509_STORE_CTX *, void *);
- void *app_verify_arg;
- /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
- * ('app_verify_callback' was called with just one argument) */
-
- /* Default password callback. */
- pem_password_cb *default_passwd_callback;
-
- /* Default password callback user data. */
- void *default_passwd_callback_userdata;
-
- /* get client cert callback */
- int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-
- /* cookie generate callback */
- int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
- unsigned int *cookie_len);
-
- /* verify cookie callback */
- int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
- unsigned int cookie_len);
-
- CRYPTO_EX_DATA ex_data;
-
- const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
- const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */
- const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */
-
- STACK_OF(X509) *extra_certs;
- STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
-
-
- /* Default values used when no per-SSL value is defined follow */
-
- void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
-
- /* what we put in client cert requests */
- STACK_OF(X509_NAME) *client_CA;
-
-
- /* Default values to use in SSL structures follow (these are copied by SSL_new) */
-
- unsigned long options;
- unsigned long mode;
- long max_cert_list;
-
- struct cert_st /* CERT */ *cert;
- int read_ahead;
-
- /* callback that allows applications to peek at protocol messages */
- void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
- void *msg_callback_arg;
-
- int verify_mode;
- unsigned int sid_ctx_length;
- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
- int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
-
- /* Default generate session ID callback. */
- GEN_SESSION_CB generate_session_id;
-
- X509_VERIFY_PARAM *param;
-
-#if 0
- int purpose; /* Purpose setting */
- int trust; /* Trust setting */
-#endif
-
- int quiet_shutdown;
- };
-
-#define SSL_SESS_CACHE_OFF 0x0000
-#define SSL_SESS_CACHE_CLIENT 0x0001
-#define SSL_SESS_CACHE_SERVER 0x0002
-#define SSL_SESS_CACHE_BOTH (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
-#define SSL_SESS_CACHE_NO_AUTO_CLEAR 0x0080
-/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
-#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100
-#define SSL_SESS_CACHE_NO_INTERNAL_STORE 0x0200
-#define SSL_SESS_CACHE_NO_INTERNAL \
- (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
-
- struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
-#define SSL_CTX_sess_number(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
-#define SSL_CTX_sess_connect(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
-#define SSL_CTX_sess_connect_good(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
-#define SSL_CTX_sess_connect_renegotiate(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
-#define SSL_CTX_sess_accept(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
-#define SSL_CTX_sess_accept_renegotiate(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
-#define SSL_CTX_sess_accept_good(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
-#define SSL_CTX_sess_hits(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
-#define SSL_CTX_sess_cb_hits(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
-#define SSL_CTX_sess_misses(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
-#define SSL_CTX_sess_timeouts(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
-#define SSL_CTX_sess_cache_full(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
-
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
-void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
-
-#define SSL_NOTHING 1
-#define SSL_WRITING 2
-#define SSL_READING 3
-#define SSL_X509_LOOKUP 4
-
-/* These will only be used when doing non-blocking IO */
-#define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING)
-#define SSL_want_read(s) (SSL_want(s) == SSL_READING)
-#define SSL_want_write(s) (SSL_want(s) == SSL_WRITING)
-#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
-
-struct ssl_st
- {
- /* protocol version
- * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
- */
- int version;
- int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
-
- SSL_METHOD *method; /* SSLv3 */
-
- /* There are 2 BIO's even though they are normally both the
- * same. This is so data can be read and written to different
- * handlers */
-
-#ifndef OPENSSL_NO_BIO
- BIO *rbio; /* used by SSL_read */
- BIO *wbio; /* used by SSL_write */
- BIO *bbio; /* used during session-id reuse to concatenate
- * messages */
-#else
- char *rbio; /* used by SSL_read */
- char *wbio; /* used by SSL_write */
- char *bbio;
-#endif
- /* This holds a variable that indicates what we were doing
- * when a 0 or -1 is returned. This is needed for
- * non-blocking IO so we know what request needs re-doing when
- * in SSL_accept or SSL_connect */
- int rwstate;
-
- /* true when we are actually in SSL_accept() or SSL_connect() */
- int in_handshake;
- int (*handshake_func)(SSL *);
-
- /* Imagine that here's a boolean member "init" that is
- * switched as soon as SSL_set_{accept/connect}_state
- * is called for the first time, so that "state" and
- * "handshake_func" are properly initialized. But as
- * handshake_func is == 0 until then, we use this
- * test instead of an "init" member.
- */
-
- int server; /* are we the server side? - mostly used by SSL_clear*/
-
- int new_session;/* 1 if we are to use a new session.
- * 2 if we are a server and are inside a handshake
- * (i.e. not just sending a HelloRequest)
- * NB: For servers, the 'new' session may actually be a previously
- * cached session or even the previous session unless
- * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
- int quiet_shutdown;/* don't send shutdown packets */
- int shutdown; /* we have shut things down, 0x01 sent, 0x02
- * for received */
- int state; /* where we are */
- int rstate; /* where we are when reading */
-
- BUF_MEM *init_buf; /* buffer used during init */
- void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */
- int init_num; /* amount read/written */
- int init_off; /* amount read/written */
-
- /* used internally to point at a raw packet */
- unsigned char *packet;
- unsigned int packet_length;
-
- struct ssl2_state_st *s2; /* SSLv2 variables */
- struct ssl3_state_st *s3; /* SSLv3 variables */
- struct dtls1_state_st *d1; /* DTLSv1 variables */
-
- int read_ahead; /* Read as many input bytes as possible
- * (for non-blocking reads) */
-
- /* callback that allows applications to peek at protocol messages */
- void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
- void *msg_callback_arg;
-
- int hit; /* reusing a previous session */
-
- X509_VERIFY_PARAM *param;
-
-#if 0
- int purpose; /* Purpose setting */
- int trust; /* Trust setting */
-#endif
-
- /* crypto */
- STACK_OF(SSL_CIPHER) *cipher_list;
- STACK_OF(SSL_CIPHER) *cipher_list_by_id;
-
- /* These are the ones being used, the ones in SSL_SESSION are
- * the ones to be 'copied' into these ones */
-
- EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
- const EVP_MD *read_hash; /* used for mac generation */
-#ifndef OPENSSL_NO_COMP
- COMP_CTX *expand; /* uncompress */
-#else
- char *expand;
-#endif
-
- EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
- const EVP_MD *write_hash; /* used for mac generation */
-#ifndef OPENSSL_NO_COMP
- COMP_CTX *compress; /* compression */
-#else
- char *compress;
-#endif
-
- /* session info */
-
- /* client cert? */
- /* This is used to hold the server certificate used */
- struct cert_st /* CERT */ *cert;
-
- /* the session_id_context is used to ensure sessions are only reused
- * in the appropriate context */
- unsigned int sid_ctx_length;
- unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
- /* This can also be in the session once a session is established */
- SSL_SESSION *session;
-
- /* Default generate session ID callback. */
- GEN_SESSION_CB generate_session_id;
-
- /* Used in SSL2 and SSL3 */
- int verify_mode; /* 0 don't care about verify failure.
- * 1 fail if verify fails */
- int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
-
- void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
-
- int error; /* error bytes to be written */
- int error_code; /* actual code */
-
-#ifndef OPENSSL_NO_KRB5
- KSSL_CTX *kssl_ctx; /* Kerberos 5 context */
-#endif /* OPENSSL_NO_KRB5 */
-
- SSL_CTX *ctx;
- /* set this flag to 1 and a sleep(1) is put into all SSL_read()
- * and SSL_write() calls, good for nbio debuging :-) */
- int debug;
-
- /* extra application data */
- long verify_result;
- CRYPTO_EX_DATA ex_data;
-
- /* for server side, keep the list of CA_dn we can use */
- STACK_OF(X509_NAME) *client_CA;
-
- int references;
- unsigned long options; /* protocol behaviour */
- unsigned long mode; /* API behaviour */
- long max_cert_list;
- int first_packet;
- int client_version; /* what was passed, used for
- * SSLv3/TLS rollback check */
- };
-
-#ifdef __cplusplus
-}
-#endif
-
-#include <openssl/ssl2.h>
-#include <openssl/ssl3.h>
-#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
-#include <openssl/dtls1.h> /* Datagram TLS */
-#include <openssl/ssl23.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* compatibility */
-#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
-#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
-#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
-#define SSL_SESSION_get_app_data(s) (SSL_SESSION_get_ex_data(s,0))
-#define SSL_CTX_get_app_data(ctx) (SSL_CTX_get_ex_data(ctx,0))
-#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
-
-/* The following are the possible values for ssl->state are are
- * used to indicate where we are up to in the SSL connection establishment.
- * The macros that follow are about the only things you should need to use
- * and even then, only when using non-blocking IO.
- * It can also be useful to work out where you were when the connection
- * failed */
-
-#define SSL_ST_CONNECT 0x1000
-#define SSL_ST_ACCEPT 0x2000
-#define SSL_ST_MASK 0x0FFF
-#define SSL_ST_INIT (SSL_ST_CONNECT|SSL_ST_ACCEPT)
-#define SSL_ST_BEFORE 0x4000
-#define SSL_ST_OK 0x03
-#define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
-
-#define SSL_CB_LOOP 0x01
-#define SSL_CB_EXIT 0x02
-#define SSL_CB_READ 0x04
-#define SSL_CB_WRITE 0x08
-#define SSL_CB_ALERT 0x4000 /* used in callback */
-#define SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)
-#define SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)
-#define SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)
-#define SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)
-#define SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)
-#define SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)
-#define SSL_CB_HANDSHAKE_START 0x10
-#define SSL_CB_HANDSHAKE_DONE 0x20
-
-/* Is the SSL_connection established? */
-#define SSL_get_state(a) SSL_state(a)
-#define SSL_is_init_finished(a) (SSL_state(a) == SSL_ST_OK)
-#define SSL_in_init(a) (SSL_state(a)&SSL_ST_INIT)
-#define SSL_in_before(a) (SSL_state(a)&SSL_ST_BEFORE)
-#define SSL_in_connect_init(a) (SSL_state(a)&SSL_ST_CONNECT)
-#define SSL_in_accept_init(a) (SSL_state(a)&SSL_ST_ACCEPT)
-
-/* The following 2 states are kept in ssl->rstate when reads fail,
- * you should not need these */
-#define SSL_ST_READ_HEADER 0xF0
-#define SSL_ST_READ_BODY 0xF1
-#define SSL_ST_READ_DONE 0xF2
-
-/* Obtain latest Finished message
- * -- that we sent (SSL_get_finished)
- * -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
-
-/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
- * are 'ored' with SSL_VERIFY_PEER if they are desired */
-#define SSL_VERIFY_NONE 0x00
-#define SSL_VERIFY_PEER 0x01
-#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
-#define SSL_VERIFY_CLIENT_ONCE 0x04
-
-#define OpenSSL_add_ssl_algorithms() SSL_library_init()
-#define SSLeay_add_ssl_algorithms() SSL_library_init()
-
-/* this is for backward compatibility */
-#if 0 /* NEW_SSLEAY */
-#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
-#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
-#define SSL_add_session(a,b) SSL_CTX_add_session((a),(b))
-#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
-#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
-#endif
-/* More backward compatibility */
-#define SSL_get_cipher(s) \
- SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-#define SSL_get_cipher_bits(s,np) \
- SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
-#define SSL_get_cipher_version(s) \
- SSL_CIPHER_get_version(SSL_get_current_cipher(s))
-#define SSL_get_cipher_name(s) \
- SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-#define SSL_get_time(a) SSL_SESSION_get_time(a)
-#define SSL_set_time(a,b) SSL_SESSION_set_time((a),(b))
-#define SSL_get_timeout(a) SSL_SESSION_get_timeout(a)
-#define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b))
-
-#if 1 /*SSLEAY_MACROS*/
-#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
-#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
-#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
- (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
-#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) PEM_ASN1_read_bio_of(SSL_SESSION,d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,cb,u)
-#define PEM_write_SSL_SESSION(fp,x) \
- PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
- PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
-#define PEM_write_bio_SSL_SESSION(bp,x) \
- PEM_ASN1_write_bio_of(SSL_SESSION,i2d_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,x,NULL,NULL,0,NULL,NULL)
-#endif
-
-#define SSL_AD_REASON_OFFSET 1000
-/* These alert types are for SSLv3 and TLSv1 */
-#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY
-#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
-#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */
-#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED
-#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW
-#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
-#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */
-#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Not for TLS */
-#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE
-#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE
-#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED
-#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED
-#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN
-#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */
-#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */
-#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
-#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
-#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
-#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
-#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
-#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
-#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
-#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
-#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
-
-#define SSL_ERROR_NONE 0
-#define SSL_ERROR_SSL 1
-#define SSL_ERROR_WANT_READ 2
-#define SSL_ERROR_WANT_WRITE 3
-#define SSL_ERROR_WANT_X509_LOOKUP 4
-#define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */
-#define SSL_ERROR_ZERO_RETURN 6
-#define SSL_ERROR_WANT_CONNECT 7
-#define SSL_ERROR_WANT_ACCEPT 8
-
-#define SSL_CTRL_NEED_TMP_RSA 1
-#define SSL_CTRL_SET_TMP_RSA 2
-#define SSL_CTRL_SET_TMP_DH 3
-#define SSL_CTRL_SET_TMP_ECDH 4
-#define SSL_CTRL_SET_TMP_RSA_CB 5
-#define SSL_CTRL_SET_TMP_DH_CB 6
-#define SSL_CTRL_SET_TMP_ECDH_CB 7
-
-#define SSL_CTRL_GET_SESSION_REUSED 8
-#define SSL_CTRL_GET_CLIENT_CERT_REQUEST 9
-#define SSL_CTRL_GET_NUM_RENEGOTIATIONS 10
-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11
-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12
-#define SSL_CTRL_GET_FLAGS 13
-#define SSL_CTRL_EXTRA_CHAIN_CERT 14
-
-#define SSL_CTRL_SET_MSG_CALLBACK 15
-#define SSL_CTRL_SET_MSG_CALLBACK_ARG 16
-
-/* only applies to datagram connections */
-#define SSL_CTRL_SET_MTU 17
-/* Stats */
-#define SSL_CTRL_SESS_NUMBER 20
-#define SSL_CTRL_SESS_CONNECT 21
-#define SSL_CTRL_SESS_CONNECT_GOOD 22
-#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23
-#define SSL_CTRL_SESS_ACCEPT 24
-#define SSL_CTRL_SESS_ACCEPT_GOOD 25
-#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26
-#define SSL_CTRL_SESS_HIT 27
-#define SSL_CTRL_SESS_CB_HIT 28
-#define SSL_CTRL_SESS_MISSES 29
-#define SSL_CTRL_SESS_TIMEOUTS 30
-#define SSL_CTRL_SESS_CACHE_FULL 31
-#define SSL_CTRL_OPTIONS 32
-#define SSL_CTRL_MODE 33
-
-#define SSL_CTRL_GET_READ_AHEAD 40
-#define SSL_CTRL_SET_READ_AHEAD 41
-#define SSL_CTRL_SET_SESS_CACHE_SIZE 42
-#define SSL_CTRL_GET_SESS_CACHE_SIZE 43
-#define SSL_CTRL_SET_SESS_CACHE_MODE 44
-#define SSL_CTRL_GET_SESS_CACHE_MODE 45
-
-#define SSL_CTRL_GET_MAX_CERT_LIST 50
-#define SSL_CTRL_SET_MAX_CERT_LIST 51
-
-#define SSL_session_reused(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
-#define SSL_num_renegotiations(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
-#define SSL_clear_num_renegotiations(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
-#define SSL_total_renegotiations(ssl) \
- SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
-
-#define SSL_CTX_need_tmp_RSA(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-#define SSL_CTX_set_tmp_dh(ctx,dh) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-
-#define SSL_need_tmp_RSA(ssl) \
- SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-#define SSL_set_tmp_rsa(ssl,rsa) \
- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-#define SSL_set_tmp_dh(ssl,dh) \
- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-#define SSL_set_tmp_ecdh(ssl,ecdh) \
- SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-
-#define SSL_CTX_add_extra_chain_cert(ctx,x509) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
-
-#ifndef OPENSSL_NO_BIO
-BIO_METHOD *BIO_f_ssl(void);
-BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to,BIO *from);
-void BIO_ssl_shutdown(BIO *ssl_bio);
-
-#endif
-
-int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
-SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
-void SSL_CTX_free(SSL_CTX *);
-long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
-long SSL_CTX_get_timeout(const SSL_CTX *ctx);
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
-void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
-int SSL_want(const SSL *s);
-int SSL_clear(SSL *s);
-
-void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
-
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-int SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
-char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
-const char * SSL_CIPHER_get_name(const SSL_CIPHER *c);
-
-int SSL_get_fd(const SSL *s);
-int SSL_get_rfd(const SSL *s);
-int SSL_get_wfd(const SSL *s);
-const char * SSL_get_cipher_list(const SSL *s,int n);
-char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
-int SSL_get_read_ahead(const SSL * s);
-int SSL_pending(const SSL *s);
-#ifndef OPENSSL_NO_SOCK
-int SSL_set_fd(SSL *s, int fd);
-int SSL_set_rfd(SSL *s, int fd);
-int SSL_set_wfd(SSL *s, int fd);
-#endif
-#ifndef OPENSSL_NO_BIO
-void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
-BIO * SSL_get_rbio(const SSL *s);
-BIO * SSL_get_wbio(const SSL *s);
-#endif
-int SSL_set_cipher_list(SSL *s, const char *str);
-void SSL_set_read_ahead(SSL *s, int yes);
-int SSL_get_verify_mode(const SSL *s);
-int SSL_get_verify_depth(const SSL *s);
-int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
-void SSL_set_verify(SSL *s, int mode,
- int (*callback)(int ok,X509_STORE_CTX *ctx));
-void SSL_set_verify_depth(SSL *s, int depth);
-#ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-#endif
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
-int SSL_use_certificate(SSL *ssl, X509 *x);
-int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
-int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
- const char *file);
-#ifndef OPENSSL_SYS_VMS
-#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
- const char *dir);
-#endif
-#endif
-
-#endif
-
-void SSL_load_error_strings(void );
-const char *SSL_state_string(const SSL *s);
-const char *SSL_rstate_string(const SSL *s);
-const char *SSL_state_string_long(const SSL *s);
-const char *SSL_rstate_string_long(const SSL *s);
-long SSL_SESSION_get_time(const SSL_SESSION *s);
-long SSL_SESSION_set_time(SSL_SESSION *s, long t);
-long SSL_SESSION_get_timeout(const SSL_SESSION *s);
-long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-void SSL_copy_session_id(SSL *to,const SSL *from);
-
-SSL_SESSION *SSL_SESSION_new(void);
-unsigned long SSL_SESSION_hash(const SSL_SESSION *a);
-int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b);
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len);
-#ifndef OPENSSL_NO_FP_API
-int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
-#endif
-#ifndef OPENSSL_NO_BIO
-int SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
-#endif
-void SSL_SESSION_free(SSL_SESSION *ses);
-int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
-int SSL_set_session(SSL *to, SSL_SESSION *session);
-int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
-int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
-int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
-int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
- unsigned int id_len);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
- long length);
-
-#ifdef HEADER_X509_H
-X509 * SSL_get_peer_certificate(const SSL *s);
-#endif
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
-
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
- int (*callback)(int, X509_STORE_CTX *));
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
-#ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
-#endif
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
- const unsigned char *d, long len);
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
-
-int SSL_CTX_check_private_key(const SSL_CTX *ctx);
-int SSL_check_private_key(const SSL *ctx);
-
-int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
- unsigned int sid_ctx_len);
-
-SSL * SSL_new(SSL_CTX *ctx);
-int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
- unsigned int sid_ctx_len);
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
-int SSL_set_purpose(SSL *s, int purpose);
-int SSL_CTX_set_trust(SSL_CTX *s, int trust);
-int SSL_set_trust(SSL *s, int trust);
-
-void SSL_free(SSL *ssl);
-int SSL_accept(SSL *ssl);
-int SSL_connect(SSL *ssl);
-int SSL_read(SSL *ssl,void *buf,int num);
-int SSL_peek(SSL *ssl,void *buf,int num);
-int SSL_write(SSL *ssl,const void *buf,int num);
-long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
-long SSL_callback_ctrl(SSL *, int, void (*)(void));
-long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
-long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
-
-int SSL_get_error(const SSL *s,int ret_code);
-const char *SSL_get_version(const SSL *s);
-
-/* This sets the 'default' SSL version that SSL_new() will create */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
-
-SSL_METHOD *SSLv2_method(void); /* SSLv2 */
-SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
-SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
-
-SSL_METHOD *SSLv3_method(void); /* SSLv3 */
-SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
-SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */
-
-SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
-SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
-SSL_METHOD *SSLv23_client_method(void); /* SSLv3 but can rollback to v2 */
-
-SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */
-SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */
-SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */
-
-SSL_METHOD *DTLSv1_method(void); /* DTLSv1.0 */
-SSL_METHOD *DTLSv1_server_method(void); /* DTLSv1.0 */
-SSL_METHOD *DTLSv1_client_method(void); /* DTLSv1.0 */
-
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
-
-int SSL_do_handshake(SSL *s);
-int SSL_renegotiate(SSL *s);
-int SSL_renegotiate_pending(SSL *s);
-int SSL_shutdown(SSL *s);
-
-SSL_METHOD *SSL_get_ssl_method(SSL *s);
-int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
-const char *SSL_alert_type_string_long(int value);
-const char *SSL_alert_type_string(int value);
-const char *SSL_alert_desc_string_long(int value);
-const char *SSL_alert_desc_string(int value);
-
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
-int SSL_add_client_CA(SSL *ssl,X509 *x);
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
-
-void SSL_set_connect_state(SSL *s);
-void SSL_set_accept_state(SSL *s);
-
-long SSL_get_default_timeout(const SSL *s);
-
-int SSL_library_init(void );
-
-char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
-
-SSL *SSL_dup(SSL *ssl);
-
-X509 *SSL_get_certificate(const SSL *ssl);
-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(SSL *ssl);
-
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
-void SSL_set_quiet_shutdown(SSL *ssl,int mode);
-int SSL_get_quiet_shutdown(const SSL *ssl);
-void SSL_set_shutdown(SSL *ssl,int mode);
-int SSL_get_shutdown(const SSL *ssl);
-int SSL_version(const SSL *ssl);
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
- const char *CApath);
-#define SSL_get0_session SSL_get_session /* just peek at pointer */
-SSL_SESSION *SSL_get_session(const SSL *ssl);
-SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
-void SSL_set_info_callback(SSL *ssl,
- void (*cb)(const SSL *ssl,int type,int val));
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
-int SSL_state(const SSL *ssl);
-
-void SSL_set_verify_result(SSL *ssl,long v);
-long SSL_get_verify_result(const SSL *ssl);
-
-int SSL_set_ex_data(SSL *ssl,int idx,void *data);
-void *SSL_get_ex_data(const SSL *ssl,int idx);
-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_get_ex_data_X509_STORE_CTX_idx(void );
-
-#define SSL_CTX_sess_set_cache_size(ctx,t) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
-#define SSL_CTX_sess_get_cache_size(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
-#define SSL_CTX_set_session_cache_mode(ctx,m) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
-#define SSL_CTX_get_session_cache_mode(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
-
-#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
-#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
-#define SSL_CTX_get_read_ahead(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
-#define SSL_CTX_set_read_ahead(ctx,m) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
-#define SSL_CTX_get_max_cert_list(ctx) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-#define SSL_CTX_set_max_cert_list(ctx,m) \
- SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-#define SSL_get_max_cert_list(ssl) \
- SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-#define SSL_set_max_cert_list(ssl,m) \
- SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-
- /* NB: the keylength is only applicable when is_export is true */
-#ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
- RSA *(*cb)(SSL *ssl,int is_export,
- int keylength));
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,
- RSA *(*cb)(SSL *ssl,int is_export,
- int keylength));
-#endif
-#ifndef OPENSSL_NO_DH
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
- DH *(*dh)(SSL *ssl,int is_export,
- int keylength));
-void SSL_set_tmp_dh_callback(SSL *ssl,
- DH *(*dh)(SSL *ssl,int is_export,
- int keylength));
-#endif
-#ifndef OPENSSL_NO_ECDH
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
- EC_KEY *(*ecdh)(SSL *ssl,int is_export,
- int keylength));
-void SSL_set_tmp_ecdh_callback(SSL *ssl,
- EC_KEY *(*ecdh)(SSL *ssl,int is_export,
- int keylength));
-#endif
-
-#ifndef OPENSSL_NO_COMP
-const COMP_METHOD *SSL_get_current_compression(SSL *s);
-const COMP_METHOD *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const COMP_METHOD *comp);
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
-#else
-const void *SSL_get_current_compression(SSL *s);
-const void *SSL_get_current_expansion(SSL *s);
-const char *SSL_COMP_get_name(const void *comp);
-void *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,void *cm);
-#endif
-
-/* BEGIN ERROR CODES */
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_SSL_strings(void);
-
-/* Error codes for the SSL functions. */
-
-/* Function codes. */
-#define SSL_F_CLIENT_CERTIFICATE 100
-#define SSL_F_CLIENT_FINISHED 167
-#define SSL_F_CLIENT_HELLO 101
-#define SSL_F_CLIENT_MASTER_KEY 102
-#define SSL_F_D2I_SSL_SESSION 103
-#define SSL_F_DO_DTLS1_WRITE 245
-#define SSL_F_DO_SSL3_WRITE 104
-#define SSL_F_DTLS1_ACCEPT 246
-#define SSL_F_DTLS1_BUFFER_RECORD 247
-#define SSL_F_DTLS1_CLIENT_HELLO 248
-#define SSL_F_DTLS1_CONNECT 249
-#define SSL_F_DTLS1_ENC 250
-#define SSL_F_DTLS1_GET_HELLO_VERIFY 251
-#define SSL_F_DTLS1_GET_MESSAGE 252
-#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT 253
-#define SSL_F_DTLS1_GET_RECORD 254
-#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN 255
-#define SSL_F_DTLS1_PREPROCESS_FRAGMENT 277
-#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE 256
-#define SSL_F_DTLS1_PROCESS_RECORD 257
-#define SSL_F_DTLS1_READ_BYTES 258
-#define SSL_F_DTLS1_READ_FAILED 259
-#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST 260
-#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE 261
-#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE 262
-#define SSL_F_DTLS1_SEND_CLIENT_VERIFY 263
-#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST 264
-#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE 265
-#define SSL_F_DTLS1_SEND_SERVER_HELLO 266
-#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267
-#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268
-#define SSL_F_GET_CLIENT_FINISHED 105
-#define SSL_F_GET_CLIENT_HELLO 106
-#define SSL_F_GET_CLIENT_MASTER_KEY 107
-#define SSL_F_GET_SERVER_FINISHED 108
-#define SSL_F_GET_SERVER_HELLO 109
-#define SSL_F_GET_SERVER_VERIFY 110
-#define SSL_F_I2D_SSL_SESSION 111
-#define SSL_F_READ_N 112
-#define SSL_F_REQUEST_CERTIFICATE 113
-#define SSL_F_SERVER_FINISH 239
-#define SSL_F_SERVER_HELLO 114
-#define SSL_F_SERVER_VERIFY 240
-#define SSL_F_SSL23_ACCEPT 115
-#define SSL_F_SSL23_CLIENT_HELLO 116
-#define SSL_F_SSL23_CONNECT 117
-#define SSL_F_SSL23_GET_CLIENT_HELLO 118
-#define SSL_F_SSL23_GET_SERVER_HELLO 119
-#define SSL_F_SSL23_PEEK 237
-#define SSL_F_SSL23_READ 120
-#define SSL_F_SSL23_WRITE 121
-#define SSL_F_SSL2_ACCEPT 122
-#define SSL_F_SSL2_CONNECT 123
-#define SSL_F_SSL2_ENC_INIT 124
-#define SSL_F_SSL2_GENERATE_KEY_MATERIAL 241
-#define SSL_F_SSL2_PEEK 234
-#define SSL_F_SSL2_READ 125
-#define SSL_F_SSL2_READ_INTERNAL 236
-#define SSL_F_SSL2_SET_CERTIFICATE 126
-#define SSL_F_SSL2_WRITE 127
-#define SSL_F_SSL3_ACCEPT 128
-#define SSL_F_SSL3_CALLBACK_CTRL 233
-#define SSL_F_SSL3_CHANGE_CIPHER_STATE 129
-#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130
-#define SSL_F_SSL3_CLIENT_HELLO 131
-#define SSL_F_SSL3_CONNECT 132
-#define SSL_F_SSL3_CTRL 213
-#define SSL_F_SSL3_CTX_CTRL 133
-#define SSL_F_SSL3_ENC 134
-#define SSL_F_SSL3_GENERATE_KEY_BLOCK 238
-#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135
-#define SSL_F_SSL3_GET_CERT_VERIFY 136
-#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137
-#define SSL_F_SSL3_GET_CLIENT_HELLO 138
-#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE 139
-#define SSL_F_SSL3_GET_FINISHED 140
-#define SSL_F_SSL3_GET_KEY_EXCHANGE 141
-#define SSL_F_SSL3_GET_MESSAGE 142
-#define SSL_F_SSL3_GET_RECORD 143
-#define SSL_F_SSL3_GET_SERVER_CERTIFICATE 144
-#define SSL_F_SSL3_GET_SERVER_DONE 145
-#define SSL_F_SSL3_GET_SERVER_HELLO 146
-#define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147
-#define SSL_F_SSL3_PEEK 235
-#define SSL_F_SSL3_READ_BYTES 148
-#define SSL_F_SSL3_READ_N 149
-#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150
-#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE 151
-#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE 152
-#define SSL_F_SSL3_SEND_CLIENT_VERIFY 153
-#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE 154
-#define SSL_F_SSL3_SEND_SERVER_HELLO 242
-#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE 155
-#define SSL_F_SSL3_SETUP_BUFFERS 156
-#define SSL_F_SSL3_SETUP_KEY_BLOCK 157
-#define SSL_F_SSL3_WRITE_BYTES 158
-#define SSL_F_SSL3_WRITE_PENDING 159
-#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215
-#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216
-#define SSL_F_SSL_BAD_METHOD 160
-#define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161
-#define SSL_F_SSL_CERT_DUP 221
-#define SSL_F_SSL_CERT_INST 222
-#define SSL_F_SSL_CERT_INSTANTIATE 214
-#define SSL_F_SSL_CERT_NEW 162
-#define SSL_F_SSL_CHECK_PRIVATE_KEY 163
-#define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230
-#define SSL_F_SSL_CIPHER_STRENGTH_SORT 231
-#define SSL_F_SSL_CLEAR 164
-#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165
-#define SSL_F_SSL_CREATE_CIPHER_LIST 166
-#define SSL_F_SSL_CTRL 232
-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168
-#define SSL_F_SSL_CTX_NEW 169
-#define SSL_F_SSL_CTX_SET_CIPHER_LIST 269
-#define SSL_F_SSL_CTX_SET_PURPOSE 226
-#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219
-#define SSL_F_SSL_CTX_SET_SSL_VERSION 170
-#define SSL_F_SSL_CTX_SET_TRUST 229
-#define SSL_F_SSL_CTX_USE_CERTIFICATE 171
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY 174
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179
-#define SSL_F_SSL_DO_HANDSHAKE 180
-#define SSL_F_SSL_GET_NEW_SESSION 181
-#define SSL_F_SSL_GET_PREV_SESSION 217
-#define SSL_F_SSL_GET_SERVER_SEND_CERT 182
-#define SSL_F_SSL_GET_SIGN_PKEY 183
-#define SSL_F_SSL_INIT_WBIO_BUFFER 184
-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185
-#define SSL_F_SSL_NEW 186
-#define SSL_F_SSL_PEEK 270
-#define SSL_F_SSL_READ 223
-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187
-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188
-#define SSL_F_SSL_SESSION_NEW 189
-#define SSL_F_SSL_SESSION_PRINT_FP 190
-#define SSL_F_SSL_SESS_CERT_NEW 225
-#define SSL_F_SSL_SET_CERT 191
-#define SSL_F_SSL_SET_CIPHER_LIST 271
-#define SSL_F_SSL_SET_FD 192
-#define SSL_F_SSL_SET_PKEY 193
-#define SSL_F_SSL_SET_PURPOSE 227
-#define SSL_F_SSL_SET_RFD 194
-#define SSL_F_SSL_SET_SESSION 195
-#define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218
-#define SSL_F_SSL_SET_TRUST 228
-#define SSL_F_SSL_SET_WFD 196
-#define SSL_F_SSL_SHUTDOWN 224
-#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION 243
-#define SSL_F_SSL_UNDEFINED_FUNCTION 197
-#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION 244
-#define SSL_F_SSL_USE_CERTIFICATE 198
-#define SSL_F_SSL_USE_CERTIFICATE_ASN1 199
-#define SSL_F_SSL_USE_CERTIFICATE_FILE 200
-#define SSL_F_SSL_USE_PRIVATEKEY 201
-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202
-#define SSL_F_SSL_USE_PRIVATEKEY_FILE 203
-#define SSL_F_SSL_USE_RSAPRIVATEKEY 204
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206
-#define SSL_F_SSL_VERIFY_CERT_CHAIN 207
-#define SSL_F_SSL_WRITE 208
-#define SSL_F_TLS1_CHANGE_CIPHER_STATE 209
-#define SSL_F_TLS1_ENC 210
-#define SSL_F_TLS1_SETUP_KEY_BLOCK 211
-#define SSL_F_WRITE_PENDING 212
-
-/* Reason codes. */
-#define SSL_R_APP_DATA_IN_HANDSHAKE 100
-#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
-#define SSL_R_BAD_ALERT_RECORD 101
-#define SSL_R_BAD_AUTHENTICATION_TYPE 102
-#define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
-#define SSL_R_BAD_CHECKSUM 104
-#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
-#define SSL_R_BAD_DECOMPRESSION 107
-#define SSL_R_BAD_DH_G_LENGTH 108
-#define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
-#define SSL_R_BAD_DH_P_LENGTH 110
-#define SSL_R_BAD_DIGEST_LENGTH 111
-#define SSL_R_BAD_DSA_SIGNATURE 112
-#define SSL_R_BAD_ECC_CERT 304
-#define SSL_R_BAD_ECDSA_SIGNATURE 305
-#define SSL_R_BAD_ECPOINT 306
-#define SSL_R_BAD_HELLO_REQUEST 105
-#define SSL_R_BAD_LENGTH 271
-#define SSL_R_BAD_MAC_DECODE 113
-#define SSL_R_BAD_MESSAGE_TYPE 114
-#define SSL_R_BAD_PACKET_LENGTH 115
-#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER 116
-#define SSL_R_BAD_RESPONSE_ARGUMENT 117
-#define SSL_R_BAD_RSA_DECRYPT 118
-#define SSL_R_BAD_RSA_ENCRYPT 119
-#define SSL_R_BAD_RSA_E_LENGTH 120
-#define SSL_R_BAD_RSA_MODULUS_LENGTH 121
-#define SSL_R_BAD_RSA_SIGNATURE 122
-#define SSL_R_BAD_SIGNATURE 123
-#define SSL_R_BAD_SSL_FILETYPE 124
-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH 125
-#define SSL_R_BAD_STATE 126
-#define SSL_R_BAD_WRITE_RETRY 127
-#define SSL_R_BIO_NOT_SET 128
-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 129
-#define SSL_R_BN_LIB 130
-#define SSL_R_CA_DN_LENGTH_MISMATCH 131
-#define SSL_R_CA_DN_TOO_LONG 132
-#define SSL_R_CCS_RECEIVED_EARLY 133
-#define SSL_R_CERTIFICATE_VERIFY_FAILED 134
-#define SSL_R_CERT_LENGTH_MISMATCH 135
-#define SSL_R_CHALLENGE_IS_DIFFERENT 136
-#define SSL_R_CIPHER_CODE_WRONG_LENGTH 137
-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE 138
-#define SSL_R_CIPHER_TABLE_SRC_ERROR 139
-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140
-#define SSL_R_COMPRESSION_FAILURE 141
-#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE 307
-#define SSL_R_COMPRESSION_LIBRARY_ERROR 142
-#define SSL_R_CONNECTION_ID_IS_DIFFERENT 143
-#define SSL_R_CONNECTION_TYPE_NOT_SET 144
-#define SSL_R_COOKIE_MISMATCH 308
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145
-#define SSL_R_DATA_LENGTH_TOO_LONG 146
-#define SSL_R_DECRYPTION_FAILED 147
-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148
-#define SSL_R_DIGEST_CHECK_FAILED 149
-#define SSL_R_DUPLICATE_COMPRESSION_ID 309
-#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150
-#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 282
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE 152
-#define SSL_R_EXTRA_DATA_IN_MESSAGE 153
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154
-#define SSL_R_HTTPS_PROXY_REQUEST 155
-#define SSL_R_HTTP_REQUEST 156
-#define SSL_R_ILLEGAL_PADDING 283
-#define SSL_R_INVALID_CHALLENGE_LENGTH 158
-#define SSL_R_INVALID_COMMAND 280
-#define SSL_R_INVALID_PURPOSE 278
-#define SSL_R_INVALID_TRUST 279
-#define SSL_R_KEY_ARG_TOO_LONG 284
-#define SSL_R_KRB5 285
-#define SSL_R_KRB5_C_CC_PRINC 286
-#define SSL_R_KRB5_C_GET_CRED 287
-#define SSL_R_KRB5_C_INIT 288
-#define SSL_R_KRB5_C_MK_REQ 289
-#define SSL_R_KRB5_S_BAD_TICKET 290
-#define SSL_R_KRB5_S_INIT 291
-#define SSL_R_KRB5_S_RD_REQ 292
-#define SSL_R_KRB5_S_TKT_EXPIRED 293
-#define SSL_R_KRB5_S_TKT_NYV 294
-#define SSL_R_KRB5_S_TKT_SKEW 295
-#define SSL_R_LENGTH_MISMATCH 159
-#define SSL_R_LENGTH_TOO_SHORT 160
-#define SSL_R_LIBRARY_BUG 274
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS 161
-#define SSL_R_MESSAGE_TOO_LONG 296
-#define SSL_R_MISSING_DH_DSA_CERT 162
-#define SSL_R_MISSING_DH_KEY 163
-#define SSL_R_MISSING_DH_RSA_CERT 164
-#define SSL_R_MISSING_DSA_SIGNING_CERT 165
-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166
-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167
-#define SSL_R_MISSING_RSA_CERTIFICATE 168
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169
-#define SSL_R_MISSING_RSA_SIGNING_CERT 170
-#define SSL_R_MISSING_TMP_DH_KEY 171
-#define SSL_R_MISSING_TMP_ECDH_KEY 311
-#define SSL_R_MISSING_TMP_RSA_KEY 172
-#define SSL_R_MISSING_TMP_RSA_PKEY 173
-#define SSL_R_MISSING_VERIFY_MESSAGE 174
-#define SSL_R_NON_SSLV2_INITIAL_PACKET 175
-#define SSL_R_NO_CERTIFICATES_RETURNED 176
-#define SSL_R_NO_CERTIFICATE_ASSIGNED 177
-#define SSL_R_NO_CERTIFICATE_RETURNED 178
-#define SSL_R_NO_CERTIFICATE_SET 179
-#define SSL_R_NO_CERTIFICATE_SPECIFIED 180
-#define SSL_R_NO_CIPHERS_AVAILABLE 181
-#define SSL_R_NO_CIPHERS_PASSED 182
-#define SSL_R_NO_CIPHERS_SPECIFIED 183
-#define SSL_R_NO_CIPHER_LIST 184
-#define SSL_R_NO_CIPHER_MATCH 185
-#define SSL_R_NO_CLIENT_CERT_RECEIVED 186
-#define SSL_R_NO_COMPRESSION_SPECIFIED 187
-#define SSL_R_NO_METHOD_SPECIFIED 188
-#define SSL_R_NO_PRIVATEKEY 189
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190
-#define SSL_R_NO_PROTOCOLS_AVAILABLE 191
-#define SSL_R_NO_PUBLICKEY 192
-#define SSL_R_NO_SHARED_CIPHER 193
-#define SSL_R_NO_VERIFY_CALLBACK 194
-#define SSL_R_NULL_SSL_CTX 195
-#define SSL_R_NULL_SSL_METHOD_PASSED 196
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197
-#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE 297
-#define SSL_R_PACKET_LENGTH_TOO_LONG 198
-#define SSL_R_PATH_TOO_LONG 270
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199
-#define SSL_R_PEER_ERROR 200
-#define SSL_R_PEER_ERROR_CERTIFICATE 201
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE 202
-#define SSL_R_PEER_ERROR_NO_CIPHER 203
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206
-#define SSL_R_PROTOCOL_IS_SHUTDOWN 207
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208
-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209
-#define SSL_R_PUBLIC_KEY_NOT_RSA 210
-#define SSL_R_READ_BIO_NOT_SET 211
-#define SSL_R_READ_TIMEOUT_EXPIRED 312
-#define SSL_R_READ_WRONG_PACKET_TYPE 212
-#define SSL_R_RECORD_LENGTH_MISMATCH 213
-#define SSL_R_RECORD_TOO_LARGE 214
-#define SSL_R_RECORD_TOO_SMALL 298
-#define SSL_R_REQUIRED_CIPHER_MISSING 215
-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216
-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217
-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218
-#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277
-#define SSL_R_SHORT_READ 219
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220
-#define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221
-#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG 299
-#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222
-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
-#define SSL_R_SSL_HANDSHAKE_FAILURE 229
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230
-#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 301
-#define SSL_R_SSL_SESSION_ID_CONFLICT 302
-#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273
-#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 303
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231
-#define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
-#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
-#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
-#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
-#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
-#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
-#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
-#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
-#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
-#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
-#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
-#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235
-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236
-#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS 313
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238
-#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS 314
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239
-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240
-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241
-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242
-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243
-#define SSL_R_UNEXPECTED_MESSAGE 244
-#define SSL_R_UNEXPECTED_RECORD 245
-#define SSL_R_UNINITIALIZED 276
-#define SSL_R_UNKNOWN_ALERT_TYPE 246
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247
-#define SSL_R_UNKNOWN_CIPHER_RETURNED 248
-#define SSL_R_UNKNOWN_CIPHER_TYPE 249
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250
-#define SSL_R_UNKNOWN_PKEY_TYPE 251
-#define SSL_R_UNKNOWN_PROTOCOL 252
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253
-#define SSL_R_UNKNOWN_SSL_VERSION 254
-#define SSL_R_UNKNOWN_STATE 255
-#define SSL_R_UNSUPPORTED_CIPHER 256
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257
-#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE 315
-#define SSL_R_UNSUPPORTED_PROTOCOL 258
-#define SSL_R_UNSUPPORTED_SSL_VERSION 259
-#define SSL_R_WRITE_BIO_NOT_SET 260
-#define SSL_R_WRONG_CIPHER_RETURNED 261
-#define SSL_R_WRONG_MESSAGE_TYPE 262
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263
-#define SSL_R_WRONG_SIGNATURE_LENGTH 264
-#define SSL_R_WRONG_SIGNATURE_SIZE 265
-#define SSL_R_WRONG_SSL_VERSION 266
-#define SSL_R_WRONG_VERSION_NUMBER 267
-#define SSL_R_X509_LIB 268
-#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/openssl/ssl/ssl2.h b/crypto/openssl/ssl/ssl2.h
deleted file mode 100644
index 99a52ea..0000000
--- a/crypto/openssl/ssl/ssl2.h
+++ /dev/null
@@ -1,268 +0,0 @@
-/* ssl/ssl2.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SSL2_H
-#define HEADER_SSL2_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Protocol Version Codes */
-#define SSL2_VERSION 0x0002
-#define SSL2_VERSION_MAJOR 0x00
-#define SSL2_VERSION_MINOR 0x02
-/* #define SSL2_CLIENT_VERSION 0x0002 */
-/* #define SSL2_SERVER_VERSION 0x0002 */
-
-/* Protocol Message Codes */
-#define SSL2_MT_ERROR 0
-#define SSL2_MT_CLIENT_HELLO 1
-#define SSL2_MT_CLIENT_MASTER_KEY 2
-#define SSL2_MT_CLIENT_FINISHED 3
-#define SSL2_MT_SERVER_HELLO 4
-#define SSL2_MT_SERVER_VERIFY 5
-#define SSL2_MT_SERVER_FINISHED 6
-#define SSL2_MT_REQUEST_CERTIFICATE 7
-#define SSL2_MT_CLIENT_CERTIFICATE 8
-
-/* Error Message Codes */
-#define SSL2_PE_UNDEFINED_ERROR 0x0000
-#define SSL2_PE_NO_CIPHER 0x0001
-#define SSL2_PE_NO_CERTIFICATE 0x0002
-#define SSL2_PE_BAD_CERTIFICATE 0x0004
-#define SSL2_PE_UNSUPPORTED_CERTIFICATE_TYPE 0x0006
-
-/* Cipher Kind Values */
-#define SSL2_CK_NULL_WITH_MD5 0x02000000 /* v3 */
-#define SSL2_CK_RC4_128_WITH_MD5 0x02010080
-#define SSL2_CK_RC4_128_EXPORT40_WITH_MD5 0x02020080
-#define SSL2_CK_RC2_128_CBC_WITH_MD5 0x02030080
-#define SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5 0x02040080
-#define SSL2_CK_IDEA_128_CBC_WITH_MD5 0x02050080
-#define SSL2_CK_DES_64_CBC_WITH_MD5 0x02060040
-#define SSL2_CK_DES_64_CBC_WITH_SHA 0x02060140 /* v3 */
-#define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5 0x020700c0
-#define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA 0x020701c0 /* v3 */
-#define SSL2_CK_RC4_64_WITH_MD5 0x02080080 /* MS hack */
-
-#define SSL2_CK_DES_64_CFB64_WITH_MD5_1 0x02ff0800 /* SSLeay */
-#define SSL2_CK_NULL 0x02ff0810 /* SSLeay */
-
-#define SSL2_TXT_DES_64_CFB64_WITH_MD5_1 "DES-CFB-M1"
-#define SSL2_TXT_NULL_WITH_MD5 "NULL-MD5"
-#define SSL2_TXT_RC4_128_WITH_MD5 "RC4-MD5"
-#define SSL2_TXT_RC4_128_EXPORT40_WITH_MD5 "EXP-RC4-MD5"
-#define SSL2_TXT_RC2_128_CBC_WITH_MD5 "RC2-CBC-MD5"
-#define SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 "EXP-RC2-CBC-MD5"
-#define SSL2_TXT_IDEA_128_CBC_WITH_MD5 "IDEA-CBC-MD5"
-#define SSL2_TXT_DES_64_CBC_WITH_MD5 "DES-CBC-MD5"
-#define SSL2_TXT_DES_64_CBC_WITH_SHA "DES-CBC-SHA"
-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 "DES-CBC3-MD5"
-#define SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA "DES-CBC3-SHA"
-#define SSL2_TXT_RC4_64_WITH_MD5 "RC4-64-MD5"
-
-#define SSL2_TXT_NULL "NULL"
-
-/* Flags for the SSL_CIPHER.algorithm2 field */
-#define SSL2_CF_5_BYTE_ENC 0x01
-#define SSL2_CF_8_BYTE_ENC 0x02
-
-/* Certificate Type Codes */
-#define SSL2_CT_X509_CERTIFICATE 0x01
-
-/* Authentication Type Code */
-#define SSL2_AT_MD5_WITH_RSA_ENCRYPTION 0x01
-
-#define SSL2_MAX_SSL_SESSION_ID_LENGTH 32
-
-/* Upper/Lower Bounds */
-#define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256
-#ifdef OPENSSL_SYS_MPE
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u
-#else
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */
-#endif
-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */
-
-#define SSL2_CHALLENGE_LENGTH 16
-/*#define SSL2_CHALLENGE_LENGTH 32 */
-#define SSL2_MIN_CHALLENGE_LENGTH 16
-#define SSL2_MAX_CHALLENGE_LENGTH 32
-#define SSL2_CONNECTION_ID_LENGTH 16
-#define SSL2_MAX_CONNECTION_ID_LENGTH 16
-#define SSL2_SSL_SESSION_ID_LENGTH 16
-#define SSL2_MAX_CERT_CHALLENGE_LENGTH 32
-#define SSL2_MIN_CERT_CHALLENGE_LENGTH 16
-#define SSL2_MAX_KEY_MATERIAL_LENGTH 24
-
-#ifndef HEADER_SSL_LOCL_H
-#define CERT char
-#endif
-
-typedef struct ssl2_state_st
- {
- int three_byte_header;
- int clear_text; /* clear text */
- int escape; /* not used in SSLv2 */
- int ssl2_rollback; /* used if SSLv23 rolled back to SSLv2 */
-
- /* non-blocking io info, used to make sure the same
- * args were passwd */
- unsigned int wnum; /* number of bytes sent so far */
- int wpend_tot;
- const unsigned char *wpend_buf;
-
- int wpend_off; /* offset to data to write */
- int wpend_len; /* number of bytes passwd to write */
- int wpend_ret; /* number of bytes to return to caller */
-
- /* buffer raw data */
- int rbuf_left;
- int rbuf_offs;
- unsigned char *rbuf;
- unsigned char *wbuf;
-
- unsigned char *write_ptr;/* used to point to the start due to
- * 2/3 byte header. */
-
- unsigned int padding;
- unsigned int rlength; /* passed to ssl2_enc */
- int ract_data_length; /* Set when things are encrypted. */
- unsigned int wlength; /* passed to ssl2_enc */
- int wact_data_length; /* Set when things are decrypted. */
- unsigned char *ract_data;
- unsigned char *wact_data;
- unsigned char *mac_data;
-
- unsigned char *read_key;
- unsigned char *write_key;
-
- /* Stuff specifically to do with this SSL session */
- unsigned int challenge_length;
- unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
- unsigned int conn_id_length;
- unsigned char conn_id[SSL2_MAX_CONNECTION_ID_LENGTH];
- unsigned int key_material_length;
- unsigned char key_material[SSL2_MAX_KEY_MATERIAL_LENGTH*2];
-
- unsigned long read_sequence;
- unsigned long write_sequence;
-
- struct {
- unsigned int conn_id_length;
- unsigned int cert_type;
- unsigned int cert_length;
- unsigned int csl;
- unsigned int clear;
- unsigned int enc;
- unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
- unsigned int cipher_spec_length;
- unsigned int session_id_length;
- unsigned int clen;
- unsigned int rlen;
- } tmp;
- } SSL2_STATE;
-
-/* SSLv2 */
-/* client */
-#define SSL2_ST_SEND_CLIENT_HELLO_A (0x10|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_HELLO_B (0x11|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_HELLO_A (0x20|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_HELLO_B (0x21|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_A (0x30|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_MASTER_KEY_B (0x31|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_FINISHED_A (0x40|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_FINISHED_B (0x41|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_A (0x50|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_B (0x51|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_C (0x52|SSL_ST_CONNECT)
-#define SSL2_ST_SEND_CLIENT_CERTIFICATE_D (0x53|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_VERIFY_A (0x60|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_VERIFY_B (0x61|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_FINISHED_A (0x70|SSL_ST_CONNECT)
-#define SSL2_ST_GET_SERVER_FINISHED_B (0x71|SSL_ST_CONNECT)
-#define SSL2_ST_CLIENT_START_ENCRYPTION (0x80|SSL_ST_CONNECT)
-#define SSL2_ST_X509_GET_CLIENT_CERTIFICATE (0x90|SSL_ST_CONNECT)
-/* server */
-#define SSL2_ST_GET_CLIENT_HELLO_A (0x10|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_HELLO_B (0x11|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_HELLO_C (0x12|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_HELLO_A (0x20|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_HELLO_B (0x21|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_MASTER_KEY_A (0x30|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_MASTER_KEY_B (0x31|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_A (0x40|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_B (0x41|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_VERIFY_C (0x42|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_FINISHED_A (0x50|SSL_ST_ACCEPT)
-#define SSL2_ST_GET_CLIENT_FINISHED_B (0x51|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_FINISHED_A (0x60|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_SERVER_FINISHED_B (0x61|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_A (0x70|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_B (0x71|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_C (0x72|SSL_ST_ACCEPT)
-#define SSL2_ST_SEND_REQUEST_CERTIFICATE_D (0x73|SSL_ST_ACCEPT)
-#define SSL2_ST_SERVER_START_ENCRYPTION (0x80|SSL_ST_ACCEPT)
-#define SSL2_ST_X509_GET_SERVER_CERTIFICATE (0x90|SSL_ST_ACCEPT)
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
diff --git a/crypto/openssl/ssl/ssl23.h b/crypto/openssl/ssl/ssl23.h
deleted file mode 100644
index d322898..0000000
--- a/crypto/openssl/ssl/ssl23.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/* ssl/ssl23.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_SSL23_H
-#define HEADER_SSL23_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*client */
-/* write to server */
-#define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT)
-#define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT)
-/* read from server */
-#define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT)
-#define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT)
-
-/* server */
-/* read from client */
-#define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
-#define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT)
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
diff --git a/crypto/openssl/ssl/ssl3.h b/crypto/openssl/ssl/ssl3.h
deleted file mode 100644
index bacaff1..0000000
--- a/crypto/openssl/ssl/ssl3.h
+++ /dev/null
@@ -1,555 +0,0 @@
-/* ssl/ssl3.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_SSL3_H
-#define HEADER_SSL3_H
-
-#ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
-#endif
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
-#include <openssl/pq_compat.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define SSL3_CK_RSA_NULL_MD5 0x03000001
-#define SSL3_CK_RSA_NULL_SHA 0x03000002
-#define SSL3_CK_RSA_RC4_40_MD5 0x03000003
-#define SSL3_CK_RSA_RC4_128_MD5 0x03000004
-#define SSL3_CK_RSA_RC4_128_SHA 0x03000005
-#define SSL3_CK_RSA_RC2_40_MD5 0x03000006
-#define SSL3_CK_RSA_IDEA_128_SHA 0x03000007
-#define SSL3_CK_RSA_DES_40_CBC_SHA 0x03000008
-#define SSL3_CK_RSA_DES_64_CBC_SHA 0x03000009
-#define SSL3_CK_RSA_DES_192_CBC3_SHA 0x0300000A
-
-#define SSL3_CK_DH_DSS_DES_40_CBC_SHA 0x0300000B
-#define SSL3_CK_DH_DSS_DES_64_CBC_SHA 0x0300000C
-#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA 0x0300000D
-#define SSL3_CK_DH_RSA_DES_40_CBC_SHA 0x0300000E
-#define SSL3_CK_DH_RSA_DES_64_CBC_SHA 0x0300000F
-#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA 0x03000010
-
-#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA 0x03000011
-#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA 0x03000012
-#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA 0x03000013
-#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA 0x03000014
-#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA 0x03000015
-#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA 0x03000016
-
-#define SSL3_CK_ADH_RC4_40_MD5 0x03000017
-#define SSL3_CK_ADH_RC4_128_MD5 0x03000018
-#define SSL3_CK_ADH_DES_40_CBC_SHA 0x03000019
-#define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A
-#define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B
-
-#define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C
-#define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D
-#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
- to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
- of the ietf-tls list */
-#define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E
-#endif
-
-/* VRS Additional Kerberos5 entries
- */
-#define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E
-#define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F
-#define SSL3_CK_KRB5_RC4_128_SHA 0x03000020
-#define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021
-#define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022
-#define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023
-#define SSL3_CK_KRB5_RC4_128_MD5 0x03000024
-#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025
-
-#define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026
-#define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027
-#define SSL3_CK_KRB5_RC4_40_SHA 0x03000028
-#define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029
-#define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A
-#define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B
-
-#define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5"
-#define SSL3_TXT_RSA_NULL_SHA "NULL-SHA"
-#define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5"
-#define SSL3_TXT_RSA_RC4_128_MD5 "RC4-MD5"
-#define SSL3_TXT_RSA_RC4_128_SHA "RC4-SHA"
-#define SSL3_TXT_RSA_RC2_40_MD5 "EXP-RC2-CBC-MD5"
-#define SSL3_TXT_RSA_IDEA_128_SHA "IDEA-CBC-SHA"
-#define SSL3_TXT_RSA_DES_40_CBC_SHA "EXP-DES-CBC-SHA"
-#define SSL3_TXT_RSA_DES_64_CBC_SHA "DES-CBC-SHA"
-#define SSL3_TXT_RSA_DES_192_CBC3_SHA "DES-CBC3-SHA"
-
-#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA "EXP-DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA "DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA "DH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA "EXP-DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA "DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA "DH-RSA-DES-CBC3-SHA"
-
-#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA "EXP-EDH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA "EDH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA "EDH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA "EXP-EDH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA "EDH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA "EDH-RSA-DES-CBC3-SHA"
-
-#define SSL3_TXT_ADH_RC4_40_MD5 "EXP-ADH-RC4-MD5"
-#define SSL3_TXT_ADH_RC4_128_MD5 "ADH-RC4-MD5"
-#define SSL3_TXT_ADH_DES_40_CBC_SHA "EXP-ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA"
-
-#define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA"
-#define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA"
-#define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA"
-
-#define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA"
-#define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5"
-#define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5"
-
-#define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA"
-#define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5"
-#define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5"
-
-#define SSL3_SSL_SESSION_ID_LENGTH 32
-#define SSL3_MAX_SSL_SESSION_ID_LENGTH 32
-
-#define SSL3_MASTER_SECRET_SIZE 48
-#define SSL3_RANDOM_SIZE 32
-#define SSL3_SESSION_ID_SIZE 32
-#define SSL3_RT_HEADER_LENGTH 5
-
-/* Due to MS stuffing up, this can change.... */
-#if defined(OPENSSL_SYS_WIN16) || \
- (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
-#define SSL3_RT_MAX_EXTRA (14000)
-#else
-#define SSL3_RT_MAX_EXTRA (16384)
-#endif
-
-#define SSL3_RT_MAX_PLAIN_LENGTH 16384
-#ifdef OPENSSL_NO_COMP
-#define SSL3_RT_MAX_COMPRESSED_LENGTH SSL3_RT_MAX_PLAIN_LENGTH
-#else
-#define SSL3_RT_MAX_COMPRESSED_LENGTH (1024+SSL3_RT_MAX_PLAIN_LENGTH)
-#endif
-#define SSL3_RT_MAX_ENCRYPTED_LENGTH (1024+SSL3_RT_MAX_COMPRESSED_LENGTH)
-#define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
-#define SSL3_RT_MAX_DATA_SIZE (1024*1024)
-
-#define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
-#define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
-
-#define SSL3_VERSION 0x0300
-#define SSL3_VERSION_MAJOR 0x03
-#define SSL3_VERSION_MINOR 0x00
-
-#define SSL3_RT_CHANGE_CIPHER_SPEC 20
-#define SSL3_RT_ALERT 21
-#define SSL3_RT_HANDSHAKE 22
-#define SSL3_RT_APPLICATION_DATA 23
-
-#define SSL3_AL_WARNING 1
-#define SSL3_AL_FATAL 2
-
-#define SSL3_AD_CLOSE_NOTIFY 0
-#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
-#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
-#define SSL3_AD_DECOMPRESSION_FAILURE 30 /* fatal */
-#define SSL3_AD_HANDSHAKE_FAILURE 40 /* fatal */
-#define SSL3_AD_NO_CERTIFICATE 41
-#define SSL3_AD_BAD_CERTIFICATE 42
-#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
-#define SSL3_AD_CERTIFICATE_REVOKED 44
-#define SSL3_AD_CERTIFICATE_EXPIRED 45
-#define SSL3_AD_CERTIFICATE_UNKNOWN 46
-#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
-
-typedef struct ssl3_record_st
- {
-/*r */ int type; /* type of record */
-/*rw*/ unsigned int length; /* How many bytes available */
-/*r */ unsigned int off; /* read/write offset into 'buf' */
-/*rw*/ unsigned char *data; /* pointer to the record data */
-/*rw*/ unsigned char *input; /* where the decode bytes are */
-/*r */ unsigned char *comp; /* only used with decompression - malloc()ed */
-/*r */ unsigned long epoch; /* epoch number, needed by DTLS1 */
-/*r */ PQ_64BIT seq_num; /* sequence number, needed by DTLS1 */
- } SSL3_RECORD;
-
-typedef struct ssl3_buffer_st
- {
- unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
- * see ssl3_setup_buffers() */
- size_t len; /* buffer size */
- int offset; /* where to 'copy from' */
- int left; /* how many bytes left */
- } SSL3_BUFFER;
-
-#define SSL3_CT_RSA_SIGN 1
-#define SSL3_CT_DSS_SIGN 2
-#define SSL3_CT_RSA_FIXED_DH 3
-#define SSL3_CT_DSS_FIXED_DH 4
-#define SSL3_CT_RSA_EPHEMERAL_DH 5
-#define SSL3_CT_DSS_EPHEMERAL_DH 6
-#define SSL3_CT_FORTEZZA_DMS 20
-/* SSL3_CT_NUMBER is used to size arrays and it must be large
- * enough to contain all of the cert types defined either for
- * SSLv3 and TLSv1.
- */
-#define SSL3_CT_NUMBER 7
-
-
-#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001
-#define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002
-#define SSL3_FLAGS_POP_BUFFER 0x0004
-#define TLS1_FLAGS_TLS_PADDING_BUG 0x0008
-
-typedef struct ssl3_state_st
- {
- long flags;
- int delay_buf_pop_ret;
-
- unsigned char read_sequence[8];
- unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
- unsigned char write_sequence[8];
- unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
-
- unsigned char server_random[SSL3_RANDOM_SIZE];
- unsigned char client_random[SSL3_RANDOM_SIZE];
-
- /* flags for countermeasure against known-IV weakness */
- int need_empty_fragments;
- int empty_fragment_done;
-
- SSL3_BUFFER rbuf; /* read IO goes into here */
- SSL3_BUFFER wbuf; /* write IO goes into here */
-
- SSL3_RECORD rrec; /* each decoded record goes in here */
- SSL3_RECORD wrec; /* goes out from here */
-
- /* storage for Alert/Handshake protocol data received but not
- * yet processed by ssl3_read_bytes: */
- unsigned char alert_fragment[2];
- unsigned int alert_fragment_len;
- unsigned char handshake_fragment[4];
- unsigned int handshake_fragment_len;
-
- /* partial write - check the numbers match */
- unsigned int wnum; /* number of bytes sent so far */
- int wpend_tot; /* number bytes written */
- int wpend_type;
- int wpend_ret; /* number of bytes submitted */
- const unsigned char *wpend_buf;
-
- /* used during startup, digest all incoming/outgoing packets */
- EVP_MD_CTX finish_dgst1;
- EVP_MD_CTX finish_dgst2;
-
- /* this is set whenerver we see a change_cipher_spec message
- * come in when we are not looking for one */
- int change_cipher_spec;
-
- int warn_alert;
- int fatal_alert;
- /* we allow one fatal and one warning alert to be outstanding,
- * send close alert via the warning alert */
- int alert_dispatch;
- unsigned char send_alert[2];
-
- /* This flag is set when we should renegotiate ASAP, basically when
- * there is no more data in the read or write buffers */
- int renegotiate;
- int total_renegotiations;
- int num_renegotiations;
-
- int in_read_app_data;
-
- struct {
- /* actually only needs to be 16+20 */
- unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
-
- /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
- unsigned char finish_md[EVP_MAX_MD_SIZE*2];
- int finish_md_len;
- unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
- int peer_finish_md_len;
-
- unsigned long message_size;
- int message_type;
-
- /* used to hold the new cipher we are going to use */
- SSL_CIPHER *new_cipher;
-#ifndef OPENSSL_NO_DH
- DH *dh;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *ecdh; /* holds short lived ECDH key */
-#endif
-
- /* used when SSL_ST_FLUSH_DATA is entered */
- int next_state;
-
- int reuse_message;
-
- /* used for certificate requests */
- int cert_req;
- int ctype_num;
- char ctype[SSL3_CT_NUMBER];
- STACK_OF(X509_NAME) *ca_names;
-
- int use_rsa_tmp;
-
- int key_block_length;
- unsigned char *key_block;
-
- const EVP_CIPHER *new_sym_enc;
- const EVP_MD *new_hash;
-#ifndef OPENSSL_NO_COMP
- const SSL_COMP *new_compression;
-#else
- char *new_compression;
-#endif
- int cert_request;
- } tmp;
-
- } SSL3_STATE;
-
-
-/* SSLv3 */
-/*client */
-/* extra state */
-#define SSL3_ST_CW_FLUSH (0x100|SSL_ST_CONNECT)
-/* write to server */
-#define SSL3_ST_CW_CLNT_HELLO_A (0x110|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CLNT_HELLO_B (0x111|SSL_ST_CONNECT)
-/* read from server */
-#define SSL3_ST_CR_SRVR_HELLO_A (0x120|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_HELLO_B (0x121|SSL_ST_CONNECT)
-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A (0x126|SSL_ST_CONNECT)
-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B (0x127|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_A (0x130|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_B (0x131|SSL_ST_CONNECT)
-#define SSL3_ST_CR_KEY_EXCH_A (0x140|SSL_ST_CONNECT)
-#define SSL3_ST_CR_KEY_EXCH_B (0x141|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_A (0x150|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_B (0x151|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_A (0x160|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_B (0x161|SSL_ST_CONNECT)
-/* write to server */
-#define SSL3_ST_CW_CERT_A (0x170|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_B (0x171|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_C (0x172|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_D (0x173|SSL_ST_CONNECT)
-#define SSL3_ST_CW_KEY_EXCH_A (0x180|SSL_ST_CONNECT)
-#define SSL3_ST_CW_KEY_EXCH_B (0x181|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_VRFY_A (0x190|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_VRFY_B (0x191|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANGE_A (0x1A0|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANGE_B (0x1A1|SSL_ST_CONNECT)
-#define SSL3_ST_CW_FINISHED_A (0x1B0|SSL_ST_CONNECT)
-#define SSL3_ST_CW_FINISHED_B (0x1B1|SSL_ST_CONNECT)
-/* read from server */
-#define SSL3_ST_CR_CHANGE_A (0x1C0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CHANGE_B (0x1C1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_A (0x1D0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_B (0x1D1|SSL_ST_CONNECT)
-
-/* server */
-/* extra state */
-#define SSL3_ST_SW_FLUSH (0x100|SSL_ST_ACCEPT)
-/* read from client */
-/* Do not change the number values, they do matter */
-#define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_B (0x111|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_C (0x112|SSL_ST_ACCEPT)
-/* write to client */
-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A (0x113|SSL_ST_ACCEPT)
-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B (0x114|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_A (0x120|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_B (0x121|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_C (0x122|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_HELLO_A (0x130|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_HELLO_B (0x131|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_A (0x140|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_B (0x141|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_KEY_EXCH_A (0x150|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_KEY_EXCH_B (0x151|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_REQ_A (0x160|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_REQ_B (0x161|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_DONE_A (0x170|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_DONE_B (0x171|SSL_ST_ACCEPT)
-/* read from client */
-#define SSL3_ST_SR_CERT_A (0x180|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_B (0x181|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_A (0x190|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_B (0x191|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_A (0x1A0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_B (0x1A1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_A (0x1B0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_B (0x1B1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_A (0x1C0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_B (0x1C1|SSL_ST_ACCEPT)
-/* write to client */
-#define SSL3_ST_SW_CHANGE_A (0x1D0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CHANGE_B (0x1D1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT)
-
-#define SSL3_MT_HELLO_REQUEST 0
-#define SSL3_MT_CLIENT_HELLO 1
-#define SSL3_MT_SERVER_HELLO 2
-#define SSL3_MT_CERTIFICATE 11
-#define SSL3_MT_SERVER_KEY_EXCHANGE 12
-#define SSL3_MT_CERTIFICATE_REQUEST 13
-#define SSL3_MT_SERVER_DONE 14
-#define SSL3_MT_CERTIFICATE_VERIFY 15
-#define SSL3_MT_CLIENT_KEY_EXCHANGE 16
-#define SSL3_MT_FINISHED 20
-#define DTLS1_MT_HELLO_VERIFY_REQUEST 3
-
-
-#define SSL3_MT_CCS 1
-
-/* These are used when changing over to a new cipher */
-#define SSL3_CC_READ 0x01
-#define SSL3_CC_WRITE 0x02
-#define SSL3_CC_CLIENT 0x10
-#define SSL3_CC_SERVER 0x20
-#define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
-#define SSL3_CHANGE_CIPHER_SERVER_READ (SSL3_CC_SERVER|SSL3_CC_READ)
-#define SSL3_CHANGE_CIPHER_CLIENT_READ (SSL3_CC_CLIENT|SSL3_CC_READ)
-#define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
diff --git a/crypto/openssl/ssl/ssl_algs.c b/crypto/openssl/ssl/ssl_algs.c
deleted file mode 100644
index 3d93c5a..0000000
--- a/crypto/openssl/ssl/ssl_algs.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/* ssl/ssl_algs.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/lhash.h>
-#include "ssl_locl.h"
-
-int SSL_library_init(void)
- {
-
-#ifndef OPENSSL_NO_DES
- EVP_add_cipher(EVP_des_cbc());
- EVP_add_cipher(EVP_des_ede3_cbc());
-#endif
-#ifndef OPENSSL_NO_IDEA
- EVP_add_cipher(EVP_idea_cbc());
-#endif
-#ifndef OPENSSL_NO_RC4
- EVP_add_cipher(EVP_rc4());
-#endif
-#ifndef OPENSSL_NO_RC2
- EVP_add_cipher(EVP_rc2_cbc());
-#endif
-#ifndef OPENSSL_NO_AES
- EVP_add_cipher(EVP_aes_128_cbc());
- EVP_add_cipher(EVP_aes_192_cbc());
- EVP_add_cipher(EVP_aes_256_cbc());
-#endif
-
-
-/* The Camellia algorithm is registered in the management table of EVP. */
-#ifndef OPENSSL_NO_CAMELLIA
- EVP_add_cipher(EVP_camellia_128_cbc());
- EVP_add_cipher(EVP_camellia_256_cbc());
-#endif
-
-
-#ifndef OPENSSL_NO_MD2
- EVP_add_digest(EVP_md2());
-#endif
-#ifndef OPENSSL_NO_MD5
- EVP_add_digest(EVP_md5());
- EVP_add_digest_alias(SN_md5,"ssl2-md5");
- EVP_add_digest_alias(SN_md5,"ssl3-md5");
-#endif
-#ifndef OPENSSL_NO_SHA
- EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
- EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
- EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
-#endif
-#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
- EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
- EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
- EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
- EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
-#endif
-#ifndef OPENSSL_NO_ECDSA
- EVP_add_digest(EVP_ecdsa());
-#endif
- /* If you want support for phased out ciphers, add the following */
-#if 0
- EVP_add_digest(EVP_sha());
- EVP_add_digest(EVP_dss());
-#endif
-#ifndef OPENSSL_NO_COMP
- /* This will initialise the built-in compression algorithms.
- The value returned is a STACK_OF(SSL_COMP), but that can
- be discarded safely */
- (void)SSL_COMP_get_compression_methods();
-#endif
- /* initialize cipher/digest methods table */
- ssl_load_ciphers();
- return(1);
- }
-
diff --git a/crypto/openssl/ssl/ssl_asn1.c b/crypto/openssl/ssl/ssl_asn1.c
deleted file mode 100644
index d129acc..0000000
--- a/crypto/openssl/ssl/ssl_asn1.c
+++ /dev/null
@@ -1,398 +0,0 @@
-/* ssl/ssl_asn1.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include "ssl_locl.h"
-#include <openssl/asn1_mac.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-typedef struct ssl_session_asn1_st
- {
- ASN1_INTEGER version;
- ASN1_INTEGER ssl_version;
- ASN1_OCTET_STRING cipher;
- ASN1_OCTET_STRING master_key;
- ASN1_OCTET_STRING session_id;
- ASN1_OCTET_STRING session_id_context;
- ASN1_OCTET_STRING key_arg;
-#ifndef OPENSSL_NO_KRB5
- ASN1_OCTET_STRING krb5_princ;
-#endif /* OPENSSL_NO_KRB5 */
- ASN1_INTEGER time;
- ASN1_INTEGER timeout;
- ASN1_INTEGER verify_result;
- } SSL_SESSION_ASN1;
-
-int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
- {
-#define LSIZE2 (sizeof(long)*2)
- int v1=0,v2=0,v3=0,v4=0,v5=0;
- unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
- unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
- long l;
- SSL_SESSION_ASN1 a;
- M_ASN1_I2D_vars(in);
-
- if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
- return(0);
-
- /* Note that I cheat in the following 2 assignments. I know
- * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
- * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
- * This is a bit evil but makes things simple, no dynamic allocation
- * to clean up :-) */
- a.version.length=LSIZE2;
- a.version.type=V_ASN1_INTEGER;
- a.version.data=ibuf1;
- ASN1_INTEGER_set(&(a.version),SSL_SESSION_ASN1_VERSION);
-
- a.ssl_version.length=LSIZE2;
- a.ssl_version.type=V_ASN1_INTEGER;
- a.ssl_version.data=ibuf2;
- ASN1_INTEGER_set(&(a.ssl_version),in->ssl_version);
-
- a.cipher.type=V_ASN1_OCTET_STRING;
- a.cipher.data=buf;
-
- if (in->cipher == NULL)
- l=in->cipher_id;
- else
- l=in->cipher->id;
- if (in->ssl_version == SSL2_VERSION)
- {
- a.cipher.length=3;
- buf[0]=((unsigned char)(l>>16L))&0xff;
- buf[1]=((unsigned char)(l>> 8L))&0xff;
- buf[2]=((unsigned char)(l ))&0xff;
- }
- else
- {
- a.cipher.length=2;
- buf[0]=((unsigned char)(l>>8L))&0xff;
- buf[1]=((unsigned char)(l ))&0xff;
- }
-
- a.master_key.length=in->master_key_length;
- a.master_key.type=V_ASN1_OCTET_STRING;
- a.master_key.data=in->master_key;
-
- a.session_id.length=in->session_id_length;
- a.session_id.type=V_ASN1_OCTET_STRING;
- a.session_id.data=in->session_id;
-
- a.session_id_context.length=in->sid_ctx_length;
- a.session_id_context.type=V_ASN1_OCTET_STRING;
- a.session_id_context.data=in->sid_ctx;
-
- a.key_arg.length=in->key_arg_length;
- a.key_arg.type=V_ASN1_OCTET_STRING;
- a.key_arg.data=in->key_arg;
-
-#ifndef OPENSSL_NO_KRB5
- if (in->krb5_client_princ_len)
- {
- a.krb5_princ.length=in->krb5_client_princ_len;
- a.krb5_princ.type=V_ASN1_OCTET_STRING;
- a.krb5_princ.data=in->krb5_client_princ;
- }
-#endif /* OPENSSL_NO_KRB5 */
-
- if (in->time != 0L)
- {
- a.time.length=LSIZE2;
- a.time.type=V_ASN1_INTEGER;
- a.time.data=ibuf3;
- ASN1_INTEGER_set(&(a.time),in->time);
- }
-
- if (in->timeout != 0L)
- {
- a.timeout.length=LSIZE2;
- a.timeout.type=V_ASN1_INTEGER;
- a.timeout.data=ibuf4;
- ASN1_INTEGER_set(&(a.timeout),in->timeout);
- }
-
- if (in->verify_result != X509_V_OK)
- {
- a.verify_result.length=LSIZE2;
- a.verify_result.type=V_ASN1_INTEGER;
- a.verify_result.data=ibuf5;
- ASN1_INTEGER_set(&a.verify_result,in->verify_result);
- }
-
-
- M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER);
- M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER);
- M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING);
- M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING);
- M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING);
-#ifndef OPENSSL_NO_KRB5
- if (in->krb5_client_princ_len)
- M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
-#endif /* OPENSSL_NO_KRB5 */
- if (in->key_arg_length > 0)
- M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
- if (in->time != 0L)
- M_ASN1_I2D_len_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
- if (in->timeout != 0L)
- M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
- if (in->peer != NULL)
- M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
- M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
- if (in->verify_result != X509_V_OK)
- M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
-
- M_ASN1_I2D_seq_total();
-
- M_ASN1_I2D_put(&(a.version), i2d_ASN1_INTEGER);
- M_ASN1_I2D_put(&(a.ssl_version), i2d_ASN1_INTEGER);
- M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING);
- M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING);
- M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING);
-#ifndef OPENSSL_NO_KRB5
- if (in->krb5_client_princ_len)
- M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING);
-#endif /* OPENSSL_NO_KRB5 */
- if (in->key_arg_length > 0)
- M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
- if (in->time != 0L)
- M_ASN1_I2D_put_EXP_opt(&(a.time),i2d_ASN1_INTEGER,1,v1);
- if (in->timeout != 0L)
- M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
- if (in->peer != NULL)
- M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
- M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
- v4);
- if (in->verify_result != X509_V_OK)
- M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
- M_ASN1_I2D_finish();
- }
-
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
- long length)
- {
- int version,ssl_version=0,i;
- long id;
- ASN1_INTEGER ai,*aip;
- ASN1_OCTET_STRING os,*osp;
- M_ASN1_D2I_vars(a,SSL_SESSION *,SSL_SESSION_new);
-
- aip= &ai;
- osp= &os;
-
- M_ASN1_D2I_Init();
- M_ASN1_D2I_start_sequence();
-
- ai.data=NULL; ai.length=0;
- M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
- version=(int)ASN1_INTEGER_get(aip);
- if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
-
- /* we don't care about the version right now :-) */
- M_ASN1_D2I_get_x(ASN1_INTEGER,aip,d2i_ASN1_INTEGER);
- ssl_version=(int)ASN1_INTEGER_get(aip);
- ret->ssl_version=ssl_version;
- if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
-
- os.data=NULL; os.length=0;
- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
- if (ssl_version == SSL2_VERSION)
- {
- if (os.length != 3)
- {
- c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
- goto err;
- }
- id=0x02000000L|
- ((unsigned long)os.data[0]<<16L)|
- ((unsigned long)os.data[1]<< 8L)|
- (unsigned long)os.data[2];
- }
- else if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
- {
- if (os.length != 2)
- {
- c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
- goto err;
- }
- id=0x03000000L|
- ((unsigned long)os.data[0]<<8L)|
- (unsigned long)os.data[1];
- }
- else
- {
- SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNKNOWN_SSL_VERSION);
- return(NULL);
- }
-
- ret->cipher=NULL;
- ret->cipher_id=id;
-
- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
- if ((ssl_version>>8) == SSL3_VERSION_MAJOR)
- i=SSL3_MAX_SSL_SESSION_ID_LENGTH;
- else /* if (ssl_version>>8 == SSL2_VERSION_MAJOR) */
- i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
-
- if (os.length > i)
- os.length = i;
- if (os.length > (int)sizeof(ret->session_id)) /* can't happen */
- os.length = sizeof(ret->session_id);
-
- ret->session_id_length=os.length;
- OPENSSL_assert(os.length <= (int)sizeof(ret->session_id));
- memcpy(ret->session_id,os.data,os.length);
-
- M_ASN1_D2I_get_x(ASN1_OCTET_STRING,osp,d2i_ASN1_OCTET_STRING);
- if (ret->master_key_length > SSL_MAX_MASTER_KEY_LENGTH)
- ret->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
- else
- ret->master_key_length=os.length;
- memcpy(ret->master_key,os.data,ret->master_key_length);
-
- os.length=0;
-
-#ifndef OPENSSL_NO_KRB5
- os.length=0;
- M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
- if (os.data)
- {
- if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
- ret->krb5_client_princ_len=0;
- else
- ret->krb5_client_princ_len=os.length;
- memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
- OPENSSL_free(os.data);
- os.data = NULL;
- os.length = 0;
- }
- else
- ret->krb5_client_princ_len=0;
-#endif /* OPENSSL_NO_KRB5 */
-
- M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
- if (os.length > SSL_MAX_KEY_ARG_LENGTH)
- ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
- else
- ret->key_arg_length=os.length;
- memcpy(ret->key_arg,os.data,ret->key_arg_length);
- if (os.data != NULL) OPENSSL_free(os.data);
-
- ai.length=0;
- M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
- if (ai.data != NULL)
- {
- ret->time=ASN1_INTEGER_get(aip);
- OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
- }
- else
- ret->time=(unsigned long)time(NULL);
-
- ai.length=0;
- M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,2);
- if (ai.data != NULL)
- {
- ret->timeout=ASN1_INTEGER_get(aip);
- OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
- }
- else
- ret->timeout=3;
-
- if (ret->peer != NULL)
- {
- X509_free(ret->peer);
- ret->peer=NULL;
- }
- M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
-
- os.length=0;
- os.data=NULL;
- M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
-
- if(os.data != NULL)
- {
- if (os.length > SSL_MAX_SID_CTX_LENGTH)
- {
- ret->sid_ctx_length=os.length;
- SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
- }
- else
- {
- ret->sid_ctx_length=os.length;
- memcpy(ret->sid_ctx,os.data,os.length);
- }
- OPENSSL_free(os.data); os.data=NULL; os.length=0;
- }
- else
- ret->sid_ctx_length=0;
-
- ai.length=0;
- M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
- if (ai.data != NULL)
- {
- ret->verify_result=ASN1_INTEGER_get(aip);
- OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
- }
- else
- ret->verify_result=X509_V_OK;
-
- M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
- }
diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c
deleted file mode 100644
index fb08009..0000000
--- a/crypto/openssl/ssl/ssl_cert.c
+++ /dev/null
@@ -1,829 +0,0 @@
-/*! \file ssl/ssl_cert.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <stdio.h>
-
-#include "e_os.h"
-#ifndef NO_SYS_TYPES_H
-# include <sys/types.h>
-#endif
-
-#include "o_dir.h"
-#include <openssl/objects.h>
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-#include "ssl_locl.h"
-
-int SSL_get_ex_data_X509_STORE_CTX_idx(void)
- {
- static volatile int ssl_x509_store_ctx_idx= -1;
- int got_write_lock = 0;
-
- CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-
- if (ssl_x509_store_ctx_idx < 0)
- {
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- got_write_lock = 1;
-
- if (ssl_x509_store_ctx_idx < 0)
- {
- ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
- 0,"SSL for verify callback",NULL,NULL,NULL);
- }
- }
-
- if (got_write_lock)
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- else
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-
- return ssl_x509_store_ctx_idx;
- }
-
-CERT *ssl_cert_new(void)
- {
- CERT *ret;
-
- ret=(CERT *)OPENSSL_malloc(sizeof(CERT));
- if (ret == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
- memset(ret,0,sizeof(CERT));
-
- ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
- ret->references=1;
-
- return(ret);
- }
-
-CERT *ssl_cert_dup(CERT *cert)
- {
- CERT *ret;
- int i;
-
- ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
- if (ret == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-
- memset(ret, 0, sizeof(CERT));
-
- ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
- /* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
- * if you find that more readable */
-
- ret->valid = cert->valid;
- ret->mask = cert->mask;
- ret->export_mask = cert->export_mask;
-
-#ifndef OPENSSL_NO_RSA
- if (cert->rsa_tmp != NULL)
- {
- RSA_up_ref(cert->rsa_tmp);
- ret->rsa_tmp = cert->rsa_tmp;
- }
- ret->rsa_tmp_cb = cert->rsa_tmp_cb;
-#endif
-
-#ifndef OPENSSL_NO_DH
- if (cert->dh_tmp != NULL)
- {
- ret->dh_tmp = DHparams_dup(cert->dh_tmp);
- if (ret->dh_tmp == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
- goto err;
- }
- if (cert->dh_tmp->priv_key)
- {
- BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
- if (!b)
- {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
- goto err;
- }
- ret->dh_tmp->priv_key = b;
- }
- if (cert->dh_tmp->pub_key)
- {
- BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
- if (!b)
- {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
- goto err;
- }
- ret->dh_tmp->pub_key = b;
- }
- }
- ret->dh_tmp_cb = cert->dh_tmp_cb;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- if (cert->ecdh_tmp)
- {
- ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp);
- if (ret->ecdh_tmp == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_EC_LIB);
- goto err;
- }
- }
- ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
-#endif
-
- for (i = 0; i < SSL_PKEY_NUM; i++)
- {
- if (cert->pkeys[i].x509 != NULL)
- {
- ret->pkeys[i].x509 = cert->pkeys[i].x509;
- CRYPTO_add(&ret->pkeys[i].x509->references, 1,
- CRYPTO_LOCK_X509);
- }
-
- if (cert->pkeys[i].privatekey != NULL)
- {
- ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
- CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
- CRYPTO_LOCK_EVP_PKEY);
-
- switch(i)
- {
- /* If there was anything special to do for
- * certain types of keys, we'd do it here.
- * (Nothing at the moment, I think.) */
-
- case SSL_PKEY_RSA_ENC:
- case SSL_PKEY_RSA_SIGN:
- /* We have an RSA key. */
- break;
-
- case SSL_PKEY_DSA_SIGN:
- /* We have a DSA key. */
- break;
-
- case SSL_PKEY_DH_RSA:
- case SSL_PKEY_DH_DSA:
- /* We have a DH key. */
- break;
-
- case SSL_PKEY_ECC:
- /* We have an ECC key */
- break;
-
- default:
- /* Can't happen. */
- SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
- }
- }
- }
-
- /* ret->extra_certs *should* exist, but currently the own certificate
- * chain is held inside SSL_CTX */
-
- ret->references=1;
-
- return(ret);
-
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_ECDH)
-err:
-#endif
-#ifndef OPENSSL_NO_RSA
- if (ret->rsa_tmp != NULL)
- RSA_free(ret->rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
- if (ret->dh_tmp != NULL)
- DH_free(ret->dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (ret->ecdh_tmp != NULL)
- EC_KEY_free(ret->ecdh_tmp);
-#endif
-
- for (i = 0; i < SSL_PKEY_NUM; i++)
- {
- if (ret->pkeys[i].x509 != NULL)
- X509_free(ret->pkeys[i].x509);
- if (ret->pkeys[i].privatekey != NULL)
- EVP_PKEY_free(ret->pkeys[i].privatekey);
- }
-
- return NULL;
- }
-
-
-void ssl_cert_free(CERT *c)
- {
- int i;
-
- if(c == NULL)
- return;
-
- i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
-#ifdef REF_PRINT
- REF_PRINT("CERT",c);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"ssl_cert_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
-#ifndef OPENSSL_NO_RSA
- if (c->rsa_tmp) RSA_free(c->rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
- if (c->dh_tmp) DH_free(c->dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
-#endif
-
- for (i=0; i<SSL_PKEY_NUM; i++)
- {
- if (c->pkeys[i].x509 != NULL)
- X509_free(c->pkeys[i].x509);
- if (c->pkeys[i].privatekey != NULL)
- EVP_PKEY_free(c->pkeys[i].privatekey);
-#if 0
- if (c->pkeys[i].publickey != NULL)
- EVP_PKEY_free(c->pkeys[i].publickey);
-#endif
- }
- OPENSSL_free(c);
- }
-
-int ssl_cert_inst(CERT **o)
- {
- /* Create a CERT if there isn't already one
- * (which cannot really happen, as it is initially created in
- * SSL_CTX_new; but the earlier code usually allows for that one
- * being non-existant, so we follow that behaviour, as it might
- * turn out that there actually is a reason for it -- but I'm
- * not sure that *all* of the existing code could cope with
- * s->cert being NULL, otherwise we could do without the
- * initialization in SSL_CTX_new).
- */
-
- if (o == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (*o == NULL)
- {
- if ((*o = ssl_cert_new()) == NULL)
- {
- SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
- return(0);
- }
- }
- return(1);
- }
-
-
-SESS_CERT *ssl_sess_cert_new(void)
- {
- SESS_CERT *ret;
-
- ret = OPENSSL_malloc(sizeof *ret);
- if (ret == NULL)
- {
- SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- memset(ret, 0 ,sizeof *ret);
- ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
- ret->references = 1;
-
- return ret;
- }
-
-void ssl_sess_cert_free(SESS_CERT *sc)
- {
- int i;
-
- if (sc == NULL)
- return;
-
- i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
-#ifdef REF_PRINT
- REF_PRINT("SESS_CERT", sc);
-#endif
- if (i > 0)
- return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
- /* i == 0 */
- if (sc->cert_chain != NULL)
- sk_X509_pop_free(sc->cert_chain, X509_free);
- for (i = 0; i < SSL_PKEY_NUM; i++)
- {
- if (sc->peer_pkeys[i].x509 != NULL)
- X509_free(sc->peer_pkeys[i].x509);
-#if 0 /* We don't have the peer's private key. These lines are just
- * here as a reminder that we're still using a not-quite-appropriate
- * data structure. */
- if (sc->peer_pkeys[i].privatekey != NULL)
- EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
-#endif
- }
-
-#ifndef OPENSSL_NO_RSA
- if (sc->peer_rsa_tmp != NULL)
- RSA_free(sc->peer_rsa_tmp);
-#endif
-#ifndef OPENSSL_NO_DH
- if (sc->peer_dh_tmp != NULL)
- DH_free(sc->peer_dh_tmp);
-#endif
-#ifndef OPENSSL_NO_ECDH
- if (sc->peer_ecdh_tmp != NULL)
- EC_KEY_free(sc->peer_ecdh_tmp);
-#endif
-
- OPENSSL_free(sc);
- }
-
-int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
- {
- sc->peer_cert_type = type;
- return(1);
- }
-
-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
- {
- X509 *x;
- int i;
- X509_STORE_CTX ctx;
-
- if ((sk == NULL) || (sk_X509_num(sk) == 0))
- return(0);
-
- x=sk_X509_value(sk,0);
- if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
- {
- SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
- return(0);
- }
- if (s->param)
- X509_VERIFY_PARAM_inherit(X509_STORE_CTX_get0_param(&ctx),
- s->param);
-#if 0
- if (SSL_get_verify_depth(s) >= 0)
- X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
-#endif
- X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
-
- /* We need to inherit the verify parameters. These can be determined by
- * the context: if its a server it will verify SSL client certificates
- * or vice versa.
- */
-
- X509_STORE_CTX_set_default(&ctx,
- s->server ? "ssl_client" : "ssl_server");
-
- if (s->verify_callback)
- X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
-
- if (s->ctx->app_verify_callback != NULL)
-#if 1 /* new with OpenSSL 0.9.7 */
- i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg);
-#else
- i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
-#endif
- else
- {
-#ifndef OPENSSL_NO_X509_VERIFY
- i=X509_verify_cert(&ctx);
-#else
- i=0;
- ctx.error=X509_V_ERR_APPLICATION_VERIFICATION;
- SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK);
-#endif
- }
-
- s->verify_result=ctx.error;
- X509_STORE_CTX_cleanup(&ctx);
-
- return(i);
- }
-
-static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *name_list)
- {
- if (*ca_list != NULL)
- sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
-
- *ca_list=name_list;
- }
-
-STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
- {
- int i;
- STACK_OF(X509_NAME) *ret;
- X509_NAME *name;
-
- ret=sk_X509_NAME_new_null();
- for (i=0; i<sk_X509_NAME_num(sk); i++)
- {
- name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
- if ((name == NULL) || !sk_X509_NAME_push(ret,name))
- {
- sk_X509_NAME_pop_free(ret,X509_NAME_free);
- return(NULL);
- }
- }
- return(ret);
- }
-
-void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *name_list)
- {
- set_client_CA_list(&(s->client_CA),name_list);
- }
-
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *name_list)
- {
- set_client_CA_list(&(ctx->client_CA),name_list);
- }
-
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
- {
- return(ctx->client_CA);
- }
-
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
- {
- if (s->type == SSL_ST_CONNECT)
- { /* we are in the client */
- if (((s->version>>8) == SSL3_VERSION_MAJOR) &&
- (s->s3 != NULL))
- return(s->s3->tmp.ca_names);
- else
- return(NULL);
- }
- else
- {
- if (s->client_CA != NULL)
- return(s->client_CA);
- else
- return(s->ctx->client_CA);
- }
- }
-
-static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
- {
- X509_NAME *name;
-
- if (x == NULL) return(0);
- if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
- return(0);
-
- if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
- return(0);
-
- if (!sk_X509_NAME_push(*sk,name))
- {
- X509_NAME_free(name);
- return(0);
- }
- return(1);
- }
-
-int SSL_add_client_CA(SSL *ssl,X509 *x)
- {
- return(add_client_CA(&(ssl->client_CA),x));
- }
-
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
- {
- return(add_client_CA(&(ctx->client_CA),x));
- }
-
-static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
- {
- return(X509_NAME_cmp(*a,*b));
- }
-
-#ifndef OPENSSL_NO_STDIO
-/*!
- * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
- * it doesn't really have anything to do with clients (except that a common use
- * for a stack of CAs is to send it to the client). Actually, it doesn't have
- * much to do with CAs, either, since it will load any old cert.
- * \param file the file containing one or more certs.
- * \return a ::STACK containing the certs.
- */
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
- {
- BIO *in;
- X509 *x=NULL;
- X509_NAME *xn=NULL;
- STACK_OF(X509_NAME) *ret = NULL,*sk;
-
- sk=sk_X509_NAME_new(xname_cmp);
-
- in=BIO_new(BIO_s_file_internal());
-
- if ((sk == NULL) || (in == NULL))
- {
- SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!BIO_read_filename(in,file))
- goto err;
-
- for (;;)
- {
- if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
- break;
- if (ret == NULL)
- {
- ret = sk_X509_NAME_new_null();
- if (ret == NULL)
- {
- SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- if ((xn=X509_get_subject_name(x)) == NULL) goto err;
- /* check for duplicates */
- xn=X509_NAME_dup(xn);
- if (xn == NULL) goto err;
- if (sk_X509_NAME_find(sk,xn) >= 0)
- X509_NAME_free(xn);
- else
- {
- sk_X509_NAME_push(sk,xn);
- sk_X509_NAME_push(ret,xn);
- }
- }
-
- if (0)
- {
-err:
- if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
- ret=NULL;
- }
- if (sk != NULL) sk_X509_NAME_free(sk);
- if (in != NULL) BIO_free(in);
- if (x != NULL) X509_free(x);
- if (ret != NULL)
- ERR_clear_error();
- return(ret);
- }
-#endif
-
-/*!
- * Add a file of certs to a stack.
- * \param stack the stack to add to.
- * \param file the file to add from. All certs in this file that are not
- * already in the stack will be added.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
-int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
- const char *file)
- {
- BIO *in;
- X509 *x=NULL;
- X509_NAME *xn=NULL;
- int ret=1;
- int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
-
- oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
-
- in=BIO_new(BIO_s_file_internal());
-
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
- goto err;
- }
-
- if (!BIO_read_filename(in,file))
- goto err;
-
- for (;;)
- {
- if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
- break;
- if ((xn=X509_get_subject_name(x)) == NULL) goto err;
- xn=X509_NAME_dup(xn);
- if (xn == NULL) goto err;
- if (sk_X509_NAME_find(stack,xn) >= 0)
- X509_NAME_free(xn);
- else
- sk_X509_NAME_push(stack,xn);
- }
-
- if (0)
- {
-err:
- ret=0;
- }
- if(in != NULL)
- BIO_free(in);
- if(x != NULL)
- X509_free(x);
-
- sk_X509_NAME_set_cmp_func(stack,oldcmp);
-
- return ret;
- }
-
-/*!
- * Add a directory of certs to a stack.
- * \param stack the stack to append to.
- * \param dir the directory to append from. All files in this directory will be
- * examined as potential certs. Any that are acceptable to
- * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
- * included.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
-int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
- const char *dir)
- {
- OPENSSL_DIR_CTX *d = NULL;
- const char *filename;
- int ret = 0;
-
- CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
-
- /* Note that a side effect is that the CAs will be sorted by name */
-
- while((filename = OPENSSL_DIR_read(&d, dir)))
- {
- char buf[1024];
- int r;
-
- if(strlen(dir)+strlen(filename)+2 > sizeof buf)
- {
- SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
- goto err;
- }
-
-#ifdef OPENSSL_SYS_VMS
- r = BIO_snprintf(buf,sizeof buf,"%s%s",dir,filename);
-#else
- r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,filename);
-#endif
- if (r <= 0 || r >= (int)sizeof(buf))
- goto err;
- if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
- goto err;
- }
-
- if (errno)
- {
- SYSerr(SYS_F_OPENDIR, get_last_sys_error());
- ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");
- SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
- goto err;
- }
-
- ret = 1;
-
-err:
- if (d) OPENSSL_DIR_end(&d);
- CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
- return ret;
- }
-
diff --git a/crypto/openssl/ssl/ssl_ciph.c b/crypto/openssl/ssl/ssl_ciph.c
deleted file mode 100644
index 9bb770d..0000000
--- a/crypto/openssl/ssl/ssl_ciph.c
+++ /dev/null
@@ -1,1365 +0,0 @@
-/* ssl/ssl_ciph.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-#include <stdio.h>
-#include <openssl/objects.h>
-#include <openssl/comp.h>
-#include "ssl_locl.h"
-
-#define SSL_ENC_DES_IDX 0
-#define SSL_ENC_3DES_IDX 1
-#define SSL_ENC_RC4_IDX 2
-#define SSL_ENC_RC2_IDX 3
-#define SSL_ENC_IDEA_IDX 4
-#define SSL_ENC_eFZA_IDX 5
-#define SSL_ENC_NULL_IDX 6
-#define SSL_ENC_AES128_IDX 7
-#define SSL_ENC_AES256_IDX 8
-#define SSL_ENC_NUM_IDX 9
-#define SSL_ENC_CAMELLIA128_IDX 9
-#define SSL_ENC_CAMELLIA256_IDX 10
-#undef SSL_ENC_NUM_IDX
-#define SSL_ENC_NUM_IDX 11
-
-
-static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
- NULL,NULL,NULL,NULL,NULL,NULL,
- };
-
-#define SSL_COMP_NULL_IDX 0
-#define SSL_COMP_ZLIB_IDX 1
-#define SSL_COMP_NUM_IDX 2
-
-static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
-
-#define SSL_MD_MD5_IDX 0
-#define SSL_MD_SHA1_IDX 1
-#define SSL_MD_NUM_IDX 2
-static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
- NULL,NULL,
- };
-
-#define CIPHER_ADD 1
-#define CIPHER_KILL 2
-#define CIPHER_DEL 3
-#define CIPHER_ORD 4
-#define CIPHER_SPECIAL 5
-
-typedef struct cipher_order_st
- {
- SSL_CIPHER *cipher;
- int active;
- int dead;
- struct cipher_order_st *next,*prev;
- } CIPHER_ORDER;
-
-static const SSL_CIPHER cipher_aliases[]={
- /* Don't include eNULL unless specifically enabled. */
- /* Don't include ECC in ALL because these ciphers are not yet official. */
- {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
- /* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
- {0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, /* COMPLEMENT OF ALL */
- {0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */
- {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_ECC, 0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},
- {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
- {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */
- {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0},
- {0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0},
-
- {0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0},
-#ifndef OPENSSL_NO_IDEA
- {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0},
-#endif
- {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_CAMELLIA, 0,SSL_CAMELLIA, 0,0,0,0,SSL_ENC_MASK,0},
-
- {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0},
- {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0},
- {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0},
-
- {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0},
- {0,SSL_TXT_KRB5,0,SSL_KRB5, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
- {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
- {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
- {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
-
- {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},
- {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0},
- {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0},
-
- {0,SSL_TXT_EXP ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
- {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
- {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK},
- {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK},
- {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
- {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
- {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
- };
-
-void ssl_load_ciphers(void)
- {
- ssl_cipher_methods[SSL_ENC_DES_IDX]=
- EVP_get_cipherbyname(SN_des_cbc);
- ssl_cipher_methods[SSL_ENC_3DES_IDX]=
- EVP_get_cipherbyname(SN_des_ede3_cbc);
- ssl_cipher_methods[SSL_ENC_RC4_IDX]=
- EVP_get_cipherbyname(SN_rc4);
- ssl_cipher_methods[SSL_ENC_RC2_IDX]=
- EVP_get_cipherbyname(SN_rc2_cbc);
-#ifndef OPENSSL_NO_IDEA
- ssl_cipher_methods[SSL_ENC_IDEA_IDX]=
- EVP_get_cipherbyname(SN_idea_cbc);
-#else
- ssl_cipher_methods[SSL_ENC_IDEA_IDX]= NULL;
-#endif
- ssl_cipher_methods[SSL_ENC_AES128_IDX]=
- EVP_get_cipherbyname(SN_aes_128_cbc);
- ssl_cipher_methods[SSL_ENC_AES256_IDX]=
- EVP_get_cipherbyname(SN_aes_256_cbc);
- ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX]=
- EVP_get_cipherbyname(SN_camellia_128_cbc);
- ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX]=
- EVP_get_cipherbyname(SN_camellia_256_cbc);
-
- ssl_digest_methods[SSL_MD_MD5_IDX]=
- EVP_get_digestbyname(SN_md5);
- ssl_digest_methods[SSL_MD_SHA1_IDX]=
- EVP_get_digestbyname(SN_sha1);
- }
-
-
-#ifndef OPENSSL_NO_COMP
-
-static int sk_comp_cmp(const SSL_COMP * const *a,
- const SSL_COMP * const *b)
- {
- return((*a)->id-(*b)->id);
- }
-
-static void load_builtin_compressions(void)
- {
- int got_write_lock = 0;
-
- CRYPTO_r_lock(CRYPTO_LOCK_SSL);
- if (ssl_comp_methods == NULL)
- {
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
- got_write_lock = 1;
-
- if (ssl_comp_methods == NULL)
- {
- SSL_COMP *comp = NULL;
-
- MemCheck_off();
- ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
- if (ssl_comp_methods != NULL)
- {
- comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
- if (comp != NULL)
- {
- comp->method=COMP_zlib();
- if (comp->method
- && comp->method->type == NID_undef)
- OPENSSL_free(comp);
- else
- {
- comp->id=SSL_COMP_ZLIB_IDX;
- comp->name=comp->method->name;
- sk_SSL_COMP_push(ssl_comp_methods,comp);
- }
- }
- }
- MemCheck_on();
- }
- }
-
- if (got_write_lock)
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- else
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL);
- }
-#endif
-
-int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
- const EVP_MD **md, SSL_COMP **comp)
- {
- int i;
- SSL_CIPHER *c;
-
- c=s->cipher;
- if (c == NULL) return(0);
- if (comp != NULL)
- {
- SSL_COMP ctmp;
-#ifndef OPENSSL_NO_COMP
- load_builtin_compressions();
-#endif
-
- *comp=NULL;
- ctmp.id=s->compress_meth;
- if (ssl_comp_methods != NULL)
- {
- i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
- if (i >= 0)
- *comp=sk_SSL_COMP_value(ssl_comp_methods,i);
- else
- *comp=NULL;
- }
- }
-
- if ((enc == NULL) || (md == NULL)) return(0);
-
- switch (c->algorithms & SSL_ENC_MASK)
- {
- case SSL_DES:
- i=SSL_ENC_DES_IDX;
- break;
- case SSL_3DES:
- i=SSL_ENC_3DES_IDX;
- break;
- case SSL_RC4:
- i=SSL_ENC_RC4_IDX;
- break;
- case SSL_RC2:
- i=SSL_ENC_RC2_IDX;
- break;
- case SSL_IDEA:
- i=SSL_ENC_IDEA_IDX;
- break;
- case SSL_eNULL:
- i=SSL_ENC_NULL_IDX;
- break;
- case SSL_AES:
- switch(c->alg_bits)
- {
- case 128: i=SSL_ENC_AES128_IDX; break;
- case 256: i=SSL_ENC_AES256_IDX; break;
- default: i=-1; break;
- }
- break;
- case SSL_CAMELLIA:
- switch(c->alg_bits)
- {
- case 128: i=SSL_ENC_CAMELLIA128_IDX; break;
- case 256: i=SSL_ENC_CAMELLIA256_IDX; break;
- default: i=-1; break;
- }
- break;
-
- default:
- i= -1;
- break;
- }
-
- if ((i < 0) || (i > SSL_ENC_NUM_IDX))
- *enc=NULL;
- else
- {
- if (i == SSL_ENC_NULL_IDX)
- *enc=EVP_enc_null();
- else
- *enc=ssl_cipher_methods[i];
- }
-
- switch (c->algorithms & SSL_MAC_MASK)
- {
- case SSL_MD5:
- i=SSL_MD_MD5_IDX;
- break;
- case SSL_SHA1:
- i=SSL_MD_SHA1_IDX;
- break;
- default:
- i= -1;
- break;
- }
- if ((i < 0) || (i > SSL_MD_NUM_IDX))
- *md=NULL;
- else
- *md=ssl_digest_methods[i];
-
- if ((*enc != NULL) && (*md != NULL))
- return(1);
- else
- return(0);
- }
-
-#define ITEM_SEP(a) \
- (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
-
-static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
- CIPHER_ORDER **tail)
- {
- if (curr == *tail) return;
- if (curr == *head)
- *head=curr->next;
- if (curr->prev != NULL)
- curr->prev->next=curr->next;
- if (curr->next != NULL) /* should always be true */
- curr->next->prev=curr->prev;
- (*tail)->next=curr;
- curr->prev= *tail;
- curr->next=NULL;
- *tail=curr;
- }
-
-struct disabled_masks { /* This is a kludge no longer needed with OpenSSL 0.9.9,
- * where 128-bit and 256-bit algorithms simply will get
- * separate bits. */
- unsigned long mask; /* everything except m256 */
- unsigned long m256; /* applies to 256-bit algorithms only */
-};
-
-struct disabled_masks ssl_cipher_get_disabled(void)
- {
- unsigned long mask;
- unsigned long m256;
- struct disabled_masks ret;
-
- mask = SSL_kFZA;
-#ifdef OPENSSL_NO_RSA
- mask |= SSL_aRSA|SSL_kRSA;
-#endif
-#ifdef OPENSSL_NO_DSA
- mask |= SSL_aDSS;
-#endif
-#ifdef OPENSSL_NO_DH
- mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
-#endif
-#ifdef OPENSSL_NO_KRB5
- mask |= SSL_kKRB5|SSL_aKRB5;
-#endif
-#ifdef OPENSSL_NO_ECDH
- mask |= SSL_kECDH|SSL_kECDHE;
-#endif
-#ifdef SSL_FORBID_ENULL
- mask |= SSL_eNULL;
-#endif
-
- mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
- mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
- mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
- mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
- mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
- mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
-
- mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
- mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
-
- /* finally consider algorithms where mask and m256 differ */
- m256 = mask;
- mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
- mask |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA:0;
- m256 |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES:0;
- m256 |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA:0;
-
- ret.mask = mask;
- ret.m256 = m256;
- return ret;
- }
-
-static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
- int num_of_ciphers, unsigned long mask, unsigned long m256,
- CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
- CIPHER_ORDER **tail_p)
- {
- int i, co_list_num;
- SSL_CIPHER *c;
-
- /*
- * We have num_of_ciphers descriptions compiled in, depending on the
- * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
- * These will later be sorted in a linked list with at most num
- * entries.
- */
-
- /* Get the initial list of ciphers */
- co_list_num = 0; /* actual count of ciphers */
- for (i = 0; i < num_of_ciphers; i++)
- {
- c = ssl_method->get_cipher(i);
-#define IS_MASKED(c) ((c)->algorithms & (((c)->alg_bits == 256) ? m256 : mask))
- /* drop those that use any of that is not available */
- if ((c != NULL) && c->valid && !IS_MASKED(c))
- {
- co_list[co_list_num].cipher = c;
- co_list[co_list_num].next = NULL;
- co_list[co_list_num].prev = NULL;
- co_list[co_list_num].active = 0;
- co_list_num++;
-#ifdef KSSL_DEBUG
- printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
-#endif /* KSSL_DEBUG */
- /*
- if (!sk_push(ca_list,(char *)c)) goto err;
- */
- }
- }
-
- /*
- * Prepare linked list from list entries
- */
- for (i = 1; i < co_list_num - 1; i++)
- {
- co_list[i].prev = &(co_list[i-1]);
- co_list[i].next = &(co_list[i+1]);
- }
- if (co_list_num > 0)
- {
- (*head_p) = &(co_list[0]);
- (*head_p)->prev = NULL;
- (*head_p)->next = &(co_list[1]);
- (*tail_p) = &(co_list[co_list_num - 1]);
- (*tail_p)->prev = &(co_list[co_list_num - 2]);
- (*tail_p)->next = NULL;
- }
- }
-
-static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
- int num_of_group_aliases, unsigned long mask,
- CIPHER_ORDER *head)
- {
- CIPHER_ORDER *ciph_curr;
- SSL_CIPHER **ca_curr;
- int i;
-
- /*
- * First, add the real ciphers as already collected
- */
- ciph_curr = head;
- ca_curr = ca_list;
- while (ciph_curr != NULL)
- {
- *ca_curr = ciph_curr->cipher;
- ca_curr++;
- ciph_curr = ciph_curr->next;
- }
-
- /*
- * Now we add the available ones from the cipher_aliases[] table.
- * They represent either an algorithm, that must be fully
- * supported (not match any bit in mask) or represent a cipher
- * strength value (will be added in any case because algorithms=0).
- */
- for (i = 0; i < num_of_group_aliases; i++)
- {
- if ((i == 0) || /* always fetch "ALL" */
- !(cipher_aliases[i].algorithms & mask))
- {
- *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
- ca_curr++;
- }
- }
-
- *ca_curr = NULL; /* end of list */
- }
-
-static void ssl_cipher_apply_rule(unsigned long cipher_id, unsigned long ssl_version,
- unsigned long algorithms, unsigned long mask,
- unsigned long algo_strength, unsigned long mask_strength,
- int rule, int strength_bits, CIPHER_ORDER *co_list,
- CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
- {
- CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
- SSL_CIPHER *cp;
- unsigned long ma, ma_s;
-
-#ifdef CIPHER_DEBUG
- printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n",
- rule, algorithms, mask, algo_strength, mask_strength,
- strength_bits);
-#endif
-
- curr = head = *head_p;
- curr2 = head;
- tail2 = tail = *tail_p;
- for (;;)
- {
- if ((curr == NULL) || (curr == tail2)) break;
- curr = curr2;
- curr2 = curr->next;
-
- cp = curr->cipher;
-
- /* If explicit cipher suite, match only that one for its own protocol version.
- * Usual selection criteria will be used for similar ciphersuites from other version! */
-
- if (cipher_id && (cp->algorithms & SSL_SSL_MASK) == ssl_version)
- {
- if (cp->id != cipher_id)
- continue;
- }
-
- /*
- * Selection criteria is either the number of strength_bits
- * or the algorithm used.
- */
- else if (strength_bits == -1)
- {
- ma = mask & cp->algorithms;
- ma_s = mask_strength & cp->algo_strength;
-
-#ifdef CIPHER_DEBUG
- printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength);
- printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);
-#endif
- /*
- * Select: if none of the mask bit was met from the
- * cipher or not all of the bits were met, the
- * selection does not apply.
- */
- if (((ma == 0) && (ma_s == 0)) ||
- ((ma & algorithms) != ma) ||
- ((ma_s & algo_strength) != ma_s))
- continue; /* does not apply */
- }
- else if (strength_bits != cp->strength_bits)
- continue; /* does not apply */
-
-#ifdef CIPHER_DEBUG
- printf("Action = %d\n", rule);
-#endif
-
- /* add the cipher if it has not been added yet. */
- if (rule == CIPHER_ADD)
- {
- if (!curr->active)
- {
- int add_this_cipher = 1;
-
- if (((cp->algorithms & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0))
- {
- /* Make sure "ECCdraft" ciphersuites are activated only if
- * *explicitly* requested, but not implicitly (such as
- * as part of the "AES" alias). */
-
- add_this_cipher = (mask & (SSL_kECDHE|SSL_kECDH|SSL_aECDSA)) != 0 || cipher_id != 0;
- }
-
- if (add_this_cipher)
- {
- ll_append_tail(&head, curr, &tail);
- curr->active = 1;
- }
- }
- }
- /* Move the added cipher to this location */
- else if (rule == CIPHER_ORD)
- {
- if (curr->active)
- {
- ll_append_tail(&head, curr, &tail);
- }
- }
- else if (rule == CIPHER_DEL)
- curr->active = 0;
- else if (rule == CIPHER_KILL)
- {
- if (head == curr)
- head = curr->next;
- else
- curr->prev->next = curr->next;
- if (tail == curr)
- tail = curr->prev;
- curr->active = 0;
- if (curr->next != NULL)
- curr->next->prev = curr->prev;
- if (curr->prev != NULL)
- curr->prev->next = curr->next;
- curr->next = NULL;
- curr->prev = NULL;
- }
- }
-
- *head_p = head;
- *tail_p = tail;
- }
-
-static int ssl_cipher_strength_sort(CIPHER_ORDER *co_list,
- CIPHER_ORDER **head_p,
- CIPHER_ORDER **tail_p)
- {
- int max_strength_bits, i, *number_uses;
- CIPHER_ORDER *curr;
-
- /*
- * This routine sorts the ciphers with descending strength. The sorting
- * must keep the pre-sorted sequence, so we apply the normal sorting
- * routine as '+' movement to the end of the list.
- */
- max_strength_bits = 0;
- curr = *head_p;
- while (curr != NULL)
- {
- if (curr->active &&
- (curr->cipher->strength_bits > max_strength_bits))
- max_strength_bits = curr->cipher->strength_bits;
- curr = curr->next;
- }
-
- number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
- if (!number_uses)
- {
- SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
-
- /*
- * Now find the strength_bits values actually used
- */
- curr = *head_p;
- while (curr != NULL)
- {
- if (curr->active)
- number_uses[curr->cipher->strength_bits]++;
- curr = curr->next;
- }
- /*
- * Go through the list of used strength_bits values in descending
- * order.
- */
- for (i = max_strength_bits; i >= 0; i--)
- if (number_uses[i] > 0)
- ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, CIPHER_ORD, i,
- co_list, head_p, tail_p);
-
- OPENSSL_free(number_uses);
- return(1);
- }
-
-static int ssl_cipher_process_rulestr(const char *rule_str,
- CIPHER_ORDER *co_list, CIPHER_ORDER **head_p,
- CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
- {
- unsigned long algorithms, mask, algo_strength, mask_strength;
- const char *l, *start, *buf;
- int j, multi, found, rule, retval, ok, buflen;
- unsigned long cipher_id = 0, ssl_version = 0;
- char ch;
-
- retval = 1;
- l = rule_str;
- for (;;)
- {
- ch = *l;
-
- if (ch == '\0')
- break; /* done */
- if (ch == '-')
- { rule = CIPHER_DEL; l++; }
- else if (ch == '+')
- { rule = CIPHER_ORD; l++; }
- else if (ch == '!')
- { rule = CIPHER_KILL; l++; }
- else if (ch == '@')
- { rule = CIPHER_SPECIAL; l++; }
- else
- { rule = CIPHER_ADD; }
-
- if (ITEM_SEP(ch))
- {
- l++;
- continue;
- }
-
- algorithms = mask = algo_strength = mask_strength = 0;
-
- start=l;
- for (;;)
- {
- ch = *l;
- buf = l;
- buflen = 0;
-#ifndef CHARSET_EBCDIC
- while ( ((ch >= 'A') && (ch <= 'Z')) ||
- ((ch >= '0') && (ch <= '9')) ||
- ((ch >= 'a') && (ch <= 'z')) ||
- (ch == '-'))
-#else
- while ( isalnum(ch) || (ch == '-'))
-#endif
- {
- ch = *(++l);
- buflen++;
- }
-
- if (buflen == 0)
- {
- /*
- * We hit something we cannot deal with,
- * it is no command or separator nor
- * alphanumeric, so we call this an error.
- */
- SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
- SSL_R_INVALID_COMMAND);
- retval = found = 0;
- l++;
- break;
- }
-
- if (rule == CIPHER_SPECIAL)
- {
- found = 0; /* unused -- avoid compiler warning */
- break; /* special treatment */
- }
-
- /* check for multi-part specification */
- if (ch == '+')
- {
- multi=1;
- l++;
- }
- else
- multi=0;
-
- /*
- * Now search for the cipher alias in the ca_list. Be careful
- * with the strncmp, because the "buflen" limitation
- * will make the rule "ADH:SOME" and the cipher
- * "ADH-MY-CIPHER" look like a match for buflen=3.
- * So additionally check whether the cipher name found
- * has the correct length. We can save a strlen() call:
- * just checking for the '\0' at the right place is
- * sufficient, we have to strncmp() anyway. (We cannot
- * use strcmp(), because buf is not '\0' terminated.)
- */
- j = found = 0;
- cipher_id = 0;
- ssl_version = 0;
- while (ca_list[j])
- {
- if (!strncmp(buf, ca_list[j]->name, buflen) &&
- (ca_list[j]->name[buflen] == '\0'))
- {
- found = 1;
- break;
- }
- else
- j++;
- }
- if (!found)
- break; /* ignore this entry */
-
- /* New algorithms:
- * 1 - any old restrictions apply outside new mask
- * 2 - any new restrictions apply outside old mask
- * 3 - enforce old & new where masks intersect
- */
- algorithms = (algorithms & ~ca_list[j]->mask) | /* 1 */
- (ca_list[j]->algorithms & ~mask) | /* 2 */
- (algorithms & ca_list[j]->algorithms); /* 3 */
- mask |= ca_list[j]->mask;
- algo_strength = (algo_strength & ~ca_list[j]->mask_strength) |
- (ca_list[j]->algo_strength & ~mask_strength) |
- (algo_strength & ca_list[j]->algo_strength);
- mask_strength |= ca_list[j]->mask_strength;
-
- /* explicit ciphersuite found */
- if (ca_list[j]->valid)
- {
- cipher_id = ca_list[j]->id;
- ssl_version = ca_list[j]->algorithms & SSL_SSL_MASK;
- break;
- }
-
- if (!multi) break;
- }
-
- /*
- * Ok, we have the rule, now apply it
- */
- if (rule == CIPHER_SPECIAL)
- { /* special command */
- ok = 0;
- if ((buflen == 8) &&
- !strncmp(buf, "STRENGTH", 8))
- ok = ssl_cipher_strength_sort(co_list,
- head_p, tail_p);
- else
- SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
- SSL_R_INVALID_COMMAND);
- if (ok == 0)
- retval = 0;
- /*
- * We do not support any "multi" options
- * together with "@", so throw away the
- * rest of the command, if any left, until
- * end or ':' is found.
- */
- while ((*l != '\0') && !ITEM_SEP(*l))
- l++;
- }
- else if (found)
- {
- ssl_cipher_apply_rule(cipher_id, ssl_version, algorithms, mask,
- algo_strength, mask_strength, rule, -1,
- co_list, head_p, tail_p);
- }
- else
- {
- while ((*l != '\0') && !ITEM_SEP(*l))
- l++;
- }
- if (*l == '\0') break; /* done */
- }
-
- return(retval);
- }
-
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
- STACK_OF(SSL_CIPHER) **cipher_list,
- STACK_OF(SSL_CIPHER) **cipher_list_by_id,
- const char *rule_str)
- {
- int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
- unsigned long disabled_mask;
- unsigned long disabled_m256;
- STACK_OF(SSL_CIPHER) *cipherstack, *tmp_cipher_list;
- const char *rule_p;
- CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
- SSL_CIPHER **ca_list = NULL;
-
- /*
- * Return with error if nothing to do.
- */
- if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
- return NULL;
-
- /*
- * To reduce the work to do we only want to process the compiled
- * in algorithms, so we first get the mask of disabled ciphers.
- */
- {
- struct disabled_masks d;
- d = ssl_cipher_get_disabled();
- disabled_mask = d.mask;
- disabled_m256 = d.m256;
- }
-
- /*
- * Now we have to collect the available ciphers from the compiled
- * in ciphers. We cannot get more than the number compiled in, so
- * it is used for allocation.
- */
- num_of_ciphers = ssl_method->num_ciphers();
-#ifdef KSSL_DEBUG
- printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
-#endif /* KSSL_DEBUG */
- co_list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
- if (co_list == NULL)
- {
- SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
- return(NULL); /* Failure */
- }
-
- ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
- disabled_m256, co_list, &head, &tail);
-
- /*
- * We also need cipher aliases for selecting based on the rule_str.
- * There might be two types of entries in the rule_str: 1) names
- * of ciphers themselves 2) aliases for groups of ciphers.
- * For 1) we need the available ciphers and for 2) the cipher
- * groups of cipher_aliases added together in one list (otherwise
- * we would be happy with just the cipher_aliases table).
- */
- num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
- num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
- ca_list =
- (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
- if (ca_list == NULL)
- {
- OPENSSL_free(co_list);
- SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
- return(NULL); /* Failure */
- }
- ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
- (disabled_mask & disabled_m256), head);
-
- /*
- * If the rule_string begins with DEFAULT, apply the default rule
- * before using the (possibly available) additional rules.
- */
- ok = 1;
- rule_p = rule_str;
- if (strncmp(rule_str,"DEFAULT",7) == 0)
- {
- ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
- co_list, &head, &tail, ca_list);
- rule_p += 7;
- if (*rule_p == ':')
- rule_p++;
- }
-
- if (ok && (strlen(rule_p) > 0))
- ok = ssl_cipher_process_rulestr(rule_p, co_list, &head, &tail,
- ca_list);
-
- OPENSSL_free(ca_list); /* Not needed anymore */
-
- if (!ok)
- { /* Rule processing failure */
- OPENSSL_free(co_list);
- return(NULL);
- }
- /*
- * Allocate new "cipherstack" for the result, return with error
- * if we cannot get one.
- */
- if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
- {
- OPENSSL_free(co_list);
- return(NULL);
- }
-
- /*
- * The cipher selection for the list is done. The ciphers are added
- * to the resulting precedence to the STACK_OF(SSL_CIPHER).
- */
- for (curr = head; curr != NULL; curr = curr->next)
- {
- if (curr->active)
- {
- sk_SSL_CIPHER_push(cipherstack, curr->cipher);
-#ifdef CIPHER_DEBUG
- printf("<%s>\n",curr->cipher->name);
-#endif
- }
- }
- OPENSSL_free(co_list); /* Not needed any longer */
-
- tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
- if (tmp_cipher_list == NULL)
- {
- sk_SSL_CIPHER_free(cipherstack);
- return NULL;
- }
- if (*cipher_list != NULL)
- sk_SSL_CIPHER_free(*cipher_list);
- *cipher_list = cipherstack;
- if (*cipher_list_by_id != NULL)
- sk_SSL_CIPHER_free(*cipher_list_by_id);
- *cipher_list_by_id = tmp_cipher_list;
- sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
-
- return(cipherstack);
- }
-
-char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
- {
- int is_export,pkl,kl;
- const char *ver,*exp_str;
- const char *kx,*au,*enc,*mac;
- unsigned long alg,alg2,alg_s;
-#ifdef KSSL_DEBUG
- static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
-#else
- static const char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
-#endif /* KSSL_DEBUG */
-
- alg=cipher->algorithms;
- alg_s=cipher->algo_strength;
- alg2=cipher->algorithm2;
-
- is_export=SSL_C_IS_EXPORT(cipher);
- pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
- kl=SSL_C_EXPORT_KEYLENGTH(cipher);
- exp_str=is_export?" export":"";
-
- if (alg & SSL_SSLV2)
- ver="SSLv2";
- else if (alg & SSL_SSLV3)
- ver="SSLv3";
- else
- ver="unknown";
-
- switch (alg&SSL_MKEY_MASK)
- {
- case SSL_kRSA:
- kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
- break;
- case SSL_kDHr:
- kx="DH/RSA";
- break;
- case SSL_kDHd:
- kx="DH/DSS";
- break;
- case SSL_kKRB5: /* VRS */
- case SSL_KRB5: /* VRS */
- kx="KRB5";
- break;
- case SSL_kFZA:
- kx="Fortezza";
- break;
- case SSL_kEDH:
- kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
- break;
- case SSL_kECDH:
- case SSL_kECDHE:
- kx=is_export?"ECDH(<=163)":"ECDH";
- break;
- default:
- kx="unknown";
- }
-
- switch (alg&SSL_AUTH_MASK)
- {
- case SSL_aRSA:
- au="RSA";
- break;
- case SSL_aDSS:
- au="DSS";
- break;
- case SSL_aDH:
- au="DH";
- break;
- case SSL_aKRB5: /* VRS */
- case SSL_KRB5: /* VRS */
- au="KRB5";
- break;
- case SSL_aFZA:
- case SSL_aNULL:
- au="None";
- break;
- case SSL_aECDSA:
- au="ECDSA";
- break;
- default:
- au="unknown";
- break;
- }
-
- switch (alg&SSL_ENC_MASK)
- {
- case SSL_DES:
- enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
- break;
- case SSL_3DES:
- enc="3DES(168)";
- break;
- case SSL_RC4:
- enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
- :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
- break;
- case SSL_RC2:
- enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
- break;
- case SSL_IDEA:
- enc="IDEA(128)";
- break;
- case SSL_eFZA:
- enc="Fortezza";
- break;
- case SSL_eNULL:
- enc="None";
- break;
- case SSL_AES:
- switch(cipher->strength_bits)
- {
- case 128: enc="AES(128)"; break;
- case 192: enc="AES(192)"; break;
- case 256: enc="AES(256)"; break;
- default: enc="AES(?""?""?)"; break;
- }
- break;
- case SSL_CAMELLIA:
- switch(cipher->strength_bits)
- {
- case 128: enc="Camellia(128)"; break;
- case 256: enc="Camellia(256)"; break;
- default: enc="Camellia(?""?""?)"; break;
- }
- break;
-
- default:
- enc="unknown";
- break;
- }
-
- switch (alg&SSL_MAC_MASK)
- {
- case SSL_MD5:
- mac="MD5";
- break;
- case SSL_SHA1:
- mac="SHA1";
- break;
- default:
- mac="unknown";
- break;
- }
-
- if (buf == NULL)
- {
- len=128;
- buf=OPENSSL_malloc(len);
- if (buf == NULL) return("OPENSSL_malloc Error");
- }
- else if (len < 128)
- return("Buffer too small");
-
-#ifdef KSSL_DEBUG
- BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str,alg);
-#else
- BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp_str);
-#endif /* KSSL_DEBUG */
- return(buf);
- }
-
-char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
- {
- int i;
-
- if (c == NULL) return("(NONE)");
- i=(int)(c->id>>24L);
- if (i == 3)
- return("TLSv1/SSLv3");
- else if (i == 2)
- return("SSLv2");
- else
- return("unknown");
- }
-
-/* return the actual cipher being used */
-const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
- {
- if (c != NULL)
- return(c->name);
- return("(NONE)");
- }
-
-/* number of bits for symmetric cipher */
-int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
- {
- int ret=0;
-
- if (c != NULL)
- {
- if (alg_bits != NULL) *alg_bits = c->alg_bits;
- ret = c->strength_bits;
- }
- return(ret);
- }
-
-SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
- {
- SSL_COMP *ctmp;
- int i,nn;
-
- if ((n == 0) || (sk == NULL)) return(NULL);
- nn=sk_SSL_COMP_num(sk);
- for (i=0; i<nn; i++)
- {
- ctmp=sk_SSL_COMP_value(sk,i);
- if (ctmp->id == n)
- return(ctmp);
- }
- return(NULL);
- }
-
-#ifdef OPENSSL_NO_COMP
-void *SSL_COMP_get_compression_methods(void)
- {
- return NULL;
- }
-int SSL_COMP_add_compression_method(int id, void *cm)
- {
- return 1;
- }
-
-const char *SSL_COMP_get_name(const void *comp)
- {
- return NULL;
- }
-#else
-STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
- {
- load_builtin_compressions();
- return(ssl_comp_methods);
- }
-
-int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
- {
- SSL_COMP *comp;
-
- if (cm == NULL || cm->type == NID_undef)
- return 1;
-
- /* According to draft-ietf-tls-compression-04.txt, the
- compression number ranges should be the following:
-
- 0 to 63: methods defined by the IETF
- 64 to 192: external party methods assigned by IANA
- 193 to 255: reserved for private use */
- if (id < 193 || id > 255)
- {
- SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
- return 0;
- }
-
- MemCheck_off();
- comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
- comp->id=id;
- comp->method=cm;
- load_builtin_compressions();
- if (ssl_comp_methods
- && !sk_SSL_COMP_find(ssl_comp_methods,comp))
- {
- OPENSSL_free(comp);
- MemCheck_on();
- SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,SSL_R_DUPLICATE_COMPRESSION_ID);
- return(1);
- }
- else if ((ssl_comp_methods == NULL)
- || !sk_SSL_COMP_push(ssl_comp_methods,comp))
- {
- OPENSSL_free(comp);
- MemCheck_on();
- SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
- return(1);
- }
- else
- {
- MemCheck_on();
- return(0);
- }
- }
-
-const char *SSL_COMP_get_name(const COMP_METHOD *comp)
- {
- if (comp)
- return comp->name;
- return NULL;
- }
-
-#endif
diff --git a/crypto/openssl/ssl/ssl_err.c b/crypto/openssl/ssl/ssl_err.c
deleted file mode 100644
index 0ca4937..0000000
--- a/crypto/openssl/ssl/ssl_err.c
+++ /dev/null
@@ -1,498 +0,0 @@
-/* ssl/ssl_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
-
-static ERR_STRING_DATA SSL_str_functs[]=
- {
-{ERR_FUNC(SSL_F_CLIENT_CERTIFICATE), "CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_CLIENT_FINISHED), "CLIENT_FINISHED"},
-{ERR_FUNC(SSL_F_CLIENT_HELLO), "CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_CLIENT_MASTER_KEY), "CLIENT_MASTER_KEY"},
-{ERR_FUNC(SSL_F_D2I_SSL_SESSION), "d2i_SSL_SESSION"},
-{ERR_FUNC(SSL_F_DO_DTLS1_WRITE), "DO_DTLS1_WRITE"},
-{ERR_FUNC(SSL_F_DO_SSL3_WRITE), "DO_SSL3_WRITE"},
-{ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
-{ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD), "DTLS1_BUFFER_RECORD"},
-{ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO), "DTLS1_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_DTLS1_CONNECT), "DTLS1_CONNECT"},
-{ERR_FUNC(SSL_F_DTLS1_ENC), "DTLS1_ENC"},
-{ERR_FUNC(SSL_F_DTLS1_GET_HELLO_VERIFY), "DTLS1_GET_HELLO_VERIFY"},
-{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE), "DTLS1_GET_MESSAGE"},
-{ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT), "DTLS1_GET_MESSAGE_FRAGMENT"},
-{ERR_FUNC(SSL_F_DTLS1_GET_RECORD), "DTLS1_GET_RECORD"},
-{ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN), "DTLS1_OUTPUT_CERT_CHAIN"},
-{ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT), "DTLS1_PREPROCESS_FRAGMENT"},
-{ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE), "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
-{ERR_FUNC(SSL_F_DTLS1_PROCESS_RECORD), "DTLS1_PROCESS_RECORD"},
-{ERR_FUNC(SSL_F_DTLS1_READ_BYTES), "DTLS1_READ_BYTES"},
-{ERR_FUNC(SSL_F_DTLS1_READ_FAILED), "DTLS1_READ_FAILED"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST), "DTLS1_SEND_CERTIFICATE_REQUEST"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE), "DTLS1_SEND_CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE), "DTLS1_SEND_CLIENT_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_CLIENT_VERIFY), "DTLS1_SEND_CLIENT_VERIFY"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE), "DTLS1_SEND_SERVER_CERTIFICATE"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_HELLO), "DTLS1_SEND_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "DTLS1_SEND_SERVER_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "DTLS1_WRITE_APP_DATA_BYTES"},
-{ERR_FUNC(SSL_F_GET_CLIENT_FINISHED), "GET_CLIENT_FINISHED"},
-{ERR_FUNC(SSL_F_GET_CLIENT_HELLO), "GET_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"},
-{ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"},
-{ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"},
-{ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"},
-{ERR_FUNC(SSL_F_READ_N), "READ_N"},
-{ERR_FUNC(SSL_F_REQUEST_CERTIFICATE), "REQUEST_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SERVER_FINISH), "SERVER_FINISH"},
-{ERR_FUNC(SSL_F_SERVER_HELLO), "SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SERVER_VERIFY), "SERVER_VERIFY"},
-{ERR_FUNC(SSL_F_SSL23_ACCEPT), "SSL23_ACCEPT"},
-{ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL23_CONNECT), "SSL23_CONNECT"},
-{ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SSL23_PEEK), "SSL23_PEEK"},
-{ERR_FUNC(SSL_F_SSL23_READ), "SSL23_READ"},
-{ERR_FUNC(SSL_F_SSL23_WRITE), "SSL23_WRITE"},
-{ERR_FUNC(SSL_F_SSL2_ACCEPT), "SSL2_ACCEPT"},
-{ERR_FUNC(SSL_F_SSL2_CONNECT), "SSL2_CONNECT"},
-{ERR_FUNC(SSL_F_SSL2_ENC_INIT), "SSL2_ENC_INIT"},
-{ERR_FUNC(SSL_F_SSL2_GENERATE_KEY_MATERIAL), "SSL2_GENERATE_KEY_MATERIAL"},
-{ERR_FUNC(SSL_F_SSL2_PEEK), "SSL2_PEEK"},
-{ERR_FUNC(SSL_F_SSL2_READ), "SSL2_READ"},
-{ERR_FUNC(SSL_F_SSL2_READ_INTERNAL), "SSL2_READ_INTERNAL"},
-{ERR_FUNC(SSL_F_SSL2_SET_CERTIFICATE), "SSL2_SET_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL2_WRITE), "SSL2_WRITE"},
-{ERR_FUNC(SSL_F_SSL3_ACCEPT), "SSL3_ACCEPT"},
-{ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "SSL3_CALLBACK_CTRL"},
-{ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE), "SSL3_CHANGE_CIPHER_STATE"},
-{ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM), "SSL3_CHECK_CERT_AND_ALGORITHM"},
-{ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO), "SSL3_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_CONNECT), "SSL3_CONNECT"},
-{ERR_FUNC(SSL_F_SSL3_CTRL), "SSL3_CTRL"},
-{ERR_FUNC(SSL_F_SSL3_CTX_CTRL), "SSL3_CTX_CTRL"},
-{ERR_FUNC(SSL_F_SSL3_ENC), "SSL3_ENC"},
-{ERR_FUNC(SSL_F_SSL3_GENERATE_KEY_BLOCK), "SSL3_GENERATE_KEY_BLOCK"},
-{ERR_FUNC(SSL_F_SSL3_GET_CERTIFICATE_REQUEST), "SSL3_GET_CERTIFICATE_REQUEST"},
-{ERR_FUNC(SSL_F_SSL3_GET_CERT_VERIFY), "SSL3_GET_CERT_VERIFY"},
-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_CERTIFICATE), "SSL3_GET_CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_HELLO), "SSL3_GET_CLIENT_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE), "SSL3_GET_CLIENT_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_GET_FINISHED), "SSL3_GET_FINISHED"},
-{ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE), "SSL3_GET_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_GET_MESSAGE), "SSL3_GET_MESSAGE"},
-{ERR_FUNC(SSL_F_SSL3_GET_RECORD), "SSL3_GET_RECORD"},
-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE), "SSL3_GET_SERVER_DONE"},
-{ERR_FUNC(SSL_F_SSL3_GET_SERVER_HELLO), "SSL3_GET_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_OUTPUT_CERT_CHAIN), "SSL3_OUTPUT_CERT_CHAIN"},
-{ERR_FUNC(SSL_F_SSL3_PEEK), "SSL3_PEEK"},
-{ERR_FUNC(SSL_F_SSL3_READ_BYTES), "SSL3_READ_BYTES"},
-{ERR_FUNC(SSL_F_SSL3_READ_N), "SSL3_READ_N"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST), "SSL3_SEND_CERTIFICATE_REQUEST"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE), "SSL3_SEND_CLIENT_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE), "SSL3_SEND_CLIENT_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_SEND_CLIENT_VERIFY), "SSL3_SEND_CLIENT_VERIFY"},
-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_CERTIFICATE), "SSL3_SEND_SERVER_CERTIFICATE"},
-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_HELLO), "SSL3_SEND_SERVER_HELLO"},
-{ERR_FUNC(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE), "SSL3_SEND_SERVER_KEY_EXCHANGE"},
-{ERR_FUNC(SSL_F_SSL3_SETUP_BUFFERS), "SSL3_SETUP_BUFFERS"},
-{ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "SSL3_SETUP_KEY_BLOCK"},
-{ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "SSL3_WRITE_BYTES"},
-{ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "SSL3_WRITE_PENDING"},
-{ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK), "SSL_add_dir_cert_subjects_to_stack"},
-{ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK), "SSL_add_file_cert_subjects_to_stack"},
-{ERR_FUNC(SSL_F_SSL_BAD_METHOD), "SSL_BAD_METHOD"},
-{ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "SSL_BYTES_TO_CIPHER_LIST"},
-{ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
-{ERR_FUNC(SSL_F_SSL_CERT_INST), "SSL_CERT_INST"},
-{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"},
-{ERR_FUNC(SSL_F_SSL_CERT_NEW), "SSL_CERT_NEW"},
-{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY), "SSL_check_private_key"},
-{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR), "SSL_CIPHER_PROCESS_RULESTR"},
-{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT), "SSL_CIPHER_STRENGTH_SORT"},
-{ERR_FUNC(SSL_F_SSL_CLEAR), "SSL_clear"},
-{ERR_FUNC(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD), "SSL_COMP_add_compression_method"},
-{ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST), "SSL_CREATE_CIPHER_LIST"},
-{ERR_FUNC(SSL_F_SSL_CTRL), "SSL_ctrl"},
-{ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY), "SSL_CTX_check_private_key"},
-{ERR_FUNC(SSL_F_SSL_CTX_NEW), "SSL_CTX_new"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST), "SSL_CTX_set_cipher_list"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_PURPOSE), "SSL_CTX_set_purpose"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT), "SSL_CTX_set_session_id_context"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_SSL_VERSION), "SSL_CTX_set_ssl_version"},
-{ERR_FUNC(SSL_F_SSL_CTX_SET_TRUST), "SSL_CTX_set_trust"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), "SSL_CTX_use_certificate_chain_file"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1), "SSL_CTX_use_PrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE), "SSL_CTX_use_PrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY), "SSL_CTX_use_RSAPrivateKey"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1), "SSL_CTX_use_RSAPrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE), "SSL_CTX_use_RSAPrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_DO_HANDSHAKE), "SSL_do_handshake"},
-{ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION), "SSL_GET_NEW_SESSION"},
-{ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
-{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT), "SSL_GET_SERVER_SEND_CERT"},
-{ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY), "SSL_GET_SIGN_PKEY"},
-{ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
-{ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE), "SSL_load_client_CA_file"},
-{ERR_FUNC(SSL_F_SSL_NEW), "SSL_new"},
-{ERR_FUNC(SSL_F_SSL_PEEK), "SSL_peek"},
-{ERR_FUNC(SSL_F_SSL_READ), "SSL_read"},
-{ERR_FUNC(SSL_F_SSL_RSA_PRIVATE_DECRYPT), "SSL_RSA_PRIVATE_DECRYPT"},
-{ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT), "SSL_RSA_PUBLIC_ENCRYPT"},
-{ERR_FUNC(SSL_F_SSL_SESSION_NEW), "SSL_SESSION_new"},
-{ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
-{ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW), "SSL_SESS_CERT_NEW"},
-{ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
-{ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST), "SSL_set_cipher_list"},
-{ERR_FUNC(SSL_F_SSL_SET_FD), "SSL_set_fd"},
-{ERR_FUNC(SSL_F_SSL_SET_PKEY), "SSL_SET_PKEY"},
-{ERR_FUNC(SSL_F_SSL_SET_PURPOSE), "SSL_set_purpose"},
-{ERR_FUNC(SSL_F_SSL_SET_RFD), "SSL_set_rfd"},
-{ERR_FUNC(SSL_F_SSL_SET_SESSION), "SSL_set_session"},
-{ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"},
-{ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"},
-{ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"},
-{ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
-{ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"},
-{ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION), "SSL_UNDEFINED_FUNCTION"},
-{ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION), "SSL_UNDEFINED_VOID_FUNCTION"},
-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE), "SSL_use_certificate"},
-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_ASN1), "SSL_use_certificate_ASN1"},
-{ERR_FUNC(SSL_F_SSL_USE_CERTIFICATE_FILE), "SSL_use_certificate_file"},
-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY), "SSL_use_PrivateKey"},
-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_ASN1), "SSL_use_PrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_USE_PRIVATEKEY_FILE), "SSL_use_PrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY), "SSL_use_RSAPrivateKey"},
-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1), "SSL_use_RSAPrivateKey_ASN1"},
-{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE), "SSL_use_RSAPrivateKey_file"},
-{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN), "SSL_VERIFY_CERT_CHAIN"},
-{ERR_FUNC(SSL_F_SSL_WRITE), "SSL_write"},
-{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE), "TLS1_CHANGE_CIPHER_STATE"},
-{ERR_FUNC(SSL_F_TLS1_ENC), "TLS1_ENC"},
-{ERR_FUNC(SSL_F_TLS1_SETUP_KEY_BLOCK), "TLS1_SETUP_KEY_BLOCK"},
-{ERR_FUNC(SSL_F_WRITE_PENDING), "WRITE_PENDING"},
-{0,NULL}
- };
-
-static ERR_STRING_DATA SSL_str_reasons[]=
- {
-{ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) ,"app data in handshake"},
-{ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),"attempt to reuse session in different context"},
-{ERR_REASON(SSL_R_BAD_ALERT_RECORD) ,"bad alert record"},
-{ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE),"bad authentication type"},
-{ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC),"bad change cipher spec"},
-{ERR_REASON(SSL_R_BAD_CHECKSUM) ,"bad checksum"},
-{ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),"bad data returned by callback"},
-{ERR_REASON(SSL_R_BAD_DECOMPRESSION) ,"bad decompression"},
-{ERR_REASON(SSL_R_BAD_DH_G_LENGTH) ,"bad dh g length"},
-{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) ,"bad dh pub key length"},
-{ERR_REASON(SSL_R_BAD_DH_P_LENGTH) ,"bad dh p length"},
-{ERR_REASON(SSL_R_BAD_DIGEST_LENGTH) ,"bad digest length"},
-{ERR_REASON(SSL_R_BAD_DSA_SIGNATURE) ,"bad dsa signature"},
-{ERR_REASON(SSL_R_BAD_ECC_CERT) ,"bad ecc cert"},
-{ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE) ,"bad ecdsa signature"},
-{ERR_REASON(SSL_R_BAD_ECPOINT) ,"bad ecpoint"},
-{ERR_REASON(SSL_R_BAD_HELLO_REQUEST) ,"bad hello request"},
-{ERR_REASON(SSL_R_BAD_LENGTH) ,"bad length"},
-{ERR_REASON(SSL_R_BAD_MAC_DECODE) ,"bad mac decode"},
-{ERR_REASON(SSL_R_BAD_MESSAGE_TYPE) ,"bad message type"},
-{ERR_REASON(SSL_R_BAD_PACKET_LENGTH) ,"bad packet length"},
-{ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER),"bad protocol version number"},
-{ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) ,"bad response argument"},
-{ERR_REASON(SSL_R_BAD_RSA_DECRYPT) ,"bad rsa decrypt"},
-{ERR_REASON(SSL_R_BAD_RSA_ENCRYPT) ,"bad rsa encrypt"},
-{ERR_REASON(SSL_R_BAD_RSA_E_LENGTH) ,"bad rsa e length"},
-{ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"},
-{ERR_REASON(SSL_R_BAD_RSA_SIGNATURE) ,"bad rsa signature"},
-{ERR_REASON(SSL_R_BAD_SIGNATURE) ,"bad signature"},
-{ERR_REASON(SSL_R_BAD_SSL_FILETYPE) ,"bad ssl filetype"},
-{ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},
-{ERR_REASON(SSL_R_BAD_STATE) ,"bad state"},
-{ERR_REASON(SSL_R_BAD_WRITE_RETRY) ,"bad write retry"},
-{ERR_REASON(SSL_R_BIO_NOT_SET) ,"bio not set"},
-{ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),"block cipher pad is wrong"},
-{ERR_REASON(SSL_R_BN_LIB) ,"bn lib"},
-{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) ,"ca dn length mismatch"},
-{ERR_REASON(SSL_R_CA_DN_TOO_LONG) ,"ca dn too long"},
-{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY) ,"ccs received early"},
-{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED),"certificate verify failed"},
-{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH) ,"cert length mismatch"},
-{ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT),"challenge is different"},
-{ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH),"cipher code wrong length"},
-{ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE),"cipher or hash unavailable"},
-{ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR),"cipher table src error"},
-{ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG),"compressed length too long"},
-{ERR_REASON(SSL_R_COMPRESSION_FAILURE) ,"compression failure"},
-{ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),"compression id not within private range"},
-{ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR),"compression library error"},
-{ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT),"connection id is different"},
-{ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET),"connection type not set"},
-{ERR_REASON(SSL_R_COOKIE_MISMATCH) ,"cookie mismatch"},
-{ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),"data between ccs and finished"},
-{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG) ,"data length too long"},
-{ERR_REASON(SSL_R_DECRYPTION_FAILED) ,"decryption failed"},
-{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),"decryption failed or bad record mac"},
-{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},
-{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED) ,"digest check failed"},
-{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},
-{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
-{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
-{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
-{ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
-{ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
-{ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
-{ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
-{ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST) ,"https proxy request"},
-{ERR_REASON(SSL_R_HTTP_REQUEST) ,"http request"},
-{ERR_REASON(SSL_R_ILLEGAL_PADDING) ,"illegal padding"},
-{ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH),"invalid challenge length"},
-{ERR_REASON(SSL_R_INVALID_COMMAND) ,"invalid command"},
-{ERR_REASON(SSL_R_INVALID_PURPOSE) ,"invalid purpose"},
-{ERR_REASON(SSL_R_INVALID_TRUST) ,"invalid trust"},
-{ERR_REASON(SSL_R_KEY_ARG_TOO_LONG) ,"key arg too long"},
-{ERR_REASON(SSL_R_KRB5) ,"krb5"},
-{ERR_REASON(SSL_R_KRB5_C_CC_PRINC) ,"krb5 client cc principal (no tkt?)"},
-{ERR_REASON(SSL_R_KRB5_C_GET_CRED) ,"krb5 client get cred"},
-{ERR_REASON(SSL_R_KRB5_C_INIT) ,"krb5 client init"},
-{ERR_REASON(SSL_R_KRB5_C_MK_REQ) ,"krb5 client mk_req (expired tkt?)"},
-{ERR_REASON(SSL_R_KRB5_S_BAD_TICKET) ,"krb5 server bad ticket"},
-{ERR_REASON(SSL_R_KRB5_S_INIT) ,"krb5 server init"},
-{ERR_REASON(SSL_R_KRB5_S_RD_REQ) ,"krb5 server rd_req (keytab perms?)"},
-{ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED) ,"krb5 server tkt expired"},
-{ERR_REASON(SSL_R_KRB5_S_TKT_NYV) ,"krb5 server tkt not yet valid"},
-{ERR_REASON(SSL_R_KRB5_S_TKT_SKEW) ,"krb5 server tkt skew"},
-{ERR_REASON(SSL_R_LENGTH_MISMATCH) ,"length mismatch"},
-{ERR_REASON(SSL_R_LENGTH_TOO_SHORT) ,"length too short"},
-{ERR_REASON(SSL_R_LIBRARY_BUG) ,"library bug"},
-{ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS),"library has no ciphers"},
-{ERR_REASON(SSL_R_MESSAGE_TOO_LONG) ,"message too long"},
-{ERR_REASON(SSL_R_MISSING_DH_DSA_CERT) ,"missing dh dsa cert"},
-{ERR_REASON(SSL_R_MISSING_DH_KEY) ,"missing dh key"},
-{ERR_REASON(SSL_R_MISSING_DH_RSA_CERT) ,"missing dh rsa cert"},
-{ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT),"missing dsa signing cert"},
-{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY),"missing export tmp dh key"},
-{ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY),"missing export tmp rsa key"},
-{ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},
-{ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
-{ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
-{ERR_REASON(SSL_R_MISSING_TMP_DH_KEY) ,"missing tmp dh key"},
-{ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY) ,"missing tmp ecdh key"},
-{ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY) ,"missing tmp rsa key"},
-{ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY) ,"missing tmp rsa pkey"},
-{ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
-{ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
-{ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),"no certificate returned"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_SET) ,"no certificate set"},
-{ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED),"no certificate specified"},
-{ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE) ,"no ciphers available"},
-{ERR_REASON(SSL_R_NO_CIPHERS_PASSED) ,"no ciphers passed"},
-{ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED) ,"no ciphers specified"},
-{ERR_REASON(SSL_R_NO_CIPHER_LIST) ,"no cipher list"},
-{ERR_REASON(SSL_R_NO_CIPHER_MATCH) ,"no cipher match"},
-{ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED),"no client cert received"},
-{ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED),"no compression specified"},
-{ERR_REASON(SSL_R_NO_METHOD_SPECIFIED) ,"no method specified"},
-{ERR_REASON(SSL_R_NO_PRIVATEKEY) ,"no privatekey"},
-{ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED),"no private key assigned"},
-{ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE),"no protocols available"},
-{ERR_REASON(SSL_R_NO_PUBLICKEY) ,"no publickey"},
-{ERR_REASON(SSL_R_NO_SHARED_CIPHER) ,"no shared cipher"},
-{ERR_REASON(SSL_R_NO_VERIFY_CALLBACK) ,"no verify callback"},
-{ERR_REASON(SSL_R_NULL_SSL_CTX) ,"null ssl ctx"},
-{ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
-{ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),"old session cipher not returned"},
-{ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE),"only tls allowed in fips mode"},
-{ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG),"packet length too long"},
-{ERR_REASON(SSL_R_PATH_TOO_LONG) ,"path too long"},
-{ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),"peer did not return a certificate"},
-{ERR_REASON(SSL_R_PEER_ERROR) ,"peer error"},
-{ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE),"peer error certificate"},
-{ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE),"peer error no certificate"},
-{ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER) ,"peer error no cipher"},
-{ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE),"peer error unsupported certificate type"},
-{ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG),"pre mac length too long"},
-{ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS),"problems mapping cipher functions"},
-{ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN) ,"protocol is shutdown"},
-{ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR),"public key encrypt error"},
-{ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) ,"public key is not rsa"},
-{ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA) ,"public key not rsa"},
-{ERR_REASON(SSL_R_READ_BIO_NOT_SET) ,"read bio not set"},
-{ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED) ,"read timeout expired"},
-{ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE),"read wrong packet type"},
-{ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH),"record length mismatch"},
-{ERR_REASON(SSL_R_RECORD_TOO_LARGE) ,"record too large"},
-{ERR_REASON(SSL_R_RECORD_TOO_SMALL) ,"record too small"},
-{ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING),"required cipher missing"},
-{ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO),"reuse cert length not zero"},
-{ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO),"reuse cert type not zero"},
-{ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO),"reuse cipher list not zero"},
-{ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
-{ERR_REASON(SSL_R_SHORT_READ) ,"short read"},
-{ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
-{ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
-{ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
-{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG),"ssl3 session id too long"},
-{ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT),"ssl3 session id too short"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),"sslv3 alert bad certificate"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),"sslv3 alert bad record mac"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),"sslv3 alert certificate expired"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),"sslv3 alert certificate revoked"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),"sslv3 alert certificate unknown"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),"sslv3 alert decompression failure"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),"sslv3 alert handshake failure"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),"sslv3 alert illegal parameter"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE),"sslv3 alert no certificate"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),"sslv3 alert unexpected message"},
-{ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),"sslv3 alert unsupported certificate"},
-{ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),"ssl ctx has no default ssl version"},
-{ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) ,"ssl handshake failure"},
-{ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),"ssl library has no ciphers"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),"ssl session id callback failed"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT),"ssl session id conflict"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),"ssl session id context too long"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),"ssl session id has bad length"},
-{ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT),"ssl session id is different"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED),"tlsv1 alert access denied"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR),"tlsv1 alert decode error"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),"tlsv1 alert decryption failed"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR),"tlsv1 alert decrypt error"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),"tlsv1 alert export restriction"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),"tlsv1 alert insufficient security"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR),"tlsv1 alert internal error"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),"tlsv1 alert no renegotiation"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),"tlsv1 alert protocol version"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),"tlsv1 alert record overflow"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA),"tlsv1 alert unknown ca"},
-{ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED),"tlsv1 alert user cancelled"},
-{ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
-{ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
-{ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
-{ERR_REASON(SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER),"tried to use unsupported cipher"},
-{ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS),"unable to decode dh certs"},
-{ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS),"unable to decode ecdh certs"},
-{ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY),"unable to extract public key"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS),"unable to find dh parameters"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),"unable to find ecdh parameters"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),"unable to find public key parameters"},
-{ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD),"unable to find ssl method"},
-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES),"unable to load ssl2 md5 routines"},
-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),"unable to load ssl3 md5 routines"},
-{ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),"unable to load ssl3 sha1 routines"},
-{ERR_REASON(SSL_R_UNEXPECTED_MESSAGE) ,"unexpected message"},
-{ERR_REASON(SSL_R_UNEXPECTED_RECORD) ,"unexpected record"},
-{ERR_REASON(SSL_R_UNINITIALIZED) ,"uninitialized"},
-{ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE) ,"unknown alert type"},
-{ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"},
-{ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"},
-{ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE) ,"unknown cipher type"},
-{ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"},
-{ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE) ,"unknown pkey type"},
-{ERR_REASON(SSL_R_UNKNOWN_PROTOCOL) ,"unknown protocol"},
-{ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE),"unknown remote error type"},
-{ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION) ,"unknown ssl version"},
-{ERR_REASON(SSL_R_UNKNOWN_STATE) ,"unknown state"},
-{ERR_REASON(SSL_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
-{ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
-{ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),"unsupported elliptic curve"},
-{ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL) ,"unsupported protocol"},
-{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
-{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET) ,"write bio not set"},
-{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
-{ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE) ,"wrong message type"},
-{ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"},
-{ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
-{ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE) ,"wrong signature size"},
-{ERR_REASON(SSL_R_WRONG_SSL_VERSION) ,"wrong ssl version"},
-{ERR_REASON(SSL_R_WRONG_VERSION_NUMBER) ,"wrong version number"},
-{ERR_REASON(SSL_R_X509_LIB) ,"x509 lib"},
-{ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),"x509 verification setup problems"},
-{0,NULL}
- };
-
-#endif
-
-void ERR_load_SSL_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(SSL_str_functs[0].error) == NULL)
- {
- ERR_load_strings(0,SSL_str_functs);
- ERR_load_strings(0,SSL_str_reasons);
- }
-#endif
- }
diff --git a/crypto/openssl/ssl/ssl_err2.c b/crypto/openssl/ssl/ssl_err2.c
deleted file mode 100644
index ea95a5f..0000000
--- a/crypto/openssl/ssl/ssl_err2.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/* ssl/ssl_err2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-void SSL_load_error_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_load_crypto_strings();
- ERR_load_SSL_strings();
-#endif
- }
-
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
deleted file mode 100644
index 4e81922..0000000
--- a/crypto/openssl/ssl/ssl_lib.c
+++ /dev/null
@@ -1,2590 +0,0 @@
-/*! \file ssl/ssl_lib.c
- * \brief Version independent SSL functions.
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifdef REF_CHECK
-# include <assert.h>
-#endif
-#include <stdio.h>
-#include "ssl_locl.h"
-#include "kssl_lcl.h"
-#include <openssl/objects.h>
-#include <openssl/lhash.h>
-#include <openssl/x509v3.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-
-const char *SSL_version_str=OPENSSL_VERSION_TEXT;
-
-SSL3_ENC_METHOD ssl3_undef_enc_method={
- /* evil casts, but these functions are only called if there's a library bug */
- (int (*)(SSL *,int))ssl_undefined_function,
- (int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
- ssl_undefined_function,
- (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
- (int (*)(SSL*, int))ssl_undefined_function,
- (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function,
- 0, /* finish_mac_length */
- (int (*)(SSL *, EVP_MD_CTX *, unsigned char *))ssl_undefined_function,
- NULL, /* client_finished_label */
- 0, /* client_finished_label_len */
- NULL, /* server_finished_label */
- 0, /* server_finished_label_len */
- (int (*)(int))ssl_undefined_function
- };
-
-int SSL_clear(SSL *s)
- {
-
- if (s->method == NULL)
- {
- SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
- return(0);
- }
-
- if (ssl_clear_bad_session(s))
- {
- SSL_SESSION_free(s->session);
- s->session=NULL;
- }
-
- s->error=0;
- s->hit=0;
- s->shutdown=0;
-
-#if 0 /* Disabled since version 1.10 of this file (early return not
- * needed because SSL_clear is not called when doing renegotiation) */
- /* This is set if we are doing dynamic renegotiation so keep
- * the old cipher. It is sort of a SSL_clear_lite :-) */
- if (s->new_session) return(1);
-#else
- if (s->new_session)
- {
- SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
- return 0;
- }
-#endif
-
- s->type=0;
-
- s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
-
- s->version=s->method->version;
- s->client_version=s->version;
- s->rwstate=SSL_NOTHING;
- s->rstate=SSL_ST_READ_HEADER;
-#if 0
- s->read_ahead=s->ctx->read_ahead;
-#endif
-
- if (s->init_buf != NULL)
- {
- BUF_MEM_free(s->init_buf);
- s->init_buf=NULL;
- }
-
- ssl_clear_cipher_ctx(s);
-
- s->first_packet=0;
-
-#if 1
- /* Check to see if we were changed into a different method, if
- * so, revert back if we are not doing session-id reuse. */
- if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
- {
- s->method->ssl_free(s);
- s->method=s->ctx->method;
- if (!s->method->ssl_new(s))
- return(0);
- }
- else
-#endif
- s->method->ssl_clear(s);
- return(1);
- }
-
-/** Used to change an SSL_CTXs default SSL method type */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
- {
- STACK_OF(SSL_CIPHER) *sk;
-
- ctx->method=meth;
-
- sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
- &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
- if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
- {
- SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
- return(0);
- }
- return(1);
- }
-
-SSL *SSL_new(SSL_CTX *ctx)
- {
- SSL *s;
-
- if (ctx == NULL)
- {
- SSLerr(SSL_F_SSL_NEW,SSL_R_NULL_SSL_CTX);
- return(NULL);
- }
- if (ctx->method == NULL)
- {
- SSLerr(SSL_F_SSL_NEW,SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
- return(NULL);
- }
-
- s=(SSL *)OPENSSL_malloc(sizeof(SSL));
- if (s == NULL) goto err;
- memset(s,0,sizeof(SSL));
-
-#ifndef OPENSSL_NO_KRB5
- s->kssl_ctx = kssl_ctx_new();
-#endif /* OPENSSL_NO_KRB5 */
-
- s->options=ctx->options;
- s->mode=ctx->mode;
- s->max_cert_list=ctx->max_cert_list;
-
- if (ctx->cert != NULL)
- {
- /* Earlier library versions used to copy the pointer to
- * the CERT, not its contents; only when setting new
- * parameters for the per-SSL copy, ssl_cert_new would be
- * called (and the direct reference to the per-SSL_CTX
- * settings would be lost, but those still were indirectly
- * accessed for various purposes, and for that reason they
- * used to be known as s->ctx->default_cert).
- * Now we don't look at the SSL_CTX's CERT after having
- * duplicated it once. */
-
- s->cert = ssl_cert_dup(ctx->cert);
- if (s->cert == NULL)
- goto err;
- }
- else
- s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
-
- s->read_ahead=ctx->read_ahead;
- s->msg_callback=ctx->msg_callback;
- s->msg_callback_arg=ctx->msg_callback_arg;
- s->verify_mode=ctx->verify_mode;
-#if 0
- s->verify_depth=ctx->verify_depth;
-#endif
- s->sid_ctx_length=ctx->sid_ctx_length;
- OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
- memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
- s->verify_callback=ctx->default_verify_callback;
- s->generate_session_id=ctx->generate_session_id;
-
- s->param = X509_VERIFY_PARAM_new();
- if (!s->param)
- goto err;
- X509_VERIFY_PARAM_inherit(s->param, ctx->param);
-#if 0
- s->purpose = ctx->purpose;
- s->trust = ctx->trust;
-#endif
- s->quiet_shutdown=ctx->quiet_shutdown;
-
- CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
- s->ctx=ctx;
-
- s->verify_result=X509_V_OK;
-
- s->method=ctx->method;
-
- if (!s->method->ssl_new(s))
- goto err;
-
- s->references=1;
- s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
-
- SSL_clear(s);
-
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
- return(s);
-err:
- if (s != NULL)
- {
- if (s->cert != NULL)
- ssl_cert_free(s->cert);
- if (s->ctx != NULL)
- SSL_CTX_free(s->ctx); /* decrement reference count */
- OPENSSL_free(s);
- }
- SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
- return(NULL);
- }
-
-int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
- unsigned int sid_ctx_len)
- {
- if(sid_ctx_len > sizeof ctx->sid_ctx)
- {
- SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
- return 0;
- }
- ctx->sid_ctx_length=sid_ctx_len;
- memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
-
- return 1;
- }
-
-int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
- unsigned int sid_ctx_len)
- {
- if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
- {
- SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
- return 0;
- }
- ssl->sid_ctx_length=sid_ctx_len;
- memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
-
- return 1;
- }
-
-int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- ctx->generate_session_id = cb;
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- return 1;
- }
-
-int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL);
- ssl->generate_session_id = cb;
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
- return 1;
- }
-
-int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
- unsigned int id_len)
- {
- /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
- * we can "construct" a session to give us the desired check - ie. to
- * find if there's a session in the hash table that would conflict with
- * any new session built out of this id/id_len and the ssl_version in
- * use by this SSL. */
- SSL_SESSION r, *p;
-
- if(id_len > sizeof r.session_id)
- return 0;
-
- r.ssl_version = ssl->version;
- r.session_id_length = id_len;
- memcpy(r.session_id, id, id_len);
- /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
- * callback is calling us to check the uniqueness of a shorter ID, it
- * must be compared as a padded-out ID because that is what it will be
- * converted to when the callback has finished choosing it. */
- if((r.ssl_version == SSL2_VERSION) &&
- (id_len < SSL2_SSL_SESSION_ID_LENGTH))
- {
- memset(r.session_id + id_len, 0,
- SSL2_SSL_SESSION_ID_LENGTH - id_len);
- r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
- }
-
- CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
- p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
- return (p != NULL);
- }
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
- {
- return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
- }
-
-int SSL_set_purpose(SSL *s, int purpose)
- {
- return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
- }
-
-int SSL_CTX_set_trust(SSL_CTX *s, int trust)
- {
- return X509_VERIFY_PARAM_set_trust(s->param, trust);
- }
-
-int SSL_set_trust(SSL *s, int trust)
- {
- return X509_VERIFY_PARAM_set_trust(s->param, trust);
- }
-
-void SSL_free(SSL *s)
- {
- int i;
-
- if(s == NULL)
- return;
-
- i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
-#ifdef REF_PRINT
- REF_PRINT("SSL",s);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"SSL_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
- if (s->param)
- X509_VERIFY_PARAM_free(s->param);
-
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
- if (s->bbio != NULL)
- {
- /* If the buffering BIO is in place, pop it off */
- if (s->bbio == s->wbio)
- {
- s->wbio=BIO_pop(s->wbio);
- }
- BIO_free(s->bbio);
- s->bbio=NULL;
- }
- if (s->rbio != NULL)
- BIO_free_all(s->rbio);
- if ((s->wbio != NULL) && (s->wbio != s->rbio))
- BIO_free_all(s->wbio);
-
- if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
-
- /* add extra stuff */
- if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
- if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
-
- /* Make the next call work :-) */
- if (s->session != NULL)
- {
- ssl_clear_bad_session(s);
- SSL_SESSION_free(s->session);
- }
-
- ssl_clear_cipher_ctx(s);
-
- if (s->cert != NULL) ssl_cert_free(s->cert);
- /* Free up if allocated */
-
- if (s->ctx) SSL_CTX_free(s->ctx);
-
- if (s->client_CA != NULL)
- sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
-
- if (s->method != NULL) s->method->ssl_free(s);
-
-#ifndef OPENSSL_NO_KRB5
- if (s->kssl_ctx != NULL)
- kssl_ctx_free(s->kssl_ctx);
-#endif /* OPENSSL_NO_KRB5 */
-
- OPENSSL_free(s);
- }
-
-void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
- {
- /* If the output buffering BIO is still in place, remove it
- */
- if (s->bbio != NULL)
- {
- if (s->wbio == s->bbio)
- {
- s->wbio=s->wbio->next_bio;
- s->bbio->next_bio=NULL;
- }
- }
- if ((s->rbio != NULL) && (s->rbio != rbio))
- BIO_free_all(s->rbio);
- if ((s->wbio != NULL) && (s->wbio != wbio) && (s->rbio != s->wbio))
- BIO_free_all(s->wbio);
- s->rbio=rbio;
- s->wbio=wbio;
- }
-
-BIO *SSL_get_rbio(const SSL *s)
- { return(s->rbio); }
-
-BIO *SSL_get_wbio(const SSL *s)
- { return(s->wbio); }
-
-int SSL_get_fd(const SSL *s)
- {
- return(SSL_get_rfd(s));
- }
-
-int SSL_get_rfd(const SSL *s)
- {
- int ret= -1;
- BIO *b,*r;
-
- b=SSL_get_rbio(s);
- r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
- if (r != NULL)
- BIO_get_fd(r,&ret);
- return(ret);
- }
-
-int SSL_get_wfd(const SSL *s)
- {
- int ret= -1;
- BIO *b,*r;
-
- b=SSL_get_wbio(s);
- r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
- if (r != NULL)
- BIO_get_fd(r,&ret);
- return(ret);
- }
-
-#ifndef OPENSSL_NO_SOCK
-int SSL_set_fd(SSL *s,int fd)
- {
- int ret=0;
- BIO *bio=NULL;
-
- bio=BIO_new(BIO_s_socket());
-
- if (bio == NULL)
- {
- SSLerr(SSL_F_SSL_SET_FD,ERR_R_BUF_LIB);
- goto err;
- }
- BIO_set_fd(bio,fd,BIO_NOCLOSE);
- SSL_set_bio(s,bio,bio);
- ret=1;
-err:
- return(ret);
- }
-
-int SSL_set_wfd(SSL *s,int fd)
- {
- int ret=0;
- BIO *bio=NULL;
-
- if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
- || ((int)BIO_get_fd(s->rbio,NULL) != fd))
- {
- bio=BIO_new(BIO_s_socket());
-
- if (bio == NULL)
- { SSLerr(SSL_F_SSL_SET_WFD,ERR_R_BUF_LIB); goto err; }
- BIO_set_fd(bio,fd,BIO_NOCLOSE);
- SSL_set_bio(s,SSL_get_rbio(s),bio);
- }
- else
- SSL_set_bio(s,SSL_get_rbio(s),SSL_get_rbio(s));
- ret=1;
-err:
- return(ret);
- }
-
-int SSL_set_rfd(SSL *s,int fd)
- {
- int ret=0;
- BIO *bio=NULL;
-
- if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
- || ((int)BIO_get_fd(s->wbio,NULL) != fd))
- {
- bio=BIO_new(BIO_s_socket());
-
- if (bio == NULL)
- {
- SSLerr(SSL_F_SSL_SET_RFD,ERR_R_BUF_LIB);
- goto err;
- }
- BIO_set_fd(bio,fd,BIO_NOCLOSE);
- SSL_set_bio(s,bio,SSL_get_wbio(s));
- }
- else
- SSL_set_bio(s,SSL_get_wbio(s),SSL_get_wbio(s));
- ret=1;
-err:
- return(ret);
- }
-#endif
-
-
-/* return length of latest Finished message we sent, copy to 'buf' */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
- {
- size_t ret = 0;
-
- if (s->s3 != NULL)
- {
- ret = s->s3->tmp.finish_md_len;
- if (count > ret)
- count = ret;
- memcpy(buf, s->s3->tmp.finish_md, count);
- }
- return ret;
- }
-
-/* return length of latest Finished message we expected, copy to 'buf' */
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
- {
- size_t ret = 0;
-
- if (s->s3 != NULL)
- {
- ret = s->s3->tmp.peer_finish_md_len;
- if (count > ret)
- count = ret;
- memcpy(buf, s->s3->tmp.peer_finish_md, count);
- }
- return ret;
- }
-
-
-int SSL_get_verify_mode(const SSL *s)
- {
- return(s->verify_mode);
- }
-
-int SSL_get_verify_depth(const SSL *s)
- {
- return X509_VERIFY_PARAM_get_depth(s->param);
- }
-
-int (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *)
- {
- return(s->verify_callback);
- }
-
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
- {
- return(ctx->verify_mode);
- }
-
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
- {
- return X509_VERIFY_PARAM_get_depth(ctx->param);
- }
-
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *)
- {
- return(ctx->default_verify_callback);
- }
-
-void SSL_set_verify(SSL *s,int mode,
- int (*callback)(int ok,X509_STORE_CTX *ctx))
- {
- s->verify_mode=mode;
- if (callback != NULL)
- s->verify_callback=callback;
- }
-
-void SSL_set_verify_depth(SSL *s,int depth)
- {
- X509_VERIFY_PARAM_set_depth(s->param, depth);
- }
-
-void SSL_set_read_ahead(SSL *s,int yes)
- {
- s->read_ahead=yes;
- }
-
-int SSL_get_read_ahead(const SSL *s)
- {
- return(s->read_ahead);
- }
-
-int SSL_pending(const SSL *s)
- {
- /* SSL_pending cannot work properly if read-ahead is enabled
- * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
- * and it is impossible to fix since SSL_pending cannot report
- * errors that may be observed while scanning the new data.
- * (Note that SSL_pending() is often used as a boolean value,
- * so we'd better not return -1.)
- */
- return(s->method->ssl_pending(s));
- }
-
-X509 *SSL_get_peer_certificate(const SSL *s)
- {
- X509 *r;
-
- if ((s == NULL) || (s->session == NULL))
- r=NULL;
- else
- r=s->session->peer;
-
- if (r == NULL) return(r);
-
- CRYPTO_add(&r->references,1,CRYPTO_LOCK_X509);
-
- return(r);
- }
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
- {
- STACK_OF(X509) *r;
-
- if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
- r=NULL;
- else
- r=s->session->sess_cert->cert_chain;
-
- /* If we are a client, cert_chain includes the peer's own
- * certificate; if we are a server, it does not. */
-
- return(r);
- }
-
-/* Now in theory, since the calling process own 't' it should be safe to
- * modify. We need to be able to read f without being hassled */
-void SSL_copy_session_id(SSL *t,const SSL *f)
- {
- CERT *tmp;
-
- /* Do we need to to SSL locking? */
- SSL_set_session(t,SSL_get_session(f));
-
- /* what if we are setup as SSLv2 but want to talk SSLv3 or
- * vice-versa */
- if (t->method != f->method)
- {
- t->method->ssl_free(t); /* cleanup current */
- t->method=f->method; /* change method */
- t->method->ssl_new(t); /* setup new */
- }
-
- tmp=t->cert;
- if (f->cert != NULL)
- {
- CRYPTO_add(&f->cert->references,1,CRYPTO_LOCK_SSL_CERT);
- t->cert=f->cert;
- }
- else
- t->cert=NULL;
- if (tmp != NULL) ssl_cert_free(tmp);
- SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
- }
-
-/* Fix this so it checks all the valid key/cert options */
-int SSL_CTX_check_private_key(const SSL_CTX *ctx)
- {
- if ( (ctx == NULL) ||
- (ctx->cert == NULL) ||
- (ctx->cert->key->x509 == NULL))
- {
- SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
- return(0);
- }
- if (ctx->cert->key->privatekey == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
- return(0);
- }
- return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
- }
-
-/* Fix this function so that it takes an optional type parameter */
-int SSL_check_private_key(const SSL *ssl)
- {
- if (ssl == NULL)
- {
- SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (ssl->cert == NULL)
- {
- SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
- return 0;
- }
- if (ssl->cert->key->x509 == NULL)
- {
- SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
- return(0);
- }
- if (ssl->cert->key->privatekey == NULL)
- {
- SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
- return(0);
- }
- return(X509_check_private_key(ssl->cert->key->x509,
- ssl->cert->key->privatekey));
- }
-
-int SSL_accept(SSL *s)
- {
- if (s->handshake_func == 0)
- /* Not properly initialized yet */
- SSL_set_accept_state(s);
-
- return(s->method->ssl_accept(s));
- }
-
-int SSL_connect(SSL *s)
- {
- if (s->handshake_func == 0)
- /* Not properly initialized yet */
- SSL_set_connect_state(s);
-
- return(s->method->ssl_connect(s));
- }
-
-long SSL_get_default_timeout(const SSL *s)
- {
- return(s->method->get_timeout());
- }
-
-int SSL_read(SSL *s,void *buf,int num)
- {
- if (s->handshake_func == 0)
- {
- SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
- return -1;
- }
-
- if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
- {
- s->rwstate=SSL_NOTHING;
- return(0);
- }
- return(s->method->ssl_read(s,buf,num));
- }
-
-int SSL_peek(SSL *s,void *buf,int num)
- {
- if (s->handshake_func == 0)
- {
- SSLerr(SSL_F_SSL_PEEK, SSL_R_UNINITIALIZED);
- return -1;
- }
-
- if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
- {
- return(0);
- }
- return(s->method->ssl_peek(s,buf,num));
- }
-
-int SSL_write(SSL *s,const void *buf,int num)
- {
- if (s->handshake_func == 0)
- {
- SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
- return -1;
- }
-
- if (s->shutdown & SSL_SENT_SHUTDOWN)
- {
- s->rwstate=SSL_NOTHING;
- SSLerr(SSL_F_SSL_WRITE,SSL_R_PROTOCOL_IS_SHUTDOWN);
- return(-1);
- }
- return(s->method->ssl_write(s,buf,num));
- }
-
-int SSL_shutdown(SSL *s)
- {
- /* Note that this function behaves differently from what one might
- * expect. Return values are 0 for no success (yet),
- * 1 for success; but calling it once is usually not enough,
- * even if blocking I/O is used (see ssl3_shutdown).
- */
-
- if (s->handshake_func == 0)
- {
- SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
- return -1;
- }
-
- if ((s != NULL) && !SSL_in_init(s))
- return(s->method->ssl_shutdown(s));
- else
- return(1);
- }
-
-int SSL_renegotiate(SSL *s)
- {
- if (s->new_session == 0)
- {
- s->new_session=1;
- }
- return(s->method->ssl_renegotiate(s));
- }
-
-int SSL_renegotiate_pending(SSL *s)
- {
- /* becomes true when negotiation is requested;
- * false again once a handshake has finished */
- return (s->new_session != 0);
- }
-
-long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
- {
- long l;
-
- switch (cmd)
- {
- case SSL_CTRL_GET_READ_AHEAD:
- return(s->read_ahead);
- case SSL_CTRL_SET_READ_AHEAD:
- l=s->read_ahead;
- s->read_ahead=larg;
- return(l);
-
- case SSL_CTRL_SET_MSG_CALLBACK_ARG:
- s->msg_callback_arg = parg;
- return 1;
-
- case SSL_CTRL_OPTIONS:
- return(s->options|=larg);
- case SSL_CTRL_MODE:
- return(s->mode|=larg);
- case SSL_CTRL_GET_MAX_CERT_LIST:
- return(s->max_cert_list);
- case SSL_CTRL_SET_MAX_CERT_LIST:
- l=s->max_cert_list;
- s->max_cert_list=larg;
- return(l);
- case SSL_CTRL_SET_MTU:
- if (SSL_version(s) == DTLS1_VERSION)
- {
- s->d1->mtu = larg;
- return larg;
- }
- return 0;
- default:
- return(s->method->ssl_ctrl(s,cmd,larg,parg));
- }
- }
-
-long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
- {
- switch(cmd)
- {
- case SSL_CTRL_SET_MSG_CALLBACK:
- s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
- return 1;
-
- default:
- return(s->method->ssl_callback_ctrl(s,cmd,fp));
- }
- }
-
-struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
- {
- return ctx->sessions;
- }
-
-long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
- {
- long l;
-
- switch (cmd)
- {
- case SSL_CTRL_GET_READ_AHEAD:
- return(ctx->read_ahead);
- case SSL_CTRL_SET_READ_AHEAD:
- l=ctx->read_ahead;
- ctx->read_ahead=larg;
- return(l);
-
- case SSL_CTRL_SET_MSG_CALLBACK_ARG:
- ctx->msg_callback_arg = parg;
- return 1;
-
- case SSL_CTRL_GET_MAX_CERT_LIST:
- return(ctx->max_cert_list);
- case SSL_CTRL_SET_MAX_CERT_LIST:
- l=ctx->max_cert_list;
- ctx->max_cert_list=larg;
- return(l);
-
- case SSL_CTRL_SET_SESS_CACHE_SIZE:
- l=ctx->session_cache_size;
- ctx->session_cache_size=larg;
- return(l);
- case SSL_CTRL_GET_SESS_CACHE_SIZE:
- return(ctx->session_cache_size);
- case SSL_CTRL_SET_SESS_CACHE_MODE:
- l=ctx->session_cache_mode;
- ctx->session_cache_mode=larg;
- return(l);
- case SSL_CTRL_GET_SESS_CACHE_MODE:
- return(ctx->session_cache_mode);
-
- case SSL_CTRL_SESS_NUMBER:
- return(ctx->sessions->num_items);
- case SSL_CTRL_SESS_CONNECT:
- return(ctx->stats.sess_connect);
- case SSL_CTRL_SESS_CONNECT_GOOD:
- return(ctx->stats.sess_connect_good);
- case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
- return(ctx->stats.sess_connect_renegotiate);
- case SSL_CTRL_SESS_ACCEPT:
- return(ctx->stats.sess_accept);
- case SSL_CTRL_SESS_ACCEPT_GOOD:
- return(ctx->stats.sess_accept_good);
- case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
- return(ctx->stats.sess_accept_renegotiate);
- case SSL_CTRL_SESS_HIT:
- return(ctx->stats.sess_hit);
- case SSL_CTRL_SESS_CB_HIT:
- return(ctx->stats.sess_cb_hit);
- case SSL_CTRL_SESS_MISSES:
- return(ctx->stats.sess_miss);
- case SSL_CTRL_SESS_TIMEOUTS:
- return(ctx->stats.sess_timeout);
- case SSL_CTRL_SESS_CACHE_FULL:
- return(ctx->stats.sess_cache_full);
- case SSL_CTRL_OPTIONS:
- return(ctx->options|=larg);
- case SSL_CTRL_MODE:
- return(ctx->mode|=larg);
- default:
- return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
- }
- }
-
-long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
- {
- switch(cmd)
- {
- case SSL_CTRL_SET_MSG_CALLBACK:
- ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
- return 1;
-
- default:
- return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
- }
- }
-
-int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
- {
- long l;
-
- l=a->id-b->id;
- if (l == 0L)
- return(0);
- else
- return((l > 0)?1:-1);
- }
-
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
- const SSL_CIPHER * const *bp)
- {
- long l;
-
- l=(*ap)->id-(*bp)->id;
- if (l == 0L)
- return(0);
- else
- return((l > 0)?1:-1);
- }
-
-/** return a STACK of the ciphers available for the SSL and in order of
- * preference */
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
- {
- if (s != NULL)
- {
- if (s->cipher_list != NULL)
- {
- return(s->cipher_list);
- }
- else if ((s->ctx != NULL) &&
- (s->ctx->cipher_list != NULL))
- {
- return(s->ctx->cipher_list);
- }
- }
- return(NULL);
- }
-
-/** return a STACK of the ciphers available for the SSL and in order of
- * algorithm id */
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
- {
- if (s != NULL)
- {
- if (s->cipher_list_by_id != NULL)
- {
- return(s->cipher_list_by_id);
- }
- else if ((s->ctx != NULL) &&
- (s->ctx->cipher_list_by_id != NULL))
- {
- return(s->ctx->cipher_list_by_id);
- }
- }
- return(NULL);
- }
-
-/** The old interface to get the same thing as SSL_get_ciphers() */
-const char *SSL_get_cipher_list(const SSL *s,int n)
- {
- SSL_CIPHER *c;
- STACK_OF(SSL_CIPHER) *sk;
-
- if (s == NULL) return(NULL);
- sk=SSL_get_ciphers(s);
- if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
- return(NULL);
- c=sk_SSL_CIPHER_value(sk,n);
- if (c == NULL) return(NULL);
- return(c->name);
- }
-
-/** specify the ciphers to be used by default by the SSL_CTX */
-int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
- {
- STACK_OF(SSL_CIPHER) *sk;
-
- sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
- &ctx->cipher_list_by_id,str);
- /* ssl_create_cipher_list may return an empty stack if it
- * was unable to find a cipher matching the given rule string
- * (for example if the rule string specifies a cipher which
- * has been disabled). This is not an error as far as
- * ssl_create_cipher_list is concerned, and hence
- * ctx->cipher_list and ctx->cipher_list_by_id has been
- * updated. */
- if (sk == NULL)
- return 0;
- else if (sk_SSL_CIPHER_num(sk) == 0)
- {
- SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
- return 0;
- }
- return 1;
- }
-
-/** specify the ciphers to be used by the SSL */
-int SSL_set_cipher_list(SSL *s,const char *str)
- {
- STACK_OF(SSL_CIPHER) *sk;
-
- sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
- &s->cipher_list_by_id,str);
- /* see comment in SSL_CTX_set_cipher_list */
- if (sk == NULL)
- return 0;
- else if (sk_SSL_CIPHER_num(sk) == 0)
- {
- SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
- return 0;
- }
- return 1;
- }
-
-/* works well for SSLv2, not so good for SSLv3 */
-char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
- {
- char *p;
- const char *cp;
- STACK_OF(SSL_CIPHER) *sk;
- SSL_CIPHER *c;
- int i;
-
- if ((s->session == NULL) || (s->session->ciphers == NULL) ||
- (len < 2))
- return(NULL);
-
- p=buf;
- sk=s->session->ciphers;
- for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- {
- /* Decrement for either the ':' or a '\0' */
- len--;
- c=sk_SSL_CIPHER_value(sk,i);
- for (cp=c->name; *cp; )
- {
- if (len-- <= 0)
- {
- *p='\0';
- return(buf);
- }
- else
- *(p++)= *(cp++);
- }
- *(p++)=':';
- }
- p[-1]='\0';
- return(buf);
- }
-
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
- int (*put_cb)(const SSL_CIPHER *, unsigned char *))
- {
- int i,j=0;
- SSL_CIPHER *c;
- unsigned char *q;
-#ifndef OPENSSL_NO_KRB5
- int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
-#endif /* OPENSSL_NO_KRB5 */
-
- if (sk == NULL) return(0);
- q=p;
-
- for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
- {
- c=sk_SSL_CIPHER_value(sk,i);
-#ifndef OPENSSL_NO_KRB5
- if ((c->algorithms & SSL_KRB5) && nokrb5)
- continue;
-#endif /* OPENSSL_NO_KRB5 */
-
- j = put_cb ? put_cb(c,p) : ssl_put_cipher_by_char(s,c,p);
- p+=j;
- }
- return(p-q);
- }
-
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
- STACK_OF(SSL_CIPHER) **skp)
- {
- SSL_CIPHER *c;
- STACK_OF(SSL_CIPHER) *sk;
- int i,n;
-
- n=ssl_put_cipher_by_char(s,NULL,NULL);
- if ((num%n) != 0)
- {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
- return(NULL);
- }
- if ((skp == NULL) || (*skp == NULL))
- sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
- else
- {
- sk= *skp;
- sk_SSL_CIPHER_zero(sk);
- }
-
- for (i=0; i<num; i+=n)
- {
- c=ssl_get_cipher_by_char(s,p);
- p+=n;
- if (c != NULL)
- {
- if (!sk_SSL_CIPHER_push(sk,c))
- {
- SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- }
-
- if (skp != NULL)
- *skp=sk;
- return(sk);
-err:
- if ((skp == NULL) || (*skp == NULL))
- sk_SSL_CIPHER_free(sk);
- return(NULL);
- }
-
-unsigned long SSL_SESSION_hash(const SSL_SESSION *a)
- {
- unsigned long l;
-
- l=(unsigned long)
- ((unsigned int) a->session_id[0] )|
- ((unsigned int) a->session_id[1]<< 8L)|
- ((unsigned long)a->session_id[2]<<16L)|
- ((unsigned long)a->session_id[3]<<24L);
- return(l);
- }
-
-/* NB: If this function (or indeed the hash function which uses a sort of
- * coarser function than this one) is changed, ensure
- * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
- * able to construct an SSL_SESSION that will collide with any existing session
- * with a matching session ID. */
-int SSL_SESSION_cmp(const SSL_SESSION *a,const SSL_SESSION *b)
- {
- if (a->ssl_version != b->ssl_version)
- return(1);
- if (a->session_id_length != b->session_id_length)
- return(1);
- return(memcmp(a->session_id,b->session_id,a->session_id_length));
- }
-
-/* These wrapper functions should remain rather than redeclaring
- * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
- * variable. The reason is that the functions aren't static, they're exposed via
- * ssl.h. */
-static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *)
-static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *)
-
-SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
- {
- SSL_CTX *ret=NULL;
-
- if (meth == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
- return(NULL);
- }
-
- if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
- goto err;
- }
- ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
- if (ret == NULL)
- goto err;
-
- memset(ret,0,sizeof(SSL_CTX));
-
- ret->method=meth;
-
- ret->cert_store=NULL;
- ret->session_cache_mode=SSL_SESS_CACHE_SERVER;
- ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
- ret->session_cache_head=NULL;
- ret->session_cache_tail=NULL;
-
- /* We take the system default */
- ret->session_timeout=meth->get_timeout();
-
- ret->new_session_cb=0;
- ret->remove_session_cb=0;
- ret->get_session_cb=0;
- ret->generate_session_id=0;
-
- memset((char *)&ret->stats,0,sizeof(ret->stats));
-
- ret->references=1;
- ret->quiet_shutdown=0;
-
-/* ret->cipher=NULL;*/
-/* ret->s2->challenge=NULL;
- ret->master_key=NULL;
- ret->key_arg=NULL;
- ret->s2->conn_id=NULL; */
-
- ret->info_callback=NULL;
-
- ret->app_verify_callback=0;
- ret->app_verify_arg=NULL;
-
- ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
- ret->read_ahead=0;
- ret->msg_callback=0;
- ret->msg_callback_arg=NULL;
- ret->verify_mode=SSL_VERIFY_NONE;
-#if 0
- ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
-#endif
- ret->sid_ctx_length=0;
- ret->default_verify_callback=NULL;
- if ((ret->cert=ssl_cert_new()) == NULL)
- goto err;
-
- ret->default_passwd_callback=0;
- ret->default_passwd_callback_userdata=NULL;
- ret->client_cert_cb=0;
- ret->app_gen_cookie_cb=0;
- ret->app_verify_cookie_cb=0;
-
- ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
- LHASH_COMP_FN(SSL_SESSION_cmp));
- if (ret->sessions == NULL) goto err;
- ret->cert_store=X509_STORE_new();
- if (ret->cert_store == NULL) goto err;
-
- ssl_create_cipher_list(ret->method,
- &ret->cipher_list,&ret->cipher_list_by_id,
- SSL_DEFAULT_CIPHER_LIST);
- if (ret->cipher_list == NULL
- || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
- goto err2;
- }
-
- ret->param = X509_VERIFY_PARAM_new();
- if (!ret->param)
- goto err;
-
- if ((ret->rsa_md5=EVP_get_digestbyname("ssl2-md5")) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);
- goto err2;
- }
- if ((ret->md5=EVP_get_digestbyname("ssl3-md5")) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
- goto err2;
- }
- if ((ret->sha1=EVP_get_digestbyname("ssl3-sha1")) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
- goto err2;
- }
-
- if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
- goto err;
-
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
-
- ret->extra_certs=NULL;
- ret->comp_methods=SSL_COMP_get_compression_methods();
-
- return(ret);
-err:
- SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
-err2:
- if (ret != NULL) SSL_CTX_free(ret);
- return(NULL);
- }
-
-#if 0
-static void SSL_COMP_free(SSL_COMP *comp)
- { OPENSSL_free(comp); }
-#endif
-
-void SSL_CTX_free(SSL_CTX *a)
- {
- int i;
-
- if (a == NULL) return;
-
- i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_SSL_CTX);
-#ifdef REF_PRINT
- REF_PRINT("SSL_CTX",a);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"SSL_CTX_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
- if (a->param)
- X509_VERIFY_PARAM_free(a->param);
-
- /*
- * Free internal session cache. However: the remove_cb() may reference
- * the ex_data of SSL_CTX, thus the ex_data store can only be removed
- * after the sessions were flushed.
- * As the ex_data handling routines might also touch the session cache,
- * the most secure solution seems to be: empty (flush) the cache, then
- * free ex_data, then finally free the cache.
- * (See ticket [openssl.org #212].)
- */
- if (a->sessions != NULL)
- SSL_CTX_flush_sessions(a,0);
-
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
-
- if (a->sessions != NULL)
- lh_free(a->sessions);
-
- if (a->cert_store != NULL)
- X509_STORE_free(a->cert_store);
- if (a->cipher_list != NULL)
- sk_SSL_CIPHER_free(a->cipher_list);
- if (a->cipher_list_by_id != NULL)
- sk_SSL_CIPHER_free(a->cipher_list_by_id);
- if (a->cert != NULL)
- ssl_cert_free(a->cert);
- if (a->client_CA != NULL)
- sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
- if (a->extra_certs != NULL)
- sk_X509_pop_free(a->extra_certs,X509_free);
-#if 0 /* This should never be done, since it removes a global database */
- if (a->comp_methods != NULL)
- sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
-#else
- a->comp_methods = NULL;
-#endif
- OPENSSL_free(a);
- }
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
- {
- ctx->default_passwd_callback=cb;
- }
-
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
- {
- ctx->default_passwd_callback_userdata=u;
- }
-
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
- {
- ctx->app_verify_callback=cb;
- ctx->app_verify_arg=arg;
- }
-
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
- {
- ctx->verify_mode=mode;
- ctx->default_verify_callback=cb;
- }
-
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
- {
- X509_VERIFY_PARAM_set_depth(ctx->param, depth);
- }
-
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
- {
- CERT_PKEY *cpk;
- int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
- int rsa_enc_export,dh_rsa_export,dh_dsa_export;
- int rsa_tmp_export,dh_tmp_export,kl;
- unsigned long mask,emask;
- int have_ecc_cert, ecdh_ok, ecdsa_ok, ecc_pkey_size;
-#ifndef OPENSSL_NO_ECDH
- int have_ecdh_tmp;
-#endif
- X509 *x = NULL;
- EVP_PKEY *ecc_pkey = NULL;
- int signature_nid = 0;
-
- if (c == NULL) return;
-
- kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
-
-#ifndef OPENSSL_NO_RSA
- rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
- rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
- (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
-#else
- rsa_tmp=rsa_tmp_export=0;
-#endif
-#ifndef OPENSSL_NO_DH
- dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
- dh_tmp_export=(c->dh_tmp_cb != NULL ||
- (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
-#else
- dh_tmp=dh_tmp_export=0;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
-#endif
- cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
- rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
- rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
- cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
- rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
- cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
- dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
- cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
- dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
- dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
- cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
-/* FIX THIS EAY EAY EAY */
- dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL);
- dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
- cpk= &(c->pkeys[SSL_PKEY_ECC]);
- have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
- mask=0;
- emask=0;
-
-#ifdef CIPHER_DEBUG
- printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
- rsa_tmp,rsa_tmp_export,dh_tmp,
- rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
-#endif
-
- if (rsa_enc || (rsa_tmp && rsa_sign))
- mask|=SSL_kRSA;
- if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
- emask|=SSL_kRSA;
-
-#if 0
- /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
- if ( (dh_tmp || dh_rsa || dh_dsa) &&
- (rsa_enc || rsa_sign || dsa_sign))
- mask|=SSL_kEDH;
- if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
- (rsa_enc || rsa_sign || dsa_sign))
- emask|=SSL_kEDH;
-#endif
-
- if (dh_tmp_export)
- emask|=SSL_kEDH;
-
- if (dh_tmp)
- mask|=SSL_kEDH;
-
- if (dh_rsa) mask|=SSL_kDHr;
- if (dh_rsa_export) emask|=SSL_kDHr;
-
- if (dh_dsa) mask|=SSL_kDHd;
- if (dh_dsa_export) emask|=SSL_kDHd;
-
- if (rsa_enc || rsa_sign)
- {
- mask|=SSL_aRSA;
- emask|=SSL_aRSA;
- }
-
- if (dsa_sign)
- {
- mask|=SSL_aDSS;
- emask|=SSL_aDSS;
- }
-
- mask|=SSL_aNULL;
- emask|=SSL_aNULL;
-
-#ifndef OPENSSL_NO_KRB5
- mask|=SSL_kKRB5|SSL_aKRB5;
- emask|=SSL_kKRB5|SSL_aKRB5;
-#endif
-
- /* An ECC certificate may be usable for ECDH and/or
- * ECDSA cipher suites depending on the key usage extension.
- */
- if (have_ecc_cert)
- {
- /* This call populates extension flags (ex_flags) */
- x = (c->pkeys[SSL_PKEY_ECC]).x509;
- X509_check_purpose(x, -1, 0);
- ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
- (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
- ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
- (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
- ecc_pkey = X509_get_pubkey(x);
- ecc_pkey_size = (ecc_pkey != NULL) ?
- EVP_PKEY_bits(ecc_pkey) : 0;
- EVP_PKEY_free(ecc_pkey);
- if ((x->sig_alg) && (x->sig_alg->algorithm))
- signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
-#ifndef OPENSSL_NO_ECDH
- if (ecdh_ok)
- {
- if ((signature_nid == NID_md5WithRSAEncryption) ||
- (signature_nid == NID_md4WithRSAEncryption) ||
- (signature_nid == NID_md2WithRSAEncryption))
- {
- mask|=SSL_kECDH|SSL_aRSA;
- if (ecc_pkey_size <= 163)
- emask|=SSL_kECDH|SSL_aRSA;
- }
- if (signature_nid == NID_ecdsa_with_SHA1)
- {
- mask|=SSL_kECDH|SSL_aECDSA;
- if (ecc_pkey_size <= 163)
- emask|=SSL_kECDH|SSL_aECDSA;
- }
- }
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (ecdsa_ok)
- {
- mask|=SSL_aECDSA;
- emask|=SSL_aECDSA;
- }
-#endif
- }
-
-#ifndef OPENSSL_NO_ECDH
- if (have_ecdh_tmp)
- {
- mask|=SSL_kECDHE;
- emask|=SSL_kECDHE;
- }
-#endif
- c->mask=mask;
- c->export_mask=emask;
- c->valid=1;
- }
-
-/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
-#define ku_reject(x, usage) \
- (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
-
-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
- {
- unsigned long alg = cs->algorithms;
- EVP_PKEY *pkey = NULL;
- int keysize = 0;
- int signature_nid = 0;
-
- if (SSL_C_IS_EXPORT(cs))
- {
- /* ECDH key length in export ciphers must be <= 163 bits */
- pkey = X509_get_pubkey(x);
- if (pkey == NULL) return 0;
- keysize = EVP_PKEY_bits(pkey);
- EVP_PKEY_free(pkey);
- if (keysize > 163) return 0;
- }
-
- /* This call populates the ex_flags field correctly */
- X509_check_purpose(x, -1, 0);
- if ((x->sig_alg) && (x->sig_alg->algorithm))
- signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
- if (alg & SSL_kECDH)
- {
- /* key usage, if present, must allow key agreement */
- if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
- {
- return 0;
- }
- if (alg & SSL_aECDSA)
- {
- /* signature alg must be ECDSA */
- if (signature_nid != NID_ecdsa_with_SHA1)
- {
- return 0;
- }
- }
- if (alg & SSL_aRSA)
- {
- /* signature alg must be RSA */
- if ((signature_nid != NID_md5WithRSAEncryption) &&
- (signature_nid != NID_md4WithRSAEncryption) &&
- (signature_nid != NID_md2WithRSAEncryption))
- {
- return 0;
- }
- }
- }
- else if (alg & SSL_aECDSA)
- {
- /* key usage, if present, must allow signing */
- if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
- {
- return 0;
- }
- }
-
- return 1; /* all checks are ok */
- }
-
-/* THIS NEEDS CLEANING UP */
-X509 *ssl_get_server_send_cert(SSL *s)
- {
- unsigned long alg,mask,kalg;
- CERT *c;
- int i,is_export;
-
- c=s->cert;
- ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
- alg=s->s3->tmp.new_cipher->algorithms;
- is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
- mask=is_export?c->export_mask:c->mask;
- kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
-
- if (kalg & SSL_kECDH)
- {
- /* we don't need to look at SSL_kECDHE
- * since no certificate is needed for
- * anon ECDH and for authenticated
- * ECDHE, the check for the auth
- * algorithm will set i correctly
- * NOTE: For ECDH-RSA, we need an ECC
- * not an RSA cert but for ECDHE-RSA
- * we need an RSA cert. Placing the
- * checks for SSL_kECDH before RSA
- * checks ensures the correct cert is chosen.
- */
- i=SSL_PKEY_ECC;
- }
- else if (kalg & SSL_aECDSA)
- {
- i=SSL_PKEY_ECC;
- }
- else if (kalg & SSL_kDHr)
- i=SSL_PKEY_DH_RSA;
- else if (kalg & SSL_kDHd)
- i=SSL_PKEY_DH_DSA;
- else if (kalg & SSL_aDSS)
- i=SSL_PKEY_DSA_SIGN;
- else if (kalg & SSL_aRSA)
- {
- if (c->pkeys[SSL_PKEY_RSA_ENC].x509 == NULL)
- i=SSL_PKEY_RSA_SIGN;
- else
- i=SSL_PKEY_RSA_ENC;
- }
- else if (kalg & SSL_aKRB5)
- {
- /* VRS something else here? */
- return(NULL);
- }
- else /* if (kalg & SSL_aNULL) */
- {
- SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
- return(NULL);
- }
- if (c->pkeys[i].x509 == NULL) return(NULL);
-
- return(c->pkeys[i].x509);
- }
-
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
- {
- unsigned long alg;
- CERT *c;
-
- alg=cipher->algorithms;
- c=s->cert;
-
- if ((alg & SSL_aDSS) &&
- (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
- return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
- else if (alg & SSL_aRSA)
- {
- if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
- return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
- else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
- return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
- else
- return(NULL);
- }
- else if ((alg & SSL_aECDSA) &&
- (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
- return(c->pkeys[SSL_PKEY_ECC].privatekey);
- else /* if (alg & SSL_aNULL) */
- {
- SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
- return(NULL);
- }
- }
-
-void ssl_update_cache(SSL *s,int mode)
- {
- int i;
-
- /* If the session_id_length is 0, we are not supposed to cache it,
- * and it would be rather hard to do anyway :-) */
- if (s->session->session_id_length == 0) return;
-
- i=s->ctx->session_cache_mode;
- if ((i & mode) && (!s->hit)
- && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
- || SSL_CTX_add_session(s->ctx,s->session))
- && (s->ctx->new_session_cb != NULL))
- {
- CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
- if (!s->ctx->new_session_cb(s,s->session))
- SSL_SESSION_free(s->session);
- }
-
- /* auto flush every 255 connections */
- if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
- ((i & mode) == mode))
- {
- if ( (((mode & SSL_SESS_CACHE_CLIENT)
- ?s->ctx->stats.sess_connect_good
- :s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
- {
- SSL_CTX_flush_sessions(s->ctx,(unsigned long)time(NULL));
- }
- }
- }
-
-SSL_METHOD *SSL_get_ssl_method(SSL *s)
- {
- return(s->method);
- }
-
-int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)
- {
- int conn= -1;
- int ret=1;
-
- if (s->method != meth)
- {
- if (s->handshake_func != NULL)
- conn=(s->handshake_func == s->method->ssl_connect);
-
- if (s->method->version == meth->version)
- s->method=meth;
- else
- {
- s->method->ssl_free(s);
- s->method=meth;
- ret=s->method->ssl_new(s);
- }
-
- if (conn == 1)
- s->handshake_func=meth->ssl_connect;
- else if (conn == 0)
- s->handshake_func=meth->ssl_accept;
- }
- return(ret);
- }
-
-int SSL_get_error(const SSL *s,int i)
- {
- int reason;
- unsigned long l;
- BIO *bio;
-
- if (i > 0) return(SSL_ERROR_NONE);
-
- /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
- * etc, where we do encode the error */
- if ((l=ERR_peek_error()) != 0)
- {
- if (ERR_GET_LIB(l) == ERR_LIB_SYS)
- return(SSL_ERROR_SYSCALL);
- else
- return(SSL_ERROR_SSL);
- }
-
- if ((i < 0) && SSL_want_read(s))
- {
- bio=SSL_get_rbio(s);
- if (BIO_should_read(bio))
- return(SSL_ERROR_WANT_READ);
- else if (BIO_should_write(bio))
- /* This one doesn't make too much sense ... We never try
- * to write to the rbio, and an application program where
- * rbio and wbio are separate couldn't even know what it
- * should wait for.
- * However if we ever set s->rwstate incorrectly
- * (so that we have SSL_want_read(s) instead of
- * SSL_want_write(s)) and rbio and wbio *are* the same,
- * this test works around that bug; so it might be safer
- * to keep it. */
- return(SSL_ERROR_WANT_WRITE);
- else if (BIO_should_io_special(bio))
- {
- reason=BIO_get_retry_reason(bio);
- if (reason == BIO_RR_CONNECT)
- return(SSL_ERROR_WANT_CONNECT);
- else if (reason == BIO_RR_ACCEPT)
- return(SSL_ERROR_WANT_ACCEPT);
- else
- return(SSL_ERROR_SYSCALL); /* unknown */
- }
- }
-
- if ((i < 0) && SSL_want_write(s))
- {
- bio=SSL_get_wbio(s);
- if (BIO_should_write(bio))
- return(SSL_ERROR_WANT_WRITE);
- else if (BIO_should_read(bio))
- /* See above (SSL_want_read(s) with BIO_should_write(bio)) */
- return(SSL_ERROR_WANT_READ);
- else if (BIO_should_io_special(bio))
- {
- reason=BIO_get_retry_reason(bio);
- if (reason == BIO_RR_CONNECT)
- return(SSL_ERROR_WANT_CONNECT);
- else if (reason == BIO_RR_ACCEPT)
- return(SSL_ERROR_WANT_ACCEPT);
- else
- return(SSL_ERROR_SYSCALL);
- }
- }
- if ((i < 0) && SSL_want_x509_lookup(s))
- {
- return(SSL_ERROR_WANT_X509_LOOKUP);
- }
-
- if (i == 0)
- {
- if (s->version == SSL2_VERSION)
- {
- /* assume it is the socket being closed */
- return(SSL_ERROR_ZERO_RETURN);
- }
- else
- {
- if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
- (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
- return(SSL_ERROR_ZERO_RETURN);
- }
- }
- return(SSL_ERROR_SYSCALL);
- }
-
-int SSL_do_handshake(SSL *s)
- {
- int ret=1;
-
- if (s->handshake_func == NULL)
- {
- SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET);
- return(-1);
- }
-
- s->method->ssl_renegotiate_check(s);
-
- if (SSL_in_init(s) || SSL_in_before(s))
- {
- ret=s->handshake_func(s);
- }
- return(ret);
- }
-
-/* For the next 2 functions, SSL_clear() sets shutdown and so
- * one of these calls will reset it */
-void SSL_set_accept_state(SSL *s)
- {
- s->server=1;
- s->shutdown=0;
- s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
- s->handshake_func=s->method->ssl_accept;
- /* clear the current cipher */
- ssl_clear_cipher_ctx(s);
- }
-
-void SSL_set_connect_state(SSL *s)
- {
- s->server=0;
- s->shutdown=0;
- s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
- s->handshake_func=s->method->ssl_connect;
- /* clear the current cipher */
- ssl_clear_cipher_ctx(s);
- }
-
-int ssl_undefined_function(SSL *s)
- {
- SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
-
-int ssl_undefined_void_function(void)
- {
- SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
-
-int ssl_undefined_const_function(const SSL *s)
- {
- SSLerr(SSL_F_SSL_UNDEFINED_CONST_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(0);
- }
-
-SSL_METHOD *ssl_bad_method(int ver)
- {
- SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
- return(NULL);
- }
-
-const char *SSL_get_version(const SSL *s)
- {
- if (s->version == TLS1_VERSION)
- return("TLSv1");
- else if (s->version == SSL3_VERSION)
- return("SSLv3");
- else if (s->version == SSL2_VERSION)
- return("SSLv2");
- else
- return("unknown");
- }
-
-SSL *SSL_dup(SSL *s)
- {
- STACK_OF(X509_NAME) *sk;
- X509_NAME *xn;
- SSL *ret;
- int i;
-
- if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
- return(NULL);
-
- ret->version = s->version;
- ret->type = s->type;
- ret->method = s->method;
-
- if (s->session != NULL)
- {
- /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
- SSL_copy_session_id(ret,s);
- }
- else
- {
- /* No session has been established yet, so we have to expect
- * that s->cert or ret->cert will be changed later --
- * they should not both point to the same object,
- * and thus we can't use SSL_copy_session_id. */
-
- ret->method->ssl_free(ret);
- ret->method = s->method;
- ret->method->ssl_new(ret);
-
- if (s->cert != NULL)
- {
- if (ret->cert != NULL)
- {
- ssl_cert_free(ret->cert);
- }
- ret->cert = ssl_cert_dup(s->cert);
- if (ret->cert == NULL)
- goto err;
- }
-
- SSL_set_session_id_context(ret,
- s->sid_ctx, s->sid_ctx_length);
- }
-
- ret->options=s->options;
- ret->mode=s->mode;
- SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
- SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
- ret->msg_callback = s->msg_callback;
- ret->msg_callback_arg = s->msg_callback_arg;
- SSL_set_verify(ret,SSL_get_verify_mode(s),
- SSL_get_verify_callback(s));
- SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
- ret->generate_session_id = s->generate_session_id;
-
- SSL_set_info_callback(ret,SSL_get_info_callback(s));
-
- ret->debug=s->debug;
-
- /* copy app data, a little dangerous perhaps */
- if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
- goto err;
-
- /* setup rbio, and wbio */
- if (s->rbio != NULL)
- {
- if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
- goto err;
- }
- if (s->wbio != NULL)
- {
- if (s->wbio != s->rbio)
- {
- if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
- goto err;
- }
- else
- ret->wbio=ret->rbio;
- }
- ret->rwstate = s->rwstate;
- ret->in_handshake = s->in_handshake;
- ret->handshake_func = s->handshake_func;
- ret->server = s->server;
- ret->new_session = s->new_session;
- ret->quiet_shutdown = s->quiet_shutdown;
- ret->shutdown=s->shutdown;
- ret->state=s->state; /* SSL_dup does not really work at any state, though */
- ret->rstate=s->rstate;
- ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
- ret->hit=s->hit;
-
- X509_VERIFY_PARAM_inherit(ret->param, s->param);
-
- /* dup the cipher_list and cipher_list_by_id stacks */
- if (s->cipher_list != NULL)
- {
- if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
- goto err;
- }
- if (s->cipher_list_by_id != NULL)
- if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
- == NULL)
- goto err;
-
- /* Dup the client_CA list */
- if (s->client_CA != NULL)
- {
- if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
- ret->client_CA=sk;
- for (i=0; i<sk_X509_NAME_num(sk); i++)
- {
- xn=sk_X509_NAME_value(sk,i);
- if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
- {
- X509_NAME_free(xn);
- goto err;
- }
- }
- }
-
- if (0)
- {
-err:
- if (ret != NULL) SSL_free(ret);
- ret=NULL;
- }
- return(ret);
- }
-
-void ssl_clear_cipher_ctx(SSL *s)
- {
- if (s->enc_read_ctx != NULL)
- {
- EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
- OPENSSL_free(s->enc_read_ctx);
- s->enc_read_ctx=NULL;
- }
- if (s->enc_write_ctx != NULL)
- {
- EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
- OPENSSL_free(s->enc_write_ctx);
- s->enc_write_ctx=NULL;
- }
-#ifndef OPENSSL_NO_COMP
- if (s->expand != NULL)
- {
- COMP_CTX_free(s->expand);
- s->expand=NULL;
- }
- if (s->compress != NULL)
- {
- COMP_CTX_free(s->compress);
- s->compress=NULL;
- }
-#endif
- }
-
-/* Fix this function so that it takes an optional type parameter */
-X509 *SSL_get_certificate(const SSL *s)
- {
- if (s->cert != NULL)
- return(s->cert->key->x509);
- else
- return(NULL);
- }
-
-/* Fix this function so that it takes an optional type parameter */
-EVP_PKEY *SSL_get_privatekey(SSL *s)
- {
- if (s->cert != NULL)
- return(s->cert->key->privatekey);
- else
- return(NULL);
- }
-
-SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
- {
- if ((s->session != NULL) && (s->session->cipher != NULL))
- return(s->session->cipher);
- return(NULL);
- }
-#ifdef OPENSSL_NO_COMP
-const void *SSL_get_current_compression(SSL *s)
- {
- return NULL;
- }
-const void *SSL_get_current_expansion(SSL *s)
- {
- return NULL;
- }
-#else
-
-const COMP_METHOD *SSL_get_current_compression(SSL *s)
- {
- if (s->compress != NULL)
- return(s->compress->meth);
- return(NULL);
- }
-
-const COMP_METHOD *SSL_get_current_expansion(SSL *s)
- {
- if (s->expand != NULL)
- return(s->expand->meth);
- return(NULL);
- }
-#endif
-
-int ssl_init_wbio_buffer(SSL *s,int push)
- {
- BIO *bbio;
-
- if (s->bbio == NULL)
- {
- bbio=BIO_new(BIO_f_buffer());
- if (bbio == NULL) return(0);
- s->bbio=bbio;
- }
- else
- {
- bbio=s->bbio;
- if (s->bbio == s->wbio)
- s->wbio=BIO_pop(s->wbio);
- }
- (void)BIO_reset(bbio);
-/* if (!BIO_set_write_buffer_size(bbio,16*1024)) */
- if (!BIO_set_read_buffer_size(bbio,1))
- {
- SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER,ERR_R_BUF_LIB);
- return(0);
- }
- if (push)
- {
- if (s->wbio != bbio)
- s->wbio=BIO_push(bbio,s->wbio);
- }
- else
- {
- if (s->wbio == bbio)
- s->wbio=BIO_pop(bbio);
- }
- return(1);
- }
-
-void ssl_free_wbio_buffer(SSL *s)
- {
- if (s->bbio == NULL) return;
-
- if (s->bbio == s->wbio)
- {
- /* remove buffering */
- s->wbio=BIO_pop(s->wbio);
-#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
- assert(s->wbio != NULL);
-#endif
- }
- BIO_free(s->bbio);
- s->bbio=NULL;
- }
-
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
- {
- ctx->quiet_shutdown=mode;
- }
-
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
- {
- return(ctx->quiet_shutdown);
- }
-
-void SSL_set_quiet_shutdown(SSL *s,int mode)
- {
- s->quiet_shutdown=mode;
- }
-
-int SSL_get_quiet_shutdown(const SSL *s)
- {
- return(s->quiet_shutdown);
- }
-
-void SSL_set_shutdown(SSL *s,int mode)
- {
- s->shutdown=mode;
- }
-
-int SSL_get_shutdown(const SSL *s)
- {
- return(s->shutdown);
- }
-
-int SSL_version(const SSL *s)
- {
- return(s->version);
- }
-
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
- {
- return(ssl->ctx);
- }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
- {
- return(X509_STORE_set_default_paths(ctx->cert_store));
- }
-
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
- const char *CApath)
- {
- return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
- }
-#endif
-
-void SSL_set_info_callback(SSL *ssl,
- void (*cb)(const SSL *ssl,int type,int val))
- {
- ssl->info_callback=cb;
- }
-
-/* One compiler (Diab DCC) doesn't like argument names in returned
- function pointer. */
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL * /*ssl*/,int /*type*/,int /*val*/)
- {
- return ssl->info_callback;
- }
-
-int SSL_state(const SSL *ssl)
- {
- return(ssl->state);
- }
-
-void SSL_set_verify_result(SSL *ssl,long arg)
- {
- ssl->verify_result=arg;
- }
-
-long SSL_get_verify_result(const SSL *ssl)
- {
- return(ssl->verify_result);
- }
-
-int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int SSL_set_ex_data(SSL *s,int idx,void *arg)
- {
- return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
- }
-
-void *SSL_get_ex_data(const SSL *s,int idx)
- {
- return(CRYPTO_get_ex_data(&s->ex_data,idx));
- }
-
-int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
- {
- return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
- }
-
-void *SSL_CTX_get_ex_data(const SSL_CTX *s,int idx)
- {
- return(CRYPTO_get_ex_data(&s->ex_data,idx));
- }
-
-int ssl_ok(SSL *s)
- {
- return(1);
- }
-
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
- {
- return(ctx->cert_store);
- }
-
-void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
- {
- if (ctx->cert_store != NULL)
- X509_STORE_free(ctx->cert_store);
- ctx->cert_store=store;
- }
-
-int SSL_want(const SSL *s)
- {
- return(s->rwstate);
- }
-
-/*!
- * \brief Set the callback for generating temporary RSA keys.
- * \param ctx the SSL context.
- * \param cb the callback
- */
-
-#ifndef OPENSSL_NO_RSA
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
- int is_export,
- int keylength))
- {
- SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
- }
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
- int is_export,
- int keylength))
- {
- SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
- }
-#endif
-
-#ifdef DOXYGEN
-/*!
- * \brief The RSA temporary key callback function.
- * \param ssl the SSL session.
- * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
- * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
- * of the required key in bits.
- * \return the temporary RSA key.
- * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
- */
-
-RSA *cb(SSL *ssl,int is_export,int keylength)
- {}
-#endif
-
-/*!
- * \brief Set the callback for generating temporary DH keys.
- * \param ctx the SSL context.
- * \param dh the callback
- */
-
-#ifndef OPENSSL_NO_DH
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
- int keylength))
- {
- SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
- }
-
-void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
- int keylength))
- {
- SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
- }
-#endif
-
-#ifndef OPENSSL_NO_ECDH
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
- int keylength))
- {
- SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
- }
-
-void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
- int keylength))
- {
- SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
- }
-#endif
-
-
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
- {
- SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
- }
-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
- {
- SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
- }
-
-
-
-#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
-#include "../crypto/bio/bss_file.c"
-#endif
-
-IMPLEMENT_STACK_OF(SSL_CIPHER)
-IMPLEMENT_STACK_OF(SSL_COMP)
diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_locl.h
deleted file mode 100644
index 786d988..0000000
--- a/crypto/openssl/ssl/ssl_locl.h
+++ /dev/null
@@ -1,950 +0,0 @@
-/* ssl/ssl_locl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_SSL_LOCL_H
-#define HEADER_SSL_LOCL_H
-#include <stdlib.h>
-#include <time.h>
-#include <string.h>
-#include <errno.h>
-
-#include "e_os.h"
-
-#include <openssl/buffer.h>
-#include <openssl/comp.h>
-#include <openssl/bio.h>
-#include <openssl/stack.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-#include <openssl/symhacks.h>
-
-#ifdef OPENSSL_BUILD_SHLIBSSL
-# undef OPENSSL_EXTERN
-# define OPENSSL_EXTERN OPENSSL_EXPORT
-#endif
-
-#define PKCS1_CHECK
-
-#define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \
- l|=(((unsigned long)(*((c)++)))<< 8), \
- l|=(((unsigned long)(*((c)++)))<<16), \
- l|=(((unsigned long)(*((c)++)))<<24))
-
-/* NOTE - c is not incremented as per c2l */
-#define c2ln(c,l1,l2,n) { \
- c+=n; \
- l1=l2=0; \
- switch (n) { \
- case 8: l2 =((unsigned long)(*(--(c))))<<24; \
- case 7: l2|=((unsigned long)(*(--(c))))<<16; \
- case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
- case 5: l2|=((unsigned long)(*(--(c)))); \
- case 4: l1 =((unsigned long)(*(--(c))))<<24; \
- case 3: l1|=((unsigned long)(*(--(c))))<<16; \
- case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
- case 1: l1|=((unsigned long)(*(--(c)))); \
- } \
- }
-
-#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24)&0xff))
-
-#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24, \
- l|=((unsigned long)(*((c)++)))<<16, \
- l|=((unsigned long)(*((c)++)))<< 8, \
- l|=((unsigned long)(*((c)++))))
-
-#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16)&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
- *((c)++)=(unsigned char)(((l) )&0xff))
-
-#define l2n6(l,c) (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
- *((c)++)=(unsigned char)(((l)>>32)&0xff), \
- *((c)++)=(unsigned char)(((l)>>24)&0xff), \
- *((c)++)=(unsigned char)(((l)>>16)&0xff), \
- *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
- *((c)++)=(unsigned char)(((l) )&0xff))
-
-#define n2l6(c,l) (l =((BN_ULLONG)(*((c)++)))<<40, \
- l|=((BN_ULLONG)(*((c)++)))<<32, \
- l|=((BN_ULLONG)(*((c)++)))<<24, \
- l|=((BN_ULLONG)(*((c)++)))<<16, \
- l|=((BN_ULLONG)(*((c)++)))<< 8, \
- l|=((BN_ULLONG)(*((c)++))))
-
-/* NOTE - c is not incremented as per l2c */
-#define l2cn(l1,l2,c,n) { \
- c+=n; \
- switch (n) { \
- case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
- case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
- case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
- case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
- case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
- case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
- case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
- case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
- } \
- }
-
-#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \
- (((unsigned int)(c[1])) )),c+=2)
-#define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
- c[1]=(unsigned char)(((s) )&0xff)),c+=2)
-
-#define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \
- (((unsigned long)(c[1]))<< 8)| \
- (((unsigned long)(c[2])) )),c+=3)
-
-#define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \
- c[1]=(unsigned char)(((l)>> 8)&0xff), \
- c[2]=(unsigned char)(((l) )&0xff)),c+=3)
-
-/* LOCAL STUFF */
-
-#define SSL_DECRYPT 0
-#define SSL_ENCRYPT 1
-
-#define TWO_BYTE_BIT 0x80
-#define SEC_ESC_BIT 0x40
-#define TWO_BYTE_MASK 0x7fff
-#define THREE_BYTE_MASK 0x3fff
-
-#define INC32(a) ((a)=((a)+1)&0xffffffffL)
-#define DEC32(a) ((a)=((a)-1)&0xffffffffL)
-#define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */
-
-/*
- * Define the Bitmasks for SSL_CIPHER.algorithms.
- * This bits are used packed as dense as possible. If new methods/ciphers
- * etc will be added, the bits a likely to change, so this information
- * is for internal library use only, even though SSL_CIPHER.algorithms
- * can be publicly accessed.
- * Use the according functions for cipher management instead.
- *
- * The bit mask handling in the selection and sorting scheme in
- * ssl_create_cipher_list() has only limited capabilities, reflecting
- * that the different entities within are mutually exclusive:
- * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
- */
-#define SSL_MKEY_MASK 0x000000FFL
-#define SSL_kRSA 0x00000001L /* RSA key exchange */
-#define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */
-#define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */
-#define SSL_kFZA 0x00000008L
-#define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */
-#define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */
-#define SSL_kECDH 0x00000040L /* ECDH w/ long-term keys */
-#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
-#define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
-
-#define SSL_AUTH_MASK 0x00007F00L
-#define SSL_aRSA 0x00000100L /* Authenticate with RSA */
-#define SSL_aDSS 0x00000200L /* Authenticate with DSS */
-#define SSL_DSS SSL_aDSS
-#define SSL_aFZA 0x00000400L
-#define SSL_aNULL 0x00000800L /* no Authenticate, ADH */
-#define SSL_aDH 0x00001000L /* no Authenticate, ADH */
-#define SSL_aKRB5 0x00002000L /* Authenticate with KRB5 */
-#define SSL_aECDSA 0x00004000L /* Authenticate with ECDSA */
-
-#define SSL_NULL (SSL_eNULL)
-#define SSL_ADH (SSL_kEDH|SSL_aNULL)
-#define SSL_RSA (SSL_kRSA|SSL_aRSA)
-#define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH)
-#define SSL_ECDH (SSL_kECDH|SSL_kECDHE)
-#define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA)
-#define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5)
-
-#define SSL_ENC_MASK 0x0C3F8000L
-#define SSL_DES 0x00008000L
-#define SSL_3DES 0x00010000L
-#define SSL_RC4 0x00020000L
-#define SSL_RC2 0x00040000L
-#define SSL_IDEA 0x00080000L
-#define SSL_eFZA 0x00100000L
-#define SSL_eNULL 0x00200000L
-#define SSL_AES 0x04000000L
-#define SSL_CAMELLIA 0x08000000L
-
-#define SSL_MAC_MASK 0x00c00000L
-#define SSL_MD5 0x00400000L
-#define SSL_SHA1 0x00800000L
-#define SSL_SHA (SSL_SHA1)
-
-#define SSL_SSL_MASK 0x03000000L
-#define SSL_SSLV2 0x01000000L
-#define SSL_SSLV3 0x02000000L
-#define SSL_TLSV1 SSL_SSLV3 /* for now */
-
-/* we have used 0fffffff - 4 bits left to go. */
-
-/*
- * Export and cipher strength information. For each cipher we have to decide
- * whether it is exportable or not. This information is likely to change
- * over time, since the export control rules are no static technical issue.
- *
- * Independent of the export flag the cipher strength is sorted into classes.
- * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
- * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
- * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
- * since SSL_EXP64 could be similar to SSL_LOW.
- * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
- * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
- * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
- * be possible.
- */
-#define SSL_EXP_MASK 0x00000003L
-#define SSL_NOT_EXP 0x00000001L
-#define SSL_EXPORT 0x00000002L
-
-#define SSL_STRONG_MASK 0x000000fcL
-#define SSL_STRONG_NONE 0x00000004L
-#define SSL_EXP40 0x00000008L
-#define SSL_MICRO (SSL_EXP40)
-#define SSL_EXP56 0x00000010L
-#define SSL_MINI (SSL_EXP56)
-#define SSL_LOW 0x00000020L
-#define SSL_MEDIUM 0x00000040L
-#define SSL_HIGH 0x00000080L
-
-/* we have used 000000ff - 24 bits left to go */
-
-/*
- * Macros to check the export status and cipher strength for export ciphers.
- * Even though the macros for EXPORT and EXPORT40/56 have similar names,
- * their meaning is different:
- * *_EXPORT macros check the 'exportable' status.
- * *_EXPORT40/56 macros are used to check whether a certain cipher strength
- * is given.
- * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
- * algorithm structure element to be passed (algorithms, algo_strength) and no
- * typechecking can be done as they are all of type unsigned long, their
- * direct usage is discouraged.
- * Use the SSL_C_* macros instead.
- */
-#define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT)
-#define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56)
-#define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40)
-#define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength)
-#define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength)
-#define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength)
-
-#define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \
- ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
-#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
-#define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms, \
- (c)->algo_strength)
-#define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
-
-
-#define SSL_ALL 0xffffffffL
-#define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
- SSL_MAC_MASK)
-#define SSL_ALL_STRENGTHS (SSL_EXP_MASK|SSL_STRONG_MASK)
-
-/* Mostly for SSLv3 */
-#define SSL_PKEY_RSA_ENC 0
-#define SSL_PKEY_RSA_SIGN 1
-#define SSL_PKEY_DSA_SIGN 2
-#define SSL_PKEY_DH_RSA 3
-#define SSL_PKEY_DH_DSA 4
-#define SSL_PKEY_ECC 5
-#define SSL_PKEY_NUM 6
-
-/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
- * <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
- * SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
- * SSL_aRSA <- RSA_ENC | RSA_SIGN
- * SSL_aDSS <- DSA_SIGN
- */
-
-/*
-#define CERT_INVALID 0
-#define CERT_PUBLIC_KEY 1
-#define CERT_PRIVATE_KEY 2
-*/
-
-#ifndef OPENSSL_NO_EC
-/* From ECC-TLS draft, used in encoding the curve type in
- * ECParameters
- */
-#define EXPLICIT_PRIME_CURVE_TYPE 1
-#define EXPLICIT_CHAR2_CURVE_TYPE 2
-#define NAMED_CURVE_TYPE 3
-#endif /* OPENSSL_NO_EC */
-
-typedef struct cert_pkey_st
- {
- X509 *x509;
- EVP_PKEY *privatekey;
- } CERT_PKEY;
-
-typedef struct cert_st
- {
- /* Current active set */
- CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
- * Probably it would make more sense to store
- * an index, not a pointer. */
-
- /* The following masks are for the key and auth
- * algorithms that are supported by the certs below */
- int valid;
- unsigned long mask;
- unsigned long export_mask;
-#ifndef OPENSSL_NO_RSA
- RSA *rsa_tmp;
- RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
-#ifndef OPENSSL_NO_DH
- DH *dh_tmp;
- DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *ecdh_tmp;
- /* Callback for generating ephemeral ECDH keys */
- EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
-#endif
-
- CERT_PKEY pkeys[SSL_PKEY_NUM];
-
- int references; /* >1 only if SSL_copy_session_id is used */
- } CERT;
-
-
-typedef struct sess_cert_st
- {
- STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
-
- /* The 'peer_...' members are used only by clients. */
- int peer_cert_type;
-
- CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
- CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
- /* Obviously we don't have the private keys of these,
- * so maybe we shouldn't even use the CERT_PKEY type here. */
-
-#ifndef OPENSSL_NO_RSA
- RSA *peer_rsa_tmp; /* not used for SSL 2 */
-#endif
-#ifndef OPENSSL_NO_DH
- DH *peer_dh_tmp; /* not used for SSL 2 */
-#endif
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *peer_ecdh_tmp;
-#endif
-
- int references; /* actually always 1 at the moment */
- } SESS_CERT;
-
-
-/*#define MAC_DEBUG */
-
-/*#define ERR_DEBUG */
-/*#define ABORT_DEBUG */
-/*#define PKT_DEBUG 1 */
-/*#define DES_DEBUG */
-/*#define DES_OFB_DEBUG */
-/*#define SSL_DEBUG */
-/*#define RSA_DEBUG */
-/*#define IDEA_DEBUG */
-
-#define FP_ICC (int (*)(const void *,const void *))
-#define ssl_put_cipher_by_char(ssl,ciph,ptr) \
- ((ssl)->method->put_cipher_by_char((ciph),(ptr)))
-#define ssl_get_cipher_by_char(ssl,ptr) \
- ((ssl)->method->get_cipher_by_char(ptr))
-
-/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
- * It is a bit of a mess of functions, but hell, think of it as
- * an opaque structure :-) */
-typedef struct ssl3_enc_method
- {
- int (*enc)(SSL *, int);
- int (*mac)(SSL *, unsigned char *, int);
- int (*setup_key_block)(SSL *);
- int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
- int (*change_cipher_state)(SSL *, int);
- int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
- int finish_mac_length;
- int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
- const char *client_finished_label;
- int client_finished_label_len;
- const char *server_finished_label;
- int server_finished_label_len;
- int (*alert_value)(int);
- } SSL3_ENC_METHOD;
-
-/* Used for holding the relevant compression methods loaded into SSL_CTX */
-typedef struct ssl3_comp_st
- {
- int comp_id; /* The identifier byte for this compression type */
- char *name; /* Text name used for the compression type */
- COMP_METHOD *method; /* The method :-) */
- } SSL3_COMP;
-
-extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
-OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
-
-
-SSL_METHOD *ssl_bad_method(int ver);
-SSL_METHOD *sslv2_base_method(void);
-SSL_METHOD *sslv23_base_method(void);
-SSL_METHOD *sslv3_base_method(void);
-
-extern SSL3_ENC_METHOD TLSv1_enc_data;
-extern SSL3_ENC_METHOD SSLv3_enc_data;
-extern SSL3_ENC_METHOD DTLSv1_enc_data;
-
-#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void) \
- { \
- static SSL_METHOD func_name##_data= { \
- TLS1_VERSION, \
- tls1_new, \
- tls1_clear, \
- tls1_free, \
- s_accept, \
- s_connect, \
- ssl3_read, \
- ssl3_peek, \
- ssl3_write, \
- ssl3_shutdown, \
- ssl3_renegotiate, \
- ssl3_renegotiate_check, \
- ssl3_get_message, \
- ssl3_read_bytes, \
- ssl3_write_bytes, \
- ssl3_dispatch_alert, \
- ssl3_ctrl, \
- ssl3_ctx_ctrl, \
- ssl3_get_cipher_by_char, \
- ssl3_put_cipher_by_char, \
- ssl3_pending, \
- ssl3_num_ciphers, \
- ssl3_get_cipher, \
- s_get_meth, \
- tls1_default_timeout, \
- &TLSv1_enc_data, \
- ssl_undefined_void_function, \
- ssl3_callback_ctrl, \
- ssl3_ctx_callback_ctrl, \
- }; \
- return &func_name##_data; \
- }
-
-#define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void) \
- { \
- static SSL_METHOD func_name##_data= { \
- SSL3_VERSION, \
- ssl3_new, \
- ssl3_clear, \
- ssl3_free, \
- s_accept, \
- s_connect, \
- ssl3_read, \
- ssl3_peek, \
- ssl3_write, \
- ssl3_shutdown, \
- ssl3_renegotiate, \
- ssl3_renegotiate_check, \
- ssl3_get_message, \
- ssl3_read_bytes, \
- ssl3_write_bytes, \
- ssl3_dispatch_alert, \
- ssl3_ctrl, \
- ssl3_ctx_ctrl, \
- ssl3_get_cipher_by_char, \
- ssl3_put_cipher_by_char, \
- ssl3_pending, \
- ssl3_num_ciphers, \
- ssl3_get_cipher, \
- s_get_meth, \
- ssl3_default_timeout, \
- &SSLv3_enc_data, \
- ssl_undefined_void_function, \
- ssl3_callback_ctrl, \
- ssl3_ctx_callback_ctrl, \
- }; \
- return &func_name##_data; \
- }
-
-#define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void) \
- { \
- static SSL_METHOD func_name##_data= { \
- TLS1_VERSION, \
- tls1_new, \
- tls1_clear, \
- tls1_free, \
- s_accept, \
- s_connect, \
- ssl23_read, \
- ssl23_peek, \
- ssl23_write, \
- ssl_undefined_function, \
- ssl_undefined_function, \
- ssl_ok, \
- ssl3_get_message, \
- ssl3_read_bytes, \
- ssl3_write_bytes, \
- ssl3_dispatch_alert, \
- ssl3_ctrl, \
- ssl3_ctx_ctrl, \
- ssl23_get_cipher_by_char, \
- ssl23_put_cipher_by_char, \
- ssl_undefined_const_function, \
- ssl23_num_ciphers, \
- ssl23_get_cipher, \
- s_get_meth, \
- ssl23_default_timeout, \
- &ssl3_undef_enc_method, \
- ssl_undefined_void_function, \
- ssl3_callback_ctrl, \
- ssl3_ctx_callback_ctrl, \
- }; \
- return &func_name##_data; \
- }
-
-#define IMPLEMENT_ssl2_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void) \
- { \
- static SSL_METHOD func_name##_data= { \
- SSL2_VERSION, \
- ssl2_new, /* local */ \
- ssl2_clear, /* local */ \
- ssl2_free, /* local */ \
- s_accept, \
- s_connect, \
- ssl2_read, \
- ssl2_peek, \
- ssl2_write, \
- ssl2_shutdown, \
- ssl_ok, /* NULL - renegotiate */ \
- ssl_ok, /* NULL - check renegotiate */ \
- NULL, /* NULL - ssl_get_message */ \
- NULL, /* NULL - ssl_get_record */ \
- NULL, /* NULL - ssl_write_bytes */ \
- NULL, /* NULL - dispatch_alert */ \
- ssl2_ctrl, /* local */ \
- ssl2_ctx_ctrl, /* local */ \
- ssl2_get_cipher_by_char, \
- ssl2_put_cipher_by_char, \
- ssl2_pending, \
- ssl2_num_ciphers, \
- ssl2_get_cipher, \
- s_get_meth, \
- ssl2_default_timeout, \
- &ssl3_undef_enc_method, \
- ssl_undefined_void_function, \
- ssl2_callback_ctrl, /* local */ \
- ssl2_ctx_callback_ctrl, /* local */ \
- }; \
- return &func_name##_data; \
- }
-
-#define IMPLEMENT_dtls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
-SSL_METHOD *func_name(void) \
- { \
- static SSL_METHOD func_name##_data= { \
- DTLS1_VERSION, \
- dtls1_new, \
- dtls1_clear, \
- dtls1_free, \
- s_accept, \
- s_connect, \
- ssl3_read, \
- ssl3_peek, \
- ssl3_write, \
- ssl3_shutdown, \
- ssl3_renegotiate, \
- ssl3_renegotiate_check, \
- dtls1_get_message, \
- dtls1_read_bytes, \
- dtls1_write_app_data_bytes, \
- dtls1_dispatch_alert, \
- ssl3_ctrl, \
- ssl3_ctx_ctrl, \
- ssl3_get_cipher_by_char, \
- ssl3_put_cipher_by_char, \
- ssl3_pending, \
- ssl3_num_ciphers, \
- ssl3_get_cipher, \
- s_get_meth, \
- dtls1_default_timeout, \
- &DTLSv1_enc_data, \
- ssl_undefined_void_function, \
- ssl3_callback_ctrl, \
- ssl3_ctx_callback_ctrl, \
- }; \
- return &func_name##_data; \
- }
-
-void ssl_clear_cipher_ctx(SSL *s);
-int ssl_clear_bad_session(SSL *s);
-CERT *ssl_cert_new(void);
-CERT *ssl_cert_dup(CERT *cert);
-int ssl_cert_inst(CERT **o);
-void ssl_cert_free(CERT *c);
-SESS_CERT *ssl_sess_cert_new(void);
-void ssl_sess_cert_free(SESS_CERT *sc);
-int ssl_set_peer_cert_type(SESS_CERT *c, int type);
-int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
-int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
-int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
- const SSL_CIPHER * const *bp);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
- STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
- int (*put_cb)(const SSL_CIPHER *, unsigned char *));
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
- STACK_OF(SSL_CIPHER) **pref,
- STACK_OF(SSL_CIPHER) **sorted,
- const char *rule_str);
-void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
- const EVP_MD **md,SSL_COMP **comp);
-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
-int ssl_undefined_function(SSL *s);
-int ssl_undefined_void_function(void);
-int ssl_undefined_const_function(const SSL *s);
-X509 *ssl_get_server_send_cert(SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
-int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
-int ssl_verify_alarm_type(long type);
-void ssl_load_ciphers(void);
-
-int ssl2_enc_init(SSL *s, int client);
-int ssl2_generate_key_material(SSL *s);
-void ssl2_enc(SSL *s,int send_data);
-void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
-SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
-int ssl2_part_read(SSL *s, unsigned long f, int i);
-int ssl2_do_write(SSL *s);
-int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
-void ssl2_return_error(SSL *s,int reason);
-void ssl2_write_error(SSL *s);
-int ssl2_num_ciphers(void);
-SSL_CIPHER *ssl2_get_cipher(unsigned int u);
-int ssl2_new(SSL *s);
-void ssl2_free(SSL *s);
-int ssl2_accept(SSL *s);
-int ssl2_connect(SSL *s);
-int ssl2_read(SSL *s, void *buf, int len);
-int ssl2_peek(SSL *s, void *buf, int len);
-int ssl2_write(SSL *s, const void *buf, int len);
-int ssl2_shutdown(SSL *s);
-void ssl2_clear(SSL *s);
-long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
-long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
-long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
-int ssl2_pending(const SSL *s);
-long ssl2_default_timeout(void );
-
-SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
-void ssl3_init_finished_mac(SSL *s);
-int ssl3_send_server_certificate(SSL *s);
-int ssl3_get_finished(SSL *s,int state_a,int state_b);
-int ssl3_setup_key_block(SSL *s);
-int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
-int ssl3_change_cipher_state(SSL *s,int which);
-void ssl3_cleanup_key_block(SSL *s);
-int ssl3_do_write(SSL *s,int type);
-void ssl3_send_alert(SSL *s,int level, int desc);
-int ssl3_generate_master_secret(SSL *s, unsigned char *out,
- unsigned char *p, int len);
-int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
-long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
-int ssl3_num_ciphers(void);
-SSL_CIPHER *ssl3_get_cipher(unsigned int u);
-int ssl3_renegotiate(SSL *ssl);
-int ssl3_renegotiate_check(SSL *ssl);
-int ssl3_dispatch_alert(SSL *s);
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
- const char *sender, int slen,unsigned char *p);
-int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
-void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
-int ssl3_enc(SSL *s, int send_data);
-int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
-unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
- STACK_OF(SSL_CIPHER) *srvr);
-int ssl3_setup_buffers(SSL *s);
-int ssl3_new(SSL *s);
-void ssl3_free(SSL *s);
-int ssl3_accept(SSL *s);
-int ssl3_connect(SSL *s);
-int ssl3_read(SSL *s, void *buf, int len);
-int ssl3_peek(SSL *s, void *buf, int len);
-int ssl3_write(SSL *s, const void *buf, int len);
-int ssl3_shutdown(SSL *s);
-void ssl3_clear(SSL *s);
-long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
-long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
-long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
-int ssl3_pending(const SSL *s);
-
-void ssl3_record_sequence_update(unsigned char *seq);
-int ssl3_do_change_cipher_spec(SSL *ssl);
-long ssl3_default_timeout(void );
-
-int ssl23_num_ciphers(void );
-SSL_CIPHER *ssl23_get_cipher(unsigned int u);
-int ssl23_read(SSL *s, void *buf, int len);
-int ssl23_peek(SSL *s, void *buf, int len);
-int ssl23_write(SSL *s, const void *buf, int len);
-int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
-SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
-long ssl23_default_timeout(void );
-
-long tls1_default_timeout(void);
-int dtls1_do_write(SSL *s,int type);
-int ssl3_read_n(SSL *s, int n, int max, int extend);
-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_do_compress(SSL *ssl);
-int ssl3_do_uncompress(SSL *ssl);
-int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
- unsigned int len);
-unsigned char *dtls1_set_message_header(SSL *s,
- unsigned char *p, unsigned char mt, unsigned long len,
- unsigned long frag_off, unsigned long frag_len);
-
-int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
-int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
-
-int dtls1_send_change_cipher_spec(SSL *s, int a, int b);
-int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
-unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
-int dtls1_read_failed(SSL *s, int code);
-int dtls1_buffer_message(SSL *s, int ccs);
-int dtls1_retransmit_message(SSL *s, unsigned short seq,
- unsigned long frag_off, int *found);
-void dtls1_clear_record_buffer(SSL *s);
-void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
-void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
-void dtls1_reset_seq_numbers(SSL *s, int rw);
-long dtls1_default_timeout(void);
-
-
-/* some client-only functions */
-int ssl3_client_hello(SSL *s);
-int ssl3_get_server_hello(SSL *s);
-int ssl3_get_certificate_request(SSL *s);
-int ssl3_get_server_done(SSL *s);
-int ssl3_send_client_verify(SSL *s);
-int ssl3_send_client_certificate(SSL *s);
-int ssl3_send_client_key_exchange(SSL *s);
-int ssl3_get_key_exchange(SSL *s);
-int ssl3_get_server_certificate(SSL *s);
-int ssl3_check_cert_and_algorithm(SSL *s);
-
-int dtls1_client_hello(SSL *s);
-int dtls1_send_client_certificate(SSL *s);
-int dtls1_send_client_key_exchange(SSL *s);
-int dtls1_send_client_verify(SSL *s);
-
-/* some server-only functions */
-int ssl3_get_client_hello(SSL *s);
-int ssl3_send_server_hello(SSL *s);
-int ssl3_send_hello_request(SSL *s);
-int ssl3_send_server_key_exchange(SSL *s);
-int ssl3_send_certificate_request(SSL *s);
-int ssl3_send_server_done(SSL *s);
-int ssl3_check_client_hello(SSL *s);
-int ssl3_get_client_certificate(SSL *s);
-int ssl3_get_client_key_exchange(SSL *s);
-int ssl3_get_cert_verify(SSL *s);
-
-int dtls1_send_hello_request(SSL *s);
-int dtls1_send_server_hello(SSL *s);
-int dtls1_send_server_certificate(SSL *s);
-int dtls1_send_server_key_exchange(SSL *s);
-int dtls1_send_certificate_request(SSL *s);
-int dtls1_send_server_done(SSL *s);
-
-
-
-int ssl23_accept(SSL *s);
-int ssl23_connect(SSL *s);
-int ssl23_read_bytes(SSL *s, int n);
-int ssl23_write_bytes(SSL *s);
-
-int tls1_new(SSL *s);
-void tls1_free(SSL *s);
-void tls1_clear(SSL *s);
-long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
-long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
-SSL_METHOD *tlsv1_base_method(void );
-
-int dtls1_new(SSL *s);
-int dtls1_accept(SSL *s);
-int dtls1_connect(SSL *s);
-void dtls1_free(SSL *s);
-void dtls1_clear(SSL *s);
-long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
-SSL_METHOD *dtlsv1_base_method(void );
-
-long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int dtls1_get_record(SSL *s);
-int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
- unsigned int len, int create_empty_fragement);
-int dtls1_dispatch_alert(SSL *s);
-int dtls1_enc(SSL *s, int snd);
-
-int ssl_init_wbio_buffer(SSL *s, int push);
-void ssl_free_wbio_buffer(SSL *s);
-
-int tls1_change_cipher_state(SSL *s, int which);
-int tls1_setup_key_block(SSL *s);
-int tls1_enc(SSL *s, int snd);
-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
- const char *str, int slen, unsigned char *p);
-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
-int tls1_mac(SSL *ssl, unsigned char *md, int snd);
-int tls1_generate_master_secret(SSL *s, unsigned char *out,
- unsigned char *p, int len);
-int tls1_alert_code(int code);
-int ssl3_alert_code(int code);
-int ssl_ok(SSL *s);
-
-int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
-
-SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
-
-
-#endif
diff --git a/crypto/openssl/ssl/ssl_rsa.c b/crypto/openssl/ssl/ssl_rsa.c
deleted file mode 100644
index fc42dfa..0000000
--- a/crypto/openssl/ssl/ssl_rsa.c
+++ /dev/null
@@ -1,777 +0,0 @@
-/* ssl/ssl_rsa.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/bio.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-static int ssl_set_cert(CERT *c, X509 *x509);
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
-int SSL_use_certificate(SSL *ssl, X509 *x)
- {
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ssl->cert))
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- return(ssl_set_cert(ssl->cert,x));
- }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
- {
- int j;
- BIO *in;
- int ret=0;
- X509 *x=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1)
- {
- j=ERR_R_ASN1_LIB;
- x=d2i_X509_bio(in,NULL);
- }
- else if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
- }
- else
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
-
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE,j);
- goto end;
- }
-
- ret=SSL_use_certificate(ssl,x);
-end:
- if (x != NULL) X509_free(x);
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
- {
- X509 *x;
- int ret;
-
- x=d2i_X509(NULL,&d,(long)len);
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_use_certificate(ssl,x);
- X509_free(x);
- return(ret);
- }
-
-#ifndef OPENSSL_NO_RSA
-int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
- {
- EVP_PKEY *pkey;
- int ret;
-
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ssl->cert))
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- if ((pkey=EVP_PKEY_new()) == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
- return(0);
- }
-
- RSA_up_ref(rsa);
- EVP_PKEY_assign_RSA(pkey,rsa);
-
- ret=ssl_set_pkey(ssl->cert,pkey);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-#endif
-
-static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
- {
- int i;
-
- i=ssl_cert_type(NULL,pkey);
- if (i < 0)
- {
- SSLerr(SSL_F_SSL_SET_PKEY,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
- return(0);
- }
-
- if (c->pkeys[i].x509 != NULL)
- {
- EVP_PKEY *pktmp;
- pktmp = X509_get_pubkey(c->pkeys[i].x509);
- EVP_PKEY_copy_parameters(pktmp,pkey);
- EVP_PKEY_free(pktmp);
- ERR_clear_error();
-
-#ifndef OPENSSL_NO_RSA
- /* Don't check the public/private key, this is mostly
- * for smart cards. */
- if ((pkey->type == EVP_PKEY_RSA) &&
- (RSA_flags(pkey->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
- ;
- else
-#endif
- if (!X509_check_private_key(c->pkeys[i].x509,pkey))
- {
- X509_free(c->pkeys[i].x509);
- c->pkeys[i].x509 = NULL;
- return 0;
- }
- }
-
- if (c->pkeys[i].privatekey != NULL)
- EVP_PKEY_free(c->pkeys[i].privatekey);
- CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
- c->pkeys[i].privatekey=pkey;
- c->key= &(c->pkeys[i]);
-
- c->valid=0;
- return(1);
- }
-
-#ifndef OPENSSL_NO_RSA
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
- {
- int j,ret=0;
- BIO *in;
- RSA *rsa=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1)
- {
- j=ERR_R_ASN1_LIB;
- rsa=d2i_RSAPrivateKey_bio(in,NULL);
- }
- else if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
- ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
- }
- else
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,j);
- goto end;
- }
- ret=SSL_use_RSAPrivateKey(ssl,rsa);
- RSA_free(rsa);
-end:
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
- {
- int ret;
- const unsigned char *p;
- RSA *rsa;
-
- p=d;
- if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
- {
- SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_use_RSAPrivateKey(ssl,rsa);
- RSA_free(rsa);
- return(ret);
- }
-#endif /* !OPENSSL_NO_RSA */
-
-int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
- {
- int ret;
-
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ssl->cert))
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- ret=ssl_set_pkey(ssl->cert,pkey);
- return(ret);
- }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
- {
- int j,ret=0;
- BIO *in;
- EVP_PKEY *pkey=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- pkey=PEM_read_bio_PrivateKey(in,NULL,
- ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
- }
- else if (type == SSL_FILETYPE_ASN1)
- {
- j = ERR_R_ASN1_LIB;
- pkey = d2i_PrivateKey_bio(in,NULL);
- }
- else
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE,j);
- goto end;
- }
- ret=SSL_use_PrivateKey(ssl,pkey);
- EVP_PKEY_free(pkey);
-end:
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
- {
- int ret;
- const unsigned char *p;
- EVP_PKEY *pkey;
-
- p=d;
- if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
- {
- SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_use_PrivateKey(ssl,pkey);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
- {
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ctx->cert))
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- return(ssl_set_cert(ctx->cert, x));
- }
-
-static int ssl_set_cert(CERT *c, X509 *x)
- {
- EVP_PKEY *pkey;
- int i;
-
- pkey=X509_get_pubkey(x);
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_SET_CERT,SSL_R_X509_LIB);
- return(0);
- }
-
- i=ssl_cert_type(x,pkey);
- if (i < 0)
- {
- SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
- EVP_PKEY_free(pkey);
- return(0);
- }
-
- if (c->pkeys[i].privatekey != NULL)
- {
- EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
- ERR_clear_error();
-
-#ifndef OPENSSL_NO_RSA
- /* Don't check the public/private key, this is mostly
- * for smart cards. */
- if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
- (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) &
- RSA_METHOD_FLAG_NO_CHECK))
- ;
- else
-#endif /* OPENSSL_NO_RSA */
- if (!X509_check_private_key(x,c->pkeys[i].privatekey))
- {
- /* don't fail for a cert/key mismatch, just free
- * current private key (when switching to a different
- * cert & key, first this function should be used,
- * then ssl_set_pkey */
- EVP_PKEY_free(c->pkeys[i].privatekey);
- c->pkeys[i].privatekey=NULL;
- /* clear error queue */
- ERR_clear_error();
- }
- }
-
- EVP_PKEY_free(pkey);
-
- if (c->pkeys[i].x509 != NULL)
- X509_free(c->pkeys[i].x509);
- CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
- c->pkeys[i].x509=x;
- c->key= &(c->pkeys[i]);
-
- c->valid=0;
- return(1);
- }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
- {
- int j;
- BIO *in;
- int ret=0;
- X509 *x=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1)
- {
- j=ERR_R_ASN1_LIB;
- x=d2i_X509_bio(in,NULL);
- }
- else if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
- }
- else
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
-
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,j);
- goto end;
- }
-
- ret=SSL_CTX_use_certificate(ctx,x);
-end:
- if (x != NULL) X509_free(x);
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
- {
- X509 *x;
- int ret;
-
- x=d2i_X509(NULL,&d,(long)len);
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_CTX_use_certificate(ctx,x);
- X509_free(x);
- return(ret);
- }
-
-#ifndef OPENSSL_NO_RSA
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
- {
- int ret;
- EVP_PKEY *pkey;
-
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ctx->cert))
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- if ((pkey=EVP_PKEY_new()) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
- return(0);
- }
-
- RSA_up_ref(rsa);
- EVP_PKEY_assign_RSA(pkey,rsa);
-
- ret=ssl_set_pkey(ctx->cert, pkey);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
- {
- int j,ret=0;
- BIO *in;
- RSA *rsa=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_ASN1)
- {
- j=ERR_R_ASN1_LIB;
- rsa=d2i_RSAPrivateKey_bio(in,NULL);
- }
- else if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
- ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
- }
- else
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (rsa == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,j);
- goto end;
- }
- ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
- RSA_free(rsa);
-end:
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
- {
- int ret;
- const unsigned char *p;
- RSA *rsa;
-
- p=d;
- if ((rsa=d2i_RSAPrivateKey(NULL,&p,(long)len)) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_CTX_use_RSAPrivateKey(ctx,rsa);
- RSA_free(rsa);
- return(ret);
- }
-#endif /* !OPENSSL_NO_RSA */
-
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
- {
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
- return(0);
- }
- if (!ssl_cert_inst(&ctx->cert))
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- return(ssl_set_pkey(ctx->cert,pkey));
- }
-
-#ifndef OPENSSL_NO_STDIO
-int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
- {
- int j,ret=0;
- BIO *in;
- EVP_PKEY *pkey=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,ERR_R_SYS_LIB);
- goto end;
- }
- if (type == SSL_FILETYPE_PEM)
- {
- j=ERR_R_PEM_LIB;
- pkey=PEM_read_bio_PrivateKey(in,NULL,
- ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
- }
- else if (type == SSL_FILETYPE_ASN1)
- {
- j = ERR_R_ASN1_LIB;
- pkey = d2i_PrivateKey_bio(in,NULL);
- }
- else
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,SSL_R_BAD_SSL_FILETYPE);
- goto end;
- }
- if (pkey == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE,j);
- goto end;
- }
- ret=SSL_CTX_use_PrivateKey(ctx,pkey);
- EVP_PKEY_free(pkey);
-end:
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
-
-int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
- long len)
- {
- int ret;
- const unsigned char *p;
- EVP_PKEY *pkey;
-
- p=d;
- if ((pkey=d2i_PrivateKey(type,NULL,&p,(long)len)) == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,ERR_R_ASN1_LIB);
- return(0);
- }
-
- ret=SSL_CTX_use_PrivateKey(ctx,pkey);
- EVP_PKEY_free(pkey);
- return(ret);
- }
-
-
-#ifndef OPENSSL_NO_STDIO
-/* Read a file that contains our certificate in "PEM" format,
- * possibly followed by a sequence of CA certificates that should be
- * sent to the peer in the Certificate message.
- */
-int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
- {
- BIO *in;
- int ret=0;
- X509 *x=NULL;
-
- in=BIO_new(BIO_s_file_internal());
- if (in == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
- goto end;
- }
-
- if (BIO_read_filename(in,file) <= 0)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
- goto end;
- }
-
- x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
- if (x == NULL)
- {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
- goto end;
- }
-
- ret=SSL_CTX_use_certificate(ctx,x);
- if (ERR_peek_error() != 0)
- ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */
- if (ret)
- {
- /* If we could set up our certificate, now proceed to
- * the CA certificates.
- */
- X509 *ca;
- int r;
- unsigned long err;
-
- if (ctx->extra_certs != NULL)
- {
- sk_X509_pop_free(ctx->extra_certs, X509_free);
- ctx->extra_certs = NULL;
- }
-
- while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
- != NULL)
- {
- r = SSL_CTX_add_extra_chain_cert(ctx, ca);
- if (!r)
- {
- X509_free(ca);
- ret = 0;
- goto end;
- }
- /* Note that we must not free r if it was successfully
- * added to the chain (while we must free the main
- * certificate, since its reference count is increased
- * by SSL_CTX_use_certificate). */
- }
- /* When the while loop ends, it's usually just EOF. */
- err = ERR_peek_last_error();
- if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
- ERR_clear_error();
- else
- ret = 0; /* some real error */
- }
-
-end:
- if (x != NULL) X509_free(x);
- if (in != NULL) BIO_free(in);
- return(ret);
- }
-#endif
diff --git a/crypto/openssl/ssl/ssl_sess.c b/crypto/openssl/ssl/ssl_sess.c
deleted file mode 100644
index f80eee6..0000000
--- a/crypto/openssl/ssl/ssl_sess.c
+++ /dev/null
@@ -1,836 +0,0 @@
-/* ssl/ssl_sess.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/lhash.h>
-#include <openssl/rand.h>
-#include "ssl_locl.h"
-
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
-static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
-
-SSL_SESSION *SSL_get_session(const SSL *ssl)
-/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
- {
- return(ssl->session);
- }
-
-SSL_SESSION *SSL_get1_session(SSL *ssl)
-/* variant of SSL_get_session: caller really gets something */
- {
- SSL_SESSION *sess;
- /* Need to lock this all up rather than just use CRYPTO_add so that
- * somebody doesn't free ssl->session between when we check it's
- * non-null and when we up the reference count. */
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
- sess = ssl->session;
- if(sess)
- sess->references++;
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
- return(sess);
- }
-
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
- }
-
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
- {
- return(CRYPTO_get_ex_data(&s->ex_data,idx));
- }
-
-SSL_SESSION *SSL_SESSION_new(void)
- {
- SSL_SESSION *ss;
-
- ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
- if (ss == NULL)
- {
- SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- memset(ss,0,sizeof(SSL_SESSION));
-
- ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
- ss->references=1;
- ss->timeout=60*5+4; /* 5 minute timeout by default */
- ss->time=(unsigned long)time(NULL);
- ss->prev=NULL;
- ss->next=NULL;
- ss->compress_meth=0;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
- return(ss);
- }
-
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
- {
- if(len)
- *len = s->session_id_length;
- return s->session_id;
- }
-
-/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
- * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
- * until we have no conflict is going to complete in one iteration pretty much
- * "most" of the time (btw: understatement). So, if it takes us 10 iterations
- * and we still can't avoid a conflict - well that's a reasonable point to call
- * it quits. Either the RAND code is broken or someone is trying to open roughly
- * very close to 2^128 (or 2^256) SSL sessions to our server. How you might
- * store that many sessions is perhaps a more interesting question ... */
-
-#define MAX_SESS_ID_ATTEMPTS 10
-static int def_generate_session_id(const SSL *ssl, unsigned char *id,
- unsigned int *id_len)
-{
- unsigned int retry = 0;
- do
- if (RAND_pseudo_bytes(id, *id_len) <= 0)
- return 0;
- while(SSL_has_matching_session_id(ssl, id, *id_len) &&
- (++retry < MAX_SESS_ID_ATTEMPTS));
- if(retry < MAX_SESS_ID_ATTEMPTS)
- return 1;
- /* else - woops a session_id match */
- /* XXX We should also check the external cache --
- * but the probability of a collision is negligible, and
- * we could not prevent the concurrent creation of sessions
- * with identical IDs since we currently don't have means
- * to atomically check whether a session ID already exists
- * and make a reservation for it if it does not
- * (this problem applies to the internal cache as well).
- */
- return 0;
-}
-
-int ssl_get_new_session(SSL *s, int session)
- {
- /* This gets used by clients and servers. */
-
- unsigned int tmp;
- SSL_SESSION *ss=NULL;
- GEN_SESSION_CB cb = def_generate_session_id;
-
- if ((ss=SSL_SESSION_new()) == NULL) return(0);
-
- /* If the context has a default timeout, use it */
- if (s->ctx->session_timeout == 0)
- ss->timeout=SSL_get_default_timeout(s);
- else
- ss->timeout=s->ctx->session_timeout;
-
- if (s->session != NULL)
- {
- SSL_SESSION_free(s->session);
- s->session=NULL;
- }
-
- if (session)
- {
- if (s->version == SSL2_VERSION)
- {
- ss->ssl_version=SSL2_VERSION;
- ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == SSL3_VERSION)
- {
- ss->ssl_version=SSL3_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == TLS1_VERSION)
- {
- ss->ssl_version=TLS1_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else if (s->version == DTLS1_VERSION)
- {
- ss->ssl_version=DTLS1_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
- else
- {
- SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
- SSL_SESSION_free(ss);
- return(0);
- }
- /* Choose which callback will set the session ID */
- CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
- if(s->generate_session_id)
- cb = s->generate_session_id;
- else if(s->ctx->generate_session_id)
- cb = s->ctx->generate_session_id;
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
- /* Choose a session ID */
- tmp = ss->session_id_length;
- if(!cb(s, ss->session_id, &tmp))
- {
- /* The callback failed */
- SSLerr(SSL_F_SSL_GET_NEW_SESSION,
- SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
- SSL_SESSION_free(ss);
- return(0);
- }
- /* Don't allow the callback to set the session length to zero.
- * nor set it higher than it was. */
- if(!tmp || (tmp > ss->session_id_length))
- {
- /* The callback set an illegal length */
- SSLerr(SSL_F_SSL_GET_NEW_SESSION,
- SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
- SSL_SESSION_free(ss);
- return(0);
- }
- /* If the session length was shrunk and we're SSLv2, pad it */
- if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
- memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
- else
- ss->session_id_length = tmp;
- /* Finally, check for a conflict */
- if(SSL_has_matching_session_id(s, ss->session_id,
- ss->session_id_length))
- {
- SSLerr(SSL_F_SSL_GET_NEW_SESSION,
- SSL_R_SSL_SESSION_ID_CONFLICT);
- SSL_SESSION_free(ss);
- return(0);
- }
- }
- else
- {
- ss->session_id_length=0;
- }
-
- if (s->sid_ctx_length > sizeof ss->sid_ctx)
- {
- SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
- SSL_SESSION_free(ss);
- return 0;
- }
- memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
- ss->sid_ctx_length=s->sid_ctx_length;
- s->session=ss;
- ss->ssl_version=s->version;
- ss->verify_result = X509_V_OK;
-
- return(1);
- }
-
-int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
- {
- /* This is used only by servers. */
-
- SSL_SESSION *ret=NULL,data;
- int fatal = 0;
-
- data.ssl_version=s->version;
- data.session_id_length=len;
- if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
- goto err;
- memcpy(data.session_id,session_id,len);
-
- if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
- {
- CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
- ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);
- if (ret != NULL)
- /* don't allow other threads to steal it: */
- CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
- CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
- }
-
- if (ret == NULL)
- {
- int copy=1;
-
- s->ctx->stats.sess_miss++;
- ret=NULL;
- if (s->ctx->get_session_cb != NULL
- && (ret=s->ctx->get_session_cb(s,session_id,len,&copy))
- != NULL)
- {
- s->ctx->stats.sess_cb_hit++;
-
- /* Increment reference count now if the session callback
- * asks us to do so (note that if the session structures
- * returned by the callback are shared between threads,
- * it must handle the reference count itself [i.e. copy == 0],
- * or things won't be thread-safe). */
- if (copy)
- CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-
- /* Add the externally cached session to the internal
- * cache as well if and only if we are supposed to. */
- if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
- /* The following should not return 1, otherwise,
- * things are very strange */
- SSL_CTX_add_session(s->ctx,ret);
- }
- if (ret == NULL)
- goto err;
- }
-
- /* Now ret is non-NULL, and we own one of its reference counts. */
-
- if((s->verify_mode&SSL_VERIFY_PEER)
- && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
- || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
- {
- /* We've found the session named by the client, but we don't
- * want to use it in this context. */
-
- if (s->sid_ctx_length == 0)
- {
- /* application should have used SSL[_CTX]_set_session_id_context
- * -- we could tolerate this and just pretend we never heard
- * of this session, but then applications could effectively
- * disable the session cache by accident without anyone noticing */
-
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
- fatal = 1;
- goto err;
- }
- else
- {
-#if 0 /* The client cannot always know when a session is not appropriate,
- * so we shouldn't generate an error message. */
-
- SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
-#endif
- goto err; /* treat like cache miss */
- }
- }
-
- if (ret->cipher == NULL)
- {
- unsigned char buf[5],*p;
- unsigned long l;
-
- p=buf;
- l=ret->cipher_id;
- l2n(l,p);
- if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
- ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
- else
- ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
- if (ret->cipher == NULL)
- goto err;
- }
-
-
-#if 0 /* This is way too late. */
-
- /* If a thread got the session, then 'swaped', and another got
- * it and then due to a time-out decided to 'OPENSSL_free' it we could
- * be in trouble. So I'll increment it now, then double decrement
- * later - am I speaking rubbish?. */
- CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-#endif
-
- if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
- {
- s->ctx->stats.sess_timeout++;
- /* remove it from the cache */
- SSL_CTX_remove_session(s->ctx,ret);
- goto err;
- }
-
- s->ctx->stats.sess_hit++;
-
- /* ret->time=time(NULL); */ /* rezero timeout? */
- /* again, just leave the session
- * if it is the same session, we have just incremented and
- * then decremented the reference count :-) */
- if (s->session != NULL)
- SSL_SESSION_free(s->session);
- s->session=ret;
- s->verify_result = s->session->verify_result;
- return(1);
-
- err:
- if (ret != NULL)
- SSL_SESSION_free(ret);
- if (fatal)
- return -1;
- else
- return 0;
- }
-
-int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
- {
- int ret=0;
- SSL_SESSION *s;
-
- /* add just 1 reference count for the SSL_CTX's session cache
- * even though it has two ways of access: each session is in a
- * doubly linked list and an lhash */
- CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
- /* if session c is in already in cache, we take back the increment later */
-
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- s=(SSL_SESSION *)lh_insert(ctx->sessions,c);
-
- /* s != NULL iff we already had a session with the given PID.
- * In this case, s == c should hold (then we did not really modify
- * ctx->sessions), or we're in trouble. */
- if (s != NULL && s != c)
- {
- /* We *are* in trouble ... */
- SSL_SESSION_list_remove(ctx,s);
- SSL_SESSION_free(s);
- /* ... so pretend the other session did not exist in cache
- * (we cannot handle two SSL_SESSION structures with identical
- * session ID in the same cache, which could happen e.g. when
- * two threads concurrently obtain the same session from an external
- * cache) */
- s = NULL;
- }
-
- /* Put at the head of the queue unless it is already in the cache */
- if (s == NULL)
- SSL_SESSION_list_add(ctx,c);
-
- if (s != NULL)
- {
- /* existing cache entry -- decrement previously incremented reference
- * count because it already takes into account the cache */
-
- SSL_SESSION_free(s); /* s == c */
- ret=0;
- }
- else
- {
- /* new cache entry -- remove old ones if cache has become too large */
-
- ret=1;
-
- if (SSL_CTX_sess_get_cache_size(ctx) > 0)
- {
- while (SSL_CTX_sess_number(ctx) >
- SSL_CTX_sess_get_cache_size(ctx))
- {
- if (!remove_session_lock(ctx,
- ctx->session_cache_tail, 0))
- break;
- else
- ctx->stats.sess_cache_full++;
- }
- }
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- return(ret);
- }
-
-int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
-{
- return remove_session_lock(ctx, c, 1);
-}
-
-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
- {
- SSL_SESSION *r;
- int ret=0;
-
- if ((c != NULL) && (c->session_id_length != 0))
- {
- if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)
- {
- ret=1;
- r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
- SSL_SESSION_list_remove(ctx,c);
- }
-
- if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-
- if (ret)
- {
- r->not_resumable=1;
- if (ctx->remove_session_cb != NULL)
- ctx->remove_session_cb(ctx,r);
- SSL_SESSION_free(r);
- }
- }
- else
- ret=0;
- return(ret);
- }
-
-void SSL_SESSION_free(SSL_SESSION *ss)
- {
- int i;
-
- if(ss == NULL)
- return;
-
- i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
-#ifdef REF_PRINT
- REF_PRINT("SSL_SESSION",ss);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
- abort(); /* ok */
- }
-#endif
-
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
-
- OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
- OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
- OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
- if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
- if (ss->peer != NULL) X509_free(ss->peer);
- if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
- OPENSSL_cleanse(ss,sizeof(*ss));
- OPENSSL_free(ss);
- }
-
-int SSL_set_session(SSL *s, SSL_SESSION *session)
- {
- int ret=0;
- SSL_METHOD *meth;
-
- if (session != NULL)
- {
- meth=s->ctx->method->get_ssl_method(session->ssl_version);
- if (meth == NULL)
- meth=s->method->get_ssl_method(session->ssl_version);
- if (meth == NULL)
- {
- SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
- return(0);
- }
-
- if (meth != s->method)
- {
- if (!SSL_set_ssl_method(s,meth))
- return(0);
- if (s->ctx->session_timeout == 0)
- session->timeout=SSL_get_default_timeout(s);
- else
- session->timeout=s->ctx->session_timeout;
- }
-
-#ifndef OPENSSL_NO_KRB5
- if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
- session->krb5_client_princ_len > 0)
- {
- s->kssl_ctx->client_princ = (char *)OPENSSL_malloc(session->krb5_client_princ_len + 1);
- memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
- session->krb5_client_princ_len);
- s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
- }
-#endif /* OPENSSL_NO_KRB5 */
-
- /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
- CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
- if (s->session != NULL)
- SSL_SESSION_free(s->session);
- s->session=session;
- s->verify_result = s->session->verify_result;
- /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
- ret=1;
- }
- else
- {
- if (s->session != NULL)
- {
- SSL_SESSION_free(s->session);
- s->session=NULL;
- }
-
- meth=s->ctx->method;
- if (meth != s->method)
- {
- if (!SSL_set_ssl_method(s,meth))
- return(0);
- }
- ret=1;
- }
- return(ret);
- }
-
-long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
- {
- if (s == NULL) return(0);
- s->timeout=t;
- return(1);
- }
-
-long SSL_SESSION_get_timeout(const SSL_SESSION *s)
- {
- if (s == NULL) return(0);
- return(s->timeout);
- }
-
-long SSL_SESSION_get_time(const SSL_SESSION *s)
- {
- if (s == NULL) return(0);
- return(s->time);
- }
-
-long SSL_SESSION_set_time(SSL_SESSION *s, long t)
- {
- if (s == NULL) return(0);
- s->time=t;
- return(t);
- }
-
-long SSL_CTX_set_timeout(SSL_CTX *s, long t)
- {
- long l;
- if (s == NULL) return(0);
- l=s->session_timeout;
- s->session_timeout=t;
- return(l);
- }
-
-long SSL_CTX_get_timeout(const SSL_CTX *s)
- {
- if (s == NULL) return(0);
- return(s->session_timeout);
- }
-
-typedef struct timeout_param_st
- {
- SSL_CTX *ctx;
- long time;
- LHASH *cache;
- } TIMEOUT_PARAM;
-
-static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
- {
- if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
- {
- /* The reason we don't call SSL_CTX_remove_session() is to
- * save on locking overhead */
- lh_delete(p->cache,s);
- SSL_SESSION_list_remove(p->ctx,s);
- s->not_resumable=1;
- if (p->ctx->remove_session_cb != NULL)
- p->ctx->remove_session_cb(p->ctx,s);
- SSL_SESSION_free(s);
- }
- }
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION *, TIMEOUT_PARAM *)
-
-void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
- {
- unsigned long i;
- TIMEOUT_PARAM tp;
-
- tp.ctx=s;
- tp.cache=s->sessions;
- if (tp.cache == NULL) return;
- tp.time=t;
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- i=tp.cache->down_load;
- tp.cache->down_load=0;
- lh_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), &tp);
- tp.cache->down_load=i;
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- }
-
-int ssl_clear_bad_session(SSL *s)
- {
- if ( (s->session != NULL) &&
- !(s->shutdown & SSL_SENT_SHUTDOWN) &&
- !(SSL_in_init(s) || SSL_in_before(s)))
- {
- SSL_CTX_remove_session(s->ctx,s->session);
- return(1);
- }
- else
- return(0);
- }
-
-/* locked by SSL_CTX in the calling function */
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
- {
- if ((s->next == NULL) || (s->prev == NULL)) return;
-
- if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
- { /* last element in list */
- if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
- { /* only one element in list */
- ctx->session_cache_head=NULL;
- ctx->session_cache_tail=NULL;
- }
- else
- {
- ctx->session_cache_tail=s->prev;
- s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
- }
- }
- else
- {
- if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
- { /* first element in list */
- ctx->session_cache_head=s->next;
- s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
- }
- else
- { /* middle of list */
- s->next->prev=s->prev;
- s->prev->next=s->next;
- }
- }
- s->prev=s->next=NULL;
- }
-
-static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
- {
- if ((s->next != NULL) && (s->prev != NULL))
- SSL_SESSION_list_remove(ctx,s);
-
- if (ctx->session_cache_head == NULL)
- {
- ctx->session_cache_head=s;
- ctx->session_cache_tail=s;
- s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
- s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
- }
- else
- {
- s->next=ctx->session_cache_head;
- s->next->prev=s;
- s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
- ctx->session_cache_head=s;
- }
- }
-
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
- int (*cb)(struct ssl_st *ssl,SSL_SESSION *sess))
- {
- ctx->new_session_cb=cb;
- }
-
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
- {
- return ctx->new_session_cb;
- }
-
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
- void (*cb)(SSL_CTX *ctx,SSL_SESSION *sess))
- {
- ctx->remove_session_cb=cb;
- }
-
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx,SSL_SESSION *sess)
- {
- return ctx->remove_session_cb;
- }
-
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
- SSL_SESSION *(*cb)(struct ssl_st *ssl,
- unsigned char *data,int len,int *copy))
- {
- ctx->get_session_cb=cb;
- }
-
-SSL_SESSION * (*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl,
- unsigned char *data,int len,int *copy)
- {
- return ctx->get_session_cb;
- }
-
-void SSL_CTX_set_info_callback(SSL_CTX *ctx,
- void (*cb)(const SSL *ssl,int type,int val))
- {
- ctx->info_callback=cb;
- }
-
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val)
- {
- return ctx->info_callback;
- }
-
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
- int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
- {
- ctx->client_cert_cb=cb;
- }
-
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509 , EVP_PKEY **pkey)
- {
- return ctx->client_cert_cb;
- }
-
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
- int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
- {
- ctx->app_gen_cookie_cb=cb;
- }
-
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
- int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len))
- {
- ctx->app_verify_cookie_cb=cb;
- }
-
diff --git a/crypto/openssl/ssl/ssl_stat.c b/crypto/openssl/ssl/ssl_stat.c
deleted file mode 100644
index b16d253..0000000
--- a/crypto/openssl/ssl/ssl_stat.c
+++ /dev/null
@@ -1,502 +0,0 @@
-/* ssl/ssl_stat.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-
-const char *SSL_state_string_long(const SSL *s)
- {
- const char *str;
-
- switch (s->state)
- {
-case SSL_ST_BEFORE: str="before SSL initialization"; break;
-case SSL_ST_ACCEPT: str="before accept initialization"; break;
-case SSL_ST_CONNECT: str="before connect initialization"; break;
-case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
-case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break;
-case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
-case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
-case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
-case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
-#ifndef OPENSSL_NO_SSL2
-case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
-case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_B: str="SSLv2 write client hello B"; break;
-case SSL2_ST_GET_SERVER_HELLO_A: str="SSLv2 read server hello A"; break;
-case SSL2_ST_GET_SERVER_HELLO_B: str="SSLv2 read server hello B"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="SSLv2 write client master key A"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="SSLv2 write client master key B"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_A: str="SSLv2 write client finished A"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_B: str="SSLv2 write client finished B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="SSLv2 write client certificate A"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="SSLv2 write client certificate B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="SSLv2 write client certificate C"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="SSLv2 write client certificate D"; break;
-case SSL2_ST_GET_SERVER_VERIFY_A: str="SSLv2 read server verify A"; break;
-case SSL2_ST_GET_SERVER_VERIFY_B: str="SSLv2 read server verify B"; break;
-case SSL2_ST_GET_SERVER_FINISHED_A: str="SSLv2 read server finished A"; break;
-case SSL2_ST_GET_SERVER_FINISHED_B: str="SSLv2 read server finished B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_A: str="SSLv2 read client hello A"; break;
-case SSL2_ST_GET_CLIENT_HELLO_B: str="SSLv2 read client hello B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_C: str="SSLv2 read client hello C"; break;
-case SSL2_ST_SEND_SERVER_HELLO_A: str="SSLv2 write server hello A"; break;
-case SSL2_ST_SEND_SERVER_HELLO_B: str="SSLv2 write server hello B"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="SSLv2 read client master key A"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="SSLv2 read client master key B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_A: str="SSLv2 write server verify A"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_B: str="SSLv2 write server verify B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_C: str="SSLv2 write server verify C"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_A: str="SSLv2 read client finished A"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_B: str="SSLv2 read client finished B"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_A: str="SSLv2 write server finished A"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_B: str="SSLv2 write server finished B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="SSLv2 write request certificate A"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="SSLv2 write request certificate B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="SSLv2 write request certificate C"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="SSLv2 write request certificate D"; break;
-case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificate"; break;
-case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
-#endif
-
-#ifndef OPENSSL_NO_SSL3
-/* SSLv3 additions */
-case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break;
-case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break;
-case SSL3_ST_CR_SRVR_HELLO_A: str="SSLv3 read server hello A"; break;
-case SSL3_ST_CR_SRVR_HELLO_B: str="SSLv3 read server hello B"; break;
-case SSL3_ST_CR_CERT_A: str="SSLv3 read server certificate A"; break;
-case SSL3_ST_CR_CERT_B: str="SSLv3 read server certificate B"; break;
-case SSL3_ST_CR_KEY_EXCH_A: str="SSLv3 read server key exchange A"; break;
-case SSL3_ST_CR_KEY_EXCH_B: str="SSLv3 read server key exchange B"; break;
-case SSL3_ST_CR_CERT_REQ_A: str="SSLv3 read server certificate request A"; break;
-case SSL3_ST_CR_CERT_REQ_B: str="SSLv3 read server certificate request B"; break;
-case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break;
-case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break;
-case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break;
-case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break;
-case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break;
-case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break;
-case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break;
-case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break;
-case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break;
-case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break;
-
-case SSL3_ST_CW_CHANGE_A:
-case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break;
-case SSL3_ST_CW_CHANGE_B:
-case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break;
-case SSL3_ST_CW_FINISHED_A:
-case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break;
-case SSL3_ST_CW_FINISHED_B:
-case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break;
-case SSL3_ST_CR_CHANGE_A:
-case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break;
-case SSL3_ST_CR_CHANGE_B:
-case SSL3_ST_SR_CHANGE_B: str="SSLv3 read change cipher spec B"; break;
-case SSL3_ST_CR_FINISHED_A:
-case SSL3_ST_SR_FINISHED_A: str="SSLv3 read finished A"; break;
-case SSL3_ST_CR_FINISHED_B:
-case SSL3_ST_SR_FINISHED_B: str="SSLv3 read finished B"; break;
-
-case SSL3_ST_CW_FLUSH:
-case SSL3_ST_SW_FLUSH: str="SSLv3 flush data"; break;
-
-case SSL3_ST_SR_CLNT_HELLO_A: str="SSLv3 read client hello A"; break;
-case SSL3_ST_SR_CLNT_HELLO_B: str="SSLv3 read client hello B"; break;
-case SSL3_ST_SR_CLNT_HELLO_C: str="SSLv3 read client hello C"; break;
-case SSL3_ST_SW_HELLO_REQ_A: str="SSLv3 write hello request A"; break;
-case SSL3_ST_SW_HELLO_REQ_B: str="SSLv3 write hello request B"; break;
-case SSL3_ST_SW_HELLO_REQ_C: str="SSLv3 write hello request C"; break;
-case SSL3_ST_SW_SRVR_HELLO_A: str="SSLv3 write server hello A"; break;
-case SSL3_ST_SW_SRVR_HELLO_B: str="SSLv3 write server hello B"; break;
-case SSL3_ST_SW_CERT_A: str="SSLv3 write certificate A"; break;
-case SSL3_ST_SW_CERT_B: str="SSLv3 write certificate B"; break;
-case SSL3_ST_SW_KEY_EXCH_A: str="SSLv3 write key exchange A"; break;
-case SSL3_ST_SW_KEY_EXCH_B: str="SSLv3 write key exchange B"; break;
-case SSL3_ST_SW_CERT_REQ_A: str="SSLv3 write certificate request A"; break;
-case SSL3_ST_SW_CERT_REQ_B: str="SSLv3 write certificate request B"; break;
-case SSL3_ST_SW_SRVR_DONE_A: str="SSLv3 write server done A"; break;
-case SSL3_ST_SW_SRVR_DONE_B: str="SSLv3 write server done B"; break;
-case SSL3_ST_SR_CERT_A: str="SSLv3 read client certificate A"; break;
-case SSL3_ST_SR_CERT_B: str="SSLv3 read client certificate B"; break;
-case SSL3_ST_SR_KEY_EXCH_A: str="SSLv3 read client key exchange A"; break;
-case SSL3_ST_SR_KEY_EXCH_B: str="SSLv3 read client key exchange B"; break;
-case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break;
-case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break;
-#endif
-
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
-/* SSLv2/v3 compatibility states */
-/* client */
-case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break;
-case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break;
-case SSL23_ST_CR_SRVR_HELLO_A: str="SSLv2/v3 read server hello A"; break;
-case SSL23_ST_CR_SRVR_HELLO_B: str="SSLv2/v3 read server hello B"; break;
-/* server */
-case SSL23_ST_SR_CLNT_HELLO_A: str="SSLv2/v3 read client hello A"; break;
-case SSL23_ST_SR_CLNT_HELLO_B: str="SSLv2/v3 read client hello B"; break;
-#endif
-
-default: str="unknown state"; break;
- }
- return(str);
- }
-
-const char *SSL_rstate_string_long(const SSL *s)
- {
- const char *str;
-
- switch (s->rstate)
- {
- case SSL_ST_READ_HEADER: str="read header"; break;
- case SSL_ST_READ_BODY: str="read body"; break;
- case SSL_ST_READ_DONE: str="read done"; break;
- default: str="unknown"; break;
- }
- return(str);
- }
-
-const char *SSL_state_string(const SSL *s)
- {
- const char *str;
-
- switch (s->state)
- {
-case SSL_ST_BEFORE: str="PINIT "; break;
-case SSL_ST_ACCEPT: str="AINIT "; break;
-case SSL_ST_CONNECT: str="CINIT "; break;
-case SSL_ST_OK: str="SSLOK "; break;
-#ifndef OPENSSL_NO_SSL2
-case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break;
-case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break;
-case SSL2_ST_SEND_CLIENT_HELLO_B: str="2SCH_B"; break;
-case SSL2_ST_GET_SERVER_HELLO_A: str="2GSH_A"; break;
-case SSL2_ST_GET_SERVER_HELLO_B: str="2GSH_B"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_A: str="2SCMKA"; break;
-case SSL2_ST_SEND_CLIENT_MASTER_KEY_B: str="2SCMKB"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_A: str="2SCF_A"; break;
-case SSL2_ST_SEND_CLIENT_FINISHED_B: str="2SCF_B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_A: str="2SCC_A"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_B: str="2SCC_B"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_C: str="2SCC_C"; break;
-case SSL2_ST_SEND_CLIENT_CERTIFICATE_D: str="2SCC_D"; break;
-case SSL2_ST_GET_SERVER_VERIFY_A: str="2GSV_A"; break;
-case SSL2_ST_GET_SERVER_VERIFY_B: str="2GSV_B"; break;
-case SSL2_ST_GET_SERVER_FINISHED_A: str="2GSF_A"; break;
-case SSL2_ST_GET_SERVER_FINISHED_B: str="2GSF_B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_A: str="2GCH_A"; break;
-case SSL2_ST_GET_CLIENT_HELLO_B: str="2GCH_B"; break;
-case SSL2_ST_GET_CLIENT_HELLO_C: str="2GCH_C"; break;
-case SSL2_ST_SEND_SERVER_HELLO_A: str="2SSH_A"; break;
-case SSL2_ST_SEND_SERVER_HELLO_B: str="2SSH_B"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_A: str="2GCMKA"; break;
-case SSL2_ST_GET_CLIENT_MASTER_KEY_B: str="2GCMKA"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_A: str="2SSV_A"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_B: str="2SSV_B"; break;
-case SSL2_ST_SEND_SERVER_VERIFY_C: str="2SSV_C"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_A: str="2GCF_A"; break;
-case SSL2_ST_GET_CLIENT_FINISHED_B: str="2GCF_B"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_A: str="2SSF_A"; break;
-case SSL2_ST_SEND_SERVER_FINISHED_B: str="2SSF_B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_A: str="2SRC_A"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_B: str="2SRC_B"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_C: str="2SRC_C"; break;
-case SSL2_ST_SEND_REQUEST_CERTIFICATE_D: str="2SRC_D"; break;
-case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break;
-case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break;
-#endif
-
-#ifndef OPENSSL_NO_SSL3
-/* SSLv3 additions */
-case SSL3_ST_SW_FLUSH:
-case SSL3_ST_CW_FLUSH: str="3FLUSH"; break;
-case SSL3_ST_CW_CLNT_HELLO_A: str="3WCH_A"; break;
-case SSL3_ST_CW_CLNT_HELLO_B: str="3WCH_B"; break;
-case SSL3_ST_CR_SRVR_HELLO_A: str="3RSH_A"; break;
-case SSL3_ST_CR_SRVR_HELLO_B: str="3RSH_B"; break;
-case SSL3_ST_CR_CERT_A: str="3RSC_A"; break;
-case SSL3_ST_CR_CERT_B: str="3RSC_B"; break;
-case SSL3_ST_CR_KEY_EXCH_A: str="3RSKEA"; break;
-case SSL3_ST_CR_KEY_EXCH_B: str="3RSKEB"; break;
-case SSL3_ST_CR_CERT_REQ_A: str="3RCR_A"; break;
-case SSL3_ST_CR_CERT_REQ_B: str="3RCR_B"; break;
-case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break;
-case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break;
-case SSL3_ST_CW_CERT_A: str="3WCC_A"; break;
-case SSL3_ST_CW_CERT_B: str="3WCC_B"; break;
-case SSL3_ST_CW_CERT_C: str="3WCC_C"; break;
-case SSL3_ST_CW_CERT_D: str="3WCC_D"; break;
-case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break;
-case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break;
-case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break;
-case SSL3_ST_CW_CERT_VRFY_B: str="3WCV_B"; break;
-
-case SSL3_ST_SW_CHANGE_A:
-case SSL3_ST_CW_CHANGE_A: str="3WCCSA"; break;
-case SSL3_ST_SW_CHANGE_B:
-case SSL3_ST_CW_CHANGE_B: str="3WCCSB"; break;
-case SSL3_ST_SW_FINISHED_A:
-case SSL3_ST_CW_FINISHED_A: str="3WFINA"; break;
-case SSL3_ST_SW_FINISHED_B:
-case SSL3_ST_CW_FINISHED_B: str="3WFINB"; break;
-case SSL3_ST_SR_CHANGE_A:
-case SSL3_ST_CR_CHANGE_A: str="3RCCSA"; break;
-case SSL3_ST_SR_CHANGE_B:
-case SSL3_ST_CR_CHANGE_B: str="3RCCSB"; break;
-case SSL3_ST_SR_FINISHED_A:
-case SSL3_ST_CR_FINISHED_A: str="3RFINA"; break;
-case SSL3_ST_SR_FINISHED_B:
-case SSL3_ST_CR_FINISHED_B: str="3RFINB"; break;
-
-case SSL3_ST_SW_HELLO_REQ_A: str="3WHR_A"; break;
-case SSL3_ST_SW_HELLO_REQ_B: str="3WHR_B"; break;
-case SSL3_ST_SW_HELLO_REQ_C: str="3WHR_C"; break;
-case SSL3_ST_SR_CLNT_HELLO_A: str="3RCH_A"; break;
-case SSL3_ST_SR_CLNT_HELLO_B: str="3RCH_B"; break;
-case SSL3_ST_SR_CLNT_HELLO_C: str="3RCH_C"; break;
-case SSL3_ST_SW_SRVR_HELLO_A: str="3WSH_A"; break;
-case SSL3_ST_SW_SRVR_HELLO_B: str="3WSH_B"; break;
-case SSL3_ST_SW_CERT_A: str="3WSC_A"; break;
-case SSL3_ST_SW_CERT_B: str="3WSC_B"; break;
-case SSL3_ST_SW_KEY_EXCH_A: str="3WSKEA"; break;
-case SSL3_ST_SW_KEY_EXCH_B: str="3WSKEB"; break;
-case SSL3_ST_SW_CERT_REQ_A: str="3WCR_A"; break;
-case SSL3_ST_SW_CERT_REQ_B: str="3WCR_B"; break;
-case SSL3_ST_SW_SRVR_DONE_A: str="3WSD_A"; break;
-case SSL3_ST_SW_SRVR_DONE_B: str="3WSD_B"; break;
-case SSL3_ST_SR_CERT_A: str="3RCC_A"; break;
-case SSL3_ST_SR_CERT_B: str="3RCC_B"; break;
-case SSL3_ST_SR_KEY_EXCH_A: str="3RCKEA"; break;
-case SSL3_ST_SR_KEY_EXCH_B: str="3RCKEB"; break;
-case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break;
-case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break;
-#endif
-
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
-/* SSLv2/v3 compatibility states */
-/* client */
-case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break;
-case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break;
-case SSL23_ST_CR_SRVR_HELLO_A: str="23RSHA"; break;
-case SSL23_ST_CR_SRVR_HELLO_B: str="23RSHA"; break;
-/* server */
-case SSL23_ST_SR_CLNT_HELLO_A: str="23RCHA"; break;
-case SSL23_ST_SR_CLNT_HELLO_B: str="23RCHB"; break;
-#endif
-
-default: str="UNKWN "; break;
- }
- return(str);
- }
-
-const char *SSL_alert_type_string_long(int value)
- {
- value>>=8;
- if (value == SSL3_AL_WARNING)
- return("warning");
- else if (value == SSL3_AL_FATAL)
- return("fatal");
- else
- return("unknown");
- }
-
-const char *SSL_alert_type_string(int value)
- {
- value>>=8;
- if (value == SSL3_AL_WARNING)
- return("W");
- else if (value == SSL3_AL_FATAL)
- return("F");
- else
- return("U");
- }
-
-const char *SSL_alert_desc_string(int value)
- {
- const char *str;
-
- switch (value & 0xff)
- {
- case SSL3_AD_CLOSE_NOTIFY: str="CN"; break;
- case SSL3_AD_UNEXPECTED_MESSAGE: str="UM"; break;
- case SSL3_AD_BAD_RECORD_MAC: str="BM"; break;
- case SSL3_AD_DECOMPRESSION_FAILURE: str="DF"; break;
- case SSL3_AD_HANDSHAKE_FAILURE: str="HF"; break;
- case SSL3_AD_NO_CERTIFICATE: str="NC"; break;
- case SSL3_AD_BAD_CERTIFICATE: str="BC"; break;
- case SSL3_AD_UNSUPPORTED_CERTIFICATE: str="UC"; break;
- case SSL3_AD_CERTIFICATE_REVOKED: str="CR"; break;
- case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break;
- case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break;
- case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break;
- case TLS1_AD_DECRYPTION_FAILED: str="DC"; break;
- case TLS1_AD_RECORD_OVERFLOW: str="RO"; break;
- case TLS1_AD_UNKNOWN_CA: str="CA"; break;
- case TLS1_AD_ACCESS_DENIED: str="AD"; break;
- case TLS1_AD_DECODE_ERROR: str="DE"; break;
- case TLS1_AD_DECRYPT_ERROR: str="CY"; break;
- case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break;
- case TLS1_AD_PROTOCOL_VERSION: str="PV"; break;
- case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break;
- case TLS1_AD_INTERNAL_ERROR: str="IE"; break;
- case TLS1_AD_USER_CANCELLED: str="US"; break;
- case TLS1_AD_NO_RENEGOTIATION: str="NR"; break;
- default: str="UK"; break;
- }
- return(str);
- }
-
-const char *SSL_alert_desc_string_long(int value)
- {
- const char *str;
-
- switch (value & 0xff)
- {
- case SSL3_AD_CLOSE_NOTIFY:
- str="close notify";
- break;
- case SSL3_AD_UNEXPECTED_MESSAGE:
- str="unexpected_message";
- break;
- case SSL3_AD_BAD_RECORD_MAC:
- str="bad record mac";
- break;
- case SSL3_AD_DECOMPRESSION_FAILURE:
- str="decompression failure";
- break;
- case SSL3_AD_HANDSHAKE_FAILURE:
- str="handshake failure";
- break;
- case SSL3_AD_NO_CERTIFICATE:
- str="no certificate";
- break;
- case SSL3_AD_BAD_CERTIFICATE:
- str="bad certificate";
- break;
- case SSL3_AD_UNSUPPORTED_CERTIFICATE:
- str="unsupported certificate";
- break;
- case SSL3_AD_CERTIFICATE_REVOKED:
- str="certificate revoked";
- break;
- case SSL3_AD_CERTIFICATE_EXPIRED:
- str="certificate expired";
- break;
- case SSL3_AD_CERTIFICATE_UNKNOWN:
- str="certificate unknown";
- break;
- case SSL3_AD_ILLEGAL_PARAMETER:
- str="illegal parameter";
- break;
- case TLS1_AD_DECRYPTION_FAILED:
- str="decryption failed";
- break;
- case TLS1_AD_RECORD_OVERFLOW:
- str="record overflow";
- break;
- case TLS1_AD_UNKNOWN_CA:
- str="unknown CA";
- break;
- case TLS1_AD_ACCESS_DENIED:
- str="access denied";
- break;
- case TLS1_AD_DECODE_ERROR:
- str="decode error";
- break;
- case TLS1_AD_DECRYPT_ERROR:
- str="decrypt error";
- break;
- case TLS1_AD_EXPORT_RESTRICTION:
- str="export restriction";
- break;
- case TLS1_AD_PROTOCOL_VERSION:
- str="protocol version";
- break;
- case TLS1_AD_INSUFFICIENT_SECURITY:
- str="insufficient security";
- break;
- case TLS1_AD_INTERNAL_ERROR:
- str="internal error";
- break;
- case TLS1_AD_USER_CANCELLED:
- str="user canceled";
- break;
- case TLS1_AD_NO_RENEGOTIATION:
- str="no renegotiation";
- break;
- default: str="unknown"; break;
- }
- return(str);
- }
-
-const char *SSL_rstate_string(const SSL *s)
- {
- const char *str;
-
- switch (s->rstate)
- {
- case SSL_ST_READ_HEADER:str="RH"; break;
- case SSL_ST_READ_BODY: str="RB"; break;
- case SSL_ST_READ_DONE: str="RD"; break;
- default: str="unknown"; break;
- }
- return(str);
- }
diff --git a/crypto/openssl/ssl/ssl_task.c b/crypto/openssl/ssl/ssl_task.c
deleted file mode 100644
index b5ce44b..0000000
--- a/crypto/openssl/ssl/ssl_task.c
+++ /dev/null
@@ -1,369 +0,0 @@
-/* ssl/ssl_task.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* VMS */
-/*
- * DECnet object for servicing SSL. We accept the inbound and speak a
- * simple protocol for multiplexing the 2 data streams (application and
- * ssl data) over this logical link.
- *
- * Logical names:
- * SSL_CIPHER Defines a list of cipher specifications the server
- * will support in order of preference.
- * SSL_SERVER_CERTIFICATE
- * Points to PEM (privacy enhanced mail) file that
- * contains the server certificate and private password.
- * SYS$NET Logical created by netserver.exe as hook for completing
- * DECnet logical link.
- *
- * Each NSP message sent over the DECnet link has the following structure:
- * struct rpc_msg {
- * char channel;
- * char function;
- * short length;
- * char data[MAX_DATA];
- * } msg;
- *
- * The channel field designates the virtual data stream this message applies
- * to and is one of:
- * A - Application data (payload).
- * R - Remote client connection that initiated the SSL connection. Encrypted
- * data is sent over this connection.
- * G - General data, reserved for future use.
- *
- * The data streams are half-duplex read/write and have following functions:
- * G - Get, requests that up to msg.length bytes of data be returned. The
- * data is returned in the next 'C' function response that matches the
- * requesting channel.
- * P - Put, requests that the first msg.length bytes of msg.data be appended
- * to the designated stream.
- * C - Confirms a get or put. Every get and put will get a confirm response,
- * you cannot initiate another function on a channel until the previous
- * operation has been confirmed.
- *
- * The 2 channels may interleave their operations, for example:
- * Server msg Client msg
- * A, Get, 4092 ---->
- * <---- R, get, 4092
- * R, Confirm, {hello} ---->
- * <---- R, put, {srv hello}
- * R, Confirm, 0 ---->
- * . (SSL handshake completed)
- * . (read first app data).
- * <---- A, confirm, {http data}
- * A, Put, {http data} ---->
- * <---- A, confirm, 0
- *
- * The length field is not permitted to be larger that 4092 bytes.
- *
- * Author: Dave Jones
- * Date: 22-JUL-1996
- */
-#include <stdlib.h>
-#include <stdio.h>
-#include <iodef.h> /* VMS IO$_ definitions */
-#include <descrip.h> /* VMS string descriptors */
-extern int SYS$QIOW(), SYS$ASSIGN();
-int LIB$INIT_TIMER(), LIB$SHOW_TIMER();
-
-#include <string.h> /* from ssltest.c */
-#include <errno.h>
-
-#include "e_os.h"
-
-#include <openssl/buffer.h>
-#include <openssl/x509.h>
-#include <openssl/ssl.h>
-#include <openssl/err.h>
-
-int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
- int error);
-BIO *bio_err=NULL;
-BIO *bio_stdout=NULL;
-BIO_METHOD *BIO_s_rtcp();
-
-static char *cipher=NULL;
-int verbose=1;
-#ifdef FIONBIO
-static int s_nbio=0;
-#endif
-#define TEST_SERVER_CERT "SSL_SERVER_CERTIFICATE"
-/*************************************************************************/
-struct rpc_msg { /* Should have member alignment inhibited */
- char channel; /* 'A'-app data. 'R'-remote client 'G'-global */
- char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */
- unsigned short int length; /* Amount of data returned or max to return */
- char data[4092]; /* variable data */
-};
-#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092)
-
-static $DESCRIPTOR(sysnet, "SYS$NET");
-typedef unsigned short io_channel;
-
-struct io_status {
- unsigned short status;
- unsigned short count;
- unsigned long stsval;
-};
-int doit(io_channel chan, SSL_CTX *s_ctx );
-/*****************************************************************************/
-/* Decnet I/O routines.
- */
-static int get ( io_channel chan, char *buffer, int maxlen, int *length )
-{
- int status;
- struct io_status iosb;
- status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
- buffer, maxlen, 0, 0, 0, 0 );
- if ( (status&1) == 1 ) status = iosb.status;
- if ( (status&1) == 1 ) *length = iosb.count;
- return status;
-}
-
-static int put ( io_channel chan, char *buffer, int length )
-{
- int status;
- struct io_status iosb;
- status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
- buffer, length, 0, 0, 0, 0 );
- if ( (status&1) == 1 ) status = iosb.status;
- return status;
-}
-/***************************************************************************/
-/* Handle operations on the 'G' channel.
- */
-static int general_request ( io_channel chan, struct rpc_msg *msg, int length )
-{
- return 48;
-}
-/***************************************************************************/
-int main ( int argc, char **argv )
-{
- int status, length;
- io_channel chan;
- struct rpc_msg msg;
-
- char *CApath=NULL,*CAfile=NULL;
- int badop=0;
- int ret=1;
- int client_auth=0;
- int server_auth=0;
- SSL_CTX *s_ctx=NULL;
- /*
- * Confirm logical link with initiating client.
- */
- LIB$INIT_TIMER();
- status = SYS$ASSIGN ( &sysnet, &chan, 0, 0, 0 );
- printf("status of assign to SYS$NET: %d\n", status );
- /*
- * Initialize standard out and error files.
- */
- if (bio_err == NULL)
- if ((bio_err=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
- if (bio_stdout == NULL)
- if ((bio_stdout=BIO_new(BIO_s_file())) != NULL)
- BIO_set_fp(bio_stdout,stdout,BIO_NOCLOSE);
- /*
- * get the preferred cipher list and other initialization
- */
- if (cipher == NULL) cipher=getenv("SSL_CIPHER");
- printf("cipher list: %s\n", cipher ? cipher : "{undefined}" );
-
- SSL_load_error_strings();
- OpenSSL_add_all_algorithms();
-
-/* DRM, this was the original, but there is no such thing as SSLv2()
- s_ctx=SSL_CTX_new(SSLv2());
-*/
- s_ctx=SSL_CTX_new(SSLv2_server_method());
-
- if (s_ctx == NULL) goto end;
-
- SSL_CTX_use_certificate_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM);
- SSL_CTX_use_RSAPrivateKey_file(s_ctx,TEST_SERVER_CERT,SSL_FILETYPE_PEM);
- printf("Loaded server certificate: '%s'\n", TEST_SERVER_CERT );
-
- /*
- * Take commands from client until bad status.
- */
- LIB$SHOW_TIMER();
- status = doit ( chan, s_ctx );
- LIB$SHOW_TIMER();
- /*
- * do final cleanup and exit.
- */
-end:
- if (s_ctx != NULL) SSL_CTX_free(s_ctx);
- LIB$SHOW_TIMER();
- return 1;
-}
-
-int doit(io_channel chan, SSL_CTX *s_ctx )
-{
- int status, length, link_state;
- struct rpc_msg msg;
-
- SSL *s_ssl=NULL;
- BIO *c_to_s=NULL;
- BIO *s_to_c=NULL;
- BIO *c_bio=NULL;
- BIO *s_bio=NULL;
- int i;
- int done=0;
-
- s_ssl=SSL_new(s_ctx);
- if (s_ssl == NULL) goto err;
-
- c_to_s=BIO_new(BIO_s_rtcp());
- s_to_c=BIO_new(BIO_s_rtcp());
- if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
-/* original, DRM 24-SEP-1997
- BIO_set_fd ( c_to_s, "", chan );
- BIO_set_fd ( s_to_c, "", chan );
-*/
- BIO_set_fd ( c_to_s, 0, chan );
- BIO_set_fd ( s_to_c, 0, chan );
-
- c_bio=BIO_new(BIO_f_ssl());
- s_bio=BIO_new(BIO_f_ssl());
- if ((c_bio == NULL) || (s_bio == NULL)) goto err;
-
- SSL_set_accept_state(s_ssl);
- SSL_set_bio(s_ssl,c_to_s,s_to_c);
- BIO_set_ssl(s_bio,s_ssl,BIO_CLOSE);
-
- /* We can always do writes */
- printf("Begin doit main loop\n");
- /*
- * Link states: 0-idle, 1-read pending, 2-write pending, 3-closed.
- */
- for (link_state = 0; link_state < 3; ) {
- /*
- * Wait for remote end to request data action on A channel.
- */
- while ( link_state == 0 ) {
- status = get ( chan, (char *) &msg, sizeof(msg), &length );
- if ( (status&1) == 0 ) {
- printf("Error in main loop get: %d\n", status );
- link_state = 3;
- break;
- }
- if ( length < RPC_HDR_SIZE ) {
- printf("Error in main loop get size: %d\n", length );
- break;
- link_state = 3;
- }
- if ( msg.channel != 'A' ) {
- printf("Error in main loop, unexpected channel: %c\n",
- msg.channel );
- break;
- link_state = 3;
- }
- if ( msg.function == 'G' ) {
- link_state = 1;
- } else if ( msg.function == 'P' ) {
- link_state = 2; /* write pending */
- } else if ( msg.function == 'X' ) {
- link_state = 3;
- } else {
- link_state = 3;
- }
- }
- if ( link_state == 1 ) {
- i = BIO_read ( s_bio, msg.data, msg.length );
- if ( i < 0 ) link_state = 3;
- else {
- msg.channel = 'A';
- msg.function = 'C'; /* confirm */
- msg.length = i;
- status = put ( chan, (char *) &msg, i+RPC_HDR_SIZE );
- if ( (status&1) == 0 ) break;
- link_state = 0;
- }
- } else if ( link_state == 2 ) {
- i = BIO_write ( s_bio, msg.data, msg.length );
- if ( i < 0 ) link_state = 3;
- else {
- msg.channel = 'A';
- msg.function = 'C'; /* confirm */
- msg.length = 0;
- status = put ( chan, (char *) &msg, RPC_HDR_SIZE );
- if ( (status&1) == 0 ) break;
- link_state = 0;
- }
- }
- }
- fprintf(stdout,"DONE\n");
-err:
- /* We have to set the BIO's to NULL otherwise they will be
- * free()ed twice. Once when th s_ssl is SSL_free()ed and
- * again when c_ssl is SSL_free()ed.
- * This is a hack required because s_ssl and c_ssl are sharing the same
- * BIO structure and SSL_set_bio() and SSL_free() automatically
- * BIO_free non NULL entries.
- * You should not normally do this or be required to do this */
- s_ssl->rbio=NULL;
- s_ssl->wbio=NULL;
-
- if (c_to_s != NULL) BIO_free(c_to_s);
- if (s_to_c != NULL) BIO_free(s_to_c);
- if (c_bio != NULL) BIO_free(c_bio);
- if (s_bio != NULL) BIO_free(s_bio);
- return(0);
-}
diff --git a/crypto/openssl/ssl/ssl_txt.c b/crypto/openssl/ssl/ssl_txt.c
deleted file mode 100644
index 4eb0867..0000000
--- a/crypto/openssl/ssl/ssl_txt.c
+++ /dev/null
@@ -1,188 +0,0 @@
-/* ssl/ssl_txt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/buffer.h>
-#include "ssl_locl.h"
-
-#ifndef OPENSSL_NO_FP_API
-int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
- {
- BIO *b;
- int ret;
-
- if ((b=BIO_new(BIO_s_file_internal())) == NULL)
- {
- SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
- return(0);
- }
- BIO_set_fp(b,fp,BIO_NOCLOSE);
- ret=SSL_SESSION_print(b,x);
- BIO_free(b);
- return(ret);
- }
-#endif
-
-int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
- {
- unsigned int i;
- const char *s;
-
- if (x == NULL) goto err;
- if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
- if (x->ssl_version == SSL2_VERSION)
- s="SSLv2";
- else if (x->ssl_version == SSL3_VERSION)
- s="SSLv3";
- else if (x->ssl_version == TLS1_VERSION)
- s="TLSv1";
- else
- s="unknown";
- if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err;
-
- if (x->cipher == NULL)
- {
- if (((x->cipher_id) & 0xff000000) == 0x02000000)
- {
- if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0)
- goto err;
- }
- else
- {
- if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0)
- goto err;
- }
- }
- else
- {
- if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
- goto err;
- }
- if (BIO_puts(bp," Session-ID: ") <= 0) goto err;
- for (i=0; i<x->session_id_length; i++)
- {
- if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
- }
- if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err;
- for (i=0; i<x->sid_ctx_length; i++)
- {
- if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
- goto err;
- }
- if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err;
- for (i=0; i<(unsigned int)x->master_key_length; i++)
- {
- if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
- }
- if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err;
- if (x->key_arg_length == 0)
- {
- if (BIO_puts(bp,"None") <= 0) goto err;
- }
- else
- for (i=0; i<x->key_arg_length; i++)
- {
- if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
- }
-#ifndef OPENSSL_NO_KRB5
- if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err;
- if (x->krb5_client_princ_len == 0)
- {
- if (BIO_puts(bp,"None") <= 0) goto err;
- }
- else
- for (i=0; i<x->krb5_client_princ_len; i++)
- {
- if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
- }
-#endif /* OPENSSL_NO_KRB5 */
-#ifndef OPENSSL_NO_COMP
- if (x->compress_meth != 0)
- {
- SSL_COMP *comp = NULL;
-
- ssl_cipher_get_evp(x,NULL,NULL,&comp);
- if (comp == NULL)
- {
- if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err;
- }
- else
- {
- if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
- }
- }
-#endif
- if (x->time != 0L)
- {
- if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err;
- }
- if (x->timeout != 0L)
- {
- if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err;
- }
- if (BIO_puts(bp,"\n") <= 0) goto err;
-
- if (BIO_puts(bp, " Verify return code: ") <= 0) goto err;
- if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
- X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
-
- return(1);
-err:
- return(0);
- }
-
diff --git a/crypto/openssl/ssl/ssltest.c b/crypto/openssl/ssl/ssltest.c
deleted file mode 100644
index 517657c0..0000000
--- a/crypto/openssl/ssl/ssltest.c
+++ /dev/null
@@ -1,2294 +0,0 @@
-/* ssl/ssltest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#define _BSD_SOURCE 1 /* Or gethostname won't be declared properly
- on Linux and GNU platforms. */
-
-#include <assert.h>
-#include <errno.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-
-#define USE_SOCKETS
-#include "e_os.h"
-
-#define _XOPEN_SOURCE 500 /* Or isascii won't be declared properly on
- VMS (at least with DECompHP C). */
-#include <ctype.h>
-
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/ssl.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#include <openssl/bn.h>
-
-#define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
- on Compaq platforms (at least with DEC C).
- Do not try to put it earlier, or IPv6 includes
- get screwed...
- */
-
-#ifdef OPENSSL_SYS_WINDOWS
-#include <winsock.h>
-#else
-#include OPENSSL_UNISTD
-#endif
-
-#ifdef OPENSSL_SYS_VMS
-# define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
-# define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
-#elif defined(OPENSSL_SYS_WINCE)
-# define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
-# define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
-#elif defined(OPENSSL_SYS_NETWARE)
-# define TEST_SERVER_CERT "\\openssl\\apps\\server.pem"
-# define TEST_CLIENT_CERT "\\openssl\\apps\\client.pem"
-#else
-# define TEST_SERVER_CERT "../apps/server.pem"
-# define TEST_CLIENT_CERT "../apps/client.pem"
-#endif
-
-/* There is really no standard for this, so let's assign some tentative
- numbers. In any case, these numbers are only for this test */
-#define COMP_RLE 255
-#define COMP_ZLIB 1
-
-static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-#ifndef OPENSSL_NO_RSA
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
-static void free_tmp_rsa(void);
-#endif
-static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
-#define APP_CALLBACK_STRING "Test Callback Argument"
-struct app_verify_arg
- {
- char *string;
- int app_verify;
- int allow_proxy_certs;
- char *proxy_auth;
- char *proxy_cond;
- };
-
-#ifndef OPENSSL_NO_DH
-static DH *get_dh512(void);
-static DH *get_dh1024(void);
-static DH *get_dh1024dsa(void);
-#endif
-
-static BIO *bio_err=NULL;
-static BIO *bio_stdout=NULL;
-
-static char *cipher=NULL;
-static int verbose=0;
-static int debug=0;
-#if 0
-/* Not used yet. */
-#ifdef FIONBIO
-static int s_nbio=0;
-#endif
-#endif
-
-static const char rnd_seed[] = "string to make the random number generator think it has entropy";
-
-int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
-int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
-static int do_test_cipherlist(void);
-static void sv_usage(void)
- {
- fprintf(stderr,"usage: ssltest [args ...]\n");
- fprintf(stderr,"\n");
- fprintf(stderr," -server_auth - check server certificate\n");
- fprintf(stderr," -client_auth - do client authentication\n");
- fprintf(stderr," -proxy - allow proxy certificates\n");
- fprintf(stderr," -proxy_auth <val> - set proxy policy rights\n");
- fprintf(stderr," -proxy_cond <val> - experssion to test proxy policy rights\n");
- fprintf(stderr," -v - more output\n");
- fprintf(stderr," -d - debug output\n");
- fprintf(stderr," -reuse - use session-id reuse\n");
- fprintf(stderr," -num <val> - number of connections to perform\n");
- fprintf(stderr," -bytes <val> - number of bytes to swap between client/server\n");
-#ifndef OPENSSL_NO_DH
- fprintf(stderr," -dhe1024 - use 1024 bit key (safe prime) for DHE\n");
- fprintf(stderr," -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n");
- fprintf(stderr," -no_dhe - disable DHE\n");
-#endif
-#ifndef OPENSSL_NO_ECDH
- fprintf(stderr," -no_ecdhe - disable ECDHE\n");
-#endif
-#ifndef OPENSSL_NO_SSL2
- fprintf(stderr," -ssl2 - use SSLv2\n");
-#endif
-#ifndef OPENSSL_NO_SSL3
- fprintf(stderr," -ssl3 - use SSLv3\n");
-#endif
-#ifndef OPENSSL_NO_TLS1
- fprintf(stderr," -tls1 - use TLSv1\n");
-#endif
- fprintf(stderr," -CApath arg - PEM format directory of CA's\n");
- fprintf(stderr," -CAfile arg - PEM format file of CA's\n");
- fprintf(stderr," -cert arg - Server certificate file\n");
- fprintf(stderr," -key arg - Server key file (default: same as -cert)\n");
- fprintf(stderr," -c_cert arg - Client certificate file\n");
- fprintf(stderr," -c_key arg - Client key file (default: same as -c_cert)\n");
- fprintf(stderr," -cipher arg - The cipher list\n");
- fprintf(stderr," -bio_pair - Use BIO pairs\n");
- fprintf(stderr," -f - Test even cases that can't work\n");
- fprintf(stderr," -time - measure processor time used by client and server\n");
- fprintf(stderr," -zlib - use zlib compression\n");
- fprintf(stderr," -rle - use rle compression\n");
-#ifndef OPENSSL_NO_ECDH
- fprintf(stderr," -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" \
- " Use \"openssl ecparam -list_curves\" for all names\n" \
- " (default is sect163r2).\n");
-#endif
- fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
- }
-
-static void print_details(SSL *c_ssl, const char *prefix)
- {
- SSL_CIPHER *ciph;
- X509 *cert;
-
- ciph=SSL_get_current_cipher(c_ssl);
- BIO_printf(bio_stdout,"%s%s, cipher %s %s",
- prefix,
- SSL_get_version(c_ssl),
- SSL_CIPHER_get_version(ciph),
- SSL_CIPHER_get_name(ciph));
- cert=SSL_get_peer_certificate(c_ssl);
- if (cert != NULL)
- {
- EVP_PKEY *pkey = X509_get_pubkey(cert);
- if (pkey != NULL)
- {
- if (0)
- ;
-#ifndef OPENSSL_NO_RSA
- else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
- && pkey->pkey.rsa->n != NULL)
- {
- BIO_printf(bio_stdout, ", %d bit RSA",
- BN_num_bits(pkey->pkey.rsa->n));
- }
-#endif
-#ifndef OPENSSL_NO_DSA
- else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
- && pkey->pkey.dsa->p != NULL)
- {
- BIO_printf(bio_stdout, ", %d bit DSA",
- BN_num_bits(pkey->pkey.dsa->p));
- }
-#endif
- EVP_PKEY_free(pkey);
- }
- X509_free(cert);
- }
- /* The SSL API does not allow us to look at temporary RSA/DH keys,
- * otherwise we should print their lengths too */
- BIO_printf(bio_stdout,"\n");
- }
-
-static void lock_dbg_cb(int mode, int type, const char *file, int line)
- {
- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
- const char *errstr = NULL;
- int rw;
-
- rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
- if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
- {
- errstr = "invalid mode";
- goto err;
- }
-
- if (type < 0 || type >= CRYPTO_NUM_LOCKS)
- {
- errstr = "type out of bounds";
- goto err;
- }
-
- if (mode & CRYPTO_LOCK)
- {
- if (modes[type])
- {
- errstr = "already locked";
- /* must not happen in a single-threaded program
- * (would deadlock) */
- goto err;
- }
-
- modes[type] = rw;
- }
- else if (mode & CRYPTO_UNLOCK)
- {
- if (!modes[type])
- {
- errstr = "not locked";
- goto err;
- }
-
- if (modes[type] != rw)
- {
- errstr = (rw == CRYPTO_READ) ?
- "CRYPTO_r_unlock on write lock" :
- "CRYPTO_w_unlock on read lock";
- }
-
- modes[type] = 0;
- }
- else
- {
- errstr = "invalid mode";
- goto err;
- }
-
- err:
- if (errstr)
- {
- /* we cannot use bio_err here */
- fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
- errstr, mode, type, file, line);
- }
- }
-
-
-int main(int argc, char *argv[])
- {
- char *CApath=NULL,*CAfile=NULL;
- int badop=0;
- int bio_pair=0;
- int force=0;
- int tls1=0,ssl2=0,ssl3=0,ret=1;
- int client_auth=0;
- int server_auth=0,i;
- struct app_verify_arg app_verify_arg =
- { APP_CALLBACK_STRING, 0, 0, NULL, NULL };
- char *server_cert=TEST_SERVER_CERT;
- char *server_key=NULL;
- char *client_cert=TEST_CLIENT_CERT;
- char *client_key=NULL;
-#ifndef OPENSSL_NO_ECDH
- char *named_curve = NULL;
-#endif
- SSL_CTX *s_ctx=NULL;
- SSL_CTX *c_ctx=NULL;
- SSL_METHOD *meth=NULL;
- SSL *c_ssl,*s_ssl;
- int number=1,reuse=0;
- long bytes=256L;
-#ifndef OPENSSL_NO_DH
- DH *dh;
- int dhe1024 = 0, dhe1024dsa = 0;
-#endif
-#ifndef OPENSSL_NO_ECDH
- EC_KEY *ecdh = NULL;
-#endif
- int no_dhe = 0;
- int no_ecdhe = 0;
- int print_time = 0;
- clock_t s_time = 0, c_time = 0;
- int comp = 0;
-#ifndef OPENSSL_NO_COMP
- COMP_METHOD *cm = NULL;
-#endif
- STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
- int test_cipherlist = 0;
-
- verbose = 0;
- debug = 0;
- cipher = 0;
-
- bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
- CRYPTO_set_locking_callback(lock_dbg_cb);
-
- /* enable memory leak checking unless explicitly disabled */
- if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
- {
- CRYPTO_malloc_debug_init();
- CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
- }
- else
- {
- /* OPENSSL_DEBUG_MEMORY=off */
- CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
- }
- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
- RAND_seed(rnd_seed, sizeof rnd_seed);
-
- bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
-
- argc--;
- argv++;
-
- while (argc >= 1)
- {
- if (strcmp(*argv,"-server_auth") == 0)
- server_auth=1;
- else if (strcmp(*argv,"-client_auth") == 0)
- client_auth=1;
- else if (strcmp(*argv,"-proxy_auth") == 0)
- {
- if (--argc < 1) goto bad;
- app_verify_arg.proxy_auth= *(++argv);
- }
- else if (strcmp(*argv,"-proxy_cond") == 0)
- {
- if (--argc < 1) goto bad;
- app_verify_arg.proxy_cond= *(++argv);
- }
- else if (strcmp(*argv,"-v") == 0)
- verbose=1;
- else if (strcmp(*argv,"-d") == 0)
- debug=1;
- else if (strcmp(*argv,"-reuse") == 0)
- reuse=1;
- else if (strcmp(*argv,"-dhe1024") == 0)
- {
-#ifndef OPENSSL_NO_DH
- dhe1024=1;
-#else
- fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
-#endif
- }
- else if (strcmp(*argv,"-dhe1024dsa") == 0)
- {
-#ifndef OPENSSL_NO_DH
- dhe1024dsa=1;
-#else
- fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
-#endif
- }
- else if (strcmp(*argv,"-no_dhe") == 0)
- no_dhe=1;
- else if (strcmp(*argv,"-no_ecdhe") == 0)
- no_ecdhe=1;
- else if (strcmp(*argv,"-ssl2") == 0)
- ssl2=1;
- else if (strcmp(*argv,"-tls1") == 0)
- tls1=1;
- else if (strcmp(*argv,"-ssl3") == 0)
- ssl3=1;
- else if (strncmp(*argv,"-num",4) == 0)
- {
- if (--argc < 1) goto bad;
- number= atoi(*(++argv));
- if (number == 0) number=1;
- }
- else if (strcmp(*argv,"-bytes") == 0)
- {
- if (--argc < 1) goto bad;
- bytes= atol(*(++argv));
- if (bytes == 0L) bytes=1L;
- i=strlen(argv[0]);
- if (argv[0][i-1] == 'k') bytes*=1024L;
- if (argv[0][i-1] == 'm') bytes*=1024L*1024L;
- }
- else if (strcmp(*argv,"-cert") == 0)
- {
- if (--argc < 1) goto bad;
- server_cert= *(++argv);
- }
- else if (strcmp(*argv,"-s_cert") == 0)
- {
- if (--argc < 1) goto bad;
- server_cert= *(++argv);
- }
- else if (strcmp(*argv,"-key") == 0)
- {
- if (--argc < 1) goto bad;
- server_key= *(++argv);
- }
- else if (strcmp(*argv,"-s_key") == 0)
- {
- if (--argc < 1) goto bad;
- server_key= *(++argv);
- }
- else if (strcmp(*argv,"-c_cert") == 0)
- {
- if (--argc < 1) goto bad;
- client_cert= *(++argv);
- }
- else if (strcmp(*argv,"-c_key") == 0)
- {
- if (--argc < 1) goto bad;
- client_key= *(++argv);
- }
- else if (strcmp(*argv,"-cipher") == 0)
- {
- if (--argc < 1) goto bad;
- cipher= *(++argv);
- }
- else if (strcmp(*argv,"-CApath") == 0)
- {
- if (--argc < 1) goto bad;
- CApath= *(++argv);
- }
- else if (strcmp(*argv,"-CAfile") == 0)
- {
- if (--argc < 1) goto bad;
- CAfile= *(++argv);
- }
- else if (strcmp(*argv,"-bio_pair") == 0)
- {
- bio_pair = 1;
- }
- else if (strcmp(*argv,"-f") == 0)
- {
- force = 1;
- }
- else if (strcmp(*argv,"-time") == 0)
- {
- print_time = 1;
- }
- else if (strcmp(*argv,"-zlib") == 0)
- {
- comp = COMP_ZLIB;
- }
- else if (strcmp(*argv,"-rle") == 0)
- {
- comp = COMP_RLE;
- }
- else if (strcmp(*argv,"-named_curve") == 0)
- {
- if (--argc < 1) goto bad;
-#ifndef OPENSSL_NO_ECDH
- named_curve = *(++argv);
-#else
- fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n");
- ++argv;
-#endif
- }
- else if (strcmp(*argv,"-app_verify") == 0)
- {
- app_verify_arg.app_verify = 1;
- }
- else if (strcmp(*argv,"-proxy") == 0)
- {
- app_verify_arg.allow_proxy_certs = 1;
- }
- else if (strcmp(*argv,"-test_cipherlist") == 0)
- {
- test_cipherlist = 1;
- }
- else
- {
- fprintf(stderr,"unknown option %s\n",*argv);
- badop=1;
- break;
- }
- argc--;
- argv++;
- }
- if (badop)
- {
-bad:
- sv_usage();
- goto end;
- }
-
- if (test_cipherlist == 1)
- {
- /* ensure that the cipher list are correctly sorted and exit */
- if (do_test_cipherlist() == 0)
- EXIT(1);
- ret = 0;
- goto end;
- }
-
- if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
- {
- fprintf(stderr, "This case cannot work. Use -f to perform "
- "the test anyway (and\n-d to see what happens), "
- "or add one of -ssl2, -ssl3, -tls1, -reuse\n"
- "to avoid protocol mismatch.\n");
- EXIT(1);
- }
-
- if (print_time)
- {
- if (!bio_pair)
- {
- fprintf(stderr, "Using BIO pair (-bio_pair)\n");
- bio_pair = 1;
- }
- if (number < 50 && !force)
- fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
- }
-
-/* if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
-
- SSL_library_init();
- SSL_load_error_strings();
-
-#ifndef OPENSSL_NO_COMP
- if (comp == COMP_ZLIB) cm = COMP_zlib();
- if (comp == COMP_RLE) cm = COMP_rle();
- if (cm != NULL)
- {
- if (cm->type != NID_undef)
- {
- if (SSL_COMP_add_compression_method(comp, cm) != 0)
- {
- fprintf(stderr,
- "Failed to add compression method\n");
- ERR_print_errors_fp(stderr);
- }
- }
- else
- {
- fprintf(stderr,
- "Warning: %s compression not supported\n",
- (comp == COMP_RLE ? "rle" :
- (comp == COMP_ZLIB ? "zlib" :
- "unknown")));
- ERR_print_errors_fp(stderr);
- }
- }
- ssl_comp_methods = SSL_COMP_get_compression_methods();
- fprintf(stderr, "Available compression methods:\n");
- {
- int j, n = sk_SSL_COMP_num(ssl_comp_methods);
- if (n == 0)
- fprintf(stderr, " NONE\n");
- else
- for (j = 0; j < n; j++)
- {
- SSL_COMP *c = sk_SSL_COMP_value(ssl_comp_methods, j);
- fprintf(stderr, " %d: %s\n", c->id, c->name);
- }
- }
-#endif
-
-#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
- if (ssl2)
- meth=SSLv2_method();
- else
- if (tls1)
- meth=TLSv1_method();
- else
- if (ssl3)
- meth=SSLv3_method();
- else
- meth=SSLv23_method();
-#else
-#ifdef OPENSSL_NO_SSL2
- meth=SSLv3_method();
-#else
- meth=SSLv2_method();
-#endif
-#endif
-
- c_ctx=SSL_CTX_new(meth);
- s_ctx=SSL_CTX_new(meth);
- if ((c_ctx == NULL) || (s_ctx == NULL))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (cipher != NULL)
- {
- SSL_CTX_set_cipher_list(c_ctx,cipher);
- SSL_CTX_set_cipher_list(s_ctx,cipher);
- }
-
-#ifndef OPENSSL_NO_DH
- if (!no_dhe)
- {
- if (dhe1024dsa)
- {
- /* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
- SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
- dh=get_dh1024dsa();
- }
- else if (dhe1024)
- dh=get_dh1024();
- else
- dh=get_dh512();
- SSL_CTX_set_tmp_dh(s_ctx,dh);
- DH_free(dh);
- }
-#else
- (void)no_dhe;
-#endif
-
-#ifndef OPENSSL_NO_ECDH
- if (!no_ecdhe)
- {
- int nid;
-
- if (named_curve != NULL)
- {
- nid = OBJ_sn2nid(named_curve);
- if (nid == 0)
- {
- BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
- goto end;
- }
- }
- else
- nid = NID_sect163r2;
-
- ecdh = EC_KEY_new_by_curve_name(nid);
- if (ecdh == NULL)
- {
- BIO_printf(bio_err, "unable to create curve\n");
- goto end;
- }
-
- SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
- SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
- EC_KEY_free(ecdh);
- }
-#else
- (void)no_ecdhe;
-#endif
-
-#ifndef OPENSSL_NO_RSA
- SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
-#endif
-
- if (!SSL_CTX_use_certificate_file(s_ctx,server_cert,SSL_FILETYPE_PEM))
- {
- ERR_print_errors(bio_err);
- }
- else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
- (server_key?server_key:server_cert), SSL_FILETYPE_PEM))
- {
- ERR_print_errors(bio_err);
- goto end;
- }
-
- if (client_auth)
- {
- SSL_CTX_use_certificate_file(c_ctx,client_cert,
- SSL_FILETYPE_PEM);
- SSL_CTX_use_PrivateKey_file(c_ctx,
- (client_key?client_key:client_cert),
- SSL_FILETYPE_PEM);
- }
-
- if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(s_ctx)) ||
- (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
- (!SSL_CTX_set_default_verify_paths(c_ctx)))
- {
- /* fprintf(stderr,"SSL_load_verify_locations\n"); */
- ERR_print_errors(bio_err);
- /* goto end; */
- }
-
- if (client_auth)
- {
- BIO_printf(bio_err,"client authentication\n");
- SSL_CTX_set_verify(s_ctx,
- SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
- verify_callback);
- SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, &app_verify_arg);
- }
- if (server_auth)
- {
- BIO_printf(bio_err,"server authentication\n");
- SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
- verify_callback);
- SSL_CTX_set_cert_verify_callback(c_ctx, app_verify_callback, &app_verify_arg);
- }
-
- {
- int session_id_context = 0;
- SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
- }
-
- c_ssl=SSL_new(c_ctx);
- s_ssl=SSL_new(s_ctx);
-
-#ifndef OPENSSL_NO_KRB5
- if (c_ssl && c_ssl->kssl_ctx)
- {
- char localhost[MAXHOSTNAMELEN+2];
-
- if (gethostname(localhost, sizeof localhost-1) == 0)
- {
- localhost[sizeof localhost-1]='\0';
- if(strlen(localhost) == sizeof localhost-1)
- {
- BIO_printf(bio_err,"localhost name too long\n");
- goto end;
- }
- kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
- localhost);
- }
- }
-#endif /* OPENSSL_NO_KRB5 */
-
- for (i=0; i<number; i++)
- {
- if (!reuse) SSL_set_session(c_ssl,NULL);
- if (bio_pair)
- ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time);
- else
- ret=doit(s_ssl,c_ssl,bytes);
- }
-
- if (!verbose)
- {
- print_details(c_ssl, "");
- }
- if ((number > 1) || (bytes > 1L))
- BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
- if (print_time)
- {
-#ifdef CLOCKS_PER_SEC
- /* "To determine the time in seconds, the value returned
- * by the clock function should be divided by the value
- * of the macro CLOCKS_PER_SEC."
- * -- ISO/IEC 9899 */
- BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
- "Approximate total client time: %6.2f s\n",
- (double)s_time/CLOCKS_PER_SEC,
- (double)c_time/CLOCKS_PER_SEC);
-#else
- /* "`CLOCKS_PER_SEC' undeclared (first use this function)"
- * -- cc on NeXTstep/OpenStep */
- BIO_printf(bio_stdout,
- "Approximate total server time: %6.2f units\n"
- "Approximate total client time: %6.2f units\n",
- (double)s_time,
- (double)c_time);
-#endif
- }
-
- SSL_free(s_ssl);
- SSL_free(c_ssl);
-
-end:
- if (s_ctx != NULL) SSL_CTX_free(s_ctx);
- if (c_ctx != NULL) SSL_CTX_free(c_ctx);
-
- if (bio_stdout != NULL) BIO_free(bio_stdout);
-
-#ifndef OPENSSL_NO_RSA
- free_tmp_rsa();
-#endif
-#ifndef OPENSSL_NO_ENGINE
- ENGINE_cleanup();
-#endif
- CRYPTO_cleanup_all_ex_data();
- ERR_free_strings();
- ERR_remove_state(0);
- EVP_cleanup();
- CRYPTO_mem_leaks(bio_err);
- if (bio_err != NULL) BIO_free(bio_err);
- EXIT(ret);
- return ret;
- }
-
-int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
- clock_t *s_time, clock_t *c_time)
- {
- long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
- BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
- BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
- int ret = 1;
-
- size_t bufsiz = 256; /* small buffer for testing */
-
- if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
- goto err;
- if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
- goto err;
-
- s_ssl_bio = BIO_new(BIO_f_ssl());
- if (!s_ssl_bio)
- goto err;
-
- c_ssl_bio = BIO_new(BIO_f_ssl());
- if (!c_ssl_bio)
- goto err;
-
- SSL_set_connect_state(c_ssl);
- SSL_set_bio(c_ssl, client, client);
- (void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
-
- SSL_set_accept_state(s_ssl);
- SSL_set_bio(s_ssl, server, server);
- (void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
-
- do
- {
- /* c_ssl_bio: SSL filter BIO
- *
- * client: pseudo-I/O for SSL library
- *
- * client_io: client's SSL communication; usually to be
- * relayed over some I/O facility, but in this
- * test program, we're the server, too:
- *
- * server_io: server's SSL communication
- *
- * server: pseudo-I/O for SSL library
- *
- * s_ssl_bio: SSL filter BIO
- *
- * The client and the server each employ a "BIO pair":
- * client + client_io, server + server_io.
- * BIO pairs are symmetric. A BIO pair behaves similar
- * to a non-blocking socketpair (but both endpoints must
- * be handled by the same thread).
- * [Here we could connect client and server to the ends
- * of a single BIO pair, but then this code would be less
- * suitable as an example for BIO pairs in general.]
- *
- * Useful functions for querying the state of BIO pair endpoints:
- *
- * BIO_ctrl_pending(bio) number of bytes we can read now
- * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
- * other side's read attempt
- * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
- *
- * ..._read_request is never more than ..._write_guarantee;
- * it depends on the application which one you should use.
- */
-
- /* We have non-blocking behaviour throughout this test program, but
- * can be sure that there is *some* progress in each iteration; so
- * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
- * -- we just try everything in each iteration
- */
-
- {
- /* CLIENT */
-
- MS_STATIC char cbuf[1024*8];
- int i, r;
- clock_t c_clock = clock();
-
- memset(cbuf, 0, sizeof(cbuf));
-
- if (debug)
- if (SSL_in_init(c_ssl))
- printf("client waiting in SSL_connect - %s\n",
- SSL_state_string_long(c_ssl));
-
- if (cw_num > 0)
- {
- /* Write to server. */
-
- if (cw_num > (long)sizeof cbuf)
- i = sizeof cbuf;
- else
- i = (int)cw_num;
- r = BIO_write(c_ssl_bio, cbuf, i);
- if (r < 0)
- {
- if (!BIO_should_retry(c_ssl_bio))
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- goto err;
- }
- /* BIO_should_retry(...) can just be ignored here.
- * The library expects us to call BIO_write with
- * the same arguments again, and that's what we will
- * do in the next iteration. */
- }
- else if (r == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("client wrote %d\n", r);
- cw_num -= r;
- }
- }
-
- if (cr_num > 0)
- {
- /* Read from server. */
-
- r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
- if (r < 0)
- {
- if (!BIO_should_retry(c_ssl_bio))
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- goto err;
- }
- /* Again, "BIO_should_retry" can be ignored. */
- }
- else if (r == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("client read %d\n", r);
- cr_num -= r;
- }
- }
-
- /* c_time and s_time increments will typically be very small
- * (depending on machine speed and clock tick intervals),
- * but sampling over a large number of connections should
- * result in fairly accurate figures. We cannot guarantee
- * a lot, however -- if each connection lasts for exactly
- * one clock tick, it will be counted only for the client
- * or only for the server or even not at all.
- */
- *c_time += (clock() - c_clock);
- }
-
- {
- /* SERVER */
-
- MS_STATIC char sbuf[1024*8];
- int i, r;
- clock_t s_clock = clock();
-
- memset(sbuf, 0, sizeof(sbuf));
-
- if (debug)
- if (SSL_in_init(s_ssl))
- printf("server waiting in SSL_accept - %s\n",
- SSL_state_string_long(s_ssl));
-
- if (sw_num > 0)
- {
- /* Write to client. */
-
- if (sw_num > (long)sizeof sbuf)
- i = sizeof sbuf;
- else
- i = (int)sw_num;
- r = BIO_write(s_ssl_bio, sbuf, i);
- if (r < 0)
- {
- if (!BIO_should_retry(s_ssl_bio))
- {
- fprintf(stderr,"ERROR in SERVER\n");
- goto err;
- }
- /* Ignore "BIO_should_retry". */
- }
- else if (r == 0)
- {
- fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("server wrote %d\n", r);
- sw_num -= r;
- }
- }
-
- if (sr_num > 0)
- {
- /* Read from client. */
-
- r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
- if (r < 0)
- {
- if (!BIO_should_retry(s_ssl_bio))
- {
- fprintf(stderr,"ERROR in SERVER\n");
- goto err;
- }
- /* blah, blah */
- }
- else if (r == 0)
- {
- fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("server read %d\n", r);
- sr_num -= r;
- }
- }
-
- *s_time += (clock() - s_clock);
- }
-
- {
- /* "I/O" BETWEEN CLIENT AND SERVER. */
-
- size_t r1, r2;
- BIO *io1 = server_io, *io2 = client_io;
- /* we use the non-copying interface for io1
- * and the standard BIO_write/BIO_read interface for io2
- */
-
- static int prev_progress = 1;
- int progress = 0;
-
- /* io1 to io2 */
- do
- {
- size_t num;
- int r;
-
- r1 = BIO_ctrl_pending(io1);
- r2 = BIO_ctrl_get_write_guarantee(io2);
-
- num = r1;
- if (r2 < num)
- num = r2;
- if (num)
- {
- char *dataptr;
-
- if (INT_MAX < num) /* yeah, right */
- num = INT_MAX;
-
- r = BIO_nread(io1, &dataptr, (int)num);
- assert(r > 0);
- assert(r <= (int)num);
- /* possibly r < num (non-contiguous data) */
- num = r;
- r = BIO_write(io2, dataptr, (int)num);
- if (r != (int)num) /* can't happen */
- {
- fprintf(stderr, "ERROR: BIO_write could not write "
- "BIO_ctrl_get_write_guarantee() bytes");
- goto err;
- }
- progress = 1;
-
- if (debug)
- printf((io1 == client_io) ?
- "C->S relaying: %d bytes\n" :
- "S->C relaying: %d bytes\n",
- (int)num);
- }
- }
- while (r1 && r2);
-
- /* io2 to io1 */
- {
- size_t num;
- int r;
-
- r1 = BIO_ctrl_pending(io2);
- r2 = BIO_ctrl_get_read_request(io1);
- /* here we could use ..._get_write_guarantee instead of
- * ..._get_read_request, but by using the latter
- * we test restartability of the SSL implementation
- * more thoroughly */
- num = r1;
- if (r2 < num)
- num = r2;
- if (num)
- {
- char *dataptr;
-
- if (INT_MAX < num)
- num = INT_MAX;
-
- if (num > 1)
- --num; /* test restartability even more thoroughly */
-
- r = BIO_nwrite0(io1, &dataptr);
- assert(r > 0);
- if (r < (int)num)
- num = r;
- r = BIO_read(io2, dataptr, (int)num);
- if (r != (int)num) /* can't happen */
- {
- fprintf(stderr, "ERROR: BIO_read could not read "
- "BIO_ctrl_pending() bytes");
- goto err;
- }
- progress = 1;
- r = BIO_nwrite(io1, &dataptr, (int)num);
- if (r != (int)num) /* can't happen */
- {
- fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
- "BIO_nwrite0() bytes");
- goto err;
- }
-
- if (debug)
- printf((io2 == client_io) ?
- "C->S relaying: %d bytes\n" :
- "S->C relaying: %d bytes\n",
- (int)num);
- }
- } /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
-
- if (!progress && !prev_progress)
- if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
- {
- fprintf(stderr, "ERROR: got stuck\n");
- if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
- {
- fprintf(stderr, "This can happen for SSL2 because "
- "CLIENT-FINISHED and SERVER-VERIFY are written \n"
- "concurrently ...");
- if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
- && strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
- {
- fprintf(stderr, " ok.\n");
- goto end;
- }
- }
- fprintf(stderr, " ERROR.\n");
- goto err;
- }
- prev_progress = progress;
- }
- }
- while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
-
- if (verbose)
- print_details(c_ssl, "DONE via BIO pair: ");
-end:
- ret = 0;
-
- err:
- ERR_print_errors(bio_err);
-
- if (server)
- BIO_free(server);
- if (server_io)
- BIO_free(server_io);
- if (client)
- BIO_free(client);
- if (client_io)
- BIO_free(client_io);
- if (s_ssl_bio)
- BIO_free(s_ssl_bio);
- if (c_ssl_bio)
- BIO_free(c_ssl_bio);
-
- return ret;
- }
-
-
-#define W_READ 1
-#define W_WRITE 2
-#define C_DONE 1
-#define S_DONE 2
-
-int doit(SSL *s_ssl, SSL *c_ssl, long count)
- {
- MS_STATIC char cbuf[1024*8],sbuf[1024*8];
- long cw_num=count,cr_num=count;
- long sw_num=count,sr_num=count;
- int ret=1;
- BIO *c_to_s=NULL;
- BIO *s_to_c=NULL;
- BIO *c_bio=NULL;
- BIO *s_bio=NULL;
- int c_r,c_w,s_r,s_w;
- int c_want,s_want;
- int i,j;
- int done=0;
- int c_write,s_write;
- int do_server=0,do_client=0;
-
- memset(cbuf,0,sizeof(cbuf));
- memset(sbuf,0,sizeof(sbuf));
-
- c_to_s=BIO_new(BIO_s_mem());
- s_to_c=BIO_new(BIO_s_mem());
- if ((s_to_c == NULL) || (c_to_s == NULL))
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- c_bio=BIO_new(BIO_f_ssl());
- s_bio=BIO_new(BIO_f_ssl());
- if ((c_bio == NULL) || (s_bio == NULL))
- {
- ERR_print_errors(bio_err);
- goto err;
- }
-
- SSL_set_connect_state(c_ssl);
- SSL_set_bio(c_ssl,s_to_c,c_to_s);
- BIO_set_ssl(c_bio,c_ssl,BIO_NOCLOSE);
-
- SSL_set_accept_state(s_ssl);
- SSL_set_bio(s_ssl,c_to_s,s_to_c);
- BIO_set_ssl(s_bio,s_ssl,BIO_NOCLOSE);
-
- c_r=0; s_r=1;
- c_w=1; s_w=0;
- c_want=W_WRITE;
- s_want=0;
- c_write=1,s_write=0;
-
- /* We can always do writes */
- for (;;)
- {
- do_server=0;
- do_client=0;
-
- i=(int)BIO_pending(s_bio);
- if ((i && s_r) || s_w) do_server=1;
-
- i=(int)BIO_pending(c_bio);
- if ((i && c_r) || c_w) do_client=1;
-
- if (do_server && debug)
- {
- if (SSL_in_init(s_ssl))
- printf("server waiting in SSL_accept - %s\n",
- SSL_state_string_long(s_ssl));
-/* else if (s_write)
- printf("server:SSL_write()\n");
- else
- printf("server:SSL_read()\n"); */
- }
-
- if (do_client && debug)
- {
- if (SSL_in_init(c_ssl))
- printf("client waiting in SSL_connect - %s\n",
- SSL_state_string_long(c_ssl));
-/* else if (c_write)
- printf("client:SSL_write()\n");
- else
- printf("client:SSL_read()\n"); */
- }
-
- if (!do_client && !do_server)
- {
- fprintf(stdout,"ERROR IN STARTUP\n");
- ERR_print_errors(bio_err);
- break;
- }
- if (do_client && !(done & C_DONE))
- {
- if (c_write)
- {
- j = (cw_num > (long)sizeof(cbuf)) ?
- (int)sizeof(cbuf) : (int)cw_num;
- i=BIO_write(c_bio,cbuf,j);
- if (i < 0)
- {
- c_r=0;
- c_w=0;
- if (BIO_should_retry(c_bio))
- {
- if (BIO_should_read(c_bio))
- c_r=1;
- if (BIO_should_write(c_bio))
- c_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- }
- else if (i == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("client wrote %d\n",i);
- /* ok */
- s_r=1;
- c_write=0;
- cw_num-=i;
- }
- }
- else
- {
- i=BIO_read(c_bio,cbuf,sizeof(cbuf));
- if (i < 0)
- {
- c_r=0;
- c_w=0;
- if (BIO_should_retry(c_bio))
- {
- if (BIO_should_read(c_bio))
- c_r=1;
- if (BIO_should_write(c_bio))
- c_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in CLIENT\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- }
- else if (i == 0)
- {
- fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("client read %d\n",i);
- cr_num-=i;
- if (sw_num > 0)
- {
- s_write=1;
- s_w=1;
- }
- if (cr_num <= 0)
- {
- s_write=1;
- s_w=1;
- done=S_DONE|C_DONE;
- }
- }
- }
- }
-
- if (do_server && !(done & S_DONE))
- {
- if (!s_write)
- {
- i=BIO_read(s_bio,sbuf,sizeof(cbuf));
- if (i < 0)
- {
- s_r=0;
- s_w=0;
- if (BIO_should_retry(s_bio))
- {
- if (BIO_should_read(s_bio))
- s_r=1;
- if (BIO_should_write(s_bio))
- s_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in SERVER\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- }
- else if (i == 0)
- {
- ERR_print_errors(bio_err);
- fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_read\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("server read %d\n",i);
- sr_num-=i;
- if (cw_num > 0)
- {
- c_write=1;
- c_w=1;
- }
- if (sr_num <= 0)
- {
- s_write=1;
- s_w=1;
- c_write=0;
- }
- }
- }
- else
- {
- j = (sw_num > (long)sizeof(sbuf)) ?
- (int)sizeof(sbuf) : (int)sw_num;
- i=BIO_write(s_bio,sbuf,j);
- if (i < 0)
- {
- s_r=0;
- s_w=0;
- if (BIO_should_retry(s_bio))
- {
- if (BIO_should_read(s_bio))
- s_r=1;
- if (BIO_should_write(s_bio))
- s_w=1;
- }
- else
- {
- fprintf(stderr,"ERROR in SERVER\n");
- ERR_print_errors(bio_err);
- goto err;
- }
- }
- else if (i == 0)
- {
- ERR_print_errors(bio_err);
- fprintf(stderr,"SSL SERVER STARTUP FAILED in SSL_write\n");
- goto err;
- }
- else
- {
- if (debug)
- printf("server wrote %d\n",i);
- sw_num-=i;
- s_write=0;
- c_r=1;
- if (sw_num <= 0)
- done|=S_DONE;
- }
- }
- }
-
- if ((done & S_DONE) && (done & C_DONE)) break;
- }
-
- if (verbose)
- print_details(c_ssl, "DONE: ");
- ret=0;
-err:
- /* We have to set the BIO's to NULL otherwise they will be
- * OPENSSL_free()ed twice. Once when th s_ssl is SSL_free()ed and
- * again when c_ssl is SSL_free()ed.
- * This is a hack required because s_ssl and c_ssl are sharing the same
- * BIO structure and SSL_set_bio() and SSL_free() automatically
- * BIO_free non NULL entries.
- * You should not normally do this or be required to do this */
- if (s_ssl != NULL)
- {
- s_ssl->rbio=NULL;
- s_ssl->wbio=NULL;
- }
- if (c_ssl != NULL)
- {
- c_ssl->rbio=NULL;
- c_ssl->wbio=NULL;
- }
-
- if (c_to_s != NULL) BIO_free(c_to_s);
- if (s_to_c != NULL) BIO_free(s_to_c);
- if (c_bio != NULL) BIO_free_all(c_bio);
- if (s_bio != NULL) BIO_free_all(s_bio);
- return(ret);
- }
-
-static int get_proxy_auth_ex_data_idx(void)
- {
- static volatile int idx = -1;
- if (idx < 0)
- {
- CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
- if (idx < 0)
- {
- idx = X509_STORE_CTX_get_ex_new_index(0,
- "SSLtest for verify callback", NULL,NULL,NULL);
- }
- CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
- }
- return idx;
- }
-
-static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
- {
- char *s,buf[256];
-
- s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,
- sizeof buf);
- if (s != NULL)
- {
- if (ok)
- fprintf(stderr,"depth=%d %s\n",
- ctx->error_depth,buf);
- else
- {
- fprintf(stderr,"depth=%d error=%d %s\n",
- ctx->error_depth,ctx->error,buf);
- }
- }
-
- if (ok == 0)
- {
- fprintf(stderr,"Error string: %s\n",
- X509_verify_cert_error_string(ctx->error));
- switch (ctx->error)
- {
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
- fprintf(stderr," ... ignored.\n");
- ok=1;
- }
- }
-
- if (ok == 1)
- {
- X509 *xs = ctx->current_cert;
-#if 0
- X509 *xi = ctx->current_issuer;
-#endif
-
- if (xs->ex_flags & EXFLAG_PROXY)
- {
- unsigned int *letters =
- X509_STORE_CTX_get_ex_data(ctx,
- get_proxy_auth_ex_data_idx());
-
- if (letters)
- {
- int found_any = 0;
- int i;
- PROXY_CERT_INFO_EXTENSION *pci =
- X509_get_ext_d2i(xs, NID_proxyCertInfo,
- NULL, NULL);
-
- switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage))
- {
- case NID_Independent:
- /* Completely meaningless in this
- program, as there's no way to
- grant explicit rights to a
- specific PrC. Basically, using
- id-ppl-Independent is the perfect
- way to grant no rights at all. */
- fprintf(stderr, " Independent proxy certificate");
- for (i = 0; i < 26; i++)
- letters[i] = 0;
- break;
- case NID_id_ppl_inheritAll:
- /* This is basically a NOP, we
- simply let the current rights
- stand as they are. */
- fprintf(stderr, " Proxy certificate inherits all");
- break;
- default:
- s = (char *)
- pci->proxyPolicy->policy->data;
- i = pci->proxyPolicy->policy->length;
-
- /* The algorithm works as follows:
- it is assumed that previous
- iterations or the initial granted
- rights has already set some elements
- of `letters'. What we need to do is
- to clear those that weren't granted
- by the current PrC as well. The
- easiest way to do this is to add 1
- to all the elements whose letters
- are given with the current policy.
- That way, all elements that are set
- by the current policy and were
- already set by earlier policies and
- through the original grant of rights
- will get the value 2 or higher.
- The last thing to do is to sweep
- through `letters' and keep the
- elements having the value 2 as set,
- and clear all the others. */
-
- fprintf(stderr, " Certificate proxy rights = %*.*s", i, i, s);
- while(i-- > 0)
- {
- int c = *s++;
- if (isascii(c) && isalpha(c))
- {
- if (islower(c))
- c = toupper(c);
- letters[c - 'A']++;
- }
- }
- for (i = 0; i < 26; i++)
- if (letters[i] < 2)
- letters[i] = 0;
- else
- letters[i] = 1;
- }
-
- found_any = 0;
- fprintf(stderr,
- ", resulting proxy rights = ");
- for(i = 0; i < 26; i++)
- if (letters[i])
- {
- fprintf(stderr, "%c", i + 'A');
- found_any = 1;
- }
- if (!found_any)
- fprintf(stderr, "none");
- fprintf(stderr, "\n");
-
- PROXY_CERT_INFO_EXTENSION_free(pci);
- }
- }
- }
-
- return(ok);
- }
-
-static void process_proxy_debug(int indent, const char *format, ...)
- {
- static const char indentation[] =
- ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
- ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"; /* That's 80 > */
- char my_format[256];
- va_list args;
-
- BIO_snprintf(my_format, sizeof(my_format), "%*.*s %s",
- indent, indent, indentation, format);
-
- va_start(args, format);
- vfprintf(stderr, my_format, args);
- va_end(args);
- }
-/* Priority levels:
- 0 [!]var, ()
- 1 & ^
- 2 |
-*/
-static int process_proxy_cond_adders(unsigned int letters[26],
- const char *cond, const char **cond_end, int *pos, int indent);
-static int process_proxy_cond_val(unsigned int letters[26],
- const char *cond, const char **cond_end, int *pos, int indent)
- {
- int c;
- int ok = 1;
- int negate = 0;
-
- while(isspace((int)*cond))
- {
- cond++; (*pos)++;
- }
- c = *cond;
-
- if (debug)
- process_proxy_debug(indent,
- "Start process_proxy_cond_val at position %d: %s\n",
- *pos, cond);
-
- while(c == '!')
- {
- negate = !negate;
- cond++; (*pos)++;
- while(isspace((int)*cond))
- {
- cond++; (*pos)++;
- }
- c = *cond;
- }
-
- if (c == '(')
- {
- cond++; (*pos)++;
- ok = process_proxy_cond_adders(letters, cond, cond_end, pos,
- indent + 1);
- cond = *cond_end;
- if (ok < 0)
- goto end;
- while(isspace((int)*cond))
- {
- cond++; (*pos)++;
- }
- c = *cond;
- if (c != ')')
- {
- fprintf(stderr,
- "Weird condition character in position %d: "
- "%c\n", *pos, c);
- ok = -1;
- goto end;
- }
- cond++; (*pos)++;
- }
- else if (isascii(c) && isalpha(c))
- {
- if (islower(c))
- c = toupper(c);
- ok = letters[c - 'A'];
- cond++; (*pos)++;
- }
- else
- {
- fprintf(stderr,
- "Weird condition character in position %d: "
- "%c\n", *pos, c);
- ok = -1;
- goto end;
- }
- end:
- *cond_end = cond;
- if (ok >= 0 && negate)
- ok = !ok;
-
- if (debug)
- process_proxy_debug(indent,
- "End process_proxy_cond_val at position %d: %s, returning %d\n",
- *pos, cond, ok);
-
- return ok;
- }
-static int process_proxy_cond_multipliers(unsigned int letters[26],
- const char *cond, const char **cond_end, int *pos, int indent)
- {
- int ok;
- char c;
-
- if (debug)
- process_proxy_debug(indent,
- "Start process_proxy_cond_multipliers at position %d: %s\n",
- *pos, cond);
-
- ok = process_proxy_cond_val(letters, cond, cond_end, pos, indent + 1);
- cond = *cond_end;
- if (ok < 0)
- goto end;
-
- while(ok >= 0)
- {
- while(isspace((int)*cond))
- {
- cond++; (*pos)++;
- }
- c = *cond;
-
- switch(c)
- {
- case '&':
- case '^':
- {
- int save_ok = ok;
-
- cond++; (*pos)++;
- ok = process_proxy_cond_val(letters,
- cond, cond_end, pos, indent + 1);
- cond = *cond_end;
- if (ok < 0)
- break;
-
- switch(c)
- {
- case '&':
- ok &= save_ok;
- break;
- case '^':
- ok ^= save_ok;
- break;
- default:
- fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
- " STOPPING\n");
- EXIT(1);
- }
- }
- break;
- default:
- goto end;
- }
- }
- end:
- if (debug)
- process_proxy_debug(indent,
- "End process_proxy_cond_multipliers at position %d: %s, returning %d\n",
- *pos, cond, ok);
-
- *cond_end = cond;
- return ok;
- }
-static int process_proxy_cond_adders(unsigned int letters[26],
- const char *cond, const char **cond_end, int *pos, int indent)
- {
- int ok;
- char c;
-
- if (debug)
- process_proxy_debug(indent,
- "Start process_proxy_cond_adders at position %d: %s\n",
- *pos, cond);
-
- ok = process_proxy_cond_multipliers(letters, cond, cond_end, pos,
- indent + 1);
- cond = *cond_end;
- if (ok < 0)
- goto end;
-
- while(ok >= 0)
- {
- while(isspace((int)*cond))
- {
- cond++; (*pos)++;
- }
- c = *cond;
-
- switch(c)
- {
- case '|':
- {
- int save_ok = ok;
-
- cond++; (*pos)++;
- ok = process_proxy_cond_multipliers(letters,
- cond, cond_end, pos, indent + 1);
- cond = *cond_end;
- if (ok < 0)
- break;
-
- switch(c)
- {
- case '|':
- ok |= save_ok;
- break;
- default:
- fprintf(stderr, "SOMETHING IS SERIOUSLY WRONG!"
- " STOPPING\n");
- EXIT(1);
- }
- }
- break;
- default:
- goto end;
- }
- }
- end:
- if (debug)
- process_proxy_debug(indent,
- "End process_proxy_cond_adders at position %d: %s, returning %d\n",
- *pos, cond, ok);
-
- *cond_end = cond;
- return ok;
- }
-
-static int process_proxy_cond(unsigned int letters[26],
- const char *cond, const char **cond_end)
- {
- int pos = 1;
- return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1);
- }
-
-static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
- {
- int ok=1;
- struct app_verify_arg *cb_arg = arg;
- unsigned int letters[26]; /* only used with proxy_auth */
-
- if (cb_arg->app_verify)
- {
- char *s = NULL,buf[256];
-
- fprintf(stderr, "In app_verify_callback, allowing cert. ");
- fprintf(stderr, "Arg is: %s\n", cb_arg->string);
- fprintf(stderr, "Finished printing do we have a context? 0x%p a cert? 0x%p\n",
- (void *)ctx, (void *)ctx->cert);
- if (ctx->cert)
- s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
- if (s != NULL)
- {
- fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
- }
- return(1);
- }
- if (cb_arg->proxy_auth)
- {
- int found_any = 0, i;
- char *sp;
-
- for(i = 0; i < 26; i++)
- letters[i] = 0;
- for(sp = cb_arg->proxy_auth; *sp; sp++)
- {
- int c = *sp;
- if (isascii(c) && isalpha(c))
- {
- if (islower(c))
- c = toupper(c);
- letters[c - 'A'] = 1;
- }
- }
-
- fprintf(stderr,
- " Initial proxy rights = ");
- for(i = 0; i < 26; i++)
- if (letters[i])
- {
- fprintf(stderr, "%c", i + 'A');
- found_any = 1;
- }
- if (!found_any)
- fprintf(stderr, "none");
- fprintf(stderr, "\n");
-
- X509_STORE_CTX_set_ex_data(ctx,
- get_proxy_auth_ex_data_idx(),letters);
- }
- if (cb_arg->allow_proxy_certs)
- {
- X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
- }
-
-#ifndef OPENSSL_NO_X509_VERIFY
-# ifdef OPENSSL_FIPS
- if(s->version == TLS1_VERSION)
- FIPS_allow_md5(1);
-# endif
- ok = X509_verify_cert(ctx);
-# ifdef OPENSSL_FIPS
- if(s->version == TLS1_VERSION)
- FIPS_allow_md5(0);
-# endif
-#endif
-
- if (cb_arg->proxy_auth)
- {
- if (ok)
- {
- const char *cond_end = NULL;
-
- ok = process_proxy_cond(letters,
- cb_arg->proxy_cond, &cond_end);
-
- if (ok < 0)
- EXIT(3);
- if (*cond_end)
- {
- fprintf(stderr, "Stopped processing condition before it's end.\n");
- ok = 0;
- }
- if (!ok)
- fprintf(stderr, "Proxy rights check with condition '%s' proved invalid\n",
- cb_arg->proxy_cond);
- else
- fprintf(stderr, "Proxy rights check with condition '%s' proved valid\n",
- cb_arg->proxy_cond);
- }
- }
- return(ok);
- }
-
-#ifndef OPENSSL_NO_RSA
-static RSA *rsa_tmp=NULL;
-
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
- {
- BIGNUM *bn = NULL;
- if (rsa_tmp == NULL)
- {
- bn = BN_new();
- rsa_tmp = RSA_new();
- if(!bn || !rsa_tmp || !BN_set_word(bn, RSA_F4))
- {
- BIO_printf(bio_err, "Memory error...");
- goto end;
- }
- BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
- (void)BIO_flush(bio_err);
- if(!RSA_generate_key_ex(rsa_tmp,keylength,bn,NULL))
- {
- BIO_printf(bio_err, "Error generating key.");
- RSA_free(rsa_tmp);
- rsa_tmp = NULL;
- }
-end:
- BIO_printf(bio_err,"\n");
- (void)BIO_flush(bio_err);
- }
- if(bn) BN_free(bn);
- return(rsa_tmp);
- }
-
-static void free_tmp_rsa(void)
- {
- if (rsa_tmp != NULL)
- {
- RSA_free(rsa_tmp);
- rsa_tmp = NULL;
- }
- }
-#endif
-
-#ifndef OPENSSL_NO_DH
-/* These DH parameters have been generated as follows:
- * $ openssl dhparam -C -noout 512
- * $ openssl dhparam -C -noout 1024
- * $ openssl dhparam -C -noout -dsaparam 1024
- * (The third function has been renamed to avoid name conflicts.)
- */
-static DH *get_dh512()
- {
- static unsigned char dh512_p[]={
- 0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
- 0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
- 0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
- 0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
- 0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
- 0x02,0xC5,0xAE,0x23,
- };
- static unsigned char dh512_g[]={
- 0x02,
- };
- DH *dh;
-
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- { DH_free(dh); return(NULL); }
- return(dh);
- }
-
-static DH *get_dh1024()
- {
- static unsigned char dh1024_p[]={
- 0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
- 0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
- 0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
- 0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
- 0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
- 0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
- 0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
- 0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
- 0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
- 0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
- 0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
- };
- static unsigned char dh1024_g[]={
- 0x02,
- };
- DH *dh;
-
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
- dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- { DH_free(dh); return(NULL); }
- return(dh);
- }
-
-static DH *get_dh1024dsa()
- {
- static unsigned char dh1024_p[]={
- 0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
- 0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
- 0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
- 0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
- 0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
- 0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
- 0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
- 0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
- 0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
- 0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
- 0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
- };
- static unsigned char dh1024_g[]={
- 0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
- 0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
- 0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
- 0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
- 0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
- 0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
- 0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
- 0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
- 0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
- 0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
- 0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
- };
- DH *dh;
-
- if ((dh=DH_new()) == NULL) return(NULL);
- dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
- dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- { DH_free(dh); return(NULL); }
- dh->length = 160;
- return(dh);
- }
-#endif
-
-static int do_test_cipherlist(void)
- {
- int i = 0;
- const SSL_METHOD *meth;
- SSL_CIPHER *ci, *tci = NULL;
-
-#ifndef OPENSSL_NO_SSL2
- fprintf(stderr, "testing SSLv2 cipher list order: ");
- meth = SSLv2_method();
- while ((ci = meth->get_cipher(i++)) != NULL)
- {
- if (tci != NULL)
- if (ci->id >= tci->id)
- {
- fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
- return 0;
- }
- tci = ci;
- }
- fprintf(stderr, "ok\n");
-#endif
-#ifndef OPENSSL_NO_SSL3
- fprintf(stderr, "testing SSLv3 cipher list order: ");
- meth = SSLv3_method();
- tci = NULL;
- while ((ci = meth->get_cipher(i++)) != NULL)
- {
- if (tci != NULL)
- if (ci->id >= tci->id)
- {
- fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
- return 0;
- }
- tci = ci;
- }
- fprintf(stderr, "ok\n");
-#endif
-#ifndef OPENSSL_NO_TLS1
- fprintf(stderr, "testing TLSv1 cipher list order: ");
- meth = TLSv1_method();
- tci = NULL;
- while ((ci = meth->get_cipher(i++)) != NULL)
- {
- if (tci != NULL)
- if (ci->id >= tci->id)
- {
- fprintf(stderr, "failed %lx vs. %lx\n", ci->id, tci->id);
- return 0;
- }
- tci = ci;
- }
- fprintf(stderr, "ok\n");
-#endif
-
- return 1;
- }
diff --git a/crypto/openssl/ssl/t1_clnt.c b/crypto/openssl/ssl/t1_clnt.c
deleted file mode 100644
index 4d1e198..0000000
--- a/crypto/openssl/ssl/t1_clnt.c
+++ /dev/null
@@ -1,79 +0,0 @@
-/* ssl/t1_clnt.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-
-static SSL_METHOD *tls1_get_client_method(int ver);
-static SSL_METHOD *tls1_get_client_method(int ver)
- {
- if (ver == TLS1_VERSION)
- return(TLSv1_client_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_tls1_meth_func(TLSv1_client_method,
- ssl_undefined_function,
- ssl3_connect,
- tls1_get_client_method)
-
diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c
deleted file mode 100644
index 68448b9..0000000
--- a/crypto/openssl/ssl/t1_enc.c
+++ /dev/null
@@ -1,840 +0,0 @@
-/* ssl/t1_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/comp.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/md5.h>
-
-static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
- int sec_len, unsigned char *seed, int seed_len,
- unsigned char *out, int olen)
- {
- int chunk,n;
- unsigned int j;
- HMAC_CTX ctx;
- HMAC_CTX ctx_tmp;
- unsigned char A1[EVP_MAX_MD_SIZE];
- unsigned int A1_len;
-
- chunk=EVP_MD_size(md);
-
- HMAC_CTX_init(&ctx);
- HMAC_CTX_init(&ctx_tmp);
- HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
- HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
- HMAC_Update(&ctx,seed,seed_len);
- HMAC_Final(&ctx,A1,&A1_len);
-
- n=0;
- for (;;)
- {
- HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
- HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
- HMAC_Update(&ctx,A1,A1_len);
- HMAC_Update(&ctx_tmp,A1,A1_len);
- HMAC_Update(&ctx,seed,seed_len);
-
- if (olen > chunk)
- {
- HMAC_Final(&ctx,out,&j);
- out+=j;
- olen-=j;
- HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
- }
- else /* last one */
- {
- HMAC_Final(&ctx,A1,&A1_len);
- memcpy(out,A1,olen);
- break;
- }
- }
- HMAC_CTX_cleanup(&ctx);
- HMAC_CTX_cleanup(&ctx_tmp);
- OPENSSL_cleanse(A1,sizeof(A1));
- }
-
-static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
- unsigned char *label, int label_len,
- const unsigned char *sec, int slen, unsigned char *out1,
- unsigned char *out2, int olen)
- {
- int len,i;
- const unsigned char *S1,*S2;
-
- len=slen/2;
- S1=sec;
- S2= &(sec[len]);
- len+=(slen&1); /* add for odd, make longer */
-
-
- tls1_P_hash(md5 ,S1,len,label,label_len,out1,olen);
- tls1_P_hash(sha1,S2,len,label,label_len,out2,olen);
-
- for (i=0; i<olen; i++)
- out1[i]^=out2[i];
- }
-
-static void tls1_generate_key_block(SSL *s, unsigned char *km,
- unsigned char *tmp, int num)
- {
- unsigned char *p;
- unsigned char buf[SSL3_RANDOM_SIZE*2+
- TLS_MD_MAX_CONST_SIZE];
- p=buf;
-
- memcpy(p,TLS_MD_KEY_EXPANSION_CONST,
- TLS_MD_KEY_EXPANSION_CONST_SIZE);
- p+=TLS_MD_KEY_EXPANSION_CONST_SIZE;
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
-
- tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
- s->session->master_key,s->session->master_key_length,
- km,tmp,num);
-#ifdef KSSL_DEBUG
- printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
- s->session->master_key_length);
- {
- int i;
- for (i=0; i < s->session->master_key_length; i++)
- {
- printf("%02X", s->session->master_key[i]);
- }
- printf("\n"); }
-#endif /* KSSL_DEBUG */
- }
-
-int tls1_change_cipher_state(SSL *s, int which)
- {
- static const unsigned char empty[]="";
- unsigned char *p,*key_block,*mac_secret;
- unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
- SSL3_RANDOM_SIZE*2];
- unsigned char tmp1[EVP_MAX_KEY_LENGTH];
- unsigned char tmp2[EVP_MAX_KEY_LENGTH];
- unsigned char iv1[EVP_MAX_IV_LENGTH*2];
- unsigned char iv2[EVP_MAX_IV_LENGTH*2];
- unsigned char *ms,*key,*iv,*er1,*er2;
- int client_write;
- EVP_CIPHER_CTX *dd;
- const EVP_CIPHER *c;
-#ifndef OPENSSL_NO_COMP
- const SSL_COMP *comp;
-#endif
- const EVP_MD *m;
- int is_export,n,i,j,k,exp_label_len,cl;
- int reuse_dd = 0;
-
- is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
- c=s->s3->tmp.new_sym_enc;
- m=s->s3->tmp.new_hash;
-#ifndef OPENSSL_NO_COMP
- comp=s->s3->tmp.new_compression;
-#endif
- key_block=s->s3->tmp.key_block;
-
-#ifdef KSSL_DEBUG
- printf("tls1_change_cipher_state(which= %d) w/\n", which);
- printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
- comp);
- printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
- printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
- c->nid,c->block_size,c->key_len,c->iv_len);
- printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
- {
- int i;
- for (i=0; i<s->s3->tmp.key_block_length; i++)
- printf("%02x", key_block[i]); printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
- if (which & SSL3_CC_READ)
- {
- if (s->enc_read_ctx != NULL)
- reuse_dd = 1;
- else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
- goto err;
- else
- /* make sure it's intialized in case we exit later with an error */
- EVP_CIPHER_CTX_init(s->enc_read_ctx);
- dd= s->enc_read_ctx;
- s->read_hash=m;
-#ifndef OPENSSL_NO_COMP
- if (s->expand != NULL)
- {
- COMP_CTX_free(s->expand);
- s->expand=NULL;
- }
- if (comp != NULL)
- {
- s->expand=COMP_CTX_new(comp->method);
- if (s->expand == NULL)
- {
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- if (s->s3->rrec.comp == NULL)
- s->s3->rrec.comp=(unsigned char *)
- OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
- if (s->s3->rrec.comp == NULL)
- goto err;
- }
-#endif
- /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
- if (s->version != DTLS1_VERSION)
- memset(&(s->s3->read_sequence[0]),0,8);
- mac_secret= &(s->s3->read_mac_secret[0]);
- }
- else
- {
- if (s->enc_write_ctx != NULL)
- reuse_dd = 1;
- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
- goto err;
- else
- /* make sure it's intialized in case we exit later with an error */
- EVP_CIPHER_CTX_init(s->enc_write_ctx);
- dd= s->enc_write_ctx;
- s->write_hash=m;
-#ifndef OPENSSL_NO_COMP
- if (s->compress != NULL)
- {
- COMP_CTX_free(s->compress);
- s->compress=NULL;
- }
- if (comp != NULL)
- {
- s->compress=COMP_CTX_new(comp->method);
- if (s->compress == NULL)
- {
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
- goto err2;
- }
- }
-#endif
- /* this is done by dtls1_reset_seq_numbers for DTLS1_VERSION */
- if (s->version != DTLS1_VERSION)
- memset(&(s->s3->write_sequence[0]),0,8);
- mac_secret= &(s->s3->write_mac_secret[0]);
- }
-
- if (reuse_dd)
- EVP_CIPHER_CTX_cleanup(dd);
-
- p=s->s3->tmp.key_block;
- i=EVP_MD_size(m);
- cl=EVP_CIPHER_key_length(c);
- j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
- cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
- /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
- k=EVP_CIPHER_iv_length(c);
- er1= &(s->s3->client_random[0]);
- er2= &(s->s3->server_random[0]);
- if ( (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
- (which == SSL3_CHANGE_CIPHER_SERVER_READ))
- {
- ms= &(p[ 0]); n=i+i;
- key= &(p[ n]); n+=j+j;
- iv= &(p[ n]); n+=k+k;
- exp_label=(unsigned char *)TLS_MD_CLIENT_WRITE_KEY_CONST;
- exp_label_len=TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE;
- client_write=1;
- }
- else
- {
- n=i;
- ms= &(p[ n]); n+=i+j;
- key= &(p[ n]); n+=j+k;
- iv= &(p[ n]); n+=k;
- exp_label=(unsigned char *)TLS_MD_SERVER_WRITE_KEY_CONST;
- exp_label_len=TLS_MD_SERVER_WRITE_KEY_CONST_SIZE;
- client_write=0;
- }
-
- if (n > s->s3->tmp.key_block_length)
- {
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
- goto err2;
- }
-
- memcpy(mac_secret,ms,i);
-#ifdef TLS_DEBUG
-printf("which = %04X\nmac key=",which);
-{ int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
-#endif
- if (is_export)
- {
- /* In here I set both the read and write key/iv to the
- * same value since only the correct one will be used :-).
- */
- p=buf;
- memcpy(p,exp_label,exp_label_len);
- p+=exp_label_len;
- memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
- tmp1,tmp2,EVP_CIPHER_key_length(c));
- key=tmp1;
-
- if (k > 0)
- {
- p=buf;
- memcpy(p,TLS_MD_IV_BLOCK_CONST,
- TLS_MD_IV_BLOCK_CONST_SIZE);
- p+=TLS_MD_IV_BLOCK_CONST_SIZE;
- memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
- p+=SSL3_RANDOM_SIZE;
- tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
- iv1,iv2,k*2);
- if (client_write)
- iv=iv1;
- else
- iv= &(iv1[k]);
- }
- }
-
- s->session->key_arg_length=0;
-#ifdef KSSL_DEBUG
- {
- int i;
- printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
- printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
- printf("\n");
- printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
- EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
-#ifdef TLS_DEBUG
-printf("which = %04X\nkey=",which);
-{ int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
-printf("\niv=");
-{ int z; for (z=0; z<k; z++) printf("%02X%c",iv[z],((z+1)%16)?' ':'\n'); }
-printf("\n");
-#endif
-
- OPENSSL_cleanse(tmp1,sizeof(tmp1));
- OPENSSL_cleanse(tmp2,sizeof(tmp1));
- OPENSSL_cleanse(iv1,sizeof(iv1));
- OPENSSL_cleanse(iv2,sizeof(iv2));
- return(1);
-err:
- SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
-err2:
- return(0);
- }
-
-int tls1_setup_key_block(SSL *s)
- {
- unsigned char *p1,*p2;
- const EVP_CIPHER *c;
- const EVP_MD *hash;
- int num;
- SSL_COMP *comp;
-
-#ifdef KSSL_DEBUG
- printf ("tls1_setup_key_block()\n");
-#endif /* KSSL_DEBUG */
-
- if (s->s3->tmp.key_block_length != 0)
- return(1);
-
- if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
- {
- SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
- return(0);
- }
-
- s->s3->tmp.new_sym_enc=c;
- s->s3->tmp.new_hash=hash;
-
- num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
- num*=2;
-
- ssl3_cleanup_key_block(s);
-
- if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
- goto err;
- if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
- goto err;
-
- s->s3->tmp.key_block_length=num;
- s->s3->tmp.key_block=p1;
-
-
-#ifdef TLS_DEBUG
-printf("client random\n");
-{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->client_random[z],((z+1)%16)?' ':'\n'); }
-printf("server random\n");
-{ int z; for (z=0; z<SSL3_RANDOM_SIZE; z++) printf("%02X%c",s->s3->server_random[z],((z+1)%16)?' ':'\n'); }
-printf("pre-master\n");
-{ int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
-#endif
- tls1_generate_key_block(s,p1,p2,num);
- OPENSSL_cleanse(p2,num);
- OPENSSL_free(p2);
-#ifdef TLS_DEBUG
-printf("\nkey block\n");
-{ int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
-#endif
-
- if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
- {
- /* enable vulnerability countermeasure for CBC ciphers with
- * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
- */
- s->s3->need_empty_fragments = 1;
-
- if (s->session->cipher != NULL)
- {
- if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
- s->s3->need_empty_fragments = 0;
-
-#ifndef OPENSSL_NO_RC4
- if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
- s->s3->need_empty_fragments = 0;
-#endif
- }
- }
-
- return(1);
-err:
- SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
- return(0);
- }
-
-int tls1_enc(SSL *s, int send)
- {
- SSL3_RECORD *rec;
- EVP_CIPHER_CTX *ds;
- unsigned long l;
- int bs,i,ii,j,k,n=0;
- const EVP_CIPHER *enc;
-
- if (send)
- {
- if (s->write_hash != NULL)
- n=EVP_MD_size(s->write_hash);
- ds=s->enc_write_ctx;
- rec= &(s->s3->wrec);
- if (s->enc_write_ctx == NULL)
- enc=NULL;
- else
- enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
- }
- else
- {
- if (s->read_hash != NULL)
- n=EVP_MD_size(s->read_hash);
- ds=s->enc_read_ctx;
- rec= &(s->s3->rrec);
- if (s->enc_read_ctx == NULL)
- enc=NULL;
- else
- enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
- }
-
-#ifdef KSSL_DEBUG
- printf("tls1_enc(%d)\n", send);
-#endif /* KSSL_DEBUG */
-
- if ((s->session == NULL) || (ds == NULL) ||
- (enc == NULL))
- {
- memmove(rec->data,rec->input,rec->length);
- rec->input=rec->data;
- }
- else
- {
- l=rec->length;
- bs=EVP_CIPHER_block_size(ds->cipher);
-
- if ((bs != 1) && send)
- {
- i=bs-((int)l%bs);
-
- /* Add weird padding of upto 256 bytes */
-
- /* we need to add 'i' padding bytes of value j */
- j=i-1;
- if (s->options & SSL_OP_TLS_BLOCK_PADDING_BUG)
- {
- if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
- j++;
- }
- for (k=(int)l; k<(int)(l+i); k++)
- rec->input[k]=j;
- l+=i;
- rec->length+=i;
- }
-
-#ifdef KSSL_DEBUG
- {
- unsigned long ui;
- printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
- ds,rec->data,rec->input,l);
- printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
- ds->buf_len, ds->cipher->key_len,
- DES_KEY_SZ, DES_SCHEDULE_SZ,
- ds->cipher->iv_len);
- printf("\t\tIV: ");
- for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
- printf("\n");
- printf("\trec->input=");
- for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
- printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
- if (!send)
- {
- if (l == 0 || l%bs != 0)
- {
- SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
- ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
- return 0;
- }
- }
-
- EVP_Cipher(ds,rec->data,rec->input,l);
-
-#ifdef KSSL_DEBUG
- {
- unsigned long i;
- printf("\trec->data=");
- for (i=0; i<l; i++)
- printf(" %02x", rec->data[i]); printf("\n");
- }
-#endif /* KSSL_DEBUG */
-
- if ((bs != 1) && !send)
- {
- ii=i=rec->data[l-1]; /* padding_length */
- i++;
- /* NB: if compression is in operation the first packet
- * may not be of even length so the padding bug check
- * cannot be performed. This bug workaround has been
- * around since SSLeay so hopefully it is either fixed
- * now or no buggy implementation supports compression
- * [steve]
- */
- if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
- && !s->expand)
- {
- /* First packet is even in size, so check */
- if ((memcmp(s->s3->read_sequence,
- "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
- s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
- if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
- i--;
- }
- /* TLS 1.0 does not bound the number of padding bytes by the block size.
- * All of them must have value 'padding_length'. */
- if (i > (int)rec->length)
- {
- /* Incorrect padding. SSLerr() and ssl3_alert are done
- * by caller: we don't want to reveal whether this is
- * a decryption error or a MAC verification failure
- * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
- return -1;
- }
- for (j=(int)(l-i); j<(int)l; j++)
- {
- if (rec->data[j] != ii)
- {
- /* Incorrect padding */
- return -1;
- }
- }
- rec->length-=i;
- }
- }
- return(1);
- }
-
-int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
- {
- unsigned int ret;
- EVP_MD_CTX ctx;
-
- EVP_MD_CTX_init(&ctx);
- EVP_MD_CTX_copy_ex(&ctx,in_ctx);
- EVP_DigestFinal_ex(&ctx,out,&ret);
- EVP_MD_CTX_cleanup(&ctx);
- return((int)ret);
- }
-
-int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
- const char *str, int slen, unsigned char *out)
- {
- unsigned int i;
- EVP_MD_CTX ctx;
- unsigned char buf[TLS_MD_MAX_CONST_SIZE+MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
- unsigned char *q,buf2[12];
-
- q=buf;
- memcpy(q,str,slen);
- q+=slen;
-
- EVP_MD_CTX_init(&ctx);
- EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
- EVP_DigestFinal_ex(&ctx,q,&i);
- q+=i;
- EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
- EVP_DigestFinal_ex(&ctx,q,&i);
- q+=i;
-
- tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
- s->session->master_key,s->session->master_key_length,
- out,buf2,sizeof buf2);
- EVP_MD_CTX_cleanup(&ctx);
-
- return sizeof buf2;
- }
-
-int tls1_mac(SSL *ssl, unsigned char *md, int send)
- {
- SSL3_RECORD *rec;
- unsigned char *mac_sec,*seq;
- const EVP_MD *hash;
- unsigned int md_size;
- int i;
- HMAC_CTX hmac;
- unsigned char buf[5];
-
- if (send)
- {
- rec= &(ssl->s3->wrec);
- mac_sec= &(ssl->s3->write_mac_secret[0]);
- seq= &(ssl->s3->write_sequence[0]);
- hash=ssl->write_hash;
- }
- else
- {
- rec= &(ssl->s3->rrec);
- mac_sec= &(ssl->s3->read_mac_secret[0]);
- seq= &(ssl->s3->read_sequence[0]);
- hash=ssl->read_hash;
- }
-
- md_size=EVP_MD_size(hash);
-
- buf[0]=rec->type;
- buf[1]=TLS1_VERSION_MAJOR;
- buf[2]=TLS1_VERSION_MINOR;
- buf[3]=rec->length>>8;
- buf[4]=rec->length&0xff;
-
- /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
- HMAC_CTX_init(&hmac);
- HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
- HMAC_Update(&hmac,seq,8);
- HMAC_Update(&hmac,buf,5);
- HMAC_Update(&hmac,rec->input,rec->length);
- HMAC_Final(&hmac,md,&md_size);
- HMAC_CTX_cleanup(&hmac);
-
-#ifdef TLS_DEBUG
-printf("sec=");
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
-printf("seq=");
-{int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); }
-printf("buf=");
-{int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); }
-printf("rec=");
-{unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
-#endif
-
- if ( SSL_version(ssl) != DTLS1_VERSION)
- {
- for (i=7; i>=0; i--)
- {
- ++seq[i];
- if (seq[i] != 0) break;
- }
- }
-
-#ifdef TLS_DEBUG
-{unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
-#endif
- return(md_size);
- }
-
-int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
- int len)
- {
- unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
- unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
-
-#ifdef KSSL_DEBUG
- printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
-#endif /* KSSL_DEBUG */
-
- /* Setup the stuff to munge */
- memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
- TLS_MD_MASTER_SECRET_CONST_SIZE);
- memcpy(&(buf[TLS_MD_MASTER_SECRET_CONST_SIZE]),
- s->s3->client_random,SSL3_RANDOM_SIZE);
- memcpy(&(buf[SSL3_RANDOM_SIZE+TLS_MD_MASTER_SECRET_CONST_SIZE]),
- s->s3->server_random,SSL3_RANDOM_SIZE);
- tls1_PRF(s->ctx->md5,s->ctx->sha1,
- buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
- s->session->master_key,buff,sizeof buff);
-#ifdef KSSL_DEBUG
- printf ("tls1_generate_master_secret() complete\n");
-#endif /* KSSL_DEBUG */
- return(SSL3_MASTER_SECRET_SIZE);
- }
-
-int tls1_alert_code(int code)
- {
- switch (code)
- {
- case SSL_AD_CLOSE_NOTIFY: return(SSL3_AD_CLOSE_NOTIFY);
- case SSL_AD_UNEXPECTED_MESSAGE: return(SSL3_AD_UNEXPECTED_MESSAGE);
- case SSL_AD_BAD_RECORD_MAC: return(SSL3_AD_BAD_RECORD_MAC);
- case SSL_AD_DECRYPTION_FAILED: return(TLS1_AD_DECRYPTION_FAILED);
- case SSL_AD_RECORD_OVERFLOW: return(TLS1_AD_RECORD_OVERFLOW);
- case SSL_AD_DECOMPRESSION_FAILURE:return(SSL3_AD_DECOMPRESSION_FAILURE);
- case SSL_AD_HANDSHAKE_FAILURE: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_NO_CERTIFICATE: return(-1);
- case SSL_AD_BAD_CERTIFICATE: return(SSL3_AD_BAD_CERTIFICATE);
- case SSL_AD_UNSUPPORTED_CERTIFICATE:return(SSL3_AD_UNSUPPORTED_CERTIFICATE);
- case SSL_AD_CERTIFICATE_REVOKED:return(SSL3_AD_CERTIFICATE_REVOKED);
- case SSL_AD_CERTIFICATE_EXPIRED:return(SSL3_AD_CERTIFICATE_EXPIRED);
- case SSL_AD_CERTIFICATE_UNKNOWN:return(SSL3_AD_CERTIFICATE_UNKNOWN);
- case SSL_AD_ILLEGAL_PARAMETER: return(SSL3_AD_ILLEGAL_PARAMETER);
- case SSL_AD_UNKNOWN_CA: return(TLS1_AD_UNKNOWN_CA);
- case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED);
- case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR);
- case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR);
- case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION);
- case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION);
- case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
- case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
- case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
- case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
- case DTLS1_AD_MISSING_HANDSHAKE_MESSAGE: return
- (DTLS1_AD_MISSING_HANDSHAKE_MESSAGE);
- default: return(-1);
- }
- }
-
diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c
deleted file mode 100644
index 1ecbbcb..0000000
--- a/crypto/openssl/ssl/t1_lib.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/* ssl/t1_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT;
-
-SSL3_ENC_METHOD TLSv1_enc_data={
- tls1_enc,
- tls1_mac,
- tls1_setup_key_block,
- tls1_generate_master_secret,
- tls1_change_cipher_state,
- tls1_final_finish_mac,
- TLS1_FINISH_MAC_LENGTH,
- tls1_cert_verify_mac,
- TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
- TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
- tls1_alert_code,
- };
-
-long tls1_default_timeout(void)
- {
- /* 2 hours, the 24 hours mentioned in the TLSv1 spec
- * is way too long for http, the cache would over fill */
- return(60*60*2);
- }
-
-IMPLEMENT_tls1_meth_func(tlsv1_base_method,
- ssl_undefined_function,
- ssl_undefined_function,
- ssl_bad_method)
-
-int tls1_new(SSL *s)
- {
- if (!ssl3_new(s)) return(0);
- s->method->ssl_clear(s);
- return(1);
- }
-
-void tls1_free(SSL *s)
- {
- ssl3_free(s);
- }
-
-void tls1_clear(SSL *s)
- {
- ssl3_clear(s);
- s->version=TLS1_VERSION;
- }
-
-#if 0
-long tls1_ctrl(SSL *s, int cmd, long larg, char *parg)
- {
- return(0);
- }
-
-long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)())
- {
- return(0);
- }
-#endif
diff --git a/crypto/openssl/ssl/t1_meth.c b/crypto/openssl/ssl/t1_meth.c
deleted file mode 100644
index f5d8df6..0000000
--- a/crypto/openssl/ssl/t1_meth.c
+++ /dev/null
@@ -1,76 +0,0 @@
-/* ssl/t1_meth.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/objects.h>
-#include "ssl_locl.h"
-
-static SSL_METHOD *tls1_get_method(int ver);
-static SSL_METHOD *tls1_get_method(int ver)
- {
- if (ver == TLS1_VERSION)
- return(TLSv1_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_tls1_meth_func(TLSv1_method,
- ssl3_accept,
- ssl3_connect,
- tls1_get_method)
-
diff --git a/crypto/openssl/ssl/t1_srvr.c b/crypto/openssl/ssl/t1_srvr.c
deleted file mode 100644
index b75636a..0000000
--- a/crypto/openssl/ssl/t1_srvr.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/* ssl/t1_srvr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-#include <openssl/buffer.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-static SSL_METHOD *tls1_get_server_method(int ver);
-static SSL_METHOD *tls1_get_server_method(int ver)
- {
- if (ver == TLS1_VERSION)
- return(TLSv1_server_method());
- else
- return(NULL);
- }
-
-IMPLEMENT_tls1_meth_func(TLSv1_server_method,
- ssl3_accept,
- ssl_undefined_function,
- tls1_get_server_method)
-
diff --git a/crypto/openssl/ssl/tls1.h b/crypto/openssl/ssl/tls1.h
deleted file mode 100644
index e5f9aa1..0000000
--- a/crypto/openssl/ssl/tls1.h
+++ /dev/null
@@ -1,305 +0,0 @@
-/* ssl/tls1.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-
-#ifndef HEADER_TLS1_H
-#define HEADER_TLS1_H
-
-#include <openssl/buffer.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
-
-#define TLS1_VERSION 0x0301
-#define TLS1_VERSION_MAJOR 0x03
-#define TLS1_VERSION_MINOR 0x01
-
-#define TLS1_AD_DECRYPTION_FAILED 21
-#define TLS1_AD_RECORD_OVERFLOW 22
-#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
-#define TLS1_AD_ACCESS_DENIED 49 /* fatal */
-#define TLS1_AD_DECODE_ERROR 50 /* fatal */
-#define TLS1_AD_DECRYPT_ERROR 51
-#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */
-#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */
-#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */
-#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
-#define TLS1_AD_USER_CANCELLED 90
-#define TLS1_AD_NO_RENEGOTIATION 100
-
-/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
- * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
- * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably
- * shouldn't. */
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061
-#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062
-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064
-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
-#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
-
-/* AES ciphersuites from RFC3268 */
-
-#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
-#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
-#define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031
-#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032
-#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033
-#define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034
-
-#define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035
-#define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036
-#define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037
-#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038
-#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039
-#define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A
-
-/* Camellia ciphersuites from RFC4132 */
-#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000044
-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000045
-#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA 0x03000046
-
-#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000087
-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
-#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
-
-/* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
-#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
-#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
-#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0x0300C004
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0x0300C005
-
-#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA 0x0300C006
-#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA 0x0300C007
-#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C008
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0x0300C009
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0x0300C00A
-
-#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA 0x0300C00B
-#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA 0x0300C00C
-#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA 0x0300C00D
-#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA 0x0300C00E
-#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA 0x0300C00F
-
-#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA 0x0300C010
-#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA 0x0300C011
-#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA 0x0300C012
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA 0x0300C013
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA 0x0300C014
-
-#define TLS1_CK_ECDH_anon_WITH_NULL_SHA 0x0300C015
-#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA 0x0300C016
-#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA 0x0300C017
-#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA 0x0300C018
-#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA 0x0300C019
-
-/* XXX
- * Inconsistency alert:
- * The OpenSSL names of ciphers with ephemeral DH here include the string
- * "DHE", while elsewhere it has always been "EDH".
- * (The alias for the list of all such ciphers also is "EDH".)
- * The specifications speak of "EDH"; maybe we should allow both forms
- * for everything. */
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA"
-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA"
-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
-
-/* AES ciphersuites from RFC3268 */
-#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AES128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AES128-SHA"
-#define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AES128-SHA"
-
-#define TLS1_TXT_RSA_WITH_AES_256_SHA "AES256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AES256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AES256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AES256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
-#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
-
-/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
-#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA "ECDH-ECDSA-AES128-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA "ECDH-ECDSA-AES256-SHA"
-
-#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA "ECDHE-ECDSA-NULL-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA "ECDHE-ECDSA-RC4-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA "ECDHE-ECDSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA "ECDHE-ECDSA-AES128-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA "ECDHE-ECDSA-AES256-SHA"
-
-#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA "ECDH-RSA-NULL-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA "ECDH-RSA-RC4-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA "ECDH-RSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA "ECDH-RSA-AES128-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA "ECDH-RSA-AES256-SHA"
-
-#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA "ECDHE-RSA-NULL-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA "ECDHE-RSA-RC4-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA "ECDHE-RSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA "ECDHE-RSA-AES128-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA "ECDHE-RSA-AES256-SHA"
-
-#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA "AECDH-NULL-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA "AECDH-RC4-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA "AECDH-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA "AECDH-AES128-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA "AECDH-AES256-SHA"
-
-/* Camellia ciphersuites form RFC4132 */
-#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA "DHE-DSS-CAMELLIA128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA "DHE-RSA-CAMELLIA128-SHA"
-#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA "ADH-CAMELLIA128-SHA"
-
-#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA "CAMELLIA256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA "DH-DSS-CAMELLIA256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA "DH-RSA-CAMELLIA256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA "DHE-DSS-CAMELLIA256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
-#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
-
-
-#define TLS_CT_RSA_SIGN 1
-#define TLS_CT_DSS_SIGN 2
-#define TLS_CT_RSA_FIXED_DH 3
-#define TLS_CT_DSS_FIXED_DH 4
-#define TLS_CT_ECDSA_SIGN 64
-#define TLS_CT_RSA_FIXED_ECDH 65
-#define TLS_CT_ECDSA_FIXED_ECDH 66
-#define TLS_CT_NUMBER 7
-
-#define TLS1_FINISH_MAC_LENGTH 12
-
-#define TLS_MD_MAX_CONST_SIZE 20
-#define TLS_MD_CLIENT_FINISH_CONST "client finished"
-#define TLS_MD_CLIENT_FINISH_CONST_SIZE 15
-#define TLS_MD_SERVER_FINISH_CONST "server finished"
-#define TLS_MD_SERVER_FINISH_CONST_SIZE 15
-#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
-#define TLS_MD_KEY_EXPANSION_CONST "key expansion"
-#define TLS_MD_KEY_EXPANSION_CONST_SIZE 13
-#define TLS_MD_CLIENT_WRITE_KEY_CONST "client write key"
-#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE 16
-#define TLS_MD_SERVER_WRITE_KEY_CONST "server write key"
-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE 16
-#define TLS_MD_IV_BLOCK_CONST "IV block"
-#define TLS_MD_IV_BLOCK_CONST_SIZE 8
-#define TLS_MD_MASTER_SECRET_CONST "master secret"
-#define TLS_MD_MASTER_SECRET_CONST_SIZE 13
-
-#ifdef CHARSET_EBCDIC
-#undef TLS_MD_CLIENT_FINISH_CONST
-#define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/
-#undef TLS_MD_SERVER_FINISH_CONST
-#define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/
-#undef TLS_MD_SERVER_WRITE_KEY_CONST
-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/
-#undef TLS_MD_KEY_EXPANSION_CONST
-#define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/
-#undef TLS_MD_CLIENT_WRITE_KEY_CONST
-#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/
-#undef TLS_MD_SERVER_WRITE_KEY_CONST
-#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/
-#undef TLS_MD_IV_BLOCK_CONST
-#define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/
-#undef TLS_MD_MASTER_SECRET_CONST
-#define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
-
-
diff --git a/crypto/openssl/test/CAss.cnf b/crypto/openssl/test/CAss.cnf
deleted file mode 100644
index 20f8f05..0000000
--- a/crypto/openssl/test/CAss.cnf
+++ /dev/null
@@ -1,76 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE = ./.rnd
-
-####################################################################
-[ req ]
-default_bits = 512
-default_keyfile = keySS.pem
-distinguished_name = req_distinguished_name
-encrypt_rsa_key = no
-default_md = sha1
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_value = AU
-
-organizationName = Organization Name (eg, company)
-organizationName_value = Dodgy Brothers
-
-commonName = Common Name (eg, YOUR name)
-commonName_value = Dodgy CA
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./demoCA # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-#unique_subject = no # Set to 'no' to allow creation of
- # several ctificates with same subject.
-new_certs_dir = $dir/newcerts # default place for new certs.
-
-certificate = $dir/cacert.pem # The CA certificate
-serial = $dir/serial # The current serial number
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/cakey.pem# The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-x509_extensions = v3_ca # The extentions to add to the cert
-
-name_opt = ca_default # Subject Name options
-cert_opt = ca_default # Certificate field options
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = md5 # which md to use.
-preserve = no # keep passed DN ordering
-
-policy = policy_anything
-
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-
-
-[ v3_ca ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-basicConstraints = CA:true,pathlen:1
-keyUsage = cRLSign, keyCertSign
-issuerAltName=issuer:copy
diff --git a/crypto/openssl/test/CAssdh.cnf b/crypto/openssl/test/CAssdh.cnf
deleted file mode 100644
index 4e0a908..0000000
--- a/crypto/openssl/test/CAssdh.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# hacked by iang to do DH certs - CA
-
-RANDFILE = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name = req_distinguished_name
-encrypt_rsa_key = no
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = CU
-countryName_value = CU
-
-organizationName = Organization Name (eg, company)
-organizationName_value = La Junta de la Revolucion
-
-commonName = Common Name (eg, YOUR name)
-commonName_value = Junta
-
diff --git a/crypto/openssl/test/CAssdsa.cnf b/crypto/openssl/test/CAssdsa.cnf
deleted file mode 100644
index a6b4d18..0000000
--- a/crypto/openssl/test/CAssdsa.cnf
+++ /dev/null
@@ -1,23 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# hacked by iang to do DSA certs - CA
-
-RANDFILE = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name = req_distinguished_name
-encrypt_rsa_key = no
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = ES
-countryName_value = ES
-
-organizationName = Organization Name (eg, company)
-organizationName_value = Hermanos Locos
-
-commonName = Common Name (eg, YOUR name)
-commonName_value = Hermanos Locos CA
diff --git a/crypto/openssl/test/CAssrsa.cnf b/crypto/openssl/test/CAssrsa.cnf
deleted file mode 100644
index eb24a6d..0000000
--- a/crypto/openssl/test/CAssrsa.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# create RSA certs - CA
-
-RANDFILE = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name = req_distinguished_name
-encrypt_key = no
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = ES
-countryName_value = ES
-
-organizationName = Organization Name (eg, company)
-organizationName_value = Hermanos Locos
-
-commonName = Common Name (eg, YOUR name)
-commonName_value = Hermanos Locos CA
-
diff --git a/crypto/openssl/test/Makefile b/crypto/openssl/test/Makefile
deleted file mode 100644
index 859088f..0000000
--- a/crypto/openssl/test/Makefile
+++ /dev/null
@@ -1,627 +0,0 @@
-#
-# test/Makefile
-#
-
-DIR= test
-TOP= ..
-CC= cc
-INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES)
-CFLAG= -g
-MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-PERL= perl
-# KRB5 stuff
-KRB5_INCLUDES=
-LIBKRB5=
-
-PEX_LIBS=
-EX_LIBS= #-lnsl -lsocket
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile maketests.com \
- tests.com testenc.com tx509.com trsa.com tcrl.com tsid.com treq.com \
- tpkcs7.com tpkcs7d.com tverify.com testgen.com testss.com testssl.com \
- testca.com VMSca-response.1 VMSca-response.2
-
-DLIBCRYPTO= ../libcrypto.a
-DLIBSSL= ../libssl.a
-LIBCRYPTO= -L.. -lcrypto
-LIBSSL= -L.. -lssl
-
-BNTEST= bntest
-ECTEST= ectest
-ECDSATEST= ecdsatest
-ECDHTEST= ecdhtest
-EXPTEST= exptest
-IDEATEST= ideatest
-SHATEST= shatest
-SHA1TEST= sha1test
-SHA256TEST= sha256t
-SHA512TEST= sha512t
-MDC2TEST= mdc2test
-RMDTEST= rmdtest
-MD2TEST= md2test
-MD4TEST= md4test
-MD5TEST= md5test
-HMACTEST= hmactest
-RC2TEST= rc2test
-RC4TEST= rc4test
-RC5TEST= rc5test
-BFTEST= bftest
-CASTTEST= casttest
-DESTEST= destest
-RANDTEST= randtest
-DHTEST= dhtest
-DSATEST= dsatest
-METHTEST= methtest
-SSLTEST= ssltest
-RSATEST= rsa_test
-ENGINETEST= enginetest
-EVPTEST= evp_test
-IGETEST= igetest
-
-TESTS= alltests
-
-EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \
- $(MD2TEST)$(EXE_EXT) $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) \
- $(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \
- $(DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \
- $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \
- $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
- $(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
- $(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT)
-
-# $(METHTEST)$(EXE_EXT)
-
-OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
- $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
- $(HMACTEST).o \
- $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
- $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(SHA256TEST).o $(SHA512TEST).o \
- $(MDC2TEST).o $(RMDTEST).o \
- $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
- $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \
- $(EVPTEST).o $(IGETEST).o
-SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
- $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \
- $(HMACTEST).c \
- $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
- $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
- $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
- $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \
- $(EVPTEST).c $(IGETEST).c
-
-EXHEADER=
-HEADER= $(EXHEADER)
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd ..; $(MAKE) DIRS=$(DIR) TESTS=$(TESTS) all)
-
-all: exe
-
-exe: $(EXE) dummytest$(EXE_EXT)
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
-
-generate: $(SRC)
-$(SRC):
- @sh $(TOP)/util/point.sh dummytest.c $@
-
-errors:
-
-install:
-
-tags:
- ctags $(SRC)
-
-tests: exe apps $(TESTS)
-
-apps:
- @(cd ..; $(MAKE) DIRS=apps all)
-
-alltests: \
- test_des test_idea test_sha test_md4 test_md5 test_hmac \
- test_md2 test_mdc2 \
- test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
- test_rand test_bn test_ec test_ecdsa test_ecdh \
- test_enc test_x509 test_rsa test_crl test_sid \
- test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
- test_ss test_ca test_engine test_evp test_ssl test_ige
-
-test_evp:
- ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
-
-test_des:
- ../util/shlib_wrap.sh ./$(DESTEST)
-
-test_idea:
- ../util/shlib_wrap.sh ./$(IDEATEST)
-
-test_sha:
- ../util/shlib_wrap.sh ./$(SHATEST)
- ../util/shlib_wrap.sh ./$(SHA1TEST)
- ../util/shlib_wrap.sh ./$(SHA256TEST)
- ../util/shlib_wrap.sh ./$(SHA512TEST)
-
-test_mdc2:
- ../util/shlib_wrap.sh ./$(MDC2TEST)
-
-test_md5:
- ../util/shlib_wrap.sh ./$(MD5TEST)
-
-test_md4:
- ../util/shlib_wrap.sh ./$(MD4TEST)
-
-test_hmac:
- ../util/shlib_wrap.sh ./$(HMACTEST)
-
-test_md2:
- ../util/shlib_wrap.sh ./$(MD2TEST)
-
-test_rmd:
- ../util/shlib_wrap.sh ./$(RMDTEST)
-
-test_bf:
- ../util/shlib_wrap.sh ./$(BFTEST)
-
-test_cast:
- ../util/shlib_wrap.sh ./$(CASTTEST)
-
-test_rc2:
- ../util/shlib_wrap.sh ./$(RC2TEST)
-
-test_rc4:
- ../util/shlib_wrap.sh ./$(RC4TEST)
-
-test_rc5:
- ../util/shlib_wrap.sh ./$(RC5TEST)
-
-test_rand:
- ../util/shlib_wrap.sh ./$(RANDTEST)
-
-test_enc:
- @sh ./testenc
-
-test_x509:
- echo test normal x509v1 certificate
- sh ./tx509 2>/dev/null
- echo test first x509v3 certificate
- sh ./tx509 v3-cert1.pem 2>/dev/null
- echo test second x509v3 certificate
- sh ./tx509 v3-cert2.pem 2>/dev/null
-
-test_rsa:
- @sh ./trsa 2>/dev/null
- ../util/shlib_wrap.sh ./$(RSATEST)
-
-test_crl:
- @sh ./tcrl 2>/dev/null
-
-test_sid:
- @sh ./tsid 2>/dev/null
-
-test_req:
- @sh ./treq 2>/dev/null
- @sh ./treq testreq2.pem 2>/dev/null
-
-test_pkcs7:
- @sh ./tpkcs7 2>/dev/null
- @sh ./tpkcs7d 2>/dev/null
-
-test_bn:
- @echo starting big number library test, could take a while...
- @../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest
- @echo quit >>tmp.bntest
- @echo "running bc"
- @<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
- @echo 'test a^b%c implementations'
- ../util/shlib_wrap.sh ./$(EXPTEST)
-
-test_ec:
- @echo 'test elliptic curves'
- ../util/shlib_wrap.sh ./$(ECTEST)
-
-test_ecdsa:
- @echo 'test ecdsa'
- ../util/shlib_wrap.sh ./$(ECDSATEST)
-
-test_ecdh:
- @echo 'test ecdh'
- ../util/shlib_wrap.sh ./$(ECDHTEST)
-
-test_verify:
- @echo "The following command should have some OK's and some failures"
- @echo "There are definitly a few expired certificates"
- ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem
-
-test_dh:
- @echo "Generate a set of DH parameters"
- ../util/shlib_wrap.sh ./$(DHTEST)
-
-test_dsa:
- @echo "Generate a set of DSA parameters"
- ../util/shlib_wrap.sh ./$(DSATEST)
- ../util/shlib_wrap.sh ./$(DSATEST) -app2_1
-
-test_gen:
- @echo "Generate and verify a certificate request"
- @sh ./testgen
-
-test_ss keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
- intP1.ss intP2.ss: testss
- @echo "Generate and certify a test certificate"
- @sh ./testss
- @cat certCA.ss certU.ss > intP1.ss
- @cat certCA.ss certU.ss certP1.ss > intP2.ss
-
-test_engine:
- @echo "Manipulate the ENGINE structures"
- ../util/shlib_wrap.sh ./$(ENGINETEST)
-
-test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \
- intP1.ss intP2.ss
- @echo "test SSL protocol"
- ../util/shlib_wrap.sh ./$(SSLTEST) -test_cipherlist
- @sh ./testssl keyU.ss certU.ss certCA.ss
- @sh ./testsslproxy keyP1.ss certP1.ss intP1.ss
- @sh ./testsslproxy keyP2.ss certP2.ss intP2.ss
-
-test_ca:
- @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
- echo "skipping CA.sh test -- requires RSA"; \
- else \
- echo "Generate and certify a test certificate via the 'ca' program"; \
- sh ./testca; \
- fi
-
-test_aes: #$(AESTEST)
-# @echo "test Rijndael"
-# ../util/shlib_wrap.sh ./$(AESTEST)
-
-test_ige: $(IGETEST)$(EXE_EXT)
- @echo "Test IGE mode"
- ../util/shlib_wrap.sh ./$(IGETEST)
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
- @if [ -z "$(THIS)" ]; then \
- $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
- else \
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
- fi
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log
-
-$(DLIBSSL):
- (cd ..; $(MAKE) DIRS=ssl all)
-
-$(DLIBCRYPTO):
- (cd ..; $(MAKE) DIRS=crypto all)
-
-BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
- shlib_target="$(SHLIB_TARGET)"; \
- fi; \
- if [ "$${shlib_target}" = "hpux-shared" -o "$${shlib_target}" = "darwin-shared" ] ; then \
- LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO) $(LIBKRB5)"; \
- else \
- LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
- fi; \
- $(MAKE) -f $(TOP)/Makefile.shared -e \
- APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
- LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
- link_app.$${shlib_target}
-
-$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
- @target=$(RSATEST); $(BUILD_CMD)
-
-$(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
- @target=$(BNTEST); $(BUILD_CMD)
-
-$(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
- @target=$(ECTEST); $(BUILD_CMD)
-
-$(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
- @target=$(EXPTEST); $(BUILD_CMD)
-
-$(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
- @target=$(IDEATEST); $(BUILD_CMD)
-
-$(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
- @target=$(MD2TEST); $(BUILD_CMD)
-
-$(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
- @target=$(SHATEST); $(BUILD_CMD)
-
-$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
- @target=$(SHA1TEST); $(BUILD_CMD)
-
-$(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
- @target=$(SHA256TEST); $(BUILD_CMD)
-
-$(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
- @target=$(SHA512TEST); $(BUILD_CMD)
-
-$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
- @target=$(RMDTEST); $(BUILD_CMD)
-
-$(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
- @target=$(MDC2TEST); $(BUILD_CMD)
-
-$(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
- @target=$(MD4TEST); $(BUILD_CMD)
-
-$(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
- @target=$(MD5TEST); $(BUILD_CMD)
-
-$(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
- @target=$(HMACTEST); $(BUILD_CMD)
-
-$(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
- @target=$(RC2TEST); $(BUILD_CMD)
-
-$(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
- @target=$(BFTEST); $(BUILD_CMD)
-
-$(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
- @target=$(CASTTEST); $(BUILD_CMD)
-
-$(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
- @target=$(RC4TEST); $(BUILD_CMD)
-
-$(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
- @target=$(RC5TEST); $(BUILD_CMD)
-
-$(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
- @target=$(DESTEST); $(BUILD_CMD)
-
-$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
- @target=$(RANDTEST); $(BUILD_CMD)
-
-$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
- @target=$(DHTEST); $(BUILD_CMD)
-
-$(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
- @target=$(DSATEST); $(BUILD_CMD)
-
-$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
- @target=$(METHTEST); $(BUILD_CMD)
-
-$(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
- @target=$(SSLTEST); $(BUILD_CMD)
-
-$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
- @target=$(ENGINETEST); $(BUILD_CMD)
-
-$(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
- @target=$(EVPTEST); $(BUILD_CMD)
-
-$(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
- @target=$(ECDSATEST); $(BUILD_CMD)
-
-$(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
- @target=$(ECDHTEST); $(BUILD_CMD)
-
-$(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
- @target=$(IGETEST); $(BUILD_CMD)
-
-#$(AESTEST).o: $(AESTEST).c
-# $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-
-#$(AESTEST)$(EXE_EXT): $(AESTEST).o $(DLIBCRYPTO)
-# if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
-# $(CC) -o $(AESTEST)$(EXE_EXT) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
-# else \
-# $(CC) -o $(AESTEST)$(EXE_EXT) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
-# fi
-
-dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
- @target=dummytest$; $(BUILD_CMD)
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h
-bftest.o: ../include/openssl/opensslconf.h bftest.c
-bntest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-bntest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-bntest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-bntest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
-bntest.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
-bntest.o: ../include/openssl/evp.h ../include/openssl/lhash.h
-bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-bntest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
-bntest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-bntest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c
-casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
-casttest.o: ../include/openssl/opensslconf.h casttest.c
-destest.o: ../include/openssl/des.h ../include/openssl/des_old.h
-destest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
-destest.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-destest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-destest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h destest.c
-dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
-dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-dhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h dhtest.c
-dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
-dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
-dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h
-dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-dsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
-dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-dsatest.o: ../include/openssl/symhacks.h dsatest.c
-ecdhtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ecdhtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
-ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ecdhtest.o: ../include/openssl/ecdh.h ../include/openssl/err.h
-ecdhtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ecdhtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-ecdhtest.o: ../include/openssl/sha.h ../include/openssl/stack.h
-ecdhtest.o: ../include/openssl/symhacks.h ecdhtest.c
-ecdsatest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
-ecdsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
-ecdsatest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
-ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h
-ecdsatest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ecdsatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ecdsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ecdsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-ecdsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ecdsatest.o: ecdsatest.c
-ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
-ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ectest.o: ../include/openssl/engine.h ../include/openssl/err.h
-ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ectest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
-ectest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ectest.c
-enginetest.o: ../include/openssl/bio.h ../include/openssl/buffer.h
-enginetest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-enginetest.o: ../include/openssl/engine.h ../include/openssl/err.h
-enginetest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-enginetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-enginetest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-enginetest.o: ../include/openssl/symhacks.h enginetest.c
-evp_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-evp_test.o: ../include/openssl/conf.h ../include/openssl/crypto.h
-evp_test.o: ../include/openssl/e_os2.h ../include/openssl/engine.h
-evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h
-evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-evp_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-evp_test.o: ../include/openssl/symhacks.h evp_test.c
-exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
-exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
-exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
-exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-exptest.o: ../include/openssl/symhacks.h exptest.c
-hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
-hmactest.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
-hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-hmactest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-hmactest.o: ../include/openssl/symhacks.h hmactest.c
-ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h
-ideatest.o: ../include/openssl/opensslconf.h ideatest.c
-igetest.o: ../include/openssl/aes.h ../include/openssl/e_os2.h
-igetest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
-igetest.o: ../include/openssl/rand.h igetest.c
-md2test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-md2test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-md2test.o: ../include/openssl/evp.h ../include/openssl/md2.h
-md2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-md2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-md2test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-md2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md2test.c
-md4test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-md4test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-md4test.o: ../include/openssl/evp.h ../include/openssl/md4.h
-md4test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-md4test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-md4test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-md4test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md4test.c
-md5test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-md5test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-md5test.o: ../include/openssl/evp.h ../include/openssl/md5.h
-md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
-md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
-md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
-md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h md5test.c
-mdc2test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
-mdc2test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
-mdc2test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-mdc2test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-mdc2test.o: ../include/openssl/symhacks.h mdc2test.c
-randtest.o: ../e_os.h ../include/openssl/e_os2.h
-randtest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
-randtest.o: ../include/openssl/rand.h randtest.c
-rc2test.o: ../e_os.h ../include/openssl/e_os2.h
-rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h rc2test.c
-rc4test.o: ../e_os.h ../include/openssl/e_os2.h
-rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
-rc4test.o: ../include/openssl/sha.h rc4test.c
-rc5test.o: ../include/openssl/buffer.h ../include/openssl/crypto.h
-rc5test.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
-rc5test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rc5test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-rc5test.o: ../include/openssl/symhacks.h rc5test.c
-rmdtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-rmdtest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-rmdtest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h
-rmdtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-rmdtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rmdtest.o: ../include/openssl/ripemd.h ../include/openssl/safestack.h
-rmdtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h rmdtest.c
-rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h
-rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
-rsa_test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
-rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-rsa_test.o: ../include/openssl/rand.h ../include/openssl/rsa.h
-rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
-rsa_test.o: ../include/openssl/symhacks.h rsa_test.c
-sha1test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-sha1test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-sha1test.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h
-sha1test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-sha1test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h sha1test.c
-shatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
-shatest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h
-shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h shatest.c
-ssltest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
-ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
-ssltest.o: ../include/openssl/comp.h ../include/openssl/conf.h
-ssltest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
-ssltest.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
-ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
-ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
-ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h
-ssltest.o: ../include/openssl/evp.h ../include/openssl/kssl.h
-ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
-ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
-ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
-ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
-ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pq_compat.h
-ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
-ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssltest.o: ../include/openssl/x509v3.h ssltest.c
diff --git a/crypto/openssl/test/P1ss.cnf b/crypto/openssl/test/P1ss.cnf
deleted file mode 100644
index 876a0d3..0000000
--- a/crypto/openssl/test/P1ss.cnf
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE = ./.rnd
-
-####################################################################
-[ req ]
-default_bits = 512
-default_keyfile = keySS.pem
-distinguished_name = req_distinguished_name
-encrypt_rsa_key = no
-default_md = md2
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_value = AU
-
-organizationName = Organization Name (eg, company)
-organizationName_value = Dodgy Brothers
-
-0.commonName = Common Name (eg, YOUR name)
-0.commonName_value = Brother 1
-
-1.commonName = Common Name (eg, YOUR name)
-1.commonName_value = Brother 2
-
-2.commonName = Common Name (eg, YOUR name)
-2.commonName_value = Proxy 1
-
-[ v3_proxy ]
-basicConstraints=CA:FALSE
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
diff --git a/crypto/openssl/test/P2ss.cnf b/crypto/openssl/test/P2ss.cnf
deleted file mode 100644
index 373a87e..0000000
--- a/crypto/openssl/test/P2ss.cnf
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE = ./.rnd
-
-####################################################################
-[ req ]
-default_bits = 512
-default_keyfile = keySS.pem
-distinguished_name = req_distinguished_name
-encrypt_rsa_key = no
-default_md = md2
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_value = AU
-
-organizationName = Organization Name (eg, company)
-organizationName_value = Dodgy Brothers
-
-0.commonName = Common Name (eg, YOUR name)
-0.commonName_value = Brother 1
-
-1.commonName = Common Name (eg, YOUR name)
-1.commonName_value = Brother 2
-
-2.commonName = Common Name (eg, YOUR name)
-2.commonName_value = Proxy 1
-
-3.commonName = Common Name (eg, YOUR name)
-3.commonName_value = Proxy 2
-
-[ v3_proxy ]
-basicConstraints=CA:FALSE
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-proxyCertInfo=critical,@proxy_ext
-
-[ proxy_ext ]
-language=id-ppl-anyLanguage
-pathlen=0
-policy=text:BC
diff --git a/crypto/openssl/test/Sssdsa.cnf b/crypto/openssl/test/Sssdsa.cnf
deleted file mode 100644
index 8e170a2..0000000
--- a/crypto/openssl/test/Sssdsa.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# hacked by iang to do DSA certs - Server
-
-RANDFILE = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name = req_distinguished_name
-encrypt_rsa_key = no
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = ES
-countryName_value = ES
-
-organizationName = Organization Name (eg, company)
-organizationName_value = Tortilleras S.A.
-
-0.commonName = Common Name (eg, YOUR name)
-0.commonName_value = Torti
-
-1.commonName = Common Name (eg, YOUR name)
-1.commonName_value = Gordita
-
diff --git a/crypto/openssl/test/Sssrsa.cnf b/crypto/openssl/test/Sssrsa.cnf
deleted file mode 100644
index 8c79a03..0000000
--- a/crypto/openssl/test/Sssrsa.cnf
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# create RSA certs - Server
-
-RANDFILE = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name = req_distinguished_name
-encrypt_key = no
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = ES
-countryName_value = ES
-
-organizationName = Organization Name (eg, company)
-organizationName_value = Tortilleras S.A.
-
-0.commonName = Common Name (eg, YOUR name)
-0.commonName_value = Torti
-
-1.commonName = Common Name (eg, YOUR name)
-1.commonName_value = Gordita
diff --git a/crypto/openssl/test/Uss.cnf b/crypto/openssl/test/Uss.cnf
deleted file mode 100644
index 0c0ebb5..0000000
--- a/crypto/openssl/test/Uss.cnf
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE = ./.rnd
-
-####################################################################
-[ req ]
-default_bits = 512
-default_keyfile = keySS.pem
-distinguished_name = req_distinguished_name
-encrypt_rsa_key = no
-default_md = md2
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_value = AU
-
-organizationName = Organization Name (eg, company)
-organizationName_value = Dodgy Brothers
-
-0.commonName = Common Name (eg, YOUR name)
-0.commonName_value = Brother 1
-
-1.commonName = Common Name (eg, YOUR name)
-1.commonName_value = Brother 2
-
-[ v3_ee ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-basicConstraints = CA:false
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-issuerAltName=issuer:copy
-
diff --git a/crypto/openssl/test/VMSca-response.1 b/crypto/openssl/test/VMSca-response.1
deleted file mode 100644
index 8b13789..0000000
--- a/crypto/openssl/test/VMSca-response.1
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/crypto/openssl/test/VMSca-response.2 b/crypto/openssl/test/VMSca-response.2
deleted file mode 100644
index 9b48ee4..0000000
--- a/crypto/openssl/test/VMSca-response.2
+++ /dev/null
@@ -1,2 +0,0 @@
-y
-y
diff --git a/crypto/openssl/test/bctest b/crypto/openssl/test/bctest
deleted file mode 100755
index bdb3218..0000000
--- a/crypto/openssl/test/bctest
+++ /dev/null
@@ -1,111 +0,0 @@
-#!/bin/sh
-
-# This script is used by test/Makefile.ssl to check whether a sane 'bc'
-# is installed.
-# ('make test_bn' should not try to run 'bc' if it does not exist or if
-# it is a broken 'bc' version that is known to cause trouble.)
-#
-# If 'bc' works, we also test if it knows the 'print' command.
-#
-# In any case, output an appropriate command line for running (or not
-# running) bc.
-
-
-IFS=:
-try_without_dir=true
-# First we try "bc", then "$dir/bc" for each item in $PATH.
-for dir in dummy:$PATH; do
- if [ "$try_without_dir" = true ]; then
- # first iteration
- bc=bc
- try_without_dir=false
- else
- # second and later iterations
- bc="$dir/bc"
- if [ ! -f "$bc" ]; then # '-x' is not available on Ultrix
- bc=''
- fi
- fi
-
- if [ ! "$bc" = '' ]; then
- failure=none
-
-
- # Test for SunOS 5.[78] bc bug
- "$bc" >tmp.bctest <<\EOF
-obase=16
-ibase=16
-a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
-CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
-10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
-C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
-3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
-4FC3CADF855448B24A9D7640BCF473E
-b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
-9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
-8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
-3ED0E2017D60A68775B75481449
-(a/b)*b + (a%b) - a
-EOF
- if [ 0 != "`cat tmp.bctest`" ]; then
- failure=SunOStest
- fi
-
-
- if [ "$failure" = none ]; then
- # Test for SCO bc bug.
- "$bc" >tmp.bctest <<\EOF
-obase=16
-ibase=16
--FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
-9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
-11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
-1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
-AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
-F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
-B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
-02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
-85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
-A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
-E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
-8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
-04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
-89C8D71
-AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
-928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
-8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
-37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
-E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
-F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
-9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
-D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
-5296964
-EOF
- if [ "0
-0" != "`cat tmp.bctest`" ]; then
- failure=SCOtest
- fi
- fi
-
-
- if [ "$failure" = none ]; then
- # bc works; now check if it knows the 'print' command.
- if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
- then
- echo "$bc"
- else
- echo "sed 's/print.*//' | $bc"
- fi
- exit 0
- fi
-
- echo "$bc does not work properly ('$failure' failed). Looking for another bc ..." >&2
- fi
-done
-
-echo "No working bc found. Consider installing GNU bc." >&2
-if [ "$1" = ignore ]; then
- echo "cat >/dev/null"
- exit 0
-fi
-exit 1
diff --git a/crypto/openssl/test/dummytest.c b/crypto/openssl/test/dummytest.c
deleted file mode 100644
index 5b4467e..0000000
--- a/crypto/openssl/test/dummytest.c
+++ /dev/null
@@ -1,48 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <ctype.h>
-#include <openssl/e_os2.h>
-#include <openssl/buffer.h>
-#include <openssl/crypto.h>
-
-int main(int argc, char *argv[])
- {
- char *p, *q = 0, *program;
-
- p = strrchr(argv[0], '/');
- if (!p) p = strrchr(argv[0], '\\');
-#ifdef OPENSSL_SYS_VMS
- if (!p) p = strrchr(argv[0], ']');
- if (p) q = strrchr(p, '>');
- if (q) p = q;
- if (!p) p = strrchr(argv[0], ':');
- q = 0;
-#endif
- if (p) p++;
- if (!p) p = argv[0];
- if (p) q = strchr(p, '.');
- if (p && !q) q = p + strlen(p);
-
- if (!p)
- program = BUF_strdup("(unknown)");
- else
- {
- program = OPENSSL_malloc((q - p) + 1);
- strncpy(program, p, q - p);
- program[q - p] = '\0';
- }
-
- for(p = program; *p; p++)
- if (islower((unsigned char)(*p)))
- *p = toupper((unsigned char)(*p));
-
- q = strstr(program, "TEST");
- if (q > p && q[-1] == '_') q--;
- *q = '\0';
-
- printf("No %s support\n", program);
-
- OPENSSL_free(program);
- return(0);
- }
diff --git a/crypto/openssl/test/evptests.txt b/crypto/openssl/test/evptests.txt
deleted file mode 100644
index 193009f..0000000
--- a/crypto/openssl/test/evptests.txt
+++ /dev/null
@@ -1,312 +0,0 @@
-#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
-#digest:::input:output
-
-# SHA(1) tests (from shatest.c)
-SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d
-
-# MD5 tests (from md5test.c)
-MD5::::d41d8cd98f00b204e9800998ecf8427e
-MD5:::61:0cc175b9c0f1b6a831c399e269772661
-MD5:::616263:900150983cd24fb0d6963f7d28e17f72
-MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0
-MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b
-MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f
-MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a
-
-# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
-
-AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1
-
-# AES 192 ECB tests (from FIPS-197 test vectors, encrypt)
-
-AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1
-
-# AES 256 ECB tests (from FIPS-197 test vectors, encrypt)
-
-AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1
-
-# AES 128 ECB tests (from NIST test vectors, encrypt)
-
-#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1
-
-# AES 128 ECB tests (from NIST test vectors, decrypt)
-
-#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0
-
-# AES 192 ECB tests (from NIST test vectors, decrypt)
-
-#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0
-
-# AES 256 ECB tests (from NIST test vectors, decrypt)
-
-#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0
-
-# AES 128 CBC tests (from NIST test vectors, encrypt)
-
-#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1
-
-# AES 192 CBC tests (from NIST test vectors, encrypt)
-
-#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1
-
-# AES 256 CBC tests (from NIST test vectors, encrypt)
-
-#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1
-
-# AES 128 CBC tests (from NIST test vectors, decrypt)
-
-#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0
-
-# AES tests from NIST document SP800-38A
-# For all ECB encrypts and decrypts, the transformed sequence is
-# AES-bits-ECB:key::plaintext:ciphertext:encdec
-# ECB-AES128.Encrypt and ECB-AES128.Decrypt
-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97
-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF
-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688
-AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4
-# ECB-AES192.Encrypt and ECB-AES192.Decrypt
-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC
-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF
-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E
-AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E
-# ECB-AES256.Encrypt and ECB-AES256.Decrypt
-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8
-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870
-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D
-AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7
-# For all CBC encrypts and decrypts, the transformed sequence is
-# AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
-# CBC-AES128.Encrypt and CBC-AES128.Decrypt
-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D
-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2
-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516
-AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7
-# CBC-AES192.Encrypt and CBC-AES192.Decrypt
-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8
-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A
-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0
-AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD
-# CBC-AES256.Encrypt and CBC-AES256.Decrypt
-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6
-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D
-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461
-AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B
-# We don't support CFB{1,8}-AESxxx.{En,De}crypt
-# For all CFB128 encrypts and decrypts, the transformed sequence is
-# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
-# CFB128-AES128.Encrypt
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1
-# CFB128-AES128.Decrypt
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0
-AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0
-# CFB128-AES192.Encrypt
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1
-# CFB128-AES192.Decrypt
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0
-AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0
-# CFB128-AES256.Encrypt
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1
-# CFB128-AES256.Decrypt
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0
-AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0
-# For all OFB encrypts and decrypts, the transformed sequence is
-# AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec
-# OFB-AES128.Encrypt
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1
-# OFB-AES128.Decrypt
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0
-AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0
-# OFB-AES192.Encrypt
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1
-# OFB-AES192.Decrypt
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0
-AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0
-# OFB-AES256.Encrypt
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1
-# OFB-AES256.Decrypt
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0
-AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0
-
-# DES ECB tests (from destest)
-
-DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7
-DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58
-DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B
-DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533
-DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D
-DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD
-DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4
-
-# DESX-CBC tests (from destest)
-DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4
-
-# DES EDE3 CBC tests (from destest)
-DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
-
-# RC4 tests (from rc4test)
-RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
-RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879
-RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a
-RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
-RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
-RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61
-
-
-# Camellia tests from RFC3713
-# For all ECB encrypts and decrypts, the transformed sequence is
-# CAMELLIA-bits-ECB:key::plaintext:ciphertext:encdec
-CAMELLIA-128-ECB:0123456789abcdeffedcba9876543210::0123456789abcdeffedcba9876543210:67673138549669730857065648eabe43
-CAMELLIA-192-ECB:0123456789abcdeffedcba98765432100011223344556677::0123456789abcdeffedcba9876543210:b4993401b3e996f84ee5cee7d79b09b9
-CAMELLIA-256-ECB:0123456789abcdeffedcba987654321000112233445566778899aabbccddeeff::0123456789abcdeffedcba9876543210:9acc237dff16d76c20ef7c919e3a7509
-
-# ECB-CAMELLIA128.Encrypt
-CAMELLIA-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:77CF412067AF8270613529149919546F:1
-CAMELLIA-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:B22F3C36B72D31329EEE8ADDC2906C68:1
-CAMELLIA-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:2EDF1F3418D53B88841FC8985FB1ECF2:1
-
-# ECB-CAMELLIA128.Encrypt and ECB-CAMELLIA128.Decrypt
-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:432FC5DCD628115B7C388D770B270C96
-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:0BE1F14023782A22E8384C5ABB7FAB2B
-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:A0A1ABCD1893AB6FE0FE5B65DF5F8636
-CAMELLIA-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:E61925E0D5DFAA9BB29F815B3076E51A
-
-# ECB-CAMELLIA192.Encrypt and ECB-CAMELLIA192.Decrypt
-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:CCCC6C4E138B45848514D48D0D3439D3
-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:5713C62C14B2EC0F8393B6AFD6F5785A
-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:B40ED2B60EB54D09D030CF511FEEF366
-CAMELLIA-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:909DBD95799096748CB27357E73E1D26
-
-# ECB-CAMELLIA256.Encrypt and ECB-CAMELLIA256.Decrypt
-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:BEFD219B112FA00098919CD101C9CCFA
-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:C91D3A8F1AEA08A9386CF4B66C0169EA
-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:A623D711DC5F25A51BB8A80D56397D28
-CAMELLIA-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:7960109FB6DC42947FCFE59EA3C5EB6B
-
-# For all CBC encrypts and decrypts, the transformed sequence is
-# CAMELLIA-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
-# CBC-CAMELLIA128.Encrypt and CBC-CAMELLIA128.Decrypt
-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:1607CF494B36BBF00DAEB0B503C831AB
-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:1607CF494B36BBF00DAEB0B503C831AB:AE2D8A571E03AC9C9EB76FAC45AF8E51:A2F2CF671629EF7840C5A5DFB5074887
-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:A2F2CF671629EF7840C5A5DFB5074887:30C81C46A35CE411E5FBC1191A0A52EF:0F06165008CF8B8B5A63586362543E54
-CAMELLIA-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:36A84CDAFD5F9A85ADA0F0A993D6D577:F69F2445DF4F9B17AD2B417BE66C3710:74C64268CDB8B8FAF5B34E8AF3732980
-
-# CBC-CAMELLIA192.Encrypt and CBC-CAMELLIA192.Decrypt
-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:2A4830AB5AC4A1A2405955FD2195CF93
-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2A4830AB5AC4A1A2405955FD2195CF93:AE2D8A571E03AC9C9EB76FAC45AF8E51:5D5A869BD14CE54264F892A6DD2EC3D5
-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:5D5A869BD14CE54264F892A6DD2EC3D5:30C81C46A35CE411E5FBC1191A0A52EF:37D359C3349836D884E310ADDF68C449
-CAMELLIA-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:37D359C3349836D884E310ADDF68C449:F69F2445DF4F9B17AD2B417BE66C3710:01FAAA930B4AB9916E9668E1428C6B08
-
-# CBC-CAMELLIA256.Encrypt and CBC-CAMELLIA256.Decrypt
-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:E6CFA35FC02B134A4D2C0B6737AC3EDA
-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E6CFA35FC02B134A4D2C0B6737AC3EDA:AE2D8A571E03AC9C9EB76FAC45AF8E51:36CBEB73BD504B4070B1B7DE2B21EB50
-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:36CBEB73BD504B4070B1B7DE2B21EB50:30C81C46A35CE411E5FBC1191A0A52EF:E31A6055297D96CA3330CDF1B1860A83
-CAMELLIA-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E31A6055297D96CA3330CDF1B1860A83:F69F2445DF4F9B17AD2B417BE66C3710:5D563F6D1CCCF236051C0C5C1C58F28F
-
-# We don't support CFB{1,8}-CAMELLIAxxx.{En,De}crypt
-# For all CFB128 encrypts and decrypts, the transformed sequence is
-# CAMELLIA-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
-# CFB128-CAMELLIA128.Encrypt
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:1
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:1
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:1
-
-# CFB128-CAMELLIA128.Decrypt
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:14F7646187817EB586599146B82BD719:AE2D8A571E03AC9C9EB76FAC45AF8E51:A53D28BB82DF741103EA4F921A44880B:0
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:A53D28BB82DF741103EA4F921A44880B:30C81C46A35CE411E5FBC1191A0A52EF:9C2157A664626D1DEF9EA420FDE69B96:0
-CAMELLIA-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:9C2157A664626D1DEF9EA420FDE69B96:F69F2445DF4F9B17AD2B417BE66C3710:742A25F0542340C7BAEF24CA8482BB09:0
-
-# CFB128-CAMELLIA192.Encrypt
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:1
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:1
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:1
-
-# CFB128-CAMELLIA192.Decrypt
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:C832BB9780677DAA82D9B6860DCD565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:86F8491627906D780C7A6D46EA331F98:0
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:86F8491627906D780C7A6D46EA331F98:30C81C46A35CE411E5FBC1191A0A52EF:69511CCE594CF710CB98BB63D7221F01:0
-CAMELLIA-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:69511CCE594CF710CB98BB63D7221F01:F69F2445DF4F9B17AD2B417BE66C3710:D5B5378A3ABED55803F25565D8907B84:0
-
-# CFB128-CAMELLIA256.Encrypt
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:1
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:1
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:1
-
-# CFB128-CAMELLIA256.Decrypt
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:CF6107BB0CEA7D7FB1BD31F5E7B06C93:AE2D8A571E03AC9C9EB76FAC45AF8E51:89BEDB4CCDD864EA11BA4CBE849B5E2B:0
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:89BEDB4CCDD864EA11BA4CBE849B5E2B:30C81C46A35CE411E5FBC1191A0A52EF:555FC3F34BDD2D54C62D9E3BF338C1C4:0
-CAMELLIA-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:555FC3F34BDD2D54C62D9E3BF338C1C4:F69F2445DF4F9B17AD2B417BE66C3710:5953ADCE14DB8C7F39F1BD39F359BFFA:0
-
-# For all OFB encrypts and decrypts, the transformed sequence is
-# CAMELLIA-bits-OFB:key:IV/output':plaintext:ciphertext:encdec
-# OFB-CAMELLIA128.Encrypt
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:1
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:1
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:1
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:1
-
-# OFB-CAMELLIA128.Decrypt
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:14F7646187817EB586599146B82BD719:0
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:25623DB569CA51E01482649977E28D84:0
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:C776634A60729DC657D12B9FCA801E98:0
-CAMELLIA-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:D776379BE0E50825E681DA1A4C980E8E:0
-
-# OFB-CAMELLIA192.Encrypt
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:1
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:1
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:1
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:1
-
-# OFB-CAMELLIA192.Decrypt
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:C832BB9780677DAA82D9B6860DCD565E:0
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:8ECEB7D0350D72C7F78562AEBDF99339:0
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:BDD62DBBB9700846C53B507F544696F0:0
-CAMELLIA-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:E28014E046B802F385C4C2E13EAD4A72:0
-
-# OFB-CAMELLIA256.Encrypt
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:1
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:1
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:1
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:1
-
-# OFB-CAMELLIA256.Decrypt
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CF6107BB0CEA7D7FB1BD31F5E7B06C93:0
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:127AD97E8E3994E4820027D7BA109368:0
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:6BFF6265A6A6B7A535BC65A80B17214E:0
-CAMELLIA-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0A4A0404E26AA78A27CB271E8BF3CF20:0
-
diff --git a/crypto/openssl/test/igetest.c b/crypto/openssl/test/igetest.c
deleted file mode 100644
index d93428f..0000000
--- a/crypto/openssl/test/igetest.c
+++ /dev/null
@@ -1,486 +0,0 @@
-/* test/igetest.c -*- mode:C; c-file-style: "eay" -*- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- */
-
-#include <openssl/aes.h>
-#include <openssl/rand.h>
-#include <stdio.h>
-#include <string.h>
-#include <assert.h>
-
-#define TEST_SIZE 128
-#define BIG_TEST_SIZE 10240
-
-static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
- {
- int n=0;
-
- fprintf(f,"%s",title);
- for( ; n < l ; ++n)
- {
- if((n%16) == 0)
- fprintf(f,"\n%04x",n);
- fprintf(f," %02x",s[n]);
- }
- fprintf(f,"\n");
- }
-
-#define MAX_VECTOR_SIZE 64
-
-struct ige_test
- {
- const unsigned char key[16];
- const unsigned char iv[32];
- const unsigned char in[MAX_VECTOR_SIZE];
- const unsigned char out[MAX_VECTOR_SIZE];
- const size_t length;
- const int encrypt;
- };
-
-static struct ige_test const ige_test_vectors[] = {
-{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* iv */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
- { 0x1a, 0x85, 0x19, 0xa6, 0x55, 0x7b, 0xe6, 0x52,
- 0xe9, 0xda, 0x8e, 0x43, 0xda, 0x4e, 0xf4, 0x45,
- 0x3c, 0xf4, 0x56, 0xb4, 0xca, 0x48, 0x8a, 0xa3,
- 0x83, 0xc7, 0x9c, 0x98, 0xb3, 0x47, 0x97, 0xcb }, /* out */
- 32, AES_ENCRYPT }, /* test vector 0 */
-
-{ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
- 0x61, 0x6e, 0x20, 0x69, 0x6d, 0x70, 0x6c, 0x65 }, /* key */
- { 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f,
- 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x49, 0x47, 0x45,
- 0x20, 0x6d, 0x6f, 0x64, 0x65, 0x20, 0x66, 0x6f,
- 0x72, 0x20, 0x4f, 0x70, 0x65, 0x6e, 0x53, 0x53 }, /* iv */
- { 0x4c, 0x2e, 0x20, 0x4c, 0x65, 0x74, 0x27, 0x73,
- 0x20, 0x68, 0x6f, 0x70, 0x65, 0x20, 0x42, 0x65,
- 0x6e, 0x20, 0x67, 0x6f, 0x74, 0x20, 0x69, 0x74,
- 0x20, 0x72, 0x69, 0x67, 0x68, 0x74, 0x21, 0x0a }, /* in */
- { 0x99, 0x70, 0x64, 0x87, 0xa1, 0xcd, 0xe6, 0x13,
- 0xbc, 0x6d, 0xe0, 0xb6, 0xf2, 0x4b, 0x1c, 0x7a,
- 0xa4, 0x48, 0xc8, 0xb9, 0xc3, 0x40, 0x3e, 0x34,
- 0x67, 0xa8, 0xca, 0xd8, 0x93, 0x40, 0xf5, 0x3b }, /* out */
- 32, AES_DECRYPT }, /* test vector 1 */
-};
-
-struct bi_ige_test
- {
- const unsigned char key1[32];
- const unsigned char key2[32];
- const unsigned char iv[64];
- const unsigned char in[MAX_VECTOR_SIZE];
- const unsigned char out[MAX_VECTOR_SIZE];
- const size_t keysize;
- const size_t length;
- const int encrypt;
- };
-
-static struct bi_ige_test const bi_ige_test_vectors[] = {
-{ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, /* key1 */
- { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, /* key2 */
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f }, /* iv */
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, /* in */
- { 0x14, 0x40, 0x6f, 0xae, 0xa2, 0x79, 0xf2, 0x56,
- 0x1f, 0x86, 0xeb, 0x3b, 0x7d, 0xff, 0x53, 0xdc,
- 0x4e, 0x27, 0x0c, 0x03, 0xde, 0x7c, 0xe5, 0x16,
- 0x6a, 0x9c, 0x20, 0x33, 0x9d, 0x33, 0xfe, 0x12 }, /* out */
- 16, 32, AES_ENCRYPT }, /* test vector 0 */
-{ { 0x58, 0x0a, 0x06, 0xe9, 0x97, 0x07, 0x59, 0x5c,
- 0x9e, 0x19, 0xd2, 0xa7, 0xbb, 0x40, 0x2b, 0x7a,
- 0xc7, 0xd8, 0x11, 0x9e, 0x4c, 0x51, 0x35, 0x75,
- 0x64, 0x28, 0x0f, 0x23, 0xad, 0x74, 0xac, 0x37 }, /* key1 */
- { 0xd1, 0x80, 0xa0, 0x31, 0x47, 0xa3, 0x11, 0x13,
- 0x86, 0x26, 0x9e, 0x6d, 0xff, 0xaf, 0x72, 0x74,
- 0x5b, 0xa2, 0x35, 0x81, 0xd2, 0xa6, 0x3d, 0x21,
- 0x67, 0x7b, 0x58, 0xa8, 0x18, 0xf9, 0x72, 0xe4 }, /* key2 */
- { 0x80, 0x3d, 0xbd, 0x4c, 0xe6, 0x7b, 0x06, 0xa9,
- 0x53, 0x35, 0xd5, 0x7e, 0x71, 0xc1, 0x70, 0x70,
- 0x74, 0x9a, 0x00, 0x28, 0x0c, 0xbf, 0x6c, 0x42,
- 0x9b, 0xa4, 0xdd, 0x65, 0x11, 0x77, 0x7c, 0x67,
- 0xfe, 0x76, 0x0a, 0xf0, 0xd5, 0xc6, 0x6e, 0x6a,
- 0xe7, 0x5e, 0x4c, 0xf2, 0x7e, 0x9e, 0xf9, 0x20,
- 0x0e, 0x54, 0x6f, 0x2d, 0x8a, 0x8d, 0x7e, 0xbd,
- 0x48, 0x79, 0x37, 0x99, 0xff, 0x27, 0x93, 0xa3 }, /* iv */
- { 0xf1, 0x54, 0x3d, 0xca, 0xfe, 0xb5, 0xef, 0x1c,
- 0x4f, 0xa6, 0x43, 0xf6, 0xe6, 0x48, 0x57, 0xf0,
- 0xee, 0x15, 0x7f, 0xe3, 0xe7, 0x2f, 0xd0, 0x2f,
- 0x11, 0x95, 0x7a, 0x17, 0x00, 0xab, 0xa7, 0x0b,
- 0xbe, 0x44, 0x09, 0x9c, 0xcd, 0xac, 0xa8, 0x52,
- 0xa1, 0x8e, 0x7b, 0x75, 0xbc, 0xa4, 0x92, 0x5a,
- 0xab, 0x46, 0xd3, 0x3a, 0xa0, 0xd5, 0x35, 0x1c,
- 0x55, 0xa4, 0xb3, 0xa8, 0x40, 0x81, 0xa5, 0x0b}, /* in */
- { 0x42, 0xe5, 0x28, 0x30, 0x31, 0xc2, 0xa0, 0x23,
- 0x68, 0x49, 0x4e, 0xb3, 0x24, 0x59, 0x92, 0x79,
- 0xc1, 0xa5, 0xcc, 0xe6, 0x76, 0x53, 0xb1, 0xcf,
- 0x20, 0x86, 0x23, 0xe8, 0x72, 0x55, 0x99, 0x92,
- 0x0d, 0x16, 0x1c, 0x5a, 0x2f, 0xce, 0xcb, 0x51,
- 0xe2, 0x67, 0xfa, 0x10, 0xec, 0xcd, 0x3d, 0x67,
- 0xa5, 0xe6, 0xf7, 0x31, 0x26, 0xb0, 0x0d, 0x76,
- 0x5e, 0x28, 0xdc, 0x7f, 0x01, 0xc5, 0xa5, 0x4c}, /* out */
- 32, 64, AES_ENCRYPT }, /* test vector 1 */
-
-};
-
-static int run_test_vectors(void)
- {
- int n;
- int errs = 0;
-
- for(n=0 ; n < sizeof(ige_test_vectors)/sizeof(ige_test_vectors[0]) ; ++n)
- {
- const struct ige_test * const v = &ige_test_vectors[n];
- AES_KEY key;
- unsigned char buf[MAX_VECTOR_SIZE];
- unsigned char iv[AES_BLOCK_SIZE*2];
-
- assert(v->length <= MAX_VECTOR_SIZE);
-
- if(v->encrypt == AES_ENCRYPT)
- AES_set_encrypt_key(v->key, 8*sizeof v->key, &key);
- else
- AES_set_decrypt_key(v->key, 8*sizeof v->key, &key);
- memcpy(iv, v->iv, sizeof iv);
- AES_ige_encrypt(v->in, buf, v->length, &key, iv, v->encrypt);
-
- if(memcmp(v->out, buf, v->length))
- {
- printf("IGE test vector %d failed\n", n);
- hexdump(stdout, "key", v->key, sizeof v->key);
- hexdump(stdout, "iv", v->iv, sizeof v->iv);
- hexdump(stdout, "in", v->in, v->length);
- hexdump(stdout, "expected", v->out, v->length);
- hexdump(stdout, "got", buf, v->length);
-
- ++errs;
- }
- }
-
- for(n=0 ; n < sizeof(bi_ige_test_vectors)/sizeof(bi_ige_test_vectors[0])
- ; ++n)
- {
- const struct bi_ige_test * const v = &bi_ige_test_vectors[n];
- AES_KEY key1;
- AES_KEY key2;
- unsigned char buf[MAX_VECTOR_SIZE];
-
- assert(v->length <= MAX_VECTOR_SIZE);
-
- if(v->encrypt == AES_ENCRYPT)
- {
- AES_set_encrypt_key(v->key1, 8*v->keysize, &key1);
- AES_set_encrypt_key(v->key2, 8*v->keysize, &key2);
- }
- else
- {
- AES_set_decrypt_key(v->key1, 8*v->keysize, &key1);
- AES_set_decrypt_key(v->key2, 8*v->keysize, &key2);
- }
-
- AES_bi_ige_encrypt(v->in, buf, v->length, &key1, &key2, v->iv,
- v->encrypt);
-
- if(memcmp(v->out, buf, v->length))
- {
- printf("Bidirectional IGE test vector %d failed\n", n);
- hexdump(stdout, "key 1", v->key1, sizeof v->key1);
- hexdump(stdout, "key 2", v->key2, sizeof v->key2);
- hexdump(stdout, "iv", v->iv, sizeof v->iv);
- hexdump(stdout, "in", v->in, v->length);
- hexdump(stdout, "expected", v->out, v->length);
- hexdump(stdout, "got", buf, v->length);
-
- ++errs;
- }
- }
-
- return errs;
- }
-
-int main(int argc, char **argv)
- {
- unsigned char rkey[16];
- unsigned char rkey2[16];
- AES_KEY key;
- AES_KEY key2;
- unsigned char plaintext[BIG_TEST_SIZE];
- unsigned char ciphertext[BIG_TEST_SIZE];
- unsigned char checktext[BIG_TEST_SIZE];
- unsigned char iv[AES_BLOCK_SIZE*4];
- unsigned char saved_iv[AES_BLOCK_SIZE*4];
- int err = 0;
- int n;
- unsigned matches;
-
- assert(BIG_TEST_SIZE >= TEST_SIZE);
-
- RAND_pseudo_bytes(rkey, sizeof rkey);
- RAND_pseudo_bytes(plaintext, sizeof plaintext);
- RAND_pseudo_bytes(iv, sizeof iv);
- memcpy(saved_iv, iv, sizeof saved_iv);
-
- /* Forward IGE only... */
-
- /* Straight encrypt/decrypt */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, iv,
- AES_ENCRYPT);
-
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- memcpy(iv, saved_iv, sizeof iv);
- AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv,
- AES_DECRYPT);
-
- if(memcmp(checktext, plaintext, TEST_SIZE))
- {
- printf("Encrypt+decrypt doesn't match\n");
- hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
- hexdump(stdout, "Checktext", checktext, TEST_SIZE);
- ++err;
- }
-
- /* Now check encrypt chaining works */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- memcpy(iv, saved_iv, sizeof iv);
- AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv,
- AES_ENCRYPT);
- AES_ige_encrypt(plaintext+TEST_SIZE/2,
- ciphertext+TEST_SIZE/2, TEST_SIZE/2,
- &key, iv, AES_ENCRYPT);
-
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- memcpy(iv, saved_iv, sizeof iv);
- AES_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, iv,
- AES_DECRYPT);
-
- if(memcmp(checktext, plaintext, TEST_SIZE))
- {
- printf("Chained encrypt+decrypt doesn't match\n");
- hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
- hexdump(stdout, "Checktext", checktext, TEST_SIZE);
- ++err;
- }
-
- /* And check decrypt chaining */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- memcpy(iv, saved_iv, sizeof iv);
- AES_ige_encrypt(plaintext, ciphertext, TEST_SIZE/2, &key, iv,
- AES_ENCRYPT);
- AES_ige_encrypt(plaintext+TEST_SIZE/2,
- ciphertext+TEST_SIZE/2, TEST_SIZE/2,
- &key, iv, AES_ENCRYPT);
-
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- memcpy(iv, saved_iv, sizeof iv);
- AES_ige_encrypt(ciphertext, checktext, TEST_SIZE/2, &key, iv,
- AES_DECRYPT);
- AES_ige_encrypt(ciphertext+TEST_SIZE/2,
- checktext+TEST_SIZE/2, TEST_SIZE/2, &key, iv,
- AES_DECRYPT);
-
- if(memcmp(checktext, plaintext, TEST_SIZE))
- {
- printf("Chained encrypt+chained decrypt doesn't match\n");
- hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
- hexdump(stdout, "Checktext", checktext, TEST_SIZE);
- ++err;
- }
-
- /* make sure garble extends forwards only */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- memcpy(iv, saved_iv, sizeof iv);
- AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
- AES_ENCRYPT);
-
- /* corrupt halfway through */
- ++ciphertext[sizeof ciphertext/2];
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- memcpy(iv, saved_iv, sizeof iv);
- AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
- AES_DECRYPT);
-
- matches=0;
- for(n=0 ; n < sizeof checktext ; ++n)
- if(checktext[n] == plaintext[n])
- ++matches;
-
- if(matches > sizeof checktext/2+sizeof checktext/100)
- {
- printf("More than 51%% matches after garbling\n");
- ++err;
- }
-
- if(matches < sizeof checktext/2)
- {
- printf("Garble extends backwards!\n");
- ++err;
- }
-
- /* Bi-directional IGE */
-
- /* Note that we don't have to recover the IV, because chaining isn't */
- /* possible with biIGE, so the IV is not updated. */
-
- RAND_pseudo_bytes(rkey2, sizeof rkey2);
-
- /* Straight encrypt/decrypt */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_bi_ige_encrypt(plaintext, ciphertext, TEST_SIZE, &key, &key2, iv,
- AES_ENCRYPT);
-
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_bi_ige_encrypt(ciphertext, checktext, TEST_SIZE, &key, &key2, iv,
- AES_DECRYPT);
-
- if(memcmp(checktext, plaintext, TEST_SIZE))
- {
- printf("Encrypt+decrypt doesn't match\n");
- hexdump(stdout, "Plaintext", plaintext, TEST_SIZE);
- hexdump(stdout, "Checktext", checktext, TEST_SIZE);
- ++err;
- }
-
- /* make sure garble extends both ways */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
- AES_ENCRYPT);
-
- /* corrupt halfway through */
- ++ciphertext[sizeof ciphertext/2];
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
- AES_DECRYPT);
-
- matches=0;
- for(n=0 ; n < sizeof checktext ; ++n)
- if(checktext[n] == plaintext[n])
- ++matches;
-
- if(matches > sizeof checktext/100)
- {
- printf("More than 1%% matches after bidirectional garbling\n");
- ++err;
- }
-
- /* make sure garble extends both ways (2) */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
- AES_ENCRYPT);
-
- /* corrupt right at the end */
- ++ciphertext[sizeof ciphertext-1];
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
- AES_DECRYPT);
-
- matches=0;
- for(n=0 ; n < sizeof checktext ; ++n)
- if(checktext[n] == plaintext[n])
- ++matches;
-
- if(matches > sizeof checktext/100)
- {
- printf("More than 1%% matches after bidirectional garbling (2)\n");
- ++err;
- }
-
- /* make sure garble extends both ways (3) */
- AES_set_encrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_encrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_ige_encrypt(plaintext, ciphertext, sizeof plaintext, &key, iv,
- AES_ENCRYPT);
-
- /* corrupt right at the start */
- ++ciphertext[0];
- AES_set_decrypt_key(rkey, 8*sizeof rkey, &key);
- AES_set_decrypt_key(rkey2, 8*sizeof rkey2, &key2);
- AES_ige_encrypt(ciphertext, checktext, sizeof checktext, &key, iv,
- AES_DECRYPT);
-
- matches=0;
- for(n=0 ; n < sizeof checktext ; ++n)
- if(checktext[n] == plaintext[n])
- ++matches;
-
- if(matches > sizeof checktext/100)
- {
- printf("More than 1%% matches after bidirectional garbling (3)\n");
- ++err;
- }
-
- err += run_test_vectors();
-
- return err;
- }
diff --git a/crypto/openssl/test/methtest.c b/crypto/openssl/test/methtest.c
deleted file mode 100644
index 005c2f4..0000000
--- a/crypto/openssl/test/methtest.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/* test/methtest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/rsa.h>
-#include <openssl/x509.h>
-#include "meth.h"
-#include <openssl/err.h>
-
-int main(argc,argv)
-int argc;
-char *argv[];
- {
- METHOD_CTX *top,*tmp1,*tmp2;
-
- top=METH_new(x509_lookup()); /* get a top level context */
- if (top == NULL) goto err;
-
- tmp1=METH_new(x509_by_file());
- if (top == NULL) goto err;
- METH_arg(tmp1,METH_TYPE_FILE,"cafile1");
- METH_arg(tmp1,METH_TYPE_FILE,"cafile2");
- METH_push(top,METH_X509_CA_BY_SUBJECT,tmp1);
-
- tmp2=METH_new(x509_by_dir());
- METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/.CAcerts");
- METH_arg(tmp2,METH_TYPE_DIR,"/home/eay/SSLeay/certs");
- METH_arg(tmp2,METH_TYPE_DIR,"/usr/local/ssl/certs");
- METH_push(top,METH_X509_CA_BY_SUBJECT,tmp2);
-
-/* tmp=METH_new(x509_by_issuer_dir);
- METH_arg(tmp,METH_TYPE_DIR,"/home/eay/.mycerts");
- METH_push(top,METH_X509_BY_ISSUER,tmp);
-
- tmp=METH_new(x509_by_issuer_primary);
- METH_arg(tmp,METH_TYPE_FILE,"/home/eay/.mycerts/primary.pem");
- METH_push(top,METH_X509_BY_ISSUER,tmp);
-*/
-
- METH_init(top);
- METH_control(tmp1,METH_CONTROL_DUMP,stdout);
- METH_control(tmp2,METH_CONTROL_DUMP,stdout);
- EXIT(0);
-err:
- ERR_load_crypto_strings();
- ERR_print_errors_fp(stderr);
- EXIT(1);
- return(0);
- }
diff --git a/crypto/openssl/test/pkcs7-1.pem b/crypto/openssl/test/pkcs7-1.pem
deleted file mode 100644
index c47b27a..0000000
--- a/crypto/openssl/test/pkcs7-1.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN PKCS7-----
-MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG
-SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE
-AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF
-eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4
-MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv
-bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK
-ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB
-FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N
-9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8
-BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w
-bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB
-BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C
-j7Kie1x339mxW/w9VZNTUDQQweHh
------END PKCS7-----
diff --git a/crypto/openssl/test/pkcs7.pem b/crypto/openssl/test/pkcs7.pem
deleted file mode 100644
index d55c60b..0000000
--- a/crypto/openssl/test/pkcs7.pem
+++ /dev/null
@@ -1,54 +0,0 @@
- MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg
- AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH
- EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl
- cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw
- ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0
- MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
- c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh
- bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE
- CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl
- Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G
- CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK
- ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0
- l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC
- HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg
- Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1
- c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj
- YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0
- dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx
- dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
- LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU
- ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln
- biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT
- IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB
- AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
- L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL
- HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF
- slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7
- ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR
- /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
- aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
- ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1
- OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu
- MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz
- Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv
- qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy
- sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb
- P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG
- A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA
- KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7
- Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4
- Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq
- hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
- Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk
- dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ
- KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30
- dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW
- I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow
- ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
- ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD
- ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw
- MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK
- /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/
- DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP
- b+xSu/jH0gAAMYAAAAAAAAAAAA==
diff --git a/crypto/openssl/test/r160test.c b/crypto/openssl/test/r160test.c
deleted file mode 100644
index a172e39..0000000
--- a/crypto/openssl/test/r160test.c
+++ /dev/null
@@ -1,57 +0,0 @@
-/* test/r160test.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
diff --git a/crypto/openssl/test/tcrl b/crypto/openssl/test/tcrl
deleted file mode 100644
index 055269e..0000000
--- a/crypto/openssl/test/tcrl
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl crl'
-
-if [ "$1"x != "x" ]; then
- t=$1
-else
- t=testcrl.pem
-fi
-
-echo testing crl conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in fff.p -inform p -outform t >f.t
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> d"
-#$cmd -in f.t -inform t -outform d >ff.d2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-#echo "d -> t"
-#$cmd -in f.d -inform d -outform t >ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#echo "t -> t"
-#$cmd -in f.t -inform t -outform t >ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in f.p -inform p -outform t >ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> p"
-#$cmd -in f.t -inform t -outform p >ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp fff.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-#cmp f.t ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp f.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/crypto/openssl/test/test.cnf b/crypto/openssl/test/test.cnf
deleted file mode 100644
index faad391..0000000
--- a/crypto/openssl/test/test.cnf
+++ /dev/null
@@ -1,88 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE = ./.rnd
-
-####################################################################
-[ ca ]
-default_ca = CA_default # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir = ./demoCA # Where everything is kept
-certs = $dir/certs # Where the issued certs are kept
-crl_dir = $dir/crl # Where the issued crl are kept
-database = $dir/index.txt # database index file.
-new_certs_dir = $dir/new_certs # default place for new certs.
-
-certificate = $dir/CAcert.pem # The CA certificate
-serial = $dir/serial # The current serial number
-crl = $dir/crl.pem # The current CRL
-private_key = $dir/private/CAkey.pem# The private key
-RANDFILE = $dir/private/.rand # private random number file
-
-default_days = 365 # how long to certify for
-default_crl_days= 30 # how long before next CRL
-default_md = md5 # which md to use.
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName = match
-stateOrProvinceName = match
-organizationName = match
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName = optional
-stateOrProvinceName = optional
-localityName = optional
-organizationName = optional
-organizationalUnitName = optional
-commonName = supplied
-emailAddress = optional
-
-####################################################################
-[ req ]
-default_bits = 512
-default_keyfile = testkey.pem
-distinguished_name = req_distinguished_name
-encrypt_rsa_key = no
-
-[ req_distinguished_name ]
-countryName = Country Name (2 letter code)
-countryName_default = AU
-countryName_value = AU
-
-stateOrProvinceName = State or Province Name (full name)
-stateOrProvinceName_default = Queensland
-stateOrProvinceName_value =
-
-localityName = Locality Name (eg, city)
-localityName_value = Brisbane
-
-organizationName = Organization Name (eg, company)
-organizationName_default =
-organizationName_value = CryptSoft Pty Ltd
-
-organizationalUnitName = Organizational Unit Name (eg, section)
-organizationalUnitName_default =
-organizationalUnitName_value = .
-
-commonName = Common Name (eg, YOUR name)
-commonName_value = Eric Young
-
-emailAddress = Email Address
-emailAddress_value = eay@mincom.oz.au
diff --git a/crypto/openssl/test/testca b/crypto/openssl/test/testca
deleted file mode 100644
index b109cfe..0000000
--- a/crypto/openssl/test/testca
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/bin/sh
-
-SH="/bin/sh"
-if test "$OSTYPE" = msdosdjgpp; then
- PATH="../apps\;$PATH"
-else
- PATH="../apps:$PATH"
-fi
-export SH PATH
-
-SSLEAY_CONFIG="-config CAss.cnf"
-export SSLEAY_CONFIG
-
-OPENSSL="`pwd`/../util/opensslwrap.sh"
-export OPENSSL
-
-/bin/rm -fr demoCA
-$SH ../apps/CA.sh -newca <<EOF
-EOF
-
-if [ $? != 0 ]; then
- exit 1;
-fi
-
-SSLEAY_CONFIG="-config Uss.cnf"
-export SSLEAY_CONFIG
-$SH ../apps/CA.sh -newreq
-if [ $? != 0 ]; then
- exit 1;
-fi
-
-
-SSLEAY_CONFIG="-config ../apps/openssl.cnf"
-export SSLEAY_CONFIG
-$SH ../apps/CA.sh -sign <<EOF
-y
-y
-EOF
-if [ $? != 0 ]; then
- exit 1;
-fi
-
-
-$SH ../apps/CA.sh -verify newcert.pem
-if [ $? != 0 ]; then
- exit 1;
-fi
-
-/bin/rm -fr demoCA newcert.pem newreq.pem
-#usage: CA -newcert|-newreq|-newca|-sign|-verify
-
diff --git a/crypto/openssl/test/testcrl.pem b/crypto/openssl/test/testcrl.pem
deleted file mode 100644
index 0989788..0000000
--- a/crypto/openssl/test/testcrl.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN X509 CRL-----
-MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
-F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw
-MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw
-MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw
-MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw
-MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw
-MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw
-MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw
-NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw
-NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF
-AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ
-wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt
-JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v
------END X509 CRL-----
diff --git a/crypto/openssl/test/testenc b/crypto/openssl/test/testenc
deleted file mode 100644
index f5ce7c0..0000000
--- a/crypto/openssl/test/testenc
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/bin/sh
-
-testsrc=Makefile
-test=./p
-cmd="../util/shlib_wrap.sh ../apps/openssl"
-
-cat $testsrc >$test;
-
-echo cat
-$cmd enc < $test > $test.cipher
-$cmd enc < $test.cipher >$test.clear
-cmp $test $test.clear
-if [ $? != 0 ]
-then
- exit 1
-else
- /bin/rm $test.cipher $test.clear
-fi
-echo base64
-$cmd enc -a -e < $test > $test.cipher
-$cmd enc -a -d < $test.cipher >$test.clear
-cmp $test $test.clear
-if [ $? != 0 ]
-then
- exit 1
-else
- /bin/rm $test.cipher $test.clear
-fi
-
-for i in `$cmd list-cipher-commands`
-do
- echo $i
- $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
- $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
- cmp $test $test.$i.clear
- if [ $? != 0 ]
- then
- exit 1
- else
- /bin/rm $test.$i.cipher $test.$i.clear
- fi
-
- echo $i base64
- $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
- $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
- cmp $test $test.$i.clear
- if [ $? != 0 ]
- then
- exit 1
- else
- /bin/rm $test.$i.cipher $test.$i.clear
- fi
-done
-rm -f $test
diff --git a/crypto/openssl/test/testfipsssl b/crypto/openssl/test/testfipsssl
deleted file mode 100644
index da5e598..0000000
--- a/crypto/openssl/test/testfipsssl
+++ /dev/null
@@ -1,113 +0,0 @@
-#!/bin/sh
-
-if [ "$1" = "" ]; then
- key=../apps/server.pem
-else
- key="$1"
-fi
-if [ "$2" = "" ]; then
- cert=../apps/server.pem
-else
- cert="$2"
-fi
-
-ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA"
-
-ssltest="./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers"
-
-if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
- dsa_cert=YES
-else
- dsa_cert=NO
-fi
-
-if [ "$3" = "" ]; then
- CA="-CApath ../certs"
-else
- CA="-CAfile $3"
-fi
-
-if [ "$4" = "" ]; then
- extra=""
-else
- extra="$4"
-fi
-
-#############################################################################
-
-echo test ssl3 is forbidden in FIPS mode
-$ssltest -ssl3 $extra && exit 1
-
-echo test ssl2 is forbidden in FIPS mode
-$ssltest -ssl2 $extra && exit 1
-
-echo test tls1
-$ssltest -tls1 $extra || exit 1
-
-echo test tls1 with server authentication
-$ssltest -tls1 -server_auth $CA $extra || exit 1
-
-echo test tls1 with client authentication
-$ssltest -tls1 -client_auth $CA $extra || exit 1
-
-echo test tls1 with both client and server authentication
-$ssltest -tls1 -server_auth -client_auth $CA $extra || exit 1
-
-echo test tls1 via BIO pair
-$ssltest -bio_pair -tls1 $extra || exit 1
-
-echo test tls1 with server authentication via BIO pair
-$ssltest -bio_pair -tls1 -server_auth $CA $extra || exit 1
-
-echo test tls1 with client authentication via BIO pair
-$ssltest -bio_pair -tls1 -client_auth $CA $extra || exit 1
-
-echo test tls1 with both client and server authentication via BIO pair
-$ssltest -bio_pair -tls1 -server_auth -client_auth $CA $extra || exit 1
-
-# note that all the below actually choose TLS...
-
-if [ $dsa_cert = NO ]; then
- echo test sslv2/sslv3 w/o DHE via BIO pair
- $ssltest -bio_pair -no_dhe $extra || exit 1
-fi
-
-echo test sslv2/sslv3 with 1024bit DHE via BIO pair
-$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
-
-echo test sslv2/sslv3 with server authentication
-$ssltest -bio_pair -server_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
-$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
-
-#############################################################################
-
-if ../apps/openssl no-dh; then
- echo skipping anonymous DH tests
-else
- echo test tls1 with 1024bit anonymous DH, multiple handshakes
- $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
-fi
-
-if ../apps/openssl no-rsa; then
- echo skipping RSA tests
-else
- echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
- ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
-
- if ../apps/openssl no-dh; then
- echo skipping RSA+DHE tests
- else
- echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
- ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
- fi
-fi
-
-exit 0
diff --git a/crypto/openssl/test/testgen b/crypto/openssl/test/testgen
deleted file mode 100644
index 524c0d1..0000000
--- a/crypto/openssl/test/testgen
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/sh
-
-T=testcert
-KEY=512
-CA=../certs/testca.pem
-
-/bin/rm -f $T.1 $T.2 $T.key
-
-if test "$OSTYPE" = msdosdjgpp; then
- PATH=../apps\;$PATH;
-else
- PATH=../apps:$PATH;
-fi
-export PATH
-
-echo "generating certificate request"
-
-echo "string to make the random number generator think it has entropy" >> ./.rnd
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
- req_new='-newkey dsa:../apps/dsa512.pem'
-else
- req_new='-new'
- echo "There should be a 2 sequences of .'s and some +'s."
- echo "There should not be more that at most 80 per line"
-fi
-
-echo "This could take some time."
-
-rm -f testkey.pem testreq.pem
-
-../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem
-if [ $? != 0 ]; then
-echo problems creating request
-exit 1
-fi
-
-../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
-if [ $? != 0 ]; then
-echo signature on req is wrong
-exit 1
-fi
-
-exit 0
diff --git a/crypto/openssl/test/testp7.pem b/crypto/openssl/test/testp7.pem
deleted file mode 100644
index e5b7866..0000000
--- a/crypto/openssl/test/testp7.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN PKCS7-----
-MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
-cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
-DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
-BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
-HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
-ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
-biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
-aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
-aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
-VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
-UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
-AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
-BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
-ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
-IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
-bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
-L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
-OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
-IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
-ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
-cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
-QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
-MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
-AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
-cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
-AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
-QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
-dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
-Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
-DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
-TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
-AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
-2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
-47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
-QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
-AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
-ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
-BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
-ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
-MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
-sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
-XfZsaiiIgotQHjEA
------END PKCS7-----
diff --git a/crypto/openssl/test/testreq2.pem b/crypto/openssl/test/testreq2.pem
deleted file mode 100644
index c3cdcff..0000000
--- a/crypto/openssl/test/testreq2.pem
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
-QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG
-DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq
-hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi
-gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U=
------END CERTIFICATE REQUEST-----
diff --git a/crypto/openssl/test/testrsa.pem b/crypto/openssl/test/testrsa.pem
deleted file mode 100644
index aad2106..0000000
--- a/crypto/openssl/test/testrsa.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
-Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
-rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
-oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
-mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
-rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
-mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
------END RSA PRIVATE KEY-----
diff --git a/crypto/openssl/test/testsid.pem b/crypto/openssl/test/testsid.pem
deleted file mode 100644
index 7ffd008..0000000
--- a/crypto/openssl/test/testsid.pem
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN SSL SESSION PARAMETERS-----
-MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
-bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw
-ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz
-YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG
-A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk
-LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G
-CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD
-TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI
-hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L
-CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0
------END SSL SESSION PARAMETERS-----
diff --git a/crypto/openssl/test/testss b/crypto/openssl/test/testss
deleted file mode 100644
index 1a42685..0000000
--- a/crypto/openssl/test/testss
+++ /dev/null
@@ -1,163 +0,0 @@
-#!/bin/sh
-
-digest='-sha1'
-reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
-x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
-verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
-dummycnf="../apps/openssl.cnf"
-
-CAkey="keyCA.ss"
-CAcert="certCA.ss"
-CAreq="reqCA.ss"
-CAconf="CAss.cnf"
-CAreq2="req2CA.ss" # temp
-
-Uconf="Uss.cnf"
-Ukey="keyU.ss"
-Ureq="reqU.ss"
-Ucert="certU.ss"
-
-P1conf="P1ss.cnf"
-P1key="keyP1.ss"
-P1req="reqP1.ss"
-P1cert="certP1.ss"
-P1intermediate="tmp_intP1.ss"
-
-P2conf="P2ss.cnf"
-P2key="keyP2.ss"
-P2req="reqP2.ss"
-P2cert="certP2.ss"
-P2intermediate="tmp_intP2.ss"
-
-echo
-echo "make a certificate request using 'req'"
-
-echo "string to make the random number generator think it has entropy" >> ./.rnd
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
- req_new='-newkey dsa:../apps/dsa512.pem'
-else
- req_new='-new'
-fi
-
-$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss
-if [ $? != 0 ]; then
- echo "error using 'req' to generate a certificate request"
- exit 1
-fi
-echo
-echo "convert the certificate request into a self signed certificate using 'x509'"
-$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss
-if [ $? != 0 ]; then
- echo "error using 'x509' to self sign a certificate request"
- exit 1
-fi
-
-echo
-echo "convert a certificate into a certificate request using 'x509'"
-$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss
-if [ $? != 0 ]; then
- echo "error using 'x509' convert a certificate to a certificate request"
- exit 1
-fi
-
-$reqcmd -config $dummycnf -verify -in $CAreq -noout
-if [ $? != 0 ]; then
- echo first generated request is invalid
- exit 1
-fi
-
-$reqcmd -config $dummycnf -verify -in $CAreq2 -noout
-if [ $? != 0 ]; then
- echo second generated request is invalid
- exit 1
-fi
-
-$verifycmd -CAfile $CAcert $CAcert
-if [ $? != 0 ]; then
- echo first generated cert is invalid
- exit 1
-fi
-
-echo
-echo "make a user certificate request using 'req'"
-$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
-if [ $? != 0 ]; then
- echo "error using 'req' to generate a user certificate request"
- exit 1
-fi
-
-echo
-echo "sign user certificate request with the just created CA via 'x509'"
-$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss
-if [ $? != 0 ]; then
- echo "error using 'x509' to sign a user certificate request"
- exit 1
-fi
-
-$verifycmd -CAfile $CAcert $Ucert
-echo
-echo "Certificate details"
-$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
-
-echo
-echo "make a proxy certificate request using 'req'"
-$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss
-if [ $? != 0 ]; then
- echo "error using 'req' to generate a proxy certificate request"
- exit 1
-fi
-
-echo
-echo "sign proxy certificate request with the just created user certificate via 'x509'"
-$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss
-if [ $? != 0 ]; then
- echo "error using 'x509' to sign a proxy certificate request"
- exit 1
-fi
-
-cat $Ucert > $P1intermediate
-$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
-echo
-echo "Certificate details"
-$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
-
-echo
-echo "make another proxy certificate request using 'req'"
-$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss
-if [ $? != 0 ]; then
- echo "error using 'req' to generate another proxy certificate request"
- exit 1
-fi
-
-echo
-echo "sign second proxy certificate request with the first proxy certificate via 'x509'"
-$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss
-if [ $? != 0 ]; then
- echo "error using 'x509' to sign a second proxy certificate request"
- exit 1
-fi
-
-cat $Ucert $P1cert > $P2intermediate
-$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
-echo
-echo "Certificate details"
-$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
-
-echo
-echo The generated CA certificate is $CAcert
-echo The generated CA private key is $CAkey
-
-echo The generated user certificate is $Ucert
-echo The generated user private key is $Ukey
-
-echo The first generated proxy certificate is $P1cert
-echo The first generated proxy private key is $P1key
-
-echo The second generated proxy certificate is $P2cert
-echo The second generated proxy private key is $P2key
-
-/bin/rm err.ss
-#/bin/rm $P1intermediate
-#/bin/rm $P2intermediate
-exit 0
diff --git a/crypto/openssl/test/testssl b/crypto/openssl/test/testssl
deleted file mode 100644
index 8ac90ae..0000000
--- a/crypto/openssl/test/testssl
+++ /dev/null
@@ -1,145 +0,0 @@
-#!/bin/sh
-
-if [ "$1" = "" ]; then
- key=../apps/server.pem
-else
- key="$1"
-fi
-if [ "$2" = "" ]; then
- cert=../apps/server.pem
-else
- cert="$2"
-fi
-ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
-
-if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
- dsa_cert=YES
-else
- dsa_cert=NO
-fi
-
-if [ "$3" = "" ]; then
- CA="-CApath ../certs"
-else
- CA="-CAfile $3"
-fi
-
-if [ "$4" = "" ]; then
- extra=""
-else
- extra="$4"
-fi
-
-#############################################################################
-
-echo test sslv2
-$ssltest -ssl2 $extra || exit 1
-
-echo test sslv2 with server authentication
-$ssltest -ssl2 -server_auth $CA $extra || exit 1
-
-if [ $dsa_cert = NO ]; then
- echo test sslv2 with client authentication
- $ssltest -ssl2 -client_auth $CA $extra || exit 1
-
- echo test sslv2 with both client and server authentication
- $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
-fi
-
-echo test sslv3
-$ssltest -ssl3 $extra || exit 1
-
-echo test sslv3 with server authentication
-$ssltest -ssl3 -server_auth $CA $extra || exit 1
-
-echo test sslv3 with client authentication
-$ssltest -ssl3 -client_auth $CA $extra || exit 1
-
-echo test sslv3 with both client and server authentication
-$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3
-$ssltest $extra || exit 1
-
-echo test sslv2/sslv3 with server authentication
-$ssltest -server_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with client authentication
-$ssltest -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication
-$ssltest -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2 via BIO pair
-$ssltest -bio_pair -ssl2 $extra || exit 1
-
-echo test sslv2 with server authentication via BIO pair
-$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
-
-if [ $dsa_cert = NO ]; then
- echo test sslv2 with client authentication via BIO pair
- $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
-
- echo test sslv2 with both client and server authentication via BIO pair
- $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
-fi
-
-echo test sslv3 via BIO pair
-$ssltest -bio_pair -ssl3 $extra || exit 1
-
-echo test sslv3 with server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
-
-echo test sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
-
-echo test sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 via BIO pair
-$ssltest $extra || exit 1
-
-if [ $dsa_cert = NO ]; then
- echo test sslv2/sslv3 w/o DHE via BIO pair
- $ssltest -bio_pair -no_dhe $extra || exit 1
-fi
-
-echo test sslv2/sslv3 with 1024bit DHE via BIO pair
-$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
-
-echo test sslv2/sslv3 with server authentication
-$ssltest -bio_pair -server_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
-$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
-
-#############################################################################
-
-if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
- echo skipping anonymous DH tests
-else
- echo test tls1 with 1024bit anonymous DH, multiple handshakes
- $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
-fi
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
- echo skipping RSA tests
-else
- echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
- ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
-
- if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
- echo skipping RSA+DHE tests
- else
- echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
- ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
- fi
-fi
-
-exit 0
diff --git a/crypto/openssl/test/testsslproxy b/crypto/openssl/test/testsslproxy
deleted file mode 100644
index 58bbda8..0000000
--- a/crypto/openssl/test/testsslproxy
+++ /dev/null
@@ -1,10 +0,0 @@
-#! /bin/sh
-
-echo 'Testing a lot of proxy conditions.'
-echo 'Some of them may turn out being invalid, which is fine.'
-for auth in A B C BC; do
- for cond in A B C 'A|B&!C'; do
- sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond"
- if [ $? = 3 ]; then exit 1; fi
- done
-done
diff --git a/crypto/openssl/test/testx509.pem b/crypto/openssl/test/testx509.pem
deleted file mode 100644
index 8a85d14..0000000
--- a/crypto/openssl/test/testx509.pem
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
-BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
-MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
-RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
-AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
-/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
-Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
-zl9HYIMxATFyqSiD9jsx
------END CERTIFICATE-----
diff --git a/crypto/openssl/test/times b/crypto/openssl/test/times
deleted file mode 100644
index 49aeebf..0000000
--- a/crypto/openssl/test/times
+++ /dev/null
@@ -1,113 +0,0 @@
-
-More number for the questions about SSL overheads....
-
-The following numbers were generated on a pentium pro 200, running linux.
-They give an indication of the SSL protocol and encryption overheads.
-
-The program that generated them is an unreleased version of ssl/ssltest.c
-which is the SSLeay ssl protocol testing program. It is a single process that
-talks both sides of the SSL protocol via a non-blocking memory buffer
-interface.
-
-How do I read this? The protocol and cipher are reasonable obvious.
-The next number is the number of connections being made. The next is the
-number of bytes exchanged bewteen the client and server side of the protocol.
-This is the number of bytes that the client sends to the server, and then
-the server sends back. Because this is all happening in one process,
-the data is being encrypted, decrypted, encrypted and then decrypted again.
-It is a round trip of that many bytes. Because the one process performs
-both the client and server sides of the protocol and it sends this many bytes
-each direction, multiply this number by 4 to generate the number
-of bytes encrypted/decrypted/MACed. The first time value is how many seconds
-elapsed doing a full SSL handshake, the second is the cost of one
-full handshake and the rest being session-id reuse.
-
-SSLv2 RC4-MD5 1000 x 1 12.83s 0.70s
-SSLv3 NULL-MD5 1000 x 1 14.35s 1.47s
-SSLv3 RC4-MD5 1000 x 1 14.46s 1.56s
-SSLv3 RC4-MD5 1000 x 1 51.93s 1.62s 1024bit RSA
-SSLv3 RC4-SHA 1000 x 1 14.61s 1.83s
-SSLv3 DES-CBC-SHA 1000 x 1 14.70s 1.89s
-SSLv3 DES-CBC3-SHA 1000 x 1 15.16s 2.16s
-
-SSLv2 RC4-MD5 1000 x 1024 13.72s 1.27s
-SSLv3 NULL-MD5 1000 x 1024 14.79s 1.92s
-SSLv3 RC4-MD5 1000 x 1024 52.58s 2.29s 1024bit RSA
-SSLv3 RC4-SHA 1000 x 1024 15.39s 2.67s
-SSLv3 DES-CBC-SHA 1000 x 1024 16.45s 3.55s
-SSLv3 DES-CBC3-SHA 1000 x 1024 18.21s 5.38s
-
-SSLv2 RC4-MD5 1000 x 10240 18.97s 6.52s
-SSLv3 NULL-MD5 1000 x 10240 17.79s 5.11s
-SSLv3 RC4-MD5 1000 x 10240 20.25s 7.90s
-SSLv3 RC4-MD5 1000 x 10240 58.26s 8.08s 1024bit RSA
-SSLv3 RC4-SHA 1000 x 10240 22.96s 11.44s
-SSLv3 DES-CBC-SHA 1000 x 10240 30.65s 18.41s
-SSLv3 DES-CBC3-SHA 1000 x 10240 47.04s 34.53s
-
-SSLv2 RC4-MD5 1000 x 102400 70.22s 57.74s
-SSLv3 NULL-MD5 1000 x 102400 43.73s 31.03s
-SSLv3 RC4-MD5 1000 x 102400 71.32s 58.83s
-SSLv3 RC4-MD5 1000 x 102400 109.66s 59.20s 1024bit RSA
-SSLv3 RC4-SHA 1000 x 102400 95.88s 82.21s
-SSLv3 DES-CBC-SHA 1000 x 102400 173.22s 160.55s
-SSLv3 DES-CBC3-SHA 1000 x 102400 336.61s 323.82s
-
-What does this all mean? Well for a server, with no session-id reuse, with
-a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
-a pentium pro 200 running linux can handle the SSLv3 protocol overheads of
-about 49 connections a second. Reality will be quite different :-).
-
-Remeber the first number is 1000 full ssl handshakes, the second is
-1 full and 999 with session-id reuse. The RSA overheads for each exchange
-would be one public and one private operation, but the protocol/MAC/cipher
-cost would be quite similar in both the client and server.
-
-eric (adding numbers to speculation)
-
---- Appendix ---
-- The time measured is user time but these number a very rough.
-- Remember this is the cost of both client and server sides of the protocol.
-- The TCP/kernal overhead of connection establishment is normally the
- killer in SSL. Often delays in the TCP protocol will make session-id
- reuse look slower that new sessions, but this would not be the case on
- a loaded server.
-- The TCP round trip latencies, while slowing indervidual connections,
- would have minimal impact on throughput.
-- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
-- the required number of bytes are processed.
-- The SSLv3 connections were actually SSLv2 compatable SSLv3 headers.
-- A 512bit server key was being used except where noted.
-- No server key verification was being performed on the client side of the
- protocol. This would slow things down very little.
-- The library being used is SSLeay 0.8.x.
-- The normal mesauring system was commands of the form
- time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
- This modified version of ssltest should be in the next public release of
- SSLeay.
-
-The general cipher performace number for this platform are
-
-SSLeay 0.8.2a 04-Sep-1997
-built on Fri Sep 5 17:37:05 EST 1997
-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 131.02k 368.41k 500.57k 549.21k 566.09k
-mdc2 535.60k 589.10k 595.88k 595.97k 594.54k
-md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k
-sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k
-sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k
-rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k
-des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k
-des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k
-idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k
-rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k
-blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k
- sign verify
-rsa 512 bits 0.0100s 0.0011s
-rsa 1024 bits 0.0451s 0.0012s
-rsa 2048 bits 0.2605s 0.0086s
-rsa 4096 bits 1.6883s 0.0302s
-
diff --git a/crypto/openssl/test/tpkcs7 b/crypto/openssl/test/tpkcs7
deleted file mode 100644
index 3e435ff..0000000
--- a/crypto/openssl/test/tpkcs7
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
-
-if [ "$1"x != "x" ]; then
- t=$1
-else
- t=testp7.pem
-fi
-
-echo testing pkcs7 conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/crypto/openssl/test/tpkcs7d b/crypto/openssl/test/tpkcs7d
deleted file mode 100644
index 64fc28e..0000000
--- a/crypto/openssl/test/tpkcs7d
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
-
-if [ "$1"x != "x" ]; then
- t=$1
-else
- t=pkcs7-1.pem
-fi
-
-echo "testing pkcs7 conversions (2)"
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/crypto/openssl/test/treq b/crypto/openssl/test/treq
deleted file mode 100644
index 77f37dc..0000000
--- a/crypto/openssl/test/treq
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
-
-if [ "$1"x != "x" ]; then
- t=$1
-else
- t=testreq.pem
-fi
-
-if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then
- echo "skipping req conversion test for $t"
- exit 0
-fi
-
-echo testing req conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in fff.p -inform p -outform t >f.t
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -verify -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> d"
-#$cmd -in f.t -inform t -outform d >ff.d2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -verify -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-#echo "d -> t"
-#$cmd -in f.d -inform d -outform t >ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#echo "t -> t"
-#$cmd -in f.t -inform t -outform t >ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in f.p -inform p -outform t >ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> p"
-#$cmd -in f.t -inform t -outform p >ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp fff.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-#cmp f.t ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp f.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/crypto/openssl/test/trsa b/crypto/openssl/test/trsa
deleted file mode 100644
index 249ac1d..0000000
--- a/crypto/openssl/test/trsa
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/bin/sh
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
- echo skipping rsa conversion test
- exit 0
-fi
-
-cmd='../util/shlib_wrap.sh ../apps/openssl rsa'
-
-if [ "$1"x != "x" ]; then
- t=$1
-else
- t=testrsa.pem
-fi
-
-echo testing rsa conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in fff.p -inform p -outform t >f.t
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> d"
-#$cmd -in f.t -inform t -outform d >ff.d2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-#echo "d -> t"
-#$cmd -in f.d -inform d -outform t >ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#echo "t -> t"
-#$cmd -in f.t -inform t -outform t >ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in f.p -inform p -outform t >ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> p"
-#$cmd -in f.t -inform t -outform p >ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp fff.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-#cmp f.t ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp f.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/crypto/openssl/test/tsid b/crypto/openssl/test/tsid
deleted file mode 100644
index 6adbd53..0000000
--- a/crypto/openssl/test/tsid
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
-
-if [ "$1"x != "x" ]; then
- t=$1
-else
- t=testsid.pem
-fi
-
-echo testing session-id conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in fff.p -inform p -outform t >f.t
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> d"
-#$cmd -in f.t -inform t -outform d >ff.d2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-#echo "d -> t"
-#$cmd -in f.d -inform d -outform t >ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#echo "t -> t"
-#$cmd -in f.t -inform t -outform t >ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in f.p -inform p -outform t >ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> p"
-#$cmd -in f.t -inform t -outform p >ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp fff.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-#cmp f.t ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp f.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/crypto/openssl/test/tx509 b/crypto/openssl/test/tx509
deleted file mode 100644
index 4a15b98..0000000
--- a/crypto/openssl/test/tx509
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl x509'
-
-if [ "$1"x != "x" ]; then
- t=$1
-else
- t=testx509.pem
-fi
-
-echo testing X509 conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> n"
-$cmd -in fff.p -inform p -outform n >f.n
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-echo "n -> d"
-$cmd -in f.n -inform n -outform d >ff.d2
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> n"
-$cmd -in f.d -inform d -outform n >ff.n1
-if [ $? != 0 ]; then exit 1; fi
-echo "n -> n"
-$cmd -in f.n -inform n -outform n >ff.n2
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> n"
-$cmd -in f.p -inform p -outform n >ff.n3
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-echo "n -> p"
-$cmd -in f.n -inform n -outform p >ff.p2
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p2
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp f.n ff.n1
-if [ $? != 0 ]; then exit 1; fi
-cmp f.n ff.n2
-if [ $? != 0 ]; then exit 1; fi
-cmp f.n ff.n3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p2
-if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/crypto/openssl/test/v3-cert1.pem b/crypto/openssl/test/v3-cert1.pem
deleted file mode 100644
index 0da253d..0000000
--- a/crypto/openssl/test/v3-cert1.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx
-NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz
-dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw
-ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
-ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2
-ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp
-miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C
-AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
-Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
-DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR
-MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB
-AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21
-X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3
-WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO
------END CERTIFICATE-----
diff --git a/crypto/openssl/test/v3-cert2.pem b/crypto/openssl/test/v3-cert2.pem
deleted file mode 100644
index de0723f..0000000
--- a/crypto/openssl/test/v3-cert2.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD
-YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0
-ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu
-dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1
-WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV
-BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx
-FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
-6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT
-G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ
-YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm
-b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc
-F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz
-lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap
-jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=
------END CERTIFICATE-----
diff --git a/crypto/openssl/times/090/586-100.nt b/crypto/openssl/times/090/586-100.nt
deleted file mode 100644
index 297ec3e..0000000
--- a/crypto/openssl/times/090/586-100.nt
+++ /dev/null
@@ -1,32 +0,0 @@
-SSLeay 0.9.0 08-Apr-1998
-built on Wed Apr 8 12:47:17 EST 1998
-options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(
-ptr2)
-C flags:cl /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN
--DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 92.25k 256.80k 347.01k 380.40k 390.31k
-mdc2 240.72k 251.10k 252.00k 250.80k 251.40k
-md5 1013.61k 5651.94k 11831.61k 16294.89k 17901.43k
-hmac(md5) 419.50k 2828.07k 7770.11k 13824.34k 17091.70k
-sha1 524.31k 2721.45k 5216.15k 6766.10k 7308.42k
-rmd160 462.09k 2288.59k 4260.77k 5446.44k 5841.65k
-rc4 7895.90k 10326.73k 10555.43k 10728.22k 10429.44k
-des cbc 2036.86k 2208.92k 2237.68k 2237.20k 2181.35k
-des ede3 649.92k 739.42k 749.07k 748.86k 738.27k
-idea cbc 823.19k 885.10k 894.92k 896.45k 891.87k
-rc2 cbc 792.63k 859.00k 867.45k 868.96k 865.30k
-rc5-32/12 cbc 3502.26k 4026.79k 4107.23k 4121.76k 4073.72k
-blowfish cbc 3752.96k 4026.79k 4075.31k 3965.87k 3892.26k
-cast cbc 2566.27k 2807.43k 2821.79k 2792.48k 2719.34k
- sign verify sign/s verify/s
-rsa 512 bits 0.0179s 0.0020s 56.0 501.7
-rsa 1024 bits 0.0950s 0.0060s 10.5 166.6
-rsa 2048 bits 0.6299s 0.0209s 1.6 47.8
-rsa 4096 bits 4.5870s 0.0787s 0.2 12.7
- sign verify sign/s verify/s
-dsa 512 bits 0.0180s 0.0339s 55.6 29.5
-dsa 1024 bits 0.0555s 0.1076s 18.0 9.3
-dsa 2048 bits 0.1971s 0.3918s 5.1 2.6
-
diff --git a/crypto/openssl/times/091/486-50.nt b/crypto/openssl/times/091/486-50.nt
deleted file mode 100644
index 84820d9..0000000
--- a/crypto/openssl/times/091/486-50.nt
+++ /dev/null
@@ -1,30 +0,0 @@
-486-50 NT 4.0
-
-SSLeay 0.9.1a 06-Jul-1998
-built on Sat Jul 18 18:03:20 EST 1998
-options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2)
-C flags:cl /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 28.77k 80.30k 108.50k 118.98k 122.47k
-mdc2 51.52k 54.06k 54.54k 54.65k 54.62k
-md5 304.39k 1565.04k 3061.54k 3996.10k 4240.10k
-hmac(md5) 119.53k 793.23k 2061.29k 3454.95k 4121.76k
-sha1 127.51k 596.93k 1055.54k 1313.84k 1413.18k
-rmd160 128.50k 572.49k 1001.03k 1248.01k 1323.63k
-rc4 1224.40k 1545.11k 1590.29k 1600.20k 1576.90k
-des cbc 448.19k 503.45k 512.30k 513.30k 508.23k
-des ede3 148.66k 162.48k 163.68k 163.94k 164.24k
-idea cbc 194.18k 211.10k 212.99k 213.18k 212.64k
-rc2 cbc 245.78k 271.01k 274.12k 274.38k 273.52k
-rc5-32/12 cbc 1252.48k 1625.20k 1700.03k 1711.12k 1677.18k
-blowfish cbc 725.16k 828.26k 850.01k 846.99k 833.79k
-cast cbc 643.30k 717.22k 739.48k 741.57k 735.33k
- sign verify sign/s verify/s
-rsa 512 bits 0.0904s 0.0104s 11.1 96.2
-rsa 1024 bits 0.5968s 0.0352s 1.7 28.4
-rsa 2048 bits 3.8860s 0.1017s 0.3 9.8
- sign verify sign/s verify/s
-dsa 512 bits 0.1006s 0.1249s 9.9 8.0
-dsa 1024 bits 0.3306s 0.4093s 3.0 2.4
-dsa 2048 bits 0.9454s 1.1707s 1.1 0.9
diff --git a/crypto/openssl/times/091/586-100.lnx b/crypto/openssl/times/091/586-100.lnx
deleted file mode 100644
index 92892a6..0000000
--- a/crypto/openssl/times/091/586-100.lnx
+++ /dev/null
@@ -1,32 +0,0 @@
-Pentium 100mhz, linux
-
-SSLeay 0.9.0a 14-Apr-1998
-built on Fri Apr 17 08:47:07 EST 1998
-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 56.65k 153.88k 208.47k 229.03k 237.57k
-mdc2 189.59k 204.95k 206.93k 208.90k 209.56k
-md5 1019.48k 5882.41k 12085.42k 16376.49k 18295.47k
-hmac(md5) 415.86k 2887.85k 7891.29k 13894.66k 17446.23k
-sha1 540.68k 2791.96k 5289.30k 6813.01k 7432.87k
-rmd160 298.37k 1846.87k 3869.10k 5273.94k 5892.78k
-rc4 7870.87k 10438.10k 10857.13k 10729.47k 10788.86k
-des cbc 1960.60k 2226.37k 2241.88k 2054.83k 2181.80k
-des ede3 734.44k 739.69k 779.43k 750.25k 772.78k
-idea cbc 654.07k 711.00k 716.89k 718.51k 720.90k
-rc2 cbc 648.83k 701.91k 708.61k 708.95k 709.97k
-rc5-32/12 cbc 3504.71k 4054.76k 4131.41k 4105.56k 4134.23k
-blowfish cbc 3762.25k 4313.79k 4460.54k 4356.78k 4317.18k
-cast cbc 2755.01k 3038.91k 3076.44k 3027.63k 2998.27k
- sign verify sign/s verify/s
-rsa 512 bits 0.0195s 0.0019s 51.4 519.9
-rsa 1024 bits 0.1000s 0.0059s 10.0 168.2
-rsa 2048 bits 0.6406s 0.0209s 1.6 47.8
-rsa 4096 bits 4.6100s 0.0787s 0.2 12.7
- sign verify sign/s verify/s
-dsa 512 bits 0.0188s 0.0360s 53.1 27.8
-dsa 1024 bits 0.0570s 0.1126s 17.5 8.9
-dsa 2048 bits 0.1990s 0.3954s 5.0 2.5
-
diff --git a/crypto/openssl/times/091/68000.bsd b/crypto/openssl/times/091/68000.bsd
deleted file mode 100644
index a3a14e8..0000000
--- a/crypto/openssl/times/091/68000.bsd
+++ /dev/null
@@ -1,32 +0,0 @@
-Motorolla 68020 20mhz, NetBSD
-
-SSLeay 0.9.0t 29-May-1998
-built on Fri Jun 5 12:42:23 EST 1998
-options:bn(64,32) md2(char) rc4(idx,int) des(idx,cisc,16,long) idea(int) blowfish(idx)
-C flags:gcc -DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 2176.00 5994.67 8079.73 8845.18 9077.01
-mdc2 5730.67 6122.67 6167.66 6176.51 6174.87
-md5 29.10k 127.31k 209.66k 250.50k 263.99k
-hmac(md5) 12.33k 73.02k 160.17k 228.04k 261.15k
-sha1 11.27k 49.37k 84.31k 102.40k 109.23k
-rmd160 11.69k 48.62k 78.76k 93.15k 98.41k
-rc4 117.96k 148.94k 152.57k 153.09k 152.92k
-des cbc 27.13k 30.06k 30.38k 30.38k 30.53k
-des ede3 10.51k 10.94k 11.01k 11.01k 11.01k
-idea cbc 26.74k 29.23k 29.45k 29.60k 29.74k
-rc2 cbc 34.27k 39.39k 40.03k 40.07k 40.16k
-rc5-32/12 cbc 64.31k 83.18k 85.70k 86.70k 87.09k
-blowfish cbc 48.86k 59.18k 60.07k 60.42k 60.78k
-cast cbc 42.67k 50.01k 50.86k 51.20k 51.37k
- sign verify sign/s verify/s
-rsa 512 bits 0.7738s 0.0774s 1.3 12.9
-rsa 1024 bits 4.3967s 0.2615s 0.2 3.8
-rsa 2048 bits 29.5200s 0.9664s 0.0 1.0
- sign verify sign/s verify/s
-dsa 512 bits 0.7862s 0.9709s 1.3 1.0
-dsa 1024 bits 2.5375s 3.1625s 0.4 0.3
-dsa 2048 bits 9.2150s 11.8200s 0.1 0.1
-
-
diff --git a/crypto/openssl/times/091/686-200.lnx b/crypto/openssl/times/091/686-200.lnx
deleted file mode 100644
index bb857d4..0000000
--- a/crypto/openssl/times/091/686-200.lnx
+++ /dev/null
@@ -1,32 +0,0 @@
-Pentium Pro 200mhz, linux
-
-SSLeay 0.9.0d 26-Apr-1998
-built on Sun Apr 26 10:25:33 EST 1998
-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 130.58k 364.54k 499.24k 545.79k 561.66k
-mdc2 526.68k 579.72k 588.37k 588.80k 589.82k
-md5 1917.71k 11434.69k 22512.21k 29495.30k 32677.89k
-hmac(md5) 749.18k 5264.83k 14227.20k 25018.71k 31760.38k
-sha1 1343.83k 6436.29k 11702.78k 14664.70k 15829.67k
-rmd160 1038.05k 5138.77k 8985.51k 10985.13k 11799.21k
-rc4 14891.04k 21334.06k 22376.79k 22579.54k 22574.42k
-des cbc 4131.97k 4568.31k 4645.29k 4631.21k 4572.73k
-des ede3 1567.17k 1631.13k 1657.32k 1653.08k 1643.86k
-idea cbc 2427.23k 2671.21k 2716.67k 2723.84k 2733.40k
-rc2 cbc 1629.90k 1767.38k 1788.50k 1797.12k 1799.51k
-rc5-32/12 cbc 10290.55k 13161.60k 13744.55k 14011.73k 14123.01k
-blowfish cbc 5896.42k 6920.77k 7122.01k 7151.62k 7146.15k
-cast cbc 6037.71k 6935.19k 7101.35k 7145.81k 7116.12k
- sign verify sign/s verify/s
-rsa 512 bits 0.0070s 0.0007s 142.6 1502.9
-rsa 1024 bits 0.0340s 0.0019s 29.4 513.3
-rsa 2048 bits 0.2087s 0.0066s 4.8 151.3
-rsa 4096 bits 1.4700s 0.0242s 0.7 41.2
- sign verify sign/s verify/s
-dsa 512 bits 0.0064s 0.0121s 156.1 82.9
-dsa 1024 bits 0.0184s 0.0363s 54.4 27.5
-dsa 2048 bits 0.0629s 0.1250s 15.9 8.0
-
diff --git a/crypto/openssl/times/091/alpha064.osf b/crypto/openssl/times/091/alpha064.osf
deleted file mode 100644
index a8e7fdf..0000000
--- a/crypto/openssl/times/091/alpha064.osf
+++ /dev/null
@@ -1,32 +0,0 @@
-Alpha EV4.5 (21064) 275mhz, OSF1 V4.0
-SSLeay 0.9.0g 01-May-1998
-built on Mon May 4 17:26:09 CST 1998
-options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int) blowfish(idx)
-C flags:cc -tune host -O4 -readonly_strings
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 119.58k 327.48k 443.28k 480.09k 495.16k
-mdc2 436.67k 456.35k 465.42k 466.57k 469.01k
-md5 1459.34k 6566.46k 11111.91k 13375.30k 14072.60k
-hmac(md5) 597.90k 3595.45k 8180.88k 12099.49k 13884.46k
-sha1 707.01k 3253.09k 6131.73k 7798.23k 8439.67k
-rmd160 618.57k 2729.07k 4711.33k 5825.16k 6119.23k
-rc4 8796.43k 9393.62k 9548.88k 9378.77k 9472.57k
-des cbc 2165.97k 2514.90k 2586.27k 2572.93k 2639.08k
-des ede3 945.44k 1004.03k 1005.96k 1017.33k 1020.85k
-idea cbc 1498.81k 1629.11k 1637.28k 1625.50k 1641.11k
-rc2 cbc 1866.00k 2044.92k 2067.12k 2064.00k 2068.96k
-rc5-32/12 cbc 4366.97k 5521.32k 5687.50k 5729.16k 5736.96k
-blowfish cbc 3997.31k 4790.60k 4937.84k 4954.56k 5024.85k
-cast cbc 2900.19k 3673.30k 3803.73k 3823.93k 3890.25k
- sign verify sign/s verify/s
-rsa 512 bits 0.0069s 0.0006s 144.2 1545.8
-rsa 1024 bits 0.0304s 0.0018s 32.9 552.6
-rsa 2048 bits 0.1887s 0.0062s 5.3 161.4
-rsa 4096 bits 1.3667s 0.0233s 0.7 42.9
- sign verify sign/s verify/s
-dsa 512 bits 0.0067s 0.0123s 149.6 81.1
-dsa 1024 bits 0.0177s 0.0332s 56.6 30.1
-dsa 2048 bits 0.0590s 0.1162s 16.9 8.6
-
-
diff --git a/crypto/openssl/times/091/alpha164.lnx b/crypto/openssl/times/091/alpha164.lnx
deleted file mode 100644
index c994662..0000000
--- a/crypto/openssl/times/091/alpha164.lnx
+++ /dev/null
@@ -1,32 +0,0 @@
-Alpha EV5.6 (21164A) 533mhz, Linux 2.0.32
-
-SSLeay 0.9.0p 22-May-1998
-built on Sun May 27 14:23:38 GMT 2018
-options:bn(64,64) md2(int) rc4(ptr,int) des(idx,risc1,16,long) idea(int) blowfish(idx)
-C flags:gcc -O3
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 295.78k 825.34k 1116.42k 1225.10k 1262.65k
-mdc2 918.16k 1017.55k 1032.18k 1034.24k 1035.60k
-md5 3574.93k 15517.05k 25482.67k 30434.31k 32210.51k
-hmac(md5) 1261.54k 7757.15k 18025.46k 27081.21k 31653.27k
-sha1 2251.89k 10056.84k 16990.19k 20651.04k 21973.29k
-rmd160 1615.49k 7017.13k 11601.11k 13875.62k 14690.31k
-rc4 22435.16k 24476.40k 24349.95k 23042.36k 24581.53k
-des cbc 5198.38k 6559.04k 6775.43k 6827.87k 6875.82k
-des ede3 2257.73k 2602.18k 2645.60k 2657.12k 2670.59k
-idea cbc 3694.42k 4125.61k 4180.74k 4193.28k 4192.94k
-rc2 cbc 4642.47k 5323.85k 5415.42k 5435.86k 5434.03k
-rc5-32/12 cbc 9705.26k 13277.79k 13843.46k 13989.66k 13987.57k
-blowfish cbc 7861.28k 10852.34k 11447.98k 11616.97k 11667.54k
-cast cbc 6718.13k 8599.98k 8967.17k 9070.81k 9099.28k
- sign verify sign/s verify/s
-rsa 512 bits 0.0018s 0.0002s 555.9 6299.5
-rsa 1024 bits 0.0081s 0.0005s 123.3 2208.7
-rsa 2048 bits 0.0489s 0.0015s 20.4 648.5
-rsa 4096 bits 0.3402s 0.0057s 2.9 174.7
- sign verify sign/s verify/s
-dsa 512 bits 0.0019s 0.0032s 529.0 310.2
-dsa 1024 bits 0.0047s 0.0086s 214.1 115.7
-dsa 2048 bits 0.0150s 0.0289s 66.7 34.6
-
diff --git a/crypto/openssl/times/091/alpha164.osf b/crypto/openssl/times/091/alpha164.osf
deleted file mode 100644
index df712c6..0000000
--- a/crypto/openssl/times/091/alpha164.osf
+++ /dev/null
@@ -1,31 +0,0 @@
-Alpha EV5.6 (21164A) 400mhz, OSF1 V4.0
-
-SSLeay 0.9.0 10-Apr-1998
-built on Sun Apr 19 07:54:37 EST 1998
-options:bn(64,64) md2(int) rc4(ptr,int) des(ptr,risc2,4,int) idea(int) blowfish(idx)
-C flags:cc -O4 -tune host -fast
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 276.30k 762.07k 1034.35k 1134.07k 1160.53k
-mdc2 814.99k 845.83k 849.09k 850.33k 849.24k
-md5 2468.43k 10945.27k 17963.48k 21430.89k 22544.38k
-hmac(md5) 1002.48k 6023.98k 13430.99k 19344.17k 22351.80k
-sha1 1984.93k 8882.47k 14856.47k 17878.70k 18955.10k
-rmd160 1286.96k 5595.52k 9167.00k 10957.74k 11582.30k
-rc4 15948.15k 16710.29k 16793.20k 17929.50k 18474.56k
-des cbc 3416.04k 4149.37k 4296.25k 4328.89k 4327.57k
-des ede3 1540.14k 1683.36k 1691.14k 1705.90k 1705.22k
-idea cbc 2795.87k 3192.93k 3238.13k 3238.17k 3256.66k
-rc2 cbc 3529.00k 4069.93k 4135.79k 4135.25k 4160.07k
-rc5-32/12 cbc 7212.35k 9849.71k 10260.91k 10423.38k 10439.99k
-blowfish cbc 6061.75k 8363.50k 8706.80k 8779.40k 8784.55k
-cast cbc 5401.75k 6433.31k 6638.18k 6662.40k 6702.80k
- sign verify sign/s verify/s
-rsa 512 bits 0.0022s 0.0002s 449.6 4916.2
-rsa 1024 bits 0.0105s 0.0006s 95.3 1661.2
-rsa 2048 bits 0.0637s 0.0020s 15.7 495.6
-rsa 4096 bits 0.4457s 0.0075s 2.2 132.7
- sign verify sign/s verify/s
-dsa 512 bits 0.0028s 0.0048s 362.2 210.4
-dsa 1024 bits 0.0064s 0.0123s 155.2 81.6
-dsa 2048 bits 0.0201s 0.0394s 49.7 25.4
diff --git a/crypto/openssl/times/091/mips-rel.pl b/crypto/openssl/times/091/mips-rel.pl
deleted file mode 100644
index 4b25093..0000000
--- a/crypto/openssl/times/091/mips-rel.pl
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/usr/local/bin/perl
-
-&doit(100,"Pentium 100 32",0.0195,0.1000,0.6406,4.6100); # pentium-100
-&doit(200,"PPro 200 32",0.0070,0.0340,0.2087,1.4700); # pentium-100
-&doit( 25,"R3000 25 32",0.0860,0.4825,3.2417,23.8833); # R3000-25
-&doit(200,"R4400 200 32",0.0137,0.0717,0.4730,3.4367); # R4400 32bit
-&doit(180,"R10000 180 32",0.0061,0.0311,0.1955,1.3871); # R10000 32bit
-&doit(180,"R10000 180 64",0.0034,0.0149,0.0880,0.5933); # R10000 64bit
-&doit(400,"DEC 21164 400 64",0.0022,0.0105,0.0637,0.4457); # R10000 64bit
-
-sub doit
- {
- local($mhz,$label,@data)=@_;
-
- for ($i=0; $i <= $#data; $i++)
- {
- $data[$i]=1/$data[$i]*200/$mhz;
- }
- printf("%s %6.1f %6.1f %6.1f %6.1f\n",$label,@data);
- }
-
diff --git a/crypto/openssl/times/091/r10000.irx b/crypto/openssl/times/091/r10000.irx
deleted file mode 100644
index 237ee5d..0000000
--- a/crypto/openssl/times/091/r10000.irx
+++ /dev/null
@@ -1,37 +0,0 @@
-MIPS R10000 32kI+32kD 180mhz, IRIX 6.4
-
-Using crypto/bn/mips3.s
-
-This is built for n32, which is faster for all benchmarks than the n64
-compilation model
-
-SSLeay 0.9.0b 19-Apr-1998
-built on Sat Apr 25 12:43:14 EST 1998
-options:bn(64,64) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int) blowfish(ptr)
-C flags:cc -use_readonly_const -O2 -DTERMIOS -DB_ENDIAN
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 126.38k 349.38k 472.67k 517.01k 529.81k
-mdc2 501.64k 545.87k 551.80k 553.64k 554.41k
-md5 1825.77k 7623.64k 12630.47k 15111.74k 16012.09k
-hmac(md5) 780.81k 4472.86k 9667.22k 13802.67k 15777.89k
-sha1 1375.52k 6213.91k 11037.30k 13682.01k 14714.09k
-rmd160 856.72k 3454.40k 5598.33k 6689.94k 7073.48k
-rc4 11260.93k 13311.50k 13360.05k 13322.17k 13364.39k
-des cbc 2770.78k 3055.42k 3095.18k 3092.48k 3103.03k
-des ede3 1023.22k 1060.58k 1063.81k 1070.37k 1064.54k
-idea cbc 3029.09k 3334.30k 3375.29k 3375.65k 3380.64k
-rc2 cbc 2307.45k 2470.72k 2501.25k 2500.68k 2500.55k
-rc5-32/12 cbc 6770.91k 8629.89k 8909.58k 9009.64k 9044.95k
-blowfish cbc 4796.53k 5598.20k 5717.14k 5755.11k 5749.86k
-cast cbc 3986.20k 4426.17k 4465.04k 4476.84k 4475.08k
- sign verify sign/s verify/s
-rsa 512 bits 0.0034s 0.0003s 296.1 3225.4
-rsa 1024 bits 0.0139s 0.0008s 71.8 1221.8
-rsa 2048 bits 0.0815s 0.0026s 12.3 380.3
-rsa 4096 bits 0.5656s 0.0096s 1.8 103.7
- sign verify sign/s verify/s
-dsa 512 bits 0.0034s 0.0061s 290.8 164.9
-dsa 1024 bits 0.0084s 0.0161s 119.1 62.3
-dsa 2048 bits 0.0260s 0.0515s 38.5 19.4
-
diff --git a/crypto/openssl/times/091/r3000.ult b/crypto/openssl/times/091/r3000.ult
deleted file mode 100644
index ecd3390..0000000
--- a/crypto/openssl/times/091/r3000.ult
+++ /dev/null
@@ -1,32 +0,0 @@
-MIPS R3000 64kI+64kD 25mhz, ultrix 4.3
-
-SSLeay 0.9.0b 19-Apr-1998
-built on Thu Apr 23 07:22:31 EST 1998
-options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int) blowfish(idx)
-C flags:cc -O2 -DL_ENDIAN -DNOPROTO -DNOCONST
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 14.63k 40.65k 54.70k 60.07k 61.78k
-mdc2 29.43k 37.27k 38.23k 38.57k 38.60k
-md5 140.04k 676.59k 1283.84k 1654.10k 1802.24k
-hmac(md5) 60.51k 378.90k 937.82k 1470.46k 1766.74k
-sha1 60.77k 296.79k 525.40k 649.90k 699.05k
-rmd160 48.82k 227.16k 417.19k 530.31k 572.05k
-rc4 904.76k 996.20k 1007.53k 1015.65k 1010.35k
-des cbc 178.87k 209.39k 213.42k 215.55k 214.53k
-des ede3 74.25k 79.30k 80.40k 80.21k 80.14k
-idea cbc 181.02k 209.37k 214.44k 214.36k 213.83k
-rc2 cbc 161.52k 184.98k 187.99k 188.76k 189.05k
-rc5-32/12 cbc 398.99k 582.91k 614.66k 626.07k 621.87k
-blowfish cbc 296.38k 387.69k 405.50k 412.57k 410.05k
-cast cbc 214.76k 260.63k 266.92k 268.63k 258.26k
- sign verify sign/s verify/s
-rsa 512 bits 0.0870s 0.0089s 11.5 112.4
-rsa 1024 bits 0.4881s 0.0295s 2.0 33.9
-rsa 2048 bits 3.2750s 0.1072s 0.3 9.3
-rsa 4096 bits 23.9833s 0.4093s 0.0 2.4
- sign verify sign/s verify/s
-dsa 512 bits 0.0898s 0.1706s 11.1 5.9
-dsa 1024 bits 0.2847s 0.5565s 3.5 1.8
-dsa 2048 bits 1.0267s 2.0433s 1.0 0.5
-
diff --git a/crypto/openssl/times/091/r4400.irx b/crypto/openssl/times/091/r4400.irx
deleted file mode 100644
index 9b96ca1..0000000
--- a/crypto/openssl/times/091/r4400.irx
+++ /dev/null
@@ -1,32 +0,0 @@
-R4400 16kI+16kD 200mhz, Irix 5.3
-
-SSLeay 0.9.0e 27-Apr-1998
-built on Sun Apr 26 07:26:05 PDT 1998
-options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int) blowfish(ptr)
-C flags:cc -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 79.80k 220.59k 298.01k 327.06k 338.60k
-mdc2 262.74k 285.30k 289.16k 288.36k 288.49k
-md5 930.35k 4167.13k 7167.91k 8678.23k 9235.86k
-hmac(md5) 399.44k 2367.57k 5370.74k 7884.28k 9076.98k
-sha1 550.96k 2488.17k 4342.76k 5362.50k 5745.40k
-rmd160 424.58k 1752.83k 2909.67k 3486.08k 3702.89k
-rc4 6687.79k 7834.63k 7962.61k 8035.65k 7915.28k
-des cbc 1544.20k 1725.94k 1748.35k 1758.17k 1745.61k
-des ede3 587.29k 637.75k 645.93k 643.17k 646.01k
-idea cbc 1575.52k 1719.75k 1732.41k 1736.69k 1740.11k
-rc2 cbc 1496.21k 1629.90k 1643.19k 1652.14k 1646.62k
-rc5-32/12 cbc 3452.48k 4276.47k 4390.74k 4405.25k 4400.12k
-blowfish cbc 2354.58k 3242.36k 3401.11k 3433.65k 3383.65k
-cast cbc 1942.22k 2152.28k 2187.51k 2185.67k 2177.20k
- sign verify sign/s verify/s
-rsa 512 bits 0.0130s 0.0014s 76.9 729.8
-rsa 1024 bits 0.0697s 0.0043s 14.4 233.9
-rsa 2048 bits 0.4664s 0.0156s 2.1 64.0
-rsa 4096 bits 3.4067s 0.0586s 0.3 17.1
- sign verify sign/s verify/s
-dsa 512 bits 0.0140s 0.0261s 71.4 38.4
-dsa 1024 bits 0.0417s 0.0794s 24.0 12.6
-dsa 2048 bits 0.1478s 0.2929s 6.8 3.4
-
diff --git a/crypto/openssl/times/100.lnx b/crypto/openssl/times/100.lnx
deleted file mode 100644
index d0f4537..0000000
--- a/crypto/openssl/times/100.lnx
+++ /dev/null
@@ -1,32 +0,0 @@
-SSLeay 0.8.4c 03-Aug-1999
-built on Tue Nov 4 02:52:29 EST 1997
-options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 53.27k 155.95k 201.30k 216.41k 236.78k
-mdc2 192.98k 207.98k 206.76k 206.17k 208.87k
-md5 993.15k 5748.27k 11944.70k 16477.53k 18287.27k
-hmac(md5) 404.97k 2787.58k 7690.07k 13744.43k 17601.88k
-sha1 563.24k 2851.67k 5363.71k 6879.23k 7441.07k
-rc4 7876.70k 10400.85k 10825.90k 10943.49k 10745.17k
-des cbc 2047.39k 2188.25k 2188.29k 2239.49k 2233.69k
-des ede3 660.55k 764.01k 773.55k 779.21k 780.97k
-idea cbc 653.93k 708.48k 715.43k 719.87k 720.90k
-rc2 cbc 648.08k 702.23k 708.78k 711.00k 709.97k
-blowfish cbc 3764.39k 4288.66k 4375.04k 4497.07k 4423.68k
-cast cbc 2757.14k 2993.75k 3035.31k 3078.90k 3055.62k
-
-blowfish cbc 3258.81k 3673.47k 3767.30k 3774.12k 3719.17k
-cast cbc 2677.05k 3164.78k 3273.05k 3287.38k 3244.03k
-
-
- sign verify
-rsa 512 bits 0.0213s 0.0020s
-rsa 1024 bits 0.1073s 0.0063s
-rsa 2048 bits 0.6873s 0.0224s
-rsa 4096 bits 4.9333s 0.0845s
- sign verify
-dsa 512 bits 0.0201s 0.0385s
-dsa 1024 bits 0.0604s 0.1190s
-dsa 2048 bits 0.2121s 0.4229s
diff --git a/crypto/openssl/times/100.nt b/crypto/openssl/times/100.nt
deleted file mode 100644
index 0dd7cfc..0000000
--- a/crypto/openssl/times/100.nt
+++ /dev/null
@@ -1,29 +0,0 @@
-SSLeay 0.8.4c 03-Aug-1999
-built on Tue Aug 3 09:49:58 EST 1999
-options:bn(64,32) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int) blowfish(
-ptr2)
-C flags:cl /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN -DBN
-_ASM -DMD5_ASM -DSHA1_ASM
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 93.07k 258.38k 349.03k 382.83k 392.87k
-mdc2 245.80k 259.02k 259.34k 259.16k 260.14k
-md5 1103.42k 6017.65k 12210.49k 16552.11k 18291.77k
-hmac(md5) 520.15k 3394.00k 8761.86k 14593.96k 17742.40k
-sha1 538.06k 2726.76k 5242.22k 6821.12k 7426.18k
-rc4 8283.90k 10513.09k 10886.38k 10929.50k 10816.75k
-des cbc 2073.10k 2232.91k 2251.61k 2256.46k 2232.44k
-des ede3 758.85k 782.46k 786.14k 786.08k 781.24k
-idea cbc 831.02k 892.63k 901.07k 903.48k 901.85k
-rc2 cbc 799.89k 866.09k 873.96k 876.22k 874.03k
-blowfish cbc 3835.32k 4418.78k 4511.94k 4494.54k 4416.92k
-cast cbc 2974.68k 3272.71k 3313.04k 3335.17k 3261.51k
- sign verify
-rsa 512 bits 0.0202s 0.0019s
-rsa 1024 bits 0.1029s 0.0062s
-rsa 2048 bits 0.6770s 0.0220s
-rsa 4096 bits 4.8770s 0.0838s
- sign verify
-dsa 512 bits 0.0191s 0.0364s
-dsa 1024 bits 0.0590s 0.1141s
-dsa 2048 bits 0.2088s 0.4171s
diff --git a/crypto/openssl/times/200.lnx b/crypto/openssl/times/200.lnx
deleted file mode 100644
index fd7e7f4..0000000
--- a/crypto/openssl/times/200.lnx
+++ /dev/null
@@ -1,30 +0,0 @@
-This machine was slightly loaded :-(
-
-SSLeay 0.8.4c 03-Aug-1999
-built on Tue Nov 4 02:52:29 EST 1997
-options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 130.86k 365.31k 499.60k 547.75k 561.41k
-mdc2 526.03k 581.38k 587.12k 586.31k 589.60k
-md5 1919.49k 11173.23k 22387.60k 29553.47k 32587.21k
-hmac(md5) 747.09k 5248.35k 14275.44k 24713.26k 31737.13k
-sha1 1336.63k 6400.50k 11668.67k 14648.83k 15700.85k
-rc4 15002.32k 21327.21k 22301.63k 22503.78k 22549.26k
-des cbc 4115.16k 4521.08k 4632.37k 4607.28k 4570.57k
-des ede3 1540.29k 1609.76k 1623.64k 1620.76k 1624.18k
-idea cbc 2405.08k 2664.78k 2704.22k 2713.95k 2716.29k
-rc2 cbc 1634.07k 1764.30k 1780.23k 1790.27k 1788.12k
-blowfish cbc 5993.98k 6927.27k 7083.61k 7088.40k 7123.72k
-cast cbc 5981.52k 6900.44k 7079.70k 7110.40k 7057.72k
- sign verify
-rsa 512 bits 0.0085s 0.0007s
-rsa 1024 bits 0.0377s 0.0020s
-rsa 2048 bits 0.2176s 0.0067s
-rsa 4096 bits 1.4800s 0.0242s
-sign verify
-dsa 512 bits 0.0071s 0.0132s
-dsa 1024 bits 0.0192s 0.0376s
-dsa 2048 bits 0.0638s 0.1280s
-
diff --git a/crypto/openssl/times/486-66.dos b/crypto/openssl/times/486-66.dos
deleted file mode 100644
index 1644bf8..0000000
--- a/crypto/openssl/times/486-66.dos
+++ /dev/null
@@ -1,22 +0,0 @@
-MS-dos static libs, 16bit C build, 16bit assember
-
-SSLeay 0.6.1
-options:bn(32,16) md2(char) rc4(idx,int) des(ptr,long) idea(short)
-C flags:cl /ALw /Gx- /Gf /f- /Ocgnotb2 /G2 /W3 /WX -DL_ENDIAN /nologo -DMSDOS -D
-NO_SOCK
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 18.62k 55.54k 76.88k 85.39k 86.52k
-md5 94.03k 442.06k 794.38k 974.51k 1061.31k
-sha 38.37k 166.23k 272.78k 331.41k 353.77k
-sha1 34.38k 147.77k 244.77k 292.57k 312.08k
-rc4 641.25k 795.34k 817.16k 829.57k 817.16k
-des cfb 111.46k 118.08k 120.69k 119.16k 119.37k
-des cbc 122.96k 135.69k 137.10k 135.69k 135.40k
-des ede3 48.01k 50.92k 50.32k 50.96k 50.96k
-idea cfb 97.09k 100.21k 100.36k 101.14k 100.98k
-idea cbc 102.08k 109.41k 111.46k 111.65k 110.52k
-rc2 cfb 120.47k 125.55k 125.79k 125.55k 125.55k
-rc2 cbc 129.77k 140.33k 143.72k 142.16k 141.85k
-rsa 512 bits 0.264s
-rsa 1024 bits 1.494s
diff --git a/crypto/openssl/times/486-66.nt b/crypto/openssl/times/486-66.nt
deleted file mode 100644
index b26a900..0000000
--- a/crypto/openssl/times/486-66.nt
+++ /dev/null
@@ -1,22 +0,0 @@
-SSLeay 0.6.1 02-Jul-1996
-built on Fri Jul 10 09:53:15 EST 1996
-options:bn(64,32) md2(int) rc4(idx,int) des(idx,long) idea(int)
-C flags:cl /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /nologo -DWIN32 -DL_ENDIAN /MD
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 38.27k 107.28k 145.43k 159.60k 164.15k
-md5 399.00k 1946.13k 3610.80k 4511.94k 4477.27k
-sha 182.04k 851.26k 1470.65k 1799.20k 1876.48k
-sha1 151.83k 756.55k 1289.76k 1567.38k 1625.70k
-rc4 1853.92k 2196.25k 2232.91k 2241.31k 2152.96k
-des cfb 360.58k 382.69k 384.94k 386.07k 377.19k
-des cbc 376.10k 431.87k 436.32k 437.78k 430.45k
-des ede3 152.55k 160.38k 161.51k 161.33k 159.98k
-idea cfb 245.59k 255.60k 256.65k 257.16k 254.61k
-idea cbc 257.16k 276.12k 279.05k 279.11k 276.70k
-rc2 cfb 280.25k 293.49k 294.74k 294.15k 291.47k
-rc2 cbc 295.47k 321.57k 324.76k 324.76k 320.00k
-rsa 512 bits 0.084s
-rsa 1024 bits 0.495s
-rsa 2048 bits 3.435s
-
diff --git a/crypto/openssl/times/486-66.w31 b/crypto/openssl/times/486-66.w31
deleted file mode 100644
index 381f149..0000000
--- a/crypto/openssl/times/486-66.w31
+++ /dev/null
@@ -1,23 +0,0 @@
-Windows 3.1 DLL's, 16 bit C with 32bit assember
-
-SSLeay 0.6.1 02-Jul-1996
-built on Wed Jul 10 09:53:15 EST 1996
-options:bn(32,32) md2(char) rc4(idx,int) des(ptr,long) idea(short)
-C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWIN16
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 18.94k 54.27k 73.43k 80.91k 83.75k
-md5 78.96k 391.26k 734.30k 919.80k 992.97k
-sha 39.01k 168.04k 280.67k 336.08k 359.10k
-sha1 35.20k 150.14k 247.31k 294.54k 313.94k
-rc4 509.61k 655.36k 678.43k 677.02k 670.10k
-des cfb 97.09k 104.69k 106.56k 105.70k 106.56k
-des cbc 116.82k 129.77k 131.07k 131.07k 131.07k
-des ede3 44.22k 47.90k 48.53k 48.47k 47.86k
-idea cfb 83.49k 87.03k 87.03k 87.15k 87.73k
-idea cbc 89.04k 96.23k 96.95k 97.81k 97.09k
-rc2 cfb 108.32k 113.58k 113.78k 114.57k 114.77k
-rc2 cbc 118.08k 131.07k 134.02k 134.02k 132.66k
-rsa 512 bits 0.181s
-rsa 1024 bits 0.846s
-
diff --git a/crypto/openssl/times/5.lnx b/crypto/openssl/times/5.lnx
deleted file mode 100644
index 1c1e392a..0000000
--- a/crypto/openssl/times/5.lnx
+++ /dev/null
@@ -1,29 +0,0 @@
-SSLeay 0.8.5g 24-Jan-1998
-built on Tue Jan 27 08:11:42 EST 1998
-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 56.55k 156.69k 211.63k 231.77k 238.71k
-mdc2 192.26k 208.09k 210.09k 209.58k 210.26k
-md5 991.04k 5745.51k 11932.67k 16465.24k 18306.39k
-hmac(md5) 333.99k 2383.89k 6890.67k 13133.82k 17397.08k
-sha1 571.68k 2883.88k 5379.07k 6880.26k 7443.80k
-rmd160 409.41k 2212.91k 4225.45k 5456.55k 5928.28k
-rc4 6847.57k 8596.22k 8901.80k 8912.90k 8850.09k
-des cbc 2046.29k 2229.78k 2254.76k 2259.97k 2233.69k
-des ede3 751.11k 779.95k 783.96k 784.38k 780.97k
-idea cbc 653.40k 708.29k 718.42k 720.21k 720.90k
-rc2 cbc 647.19k 702.46k 709.21k 710.66k 709.97k
-rc5-32/12 cbc 3498.18k 4054.12k 4133.46k 4151.64k 4139.69k
-blowfish cbc 3763.95k 4437.74k 4532.74k 4515.50k 4448.26k
-cast cbc 2754.22k 3020.67k 3079.08k 3069.95k 3036.50k
- sign verify sign/s verify/s
-rsa 512 bits 0.0207s 0.0020s 48.3 511.3
-rsa 1024 bits 0.1018s 0.0059s 9.8 169.6
-rsa 2048 bits 0.6438s 0.0208s 1.6 48.0
-rsa 4096 bits 4.6033s 0.0793s 0.2 12.6
- sign verify sign/s verify/s
-dsa 512 bits 0.0190s 0.0359s 52.6 27.8
-dsa 1024 bits 0.0566s 0.1109s 17.7 9.0
-dsa 2048 bits 0.1988s 0.3915s 5.0 2.6
diff --git a/crypto/openssl/times/586-085i.nt b/crypto/openssl/times/586-085i.nt
deleted file mode 100644
index 8a57975..0000000
--- a/crypto/openssl/times/586-085i.nt
+++ /dev/null
@@ -1,29 +0,0 @@
-SSLeay 0.8.5i 28-Jan-1998
-built on Wed Jan 28 18:00:07 EST 1998
-options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2)
-C flags:cl /MT /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 92.74k 257.59k 348.16k 381.79k 392.14k
-mdc2 227.65k 247.82k 249.90k 250.65k 250.20k
-md5 1089.54k 5966.29k 12104.77k 16493.53k 18204.44k
-hmac(md5) 513.53k 3361.36k 8725.41k 14543.36k 17593.56k
-sha1 580.74k 2880.51k 5376.62k 6865.78k 7413.05k
-rmd160 508.06k 2427.96k 4385.51k 5510.84k 5915.80k
-rc4 8004.40k 10408.74k 10794.48k 10884.12k 10728.22k
-des cbc 2057.24k 2222.97k 2246.79k 2209.39k 2223.44k
-des ede3 739.42k 761.99k 765.48k 760.26k 760.97k
-idea cbc 827.08k 889.60k 898.83k 901.15k 897.98k
-rc2 cbc 795.64k 861.04k 871.13k 872.58k 871.13k
-rc5-32/12 cbc 3597.17k 4139.66k 4204.39k 4223.02k 4204.39k
-blowfish cbc 3807.47k 3996.10k 4156.07k 4204.39k 4105.62k
-cast cbc 2777.68k 2814.21k 2892.62k 2916.76k 2868.88k
- sign verify sign/s verify/s
-rsa 512 bits 0.0178s 0.0018s 56.3 541.6
-rsa 1024 bits 0.0945s 0.0059s 10.6 168.3
-rsa 2048 bits 0.6269s 0.0208s 1.6 48.0
-rsa 4096 bits 4.5560s 0.0784s 0.2 12.8
- sign verify sign/s verify/s
-dsa 512 bits 0.0178s 0.0340s 56.2 29.4
-dsa 1024 bits 0.0552s 0.1077s 18.1 9.3
-dsa 2048 bits 0.1963s 0.3811s 5.1 2.6
diff --git a/crypto/openssl/times/586-100.LN3 b/crypto/openssl/times/586-100.LN3
deleted file mode 100644
index a6fa818..0000000
--- a/crypto/openssl/times/586-100.LN3
+++ /dev/null
@@ -1,26 +0,0 @@
-SSLeay 0.8.3v 15-Oct-1997
-built on Wed Oct 15 10:05:00 EST 1997
-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DL_ENDIAN -DTERMIO -DX86_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 56.27k 156.76k 211.46k 231.77k 238.71k
-mdc2 188.74k 206.12k 207.70k 207.87k 208.18k
-md5 991.56k 5718.31k 11748.61k 16090.79k 17850.37k
-hmac(md5) 387.56k 2636.01k 7327.83k 13340.33k 17091.24k
-sha1 463.55k 2274.18k 4071.17k 5072.90k 5447.68k
-rc4 3673.94k 4314.52k 4402.26k 4427.09k 4407.30k
-des cbc 2023.79k 2209.77k 2233.34k 2220.71k 2222.76k
-des ede3 747.17k 778.54k 781.57k 778.24k 778.24k
-idea cbc 614.64k 678.04k 683.52k 685.06k 685.40k
-rc2 cbc 536.83k 574.10k 578.05k 579.24k 578.90k
-blowfish cbc 3673.39k 4354.58k 4450.22k 4429.48k 4377.26k
- sign verify
-rsa 512 bits 0.0217s 0.0021s
-rsa 1024 bits 0.1083s 0.0064s
-rsa 2048 bits 0.6867s 0.0223s
-rsa 4096 bits 4.9400s 0.0846s
- sign verify
-dsa 512 bits 0.0203s 0.0387s
-dsa 1024 bits 0.0599s 0.1170s
-dsa 2048 bits 0.2115s 0.4242s
diff --git a/crypto/openssl/times/586-100.NT2 b/crypto/openssl/times/586-100.NT2
deleted file mode 100644
index 7f8c167..0000000
--- a/crypto/openssl/times/586-100.NT2
+++ /dev/null
@@ -1,26 +0,0 @@
-SSLeay 0.8.3e 30-Sep-1997
-built on Tue Sep 30 14:52:58 EST 1997
-options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2)
-C flags:cl /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN -DX86_ASM
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 92.99k 257.59k 348.16k 381.47k 392.14k
-mdc2 223.77k 235.30k 237.15k 236.77k 237.29k
-md5 862.53k 4222.17k 7842.75k 9925.00k 10392.23k
-sha 491.34k 2338.61k 4062.28k 4986.10k 5307.90k
-sha1 494.38k 2234.94k 3838.83k 4679.58k 4980.18k
-rc4 6338.10k 7489.83k 7676.25k 7698.80k 7631.56k
-des cbc 1654.17k 1917.66k 1961.05k 1968.05k 1960.69k
-des ede3 691.17k 739.42k 744.13k 745.82k 741.40k
-idea cbc 788.46k 870.33k 879.16k 881.38k 879.90k
-rc2 cbc 794.44k 859.63k 868.24k 869.68k 867.45k
-blowfish cbc 2379.88k 3017.48k 3116.12k 3134.76k 3070.50k
- sign verify
-rsa 512 bits 0.0204s 0.0027s
-rsa 1024 bits 0.1074s 0.0032s
-rsa 2048 bits 0.6890s 0.0246s
-rsa 4096 bits 5.0180s 0.0911s
- sign verify
-dsa 512 bits 0.0201s 0.0376s
-dsa 1024 bits 0.0608s 0.1193s
-dsa 2048 bits 0.2133s 0.4294s
diff --git a/crypto/openssl/times/586-100.dos b/crypto/openssl/times/586-100.dos
deleted file mode 100644
index 3085c256..0000000
--- a/crypto/openssl/times/586-100.dos
+++ /dev/null
@@ -1,24 +0,0 @@
-ms-dos static libs, 16 bit C and 16 bit assmber
-
-SSLeay 0.6.1 02-Jul-1996
-built on Tue Jul 9 22:52:54 EST 1996
-options:bn(32,16) md2(char) rc4(idx,int) des(ptr,long) idea(short)
-C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DMSDOS -DNO_SOCK
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 45.99k 130.75k 176.53k 199.35k 203.21k
-md5 236.17k 1072.16k 1839.61k 2221.56k 2383.13k
-sha 107.97k 459.10k 757.64k 908.64k 954.99k
-sha1 96.95k 409.92k 672.16k 788.40k 844.26k
-rc4 1659.14k 1956.30k 2022.72k 2022.72k 2022.72k
-des cfb 313.57k 326.86k 326.86k 331.83k 326.86k
-des cbc 345.84k 378.82k 378.82k 384.38k 378.82k
-des ede3 139.59k 144.66k 144.61k 144.45k 143.29k
-idea cfb 262.67k 274.21k 274.21k 274.21k 274.21k
-idea cbc 284.32k 318.14k 318.14k 318.14k 318.14k
-rc2 cfb 265.33k 274.21k 277.69k 277.11k 277.69k
-rc2 cbc 283.71k 310.60k 309.86k 313.57k 314.32k
-rsa 512 bits 0.104s
-rsa 1024 bits 0.566s
-rsa 2048 bits 3.680s
-rsa 4096 bits 26.740s
diff --git a/crypto/openssl/times/586-100.ln4 b/crypto/openssl/times/586-100.ln4
deleted file mode 100644
index 14a9db9..0000000
--- a/crypto/openssl/times/586-100.ln4
+++ /dev/null
@@ -1,26 +0,0 @@
-SSLeay 0.8.3aa 24-Oct-1997
-built on Mon Oct 27 10:16:25 EST 1997
-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 56.78k 156.71k 211.46k 231.77k 238.71k
-mdc2 187.45k 200.49k 201.64k 202.75k 202.77k
-md5 1002.51k 5798.66k 11967.15k 16449.19k 18251.78k
-hmac(md5) 468.71k 3173.46k 8386.99k 14305.56k 17607.34k
-sha1 586.98k 2934.87k 5393.58k 6863.19k 7408.30k
-rc4 3675.10k 4314.15k 4402.77k 4427.78k 4404.57k
-des cbc 1902.96k 2202.01k 2242.30k 2252.46k 2236.42k
-des ede3 700.15k 774.23k 783.70k 781.62k 783.70k
-idea cbc 618.46k 677.93k 683.61k 685.40k 685.40k
-rc2 cbc 536.97k 573.87k 577.96k 579.24k 578.90k
-blowfish cbc 3672.66k 4271.89k 4428.80k 4469.76k 4374.53k
- sign verify
-rsa 512 bits 0.0213s 0.0021s
-rsa 1024 bits 0.1075s 0.0063s
-rsa 2048 bits 0.6853s 0.0224s
-rsa 4096 bits 4.9400s 0.0845s
- sign verify
-dsa 512 bits 0.0203s 0.0380s
-dsa 1024 bits 0.0600s 0.1189s
-dsa 2048 bits 0.2110s 0.4250s
diff --git a/crypto/openssl/times/586-100.lnx b/crypto/openssl/times/586-100.lnx
deleted file mode 100644
index 0c05173..0000000
--- a/crypto/openssl/times/586-100.lnx
+++ /dev/null
@@ -1,23 +0,0 @@
-SSLeay 0.7.3 30-Apr-1997
-built on Mon May 12 04:13:55 EST 1997
-options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 72.95k 202.77k 274.01k 300.37k 309.23k
-md5 770.57k 4094.02k 7409.41k 9302.36k 9986.05k
-sha 363.05k 1571.07k 2613.85k 3134.81k 3320.49k
-sha1 340.94k 1462.85k 2419.20k 2892.12k 3042.35k
-rc4 3676.91k 4314.94k 4407.47k 4430.51k 4412.76k
-des cbc 1489.95k 1799.08k 1841.66k 1851.73k 1848.66k
-des ede3 621.93k 711.19k 726.10k 729.77k 729.09k
-idea cbc 618.16k 676.99k 683.09k 684.37k 683.59k
-rc2 cbc 537.59k 573.93k 578.56k 579.58k 579.70k
-blowfish cbc 2077.57k 2682.20k 2827.18k 2840.92k 2842.62k
-rsa 512 bits 0.024s 0.003
-rsa 1024 bits 0.120s 0.003
-rsa 2048 bits 0.751s 0.026
-rsa 4096 bits 5.320s 0.096
-dsa 512 bits 0.022s 0.042
-dsa 1024 bits 0.065s 0.126
-dsa 2048 bits 0.227s 0.449
diff --git a/crypto/openssl/times/586-100.nt b/crypto/openssl/times/586-100.nt
deleted file mode 100644
index 9adcac3..0000000
--- a/crypto/openssl/times/586-100.nt
+++ /dev/null
@@ -1,23 +0,0 @@
-SSLeay 0.7.3 30-Apr-1997
-built on Mon May 19 10:47:38 EST 1997
-options:bn(64,32) md2(char) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2)
-C flags not available
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 89.57k 245.94k 331.59k 362.95k 373.29k
-md5 858.93k 4175.51k 7700.21k 9715.78k 10369.11k
-sha 466.18k 2103.67k 3607.69k 4399.31k 4669.16k
-sha1 449.59k 2041.02k 3496.13k 4256.45k 4512.92k
-rc4 5862.55k 7447.27k 7698.80k 7768.38k 7653.84k
-des cbc 1562.71k 1879.84k 1928.24k 1938.93k 1911.02k
-des ede3 680.27k 707.97k 728.62k 733.15k 725.98k
-idea cbc 797.46k 885.85k 895.68k 898.06k 896.45k
-rc2 cbc 609.46k 648.75k 654.01k 654.42k 653.60k
-blowfish cbc 2357.94k 3000.22k 3106.89k 3134.76k 3080.42k
-rsa 512 bits 0.022s 0.003
-rsa 1024 bits 0.112s 0.003
-rsa 2048 bits 0.726s 0.026
-rsa 4096 bits 5.268s 0.095
-dsa 512 bits 0.021s 0.039
-dsa 1024 bits 0.063s 0.127
-dsa 2048 bits 0.224s 0.451
diff --git a/crypto/openssl/times/586-100.ntx b/crypto/openssl/times/586-100.ntx
deleted file mode 100644
index 35166a5..0000000
--- a/crypto/openssl/times/586-100.ntx
+++ /dev/null
@@ -1,30 +0,0 @@
-SSLeay 0.8.5f 22-Jan-1998
-built on Wed Jan 21 17:11:53 EST 1998
-options:bn(64,32) md2(int) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(
-ptr2)
-C flags:cl /MT /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DL_ENDIAN
--DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 92.99k 257.43k 347.84k 381.82k 392.14k
-mdc2 232.19k 253.68k 257.57k 258.70k 258.70k
-md5 1094.09k 5974.79k 12139.81k 16487.04k 18291.77k
-hmac(md5) 375.70k 2590.04k 7309.70k 13469.18k 17447.19k
-sha1 613.78k 2982.93k 5446.44k 6889.46k 7424.86k
-rmd160 501.23k 2405.68k 4367.25k 5503.61k 5915.80k
-rc4 8167.75k 10429.44k 10839.12k 10929.50k 10772.30k
-des cbc 2057.24k 2218.27k 2237.20k 2227.69k 2213.59k
-des ede3 719.63k 727.11k 728.77k 719.56k 722.97k
-idea cbc 827.67k 888.85k 898.06k 900.30k 898.75k
-rc2 cbc 797.46k 862.53k 870.33k 872.58k 870.40k
-blowfish cbc 3835.32k 4435.60k 4513.89k 4513.89k 4416.92k
-cast cbc 2785.06k 3052.62k 3088.59k 3034.95k 3034.95k
- sign verify sign/s verify/s
-rsa 512 bits 0.0202s 0.0020s 49.4 500.2
-rsa 1024 bits 0.1030s 0.0063s 9.7 159.4
-rsa 2048 bits 0.6740s 0.0223s 1.5 44.9
-rsa 4096 bits 4.8970s 0.0844s 0.2 11.8
- sign verify sign/s verify/s
-dsa 512 bits 0.0191s 0.0361s 52.4 27.7
-dsa 1024 bits 0.0587s 0.1167s 17.0 8.6
-dsa 2048 bits 0.2091s 0.4123s 4.8 2.4
diff --git a/crypto/openssl/times/586-100.w31 b/crypto/openssl/times/586-100.w31
deleted file mode 100644
index d5b1c10..0000000
--- a/crypto/openssl/times/586-100.w31
+++ /dev/null
@@ -1,27 +0,0 @@
-Pentium 100, Windows 3.1 DLL's, 16 bit C, 32bit assember.
-
-Running under Windows NT 4.0 Beta 2
-
-SSLeay 0.6.4 20-Aug-1996
-built on Thu Aug 22 08:44:21 EST 1996
-options:bn(32,32) md2(char) rc4(idx,int) des(ptr,long) idea(short)
-C flags:cl /ALw /Gx- /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWIN16
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 45.83k 128.82k 180.17k 194.90k 198.59k
-md5 224.82k 1038.19k 1801.68k 2175.47k 2330.17k
-sha 105.11k 448.11k 739.48k 884.13k 944.66k
-sha1 94.71k 402.99k 667.88k 795.58k 844.26k
-rc4 1614.19k 1956.30k 2022.72k 2022.72k 2022.72k
-des cfb 291.27k 318.14k 318.14k 318.14k 322.84k
-des cbc 326.86k 356.17k 362.08k 362.08k 367.15k
-des ede3 132.40k 139.57k 139.53k 139.37k 140.97k
-idea cfb 265.33k 280.67k 280.67k 277.69k 281.27k
-idea cbc 274.21k 302.01k 306.24k 306.24k 305.53k
-rc2 cfb 264.79k 274.21k 274.78k 274.21k 274.21k
-rc2 cbc 281.27k 306.24k 309.86k 305.53k 309.86k
-rsa 512 bits 0.058s
-rsa 1024 bits 0.280s
-rsa 2048 bits 1.430s
-rsa 4096 bits 10.600s
-
diff --git a/crypto/openssl/times/586-1002.lnx b/crypto/openssl/times/586-1002.lnx
deleted file mode 100644
index d830bce..0000000
--- a/crypto/openssl/times/586-1002.lnx
+++ /dev/null
@@ -1,26 +0,0 @@
-SSLeay 0.8.3e 30-Sep-1997
-built on Wed Oct 1 03:01:44 EST 1997
-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DL_ENDIAN -DTERMIO -DX86_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 56.21k 156.57k 211.29k 231.77k 237.92k
-mdc2 170.99k 191.70k 193.90k 195.58k 195.95k
-md5 770.50k 3961.96k 7291.22k 9250.82k 9942.36k
-sha 344.93k 1520.77k 2569.81k 3108.52k 3295.91k
-sha1 326.20k 1423.74k 2385.15k 2870.95k 3041.96k
-rc4 3672.88k 4309.65k 4374.41k 4408.66k 4355.41k
-des cbc 1349.73k 1689.05k 1735.34k 1748.99k 1739.43k
-des ede3 638.70k 704.00k 711.85k 714.41k 712.70k
-idea cbc 619.55k 677.33k 683.26k 685.06k 685.40k
-rc2 cbc 521.18k 571.20k 573.46k 578.90k 578.90k
-blowfish cbc 2079.67k 2592.49k 2702.34k 2730.33k 2695.17k
- sign verify
-rsa 512 bits 0.0213s 0.0026s
-rsa 1024 bits 0.1099s 0.0031s
-rsa 2048 bits 0.7007s 0.0248s
-rsa 4096 bits 5.0500s 0.0921s
- sign verify
-dsa 512 bits 0.0203s 0.0389s
-dsa 1024 bits 0.0614s 0.1222s
-dsa 2048 bits 0.2149s 0.4283s
diff --git a/crypto/openssl/times/586p-100.lnx b/crypto/openssl/times/586p-100.lnx
deleted file mode 100644
index 561eb31..0000000
--- a/crypto/openssl/times/586p-100.lnx
+++ /dev/null
@@ -1,26 +0,0 @@
-Pentium 100 - Linux 1.2.13 - gcc 2.7.2p
-This is the pentium specific version of gcc
-
-SSLeay 0.6.4 20-Aug-1996
-built on Thu Aug 22 08:27:58 EST 1996
-options:bn(64,32) md2(char) rc4(idx,int) des(idx,long) idea(int)
-C flags:gcc -DL_ENDIAN -DTERMIO -O6 -fomit-frame-pointer -mpentium -Wall
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 74.90k 208.43k 282.11k 309.59k 318.43k
-md5 807.08k 4205.67k 7801.51k 9958.06k 10810.71k
-sha 405.98k 1821.55k 3119.10k 3799.04k 4052.31k
-sha1 389.13k 1699.50k 2852.78k 3437.57k 3656.36k
-rc4 3621.15k 4130.07k 4212.74k 4228.44k 4213.42k
-des cfb 794.39k 828.37k 831.74k 832.51k 832.85k
-des cbc 817.68k 886.17k 894.72k 896.00k 892.93k
-des ede3 308.83k 323.29k 324.61k 324.95k 324.95k
-idea cfb 690.41k 715.39k 718.51k 719.19k 718.17k
-idea cbc 696.80k 760.60k 767.32k 768.68k 770.05k
-rc2 cfb 619.91k 639.74k 642.30k 642.73k 641.71k
-rc2 cbc 631.99k 671.42k 676.35k 676.18k 677.21k
-rsa 512 bits 0.025s
-rsa 1024 bits 0.123s
-rsa 2048 bits 0.756s
-rsa 4096 bits 5.365s
-
diff --git a/crypto/openssl/times/686-200.bsd b/crypto/openssl/times/686-200.bsd
deleted file mode 100644
index f23c580..0000000
--- a/crypto/openssl/times/686-200.bsd
+++ /dev/null
@@ -1,25 +0,0 @@
-Pentium Pro 200mhz
-FreeBSD 2.1.5
-gcc 2.7.2.2
-
-SSLeay 0.7.0 30-Jan-1997
-built on Tue Apr 22 12:14:36 EST 1997
-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DTERMIOS -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 130.99k 367.68k 499.09k 547.04k 566.50k
-md5 1924.98k 8293.50k 13464.41k 16010.39k 16820.68k
-sha 1250.75k 5330.43k 8636.88k 10227.36k 10779.14k
-sha1 1071.55k 4572.50k 7459.98k 8791.96k 9341.61k
-rc4 10724.22k 14546.25k 15240.18k 15259.50k 15265.63k
-des cbc 3309.11k 3883.01k 3968.25k 3971.86k 3979.14k
-des ede3 1442.98k 1548.33k 1562.48k 1562.00k 1563.33k
-idea cbc 2195.69k 2506.39k 2529.59k 2545.66k 2546.54k
-rc2 cbc 806.00k 833.52k 837.58k 838.52k 836.69k
-blowfish cbc 4687.34k 5949.97k 6182.43k 6248.11k 6226.09k
-rsa 512 bits 0.010s
-rsa 1024 bits 0.045s
-rsa 2048 bits 0.260s
-rsa 4096 bits 1.690s
-
diff --git a/crypto/openssl/times/686-200.lnx b/crypto/openssl/times/686-200.lnx
deleted file mode 100644
index a10cc2f..0000000
--- a/crypto/openssl/times/686-200.lnx
+++ /dev/null
@@ -1,26 +0,0 @@
-SSLeay 0.8.2a 04-Sep-1997
-built on Fri Sep 5 17:37:05 EST 1997
-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2) C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 131.02k 368.41k 500.57k 549.21k 566.09k
-mdc2 535.60k 589.10k 595.88k 595.97k 594.54k
-md5 1801.53k 9674.77k 17484.03k 21849.43k 23592.96k
-sha 1261.63k 5533.25k 9285.63k 11187.88k 11913.90k
-sha1 1103.13k 4782.53k 7933.78k 9472.34k 10070.70k
-rc4 10722.53k 14443.93k 15215.79k 15299.24k 15219.59k
-des cbc 3286.57k 3827.73k 3913.39k 3931.82k 3926.70k
-des ede3 1443.50k 1549.08k 1561.17k 1566.38k 1564.67k
-idea cbc 2203.64k 2508.16k 2538.33k 2543.62k 2547.71k
-rc2 cbc 1430.94k 1511.59k 1524.82k 1527.13k 1523.33k
-blowfish cbc 4716.07k 5965.82k 6190.17k 6243.67k 6234.11k
- sign verify
-rsa 512 bits 0.0100s 0.0011s
-rsa 1024 bits 0.0451s 0.0012s
-rsa 2048 bits 0.2605s 0.0086s
-rsa 4096 bits 1.6883s 0.0302s
- sign verify
-dsa 512 bits 0.0083s 0.0156s
-dsa 1024 bits 0.0228s 0.0454s
-dsa 2048 bits 0.0719s 0.1446s
-
diff --git a/crypto/openssl/times/686-200.nt b/crypto/openssl/times/686-200.nt
deleted file mode 100644
index c8cbaa0..0000000
--- a/crypto/openssl/times/686-200.nt
+++ /dev/null
@@ -1,24 +0,0 @@
-built on Tue May 13 08:24:51 EST 1997
-options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfi
-sh(ptr2)
-C flags not available
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 156.39k 427.99k 576.14k 628.36k 647.27k
-md5 2120.48k 10255.02k 18396.07k 22795.13k 24244.53k
-sha 1468.59k 6388.89k 10686.12k 12826.62k 13640.01k
-sha1 1393.46k 6013.34k 9974.56k 11932.59k 12633.45k
-rc4 13833.46k 19275.29k 20321.24k 20281.93k 20520.08k
-des cbc 3382.50k 4104.02k 4152.78k 4194.30k 4194.30k
-des ede3 1465.51k 1533.00k 1549.96k 1553.29k 1570.29k
-idea cbc 2579.52k 3079.52k 3130.08k 3153.61k 3106.89k
-rc2 cbc 1204.57k 1276.42k 1285.81k 1289.76k 1285.81k
-blowfish cbc 5229.81k 6374.32k 6574.14k 6574.14k 6594.82k
-rsa 512 bits 0.008s 0.001
-rsa 1024 bits 0.038s 0.001
-rsa 2048 bits 0.231s 0.008
-rsa 4096 bits 1.540s 0.027
-dsa 512 bits 0.007s 0.013
-dsa 1024 bits 0.021s 0.040
-dsa 2048 bits 0.066s 0.130
-
diff --git a/crypto/openssl/times/L1 b/crypto/openssl/times/L1
deleted file mode 100644
index 09253d7..0000000
--- a/crypto/openssl/times/L1
+++ /dev/null
@@ -1,27 +0,0 @@
-SSLeay 0.8.3ad 27-Oct-1997
-built on Wed Oct 29 00:36:17 EST 1997
-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DMD5_ASM -DSHA1_ASM
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 56.16k 156.50k 211.46k 231.77k 238.71k
-mdc2 183.37k 205.21k 205.57k 209.92k 207.53k
-md5 1003.65k 5605.56k 11628.54k 15887.70k 17522.69k
-hmac(md5) 411.24k 2803.46k 7616.94k 13475.84k 16864.60k
-sha1 542.66k 2843.50k 5320.53k 6833.49k 7389.18k
-rc4 3677.15k 4313.73k 4407.89k 4429.82k 4404.57k
-des cbc 1787.94k 2174.51k 2236.76k 2249.73k 2230.95k
-des ede3 719.46k 777.26k 784.81k 780.29k 783.70k
-idea cbc 619.56k 677.89k 684.12k 685.40k 685.40k
-rc2 cbc 537.51k 573.93k 578.47k 579.24k 578.90k
-blowfish cbc 3226.76k 4221.65k 4424.19k 4468.39k 4377.26k
-cast cbc 2866.13k 3165.35k 3263.15k 3287.04k 3233.11k
- sign verify
-rsa 512 bits 0.0212s 0.0021s
-rsa 1024 bits 0.1072s 0.0064s
-rsa 2048 bits 0.6853s 0.0222s
-rsa 4096 bits 4.9300s 0.0848s
- sign verify
-dsa 512 bits 0.0200s 0.0380s
-dsa 1024 bits 0.0600s 0.1180s
-dsa 2048 bits 0.2110s 0.4221s
diff --git a/crypto/openssl/times/R10000.t b/crypto/openssl/times/R10000.t
deleted file mode 100644
index 6b3874c..0000000
--- a/crypto/openssl/times/R10000.t
+++ /dev/null
@@ -1,24 +0,0 @@
-IRIX 6.2 - R10000 195mhz
-SLeay 0.6.5a 06-Dec-1996
-built on Tue Dec 24 03:51:45 EST 1996
-options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int)
-C flags:cc -O2 -DTERMIOS -DB_ENDIAN
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 156.34k 424.03k 571.88k 628.88k 646.01k
-md5 1885.02k 8181.72k 13440.53k 16020.60k 16947.54k
-sha 1587.12k 7022.05k 11951.24k 14440.12k 15462.74k
-sha1 1413.13k 6215.86k 10571.16k 12736.22k 13628.51k
-rc4 10556.28k 11974.08k 12077.10k 12111.38k 12103.20k
-des cfb 2977.71k 3252.27k 3284.36k 3302.66k 3290.54k
-des cbc 3298.31k 3704.96k 3771.30k 3730.73k 3778.80k
-des ede3 1278.28k 1328.82k 1342.66k 1339.82k 1343.27k
-idea cfb 2843.34k 3138.04k 3180.95k 3176.46k 3188.54k
-idea cbc 3115.21k 3558.03k 3590.61k 3591.24k 3601.18k
-rc2 cfb 2006.66k 2133.33k 2149.03k 2159.36k 2149.71k
-rc2 cbc 2167.07k 2315.30k 2338.05k 2329.34k 2333.90k
-rsa 512 bits 0.008s
-rsa 1024 bits 0.043s
-rsa 2048 bits 0.280s
-rsa 4096 bits 2.064s
-
diff --git a/crypto/openssl/times/R4400.t b/crypto/openssl/times/R4400.t
deleted file mode 100644
index af8848f..0000000
--- a/crypto/openssl/times/R4400.t
+++ /dev/null
@@ -1,26 +0,0 @@
-IRIX 5.3
-R4400 200mhz
-cc -O2
-SSLeay 0.6.5a 06-Dec-1996
-built on Mon Dec 23 11:51:11 EST 1996
-options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc2,16,long) idea(int)
-C flags:cc -O2 -DTERMIOS -DB_ENDIAN
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 100.62k 280.25k 380.15k 416.02k 428.82k
-md5 828.62k 3525.05k 6311.98k 7742.51k 8328.04k
-sha 580.04k 2513.74k 4251.73k 5101.04k 5394.80k
-sha1 520.23k 2382.94k 4107.82k 5024.62k 5362.56k
-rc4 5871.53k 6323.08k 6357.49k 6392.04k 6305.45k
-des cfb 1016.76k 1156.72k 1176.59k 1180.55k 1181.65k
-des cbc 1016.38k 1303.81k 1349.10k 1359.41k 1356.62k
-des ede3 607.39k 650.74k 655.11k 657.52k 654.18k
-idea cfb 1296.10k 1348.66k 1353.80k 1358.75k 1355.40k
-idea cbc 1453.90k 1554.68k 1567.84k 1569.89k 1573.57k
-rc2 cfb 1199.86k 1251.69k 1253.57k 1259.56k 1251.31k
-rc2 cbc 1334.60k 1428.55k 1441.89k 1445.42k 1441.45k
-rsa 512 bits 0.024s
-rsa 1024 bits 0.125s
-rsa 2048 bits 0.806s
-rsa 4096 bits 5.800s
-
diff --git a/crypto/openssl/times/aix.t b/crypto/openssl/times/aix.t
deleted file mode 100644
index 4f24e39..0000000
--- a/crypto/openssl/times/aix.t
+++ /dev/null
@@ -1,34 +0,0 @@
-from Paco Garcia <pgarcia@ctv.es>
-This machine is a Bull Estrella Minitower Model MT604-100
-Processor : PPC604
-P.Speed : 100Mhz
-Data/Instr Cache : 16 K
-L2 Cache : 256 K
-PCI BUS Speed : 33 Mhz
-TransfRate PCI : 132 MB/s
-Memory : 96 MB
-
-AIX 4.1.4
-
-SSLeay 0.6.6 14-Jan-1997
-built on Mon Jan 13 21:36:03 CUT 1997
-options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,4,long) idea(int) blowfish
-(idx)
-C flags:cc -O -DAIX -DB_ENDIAN
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 53.83k 147.46k 197.63k 215.72k 221.70k
-md5 1278.13k 5354.77k 8679.60k 10195.09k 10780.56k
-sha 1055.34k 4600.37k 7721.30k 9298.94k 9868.63k
-sha1 276.90k 1270.25k 2187.95k 2666.84k 2850.82k
-rc4 4660.57k 5268.93k 5332.48k 5362.47k 5346.65k
-des cbc 1774.16k 1981.10k 1979.56k 2032.71k 1972.25k
-des ede3 748.81k 781.42k 785.66k 785.75k 780.84k
-idea cbc 2066.19k 2329.58k 2378.91k 2379.86k 2380.89k
-rc2 cbc 1278.53k 1379.69k 1389.99k 1393.66k 1389.91k
-blowfish cbc 2812.91k 3307.90k 3364.91k 3386.37k 3374.32k
-rsa 512 bits 0.019s
-rsa 1024 bits 0.096s
-rsa 2048 bits 0.614s
-rsa 4096 bits 4.433s
-
diff --git a/crypto/openssl/times/aixold.t b/crypto/openssl/times/aixold.t
deleted file mode 100644
index 0b51412..0000000
--- a/crypto/openssl/times/aixold.t
+++ /dev/null
@@ -1,23 +0,0 @@
-SSLeay 0.7.3r 20-May-1997
-built on Mon Jun 2 04:06:32 EST 1997
-options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,4,long) idea(int) blowfish(idx)
-C flags:cc -O -DAIX -DB_ENDIAN
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 19.09k 52.47k 71.23k 77.49k 78.93k
-md5 214.56k 941.21k 1585.43k 1883.12k 1988.70k
-sha 118.35k 521.65k 860.28k 1042.27k 1100.46k
-sha1 109.52k 478.98k 825.90k 995.48k 1049.69k
-rc4 1263.63k 1494.24k 1545.70k 1521.66k 1518.99k
-des cbc 259.62k 286.55k 287.15k 288.15k 289.45k
-des ede3 104.92k 107.88k 109.27k 109.25k 109.96k
-idea cbc 291.63k 320.07k 319.40k 320.51k 318.27k
-rc2 cbc 220.04k 237.76k 241.44k 245.90k 244.08k
-blowfish cbc 407.95k 474.83k 480.99k 485.71k 481.07k
-rsa 512 bits 0.157s 0.019
-rsa 1024 bits 0.908s 0.023
-rsa 2048 bits 6.225s 0.218
-rsa 4096 bits 46.500s 0.830
-dsa 512 bits 0.159s 0.312
-dsa 1024 bits 0.536s 1.057
-dsa 2048 bits 1.970s 3.977
diff --git a/crypto/openssl/times/alpha.t b/crypto/openssl/times/alpha.t
deleted file mode 100644
index 3a7c6c4..0000000
--- a/crypto/openssl/times/alpha.t
+++ /dev/null
@@ -1,81 +0,0 @@
-SSLeay-051 Alpha gcc -O3 64Bit (assember bn_mul)
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 44.40k 121.56k 162.73k 179.20k 185.01k
-md5 780.85k 3278.53k 5281.52k 6327.98k 6684.67k
-sha 501.40k 2249.19k 3855.27k 4801.19k 5160.96k
-sha-1 384.99k 1759.72k 3113.64k 3946.92k 4229.80k
-rc4 3505.05k 3724.54k 3723.78k 3555.33k 3694.68k
-des cfb 946.96k 1015.27k 1021.87k 1033.56k 1037.65k
-des cbc 1001.24k 1220.20k 1243.31k 1272.73k 1265.87k
-des ede3 445.34k 491.65k 500.53k 502.10k 502.44k
-idea cfb 643.53k 667.49k 663.81k 666.28k 664.51k
-idea cbc 650.42k 735.41k 733.27k 742.74k 745.47k
-rsa 512 bits 0.031s
-rsa 1024 bits 0.141s
-rsa 2048 bits 0.844s
-rsa 4096 bits 6.033s
-
-SSLeay-051 Alpha cc -O2 64bit (assember bn_mul)
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 45.37k 122.86k 165.97k 182.95k 188.42k
-md5 842.42k 3629.93k 5916.76k 7039.17k 7364.61k
-sha 498.93k 2197.23k 3895.60k 4756.48k 5132.13k
-sha-1 382.02k 1757.21k 3112.53k 3865.23k 4128.77k
-rc4 2975.25k 3049.33k 3180.97k 3214.68k 3424.26k
-des cfb 901.55k 990.83k 1006.08k 1011.19k 1004.89k
-des cbc 947.84k 1127.84k 1163.67k 1162.24k 1157.80k
-des ede3 435.62k 485.57k 493.67k 491.52k 491.52k
-idea cfb 629.31k 648.66k 647.77k 648.53k 649.90k
-idea cbc 565.15k 608.00k 613.46k 613.38k 617.13k
-rsa 512 bits 0.030s
-rsa 1024 bits 0.141s
-rsa 2048 bits 0.854s
-rsa 4096 bits 6.067s
-
-des cfb 718.28k 822.64k 833.11k 836.27k 841.05k
-des cbc 806.10k 951.42k 975.83k 983.73k 991.23k
-des ede3 329.50k 379.11k 387.95k 387.41k 388.33k
-
-des cfb 871.62k 948.65k 951.81k 953.00k 955.58k
-des cbc 953.60k 1174.27k 1206.70k 1216.10k 1216.44k
-des ede3 349.34k 418.05k 427.26k 429.74k 431.45k
-
-
-
-
-SSLeay-045c Alpha gcc -O3 64Bit
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 44.95k 122.22k 164.27k 180.62k 184.66k
-md5 808.71k 3371.95k 5415.68k 6385.66k 6684.67k
-sha 493.68k 2162.05k 3725.82k 4552.02k 4838.74k
-rc4 3317.32k 3649.09k 3728.30k 3744.09k 3691.86k
-cfb des 996.45k 1050.77k 1058.30k 1059.16k 1064.96k
-cbc des 1096.52k 1255.49k 1282.13k 1289.90k 1299.80k
-ede3 des 482.14k 513.51k 518.66k 520.19k 521.39k
-cfb idea 519.90k 533.40k 535.21k 535.55k 535.21k
-cbc idea 619.34k 682.21k 688.04k 689.15k 690.86k
-rsa 512 bits 0.050s
-rsa 1024 bits 0.279s
-rsa 2048 bits 1.908s
-rsa 4096 bits 14.750s
-
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 37.31k 102.77k 137.64k 151.55k 155.78k
-md5 516.65k 2535.21k 4655.72k 5859.66k 6343.34k
-rc4 3519.61k 3707.01k 3746.86k 3755.39k 3675.48k
-cfb des 780.27k 894.68k 913.10k 921.26k 922.97k
-cbc des 867.54k 1040.13k 1074.17k 1075.54k 1084.07k
-ede3 des 357.19k 397.36k 398.08k 402.28k 401.41k
-cbc idea 646.53k 686.44k 694.03k 691.20k 693.59k
-rsa 512 bits 0.046s
-rsa 1024 bits 0.270s
-rsa 2048 bits 1.858s
-rsa 4096 bits 14.350s
-
-md2 C 37.83k 103.17k 137.90k 150.87k 155.37k
-md2 L 37.30k 102.04k 139.01k 152.74k 155.78k
-rc4 I 3532.24k 3718.08k 3750.83k 3768.78k 3694.59k
-rc4 CI 2662.97k 2873.26k 2907.22k 2920.63k 2886.31k
-rc4 LI 3514.63k 3738.72k 3747.41k 3752.96k 3708.49k
-cbc idea S 619.01k 658.68k 661.50k 662.53k 663.55k
-cbc idea L 645.69k 684.22k 694.55k 692.57k 690.86k
diff --git a/crypto/openssl/times/alpha400.t b/crypto/openssl/times/alpha400.t
deleted file mode 100644
index 079e0d1..0000000
--- a/crypto/openssl/times/alpha400.t
+++ /dev/null
@@ -1,25 +0,0 @@
-Alpha EV5.6 (21164A) 400mhz
-
-SSLeay 0.7.3r 20-May-1997
-built on Mon Jun 2 03:39:58 EST 1997
-options:bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int) blowfish(idx)
-C flags:cc -arch host -tune host -fast -std -O4 -inline speed
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 274.98k 760.96k 1034.27k 1124.69k 1148.69k
-md5 2524.46k 11602.60k 19838.81k 24075.26k 25745.10k
-sha 1848.46k 8335.66k 14232.49k 17247.91k 18530.30k
-sha1 1639.67k 7336.53k 12371.80k 14807.72k 15870.63k
-rc4 17950.93k 19390.66k 19652.44k 19700.39k 19412.31k
-des cbc 4018.59k 4872.06k 4988.76k 5003.26k 4995.73k
-des ede3 1809.11k 1965.67k 1984.26k 1986.90k 1982.46k
-idea cbc 2848.82k 3204.33k 3250.26k 3257.34k 3260.42k
-rc2 cbc 3766.08k 4349.50k 4432.21k 4448.94k 4448.26k
-blowfish cbc 6694.88k 9042.35k 9486.93k 9598.98k 9624.91k
-rsa 512 bits 0.003s 0.000
-rsa 1024 bits 0.013s 0.000
-rsa 2048 bits 0.081s 0.003
-rsa 4096 bits 0.577s 0.011
-dsa 512 bits 0.003s 0.005
-dsa 1024 bits 0.007s 0.014
-dsa 2048 bits 0.025s 0.050
diff --git a/crypto/openssl/times/cyrix100.lnx b/crypto/openssl/times/cyrix100.lnx
deleted file mode 100644
index 010a221..0000000
--- a/crypto/openssl/times/cyrix100.lnx
+++ /dev/null
@@ -1,22 +0,0 @@
-SSLeay 0.6.6 06-Dec-1996
-built on Fri Dec 6 10:05:20 GMT 1996
-options:bn(64,32) md2(char) rc4(idx,int) des(idx,risc,16,long) idea(int)
-C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 36.77k 102.48k 138.00k 151.57k 155.78k
-md5 513.59k 2577.22k 4623.51k 5768.99k 6214.53k
-sha 259.89k 1105.45k 1814.97k 2156.16k 2292.13k
-sha1 242.43k 1040.95k 1719.44k 2049.74k 2164.64k
-rc4 1984.48k 2303.41k 2109.37k 2071.47k 1985.61k
-des cfb 712.08k 758.29k 753.17k 752.06k 748.67k
-des cbc 787.37k 937.64k 956.77k 961.61k 957.54k
-des ede3 353.97k 377.28k 379.99k 379.34k 379.11k
-idea cfb 403.80k 418.50k 416.60k 415.78k 415.03k
-idea cbc 426.54k 466.40k 471.31k 472.67k 473.14k
-rc2 cfb 405.15k 420.05k 418.16k 416.72k 416.36k
-rc2 cbc 428.21k 468.43k 473.09k 472.59k 474.70k
-rsa 512 bits 0.040s
-rsa 1024 bits 0.195s
-rsa 2048 bits 1.201s
-rsa 4096 bits 8.700s
diff --git a/crypto/openssl/times/dgux-x86.t b/crypto/openssl/times/dgux-x86.t
deleted file mode 100644
index 70635c5..0000000
--- a/crypto/openssl/times/dgux-x86.t
+++ /dev/null
@@ -1,23 +0,0 @@
-version:SSLeay 0.5.2c 15-May-1996
-built Fri Jun 14 19:47:04 EST 1996
-options:bn(LLONG,thirty_two) md2(CHAR) rc4(IDX,int) des(ary,long) idea(int)
-C flags:gcc -O3 -fomit-frame-pointer -DL_ENDIAN
-
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 113.86k 316.48k 428.36k 467.63k 481.56k
-md5 1001.99k 5037.99k 9545.94k 12036.95k 11800.38k
-sha 628.77k 2743.48k 5113.42k 6206.99k 6165.42k
-sha1 583.83k 2638.66k 4538.85k 5532.09k 5917.04k
-rc4 5493.27k 6369.39k 6511.30k 6577.83k 6486.73k
-des cfb 1219.01k 1286.06k 1299.33k 1288.87k 1381.72k
-des cbc 1360.58k 1469.04k 1456.96k 1454.08k 1513.57k
-des ede3 544.45k 567.84k 568.99k 570.37k 566.09k
-idea cfb 1012.39k 1056.30k 1063.52k 989.17k 863.24k
-idea cbc 985.36k 1090.44k 1105.92k 1108.65k 1090.17k
-rc2 cfb 963.86k 979.06k 995.30k 937.35k 827.39k
-rc2 cbc 951.72k 1042.11k 1049.60k 1047.21k 1059.11k
-rsa 512 bits 0.032s
-rsa 1024 bits 0.159s
-rsa 2048 bits 1.025s
-rsa 4096 bits 7.270s
-
diff --git a/crypto/openssl/times/dgux.t b/crypto/openssl/times/dgux.t
deleted file mode 100644
index c7f7564..0000000
--- a/crypto/openssl/times/dgux.t
+++ /dev/null
@@ -1,17 +0,0 @@
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 38.54k 106.28k 144.00k 157.46k 161.72k
-md5 323.23k 1471.62k 2546.11k 3100.20k 3309.57k
-rc4 I 1902.74k 2055.20k 2080.42k 2077.88k 2065.46k
-cfb des 456.23k 475.22k 481.79k 488.42k 487.17k
-cbc des 484.30k 537.50k 553.09k 558.08k 558.67k
-ede3 des 199.97k 209.05k 211.03k 211.85k 212.78k
-cbc idea 478.50k 519.33k 523.42k 525.09k 526.44k
-rsa 512 bits 0.159s !RSA_LLONG
-rsa 1024 bits 1.053s
-rsa 2048 bits 7.600s
-rsa 4096 bits 59.760s
-
-md2 C 30.53k 83.58k 112.84k 123.22k 126.24k
-rc4 1844.56k 1975.50k 1997.73k 1994.95k 1984.88k
-rc4 C 1800.09k 1968.85k 1995.20k 1992.36k 1996.80k
-rc4 CI 1830.81k 2035.75k 2067.28k 2070.23k 2062.77k
diff --git a/crypto/openssl/times/hpux-acc.t b/crypto/openssl/times/hpux-acc.t
deleted file mode 100644
index 0c0e936..0000000
--- a/crypto/openssl/times/hpux-acc.t
+++ /dev/null
@@ -1,25 +0,0 @@
-HPUX 887
-
-SSLeay 0.7.3r 20-May-1997
-built on Mon Jun 2 02:59:45 EST 1997
-options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int) blowfish(idx)
-C flags:cc -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 58.99k 166.85k 225.07k 247.21k 253.76k
-md5 639.22k 2726.98k 4477.25k 5312.69k 5605.20k
-sha 381.08k 1661.49k 2793.84k 3368.86k 3581.23k
-sha1 349.54k 1514.56k 2536.63k 3042.59k 3224.39k
-rc4 2891.10k 4238.01k 4464.11k 4532.49k 4545.87k
-des cbc 717.05k 808.76k 820.14k 821.97k 821.96k
-des ede3 288.21k 303.50k 303.69k 305.82k 305.14k
-idea cbc 325.83k 334.36k 335.89k 336.61k 333.43k
-rc2 cbc 793.00k 915.81k 926.69k 933.28k 929.53k
-blowfish cbc 1561.91k 2051.97k 2122.65k 2139.40k 2145.92k
-rsa 512 bits 0.031s 0.004
-rsa 1024 bits 0.164s 0.004
-rsa 2048 bits 1.055s 0.037
-rsa 4096 bits 7.600s 0.137
-dsa 512 bits 0.029s 0.057
-dsa 1024 bits 0.092s 0.177
-dsa 2048 bits 0.325s 0.646
diff --git a/crypto/openssl/times/hpux-kr.t b/crypto/openssl/times/hpux-kr.t
deleted file mode 100644
index ad4a0ad..0000000
--- a/crypto/openssl/times/hpux-kr.t
+++ /dev/null
@@ -1,23 +0,0 @@
-SSLeay 0.7.3r 20-May-1997
-built on Mon Jun 2 02:17:35 EST 1997
-options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,cisc,16,long) idea(int) blowfish(idx)
-C flags:cc -DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 35.30k 98.36k 133.41k 146.34k 150.69k
-md5 391.20k 1737.31k 2796.65k 3313.75k 3503.74k
-sha 189.55k 848.14k 1436.72k 1735.87k 1848.03k
-sha1 175.30k 781.14k 1310.32k 1575.61k 1675.81k
-rc4 2070.55k 2501.47k 2556.65k 2578.34k 2584.91k
-des cbc 465.13k 536.85k 545.87k 547.86k 548.89k
-des ede3 190.05k 200.99k 202.31k 202.22k 202.75k
-idea cbc 263.44k 277.77k 282.13k 281.51k 283.15k
-rc2 cbc 448.37k 511.39k 519.54k 522.00k 521.31k
-blowfish cbc 839.98k 1097.70k 1131.16k 1145.64k 1144.67k
-rsa 512 bits 0.048s 0.005
-rsa 1024 bits 0.222s 0.006
-rsa 2048 bits 1.272s 0.042
-rsa 4096 bits 8.445s 0.149
-dsa 512 bits 0.041s 0.077
-dsa 1024 bits 0.111s 0.220
-dsa 2048 bits 0.363s 0.726
diff --git a/crypto/openssl/times/hpux.t b/crypto/openssl/times/hpux.t
deleted file mode 100644
index dcf7615..0000000
--- a/crypto/openssl/times/hpux.t
+++ /dev/null
@@ -1,86 +0,0 @@
-HP-UX A.09.05 9000/712
-
-SSLeay 0.6.6 14-Jan-1997
-built on Tue Jan 14 16:36:31 WET 1997
-options:bn(32,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int)
-blowfish(idx)
-C flags:cc -DB_ENDIAN -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 66.56k 184.92k 251.82k 259.86k 282.62k
-md5 615.54k 2805.92k 4764.30k 5724.21k 6084.39k
-sha 358.23k 1616.46k 2781.50k 3325.72k 3640.89k
-sha1 327.50k 1497.98k 2619.44k 3220.26k 3460.85k
-rc4 3500.47k 3890.99k 3943.81k 3883.74k 3900.02k
-des cbc 742.65k 871.66k 887.15k 891.21k 895.40k
-des ede3 302.42k 322.50k 324.46k 326.66k 326.05k
-idea cbc 664.41k 755.87k 765.61k 772.70k 773.69k
-rc2 cbc 798.78k 931.04k 947.69k 950.31k 952.04k
-blowfish cbc 1353.32k 1932.29k 2021.93k 2047.02k 2053.66k
-rsa 512 bits 0.059s
-rsa 1024 bits 0.372s
-rsa 2048 bits 2.697s
-rsa 4096 bits 20.790s
-
-SSLeay 0.6.6 14-Jan-1997
-built on Tue Jan 14 15:37:30 WET 1997
-options:bn(64,32) md2(int) rc4(ptr,int) des(ptr,risc1,16,long) idea(int)
-blowfish(idx)
-C flags:gcc -DB_ENDIAN -O3
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 44.91k 122.57k 167.71k 183.89k 190.24k
-md5 532.50k 2316.27k 3965.72k 4740.11k 5055.06k
-sha 363.76k 1684.09k 2978.53k 3730.86k 3972.72k
-sha1 385.76k 1743.53k 2997.69k 3650.74k 3899.08k
-rc4 3178.84k 3621.31k 3672.71k 3684.01k 3571.54k
-des cbc 733.00k 844.70k 863.28k 863.72k 868.73k
-des ede3 289.99k 308.94k 310.11k 309.64k 312.08k
-idea cbc 624.07k 713.91k 724.76k 723.35k 725.13k
-rc2 cbc 704.34k 793.39k 804.25k 805.99k 782.63k
-blowfish cbc 1371.24k 1823.66k 1890.05k 1915.51k 1920.12k
-rsa 512 bits 0.030s
-rsa 1024 bits 0.156s
-rsa 2048 bits 1.113s
-rsa 4096 bits 7.480s
-
-
-HPUX B.10.01 V 9000/887 - HP92453-01 A.10.11 HP C Compiler
-SSLeay 0.5.2 - -Aa +ESlit +Oall +O4 -Wl,-a,archive
-
-HPUX A.09.04 B 9000/887
-
-ssleay 0.5.1 gcc v 2.7.0 -O3 -mpa-risc-1-1
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 53.00k 166.81k 205.66k 241.95k 242.20k
-md5 743.22k 3128.44k 6031.85k 6142.07k 7025.26k
-sha 481.30k 2008.24k 3361.31k 3985.07k 4180.74k
-sha-1 463.60k 1916.15k 3139.24k 3786.27k 3997.70k
-rc4 3708.61k 4125.16k 4547.53k 4206.21k 4390.07k
-des cfb 665.91k 705.97k 698.48k 694.25k 666.08k
-des cbc 679.80k 741.90k 769.85k 747.62k 719.47k
-des ede3 264.31k 270.22k 265.63k 273.07k 273.07k
-idea cfb 635.91k 673.40k 605.60k 699.53k 672.36k
-idea cbc 705.85k 774.63k 750.60k 715.83k 721.50k
-rsa 512 bits 0.066s
-rsa 1024 bits 0.372s
-rsa 2048 bits 2.177s
-rsa 4096 bits 16.230s
-
-HP92453-01 A.09.61 HP C Compiler
-ssleay 0.5.1 cc -Ae +ESlit +Oall -Wl,-a,archive
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 58.69k 163.30k 213.57k 230.40k 254.23k
-md5 608.60k 2596.82k 3871.43k 4684.10k 4763.88k
-sha 343.26k 1482.43k 2316.80k 2766.27k 2860.26k
-sha-1 319.15k 1324.13k 2106.03k 2527.82k 2747.95k
-rc4 2467.47k 3374.41k 3265.49k 3354.39k 3368.55k
-des cfb 812.05k 814.90k 851.20k 819.20k 854.56k
-des cbc 836.35k 994.06k 916.02k 1020.01k 988.14k
-des ede3 369.78k 389.15k 401.01k 382.94k 408.03k
-idea cfb 290.40k 298.06k 286.11k 296.92k 299.46k
-idea cbc 301.30k 297.72k 304.34k 300.10k 309.70k
-rsa 512 bits 0.350s
-rsa 1024 bits 2.635s
-rsa 2048 bits 19.930s
-
diff --git a/crypto/openssl/times/p2.w95 b/crypto/openssl/times/p2.w95
deleted file mode 100644
index 82d1e55..0000000
--- a/crypto/openssl/times/p2.w95
+++ /dev/null
@@ -1,22 +0,0 @@
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 235.90k 652.30k 893.36k 985.74k 985.74k
-mdc2 779.61k 816.81k 825.65k 816.01k 825.65k
-md5 2788.77k 13508.23k 24672.38k 30504.03k 33156.55k
-sha 1938.22k 8397.01k 14122.24k 16980.99k 18196.55k
-sha1 1817.29k 7832.50k 13168.93k 15738.48k 16810.84k
-rc4 15887.52k 21709.65k 22745.68k 22995.09k 22995.09k
-des cbc 4599.02k 5377.31k 5377.31k 5533.38k 5533.38k
-des ede3 1899.59k 2086.71k 2086.67k 2086.51k 2085.90k
-idea cbc 3350.08k 3934.62k 3979.42k 4017.53k 4017.53k
-rc2 cbc 1534.13k 1630.76k 1625.70k 1644.83k 1653.91k
-blowfish cbc 6678.83k 8490.49k 8701.88k 8848.74k 8886.24k
- sign verify
-rsa 512 bits 0.0062s 0.0008s
-rsa 1024 bits 0.0287s 0.0009s
-rsa 2048 bits 0.1785s 0.0059s
-rsa 4096 bits 1.1300s 0.0205s
- sign verify
-dsa 512 bits 0.0055s 0.0100s
-dsa 1024 bits 0.0154s 0.0299s
-dsa 2048 bits 0.0502s 0.0996s
diff --git a/crypto/openssl/times/pent2.t b/crypto/openssl/times/pent2.t
deleted file mode 100644
index b6dc269..0000000
--- a/crypto/openssl/times/pent2.t
+++ /dev/null
@@ -1,24 +0,0 @@
-pentium 2, 266mhz, Visual C++ 5.0, Windows 95
-
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 235.90k 652.30k 893.36k 985.74k 985.74k
-mdc2 779.61k 816.81k 825.65k 816.01k 825.65k
-md5 2788.77k 13508.23k 24672.38k 30504.03k 33156.55k
-sha 1938.22k 8397.01k 14122.24k 16980.99k 18196.55k
-sha1 1817.29k 7832.50k 13168.93k 15738.48k 16810.84k
-rc4 15887.52k 21709.65k 22745.68k 22995.09k 22995.09k
-des cbc 4599.02k 5377.31k 5377.31k 5533.38k 5533.38k
-des ede3 1899.59k 2086.71k 2086.67k 2086.51k 2085.90k
-idea cbc 3350.08k 3934.62k 3979.42k 4017.53k 4017.53k
-rc2 cbc 1534.13k 1630.76k 1625.70k 1644.83k 1653.91k
-blowfish cbc 6678.83k 8490.49k 8701.88k 8848.74k 8886.24k
- sign verify
-rsa 512 bits 0.0062s 0.0008s
-rsa 1024 bits 0.0287s 0.0009s
-rsa 2048 bits 0.1785s 0.0059s
-rsa 4096 bits 1.1300s 0.0205s
- sign verify
-dsa 512 bits 0.0055s 0.0100s
-dsa 1024 bits 0.0154s 0.0299s
-dsa 2048 bits 0.0502s 0.0996s
diff --git a/crypto/openssl/times/readme b/crypto/openssl/times/readme
deleted file mode 100644
index 7074f58..0000000
--- a/crypto/openssl/times/readme
+++ /dev/null
@@ -1,11 +0,0 @@
-The 'times' in this directory are not all for the most recent version of
-the library and it should be noted that on some CPUs (specifically sparc
-and Alpha), the locations of files in the application after linking can
-make upto a %10 speed difference when running benchmarks on things like
-cbc mode DES. To put it mildly this can be very anoying.
-
-About the only way to get around this would be to compile the library as one
-object file, or to 'include' the source files in a specific order.
-
-The best way to get an idea of the 'raw' DES speed is to build the
-'speed' program in crypto/des.
diff --git a/crypto/openssl/times/s586-100.lnx b/crypto/openssl/times/s586-100.lnx
deleted file mode 100644
index cbc3e3c..0000000
--- a/crypto/openssl/times/s586-100.lnx
+++ /dev/null
@@ -1,25 +0,0 @@
-Shared library build
-
-SSLeay 0.7.3 30-Apr-1997
-built on Tue May 13 03:43:56 EST 1997
-options:bn(64,32) md2(char) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:-DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -m486 -Wall
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 68.95k 191.40k 258.22k 283.31k 291.21k
-md5 627.37k 3064.75k 5370.15k 6765.91k 7255.38k
-sha 323.35k 1431.32k 2417.07k 2916.69k 3102.04k
-sha1 298.08k 1318.34k 2228.82k 2694.83k 2864.47k
-rc4 3404.13k 4026.33k 4107.43k 4136.28k 4117.85k
-des cbc 1414.60k 1782.53k 1824.24k 1847.64k 1840.47k
-des ede3 588.36k 688.19k 700.33k 702.46k 704.51k
-idea cbc 582.96k 636.71k 641.54k 642.39k 642.30k
-rc2 cbc 569.34k 612.37k 617.64k 617.47k 619.86k
-blowfish cbc 2015.77k 2534.49k 2609.65k 2607.10k 2615.98k
-rsa 512 bits 0.027s 0.003
-rsa 1024 bits 0.128s 0.003
-rsa 2048 bits 0.779s 0.027
-rsa 4096 bits 5.450s 0.098
-dsa 512 bits 0.024s 0.045
-dsa 1024 bits 0.068s 0.132
-dsa 2048 bits 0.231s 0.469
diff --git a/crypto/openssl/times/s586-100.nt b/crypto/openssl/times/s586-100.nt
deleted file mode 100644
index 8e3baf6..0000000
--- a/crypto/openssl/times/s586-100.nt
+++ /dev/null
@@ -1,23 +0,0 @@
-SSLeay 0.7.3 30-Apr-1997
-built on Mon May 19 10:47:38 EST 1997
-options:bn(64,32) md2(char) rc4(idx,int) des(idx,cisc,4,long) idea(int) blowfish(ptr2)
-C flags not available
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 90.26k 248.57k 335.06k 366.09k 376.64k
-md5 863.95k 4205.24k 7628.78k 9582.60k 10290.25k
-sha 463.93k 2102.51k 3623.28k 4417.85k 4695.29k
-sha1 458.23k 2005.88k 3385.78k 4094.00k 4340.13k
-rc4 5843.60k 7543.71k 7790.31k 7836.89k 7791.47k
-des cbc 1583.95k 1910.67k 1960.69k 1972.12k 1946.13k
-des ede3 654.79k 722.60k 740.97k 745.82k 738.27k
-idea cbc 792.04k 876.96k 887.35k 892.63k 890.36k
-rc2 cbc 603.50k 652.38k 661.85k 662.69k 661.44k
-blowfish cbc 2379.88k 3043.76k 3153.61k 3153.61k 3134.76k
-rsa 512 bits 0.022s 0.003
-rsa 1024 bits 0.111s 0.003
-rsa 2048 bits 0.716s 0.025
-rsa 4096 bits 5.188s 0.094
-dsa 512 bits 0.020s 0.039
-dsa 1024 bits 0.062s 0.124
-dsa 2048 bits 0.221s 0.441
diff --git a/crypto/openssl/times/sgi.t b/crypto/openssl/times/sgi.t
deleted file mode 100644
index 7963610..0000000
--- a/crypto/openssl/times/sgi.t
+++ /dev/null
@@ -1,29 +0,0 @@
-SGI Challenge R4400 200mhz IRIX 5.3 - gcc (2.6.3)
-SSLeay 0.6.1 02-Jul-1996
-built on Tue Jul 2 16:25:30 EST 1996
-options:bn(64,32) md2(char) rc4(idx,char) des(idx,long) idea(int)
-C flags:gcc -O2 -mips2 -DTERMIOS -DB_ENDIAN
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 96.53k 266.70k 360.09k 393.70k 405.07k
-md5 971.15k 4382.56k 7406.90k 8979.99k 9559.18k
-sha 596.86k 2832.26k 4997.30k 6277.75k 6712.89k
-sha1 578.34k 2630.16k 4632.05k 5684.34k 6083.37k
-rc4 5641.12k 6821.76k 6996.13k 7052.61k 6913.32k
-des cfb 1354.86k 1422.11k 1434.58k 1433.24k 1432.89k
-des cbc 1467.13k 1618.92k 1630.08k 1637.00k 1629.62k
-des ede3 566.13k 591.91k 596.86k 596.18k 592.54k
-idea cfb 1190.60k 1264.49k 1270.38k 1267.84k 1272.37k
-idea cbc 1271.45k 1410.37k 1422.49k 1426.46k 1421.73k
-rc2 cfb 1285.73k 1371.40k 1380.92k 1383.13k 1379.23k
-rc2 cbc 1386.61k 1542.10k 1562.49k 1572.45k 1567.93k
-rsa 512 bits 0.018s
-rsa 1024 bits 0.106s
-rsa 2048 bits 0.738s
-rsa 4096 bits 5.535s
-
-version:SSLeay 0.5.2c 15-May-1996
-rsa 512 bits 0.035s
-rsa 1024 bits 0.204s
-rsa 2048 bits 1.423s
-rsa 4096 bits 10.800s
diff --git a/crypto/openssl/times/sparc.t b/crypto/openssl/times/sparc.t
deleted file mode 100644
index 1611f76..0000000
--- a/crypto/openssl/times/sparc.t
+++ /dev/null
@@ -1,26 +0,0 @@
-gcc 2.7.2
-Sparc 10 - Solaris 2.3 - 50mhz
-SSLeay 0.7.3r 20-May-1997
-built on Mon Jun 2 00:55:51 EST 1997
-options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr)
-C flags:gcc -O3 -fomit-frame-pointer -mv8 -Wall
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 54.88k 154.52k 210.35k 231.08k 237.21k
-md5 550.75k 2460.49k 4116.01k 4988.74k 5159.86k
-sha 340.28k 1461.76k 2430.10k 2879.87k 2999.15k
-sha1 307.27k 1298.41k 2136.26k 2540.07k 2658.28k
-rc4 2652.21k 2805.24k 3301.63k 4003.98k 4071.18k
-des cbc 811.78k 903.93k 914.19k 921.60k 932.29k
-des ede3 328.21k 344.93k 349.64k 351.48k 345.07k
-idea cbc 685.06k 727.42k 734.41k 730.11k 739.21k
-rc2 cbc 718.59k 777.02k 781.96k 784.38k 782.60k
-blowfish cbc 1268.85k 1520.64k 1568.88k 1587.54k 1591.98k
-rsa 512 bits 0.037s 0.005
-rsa 1024 bits 0.213s 0.006
-rsa 2048 bits 1.471s 0.053
-rsa 4096 bits 11.100s 0.202
-dsa 512 bits 0.038s 0.074
-dsa 1024 bits 0.128s 0.248
-dsa 2048 bits 0.473s 0.959
-
diff --git a/crypto/openssl/times/sparc2 b/crypto/openssl/times/sparc2
deleted file mode 100644
index 4b0dd80..0000000
--- a/crypto/openssl/times/sparc2
+++ /dev/null
@@ -1,21 +0,0 @@
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 14.56k 40.25k 54.95k 60.13k 62.18k
-mdc2 53.59k 57.45k 58.11k 58.21k 58.51k
-md5 176.95k 764.75k 1270.36k 1520.14k 1608.36k
-hmac(md5) 55.88k 369.70k 881.15k 1337.05k 1567.40k
-sha1 92.69k 419.75k 723.63k 878.82k 939.35k
-rc4 1247.28k 1414.09k 1434.30k 1434.34k 1441.13k
-des cbc 284.41k 318.58k 323.07k 324.09k 323.87k
-des ede3 109.99k 119.99k 121.60k 121.87k 121.66k
-idea cbc 43.06k 43.68k 43.84k 43.64k 44.07k
-rc2 cbc 278.85k 311.44k 316.50k 316.57k 317.37k
-blowfish cbc 468.89k 569.35k 581.61k 568.34k 559.54k
-cast cbc 285.84k 338.79k 345.71k 346.19k 341.09k
- sign verify
-rsa 512 bits 0.4175s 0.0519s
-rsa 1024 bits 2.9325s 0.1948s
-rsa 2048 bits 22.3600s 0.7669s
- sign verify
-dsa 512 bits 0.5178s 1.0300s
-dsa 1024 bits 1.8780s 3.7167s
-dsa 2048 bits 7.3500s 14.4800s
diff --git a/crypto/openssl/times/sparcLX.t b/crypto/openssl/times/sparcLX.t
deleted file mode 100644
index 2fdaed7..0000000
--- a/crypto/openssl/times/sparcLX.t
+++ /dev/null
@@ -1,22 +0,0 @@
-Sparc Station LX
-SSLeay 0.7.3 30-Apr-1997
-built on Thu May 1 10:44:02 EST 1997
-options:bn(64,32) md2(int) rc4(ptr,char) des(idx,cisc,16,long) idea(int) blowfish(ptr)
-C flags:gcc -O3 -fomit-frame-pointer -mv8 -Wall
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 17.60k 48.72k 66.47k 72.70k 74.72k
-md5 226.24k 1082.21k 1982.72k 2594.02k 2717.01k
-sha 71.38k 320.71k 551.08k 677.76k 720.90k
-sha1 63.08k 280.79k 473.86k 576.94k 608.94k
-rc4 1138.30k 1257.67k 1304.49k 1377.78k 1364.42k
-des cbc 265.34k 308.85k 314.28k 315.39k 317.20k
-des ede3 83.23k 93.13k 94.04k 94.50k 94.63k
-idea cbc 254.48k 274.26k 275.88k 274.68k 275.80k
-rc2 cbc 328.27k 375.39k 381.43k 381.61k 380.83k
-blowfish cbc 487.00k 498.02k 510.12k 515.41k 516.10k
-rsa 512 bits 0.093s
-rsa 1024 bits 0.537s
-rsa 2048 bits 3.823s
-rsa 4096 bits 28.650s
-
diff --git a/crypto/openssl/times/usparc.t b/crypto/openssl/times/usparc.t
deleted file mode 100644
index 2215624..0000000
--- a/crypto/openssl/times/usparc.t
+++ /dev/null
@@ -1,25 +0,0 @@
-Sparc 2000? - Solaris 2.5.1 - 167mhz Ultra sparc
-
-SSLeay 0.7.3r 20-May-1997
-built on Mon Jun 2 02:25:48 EST 1997
-options:bn(64,32) md2(int) rc4(ptr,char) des(ptr,risc1,16,long) idea(int) blowfish(ptr)
-C flags:cc cc -xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa -DB_ENDIAN
-The 'numbers' are in 1000s of bytes per second processed.
-type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
-md2 135.23k 389.87k 536.66k 591.87k 603.48k
-md5 1534.38k 6160.41k 9842.69k 11446.95k 11993.09k
-sha 1178.30k 5020.74k 8532.22k 10275.50k 11010.05k
-sha1 1114.22k 4703.94k 7703.81k 9236.14k 9756.67k
-rc4 10818.03k 13327.57k 13711.10k 13810.69k 13836.29k
-des cbc 3052.44k 3320.02k 3356.25k 3369.98k 3295.91k
-des ede3 1310.32k 1359.98k 1367.47k 1362.94k 1362.60k
-idea cbc 1749.52k 1833.13k 1844.74k 1848.32k 1848.66k
-rc2 cbc 1950.25k 2053.23k 2064.21k 2072.58k 2072.58k
-blowfish cbc 4927.16k 5659.75k 5762.73k 5797.55k 5805.40k
-rsa 512 bits 0.021s 0.003
-rsa 1024 bits 0.126s 0.003
-rsa 2048 bits 0.888s 0.032
-rsa 4096 bits 6.770s 0.122
-dsa 512 bits 0.022s 0.043
-dsa 1024 bits 0.076s 0.151
-dsa 2048 bits 0.286s 0.574
diff --git a/crypto/openssl/times/x86/bfs.cpp b/crypto/openssl/times/x86/bfs.cpp
deleted file mode 100644
index d74c457..0000000
--- a/crypto/openssl/times/x86/bfs.cpp
+++ /dev/null
@@ -1,67 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (janke@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/blowfish.h>
-
-void main(int argc,char *argv[])
- {
- BF_KEY key;
- unsigned long s1,s2,e1,e2;
- unsigned long data[2];
- int i,j;
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<1000; i++) /**/
- {
- BF_encrypt(&data[0],&key);
- GetTSC(s1);
- BF_encrypt(&data[0],&key);
- BF_encrypt(&data[0],&key);
- BF_encrypt(&data[0],&key);
- GetTSC(e1);
- GetTSC(s2);
- BF_encrypt(&data[0],&key);
- BF_encrypt(&data[0],&key);
- BF_encrypt(&data[0],&key);
- BF_encrypt(&data[0],&key);
- GetTSC(e2);
- BF_encrypt(&data[0],&key);
- }
-
- printf("blowfish %d %d (%d)\n",
- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
- }
- }
-
diff --git a/crypto/openssl/times/x86/casts.cpp b/crypto/openssl/times/x86/casts.cpp
deleted file mode 100644
index 7661191..0000000
--- a/crypto/openssl/times/x86/casts.cpp
+++ /dev/null
@@ -1,67 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (janke@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/cast.h>
-
-void main(int argc,char *argv[])
- {
- CAST_KEY key;
- unsigned long s1,s2,e1,e2;
- unsigned long data[2];
- int i,j;
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<1000; i++) /**/
- {
- CAST_encrypt(&data[0],&key);
- GetTSC(s1);
- CAST_encrypt(&data[0],&key);
- CAST_encrypt(&data[0],&key);
- CAST_encrypt(&data[0],&key);
- GetTSC(e1);
- GetTSC(s2);
- CAST_encrypt(&data[0],&key);
- CAST_encrypt(&data[0],&key);
- CAST_encrypt(&data[0],&key);
- CAST_encrypt(&data[0],&key);
- GetTSC(e2);
- CAST_encrypt(&data[0],&key);
- }
-
- printf("cast %d %d (%d)\n",
- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
- }
- }
-
diff --git a/crypto/openssl/times/x86/des3s.cpp b/crypto/openssl/times/x86/des3s.cpp
deleted file mode 100644
index 02d527c..0000000
--- a/crypto/openssl/times/x86/des3s.cpp
+++ /dev/null
@@ -1,67 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (janke@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/des.h>
-
-void main(int argc,char *argv[])
- {
- des_key_schedule key1,key2,key3;
- unsigned long s1,s2,e1,e2;
- unsigned long data[2];
- int i,j;
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<1000; i++) /**/
- {
- des_encrypt3(&data[0],key1,key2,key3);
- GetTSC(s1);
- des_encrypt3(&data[0],key1,key2,key3);
- des_encrypt3(&data[0],key1,key2,key3);
- des_encrypt3(&data[0],key1,key2,key3);
- GetTSC(e1);
- GetTSC(s2);
- des_encrypt3(&data[0],key1,key2,key3);
- des_encrypt3(&data[0],key1,key2,key3);
- des_encrypt3(&data[0],key1,key2,key3);
- des_encrypt3(&data[0],key1,key2,key3);
- GetTSC(e2);
- des_encrypt3(&data[0],key1,key2,key3);
- }
-
- printf("des %d %d (%d)\n",
- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
- }
- }
-
diff --git a/crypto/openssl/times/x86/dess.cpp b/crypto/openssl/times/x86/dess.cpp
deleted file mode 100644
index 753e67a..0000000
--- a/crypto/openssl/times/x86/dess.cpp
+++ /dev/null
@@ -1,67 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (janke@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/des.h>
-
-void main(int argc,char *argv[])
- {
- des_key_schedule key;
- unsigned long s1,s2,e1,e2;
- unsigned long data[2];
- int i,j;
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<1000; i++) /**/
- {
- des_encrypt(&data[0],key,1);
- GetTSC(s1);
- des_encrypt(&data[0],key,1);
- des_encrypt(&data[0],key,1);
- des_encrypt(&data[0],key,1);
- GetTSC(e1);
- GetTSC(s2);
- des_encrypt(&data[0],key,1);
- des_encrypt(&data[0],key,1);
- des_encrypt(&data[0],key,1);
- des_encrypt(&data[0],key,1);
- GetTSC(e2);
- des_encrypt(&data[0],key,1);
- }
-
- printf("des %d %d (%d)\n",
- e1-s1,e2-s2,((e2-s2)-(e1-s1)));
- }
- }
-
diff --git a/crypto/openssl/times/x86/md4s.cpp b/crypto/openssl/times/x86/md4s.cpp
deleted file mode 100644
index c0ec97f..0000000
--- a/crypto/openssl/times/x86/md4s.cpp
+++ /dev/null
@@ -1,78 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (janke@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/md4.h>
-
-extern "C" {
-void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num);
-}
-
-void main(int argc,char *argv[])
- {
- unsigned char buffer[64*256];
- MD4_CTX ctx;
- unsigned long s1,s2,e1,e2;
- unsigned char k[16];
- unsigned long data[2];
- unsigned char iv[8];
- int i,num=0,numm;
- int j=0;
-
- if (argc >= 2)
- num=atoi(argv[1]);
-
- if (num == 0) num=16;
- if (num > 250) num=16;
- numm=num+2;
- num*=64;
- numm*=64;
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<10; i++) /**/
- {
- md4_block_x86(&ctx,buffer,numm);
- GetTSC(s1);
- md4_block_x86(&ctx,buffer,numm);
- GetTSC(e1);
- GetTSC(s2);
- md4_block_x86(&ctx,buffer,num);
- GetTSC(e2);
- md4_block_x86(&ctx,buffer,num);
- }
- printf("md4 (%d bytes) %d %d (%.2f)\n",num,
- e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
- }
- }
-
diff --git a/crypto/openssl/times/x86/md5s.cpp b/crypto/openssl/times/x86/md5s.cpp
deleted file mode 100644
index dd343fd..0000000
--- a/crypto/openssl/times/x86/md5s.cpp
+++ /dev/null
@@ -1,78 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (janke@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/md5.h>
-
-extern "C" {
-void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
-}
-
-void main(int argc,char *argv[])
- {
- unsigned char buffer[64*256];
- MD5_CTX ctx;
- unsigned long s1,s2,e1,e2;
- unsigned char k[16];
- unsigned long data[2];
- unsigned char iv[8];
- int i,num=0,numm;
- int j=0;
-
- if (argc >= 2)
- num=atoi(argv[1]);
-
- if (num == 0) num=16;
- if (num > 250) num=16;
- numm=num+2;
- num*=64;
- numm*=64;
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<10; i++) /**/
- {
- md5_block_x86(&ctx,buffer,numm);
- GetTSC(s1);
- md5_block_x86(&ctx,buffer,numm);
- GetTSC(e1);
- GetTSC(s2);
- md5_block_x86(&ctx,buffer,num);
- GetTSC(e2);
- md5_block_x86(&ctx,buffer,num);
- }
- printf("md5 (%d bytes) %d %d (%.2f)\n",num,
- e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
- }
- }
-
diff --git a/crypto/openssl/times/x86/rc4s.cpp b/crypto/openssl/times/x86/rc4s.cpp
deleted file mode 100644
index 3814fde..0000000
--- a/crypto/openssl/times/x86/rc4s.cpp
+++ /dev/null
@@ -1,73 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (janke@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/rc4.h>
-
-void main(int argc,char *argv[])
- {
- unsigned char buffer[1024];
- RC4_KEY ctx;
- unsigned long s1,s2,e1,e2;
- unsigned char k[16];
- unsigned long data[2];
- unsigned char iv[8];
- int i,num=64,numm;
- int j=0;
-
- if (argc >= 2)
- num=atoi(argv[1]);
-
- if (num == 0) num=256;
- if (num > 1024-16) num=1024-16;
- numm=num+8;
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<10; i++) /**/
- {
- RC4(&ctx,numm,buffer,buffer);
- GetTSC(s1);
- RC4(&ctx,numm,buffer,buffer);
- GetTSC(e1);
- GetTSC(s2);
- RC4(&ctx,num,buffer,buffer);
- GetTSC(e2);
- RC4(&ctx,num,buffer,buffer);
- }
-
- printf("RC4 (%d bytes) %d %d (%d) - 8 bytes\n",num,
- e1-s1,e2-s2,(e1-s1)-(e2-s2));
- }
- }
-
diff --git a/crypto/openssl/times/x86/sha1s.cpp b/crypto/openssl/times/x86/sha1s.cpp
deleted file mode 100644
index 3103e18..0000000
--- a/crypto/openssl/times/x86/sha1s.cpp
+++ /dev/null
@@ -1,79 +0,0 @@
-//
-// gettsc.inl
-//
-// gives access to the Pentium's (secret) cycle counter
-//
-// This software was written by Leonard Janke (janke@unixg.ubc.ca)
-// in 1996-7 and is entered, by him, into the public domain.
-
-#if defined(__WATCOMC__)
-void GetTSC(unsigned long&);
-#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
-#elif defined(__GNUC__)
-inline
-void GetTSC(unsigned long& tsc)
-{
- asm volatile(".byte 15, 49\n\t"
- : "=eax" (tsc)
- :
- : "%edx", "%eax");
-}
-#elif defined(_MSC_VER)
-inline
-void GetTSC(unsigned long& tsc)
-{
- unsigned long a;
- __asm _emit 0fh
- __asm _emit 31h
- __asm mov a, eax;
- tsc=a;
-}
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <openssl/sha.h>
-
-extern "C" {
-void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num);
-}
-
-void main(int argc,char *argv[])
- {
- unsigned char buffer[64*256];
- SHA_CTX ctx;
- unsigned long s1,s2,e1,e2;
- unsigned char k[16];
- unsigned long data[2];
- unsigned char iv[8];
- int i,num=0,numm;
- int j=0;
-
- if (argc >= 2)
- num=atoi(argv[1]);
-
- if (num == 0) num=16;
- if (num > 250) num=16;
- numm=num+2;
- num*=64;
- numm*=64;
-
- for (j=0; j<6; j++)
- {
- for (i=0; i<10; i++) /**/
- {
- sha1_block_x86(&ctx,buffer,numm);
- GetTSC(s1);
- sha1_block_x86(&ctx,buffer,numm);
- GetTSC(e1);
- GetTSC(s2);
- sha1_block_x86(&ctx,buffer,num);
- GetTSC(e2);
- sha1_block_x86(&ctx,buffer,num);
- }
-
- printf("sha1 (%d bytes) %d %d (%.2f)\n",num,
- e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
- }
- }
-
diff --git a/crypto/openssl/tools/Makefile b/crypto/openssl/tools/Makefile
deleted file mode 100644
index 4ca835c..0000000
--- a/crypto/openssl/tools/Makefile
+++ /dev/null
@@ -1,58 +0,0 @@
-#
-# OpenSSL/tools/Makefile
-#
-
-DIR= tools
-TOP= ..
-CC= cc
-INCLUDES= -I$(TOP) -I../../include
-CFLAG=-g
-MAKEFILE= Makefile
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=
-APPS= c_rehash
-MISC_APPS= c_hash c_info c_issuer c_name
-
-all:
-
-install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- @for i in $(APPS) ; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
- done;
- @for i in $(MISC_APPS) ; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
- chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
- done;
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
-
-lint:
-
-tags:
-
-errors:
-
-depend:
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/openssl/tools/c89.sh b/crypto/openssl/tools/c89.sh
deleted file mode 100755
index b25c9fd..0000000
--- a/crypto/openssl/tools/c89.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh -k
-#
-# Re-order arguments so that -L comes first
-#
-opts=""
-lopts=""
-
-for arg in $* ; do
- case $arg in
- -L*) lopts="$lopts $arg" ;;
- *) opts="$opts $arg" ;;
- esac
-done
-
-c89 $lopts $opts
diff --git a/crypto/openssl/tools/c_hash b/crypto/openssl/tools/c_hash
deleted file mode 100644
index 5e0a908..0000000
--- a/crypto/openssl/tools/c_hash
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/sh
-# print out the hash values
-#
-
-for i in $*
-do
- h=`openssl x509 -hash -noout -in $i`
- echo "$h.0 => $i"
-done
diff --git a/crypto/openssl/tools/c_info b/crypto/openssl/tools/c_info
deleted file mode 100644
index 0e1e633..0000000
--- a/crypto/openssl/tools/c_info
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-#
-# print the subject
-#
-
-for i in $*
-do
- n=`openssl x509 -subject -issuer -enddate -noout -in $i`
- echo "$i"
- echo "$n"
- echo "--------"
-done
diff --git a/crypto/openssl/tools/c_issuer b/crypto/openssl/tools/c_issuer
deleted file mode 100644
index 55821ab..0000000
--- a/crypto/openssl/tools/c_issuer
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-#
-# print out the issuer
-#
-
-for i in $*
-do
- n=`openssl x509 -issuer -noout -in $i`
- echo "$i $n"
-done
diff --git a/crypto/openssl/tools/c_name b/crypto/openssl/tools/c_name
deleted file mode 100644
index 28800c0..0000000
--- a/crypto/openssl/tools/c_name
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-#
-# print the subject
-#
-
-for i in $*
-do
- n=`openssl x509 -subject -noout -in $i`
- echo "$i $n"
-done
diff --git a/crypto/openssl/tools/c_rehash b/crypto/openssl/tools/c_rehash
deleted file mode 100644
index e614fb5..0000000
--- a/crypto/openssl/tools/c_rehash
+++ /dev/null
@@ -1,160 +0,0 @@
-#!/usr/bin/perl
-
-
-# Perl c_rehash script, scan all files in a directory
-# and add symbolic links to their hash values.
-
-my $openssl;
-
-my $dir = "/usr/local/ssl";
-
-if(defined $ENV{OPENSSL}) {
- $openssl = $ENV{OPENSSL};
-} else {
- $openssl = "openssl";
- $ENV{OPENSSL} = $openssl;
-}
-
-$ENV{PATH} .= ":$dir/bin";
-
-if(! -x $openssl) {
- my $found = 0;
- foreach (split /:/, $ENV{PATH}) {
- if(-x "$_/$openssl") {
- $found = 1;
- last;
- }
- }
- if($found == 0) {
- print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
- exit 0;
- }
-}
-
-if(@ARGV) {
- @dirlist = @ARGV;
-} elsif($ENV{SSL_CERT_DIR}) {
- @dirlist = split /:/, $ENV{SSL_CERT_DIR};
-} else {
- $dirlist[0] = "$dir/certs";
-}
-
-
-foreach (@dirlist) {
- if(-d $_ and -w $_) {
- hash_dir($_);
- }
-}
-
-sub hash_dir {
- my %hashlist;
- print "Doing $_[0]\n";
- chdir $_[0];
- opendir(DIR, ".");
- my @flist = readdir(DIR);
- # Delete any existing symbolic links
- foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
- if(-l $_) {
- unlink $_;
- }
- }
- closedir DIR;
- FILE: foreach $fname (grep {/\.pem$/} @flist) {
- # Check to see if certificates and/or CRLs present.
- my ($cert, $crl) = check_file($fname);
- if(!$cert && !$crl) {
- print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
- next;
- }
- link_hash_cert($fname) if($cert);
- link_hash_crl($fname) if($crl);
- }
-}
-
-sub check_file {
- my ($is_cert, $is_crl) = (0,0);
- my $fname = $_[0];
- open IN, $fname;
- while(<IN>) {
- if(/^-----BEGIN (.*)-----/) {
- my $hdr = $1;
- if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
- $is_cert = 1;
- last if($is_crl);
- } elsif($hdr eq "X509 CRL") {
- $is_crl = 1;
- last if($is_cert);
- }
- }
- }
- close IN;
- return ($is_cert, $is_crl);
-}
-
-
-# Link a certificate to its subject name hash value, each hash is of
-# the form <hash>.<n> where n is an integer. If the hash value already exists
-# then we need to up the value of n, unless its a duplicate in which
-# case we skip the link. We check for duplicates by comparing the
-# certificate fingerprints
-
-sub link_hash_cert {
- my $fname = $_[0];
- $fname =~ s/'/'\\''/g;
- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
- chomp $hash;
- chomp $fprint;
- $fprint =~ s/^.*=//;
- $fprint =~ tr/://d;
- my $suffix = 0;
- # Search for an unused hash filename
- while(exists $hashlist{"$hash.$suffix"}) {
- # Hash matches: if fingerprint matches its a duplicate cert
- if($hashlist{"$hash.$suffix"} eq $fprint) {
- print STDERR "WARNING: Skipping duplicate certificate $fname\n";
- return;
- }
- $suffix++;
- }
- $hash .= ".$suffix";
- print "$fname => $hash\n";
- $symlink_exists=eval {symlink("",""); 1};
- if ($symlink_exists) {
- symlink $fname, $hash;
- } else {
- system ("cp", $fname, $hash);
- }
- $hashlist{$hash} = $fprint;
-}
-
-# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
-
-sub link_hash_crl {
- my $fname = $_[0];
- $fname =~ s/'/'\\''/g;
- my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
- chomp $hash;
- chomp $fprint;
- $fprint =~ s/^.*=//;
- $fprint =~ tr/://d;
- my $suffix = 0;
- # Search for an unused hash filename
- while(exists $hashlist{"$hash.r$suffix"}) {
- # Hash matches: if fingerprint matches its a duplicate cert
- if($hashlist{"$hash.r$suffix"} eq $fprint) {
- print STDERR "WARNING: Skipping duplicate CRL $fname\n";
- return;
- }
- $suffix++;
- }
- $hash .= ".r$suffix";
- print "$fname => $hash\n";
- $symlink_exists=eval {symlink("",""); 1};
- if ($symlink_exists) {
- symlink $fname, $hash;
- } else {
- system ("cp", $fname, $hash);
- }
- $hashlist{$hash} = $fprint;
-}
-
diff --git a/crypto/openssl/tools/c_rehash.in b/crypto/openssl/tools/c_rehash.in
deleted file mode 100644
index 4497cbd..0000000
--- a/crypto/openssl/tools/c_rehash.in
+++ /dev/null
@@ -1,160 +0,0 @@
-#!/usr/local/bin/perl
-
-
-# Perl c_rehash script, scan all files in a directory
-# and add symbolic links to their hash values.
-
-my $openssl;
-
-my $dir;
-
-if(defined $ENV{OPENSSL}) {
- $openssl = $ENV{OPENSSL};
-} else {
- $openssl = "openssl";
- $ENV{OPENSSL} = $openssl;
-}
-
-$ENV{PATH} .= ":$dir/bin";
-
-if(! -x $openssl) {
- my $found = 0;
- foreach (split /:/, $ENV{PATH}) {
- if(-x "$_/$openssl") {
- $found = 1;
- last;
- }
- }
- if($found == 0) {
- print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
- exit 0;
- }
-}
-
-if(@ARGV) {
- @dirlist = @ARGV;
-} elsif($ENV{SSL_CERT_DIR}) {
- @dirlist = split /:/, $ENV{SSL_CERT_DIR};
-} else {
- $dirlist[0] = "$dir/certs";
-}
-
-
-foreach (@dirlist) {
- if(-d $_ and -w $_) {
- hash_dir($_);
- }
-}
-
-sub hash_dir {
- my %hashlist;
- print "Doing $_[0]\n";
- chdir $_[0];
- opendir(DIR, ".");
- my @flist = readdir(DIR);
- # Delete any existing symbolic links
- foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
- if(-l $_) {
- unlink $_;
- }
- }
- closedir DIR;
- FILE: foreach $fname (grep {/\.pem$/} @flist) {
- # Check to see if certificates and/or CRLs present.
- my ($cert, $crl) = check_file($fname);
- if(!$cert && !$crl) {
- print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
- next;
- }
- link_hash_cert($fname) if($cert);
- link_hash_crl($fname) if($crl);
- }
-}
-
-sub check_file {
- my ($is_cert, $is_crl) = (0,0);
- my $fname = $_[0];
- open IN, $fname;
- while(<IN>) {
- if(/^-----BEGIN (.*)-----/) {
- my $hdr = $1;
- if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
- $is_cert = 1;
- last if($is_crl);
- } elsif($hdr eq "X509 CRL") {
- $is_crl = 1;
- last if($is_cert);
- }
- }
- }
- close IN;
- return ($is_cert, $is_crl);
-}
-
-
-# Link a certificate to its subject name hash value, each hash is of
-# the form <hash>.<n> where n is an integer. If the hash value already exists
-# then we need to up the value of n, unless its a duplicate in which
-# case we skip the link. We check for duplicates by comparing the
-# certificate fingerprints
-
-sub link_hash_cert {
- my $fname = $_[0];
- $fname =~ s/'/'\\''/g;
- my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
- chomp $hash;
- chomp $fprint;
- $fprint =~ s/^.*=//;
- $fprint =~ tr/://d;
- my $suffix = 0;
- # Search for an unused hash filename
- while(exists $hashlist{"$hash.$suffix"}) {
- # Hash matches: if fingerprint matches its a duplicate cert
- if($hashlist{"$hash.$suffix"} eq $fprint) {
- print STDERR "WARNING: Skipping duplicate certificate $fname\n";
- return;
- }
- $suffix++;
- }
- $hash .= ".$suffix";
- print "$fname => $hash\n";
- $symlink_exists=eval {symlink("",""); 1};
- if ($symlink_exists) {
- symlink $fname, $hash;
- } else {
- system ("cp", $fname, $hash);
- }
- $hashlist{$hash} = $fprint;
-}
-
-# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
-
-sub link_hash_crl {
- my $fname = $_[0];
- $fname =~ s/'/'\\''/g;
- my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
- chomp $hash;
- chomp $fprint;
- $fprint =~ s/^.*=//;
- $fprint =~ tr/://d;
- my $suffix = 0;
- # Search for an unused hash filename
- while(exists $hashlist{"$hash.r$suffix"}) {
- # Hash matches: if fingerprint matches its a duplicate cert
- if($hashlist{"$hash.r$suffix"} eq $fprint) {
- print STDERR "WARNING: Skipping duplicate CRL $fname\n";
- return;
- }
- $suffix++;
- }
- $hash .= ".r$suffix";
- print "$fname => $hash\n";
- $symlink_exists=eval {symlink("",""); 1};
- if ($symlink_exists) {
- symlink $fname, $hash;
- } else {
- system ("cp", $fname, $hash);
- }
- $hashlist{$hash} = $fprint;
-}
-
diff --git a/crypto/openssl/util/FreeBSD.sh b/crypto/openssl/util/FreeBSD.sh
deleted file mode 100755
index db8edfc..0000000
--- a/crypto/openssl/util/FreeBSD.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-
-perl util/perlpath.pl /usr/bin
-perl util/ssldir.pl /usr/local
-perl util/mk1mf.pl FreeBSD >Makefile.FreeBSD
-perl Configure FreeBSD
diff --git a/crypto/openssl/util/add_cr.pl b/crypto/openssl/util/add_cr.pl
deleted file mode 100755
index c7b62c1..0000000
--- a/crypto/openssl/util/add_cr.pl
+++ /dev/null
@@ -1,123 +0,0 @@
-#!/usr/local/bin/perl
-#
-# This adds a copyright message to a souce code file.
-# It also gets the file name correct.
-#
-# perl util/add_cr.pl *.[ch] */*.[ch] */*/*.[ch]
-#
-
-foreach (@ARGV)
- {
- &dofile($_);
- }
-
-sub dofile
- {
- local($file)=@_;
-
- open(IN,"<$file") || die "unable to open $file:$!\n";
-
- print STDERR "doing $file\n";
- @in=<IN>;
-
- return(1) if ($in[0] =~ / NOCW /);
-
- @out=();
- open(OUT,">$file.out") || die "unable to open $file.$$:$!\n";
- push(@out,"/* $file */\n");
- if (($in[1] !~ /^\/\* Copyright \(C\) [0-9-]+ Eric Young \(eay\@cryptsoft.com\)/))
- {
- push(@out,&Copyright);
- $i=2;
- @a=grep(/ Copyright \(C\) /,@in);
- if ($#a >= 0)
- {
- while (($i <= $#in) && ($in[$i] ne " */\n"))
- { $i++; }
- $i++ if ($in[$i] eq " */\n");
-
- while (($i <= $#in) && ($in[$i] =~ /^\s*$/))
- { $i++; }
-
- push(@out,"\n");
- for ( ; $i <= $#in; $i++)
- { push(@out,$in[$i]); }
- }
- else
- { push(@out,@in); }
- }
- else
- {
- shift(@in);
- push(@out,@in);
- }
- print OUT @out;
- close(IN);
- close(OUT);
- rename("$file","$file.orig") || die "unable to rename $file:$!\n";
- rename("$file.out",$file) || die "unable to rename $file.out:$!\n";
- }
-
-
-
-sub Copyright
- {
- return <<'EOF';
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-EOF
- }
diff --git a/crypto/openssl/util/bat.sh b/crypto/openssl/util/bat.sh
deleted file mode 100755
index 4d9a828..0000000
--- a/crypto/openssl/util/bat.sh
+++ /dev/null
@@ -1,134 +0,0 @@
-#!/usr/local/bin/perl
-
-$infile="/home/eay/ssl/SSLeay/MINFO";
-
-open(IN,"<$infile") || die "unable to open $infile:$!\n";
-$_=<IN>;
-for (;;)
- {
- chop;
-
- ($key,$val)=/^([^=]+)=(.*)/;
- if ($key eq "RELATIVE_DIRECTORY")
- {
- if ($lib ne "")
- {
- $uc=$lib;
- $uc =~ s/^lib(.*)\.a/$1/;
- $uc =~ tr/a-z/A-Z/;
- $lib_nam{$uc}=$uc;
- $lib_obj{$uc}.=$libobj." ";
- }
- last if ($val eq "FINISHED");
- $lib="";
- $libobj="";
- $dir=$val;
- }
-
- if ($key eq "TEST")
- { $test.=&var_add($dir,$val); }
-
- if (($key eq "PROGS") || ($key eq "E_OBJ"))
- { $e_exe.=&var_add($dir,$val); }
-
- if ($key eq "LIB")
- {
- $lib=$val;
- $lib =~ s/^.*\/([^\/]+)$/$1/;
- }
-
- if ($key eq "EXHEADER")
- { $exheader.=&var_add($dir,$val); }
-
- if ($key eq "HEADER")
- { $header.=&var_add($dir,$val); }
-
- if ($key eq "LIBSRC")
- { $libsrc.=&var_add($dir,$val); }
-
- if (!($_=<IN>))
- { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
- }
-close(IN);
-
-@a=split(/\s+/,$libsrc);
-foreach (@a)
- {
- print "${_}.c\n";
- }
-
-sub var_add
- {
- local($dir,$val)=@_;
- local(@a,$_,$ret);
-
- return("") if $no_engine && $dir =~ /\/engine/;
- return("") if $no_idea && $dir =~ /\/idea/;
- return("") if $no_rc2 && $dir =~ /\/rc2/;
- return("") if $no_rc4 && $dir =~ /\/rc4/;
- return("") if $no_rsa && $dir =~ /\/rsa/;
- return("") if $no_rsa && $dir =~ /^rsaref/;
- return("") if $no_dsa && $dir =~ /\/dsa/;
- return("") if $no_dh && $dir =~ /\/dh/;
- if ($no_des && $dir =~ /\/des/)
- {
- if ($val =~ /read_pwd/)
- { return("$dir/read_pwd "); }
- else
- { return(""); }
- }
- return("") if $no_mdc2 && $dir =~ /\/mdc2/;
- return("") if $no_sock && $dir =~ /\/proxy/;
- return("") if $no_bf && $dir =~ /\/bf/;
- return("") if $no_cast && $dir =~ /\/cast/;
-
- $val =~ s/^\s*(.*)\s*$/$1/;
- @a=split(/\s+/,$val);
- grep(s/\.[och]$//,@a);
-
- @a=grep(!/^e_.*_3d$/,@a) if $no_des;
- @a=grep(!/^e_.*_d$/,@a) if $no_des;
- @a=grep(!/^e_.*_i$/,@a) if $no_idea;
- @a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
- @a=grep(!/^e_.*_bf$/,@a) if $no_bf;
- @a=grep(!/^e_.*_c$/,@a) if $no_cast;
- @a=grep(!/^e_rc4$/,@a) if $no_rc4;
-
- @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
- @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
-
- @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
-
- @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
- @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
-
- @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
- @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
- @a=grep(!/(^pem_seal$)/,@a) if $no_rsa;
-
- @a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa;
- @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa;
-
- @a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4;
-
- @a=grep(!/_dhp$/,@a) if $no_dh;
-
- @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha;
- @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
- @a=grep(!/_mdc2$/,@a) if $no_mdc2;
-
- @a=grep(!/^engine$/,@a) if $no_engine;
- @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
- @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
- @a=grep(!/^gendsa$/,@a) if $no_sha1;
- @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
-
- @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
-
- grep($_="$dir/$_",@a);
- @a=grep(!/(^|\/)s_/,@a) if $no_sock;
- @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock;
- $ret=join(' ',@a)." ";
- return($ret);
- }
-
diff --git a/crypto/openssl/util/ck_errf.pl b/crypto/openssl/util/ck_errf.pl
deleted file mode 100755
index 344b422..0000000
--- a/crypto/openssl/util/ck_errf.pl
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/usr/local/bin/perl
-#
-# This is just a quick script to scan for cases where the 'error'
-# function name in a XXXerr() macro is wrong.
-#
-# Run in the top level by going
-# perl util/ck_errf.pl */*.c */*/*.c
-#
-
-foreach $file (@ARGV)
- {
- open(IN,"<$file") || die "unable to open $file\n";
- $func="";
- while (<IN>)
- {
- if (!/;$/ && /^([a-zA-Z].*[\s*])?([A-Za-z_0-9]+)\(.*[),]/)
- {
- /^([^()]*(\([^()]*\)[^()]*)*)\(/;
- $1 =~ /([A-Za-z_0-9]*)$/;
- $func = $1;
- $func =~ tr/A-Z/a-z/;
- }
- if (/([A-Z0-9]+)err\(([^,]+)/)
- {
- $errlib=$1;
- $n=$2;
-
- if ($func eq "")
- { print "$file:$.:???:$n\n"; next; }
-
- if ($n !~ /([^_]+)_F_(.+)$/)
- {
- # print "check -$file:$.:$func:$n\n";
- next;
- }
- $lib=$1;
- $n=$2;
-
- if ($lib ne $errlib)
- { print "$file:$.:$func:$n [${errlib}err]\n"; next; }
-
- $n =~ tr/A-Z/a-z/;
- if (($n ne $func) && ($errlib ne "SYS"))
- { print "$file:$.:$func:$n\n"; next; }
- # print "$func:$1\n";
- }
- }
- close(IN);
- }
-
diff --git a/crypto/openssl/util/clean-depend.pl b/crypto/openssl/util/clean-depend.pl
deleted file mode 100755
index 6c485d1..0000000
--- a/crypto/openssl/util/clean-depend.pl
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/usr/local/bin/perl -w
-# Clean the dependency list in a makefile of standard includes...
-# Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
-
-use strict;
-
-while(<STDIN>) {
- print;
- last if /^# DO NOT DELETE THIS LINE/;
-}
-
-my %files;
-
-my $thisfile="";
-while(<STDIN>) {
- my ($dummy, $file,$deps)=/^((.*):)? (.*)$/;
- my $origfile="";
- $thisfile=$file if defined $file;
- next if !defined $deps;
- $origfile=$thisfile;
- $origfile=~s/\.o$/.c/;
- my @deps=split ' ',$deps;
- @deps=grep(!/^\//,@deps);
- @deps=grep(!/^\\$/,@deps);
- @deps=grep(!/^$origfile$/,@deps);
-# pull out the kludged kerberos header (if present).
- @deps=grep(!/^[.\/]+\/krb5.h/,@deps);
- push @{$files{$thisfile}},@deps;
-}
-
-my $file;
-foreach $file (sort keys %files) {
- my $len=0;
- my $dep;
- my $origfile=$file;
- $origfile=~s/\.o$/.c/;
- $file=~s/^\.\///;
- push @{$files{$file}},$origfile;
- my $prevdep="";
- foreach $dep (sort @{$files{$file}}) {
- $dep=~s/^\.\///;
- next if $prevdep eq $dep; # to exterminate duplicates...
- $prevdep = $dep;
- $len=0 if $len+length($dep)+1 >= 80;
- if($len == 0) {
- print "\n$file:";
- $len=length($file)+1;
- }
- print " $dep";
- $len+=length($dep)+1;
- }
-}
-
-print "\n";
diff --git a/crypto/openssl/util/copy.pl b/crypto/openssl/util/copy.pl
deleted file mode 100644
index e20b455..0000000
--- a/crypto/openssl/util/copy.pl
+++ /dev/null
@@ -1,59 +0,0 @@
-#!/usr/local/bin/perl
-
-use Fcntl;
-
-
-# copy.pl
-
-# Perl script 'copy' comment. On Windows the built in "copy" command also
-# copies timestamps: this messes up Makefile dependencies.
-
-my $arg;
-
-foreach $arg (@ARGV) {
- $arg =~ s|\\|/|g; # compensate for bug/feature in cygwin glob...
- foreach (glob $arg)
- {
- push @filelist, $_;
- }
-}
-
-$fnum = @filelist;
-
-if ($fnum <= 1)
- {
- die "Need at least two filenames";
- }
-
-$dest = pop @filelist;
-
-if ($fnum > 2 && ! -d $dest)
- {
- die "Destination must be a directory";
- }
-
-foreach (@filelist)
- {
- if (-d $dest)
- {
- $dfile = $_;
- $dfile =~ s|^.*[/\\]([^/\\]*)$|$1|;
- $dfile = "$dest/$dfile";
- }
- else
- {
- $dfile = $dest;
- }
- sysopen(IN, $_, O_RDONLY|O_BINARY) || die "Can't Open $_";
- sysopen(OUT, $dfile, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY)
- || die "Can't Open $dfile";
- while (sysread IN, $buf, 10240)
- {
- syswrite(OUT, $buf, length($buf));
- }
- close(IN);
- close(OUT);
- print "Copying: $_ to $dfile\n";
- }
-
-
diff --git a/crypto/openssl/util/deleof.pl b/crypto/openssl/util/deleof.pl
deleted file mode 100755
index 155acd8..0000000
--- a/crypto/openssl/util/deleof.pl
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/local/bin/perl
-
-while (<>)
- {
- print
- last if (/^# DO NOT DELETE THIS LINE/);
- }
diff --git a/crypto/openssl/util/dirname.pl b/crypto/openssl/util/dirname.pl
deleted file mode 100644
index d7a66d9..0000000
--- a/crypto/openssl/util/dirname.pl
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/usr/local/bin/perl
-
-if ($#ARGV < 0) {
- die "dirname.pl: too few arguments\n";
-} elsif ($#ARGV > 0) {
- die "dirname.pl: too many arguments\n";
-}
-
-my $d = $ARGV[0];
-
-if ($d =~ m|.*/.*|) {
- $d =~ s|/[^/]*$||;
-} else {
- $d = ".";
-}
-
-print $d,"\n";
-exit(0);
diff --git a/crypto/openssl/util/do_ms.sh b/crypto/openssl/util/do_ms.sh
deleted file mode 100755
index 515b074..0000000
--- a/crypto/openssl/util/do_ms.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-#
-# generate the Microsoft makefiles and .def files
-#
-
-PATH=util:../util:$PATH
-
-# perl util/mk1mf.pl no-sock VC-MSDOS >ms/msdos.mak
-# perl util/mk1mf.pl VC-W31-32 >ms/w31.mak
-perl util/mk1mf.pl dll VC-WIN16 >ms/w31dll.mak
-# perl util/mk1mf.pl VC-WIN32 >ms/nt.mak
-perl util/mk1mf.pl dll VC-WIN32 >ms/ntdll.mak
-perl util/mk1mf.pl Mingw32 >ms/mingw32.mak
-perl util/mk1mf.pl Mingw32-files >ms/mingw32f.mak
-
-perl util/mkdef.pl 16 libeay > ms/libeay16.def
-perl util/mkdef.pl 32 libeay > ms/libeay32.def
-perl util/mkdef.pl 16 ssleay > ms/ssleay16.def
-perl util/mkdef.pl 32 ssleay > ms/ssleay32.def
diff --git a/crypto/openssl/util/domd b/crypto/openssl/util/domd
deleted file mode 100755
index 691be7a..0000000
--- a/crypto/openssl/util/domd
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-# Do a makedepend, only leave out the standard headers
-# Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
-
-TOP=$1
-shift
-if [ "$1" = "-MD" ]; then
- shift
- MAKEDEPEND=$1
- shift
-fi
-if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi
-
-cp Makefile Makefile.save
-# fake the presence of Kerberos
-touch $TOP/krb5.h
-if [ "$MAKEDEPEND" = "gcc" ]; then
- args=""
- while [ $# -gt 0 ]; do
- if [ "$1" != "--" ]; then args="$args $1"; fi
- shift
- done
- sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp
- echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
- gcc -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
- ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
- rm -f Makefile.tmp
-else
- ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND $@
- ${PERL} $TOP/util/clean-depend.pl < Makefile > Makefile.new
-fi
-mv Makefile.new Makefile
-# unfake the presence of Kerberos
-rm $TOP/krb5.h
diff --git a/crypto/openssl/util/err-ins.pl b/crypto/openssl/util/err-ins.pl
deleted file mode 100755
index 31b70df..0000000
--- a/crypto/openssl/util/err-ins.pl
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/usr/local/bin/perl
-#
-# tack error codes onto the end of a file
-#
-
-open(ERR,$ARGV[0]) || die "unable to open error file '$ARGV[0]':$!\n";
-@err=<ERR>;
-close(ERR);
-
-open(IN,$ARGV[1]) || die "unable to open header file '$ARGV[1]':$!\n";
-
-@out="";
-while (<IN>)
- {
- push(@out,$_);
- last if /BEGIN ERROR CODES/;
- }
-close(IN);
-
-open(OUT,">$ARGV[1]") || die "unable to open header file '$ARGV[1]':$1\n";
-print OUT @out;
-print OUT @err;
-print OUT <<"EOF";
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-
-EOF
-close(OUT);
-
-
diff --git a/crypto/openssl/util/extract-names.pl b/crypto/openssl/util/extract-names.pl
deleted file mode 100644
index 35bd6ed..0000000
--- a/crypto/openssl/util/extract-names.pl
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/perl
-
-$/ = ""; # Eat a paragraph at once.
-while(<STDIN>) {
- chop;
- s/\n/ /gm;
- if (/^=head1 /) {
- $name = 0;
- } elsif ($name) {
- if (/ - /) {
- s/ - .*//;
- s/,\s+/,/g;
- s/\s+,/,/g;
- s/^\s+//g;
- s/\s+$//g;
- s/\s/_/g;
- push @words, split ',';
- }
- }
- if (/^=head1 *NAME *$/) {
- $name = 1;
- }
-}
-
-print join("\n", @words),"\n";
-
diff --git a/crypto/openssl/util/extract-section.pl b/crypto/openssl/util/extract-section.pl
deleted file mode 100644
index 7a0ba4f..0000000
--- a/crypto/openssl/util/extract-section.pl
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/perl
-
-while(<STDIN>) {
- if (/=for\s+comment\s+openssl_manual_section:(\S+)/)
- {
- print "$1\n";
- exit 0;
- }
-}
-
-print "$ARGV[0]\n";
-
diff --git a/crypto/openssl/util/files.pl b/crypto/openssl/util/files.pl
deleted file mode 100755
index 41f033e..0000000
--- a/crypto/openssl/util/files.pl
+++ /dev/null
@@ -1,61 +0,0 @@
-#!/usr/local/bin/perl
-#
-# used to generate the file MINFO for use by util/mk1mf.pl
-# It is basically a list of all variables from the passed makefile
-#
-
-$s="";
-while (<>)
- {
- chop;
- s/#.*//;
- if (/^(\S+)\s*=\s*(.*)$/)
- {
- $o="";
- ($s,$b)=($1,$2);
- for (;;)
- {
- if ($b =~ /\\$/)
- {
- chop($b);
- $o.=$b." ";
- $b=<>;
- chop($b);
- }
- else
- {
- $o.=$b." ";
- last;
- }
- }
- $o =~ s/^\s+//;
- $o =~ s/\s+$//;
- $o =~ s/\s+/ /g;
-
- $o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g;
- $sym{$s}=$o;
- }
- }
-
-$pwd=`pwd`; chop($pwd);
-
-if ($sym{'TOP'} eq ".")
- {
- $n=0;
- $dir=".";
- }
-else {
- $n=split(/\//,$sym{'TOP'});
- @_=split(/\//,$pwd);
- $z=$#_-$n+1;
- foreach $i ($z .. $#_) { $dir.=$_[$i]."/"; }
- chop($dir);
- }
-
-print "RELATIVE_DIRECTORY=$dir\n";
-
-foreach (sort keys %sym)
- {
- print "$_=$sym{$_}\n";
- }
-print "RELATIVE_DIRECTORY=\n";
diff --git a/crypto/openssl/util/fixNT.sh b/crypto/openssl/util/fixNT.sh
deleted file mode 100755
index ab9e766..0000000
--- a/crypto/openssl/util/fixNT.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-#
-# clean up the mess that NT makes of my source tree
-#
-
-if [ -f makefile -a ! -f Makefile ]; then
- /bin/mv makefile Makefile
-fi
-chmod +x Configure util/*
-echo cleaning
-/bin/rm -f `find . -name '*.$$$' -print` 2>/dev/null >/dev/null
-echo 'removing those damn ^M'
-perl -pi -e 's/\015//' `find . -type 'f' -print |grep -v '.obj$' |grep -v '.der$' |grep -v '.gz'`
-make -f Makefile links
diff --git a/crypto/openssl/util/install.sh b/crypto/openssl/util/install.sh
deleted file mode 100755
index e1d0c98..0000000
--- a/crypto/openssl/util/install.sh
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/bin/sh
-#
-# install - install a program, script, or datafile
-# This comes from X11R5; it is not part of GNU.
-#
-# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $
-#
-# This script is compatible with the BSD install script, but was written
-# from scratch.
-#
-
-
-# set DOITPROG to echo to test this script
-
-doit="${DOITPROG:-}"
-
-
-# put in absolute paths if you don't have them in your path; or use env. vars.
-
-mvprog="${MVPROG:-mv}"
-cpprog="${CPPROG:-cp}"
-chmodprog="${CHMODPROG:-chmod}"
-chownprog="${CHOWNPROG:-chown}"
-chgrpprog="${CHGRPPROG:-chgrp}"
-stripprog="${STRIPPROG:-strip}"
-rmprog="${RMPROG:-rm}"
-
-instcmd="$mvprog"
-chmodcmd=""
-chowncmd=""
-chgrpcmd=""
-stripcmd=""
-rmcmd="$rmprog -f"
-src=""
-dst=""
-
-while [ x"$1" != x ]; do
- case $1 in
- -c) instcmd="$cpprog"
- shift
- continue;;
-
- -m) chmodcmd="$chmodprog $2"
- shift
- shift
- continue;;
-
- -o) chowncmd="$chownprog $2"
- shift
- shift
- continue;;
-
- -g) chgrpcmd="$chgrpprog $2"
- shift
- shift
- continue;;
-
- -s) stripcmd="$stripprog"
- shift
- continue;;
-
- *) if [ x"$src" = x ]
- then
- src=$1
- else
- dst=$1
- fi
- shift
- continue;;
- esac
-done
-
-if [ x"$src" = x ]
-then
- echo "install: no input file specified"
- exit 1
-fi
-
-if [ x"$dst" = x ]
-then
- echo "install: no destination specified"
- exit 1
-fi
-
-
-# if destination is a directory, append the input filename; if your system
-# does not like double slashes in filenames, you may need to add some logic
-
-if [ -d $dst ]
-then
- dst="$dst"/`basename $src`
-fi
-
-
-# get rid of the old one and mode the new one in
-
-$doit $rmcmd $dst
-$doit $instcmd $src $dst
-
-
-# and set any options; do chmod last to preserve setuid bits
-
-if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi
-if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi
-if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi
-if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi
-
-exit 0
diff --git a/crypto/openssl/util/libeay.num b/crypto/openssl/util/libeay.num
deleted file mode 100755
index a8a0ff6..0000000
--- a/crypto/openssl/util/libeay.num
+++ /dev/null
@@ -1,3512 +0,0 @@
-SSLeay 1 EXIST::FUNCTION:
-SSLeay_version 2 EXIST::FUNCTION:
-ASN1_BIT_STRING_asn1_meth 3 EXIST::FUNCTION:
-ASN1_HEADER_free 4 EXIST::FUNCTION:
-ASN1_HEADER_new 5 EXIST::FUNCTION:
-ASN1_IA5STRING_asn1_meth 6 EXIST::FUNCTION:
-ASN1_INTEGER_get 7 EXIST::FUNCTION:
-ASN1_INTEGER_set 8 EXIST::FUNCTION:
-ASN1_INTEGER_to_BN 9 EXIST::FUNCTION:
-ASN1_OBJECT_create 10 EXIST::FUNCTION:
-ASN1_OBJECT_free 11 EXIST::FUNCTION:
-ASN1_OBJECT_new 12 EXIST::FUNCTION:
-ASN1_PRINTABLE_type 13 EXIST::FUNCTION:
-ASN1_STRING_cmp 14 EXIST::FUNCTION:
-ASN1_STRING_dup 15 EXIST::FUNCTION:
-ASN1_STRING_free 16 EXIST::FUNCTION:
-ASN1_STRING_new 17 EXIST::FUNCTION:
-ASN1_STRING_print 18 EXIST::FUNCTION:BIO
-ASN1_STRING_set 19 EXIST::FUNCTION:
-ASN1_STRING_type_new 20 EXIST::FUNCTION:
-ASN1_TYPE_free 21 EXIST::FUNCTION:
-ASN1_TYPE_new 22 EXIST::FUNCTION:
-ASN1_UNIVERSALSTRING_to_string 23 EXIST::FUNCTION:
-ASN1_UTCTIME_check 24 EXIST::FUNCTION:
-ASN1_UTCTIME_print 25 EXIST::FUNCTION:BIO
-ASN1_UTCTIME_set 26 EXIST::FUNCTION:
-ASN1_check_infinite_end 27 EXIST::FUNCTION:
-ASN1_d2i_bio 28 EXIST::FUNCTION:BIO
-ASN1_d2i_fp 29 EXIST::FUNCTION:FP_API
-ASN1_digest 30 EXIST::FUNCTION:EVP
-ASN1_dup 31 EXIST::FUNCTION:
-ASN1_get_object 32 EXIST::FUNCTION:
-ASN1_i2d_bio 33 EXIST::FUNCTION:BIO
-ASN1_i2d_fp 34 EXIST::FUNCTION:FP_API
-ASN1_object_size 35 EXIST::FUNCTION:
-ASN1_parse 36 EXIST::FUNCTION:BIO
-ASN1_put_object 37 EXIST::FUNCTION:
-ASN1_sign 38 EXIST::FUNCTION:EVP
-ASN1_verify 39 EXIST::FUNCTION:EVP
-BF_cbc_encrypt 40 EXIST::FUNCTION:BF
-BF_cfb64_encrypt 41 EXIST::FUNCTION:BF
-BF_ecb_encrypt 42 EXIST::FUNCTION:BF
-BF_encrypt 43 EXIST::FUNCTION:BF
-BF_ofb64_encrypt 44 EXIST::FUNCTION:BF
-BF_options 45 EXIST::FUNCTION:BF
-BF_set_key 46 EXIST::FUNCTION:BF
-BIO_CONNECT_free 47 NOEXIST::FUNCTION:
-BIO_CONNECT_new 48 NOEXIST::FUNCTION:
-BIO_accept 51 EXIST::FUNCTION:
-BIO_ctrl 52 EXIST::FUNCTION:
-BIO_int_ctrl 53 EXIST::FUNCTION:
-BIO_debug_callback 54 EXIST::FUNCTION:
-BIO_dump 55 EXIST::FUNCTION:
-BIO_dup_chain 56 EXIST::FUNCTION:
-BIO_f_base64 57 EXIST::FUNCTION:BIO
-BIO_f_buffer 58 EXIST::FUNCTION:
-BIO_f_cipher 59 EXIST::FUNCTION:BIO
-BIO_f_md 60 EXIST::FUNCTION:BIO
-BIO_f_null 61 EXIST::FUNCTION:
-BIO_f_proxy_server 62 NOEXIST::FUNCTION:
-BIO_fd_non_fatal_error 63 EXIST::FUNCTION:
-BIO_fd_should_retry 64 EXIST::FUNCTION:
-BIO_find_type 65 EXIST::FUNCTION:
-BIO_free 66 EXIST::FUNCTION:
-BIO_free_all 67 EXIST::FUNCTION:
-BIO_get_accept_socket 69 EXIST::FUNCTION:
-BIO_get_filter_bio 70 NOEXIST::FUNCTION:
-BIO_get_host_ip 71 EXIST::FUNCTION:
-BIO_get_port 72 EXIST::FUNCTION:
-BIO_get_retry_BIO 73 EXIST::FUNCTION:
-BIO_get_retry_reason 74 EXIST::FUNCTION:
-BIO_gethostbyname 75 EXIST::FUNCTION:
-BIO_gets 76 EXIST::FUNCTION:
-BIO_new 78 EXIST::FUNCTION:
-BIO_new_accept 79 EXIST::FUNCTION:
-BIO_new_connect 80 EXIST::FUNCTION:
-BIO_new_fd 81 EXIST::FUNCTION:
-BIO_new_file 82 EXIST:!WIN16:FUNCTION:FP_API
-BIO_new_fp 83 EXIST:!WIN16:FUNCTION:FP_API
-BIO_new_socket 84 EXIST::FUNCTION:
-BIO_pop 85 EXIST::FUNCTION:
-BIO_printf 86 EXIST::FUNCTION:
-BIO_push 87 EXIST::FUNCTION:
-BIO_puts 88 EXIST::FUNCTION:
-BIO_read 89 EXIST::FUNCTION:
-BIO_s_accept 90 EXIST::FUNCTION:
-BIO_s_connect 91 EXIST::FUNCTION:
-BIO_s_fd 92 EXIST::FUNCTION:
-BIO_s_file 93 EXIST:!WIN16:FUNCTION:FP_API
-BIO_s_mem 95 EXIST::FUNCTION:
-BIO_s_null 96 EXIST::FUNCTION:
-BIO_s_proxy_client 97 NOEXIST::FUNCTION:
-BIO_s_socket 98 EXIST::FUNCTION:
-BIO_set 100 EXIST::FUNCTION:
-BIO_set_cipher 101 EXIST::FUNCTION:BIO
-BIO_set_tcp_ndelay 102 EXIST::FUNCTION:
-BIO_sock_cleanup 103 EXIST::FUNCTION:
-BIO_sock_error 104 EXIST::FUNCTION:
-BIO_sock_init 105 EXIST::FUNCTION:
-BIO_sock_non_fatal_error 106 EXIST::FUNCTION:
-BIO_sock_should_retry 107 EXIST::FUNCTION:
-BIO_socket_ioctl 108 EXIST::FUNCTION:
-BIO_write 109 EXIST::FUNCTION:
-BN_CTX_free 110 EXIST::FUNCTION:
-BN_CTX_new 111 EXIST::FUNCTION:
-BN_MONT_CTX_free 112 EXIST::FUNCTION:
-BN_MONT_CTX_new 113 EXIST::FUNCTION:
-BN_MONT_CTX_set 114 EXIST::FUNCTION:
-BN_add 115 EXIST::FUNCTION:
-BN_add_word 116 EXIST::FUNCTION:
-BN_hex2bn 117 EXIST::FUNCTION:
-BN_bin2bn 118 EXIST::FUNCTION:
-BN_bn2hex 119 EXIST::FUNCTION:
-BN_bn2bin 120 EXIST::FUNCTION:
-BN_clear 121 EXIST::FUNCTION:
-BN_clear_bit 122 EXIST::FUNCTION:
-BN_clear_free 123 EXIST::FUNCTION:
-BN_cmp 124 EXIST::FUNCTION:
-BN_copy 125 EXIST::FUNCTION:
-BN_div 126 EXIST::FUNCTION:
-BN_div_word 127 EXIST::FUNCTION:
-BN_dup 128 EXIST::FUNCTION:
-BN_free 129 EXIST::FUNCTION:
-BN_from_montgomery 130 EXIST::FUNCTION:
-BN_gcd 131 EXIST::FUNCTION:
-BN_generate_prime 132 EXIST::FUNCTION:DEPRECATED
-BN_get_word 133 EXIST::FUNCTION:
-BN_is_bit_set 134 EXIST::FUNCTION:
-BN_is_prime 135 EXIST::FUNCTION:DEPRECATED
-BN_lshift 136 EXIST::FUNCTION:
-BN_lshift1 137 EXIST::FUNCTION:
-BN_mask_bits 138 EXIST::FUNCTION:
-BN_mod 139 NOEXIST::FUNCTION:
-BN_mod_exp 140 EXIST::FUNCTION:
-BN_mod_exp_mont 141 EXIST::FUNCTION:
-BN_mod_exp_simple 143 EXIST::FUNCTION:
-BN_mod_inverse 144 EXIST::FUNCTION:
-BN_mod_mul 145 EXIST::FUNCTION:
-BN_mod_mul_montgomery 146 EXIST::FUNCTION:
-BN_mod_word 148 EXIST::FUNCTION:
-BN_mul 149 EXIST::FUNCTION:
-BN_new 150 EXIST::FUNCTION:
-BN_num_bits 151 EXIST::FUNCTION:
-BN_num_bits_word 152 EXIST::FUNCTION:
-BN_options 153 EXIST::FUNCTION:
-BN_print 154 EXIST::FUNCTION:
-BN_print_fp 155 EXIST::FUNCTION:FP_API
-BN_rand 156 EXIST::FUNCTION:
-BN_reciprocal 157 EXIST::FUNCTION:
-BN_rshift 158 EXIST::FUNCTION:
-BN_rshift1 159 EXIST::FUNCTION:
-BN_set_bit 160 EXIST::FUNCTION:
-BN_set_word 161 EXIST::FUNCTION:
-BN_sqr 162 EXIST::FUNCTION:
-BN_sub 163 EXIST::FUNCTION:
-BN_to_ASN1_INTEGER 164 EXIST::FUNCTION:
-BN_ucmp 165 EXIST::FUNCTION:
-BN_value_one 166 EXIST::FUNCTION:
-BUF_MEM_free 167 EXIST::FUNCTION:
-BUF_MEM_grow 168 EXIST::FUNCTION:
-BUF_MEM_new 169 EXIST::FUNCTION:
-BUF_strdup 170 EXIST::FUNCTION:
-CONF_free 171 EXIST::FUNCTION:
-CONF_get_number 172 EXIST::FUNCTION:
-CONF_get_section 173 EXIST::FUNCTION:
-CONF_get_string 174 EXIST::FUNCTION:
-CONF_load 175 EXIST::FUNCTION:
-CRYPTO_add_lock 176 EXIST::FUNCTION:
-CRYPTO_dbg_free 177 EXIST::FUNCTION:
-CRYPTO_dbg_malloc 178 EXIST::FUNCTION:
-CRYPTO_dbg_realloc 179 EXIST::FUNCTION:
-CRYPTO_dbg_remalloc 180 NOEXIST::FUNCTION:
-CRYPTO_free 181 EXIST::FUNCTION:
-CRYPTO_get_add_lock_callback 182 EXIST::FUNCTION:
-CRYPTO_get_id_callback 183 EXIST::FUNCTION:
-CRYPTO_get_lock_name 184 EXIST::FUNCTION:
-CRYPTO_get_locking_callback 185 EXIST::FUNCTION:
-CRYPTO_get_mem_functions 186 EXIST::FUNCTION:
-CRYPTO_lock 187 EXIST::FUNCTION:
-CRYPTO_malloc 188 EXIST::FUNCTION:
-CRYPTO_mem_ctrl 189 EXIST::FUNCTION:
-CRYPTO_mem_leaks 190 EXIST::FUNCTION:
-CRYPTO_mem_leaks_cb 191 EXIST::FUNCTION:
-CRYPTO_mem_leaks_fp 192 EXIST::FUNCTION:FP_API
-CRYPTO_realloc 193 EXIST::FUNCTION:
-CRYPTO_remalloc 194 EXIST::FUNCTION:
-CRYPTO_set_add_lock_callback 195 EXIST::FUNCTION:
-CRYPTO_set_id_callback 196 EXIST::FUNCTION:
-CRYPTO_set_locking_callback 197 EXIST::FUNCTION:
-CRYPTO_set_mem_functions 198 EXIST::FUNCTION:
-CRYPTO_thread_id 199 EXIST::FUNCTION:
-DH_check 200 EXIST::FUNCTION:DH
-DH_compute_key 201 EXIST::FUNCTION:DH
-DH_free 202 EXIST::FUNCTION:DH
-DH_generate_key 203 EXIST::FUNCTION:DH
-DH_generate_parameters 204 EXIST::FUNCTION:DEPRECATED,DH
-DH_new 205 EXIST::FUNCTION:DH
-DH_size 206 EXIST::FUNCTION:DH
-DHparams_print 207 EXIST::FUNCTION:BIO,DH
-DHparams_print_fp 208 EXIST::FUNCTION:DH,FP_API
-DSA_free 209 EXIST::FUNCTION:DSA
-DSA_generate_key 210 EXIST::FUNCTION:DSA
-DSA_generate_parameters 211 EXIST::FUNCTION:DEPRECATED,DSA
-DSA_is_prime 212 NOEXIST::FUNCTION:
-DSA_new 213 EXIST::FUNCTION:DSA
-DSA_print 214 EXIST::FUNCTION:BIO,DSA
-DSA_print_fp 215 EXIST::FUNCTION:DSA,FP_API
-DSA_sign 216 EXIST::FUNCTION:DSA
-DSA_sign_setup 217 EXIST::FUNCTION:DSA
-DSA_size 218 EXIST::FUNCTION:DSA
-DSA_verify 219 EXIST::FUNCTION:DSA
-DSAparams_print 220 EXIST::FUNCTION:BIO,DSA
-DSAparams_print_fp 221 EXIST::FUNCTION:DSA,FP_API
-ERR_clear_error 222 EXIST::FUNCTION:
-ERR_error_string 223 EXIST::FUNCTION:
-ERR_free_strings 224 EXIST::FUNCTION:
-ERR_func_error_string 225 EXIST::FUNCTION:
-ERR_get_err_state_table 226 EXIST::FUNCTION:LHASH
-ERR_get_error 227 EXIST::FUNCTION:
-ERR_get_error_line 228 EXIST::FUNCTION:
-ERR_get_state 229 EXIST::FUNCTION:
-ERR_get_string_table 230 EXIST::FUNCTION:LHASH
-ERR_lib_error_string 231 EXIST::FUNCTION:
-ERR_load_ASN1_strings 232 EXIST::FUNCTION:
-ERR_load_BIO_strings 233 EXIST::FUNCTION:
-ERR_load_BN_strings 234 EXIST::FUNCTION:
-ERR_load_BUF_strings 235 EXIST::FUNCTION:
-ERR_load_CONF_strings 236 EXIST::FUNCTION:
-ERR_load_DH_strings 237 EXIST::FUNCTION:DH
-ERR_load_DSA_strings 238 EXIST::FUNCTION:DSA
-ERR_load_ERR_strings 239 EXIST::FUNCTION:
-ERR_load_EVP_strings 240 EXIST::FUNCTION:
-ERR_load_OBJ_strings 241 EXIST::FUNCTION:
-ERR_load_PEM_strings 242 EXIST::FUNCTION:
-ERR_load_PROXY_strings 243 NOEXIST::FUNCTION:
-ERR_load_RSA_strings 244 EXIST::FUNCTION:RSA
-ERR_load_X509_strings 245 EXIST::FUNCTION:
-ERR_load_crypto_strings 246 EXIST::FUNCTION:
-ERR_load_strings 247 EXIST::FUNCTION:
-ERR_peek_error 248 EXIST::FUNCTION:
-ERR_peek_error_line 249 EXIST::FUNCTION:
-ERR_print_errors 250 EXIST::FUNCTION:BIO
-ERR_print_errors_fp 251 EXIST::FUNCTION:FP_API
-ERR_put_error 252 EXIST::FUNCTION:
-ERR_reason_error_string 253 EXIST::FUNCTION:
-ERR_remove_state 254 EXIST::FUNCTION:
-EVP_BytesToKey 255 EXIST::FUNCTION:
-EVP_CIPHER_CTX_cleanup 256 EXIST::FUNCTION:
-EVP_CipherFinal 257 EXIST::FUNCTION:
-EVP_CipherInit 258 EXIST::FUNCTION:
-EVP_CipherUpdate 259 EXIST::FUNCTION:
-EVP_DecodeBlock 260 EXIST::FUNCTION:
-EVP_DecodeFinal 261 EXIST::FUNCTION:
-EVP_DecodeInit 262 EXIST::FUNCTION:
-EVP_DecodeUpdate 263 EXIST::FUNCTION:
-EVP_DecryptFinal 264 EXIST::FUNCTION:
-EVP_DecryptInit 265 EXIST::FUNCTION:
-EVP_DecryptUpdate 266 EXIST::FUNCTION:
-EVP_DigestFinal 267 EXIST::FUNCTION:
-EVP_DigestInit 268 EXIST::FUNCTION:
-EVP_DigestUpdate 269 EXIST::FUNCTION:
-EVP_EncodeBlock 270 EXIST::FUNCTION:
-EVP_EncodeFinal 271 EXIST::FUNCTION:
-EVP_EncodeInit 272 EXIST::FUNCTION:
-EVP_EncodeUpdate 273 EXIST::FUNCTION:
-EVP_EncryptFinal 274 EXIST::FUNCTION:
-EVP_EncryptInit 275 EXIST::FUNCTION:
-EVP_EncryptUpdate 276 EXIST::FUNCTION:
-EVP_OpenFinal 277 EXIST::FUNCTION:RSA
-EVP_OpenInit 278 EXIST::FUNCTION:RSA
-EVP_PKEY_assign 279 EXIST::FUNCTION:
-EVP_PKEY_copy_parameters 280 EXIST::FUNCTION:
-EVP_PKEY_free 281 EXIST::FUNCTION:
-EVP_PKEY_missing_parameters 282 EXIST::FUNCTION:
-EVP_PKEY_new 283 EXIST::FUNCTION:
-EVP_PKEY_save_parameters 284 EXIST::FUNCTION:
-EVP_PKEY_size 285 EXIST::FUNCTION:
-EVP_PKEY_type 286 EXIST::FUNCTION:
-EVP_SealFinal 287 EXIST::FUNCTION:RSA
-EVP_SealInit 288 EXIST::FUNCTION:RSA
-EVP_SignFinal 289 EXIST::FUNCTION:
-EVP_VerifyFinal 290 EXIST::FUNCTION:
-EVP_add_alias 291 NOEXIST::FUNCTION:
-EVP_add_cipher 292 EXIST::FUNCTION:
-EVP_add_digest 293 EXIST::FUNCTION:
-EVP_bf_cbc 294 EXIST::FUNCTION:BF
-EVP_bf_cfb64 295 EXIST::FUNCTION:BF
-EVP_bf_ecb 296 EXIST::FUNCTION:BF
-EVP_bf_ofb 297 EXIST::FUNCTION:BF
-EVP_cleanup 298 EXIST::FUNCTION:
-EVP_des_cbc 299 EXIST::FUNCTION:DES
-EVP_des_cfb64 300 EXIST::FUNCTION:DES
-EVP_des_ecb 301 EXIST::FUNCTION:DES
-EVP_des_ede 302 EXIST::FUNCTION:DES
-EVP_des_ede3 303 EXIST::FUNCTION:DES
-EVP_des_ede3_cbc 304 EXIST::FUNCTION:DES
-EVP_des_ede3_cfb64 305 EXIST::FUNCTION:DES
-EVP_des_ede3_ofb 306 EXIST::FUNCTION:DES
-EVP_des_ede_cbc 307 EXIST::FUNCTION:DES
-EVP_des_ede_cfb64 308 EXIST::FUNCTION:DES
-EVP_des_ede_ofb 309 EXIST::FUNCTION:DES
-EVP_des_ofb 310 EXIST::FUNCTION:DES
-EVP_desx_cbc 311 EXIST::FUNCTION:DES
-EVP_dss 312 EXIST::FUNCTION:DSA,SHA
-EVP_dss1 313 EXIST::FUNCTION:DSA,SHA
-EVP_enc_null 314 EXIST::FUNCTION:
-EVP_get_cipherbyname 315 EXIST::FUNCTION:
-EVP_get_digestbyname 316 EXIST::FUNCTION:
-EVP_get_pw_prompt 317 EXIST::FUNCTION:
-EVP_idea_cbc 318 EXIST::FUNCTION:IDEA
-EVP_idea_cfb64 319 EXIST::FUNCTION:IDEA
-EVP_idea_ecb 320 EXIST::FUNCTION:IDEA
-EVP_idea_ofb 321 EXIST::FUNCTION:IDEA
-EVP_md2 322 EXIST::FUNCTION:MD2
-EVP_md5 323 EXIST::FUNCTION:MD5
-EVP_md_null 324 EXIST::FUNCTION:
-EVP_rc2_cbc 325 EXIST::FUNCTION:RC2
-EVP_rc2_cfb64 326 EXIST::FUNCTION:RC2
-EVP_rc2_ecb 327 EXIST::FUNCTION:RC2
-EVP_rc2_ofb 328 EXIST::FUNCTION:RC2
-EVP_rc4 329 EXIST::FUNCTION:RC4
-EVP_read_pw_string 330 EXIST::FUNCTION:
-EVP_set_pw_prompt 331 EXIST::FUNCTION:
-EVP_sha 332 EXIST::FUNCTION:SHA
-EVP_sha1 333 EXIST::FUNCTION:SHA
-MD2 334 EXIST::FUNCTION:MD2
-MD2_Final 335 EXIST::FUNCTION:MD2
-MD2_Init 336 EXIST::FUNCTION:MD2
-MD2_Update 337 EXIST::FUNCTION:MD2
-MD2_options 338 EXIST::FUNCTION:MD2
-MD5 339 EXIST::FUNCTION:MD5
-MD5_Final 340 EXIST::FUNCTION:MD5
-MD5_Init 341 EXIST::FUNCTION:MD5
-MD5_Update 342 EXIST::FUNCTION:MD5
-MDC2 343 EXIST::FUNCTION:MDC2
-MDC2_Final 344 EXIST::FUNCTION:MDC2
-MDC2_Init 345 EXIST::FUNCTION:MDC2
-MDC2_Update 346 EXIST::FUNCTION:MDC2
-NETSCAPE_SPKAC_free 347 EXIST::FUNCTION:
-NETSCAPE_SPKAC_new 348 EXIST::FUNCTION:
-NETSCAPE_SPKI_free 349 EXIST::FUNCTION:
-NETSCAPE_SPKI_new 350 EXIST::FUNCTION:
-NETSCAPE_SPKI_sign 351 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_verify 352 EXIST::FUNCTION:EVP
-OBJ_add_object 353 EXIST::FUNCTION:
-OBJ_bsearch 354 EXIST::FUNCTION:
-OBJ_cleanup 355 EXIST::FUNCTION:
-OBJ_cmp 356 EXIST::FUNCTION:
-OBJ_create 357 EXIST::FUNCTION:
-OBJ_dup 358 EXIST::FUNCTION:
-OBJ_ln2nid 359 EXIST::FUNCTION:
-OBJ_new_nid 360 EXIST::FUNCTION:
-OBJ_nid2ln 361 EXIST::FUNCTION:
-OBJ_nid2obj 362 EXIST::FUNCTION:
-OBJ_nid2sn 363 EXIST::FUNCTION:
-OBJ_obj2nid 364 EXIST::FUNCTION:
-OBJ_sn2nid 365 EXIST::FUNCTION:
-OBJ_txt2nid 366 EXIST::FUNCTION:
-PEM_ASN1_read 367 EXIST:!WIN16:FUNCTION:
-PEM_ASN1_read_bio 368 EXIST::FUNCTION:BIO
-PEM_ASN1_write 369 EXIST:!WIN16:FUNCTION:
-PEM_ASN1_write_bio 370 EXIST::FUNCTION:BIO
-PEM_SealFinal 371 EXIST::FUNCTION:RSA
-PEM_SealInit 372 EXIST::FUNCTION:RSA
-PEM_SealUpdate 373 EXIST::FUNCTION:RSA
-PEM_SignFinal 374 EXIST::FUNCTION:
-PEM_SignInit 375 EXIST::FUNCTION:
-PEM_SignUpdate 376 EXIST::FUNCTION:
-PEM_X509_INFO_read 377 EXIST:!WIN16:FUNCTION:
-PEM_X509_INFO_read_bio 378 EXIST::FUNCTION:BIO
-PEM_X509_INFO_write_bio 379 EXIST::FUNCTION:BIO
-PEM_dek_info 380 EXIST::FUNCTION:
-PEM_do_header 381 EXIST::FUNCTION:
-PEM_get_EVP_CIPHER_INFO 382 EXIST::FUNCTION:
-PEM_proc_type 383 EXIST::FUNCTION:
-PEM_read 384 EXIST:!WIN16:FUNCTION:
-PEM_read_DHparams 385 EXIST:!WIN16:FUNCTION:DH
-PEM_read_DSAPrivateKey 386 EXIST:!WIN16:FUNCTION:DSA
-PEM_read_DSAparams 387 EXIST:!WIN16:FUNCTION:DSA
-PEM_read_PKCS7 388 EXIST:!WIN16:FUNCTION:
-PEM_read_PrivateKey 389 EXIST:!WIN16:FUNCTION:
-PEM_read_RSAPrivateKey 390 EXIST:!WIN16:FUNCTION:RSA
-PEM_read_X509 391 EXIST:!WIN16:FUNCTION:
-PEM_read_X509_CRL 392 EXIST:!WIN16:FUNCTION:
-PEM_read_X509_REQ 393 EXIST:!WIN16:FUNCTION:
-PEM_read_bio 394 EXIST::FUNCTION:BIO
-PEM_read_bio_DHparams 395 EXIST::FUNCTION:DH
-PEM_read_bio_DSAPrivateKey 396 EXIST::FUNCTION:DSA
-PEM_read_bio_DSAparams 397 EXIST::FUNCTION:DSA
-PEM_read_bio_PKCS7 398 EXIST::FUNCTION:
-PEM_read_bio_PrivateKey 399 EXIST::FUNCTION:
-PEM_read_bio_RSAPrivateKey 400 EXIST::FUNCTION:RSA
-PEM_read_bio_X509 401 EXIST::FUNCTION:
-PEM_read_bio_X509_CRL 402 EXIST::FUNCTION:
-PEM_read_bio_X509_REQ 403 EXIST::FUNCTION:
-PEM_write 404 EXIST:!WIN16:FUNCTION:
-PEM_write_DHparams 405 EXIST:!WIN16:FUNCTION:DH
-PEM_write_DSAPrivateKey 406 EXIST:!WIN16:FUNCTION:DSA
-PEM_write_DSAparams 407 EXIST:!WIN16:FUNCTION:DSA
-PEM_write_PKCS7 408 EXIST:!WIN16:FUNCTION:
-PEM_write_PrivateKey 409 EXIST:!WIN16:FUNCTION:
-PEM_write_RSAPrivateKey 410 EXIST:!WIN16:FUNCTION:RSA
-PEM_write_X509 411 EXIST:!WIN16:FUNCTION:
-PEM_write_X509_CRL 412 EXIST:!WIN16:FUNCTION:
-PEM_write_X509_REQ 413 EXIST:!WIN16:FUNCTION:
-PEM_write_bio 414 EXIST::FUNCTION:BIO
-PEM_write_bio_DHparams 415 EXIST::FUNCTION:DH
-PEM_write_bio_DSAPrivateKey 416 EXIST::FUNCTION:DSA
-PEM_write_bio_DSAparams 417 EXIST::FUNCTION:DSA
-PEM_write_bio_PKCS7 418 EXIST::FUNCTION:
-PEM_write_bio_PrivateKey 419 EXIST::FUNCTION:
-PEM_write_bio_RSAPrivateKey 420 EXIST::FUNCTION:RSA
-PEM_write_bio_X509 421 EXIST::FUNCTION:
-PEM_write_bio_X509_CRL 422 EXIST::FUNCTION:
-PEM_write_bio_X509_REQ 423 EXIST::FUNCTION:
-PKCS7_DIGEST_free 424 EXIST::FUNCTION:
-PKCS7_DIGEST_new 425 EXIST::FUNCTION:
-PKCS7_ENCRYPT_free 426 EXIST::FUNCTION:
-PKCS7_ENCRYPT_new 427 EXIST::FUNCTION:
-PKCS7_ENC_CONTENT_free 428 EXIST::FUNCTION:
-PKCS7_ENC_CONTENT_new 429 EXIST::FUNCTION:
-PKCS7_ENVELOPE_free 430 EXIST::FUNCTION:
-PKCS7_ENVELOPE_new 431 EXIST::FUNCTION:
-PKCS7_ISSUER_AND_SERIAL_digest 432 EXIST::FUNCTION:
-PKCS7_ISSUER_AND_SERIAL_free 433 EXIST::FUNCTION:
-PKCS7_ISSUER_AND_SERIAL_new 434 EXIST::FUNCTION:
-PKCS7_RECIP_INFO_free 435 EXIST::FUNCTION:
-PKCS7_RECIP_INFO_new 436 EXIST::FUNCTION:
-PKCS7_SIGNED_free 437 EXIST::FUNCTION:
-PKCS7_SIGNED_new 438 EXIST::FUNCTION:
-PKCS7_SIGNER_INFO_free 439 EXIST::FUNCTION:
-PKCS7_SIGNER_INFO_new 440 EXIST::FUNCTION:
-PKCS7_SIGN_ENVELOPE_free 441 EXIST::FUNCTION:
-PKCS7_SIGN_ENVELOPE_new 442 EXIST::FUNCTION:
-PKCS7_dup 443 EXIST::FUNCTION:
-PKCS7_free 444 EXIST::FUNCTION:
-PKCS7_new 445 EXIST::FUNCTION:
-PROXY_ENTRY_add_noproxy 446 NOEXIST::FUNCTION:
-PROXY_ENTRY_clear_noproxy 447 NOEXIST::FUNCTION:
-PROXY_ENTRY_free 448 NOEXIST::FUNCTION:
-PROXY_ENTRY_get_noproxy 449 NOEXIST::FUNCTION:
-PROXY_ENTRY_new 450 NOEXIST::FUNCTION:
-PROXY_ENTRY_set_server 451 NOEXIST::FUNCTION:
-PROXY_add_noproxy 452 NOEXIST::FUNCTION:
-PROXY_add_server 453 NOEXIST::FUNCTION:
-PROXY_check_by_host 454 NOEXIST::FUNCTION:
-PROXY_check_url 455 NOEXIST::FUNCTION:
-PROXY_clear_noproxy 456 NOEXIST::FUNCTION:
-PROXY_free 457 NOEXIST::FUNCTION:
-PROXY_get_noproxy 458 NOEXIST::FUNCTION:
-PROXY_get_proxies 459 NOEXIST::FUNCTION:
-PROXY_get_proxy_entry 460 NOEXIST::FUNCTION:
-PROXY_load_conf 461 NOEXIST::FUNCTION:
-PROXY_new 462 NOEXIST::FUNCTION:
-PROXY_print 463 NOEXIST::FUNCTION:
-RAND_bytes 464 EXIST::FUNCTION:
-RAND_cleanup 465 EXIST::FUNCTION:
-RAND_file_name 466 EXIST::FUNCTION:
-RAND_load_file 467 EXIST::FUNCTION:
-RAND_screen 468 EXIST:WIN32:FUNCTION:
-RAND_seed 469 EXIST::FUNCTION:
-RAND_write_file 470 EXIST::FUNCTION:
-RC2_cbc_encrypt 471 EXIST::FUNCTION:RC2
-RC2_cfb64_encrypt 472 EXIST::FUNCTION:RC2
-RC2_ecb_encrypt 473 EXIST::FUNCTION:RC2
-RC2_encrypt 474 EXIST::FUNCTION:RC2
-RC2_ofb64_encrypt 475 EXIST::FUNCTION:RC2
-RC2_set_key 476 EXIST::FUNCTION:RC2
-RC4 477 EXIST::FUNCTION:RC4
-RC4_options 478 EXIST::FUNCTION:RC4
-RC4_set_key 479 EXIST::FUNCTION:RC4
-RSAPrivateKey_asn1_meth 480 EXIST::FUNCTION:RSA
-RSAPrivateKey_dup 481 EXIST::FUNCTION:RSA
-RSAPublicKey_dup 482 EXIST::FUNCTION:RSA
-RSA_PKCS1_SSLeay 483 EXIST::FUNCTION:RSA
-RSA_free 484 EXIST::FUNCTION:RSA
-RSA_generate_key 485 EXIST::FUNCTION:DEPRECATED,RSA
-RSA_new 486 EXIST::FUNCTION:RSA
-RSA_new_method 487 EXIST::FUNCTION:RSA
-RSA_print 488 EXIST::FUNCTION:BIO,RSA
-RSA_print_fp 489 EXIST::FUNCTION:FP_API,RSA
-RSA_private_decrypt 490 EXIST::FUNCTION:RSA
-RSA_private_encrypt 491 EXIST::FUNCTION:RSA
-RSA_public_decrypt 492 EXIST::FUNCTION:RSA
-RSA_public_encrypt 493 EXIST::FUNCTION:RSA
-RSA_set_default_method 494 EXIST::FUNCTION:RSA
-RSA_sign 495 EXIST::FUNCTION:RSA
-RSA_sign_ASN1_OCTET_STRING 496 EXIST::FUNCTION:RSA
-RSA_size 497 EXIST::FUNCTION:RSA
-RSA_verify 498 EXIST::FUNCTION:RSA
-RSA_verify_ASN1_OCTET_STRING 499 EXIST::FUNCTION:RSA
-SHA 500 EXIST::FUNCTION:SHA,SHA0
-SHA1 501 EXIST::FUNCTION:SHA,SHA1
-SHA1_Final 502 EXIST::FUNCTION:SHA,SHA1
-SHA1_Init 503 EXIST::FUNCTION:SHA,SHA1
-SHA1_Update 504 EXIST::FUNCTION:SHA,SHA1
-SHA_Final 505 EXIST::FUNCTION:SHA,SHA0
-SHA_Init 506 EXIST::FUNCTION:SHA,SHA0
-SHA_Update 507 EXIST::FUNCTION:SHA,SHA0
-OpenSSL_add_all_algorithms 508 NOEXIST::FUNCTION:
-OpenSSL_add_all_ciphers 509 EXIST::FUNCTION:
-OpenSSL_add_all_digests 510 EXIST::FUNCTION:
-TXT_DB_create_index 511 EXIST::FUNCTION:
-TXT_DB_free 512 EXIST::FUNCTION:
-TXT_DB_get_by_index 513 EXIST::FUNCTION:
-TXT_DB_insert 514 EXIST::FUNCTION:
-TXT_DB_read 515 EXIST::FUNCTION:BIO
-TXT_DB_write 516 EXIST::FUNCTION:BIO
-X509_ALGOR_free 517 EXIST::FUNCTION:
-X509_ALGOR_new 518 EXIST::FUNCTION:
-X509_ATTRIBUTE_free 519 EXIST::FUNCTION:
-X509_ATTRIBUTE_new 520 EXIST::FUNCTION:
-X509_CINF_free 521 EXIST::FUNCTION:
-X509_CINF_new 522 EXIST::FUNCTION:
-X509_CRL_INFO_free 523 EXIST::FUNCTION:
-X509_CRL_INFO_new 524 EXIST::FUNCTION:
-X509_CRL_add_ext 525 EXIST::FUNCTION:
-X509_CRL_cmp 526 EXIST::FUNCTION:
-X509_CRL_delete_ext 527 EXIST::FUNCTION:
-X509_CRL_dup 528 EXIST::FUNCTION:
-X509_CRL_free 529 EXIST::FUNCTION:
-X509_CRL_get_ext 530 EXIST::FUNCTION:
-X509_CRL_get_ext_by_NID 531 EXIST::FUNCTION:
-X509_CRL_get_ext_by_OBJ 532 EXIST::FUNCTION:
-X509_CRL_get_ext_by_critical 533 EXIST::FUNCTION:
-X509_CRL_get_ext_count 534 EXIST::FUNCTION:
-X509_CRL_new 535 EXIST::FUNCTION:
-X509_CRL_sign 536 EXIST::FUNCTION:EVP
-X509_CRL_verify 537 EXIST::FUNCTION:EVP
-X509_EXTENSION_create_by_NID 538 EXIST::FUNCTION:
-X509_EXTENSION_create_by_OBJ 539 EXIST::FUNCTION:
-X509_EXTENSION_dup 540 EXIST::FUNCTION:
-X509_EXTENSION_free 541 EXIST::FUNCTION:
-X509_EXTENSION_get_critical 542 EXIST::FUNCTION:
-X509_EXTENSION_get_data 543 EXIST::FUNCTION:
-X509_EXTENSION_get_object 544 EXIST::FUNCTION:
-X509_EXTENSION_new 545 EXIST::FUNCTION:
-X509_EXTENSION_set_critical 546 EXIST::FUNCTION:
-X509_EXTENSION_set_data 547 EXIST::FUNCTION:
-X509_EXTENSION_set_object 548 EXIST::FUNCTION:
-X509_INFO_free 549 EXIST::FUNCTION:EVP
-X509_INFO_new 550 EXIST::FUNCTION:EVP
-X509_LOOKUP_by_alias 551 EXIST::FUNCTION:
-X509_LOOKUP_by_fingerprint 552 EXIST::FUNCTION:
-X509_LOOKUP_by_issuer_serial 553 EXIST::FUNCTION:
-X509_LOOKUP_by_subject 554 EXIST::FUNCTION:
-X509_LOOKUP_ctrl 555 EXIST::FUNCTION:
-X509_LOOKUP_file 556 EXIST::FUNCTION:
-X509_LOOKUP_free 557 EXIST::FUNCTION:
-X509_LOOKUP_hash_dir 558 EXIST::FUNCTION:
-X509_LOOKUP_init 559 EXIST::FUNCTION:
-X509_LOOKUP_new 560 EXIST::FUNCTION:
-X509_LOOKUP_shutdown 561 EXIST::FUNCTION:
-X509_NAME_ENTRY_create_by_NID 562 EXIST::FUNCTION:
-X509_NAME_ENTRY_create_by_OBJ 563 EXIST::FUNCTION:
-X509_NAME_ENTRY_dup 564 EXIST::FUNCTION:
-X509_NAME_ENTRY_free 565 EXIST::FUNCTION:
-X509_NAME_ENTRY_get_data 566 EXIST::FUNCTION:
-X509_NAME_ENTRY_get_object 567 EXIST::FUNCTION:
-X509_NAME_ENTRY_new 568 EXIST::FUNCTION:
-X509_NAME_ENTRY_set_data 569 EXIST::FUNCTION:
-X509_NAME_ENTRY_set_object 570 EXIST::FUNCTION:
-X509_NAME_add_entry 571 EXIST::FUNCTION:
-X509_NAME_cmp 572 EXIST::FUNCTION:
-X509_NAME_delete_entry 573 EXIST::FUNCTION:
-X509_NAME_digest 574 EXIST::FUNCTION:EVP
-X509_NAME_dup 575 EXIST::FUNCTION:
-X509_NAME_entry_count 576 EXIST::FUNCTION:
-X509_NAME_free 577 EXIST::FUNCTION:
-X509_NAME_get_entry 578 EXIST::FUNCTION:
-X509_NAME_get_index_by_NID 579 EXIST::FUNCTION:
-X509_NAME_get_index_by_OBJ 580 EXIST::FUNCTION:
-X509_NAME_get_text_by_NID 581 EXIST::FUNCTION:
-X509_NAME_get_text_by_OBJ 582 EXIST::FUNCTION:
-X509_NAME_hash 583 EXIST::FUNCTION:
-X509_NAME_new 584 EXIST::FUNCTION:
-X509_NAME_oneline 585 EXIST::FUNCTION:EVP
-X509_NAME_print 586 EXIST::FUNCTION:BIO
-X509_NAME_set 587 EXIST::FUNCTION:
-X509_OBJECT_free_contents 588 EXIST::FUNCTION:
-X509_OBJECT_retrieve_by_subject 589 EXIST::FUNCTION:
-X509_OBJECT_up_ref_count 590 EXIST::FUNCTION:
-X509_PKEY_free 591 EXIST::FUNCTION:
-X509_PKEY_new 592 EXIST::FUNCTION:
-X509_PUBKEY_free 593 EXIST::FUNCTION:
-X509_PUBKEY_get 594 EXIST::FUNCTION:
-X509_PUBKEY_new 595 EXIST::FUNCTION:
-X509_PUBKEY_set 596 EXIST::FUNCTION:
-X509_REQ_INFO_free 597 EXIST::FUNCTION:
-X509_REQ_INFO_new 598 EXIST::FUNCTION:
-X509_REQ_dup 599 EXIST::FUNCTION:
-X509_REQ_free 600 EXIST::FUNCTION:
-X509_REQ_get_pubkey 601 EXIST::FUNCTION:
-X509_REQ_new 602 EXIST::FUNCTION:
-X509_REQ_print 603 EXIST::FUNCTION:BIO
-X509_REQ_print_fp 604 EXIST::FUNCTION:FP_API
-X509_REQ_set_pubkey 605 EXIST::FUNCTION:
-X509_REQ_set_subject_name 606 EXIST::FUNCTION:
-X509_REQ_set_version 607 EXIST::FUNCTION:
-X509_REQ_sign 608 EXIST::FUNCTION:EVP
-X509_REQ_to_X509 609 EXIST::FUNCTION:
-X509_REQ_verify 610 EXIST::FUNCTION:EVP
-X509_REVOKED_add_ext 611 EXIST::FUNCTION:
-X509_REVOKED_delete_ext 612 EXIST::FUNCTION:
-X509_REVOKED_free 613 EXIST::FUNCTION:
-X509_REVOKED_get_ext 614 EXIST::FUNCTION:
-X509_REVOKED_get_ext_by_NID 615 EXIST::FUNCTION:
-X509_REVOKED_get_ext_by_OBJ 616 EXIST::FUNCTION:
-X509_REVOKED_get_ext_by_critical 617 EXIST:!VMS:FUNCTION:
-X509_REVOKED_get_ext_by_critic 617 EXIST:VMS:FUNCTION:
-X509_REVOKED_get_ext_count 618 EXIST::FUNCTION:
-X509_REVOKED_new 619 EXIST::FUNCTION:
-X509_SIG_free 620 EXIST::FUNCTION:
-X509_SIG_new 621 EXIST::FUNCTION:
-X509_STORE_CTX_cleanup 622 EXIST::FUNCTION:
-X509_STORE_CTX_init 623 EXIST::FUNCTION:
-X509_STORE_add_cert 624 EXIST::FUNCTION:
-X509_STORE_add_lookup 625 EXIST::FUNCTION:
-X509_STORE_free 626 EXIST::FUNCTION:
-X509_STORE_get_by_subject 627 EXIST::FUNCTION:
-X509_STORE_load_locations 628 EXIST::FUNCTION:STDIO
-X509_STORE_new 629 EXIST::FUNCTION:
-X509_STORE_set_default_paths 630 EXIST::FUNCTION:STDIO
-X509_VAL_free 631 EXIST::FUNCTION:
-X509_VAL_new 632 EXIST::FUNCTION:
-X509_add_ext 633 EXIST::FUNCTION:
-X509_asn1_meth 634 EXIST::FUNCTION:
-X509_certificate_type 635 EXIST::FUNCTION:
-X509_check_private_key 636 EXIST::FUNCTION:
-X509_cmp_current_time 637 EXIST::FUNCTION:
-X509_delete_ext 638 EXIST::FUNCTION:
-X509_digest 639 EXIST::FUNCTION:EVP
-X509_dup 640 EXIST::FUNCTION:
-X509_free 641 EXIST::FUNCTION:
-X509_get_default_cert_area 642 EXIST::FUNCTION:
-X509_get_default_cert_dir 643 EXIST::FUNCTION:
-X509_get_default_cert_dir_env 644 EXIST::FUNCTION:
-X509_get_default_cert_file 645 EXIST::FUNCTION:
-X509_get_default_cert_file_env 646 EXIST::FUNCTION:
-X509_get_default_private_dir 647 EXIST::FUNCTION:
-X509_get_ext 648 EXIST::FUNCTION:
-X509_get_ext_by_NID 649 EXIST::FUNCTION:
-X509_get_ext_by_OBJ 650 EXIST::FUNCTION:
-X509_get_ext_by_critical 651 EXIST::FUNCTION:
-X509_get_ext_count 652 EXIST::FUNCTION:
-X509_get_issuer_name 653 EXIST::FUNCTION:
-X509_get_pubkey 654 EXIST::FUNCTION:
-X509_get_pubkey_parameters 655 EXIST::FUNCTION:
-X509_get_serialNumber 656 EXIST::FUNCTION:
-X509_get_subject_name 657 EXIST::FUNCTION:
-X509_gmtime_adj 658 EXIST::FUNCTION:
-X509_issuer_and_serial_cmp 659 EXIST::FUNCTION:
-X509_issuer_and_serial_hash 660 EXIST::FUNCTION:
-X509_issuer_name_cmp 661 EXIST::FUNCTION:
-X509_issuer_name_hash 662 EXIST::FUNCTION:
-X509_load_cert_file 663 EXIST::FUNCTION:STDIO
-X509_new 664 EXIST::FUNCTION:
-X509_print 665 EXIST::FUNCTION:BIO
-X509_print_fp 666 EXIST::FUNCTION:FP_API
-X509_set_issuer_name 667 EXIST::FUNCTION:
-X509_set_notAfter 668 EXIST::FUNCTION:
-X509_set_notBefore 669 EXIST::FUNCTION:
-X509_set_pubkey 670 EXIST::FUNCTION:
-X509_set_serialNumber 671 EXIST::FUNCTION:
-X509_set_subject_name 672 EXIST::FUNCTION:
-X509_set_version 673 EXIST::FUNCTION:
-X509_sign 674 EXIST::FUNCTION:EVP
-X509_subject_name_cmp 675 EXIST::FUNCTION:
-X509_subject_name_hash 676 EXIST::FUNCTION:
-X509_to_X509_REQ 677 EXIST::FUNCTION:
-X509_verify 678 EXIST::FUNCTION:EVP
-X509_verify_cert 679 EXIST::FUNCTION:
-X509_verify_cert_error_string 680 EXIST::FUNCTION:
-X509v3_add_ext 681 EXIST::FUNCTION:
-X509v3_add_extension 682 NOEXIST::FUNCTION:
-X509v3_add_netscape_extensions 683 NOEXIST::FUNCTION:
-X509v3_add_standard_extensions 684 NOEXIST::FUNCTION:
-X509v3_cleanup_extensions 685 NOEXIST::FUNCTION:
-X509v3_data_type_by_NID 686 NOEXIST::FUNCTION:
-X509v3_data_type_by_OBJ 687 NOEXIST::FUNCTION:
-X509v3_delete_ext 688 EXIST::FUNCTION:
-X509v3_get_ext 689 EXIST::FUNCTION:
-X509v3_get_ext_by_NID 690 EXIST::FUNCTION:
-X509v3_get_ext_by_OBJ 691 EXIST::FUNCTION:
-X509v3_get_ext_by_critical 692 EXIST::FUNCTION:
-X509v3_get_ext_count 693 EXIST::FUNCTION:
-X509v3_pack_string 694 NOEXIST::FUNCTION:
-X509v3_pack_type_by_NID 695 NOEXIST::FUNCTION:
-X509v3_pack_type_by_OBJ 696 NOEXIST::FUNCTION:
-X509v3_unpack_string 697 NOEXIST::FUNCTION:
-_des_crypt 698 NOEXIST::FUNCTION:
-a2d_ASN1_OBJECT 699 EXIST::FUNCTION:
-a2i_ASN1_INTEGER 700 EXIST::FUNCTION:BIO
-a2i_ASN1_STRING 701 EXIST::FUNCTION:BIO
-asn1_Finish 702 EXIST::FUNCTION:
-asn1_GetSequence 703 EXIST::FUNCTION:
-bn_div_words 704 EXIST::FUNCTION:
-bn_expand2 705 EXIST::FUNCTION:
-bn_mul_add_words 706 EXIST::FUNCTION:
-bn_mul_words 707 EXIST::FUNCTION:
-BN_uadd 708 EXIST::FUNCTION:
-BN_usub 709 EXIST::FUNCTION:
-bn_sqr_words 710 EXIST::FUNCTION:
-_ossl_old_crypt 711 EXIST:!NeXT,!PERL5:FUNCTION:DES
-d2i_ASN1_BIT_STRING 712 EXIST::FUNCTION:
-d2i_ASN1_BOOLEAN 713 EXIST::FUNCTION:
-d2i_ASN1_HEADER 714 EXIST::FUNCTION:
-d2i_ASN1_IA5STRING 715 EXIST::FUNCTION:
-d2i_ASN1_INTEGER 716 EXIST::FUNCTION:
-d2i_ASN1_OBJECT 717 EXIST::FUNCTION:
-d2i_ASN1_OCTET_STRING 718 EXIST::FUNCTION:
-d2i_ASN1_PRINTABLE 719 EXIST::FUNCTION:
-d2i_ASN1_PRINTABLESTRING 720 EXIST::FUNCTION:
-d2i_ASN1_SET 721 EXIST::FUNCTION:
-d2i_ASN1_T61STRING 722 EXIST::FUNCTION:
-d2i_ASN1_TYPE 723 EXIST::FUNCTION:
-d2i_ASN1_UTCTIME 724 EXIST::FUNCTION:
-d2i_ASN1_bytes 725 EXIST::FUNCTION:
-d2i_ASN1_type_bytes 726 EXIST::FUNCTION:
-d2i_DHparams 727 EXIST::FUNCTION:DH
-d2i_DSAPrivateKey 728 EXIST::FUNCTION:DSA
-d2i_DSAPrivateKey_bio 729 EXIST::FUNCTION:BIO,DSA
-d2i_DSAPrivateKey_fp 730 EXIST::FUNCTION:DSA,FP_API
-d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA
-d2i_DSAparams 732 EXIST::FUNCTION:DSA
-d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION:
-d2i_NETSCAPE_SPKI 734 EXIST::FUNCTION:
-d2i_Netscape_RSA 735 EXIST::FUNCTION:RSA
-d2i_PKCS7 736 EXIST::FUNCTION:
-d2i_PKCS7_DIGEST 737 EXIST::FUNCTION:
-d2i_PKCS7_ENCRYPT 738 EXIST::FUNCTION:
-d2i_PKCS7_ENC_CONTENT 739 EXIST::FUNCTION:
-d2i_PKCS7_ENVELOPE 740 EXIST::FUNCTION:
-d2i_PKCS7_ISSUER_AND_SERIAL 741 EXIST::FUNCTION:
-d2i_PKCS7_RECIP_INFO 742 EXIST::FUNCTION:
-d2i_PKCS7_SIGNED 743 EXIST::FUNCTION:
-d2i_PKCS7_SIGNER_INFO 744 EXIST::FUNCTION:
-d2i_PKCS7_SIGN_ENVELOPE 745 EXIST::FUNCTION:
-d2i_PKCS7_bio 746 EXIST::FUNCTION:
-d2i_PKCS7_fp 747 EXIST::FUNCTION:FP_API
-d2i_PrivateKey 748 EXIST::FUNCTION:
-d2i_PublicKey 749 EXIST::FUNCTION:
-d2i_RSAPrivateKey 750 EXIST::FUNCTION:RSA
-d2i_RSAPrivateKey_bio 751 EXIST::FUNCTION:BIO,RSA
-d2i_RSAPrivateKey_fp 752 EXIST::FUNCTION:FP_API,RSA
-d2i_RSAPublicKey 753 EXIST::FUNCTION:RSA
-d2i_X509 754 EXIST::FUNCTION:
-d2i_X509_ALGOR 755 EXIST::FUNCTION:
-d2i_X509_ATTRIBUTE 756 EXIST::FUNCTION:
-d2i_X509_CINF 757 EXIST::FUNCTION:
-d2i_X509_CRL 758 EXIST::FUNCTION:
-d2i_X509_CRL_INFO 759 EXIST::FUNCTION:
-d2i_X509_CRL_bio 760 EXIST::FUNCTION:BIO
-d2i_X509_CRL_fp 761 EXIST::FUNCTION:FP_API
-d2i_X509_EXTENSION 762 EXIST::FUNCTION:
-d2i_X509_NAME 763 EXIST::FUNCTION:
-d2i_X509_NAME_ENTRY 764 EXIST::FUNCTION:
-d2i_X509_PKEY 765 EXIST::FUNCTION:
-d2i_X509_PUBKEY 766 EXIST::FUNCTION:
-d2i_X509_REQ 767 EXIST::FUNCTION:
-d2i_X509_REQ_INFO 768 EXIST::FUNCTION:
-d2i_X509_REQ_bio 769 EXIST::FUNCTION:BIO
-d2i_X509_REQ_fp 770 EXIST::FUNCTION:FP_API
-d2i_X509_REVOKED 771 EXIST::FUNCTION:
-d2i_X509_SIG 772 EXIST::FUNCTION:
-d2i_X509_VAL 773 EXIST::FUNCTION:
-d2i_X509_bio 774 EXIST::FUNCTION:BIO
-d2i_X509_fp 775 EXIST::FUNCTION:FP_API
-DES_cbc_cksum 777 EXIST::FUNCTION:DES
-DES_cbc_encrypt 778 EXIST::FUNCTION:DES
-DES_cblock_print_file 779 NOEXIST::FUNCTION:
-DES_cfb64_encrypt 780 EXIST::FUNCTION:DES
-DES_cfb_encrypt 781 EXIST::FUNCTION:DES
-DES_decrypt3 782 EXIST::FUNCTION:DES
-DES_ecb3_encrypt 783 EXIST::FUNCTION:DES
-DES_ecb_encrypt 784 EXIST::FUNCTION:DES
-DES_ede3_cbc_encrypt 785 EXIST::FUNCTION:DES
-DES_ede3_cfb64_encrypt 786 EXIST::FUNCTION:DES
-DES_ede3_ofb64_encrypt 787 EXIST::FUNCTION:DES
-DES_enc_read 788 EXIST::FUNCTION:DES
-DES_enc_write 789 EXIST::FUNCTION:DES
-DES_encrypt1 790 EXIST::FUNCTION:DES
-DES_encrypt2 791 EXIST::FUNCTION:DES
-DES_encrypt3 792 EXIST::FUNCTION:DES
-DES_fcrypt 793 EXIST::FUNCTION:DES
-DES_is_weak_key 794 EXIST::FUNCTION:DES
-DES_key_sched 795 EXIST::FUNCTION:DES
-DES_ncbc_encrypt 796 EXIST::FUNCTION:DES
-DES_ofb64_encrypt 797 EXIST::FUNCTION:DES
-DES_ofb_encrypt 798 EXIST::FUNCTION:DES
-DES_options 799 EXIST::FUNCTION:DES
-DES_pcbc_encrypt 800 EXIST::FUNCTION:DES
-DES_quad_cksum 801 EXIST::FUNCTION:DES
-DES_random_key 802 EXIST::FUNCTION:DES
-_ossl_old_des_random_seed 803 EXIST::FUNCTION:DES
-_ossl_old_des_read_2passwords 804 EXIST::FUNCTION:DES
-_ossl_old_des_read_password 805 EXIST::FUNCTION:DES
-_ossl_old_des_read_pw 806 EXIST::FUNCTION:
-_ossl_old_des_read_pw_string 807 EXIST::FUNCTION:
-DES_set_key 808 EXIST::FUNCTION:DES
-DES_set_odd_parity 809 EXIST::FUNCTION:DES
-DES_string_to_2keys 810 EXIST::FUNCTION:DES
-DES_string_to_key 811 EXIST::FUNCTION:DES
-DES_xcbc_encrypt 812 EXIST::FUNCTION:DES
-DES_xwhite_in2out 813 EXIST::FUNCTION:DES
-fcrypt_body 814 NOEXIST::FUNCTION:
-i2a_ASN1_INTEGER 815 EXIST::FUNCTION:BIO
-i2a_ASN1_OBJECT 816 EXIST::FUNCTION:BIO
-i2a_ASN1_STRING 817 EXIST::FUNCTION:BIO
-i2d_ASN1_BIT_STRING 818 EXIST::FUNCTION:
-i2d_ASN1_BOOLEAN 819 EXIST::FUNCTION:
-i2d_ASN1_HEADER 820 EXIST::FUNCTION:
-i2d_ASN1_IA5STRING 821 EXIST::FUNCTION:
-i2d_ASN1_INTEGER 822 EXIST::FUNCTION:
-i2d_ASN1_OBJECT 823 EXIST::FUNCTION:
-i2d_ASN1_OCTET_STRING 824 EXIST::FUNCTION:
-i2d_ASN1_PRINTABLE 825 EXIST::FUNCTION:
-i2d_ASN1_SET 826 EXIST::FUNCTION:
-i2d_ASN1_TYPE 827 EXIST::FUNCTION:
-i2d_ASN1_UTCTIME 828 EXIST::FUNCTION:
-i2d_ASN1_bytes 829 EXIST::FUNCTION:
-i2d_DHparams 830 EXIST::FUNCTION:DH
-i2d_DSAPrivateKey 831 EXIST::FUNCTION:DSA
-i2d_DSAPrivateKey_bio 832 EXIST::FUNCTION:BIO,DSA
-i2d_DSAPrivateKey_fp 833 EXIST::FUNCTION:DSA,FP_API
-i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA
-i2d_DSAparams 835 EXIST::FUNCTION:DSA
-i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION:
-i2d_NETSCAPE_SPKI 837 EXIST::FUNCTION:
-i2d_Netscape_RSA 838 EXIST::FUNCTION:RSA
-i2d_PKCS7 839 EXIST::FUNCTION:
-i2d_PKCS7_DIGEST 840 EXIST::FUNCTION:
-i2d_PKCS7_ENCRYPT 841 EXIST::FUNCTION:
-i2d_PKCS7_ENC_CONTENT 842 EXIST::FUNCTION:
-i2d_PKCS7_ENVELOPE 843 EXIST::FUNCTION:
-i2d_PKCS7_ISSUER_AND_SERIAL 844 EXIST::FUNCTION:
-i2d_PKCS7_RECIP_INFO 845 EXIST::FUNCTION:
-i2d_PKCS7_SIGNED 846 EXIST::FUNCTION:
-i2d_PKCS7_SIGNER_INFO 847 EXIST::FUNCTION:
-i2d_PKCS7_SIGN_ENVELOPE 848 EXIST::FUNCTION:
-i2d_PKCS7_bio 849 EXIST::FUNCTION:
-i2d_PKCS7_fp 850 EXIST::FUNCTION:FP_API
-i2d_PrivateKey 851 EXIST::FUNCTION:
-i2d_PublicKey 852 EXIST::FUNCTION:
-i2d_RSAPrivateKey 853 EXIST::FUNCTION:RSA
-i2d_RSAPrivateKey_bio 854 EXIST::FUNCTION:BIO,RSA
-i2d_RSAPrivateKey_fp 855 EXIST::FUNCTION:FP_API,RSA
-i2d_RSAPublicKey 856 EXIST::FUNCTION:RSA
-i2d_X509 857 EXIST::FUNCTION:
-i2d_X509_ALGOR 858 EXIST::FUNCTION:
-i2d_X509_ATTRIBUTE 859 EXIST::FUNCTION:
-i2d_X509_CINF 860 EXIST::FUNCTION:
-i2d_X509_CRL 861 EXIST::FUNCTION:
-i2d_X509_CRL_INFO 862 EXIST::FUNCTION:
-i2d_X509_CRL_bio 863 EXIST::FUNCTION:BIO
-i2d_X509_CRL_fp 864 EXIST::FUNCTION:FP_API
-i2d_X509_EXTENSION 865 EXIST::FUNCTION:
-i2d_X509_NAME 866 EXIST::FUNCTION:
-i2d_X509_NAME_ENTRY 867 EXIST::FUNCTION:
-i2d_X509_PKEY 868 EXIST::FUNCTION:
-i2d_X509_PUBKEY 869 EXIST::FUNCTION:
-i2d_X509_REQ 870 EXIST::FUNCTION:
-i2d_X509_REQ_INFO 871 EXIST::FUNCTION:
-i2d_X509_REQ_bio 872 EXIST::FUNCTION:BIO
-i2d_X509_REQ_fp 873 EXIST::FUNCTION:FP_API
-i2d_X509_REVOKED 874 EXIST::FUNCTION:
-i2d_X509_SIG 875 EXIST::FUNCTION:
-i2d_X509_VAL 876 EXIST::FUNCTION:
-i2d_X509_bio 877 EXIST::FUNCTION:BIO
-i2d_X509_fp 878 EXIST::FUNCTION:FP_API
-idea_cbc_encrypt 879 EXIST::FUNCTION:IDEA
-idea_cfb64_encrypt 880 EXIST::FUNCTION:IDEA
-idea_ecb_encrypt 881 EXIST::FUNCTION:IDEA
-idea_encrypt 882 EXIST::FUNCTION:IDEA
-idea_ofb64_encrypt 883 EXIST::FUNCTION:IDEA
-idea_options 884 EXIST::FUNCTION:IDEA
-idea_set_decrypt_key 885 EXIST::FUNCTION:IDEA
-idea_set_encrypt_key 886 EXIST::FUNCTION:IDEA
-lh_delete 887 EXIST::FUNCTION:
-lh_doall 888 EXIST::FUNCTION:
-lh_doall_arg 889 EXIST::FUNCTION:
-lh_free 890 EXIST::FUNCTION:
-lh_insert 891 EXIST::FUNCTION:
-lh_new 892 EXIST::FUNCTION:
-lh_node_stats 893 EXIST::FUNCTION:FP_API
-lh_node_stats_bio 894 EXIST::FUNCTION:BIO
-lh_node_usage_stats 895 EXIST::FUNCTION:FP_API
-lh_node_usage_stats_bio 896 EXIST::FUNCTION:BIO
-lh_retrieve 897 EXIST::FUNCTION:
-lh_stats 898 EXIST::FUNCTION:FP_API
-lh_stats_bio 899 EXIST::FUNCTION:BIO
-lh_strhash 900 EXIST::FUNCTION:
-sk_delete 901 EXIST::FUNCTION:
-sk_delete_ptr 902 EXIST::FUNCTION:
-sk_dup 903 EXIST::FUNCTION:
-sk_find 904 EXIST::FUNCTION:
-sk_free 905 EXIST::FUNCTION:
-sk_insert 906 EXIST::FUNCTION:
-sk_new 907 EXIST::FUNCTION:
-sk_pop 908 EXIST::FUNCTION:
-sk_pop_free 909 EXIST::FUNCTION:
-sk_push 910 EXIST::FUNCTION:
-sk_set_cmp_func 911 EXIST::FUNCTION:
-sk_shift 912 EXIST::FUNCTION:
-sk_unshift 913 EXIST::FUNCTION:
-sk_zero 914 EXIST::FUNCTION:
-BIO_f_nbio_test 915 EXIST::FUNCTION:
-ASN1_TYPE_get 916 EXIST::FUNCTION:
-ASN1_TYPE_set 917 EXIST::FUNCTION:
-PKCS7_content_free 918 NOEXIST::FUNCTION:
-ERR_load_PKCS7_strings 919 EXIST::FUNCTION:
-X509_find_by_issuer_and_serial 920 EXIST::FUNCTION:
-X509_find_by_subject 921 EXIST::FUNCTION:
-PKCS7_ctrl 927 EXIST::FUNCTION:
-PKCS7_set_type 928 EXIST::FUNCTION:
-PKCS7_set_content 929 EXIST::FUNCTION:
-PKCS7_SIGNER_INFO_set 930 EXIST::FUNCTION:
-PKCS7_add_signer 931 EXIST::FUNCTION:
-PKCS7_add_certificate 932 EXIST::FUNCTION:
-PKCS7_add_crl 933 EXIST::FUNCTION:
-PKCS7_content_new 934 EXIST::FUNCTION:
-PKCS7_dataSign 935 NOEXIST::FUNCTION:
-PKCS7_dataVerify 936 EXIST::FUNCTION:
-PKCS7_dataInit 937 EXIST::FUNCTION:
-PKCS7_add_signature 938 EXIST::FUNCTION:
-PKCS7_cert_from_signer_info 939 EXIST::FUNCTION:
-PKCS7_get_signer_info 940 EXIST::FUNCTION:
-EVP_delete_alias 941 NOEXIST::FUNCTION:
-EVP_mdc2 942 EXIST::FUNCTION:MDC2
-PEM_read_bio_RSAPublicKey 943 EXIST::FUNCTION:RSA
-PEM_write_bio_RSAPublicKey 944 EXIST::FUNCTION:RSA
-d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:BIO,RSA
-i2d_RSAPublicKey_bio 946 EXIST::FUNCTION:BIO,RSA
-PEM_read_RSAPublicKey 947 EXIST:!WIN16:FUNCTION:RSA
-PEM_write_RSAPublicKey 949 EXIST:!WIN16:FUNCTION:RSA
-d2i_RSAPublicKey_fp 952 EXIST::FUNCTION:FP_API,RSA
-i2d_RSAPublicKey_fp 954 EXIST::FUNCTION:FP_API,RSA
-BIO_copy_next_retry 955 EXIST::FUNCTION:
-RSA_flags 956 EXIST::FUNCTION:RSA
-X509_STORE_add_crl 957 EXIST::FUNCTION:
-X509_load_crl_file 958 EXIST::FUNCTION:STDIO
-EVP_rc2_40_cbc 959 EXIST::FUNCTION:RC2
-EVP_rc4_40 960 EXIST::FUNCTION:RC4
-EVP_CIPHER_CTX_init 961 EXIST::FUNCTION:
-HMAC 962 EXIST::FUNCTION:HMAC
-HMAC_Init 963 EXIST::FUNCTION:HMAC
-HMAC_Update 964 EXIST::FUNCTION:HMAC
-HMAC_Final 965 EXIST::FUNCTION:HMAC
-ERR_get_next_error_library 966 EXIST::FUNCTION:
-EVP_PKEY_cmp_parameters 967 EXIST::FUNCTION:
-HMAC_cleanup 968 NOEXIST::FUNCTION:
-BIO_ptr_ctrl 969 EXIST::FUNCTION:
-BIO_new_file_internal 970 EXIST:WIN16:FUNCTION:FP_API
-BIO_new_fp_internal 971 EXIST:WIN16:FUNCTION:FP_API
-BIO_s_file_internal 972 EXIST:WIN16:FUNCTION:FP_API
-BN_BLINDING_convert 973 EXIST::FUNCTION:
-BN_BLINDING_invert 974 EXIST::FUNCTION:
-BN_BLINDING_update 975 EXIST::FUNCTION:
-RSA_blinding_on 977 EXIST::FUNCTION:RSA
-RSA_blinding_off 978 EXIST::FUNCTION:RSA
-i2t_ASN1_OBJECT 979 EXIST::FUNCTION:
-BN_BLINDING_new 980 EXIST::FUNCTION:
-BN_BLINDING_free 981 EXIST::FUNCTION:
-EVP_cast5_cbc 983 EXIST::FUNCTION:CAST
-EVP_cast5_cfb64 984 EXIST::FUNCTION:CAST
-EVP_cast5_ecb 985 EXIST::FUNCTION:CAST
-EVP_cast5_ofb 986 EXIST::FUNCTION:CAST
-BF_decrypt 987 EXIST::FUNCTION:BF
-CAST_set_key 988 EXIST::FUNCTION:CAST
-CAST_encrypt 989 EXIST::FUNCTION:CAST
-CAST_decrypt 990 EXIST::FUNCTION:CAST
-CAST_ecb_encrypt 991 EXIST::FUNCTION:CAST
-CAST_cbc_encrypt 992 EXIST::FUNCTION:CAST
-CAST_cfb64_encrypt 993 EXIST::FUNCTION:CAST
-CAST_ofb64_encrypt 994 EXIST::FUNCTION:CAST
-RC2_decrypt 995 EXIST::FUNCTION:RC2
-OBJ_create_objects 997 EXIST::FUNCTION:
-BN_exp 998 EXIST::FUNCTION:
-BN_mul_word 999 EXIST::FUNCTION:
-BN_sub_word 1000 EXIST::FUNCTION:
-BN_dec2bn 1001 EXIST::FUNCTION:
-BN_bn2dec 1002 EXIST::FUNCTION:
-BIO_ghbn_ctrl 1003 NOEXIST::FUNCTION:
-CRYPTO_free_ex_data 1004 EXIST::FUNCTION:
-CRYPTO_get_ex_data 1005 EXIST::FUNCTION:
-CRYPTO_set_ex_data 1007 EXIST::FUNCTION:
-ERR_load_CRYPTO_strings 1009 EXIST:!OS2,!VMS,!WIN16:FUNCTION:
-ERR_load_CRYPTOlib_strings 1009 EXIST:OS2,VMS,WIN16:FUNCTION:
-EVP_PKEY_bits 1010 EXIST::FUNCTION:
-MD5_Transform 1011 EXIST::FUNCTION:MD5
-SHA1_Transform 1012 EXIST::FUNCTION:SHA,SHA1
-SHA_Transform 1013 EXIST::FUNCTION:SHA,SHA0
-X509_STORE_CTX_get_chain 1014 EXIST::FUNCTION:
-X509_STORE_CTX_get_current_cert 1015 EXIST::FUNCTION:
-X509_STORE_CTX_get_error 1016 EXIST::FUNCTION:
-X509_STORE_CTX_get_error_depth 1017 EXIST::FUNCTION:
-X509_STORE_CTX_get_ex_data 1018 EXIST::FUNCTION:
-X509_STORE_CTX_set_cert 1020 EXIST::FUNCTION:
-X509_STORE_CTX_set_chain 1021 EXIST::FUNCTION:
-X509_STORE_CTX_set_error 1022 EXIST::FUNCTION:
-X509_STORE_CTX_set_ex_data 1023 EXIST::FUNCTION:
-CRYPTO_dup_ex_data 1025 EXIST::FUNCTION:
-CRYPTO_get_new_lockid 1026 EXIST::FUNCTION:
-CRYPTO_new_ex_data 1027 EXIST::FUNCTION:
-RSA_set_ex_data 1028 EXIST::FUNCTION:RSA
-RSA_get_ex_data 1029 EXIST::FUNCTION:RSA
-RSA_get_ex_new_index 1030 EXIST::FUNCTION:RSA
-RSA_padding_add_PKCS1_type_1 1031 EXIST::FUNCTION:RSA
-RSA_padding_add_PKCS1_type_2 1032 EXIST::FUNCTION:RSA
-RSA_padding_add_SSLv23 1033 EXIST::FUNCTION:RSA
-RSA_padding_add_none 1034 EXIST::FUNCTION:RSA
-RSA_padding_check_PKCS1_type_1 1035 EXIST::FUNCTION:RSA
-RSA_padding_check_PKCS1_type_2 1036 EXIST::FUNCTION:RSA
-RSA_padding_check_SSLv23 1037 EXIST::FUNCTION:RSA
-RSA_padding_check_none 1038 EXIST::FUNCTION:RSA
-bn_add_words 1039 EXIST::FUNCTION:
-d2i_Netscape_RSA_2 1040 NOEXIST::FUNCTION:
-CRYPTO_get_ex_new_index 1041 EXIST::FUNCTION:
-RIPEMD160_Init 1042 EXIST::FUNCTION:RIPEMD
-RIPEMD160_Update 1043 EXIST::FUNCTION:RIPEMD
-RIPEMD160_Final 1044 EXIST::FUNCTION:RIPEMD
-RIPEMD160 1045 EXIST::FUNCTION:RIPEMD
-RIPEMD160_Transform 1046 EXIST::FUNCTION:RIPEMD
-RC5_32_set_key 1047 EXIST::FUNCTION:RC5
-RC5_32_ecb_encrypt 1048 EXIST::FUNCTION:RC5
-RC5_32_encrypt 1049 EXIST::FUNCTION:RC5
-RC5_32_decrypt 1050 EXIST::FUNCTION:RC5
-RC5_32_cbc_encrypt 1051 EXIST::FUNCTION:RC5
-RC5_32_cfb64_encrypt 1052 EXIST::FUNCTION:RC5
-RC5_32_ofb64_encrypt 1053 EXIST::FUNCTION:RC5
-BN_bn2mpi 1058 EXIST::FUNCTION:
-BN_mpi2bn 1059 EXIST::FUNCTION:
-ASN1_BIT_STRING_get_bit 1060 EXIST::FUNCTION:
-ASN1_BIT_STRING_set_bit 1061 EXIST::FUNCTION:
-BIO_get_ex_data 1062 EXIST::FUNCTION:
-BIO_get_ex_new_index 1063 EXIST::FUNCTION:
-BIO_set_ex_data 1064 EXIST::FUNCTION:
-X509v3_get_key_usage 1066 NOEXIST::FUNCTION:
-X509v3_set_key_usage 1067 NOEXIST::FUNCTION:
-a2i_X509v3_key_usage 1068 NOEXIST::FUNCTION:
-i2a_X509v3_key_usage 1069 NOEXIST::FUNCTION:
-EVP_PKEY_decrypt 1070 EXIST::FUNCTION:
-EVP_PKEY_encrypt 1071 EXIST::FUNCTION:
-PKCS7_RECIP_INFO_set 1072 EXIST::FUNCTION:
-PKCS7_add_recipient 1073 EXIST::FUNCTION:
-PKCS7_add_recipient_info 1074 EXIST::FUNCTION:
-PKCS7_set_cipher 1075 EXIST::FUNCTION:
-ASN1_TYPE_get_int_octetstring 1076 EXIST::FUNCTION:
-ASN1_TYPE_get_octetstring 1077 EXIST::FUNCTION:
-ASN1_TYPE_set_int_octetstring 1078 EXIST::FUNCTION:
-ASN1_TYPE_set_octetstring 1079 EXIST::FUNCTION:
-ASN1_UTCTIME_set_string 1080 EXIST::FUNCTION:
-ERR_add_error_data 1081 EXIST::FUNCTION:BIO
-ERR_set_error_data 1082 EXIST::FUNCTION:
-EVP_CIPHER_asn1_to_param 1083 EXIST::FUNCTION:
-EVP_CIPHER_param_to_asn1 1084 EXIST::FUNCTION:
-EVP_CIPHER_get_asn1_iv 1085 EXIST::FUNCTION:
-EVP_CIPHER_set_asn1_iv 1086 EXIST::FUNCTION:
-EVP_rc5_32_12_16_cbc 1087 EXIST::FUNCTION:RC5
-EVP_rc5_32_12_16_cfb64 1088 EXIST::FUNCTION:RC5
-EVP_rc5_32_12_16_ecb 1089 EXIST::FUNCTION:RC5
-EVP_rc5_32_12_16_ofb 1090 EXIST::FUNCTION:RC5
-asn1_add_error 1091 EXIST::FUNCTION:
-d2i_ASN1_BMPSTRING 1092 EXIST::FUNCTION:
-i2d_ASN1_BMPSTRING 1093 EXIST::FUNCTION:
-BIO_f_ber 1094 NOEXIST::FUNCTION:
-BN_init 1095 EXIST::FUNCTION:
-COMP_CTX_new 1096 EXIST::FUNCTION:
-COMP_CTX_free 1097 EXIST::FUNCTION:
-COMP_CTX_compress_block 1098 NOEXIST::FUNCTION:
-COMP_CTX_expand_block 1099 NOEXIST::FUNCTION:
-X509_STORE_CTX_get_ex_new_index 1100 EXIST::FUNCTION:
-OBJ_NAME_add 1101 EXIST::FUNCTION:
-BIO_socket_nbio 1102 EXIST::FUNCTION:
-EVP_rc2_64_cbc 1103 EXIST::FUNCTION:RC2
-OBJ_NAME_cleanup 1104 EXIST::FUNCTION:
-OBJ_NAME_get 1105 EXIST::FUNCTION:
-OBJ_NAME_init 1106 EXIST::FUNCTION:
-OBJ_NAME_new_index 1107 EXIST::FUNCTION:
-OBJ_NAME_remove 1108 EXIST::FUNCTION:
-BN_MONT_CTX_copy 1109 EXIST::FUNCTION:
-BIO_new_socks4a_connect 1110 NOEXIST::FUNCTION:
-BIO_s_socks4a_connect 1111 NOEXIST::FUNCTION:
-PROXY_set_connect_mode 1112 NOEXIST::FUNCTION:
-RAND_SSLeay 1113 EXIST::FUNCTION:
-RAND_set_rand_method 1114 EXIST::FUNCTION:
-RSA_memory_lock 1115 EXIST::FUNCTION:RSA
-bn_sub_words 1116 EXIST::FUNCTION:
-bn_mul_normal 1117 NOEXIST::FUNCTION:
-bn_mul_comba8 1118 NOEXIST::FUNCTION:
-bn_mul_comba4 1119 NOEXIST::FUNCTION:
-bn_sqr_normal 1120 NOEXIST::FUNCTION:
-bn_sqr_comba8 1121 NOEXIST::FUNCTION:
-bn_sqr_comba4 1122 NOEXIST::FUNCTION:
-bn_cmp_words 1123 NOEXIST::FUNCTION:
-bn_mul_recursive 1124 NOEXIST::FUNCTION:
-bn_mul_part_recursive 1125 NOEXIST::FUNCTION:
-bn_sqr_recursive 1126 NOEXIST::FUNCTION:
-bn_mul_low_normal 1127 NOEXIST::FUNCTION:
-BN_RECP_CTX_init 1128 EXIST::FUNCTION:
-BN_RECP_CTX_new 1129 EXIST::FUNCTION:
-BN_RECP_CTX_free 1130 EXIST::FUNCTION:
-BN_RECP_CTX_set 1131 EXIST::FUNCTION:
-BN_mod_mul_reciprocal 1132 EXIST::FUNCTION:
-BN_mod_exp_recp 1133 EXIST::FUNCTION:
-BN_div_recp 1134 EXIST::FUNCTION:
-BN_CTX_init 1135 EXIST::FUNCTION:DEPRECATED
-BN_MONT_CTX_init 1136 EXIST::FUNCTION:
-RAND_get_rand_method 1137 EXIST::FUNCTION:
-PKCS7_add_attribute 1138 EXIST::FUNCTION:
-PKCS7_add_signed_attribute 1139 EXIST::FUNCTION:
-PKCS7_digest_from_attributes 1140 EXIST::FUNCTION:
-PKCS7_get_attribute 1141 EXIST::FUNCTION:
-PKCS7_get_issuer_and_serial 1142 EXIST::FUNCTION:
-PKCS7_get_signed_attribute 1143 EXIST::FUNCTION:
-COMP_compress_block 1144 EXIST::FUNCTION:
-COMP_expand_block 1145 EXIST::FUNCTION:
-COMP_rle 1146 EXIST::FUNCTION:
-COMP_zlib 1147 EXIST::FUNCTION:
-ms_time_diff 1148 EXIST::FUNCTION:
-ms_time_new 1149 EXIST::FUNCTION:
-ms_time_free 1150 EXIST::FUNCTION:
-ms_time_cmp 1151 EXIST::FUNCTION:
-ms_time_get 1152 EXIST::FUNCTION:
-PKCS7_set_attributes 1153 EXIST::FUNCTION:
-PKCS7_set_signed_attributes 1154 EXIST::FUNCTION:
-X509_ATTRIBUTE_create 1155 EXIST::FUNCTION:
-X509_ATTRIBUTE_dup 1156 EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_check 1157 EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_print 1158 EXIST::FUNCTION:BIO
-ASN1_GENERALIZEDTIME_set 1159 EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_set_string 1160 EXIST::FUNCTION:
-ASN1_TIME_print 1161 EXIST::FUNCTION:BIO
-BASIC_CONSTRAINTS_free 1162 EXIST::FUNCTION:
-BASIC_CONSTRAINTS_new 1163 EXIST::FUNCTION:
-ERR_load_X509V3_strings 1164 EXIST::FUNCTION:
-NETSCAPE_CERT_SEQUENCE_free 1165 EXIST::FUNCTION:
-NETSCAPE_CERT_SEQUENCE_new 1166 EXIST::FUNCTION:
-OBJ_txt2obj 1167 EXIST::FUNCTION:
-PEM_read_NETSCAPE_CERT_SEQUENCE 1168 EXIST:!VMS,!WIN16:FUNCTION:
-PEM_read_NS_CERT_SEQ 1168 EXIST:VMS:FUNCTION:
-PEM_read_bio_NETSCAPE_CERT_SEQUENCE 1169 EXIST:!VMS:FUNCTION:
-PEM_read_bio_NS_CERT_SEQ 1169 EXIST:VMS:FUNCTION:
-PEM_write_NETSCAPE_CERT_SEQUENCE 1170 EXIST:!VMS,!WIN16:FUNCTION:
-PEM_write_NS_CERT_SEQ 1170 EXIST:VMS:FUNCTION:
-PEM_write_bio_NETSCAPE_CERT_SEQUENCE 1171 EXIST:!VMS:FUNCTION:
-PEM_write_bio_NS_CERT_SEQ 1171 EXIST:VMS:FUNCTION:
-X509V3_EXT_add 1172 EXIST::FUNCTION:
-X509V3_EXT_add_alias 1173 EXIST::FUNCTION:
-X509V3_EXT_add_conf 1174 EXIST::FUNCTION:
-X509V3_EXT_cleanup 1175 EXIST::FUNCTION:
-X509V3_EXT_conf 1176 EXIST::FUNCTION:
-X509V3_EXT_conf_nid 1177 EXIST::FUNCTION:
-X509V3_EXT_get 1178 EXIST::FUNCTION:
-X509V3_EXT_get_nid 1179 EXIST::FUNCTION:
-X509V3_EXT_print 1180 EXIST::FUNCTION:
-X509V3_EXT_print_fp 1181 EXIST::FUNCTION:
-X509V3_add_standard_extensions 1182 EXIST::FUNCTION:
-X509V3_add_value 1183 EXIST::FUNCTION:
-X509V3_add_value_bool 1184 EXIST::FUNCTION:
-X509V3_add_value_int 1185 EXIST::FUNCTION:
-X509V3_conf_free 1186 EXIST::FUNCTION:
-X509V3_get_value_bool 1187 EXIST::FUNCTION:
-X509V3_get_value_int 1188 EXIST::FUNCTION:
-X509V3_parse_list 1189 EXIST::FUNCTION:
-d2i_ASN1_GENERALIZEDTIME 1190 EXIST::FUNCTION:
-d2i_ASN1_TIME 1191 EXIST::FUNCTION:
-d2i_BASIC_CONSTRAINTS 1192 EXIST::FUNCTION:
-d2i_NETSCAPE_CERT_SEQUENCE 1193 EXIST::FUNCTION:
-d2i_ext_ku 1194 NOEXIST::FUNCTION:
-ext_ku_free 1195 NOEXIST::FUNCTION:
-ext_ku_new 1196 NOEXIST::FUNCTION:
-i2d_ASN1_GENERALIZEDTIME 1197 EXIST::FUNCTION:
-i2d_ASN1_TIME 1198 EXIST::FUNCTION:
-i2d_BASIC_CONSTRAINTS 1199 EXIST::FUNCTION:
-i2d_NETSCAPE_CERT_SEQUENCE 1200 EXIST::FUNCTION:
-i2d_ext_ku 1201 NOEXIST::FUNCTION:
-EVP_MD_CTX_copy 1202 EXIST::FUNCTION:
-i2d_ASN1_ENUMERATED 1203 EXIST::FUNCTION:
-d2i_ASN1_ENUMERATED 1204 EXIST::FUNCTION:
-ASN1_ENUMERATED_set 1205 EXIST::FUNCTION:
-ASN1_ENUMERATED_get 1206 EXIST::FUNCTION:
-BN_to_ASN1_ENUMERATED 1207 EXIST::FUNCTION:
-ASN1_ENUMERATED_to_BN 1208 EXIST::FUNCTION:
-i2a_ASN1_ENUMERATED 1209 EXIST::FUNCTION:BIO
-a2i_ASN1_ENUMERATED 1210 EXIST::FUNCTION:BIO
-i2d_GENERAL_NAME 1211 EXIST::FUNCTION:
-d2i_GENERAL_NAME 1212 EXIST::FUNCTION:
-GENERAL_NAME_new 1213 EXIST::FUNCTION:
-GENERAL_NAME_free 1214 EXIST::FUNCTION:
-GENERAL_NAMES_new 1215 EXIST::FUNCTION:
-GENERAL_NAMES_free 1216 EXIST::FUNCTION:
-d2i_GENERAL_NAMES 1217 EXIST::FUNCTION:
-i2d_GENERAL_NAMES 1218 EXIST::FUNCTION:
-i2v_GENERAL_NAMES 1219 EXIST::FUNCTION:
-i2s_ASN1_OCTET_STRING 1220 EXIST::FUNCTION:
-s2i_ASN1_OCTET_STRING 1221 EXIST::FUNCTION:
-X509V3_EXT_check_conf 1222 NOEXIST::FUNCTION:
-hex_to_string 1223 EXIST::FUNCTION:
-string_to_hex 1224 EXIST::FUNCTION:
-DES_ede3_cbcm_encrypt 1225 EXIST::FUNCTION:DES
-RSA_padding_add_PKCS1_OAEP 1226 EXIST::FUNCTION:RSA
-RSA_padding_check_PKCS1_OAEP 1227 EXIST::FUNCTION:RSA
-X509_CRL_print_fp 1228 EXIST::FUNCTION:FP_API
-X509_CRL_print 1229 EXIST::FUNCTION:BIO
-i2v_GENERAL_NAME 1230 EXIST::FUNCTION:
-v2i_GENERAL_NAME 1231 EXIST::FUNCTION:
-i2d_PKEY_USAGE_PERIOD 1232 EXIST::FUNCTION:
-d2i_PKEY_USAGE_PERIOD 1233 EXIST::FUNCTION:
-PKEY_USAGE_PERIOD_new 1234 EXIST::FUNCTION:
-PKEY_USAGE_PERIOD_free 1235 EXIST::FUNCTION:
-v2i_GENERAL_NAMES 1236 EXIST::FUNCTION:
-i2s_ASN1_INTEGER 1237 EXIST::FUNCTION:
-X509V3_EXT_d2i 1238 EXIST::FUNCTION:
-name_cmp 1239 EXIST::FUNCTION:
-str_dup 1240 NOEXIST::FUNCTION:
-i2s_ASN1_ENUMERATED 1241 EXIST::FUNCTION:
-i2s_ASN1_ENUMERATED_TABLE 1242 EXIST::FUNCTION:
-BIO_s_log 1243 EXIST:!OS2,!WIN16,!WIN32,!macintosh:FUNCTION:
-BIO_f_reliable 1244 EXIST::FUNCTION:BIO
-PKCS7_dataFinal 1245 EXIST::FUNCTION:
-PKCS7_dataDecode 1246 EXIST::FUNCTION:
-X509V3_EXT_CRL_add_conf 1247 EXIST::FUNCTION:
-BN_set_params 1248 EXIST::FUNCTION:DEPRECATED
-BN_get_params 1249 EXIST::FUNCTION:DEPRECATED
-BIO_get_ex_num 1250 NOEXIST::FUNCTION:
-BIO_set_ex_free_func 1251 NOEXIST::FUNCTION:
-EVP_ripemd160 1252 EXIST::FUNCTION:RIPEMD
-ASN1_TIME_set 1253 EXIST::FUNCTION:
-i2d_AUTHORITY_KEYID 1254 EXIST::FUNCTION:
-d2i_AUTHORITY_KEYID 1255 EXIST::FUNCTION:
-AUTHORITY_KEYID_new 1256 EXIST::FUNCTION:
-AUTHORITY_KEYID_free 1257 EXIST::FUNCTION:
-ASN1_seq_unpack 1258 EXIST::FUNCTION:
-ASN1_seq_pack 1259 EXIST::FUNCTION:
-ASN1_unpack_string 1260 EXIST::FUNCTION:
-ASN1_pack_string 1261 EXIST::FUNCTION:
-PKCS12_pack_safebag 1262 NOEXIST::FUNCTION:
-PKCS12_MAKE_KEYBAG 1263 EXIST::FUNCTION:
-PKCS8_encrypt 1264 EXIST::FUNCTION:
-PKCS12_MAKE_SHKEYBAG 1265 EXIST::FUNCTION:
-PKCS12_pack_p7data 1266 EXIST::FUNCTION:
-PKCS12_pack_p7encdata 1267 EXIST::FUNCTION:
-PKCS12_add_localkeyid 1268 EXIST::FUNCTION:
-PKCS12_add_friendlyname_asc 1269 EXIST::FUNCTION:
-PKCS12_add_friendlyname_uni 1270 EXIST::FUNCTION:
-PKCS12_get_friendlyname 1271 EXIST::FUNCTION:
-PKCS12_pbe_crypt 1272 EXIST::FUNCTION:
-PKCS12_decrypt_d2i 1273 NOEXIST::FUNCTION:
-PKCS12_i2d_encrypt 1274 NOEXIST::FUNCTION:
-PKCS12_init 1275 EXIST::FUNCTION:
-PKCS12_key_gen_asc 1276 EXIST::FUNCTION:
-PKCS12_key_gen_uni 1277 EXIST::FUNCTION:
-PKCS12_gen_mac 1278 EXIST::FUNCTION:
-PKCS12_verify_mac 1279 EXIST::FUNCTION:
-PKCS12_set_mac 1280 EXIST::FUNCTION:
-PKCS12_setup_mac 1281 EXIST::FUNCTION:
-asc2uni 1282 EXIST::FUNCTION:
-uni2asc 1283 EXIST::FUNCTION:
-i2d_PKCS12_BAGS 1284 EXIST::FUNCTION:
-PKCS12_BAGS_new 1285 EXIST::FUNCTION:
-d2i_PKCS12_BAGS 1286 EXIST::FUNCTION:
-PKCS12_BAGS_free 1287 EXIST::FUNCTION:
-i2d_PKCS12 1288 EXIST::FUNCTION:
-d2i_PKCS12 1289 EXIST::FUNCTION:
-PKCS12_new 1290 EXIST::FUNCTION:
-PKCS12_free 1291 EXIST::FUNCTION:
-i2d_PKCS12_MAC_DATA 1292 EXIST::FUNCTION:
-PKCS12_MAC_DATA_new 1293 EXIST::FUNCTION:
-d2i_PKCS12_MAC_DATA 1294 EXIST::FUNCTION:
-PKCS12_MAC_DATA_free 1295 EXIST::FUNCTION:
-i2d_PKCS12_SAFEBAG 1296 EXIST::FUNCTION:
-PKCS12_SAFEBAG_new 1297 EXIST::FUNCTION:
-d2i_PKCS12_SAFEBAG 1298 EXIST::FUNCTION:
-PKCS12_SAFEBAG_free 1299 EXIST::FUNCTION:
-ERR_load_PKCS12_strings 1300 EXIST::FUNCTION:
-PKCS12_PBE_add 1301 EXIST::FUNCTION:
-PKCS8_add_keyusage 1302 EXIST::FUNCTION:
-PKCS12_get_attr_gen 1303 EXIST::FUNCTION:
-PKCS12_parse 1304 EXIST::FUNCTION:
-PKCS12_create 1305 EXIST::FUNCTION:
-i2d_PKCS12_bio 1306 EXIST::FUNCTION:
-i2d_PKCS12_fp 1307 EXIST::FUNCTION:
-d2i_PKCS12_bio 1308 EXIST::FUNCTION:
-d2i_PKCS12_fp 1309 EXIST::FUNCTION:
-i2d_PBEPARAM 1310 EXIST::FUNCTION:
-PBEPARAM_new 1311 EXIST::FUNCTION:
-d2i_PBEPARAM 1312 EXIST::FUNCTION:
-PBEPARAM_free 1313 EXIST::FUNCTION:
-i2d_PKCS8_PRIV_KEY_INFO 1314 EXIST::FUNCTION:
-PKCS8_PRIV_KEY_INFO_new 1315 EXIST::FUNCTION:
-d2i_PKCS8_PRIV_KEY_INFO 1316 EXIST::FUNCTION:
-PKCS8_PRIV_KEY_INFO_free 1317 EXIST::FUNCTION:
-EVP_PKCS82PKEY 1318 EXIST::FUNCTION:
-EVP_PKEY2PKCS8 1319 EXIST::FUNCTION:
-PKCS8_set_broken 1320 EXIST::FUNCTION:
-EVP_PBE_ALGOR_CipherInit 1321 NOEXIST::FUNCTION:
-EVP_PBE_alg_add 1322 EXIST::FUNCTION:
-PKCS5_pbe_set 1323 EXIST::FUNCTION:
-EVP_PBE_cleanup 1324 EXIST::FUNCTION:
-i2d_SXNET 1325 EXIST::FUNCTION:
-d2i_SXNET 1326 EXIST::FUNCTION:
-SXNET_new 1327 EXIST::FUNCTION:
-SXNET_free 1328 EXIST::FUNCTION:
-i2d_SXNETID 1329 EXIST::FUNCTION:
-d2i_SXNETID 1330 EXIST::FUNCTION:
-SXNETID_new 1331 EXIST::FUNCTION:
-SXNETID_free 1332 EXIST::FUNCTION:
-DSA_SIG_new 1333 EXIST::FUNCTION:DSA
-DSA_SIG_free 1334 EXIST::FUNCTION:DSA
-DSA_do_sign 1335 EXIST::FUNCTION:DSA
-DSA_do_verify 1336 EXIST::FUNCTION:DSA
-d2i_DSA_SIG 1337 EXIST::FUNCTION:DSA
-i2d_DSA_SIG 1338 EXIST::FUNCTION:DSA
-i2d_ASN1_VISIBLESTRING 1339 EXIST::FUNCTION:
-d2i_ASN1_VISIBLESTRING 1340 EXIST::FUNCTION:
-i2d_ASN1_UTF8STRING 1341 EXIST::FUNCTION:
-d2i_ASN1_UTF8STRING 1342 EXIST::FUNCTION:
-i2d_DIRECTORYSTRING 1343 EXIST::FUNCTION:
-d2i_DIRECTORYSTRING 1344 EXIST::FUNCTION:
-i2d_DISPLAYTEXT 1345 EXIST::FUNCTION:
-d2i_DISPLAYTEXT 1346 EXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509 1379 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509 1380 NOEXIST::FUNCTION:
-i2d_PBKDF2PARAM 1397 EXIST::FUNCTION:
-PBKDF2PARAM_new 1398 EXIST::FUNCTION:
-d2i_PBKDF2PARAM 1399 EXIST::FUNCTION:
-PBKDF2PARAM_free 1400 EXIST::FUNCTION:
-i2d_PBE2PARAM 1401 EXIST::FUNCTION:
-PBE2PARAM_new 1402 EXIST::FUNCTION:
-d2i_PBE2PARAM 1403 EXIST::FUNCTION:
-PBE2PARAM_free 1404 EXIST::FUNCTION:
-d2i_ASN1_SET_OF_GENERAL_NAME 1421 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_GENERAL_NAME 1422 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_SXNETID 1439 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_SXNETID 1440 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_POLICYQUALINFO 1457 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_POLICYQUALINFO 1458 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_POLICYINFO 1475 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_POLICYINFO 1476 NOEXIST::FUNCTION:
-SXNET_add_id_asc 1477 EXIST::FUNCTION:
-SXNET_add_id_ulong 1478 EXIST::FUNCTION:
-SXNET_add_id_INTEGER 1479 EXIST::FUNCTION:
-SXNET_get_id_asc 1480 EXIST::FUNCTION:
-SXNET_get_id_ulong 1481 EXIST::FUNCTION:
-SXNET_get_id_INTEGER 1482 EXIST::FUNCTION:
-X509V3_set_conf_lhash 1483 EXIST::FUNCTION:
-i2d_CERTIFICATEPOLICIES 1484 EXIST::FUNCTION:
-CERTIFICATEPOLICIES_new 1485 EXIST::FUNCTION:
-CERTIFICATEPOLICIES_free 1486 EXIST::FUNCTION:
-d2i_CERTIFICATEPOLICIES 1487 EXIST::FUNCTION:
-i2d_POLICYINFO 1488 EXIST::FUNCTION:
-POLICYINFO_new 1489 EXIST::FUNCTION:
-d2i_POLICYINFO 1490 EXIST::FUNCTION:
-POLICYINFO_free 1491 EXIST::FUNCTION:
-i2d_POLICYQUALINFO 1492 EXIST::FUNCTION:
-POLICYQUALINFO_new 1493 EXIST::FUNCTION:
-d2i_POLICYQUALINFO 1494 EXIST::FUNCTION:
-POLICYQUALINFO_free 1495 EXIST::FUNCTION:
-i2d_USERNOTICE 1496 EXIST::FUNCTION:
-USERNOTICE_new 1497 EXIST::FUNCTION:
-d2i_USERNOTICE 1498 EXIST::FUNCTION:
-USERNOTICE_free 1499 EXIST::FUNCTION:
-i2d_NOTICEREF 1500 EXIST::FUNCTION:
-NOTICEREF_new 1501 EXIST::FUNCTION:
-d2i_NOTICEREF 1502 EXIST::FUNCTION:
-NOTICEREF_free 1503 EXIST::FUNCTION:
-X509V3_get_string 1504 EXIST::FUNCTION:
-X509V3_get_section 1505 EXIST::FUNCTION:
-X509V3_string_free 1506 EXIST::FUNCTION:
-X509V3_section_free 1507 EXIST::FUNCTION:
-X509V3_set_ctx 1508 EXIST::FUNCTION:
-s2i_ASN1_INTEGER 1509 EXIST::FUNCTION:
-CRYPTO_set_locked_mem_functions 1510 EXIST::FUNCTION:
-CRYPTO_get_locked_mem_functions 1511 EXIST::FUNCTION:
-CRYPTO_malloc_locked 1512 EXIST::FUNCTION:
-CRYPTO_free_locked 1513 EXIST::FUNCTION:
-BN_mod_exp2_mont 1514 EXIST::FUNCTION:
-ERR_get_error_line_data 1515 EXIST::FUNCTION:
-ERR_peek_error_line_data 1516 EXIST::FUNCTION:
-PKCS12_PBE_keyivgen 1517 EXIST::FUNCTION:
-X509_ALGOR_dup 1518 EXIST::FUNCTION:
-d2i_ASN1_SET_OF_DIST_POINT 1535 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_DIST_POINT 1536 NOEXIST::FUNCTION:
-i2d_CRL_DIST_POINTS 1537 EXIST::FUNCTION:
-CRL_DIST_POINTS_new 1538 EXIST::FUNCTION:
-CRL_DIST_POINTS_free 1539 EXIST::FUNCTION:
-d2i_CRL_DIST_POINTS 1540 EXIST::FUNCTION:
-i2d_DIST_POINT 1541 EXIST::FUNCTION:
-DIST_POINT_new 1542 EXIST::FUNCTION:
-d2i_DIST_POINT 1543 EXIST::FUNCTION:
-DIST_POINT_free 1544 EXIST::FUNCTION:
-i2d_DIST_POINT_NAME 1545 EXIST::FUNCTION:
-DIST_POINT_NAME_new 1546 EXIST::FUNCTION:
-DIST_POINT_NAME_free 1547 EXIST::FUNCTION:
-d2i_DIST_POINT_NAME 1548 EXIST::FUNCTION:
-X509V3_add_value_uchar 1549 EXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_ATTRIBUTE 1555 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_ASN1_TYPE 1560 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_EXTENSION 1567 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_NAME_ENTRY 1574 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_ASN1_TYPE 1589 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_ATTRIBUTE 1615 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_EXTENSION 1624 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_NAME_ENTRY 1633 NOEXIST::FUNCTION:
-X509V3_EXT_i2d 1646 EXIST::FUNCTION:
-X509V3_EXT_val_prn 1647 EXIST::FUNCTION:
-X509V3_EXT_add_list 1648 EXIST::FUNCTION:
-EVP_CIPHER_type 1649 EXIST::FUNCTION:
-EVP_PBE_CipherInit 1650 EXIST::FUNCTION:
-X509V3_add_value_bool_nf 1651 EXIST::FUNCTION:
-d2i_ASN1_UINTEGER 1652 EXIST::FUNCTION:
-sk_value 1653 EXIST::FUNCTION:
-sk_num 1654 EXIST::FUNCTION:
-sk_set 1655 EXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_REVOKED 1661 NOEXIST::FUNCTION:
-sk_sort 1671 EXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_REVOKED 1674 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_ALGOR 1682 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_X509_CRL 1685 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_ALGOR 1696 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_X509_CRL 1702 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO 1723 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_PKCS7_RECIP_INFO 1738 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO 1748 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_PKCS7_RECIP_INFO 1753 NOEXIST::FUNCTION:
-PKCS5_PBE_add 1775 EXIST::FUNCTION:
-PEM_write_bio_PKCS8 1776 EXIST::FUNCTION:
-i2d_PKCS8_fp 1777 EXIST::FUNCTION:FP_API
-PEM_read_bio_PKCS8_PRIV_KEY_INFO 1778 EXIST:!VMS:FUNCTION:
-PEM_read_bio_P8_PRIV_KEY_INFO 1778 EXIST:VMS:FUNCTION:
-d2i_PKCS8_bio 1779 EXIST::FUNCTION:BIO
-d2i_PKCS8_PRIV_KEY_INFO_fp 1780 EXIST::FUNCTION:FP_API
-PEM_write_bio_PKCS8_PRIV_KEY_INFO 1781 EXIST:!VMS:FUNCTION:
-PEM_write_bio_P8_PRIV_KEY_INFO 1781 EXIST:VMS:FUNCTION:
-PEM_read_PKCS8 1782 EXIST:!WIN16:FUNCTION:
-d2i_PKCS8_PRIV_KEY_INFO_bio 1783 EXIST::FUNCTION:BIO
-d2i_PKCS8_fp 1784 EXIST::FUNCTION:FP_API
-PEM_write_PKCS8 1785 EXIST:!WIN16:FUNCTION:
-PEM_read_PKCS8_PRIV_KEY_INFO 1786 EXIST:!VMS,!WIN16:FUNCTION:
-PEM_read_P8_PRIV_KEY_INFO 1786 EXIST:VMS:FUNCTION:
-PEM_read_bio_PKCS8 1787 EXIST::FUNCTION:
-PEM_write_PKCS8_PRIV_KEY_INFO 1788 EXIST:!VMS,!WIN16:FUNCTION:
-PEM_write_P8_PRIV_KEY_INFO 1788 EXIST:VMS:FUNCTION:
-PKCS5_PBE_keyivgen 1789 EXIST::FUNCTION:
-i2d_PKCS8_bio 1790 EXIST::FUNCTION:BIO
-i2d_PKCS8_PRIV_KEY_INFO_fp 1791 EXIST::FUNCTION:FP_API
-i2d_PKCS8_PRIV_KEY_INFO_bio 1792 EXIST::FUNCTION:BIO
-BIO_s_bio 1793 EXIST::FUNCTION:
-PKCS5_pbe2_set 1794 EXIST::FUNCTION:
-PKCS5_PBKDF2_HMAC_SHA1 1795 EXIST::FUNCTION:
-PKCS5_v2_PBE_keyivgen 1796 EXIST::FUNCTION:
-PEM_write_bio_PKCS8PrivateKey 1797 EXIST::FUNCTION:
-PEM_write_PKCS8PrivateKey 1798 EXIST::FUNCTION:
-BIO_ctrl_get_read_request 1799 EXIST::FUNCTION:
-BIO_ctrl_pending 1800 EXIST::FUNCTION:
-BIO_ctrl_wpending 1801 EXIST::FUNCTION:
-BIO_new_bio_pair 1802 EXIST::FUNCTION:
-BIO_ctrl_get_write_guarantee 1803 EXIST::FUNCTION:
-CRYPTO_num_locks 1804 EXIST::FUNCTION:
-CONF_load_bio 1805 EXIST::FUNCTION:
-CONF_load_fp 1806 EXIST::FUNCTION:FP_API
-i2d_ASN1_SET_OF_ASN1_OBJECT 1837 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_ASN1_OBJECT 1844 NOEXIST::FUNCTION:
-PKCS7_signatureVerify 1845 EXIST::FUNCTION:
-RSA_set_method 1846 EXIST::FUNCTION:RSA
-RSA_get_method 1847 EXIST::FUNCTION:RSA
-RSA_get_default_method 1848 EXIST::FUNCTION:RSA
-RSA_check_key 1869 EXIST::FUNCTION:RSA
-OBJ_obj2txt 1870 EXIST::FUNCTION:
-DSA_dup_DH 1871 EXIST::FUNCTION:DH,DSA
-X509_REQ_get_extensions 1872 EXIST::FUNCTION:
-X509_REQ_set_extension_nids 1873 EXIST::FUNCTION:
-BIO_nwrite 1874 EXIST::FUNCTION:
-X509_REQ_extension_nid 1875 EXIST::FUNCTION:
-BIO_nread 1876 EXIST::FUNCTION:
-X509_REQ_get_extension_nids 1877 EXIST::FUNCTION:
-BIO_nwrite0 1878 EXIST::FUNCTION:
-X509_REQ_add_extensions_nid 1879 EXIST::FUNCTION:
-BIO_nread0 1880 EXIST::FUNCTION:
-X509_REQ_add_extensions 1881 EXIST::FUNCTION:
-BIO_new_mem_buf 1882 EXIST::FUNCTION:
-DH_set_ex_data 1883 EXIST::FUNCTION:DH
-DH_set_method 1884 EXIST::FUNCTION:DH
-DSA_OpenSSL 1885 EXIST::FUNCTION:DSA
-DH_get_ex_data 1886 EXIST::FUNCTION:DH
-DH_get_ex_new_index 1887 EXIST::FUNCTION:DH
-DSA_new_method 1888 EXIST::FUNCTION:DSA
-DH_new_method 1889 EXIST::FUNCTION:DH
-DH_OpenSSL 1890 EXIST::FUNCTION:DH
-DSA_get_ex_new_index 1891 EXIST::FUNCTION:DSA
-DH_get_default_method 1892 EXIST::FUNCTION:DH
-DSA_set_ex_data 1893 EXIST::FUNCTION:DSA
-DH_set_default_method 1894 EXIST::FUNCTION:DH
-DSA_get_ex_data 1895 EXIST::FUNCTION:DSA
-X509V3_EXT_REQ_add_conf 1896 EXIST::FUNCTION:
-NETSCAPE_SPKI_print 1897 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_set_pubkey 1898 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_b64_encode 1899 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_get_pubkey 1900 EXIST::FUNCTION:EVP
-NETSCAPE_SPKI_b64_decode 1901 EXIST::FUNCTION:EVP
-UTF8_putc 1902 EXIST::FUNCTION:
-UTF8_getc 1903 EXIST::FUNCTION:
-RSA_null_method 1904 EXIST::FUNCTION:RSA
-ASN1_tag2str 1905 EXIST::FUNCTION:
-BIO_ctrl_reset_read_request 1906 EXIST::FUNCTION:
-DISPLAYTEXT_new 1907 EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_free 1908 EXIST::FUNCTION:
-X509_REVOKED_get_ext_d2i 1909 EXIST::FUNCTION:
-X509_set_ex_data 1910 EXIST::FUNCTION:
-X509_reject_set_bit_asc 1911 NOEXIST::FUNCTION:
-X509_NAME_add_entry_by_txt 1912 EXIST::FUNCTION:
-X509_NAME_add_entry_by_NID 1914 EXIST::FUNCTION:
-X509_PURPOSE_get0 1915 EXIST::FUNCTION:
-PEM_read_X509_AUX 1917 EXIST:!WIN16:FUNCTION:
-d2i_AUTHORITY_INFO_ACCESS 1918 EXIST::FUNCTION:
-PEM_write_PUBKEY 1921 EXIST:!WIN16:FUNCTION:
-ACCESS_DESCRIPTION_new 1925 EXIST::FUNCTION:
-X509_CERT_AUX_free 1926 EXIST::FUNCTION:
-d2i_ACCESS_DESCRIPTION 1927 EXIST::FUNCTION:
-X509_trust_clear 1928 EXIST::FUNCTION:
-X509_TRUST_add 1931 EXIST::FUNCTION:
-ASN1_VISIBLESTRING_new 1932 EXIST::FUNCTION:
-X509_alias_set1 1933 EXIST::FUNCTION:
-ASN1_PRINTABLESTRING_free 1934 EXIST::FUNCTION:
-EVP_PKEY_get1_DSA 1935 EXIST::FUNCTION:DSA
-ASN1_BMPSTRING_new 1936 EXIST::FUNCTION:
-ASN1_mbstring_copy 1937 EXIST::FUNCTION:
-ASN1_UTF8STRING_new 1938 EXIST::FUNCTION:
-DSA_get_default_method 1941 EXIST::FUNCTION:DSA
-i2d_ASN1_SET_OF_ACCESS_DESCRIPTION 1945 NOEXIST::FUNCTION:
-ASN1_T61STRING_free 1946 EXIST::FUNCTION:
-DSA_set_method 1949 EXIST::FUNCTION:DSA
-X509_get_ex_data 1950 EXIST::FUNCTION:
-ASN1_STRING_type 1951 EXIST::FUNCTION:
-X509_PURPOSE_get_by_sname 1952 EXIST::FUNCTION:
-ASN1_TIME_free 1954 EXIST::FUNCTION:
-ASN1_OCTET_STRING_cmp 1955 EXIST::FUNCTION:
-ASN1_BIT_STRING_new 1957 EXIST::FUNCTION:
-X509_get_ext_d2i 1958 EXIST::FUNCTION:
-PEM_read_bio_X509_AUX 1959 EXIST::FUNCTION:
-ASN1_STRING_set_default_mask_asc 1960 EXIST:!VMS:FUNCTION:
-ASN1_STRING_set_def_mask_asc 1960 EXIST:VMS:FUNCTION:
-PEM_write_bio_RSA_PUBKEY 1961 EXIST::FUNCTION:RSA
-ASN1_INTEGER_cmp 1963 EXIST::FUNCTION:
-d2i_RSA_PUBKEY_fp 1964 EXIST::FUNCTION:FP_API,RSA
-X509_trust_set_bit_asc 1967 NOEXIST::FUNCTION:
-PEM_write_bio_DSA_PUBKEY 1968 EXIST::FUNCTION:DSA
-X509_STORE_CTX_free 1969 EXIST::FUNCTION:
-EVP_PKEY_set1_DSA 1970 EXIST::FUNCTION:DSA
-i2d_DSA_PUBKEY_fp 1971 EXIST::FUNCTION:DSA,FP_API
-X509_load_cert_crl_file 1972 EXIST::FUNCTION:STDIO
-ASN1_TIME_new 1973 EXIST::FUNCTION:
-i2d_RSA_PUBKEY 1974 EXIST::FUNCTION:RSA
-X509_STORE_CTX_purpose_inherit 1976 EXIST::FUNCTION:
-PEM_read_RSA_PUBKEY 1977 EXIST:!WIN16:FUNCTION:RSA
-d2i_X509_AUX 1980 EXIST::FUNCTION:
-i2d_DSA_PUBKEY 1981 EXIST::FUNCTION:DSA
-X509_CERT_AUX_print 1982 EXIST::FUNCTION:BIO
-PEM_read_DSA_PUBKEY 1984 EXIST:!WIN16:FUNCTION:DSA
-i2d_RSA_PUBKEY_bio 1985 EXIST::FUNCTION:BIO,RSA
-ASN1_BIT_STRING_num_asc 1986 EXIST::FUNCTION:
-i2d_PUBKEY 1987 EXIST::FUNCTION:
-ASN1_UTCTIME_free 1988 EXIST::FUNCTION:
-DSA_set_default_method 1989 EXIST::FUNCTION:DSA
-X509_PURPOSE_get_by_id 1990 EXIST::FUNCTION:
-ACCESS_DESCRIPTION_free 1994 EXIST::FUNCTION:
-PEM_read_bio_PUBKEY 1995 EXIST::FUNCTION:
-ASN1_STRING_set_by_NID 1996 EXIST::FUNCTION:
-X509_PURPOSE_get_id 1997 EXIST::FUNCTION:
-DISPLAYTEXT_free 1998 EXIST::FUNCTION:
-OTHERNAME_new 1999 EXIST::FUNCTION:
-X509_CERT_AUX_new 2001 EXIST::FUNCTION:
-X509_TRUST_cleanup 2007 EXIST::FUNCTION:
-X509_NAME_add_entry_by_OBJ 2008 EXIST::FUNCTION:
-X509_CRL_get_ext_d2i 2009 EXIST::FUNCTION:
-X509_PURPOSE_get0_name 2011 EXIST::FUNCTION:
-PEM_read_PUBKEY 2012 EXIST:!WIN16:FUNCTION:
-i2d_DSA_PUBKEY_bio 2014 EXIST::FUNCTION:BIO,DSA
-i2d_OTHERNAME 2015 EXIST::FUNCTION:
-ASN1_OCTET_STRING_free 2016 EXIST::FUNCTION:
-ASN1_BIT_STRING_set_asc 2017 EXIST::FUNCTION:
-X509_get_ex_new_index 2019 EXIST::FUNCTION:
-ASN1_STRING_TABLE_cleanup 2020 EXIST::FUNCTION:
-X509_TRUST_get_by_id 2021 EXIST::FUNCTION:
-X509_PURPOSE_get_trust 2022 EXIST::FUNCTION:
-ASN1_STRING_length 2023 EXIST::FUNCTION:
-d2i_ASN1_SET_OF_ACCESS_DESCRIPTION 2024 NOEXIST::FUNCTION:
-ASN1_PRINTABLESTRING_new 2025 EXIST::FUNCTION:
-X509V3_get_d2i 2026 EXIST::FUNCTION:
-ASN1_ENUMERATED_free 2027 EXIST::FUNCTION:
-i2d_X509_CERT_AUX 2028 EXIST::FUNCTION:
-X509_STORE_CTX_set_trust 2030 EXIST::FUNCTION:
-ASN1_STRING_set_default_mask 2032 EXIST::FUNCTION:
-X509_STORE_CTX_new 2033 EXIST::FUNCTION:
-EVP_PKEY_get1_RSA 2034 EXIST::FUNCTION:RSA
-DIRECTORYSTRING_free 2038 EXIST::FUNCTION:
-PEM_write_X509_AUX 2039 EXIST:!WIN16:FUNCTION:
-ASN1_OCTET_STRING_set 2040 EXIST::FUNCTION:
-d2i_DSA_PUBKEY_fp 2041 EXIST::FUNCTION:DSA,FP_API
-d2i_RSA_PUBKEY 2044 EXIST::FUNCTION:RSA
-X509_TRUST_get0_name 2046 EXIST::FUNCTION:
-X509_TRUST_get0 2047 EXIST::FUNCTION:
-AUTHORITY_INFO_ACCESS_free 2048 EXIST::FUNCTION:
-ASN1_IA5STRING_new 2049 EXIST::FUNCTION:
-d2i_DSA_PUBKEY 2050 EXIST::FUNCTION:DSA
-X509_check_purpose 2051 EXIST::FUNCTION:
-ASN1_ENUMERATED_new 2052 EXIST::FUNCTION:
-d2i_RSA_PUBKEY_bio 2053 EXIST::FUNCTION:BIO,RSA
-d2i_PUBKEY 2054 EXIST::FUNCTION:
-X509_TRUST_get_trust 2055 EXIST::FUNCTION:
-X509_TRUST_get_flags 2056 EXIST::FUNCTION:
-ASN1_BMPSTRING_free 2057 EXIST::FUNCTION:
-ASN1_T61STRING_new 2058 EXIST::FUNCTION:
-ASN1_UTCTIME_new 2060 EXIST::FUNCTION:
-i2d_AUTHORITY_INFO_ACCESS 2062 EXIST::FUNCTION:
-EVP_PKEY_set1_RSA 2063 EXIST::FUNCTION:RSA
-X509_STORE_CTX_set_purpose 2064 EXIST::FUNCTION:
-ASN1_IA5STRING_free 2065 EXIST::FUNCTION:
-PEM_write_bio_X509_AUX 2066 EXIST::FUNCTION:
-X509_PURPOSE_get_count 2067 EXIST::FUNCTION:
-CRYPTO_add_info 2068 NOEXIST::FUNCTION:
-X509_NAME_ENTRY_create_by_txt 2071 EXIST::FUNCTION:
-ASN1_STRING_get_default_mask 2072 EXIST::FUNCTION:
-X509_alias_get0 2074 EXIST::FUNCTION:
-ASN1_STRING_data 2075 EXIST::FUNCTION:
-i2d_ACCESS_DESCRIPTION 2077 EXIST::FUNCTION:
-X509_trust_set_bit 2078 NOEXIST::FUNCTION:
-ASN1_BIT_STRING_free 2080 EXIST::FUNCTION:
-PEM_read_bio_RSA_PUBKEY 2081 EXIST::FUNCTION:RSA
-X509_add1_reject_object 2082 EXIST::FUNCTION:
-X509_check_trust 2083 EXIST::FUNCTION:
-PEM_read_bio_DSA_PUBKEY 2088 EXIST::FUNCTION:DSA
-X509_PURPOSE_add 2090 EXIST::FUNCTION:
-ASN1_STRING_TABLE_get 2091 EXIST::FUNCTION:
-ASN1_UTF8STRING_free 2092 EXIST::FUNCTION:
-d2i_DSA_PUBKEY_bio 2093 EXIST::FUNCTION:BIO,DSA
-PEM_write_RSA_PUBKEY 2095 EXIST:!WIN16:FUNCTION:RSA
-d2i_OTHERNAME 2096 EXIST::FUNCTION:
-X509_reject_set_bit 2098 NOEXIST::FUNCTION:
-PEM_write_DSA_PUBKEY 2101 EXIST:!WIN16:FUNCTION:DSA
-X509_PURPOSE_get0_sname 2105 EXIST::FUNCTION:
-EVP_PKEY_set1_DH 2107 EXIST::FUNCTION:DH
-ASN1_OCTET_STRING_dup 2108 EXIST::FUNCTION:
-ASN1_BIT_STRING_set 2109 EXIST::FUNCTION:
-X509_TRUST_get_count 2110 EXIST::FUNCTION:
-ASN1_INTEGER_free 2111 EXIST::FUNCTION:
-OTHERNAME_free 2112 EXIST::FUNCTION:
-i2d_RSA_PUBKEY_fp 2113 EXIST::FUNCTION:FP_API,RSA
-ASN1_INTEGER_dup 2114 EXIST::FUNCTION:
-d2i_X509_CERT_AUX 2115 EXIST::FUNCTION:
-PEM_write_bio_PUBKEY 2117 EXIST::FUNCTION:
-ASN1_VISIBLESTRING_free 2118 EXIST::FUNCTION:
-X509_PURPOSE_cleanup 2119 EXIST::FUNCTION:
-ASN1_mbstring_ncopy 2123 EXIST::FUNCTION:
-ASN1_GENERALIZEDTIME_new 2126 EXIST::FUNCTION:
-EVP_PKEY_get1_DH 2128 EXIST::FUNCTION:DH
-ASN1_OCTET_STRING_new 2130 EXIST::FUNCTION:
-ASN1_INTEGER_new 2131 EXIST::FUNCTION:
-i2d_X509_AUX 2132 EXIST::FUNCTION:
-ASN1_BIT_STRING_name_print 2134 EXIST::FUNCTION:BIO
-X509_cmp 2135 EXIST::FUNCTION:
-ASN1_STRING_length_set 2136 EXIST::FUNCTION:
-DIRECTORYSTRING_new 2137 EXIST::FUNCTION:
-X509_add1_trust_object 2140 EXIST::FUNCTION:
-PKCS12_newpass 2141 EXIST::FUNCTION:
-SMIME_write_PKCS7 2142 EXIST::FUNCTION:
-SMIME_read_PKCS7 2143 EXIST::FUNCTION:
-DES_set_key_checked 2144 EXIST::FUNCTION:DES
-PKCS7_verify 2145 EXIST::FUNCTION:
-PKCS7_encrypt 2146 EXIST::FUNCTION:
-DES_set_key_unchecked 2147 EXIST::FUNCTION:DES
-SMIME_crlf_copy 2148 EXIST::FUNCTION:
-i2d_ASN1_PRINTABLESTRING 2149 EXIST::FUNCTION:
-PKCS7_get0_signers 2150 EXIST::FUNCTION:
-PKCS7_decrypt 2151 EXIST::FUNCTION:
-SMIME_text 2152 EXIST::FUNCTION:
-PKCS7_simple_smimecap 2153 EXIST::FUNCTION:
-PKCS7_get_smimecap 2154 EXIST::FUNCTION:
-PKCS7_sign 2155 EXIST::FUNCTION:
-PKCS7_add_attrib_smimecap 2156 EXIST::FUNCTION:
-CRYPTO_dbg_set_options 2157 EXIST::FUNCTION:
-CRYPTO_remove_all_info 2158 EXIST::FUNCTION:
-CRYPTO_get_mem_debug_functions 2159 EXIST::FUNCTION:
-CRYPTO_is_mem_check_on 2160 EXIST::FUNCTION:
-CRYPTO_set_mem_debug_functions 2161 EXIST::FUNCTION:
-CRYPTO_pop_info 2162 EXIST::FUNCTION:
-CRYPTO_push_info_ 2163 EXIST::FUNCTION:
-CRYPTO_set_mem_debug_options 2164 EXIST::FUNCTION:
-PEM_write_PKCS8PrivateKey_nid 2165 EXIST::FUNCTION:
-PEM_write_bio_PKCS8PrivateKey_nid 2166 EXIST:!VMS:FUNCTION:
-PEM_write_bio_PKCS8PrivKey_nid 2166 EXIST:VMS:FUNCTION:
-d2i_PKCS8PrivateKey_bio 2167 EXIST::FUNCTION:
-ASN1_NULL_free 2168 EXIST::FUNCTION:
-d2i_ASN1_NULL 2169 EXIST::FUNCTION:
-ASN1_NULL_new 2170 EXIST::FUNCTION:
-i2d_PKCS8PrivateKey_bio 2171 EXIST::FUNCTION:
-i2d_PKCS8PrivateKey_fp 2172 EXIST::FUNCTION:
-i2d_ASN1_NULL 2173 EXIST::FUNCTION:
-i2d_PKCS8PrivateKey_nid_fp 2174 EXIST::FUNCTION:
-d2i_PKCS8PrivateKey_fp 2175 EXIST::FUNCTION:
-i2d_PKCS8PrivateKey_nid_bio 2176 EXIST::FUNCTION:
-i2d_PKCS8PrivateKeyInfo_fp 2177 EXIST::FUNCTION:FP_API
-i2d_PKCS8PrivateKeyInfo_bio 2178 EXIST::FUNCTION:BIO
-PEM_cb 2179 NOEXIST::FUNCTION:
-i2d_PrivateKey_fp 2180 EXIST::FUNCTION:FP_API
-d2i_PrivateKey_bio 2181 EXIST::FUNCTION:BIO
-d2i_PrivateKey_fp 2182 EXIST::FUNCTION:FP_API
-i2d_PrivateKey_bio 2183 EXIST::FUNCTION:BIO
-X509_reject_clear 2184 EXIST::FUNCTION:
-X509_TRUST_set_default 2185 EXIST::FUNCTION:
-d2i_AutoPrivateKey 2186 EXIST::FUNCTION:
-X509_ATTRIBUTE_get0_type 2187 EXIST::FUNCTION:
-X509_ATTRIBUTE_set1_data 2188 EXIST::FUNCTION:
-X509at_get_attr 2189 EXIST::FUNCTION:
-X509at_get_attr_count 2190 EXIST::FUNCTION:
-X509_ATTRIBUTE_create_by_NID 2191 EXIST::FUNCTION:
-X509_ATTRIBUTE_set1_object 2192 EXIST::FUNCTION:
-X509_ATTRIBUTE_count 2193 EXIST::FUNCTION:
-X509_ATTRIBUTE_create_by_OBJ 2194 EXIST::FUNCTION:
-X509_ATTRIBUTE_get0_object 2195 EXIST::FUNCTION:
-X509at_get_attr_by_NID 2196 EXIST::FUNCTION:
-X509at_add1_attr 2197 EXIST::FUNCTION:
-X509_ATTRIBUTE_get0_data 2198 EXIST::FUNCTION:
-X509at_delete_attr 2199 EXIST::FUNCTION:
-X509at_get_attr_by_OBJ 2200 EXIST::FUNCTION:
-RAND_add 2201 EXIST::FUNCTION:
-BIO_number_written 2202 EXIST::FUNCTION:
-BIO_number_read 2203 EXIST::FUNCTION:
-X509_STORE_CTX_get1_chain 2204 EXIST::FUNCTION:
-ERR_load_RAND_strings 2205 EXIST::FUNCTION:
-RAND_pseudo_bytes 2206 EXIST::FUNCTION:
-X509_REQ_get_attr_by_NID 2207 EXIST::FUNCTION:
-X509_REQ_get_attr 2208 EXIST::FUNCTION:
-X509_REQ_add1_attr_by_NID 2209 EXIST::FUNCTION:
-X509_REQ_get_attr_by_OBJ 2210 EXIST::FUNCTION:
-X509at_add1_attr_by_NID 2211 EXIST::FUNCTION:
-X509_REQ_add1_attr_by_OBJ 2212 EXIST::FUNCTION:
-X509_REQ_get_attr_count 2213 EXIST::FUNCTION:
-X509_REQ_add1_attr 2214 EXIST::FUNCTION:
-X509_REQ_delete_attr 2215 EXIST::FUNCTION:
-X509at_add1_attr_by_OBJ 2216 EXIST::FUNCTION:
-X509_REQ_add1_attr_by_txt 2217 EXIST::FUNCTION:
-X509_ATTRIBUTE_create_by_txt 2218 EXIST::FUNCTION:
-X509at_add1_attr_by_txt 2219 EXIST::FUNCTION:
-BN_pseudo_rand 2239 EXIST::FUNCTION:
-BN_is_prime_fasttest 2240 EXIST::FUNCTION:DEPRECATED
-BN_CTX_end 2241 EXIST::FUNCTION:
-BN_CTX_start 2242 EXIST::FUNCTION:
-BN_CTX_get 2243 EXIST::FUNCTION:
-EVP_PKEY2PKCS8_broken 2244 EXIST::FUNCTION:
-ASN1_STRING_TABLE_add 2245 EXIST::FUNCTION:
-CRYPTO_dbg_get_options 2246 EXIST::FUNCTION:
-AUTHORITY_INFO_ACCESS_new 2247 EXIST::FUNCTION:
-CRYPTO_get_mem_debug_options 2248 EXIST::FUNCTION:
-DES_crypt 2249 EXIST::FUNCTION:DES
-PEM_write_bio_X509_REQ_NEW 2250 EXIST::FUNCTION:
-PEM_write_X509_REQ_NEW 2251 EXIST:!WIN16:FUNCTION:
-BIO_callback_ctrl 2252 EXIST::FUNCTION:
-RAND_egd 2253 EXIST::FUNCTION:
-RAND_status 2254 EXIST::FUNCTION:
-bn_dump1 2255 NOEXIST::FUNCTION:
-DES_check_key_parity 2256 EXIST::FUNCTION:DES
-lh_num_items 2257 EXIST::FUNCTION:
-RAND_event 2258 EXIST:WIN32:FUNCTION:
-DSO_new 2259 EXIST::FUNCTION:
-DSO_new_method 2260 EXIST::FUNCTION:
-DSO_free 2261 EXIST::FUNCTION:
-DSO_flags 2262 EXIST::FUNCTION:
-DSO_up 2263 NOEXIST::FUNCTION:
-DSO_set_default_method 2264 EXIST::FUNCTION:
-DSO_get_default_method 2265 EXIST::FUNCTION:
-DSO_get_method 2266 EXIST::FUNCTION:
-DSO_set_method 2267 EXIST::FUNCTION:
-DSO_load 2268 EXIST::FUNCTION:
-DSO_bind_var 2269 EXIST::FUNCTION:
-DSO_METHOD_null 2270 EXIST::FUNCTION:
-DSO_METHOD_openssl 2271 EXIST::FUNCTION:
-DSO_METHOD_dlfcn 2272 EXIST::FUNCTION:
-DSO_METHOD_win32 2273 EXIST::FUNCTION:
-ERR_load_DSO_strings 2274 EXIST::FUNCTION:
-DSO_METHOD_dl 2275 EXIST::FUNCTION:
-NCONF_load 2276 EXIST::FUNCTION:
-NCONF_load_fp 2278 EXIST::FUNCTION:FP_API
-NCONF_new 2279 EXIST::FUNCTION:
-NCONF_get_string 2280 EXIST::FUNCTION:
-NCONF_free 2281 EXIST::FUNCTION:
-NCONF_get_number 2282 NOEXIST::FUNCTION:
-CONF_dump_fp 2283 EXIST::FUNCTION:
-NCONF_load_bio 2284 EXIST::FUNCTION:
-NCONF_dump_fp 2285 EXIST::FUNCTION:
-NCONF_get_section 2286 EXIST::FUNCTION:
-NCONF_dump_bio 2287 EXIST::FUNCTION:
-CONF_dump_bio 2288 EXIST::FUNCTION:
-NCONF_free_data 2289 EXIST::FUNCTION:
-CONF_set_default_method 2290 EXIST::FUNCTION:
-ERR_error_string_n 2291 EXIST::FUNCTION:
-BIO_snprintf 2292 EXIST::FUNCTION:
-DSO_ctrl 2293 EXIST::FUNCTION:
-i2d_ASN1_SET_OF_ASN1_INTEGER 2317 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_PKCS12_SAFEBAG 2320 NOEXIST::FUNCTION:
-i2d_ASN1_SET_OF_PKCS7 2328 NOEXIST::FUNCTION:
-BIO_vfree 2334 EXIST::FUNCTION:
-d2i_ASN1_SET_OF_ASN1_INTEGER 2339 NOEXIST::FUNCTION:
-d2i_ASN1_SET_OF_PKCS12_SAFEBAG 2341 NOEXIST::FUNCTION:
-ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION:
-X509_REQ_digest 2362 EXIST::FUNCTION:EVP
-X509_CRL_digest 2391 EXIST::FUNCTION:EVP
-d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION:
-EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION:
-EVP_CIPHER_CTX_ctrl 2400 EXIST::FUNCTION:
-BN_mod_exp_mont_word 2401 EXIST::FUNCTION:
-RAND_egd_bytes 2402 EXIST::FUNCTION:
-X509_REQ_get1_email 2403 EXIST::FUNCTION:
-X509_get1_email 2404 EXIST::FUNCTION:
-X509_email_free 2405 EXIST::FUNCTION:
-i2d_RSA_NET 2406 EXIST::FUNCTION:RSA
-d2i_RSA_NET_2 2407 NOEXIST::FUNCTION:
-d2i_RSA_NET 2408 EXIST::FUNCTION:RSA
-DSO_bind_func 2409 EXIST::FUNCTION:
-CRYPTO_get_new_dynlockid 2410 EXIST::FUNCTION:
-sk_new_null 2411 EXIST::FUNCTION:
-CRYPTO_set_dynlock_destroy_callback 2412 EXIST:!VMS:FUNCTION:
-CRYPTO_set_dynlock_destroy_cb 2412 EXIST:VMS:FUNCTION:
-CRYPTO_destroy_dynlockid 2413 EXIST::FUNCTION:
-CRYPTO_set_dynlock_size 2414 NOEXIST::FUNCTION:
-CRYPTO_set_dynlock_create_callback 2415 EXIST:!VMS:FUNCTION:
-CRYPTO_set_dynlock_create_cb 2415 EXIST:VMS:FUNCTION:
-CRYPTO_set_dynlock_lock_callback 2416 EXIST:!VMS:FUNCTION:
-CRYPTO_set_dynlock_lock_cb 2416 EXIST:VMS:FUNCTION:
-CRYPTO_get_dynlock_lock_callback 2417 EXIST:!VMS:FUNCTION:
-CRYPTO_get_dynlock_lock_cb 2417 EXIST:VMS:FUNCTION:
-CRYPTO_get_dynlock_destroy_callback 2418 EXIST:!VMS:FUNCTION:
-CRYPTO_get_dynlock_destroy_cb 2418 EXIST:VMS:FUNCTION:
-CRYPTO_get_dynlock_value 2419 EXIST::FUNCTION:
-CRYPTO_get_dynlock_create_callback 2420 EXIST:!VMS:FUNCTION:
-CRYPTO_get_dynlock_create_cb 2420 EXIST:VMS:FUNCTION:
-c2i_ASN1_BIT_STRING 2421 EXIST::FUNCTION:
-i2c_ASN1_BIT_STRING 2422 EXIST::FUNCTION:
-RAND_poll 2423 EXIST::FUNCTION:
-c2i_ASN1_INTEGER 2424 EXIST::FUNCTION:
-i2c_ASN1_INTEGER 2425 EXIST::FUNCTION:
-BIO_dump_indent 2426 EXIST::FUNCTION:
-ASN1_parse_dump 2427 EXIST::FUNCTION:BIO
-c2i_ASN1_OBJECT 2428 EXIST::FUNCTION:
-X509_NAME_print_ex_fp 2429 EXIST::FUNCTION:FP_API
-ASN1_STRING_print_ex_fp 2430 EXIST::FUNCTION:FP_API
-X509_NAME_print_ex 2431 EXIST::FUNCTION:BIO
-ASN1_STRING_print_ex 2432 EXIST::FUNCTION:BIO
-MD4 2433 EXIST::FUNCTION:MD4
-MD4_Transform 2434 EXIST::FUNCTION:MD4
-MD4_Final 2435 EXIST::FUNCTION:MD4
-MD4_Update 2436 EXIST::FUNCTION:MD4
-MD4_Init 2437 EXIST::FUNCTION:MD4
-EVP_md4 2438 EXIST::FUNCTION:MD4
-i2d_PUBKEY_bio 2439 EXIST::FUNCTION:BIO
-i2d_PUBKEY_fp 2440 EXIST::FUNCTION:FP_API
-d2i_PUBKEY_bio 2441 EXIST::FUNCTION:BIO
-ASN1_STRING_to_UTF8 2442 EXIST::FUNCTION:
-BIO_vprintf 2443 EXIST::FUNCTION:
-BIO_vsnprintf 2444 EXIST::FUNCTION:
-d2i_PUBKEY_fp 2445 EXIST::FUNCTION:FP_API
-X509_cmp_time 2446 EXIST::FUNCTION:
-X509_STORE_CTX_set_time 2447 EXIST::FUNCTION:
-X509_STORE_CTX_get1_issuer 2448 EXIST::FUNCTION:
-X509_OBJECT_retrieve_match 2449 EXIST::FUNCTION:
-X509_OBJECT_idx_by_subject 2450 EXIST::FUNCTION:
-X509_STORE_CTX_set_flags 2451 EXIST::FUNCTION:
-X509_STORE_CTX_trusted_stack 2452 EXIST::FUNCTION:
-X509_time_adj 2453 EXIST::FUNCTION:
-X509_check_issued 2454 EXIST::FUNCTION:
-ASN1_UTCTIME_cmp_time_t 2455 EXIST::FUNCTION:
-DES_set_weak_key_flag 2456 NOEXIST::FUNCTION:
-DES_check_key 2457 NOEXIST::FUNCTION:
-DES_rw_mode 2458 NOEXIST::FUNCTION:
-RSA_PKCS1_RSAref 2459 NOEXIST::FUNCTION:
-X509_keyid_set1 2460 EXIST::FUNCTION:
-BIO_next 2461 EXIST::FUNCTION:
-DSO_METHOD_vms 2462 EXIST::FUNCTION:
-BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION:
-BN_bntest_rand 2464 EXIST::FUNCTION:
-OPENSSL_issetugid 2465 EXIST::FUNCTION:
-BN_rand_range 2466 EXIST::FUNCTION:
-ERR_load_ENGINE_strings 2467 EXIST::FUNCTION:ENGINE
-ENGINE_set_DSA 2468 EXIST::FUNCTION:ENGINE
-ENGINE_get_finish_function 2469 EXIST::FUNCTION:ENGINE
-ENGINE_get_default_RSA 2470 EXIST::FUNCTION:ENGINE
-ENGINE_get_BN_mod_exp 2471 NOEXIST::FUNCTION:
-DSA_get_default_openssl_method 2472 NOEXIST::FUNCTION:
-ENGINE_set_DH 2473 EXIST::FUNCTION:ENGINE
-ENGINE_set_def_BN_mod_exp_crt 2474 NOEXIST::FUNCTION:
-ENGINE_set_default_BN_mod_exp_crt 2474 NOEXIST::FUNCTION:
-ENGINE_init 2475 EXIST::FUNCTION:ENGINE
-DH_get_default_openssl_method 2476 NOEXIST::FUNCTION:
-RSA_set_default_openssl_method 2477 NOEXIST::FUNCTION:
-ENGINE_finish 2478 EXIST::FUNCTION:ENGINE
-ENGINE_load_public_key 2479 EXIST::FUNCTION:ENGINE
-ENGINE_get_DH 2480 EXIST::FUNCTION:ENGINE
-ENGINE_ctrl 2481 EXIST::FUNCTION:ENGINE
-ENGINE_get_init_function 2482 EXIST::FUNCTION:ENGINE
-ENGINE_set_init_function 2483 EXIST::FUNCTION:ENGINE
-ENGINE_set_default_DSA 2484 EXIST::FUNCTION:ENGINE
-ENGINE_get_name 2485 EXIST::FUNCTION:ENGINE
-ENGINE_get_last 2486 EXIST::FUNCTION:ENGINE
-ENGINE_get_prev 2487 EXIST::FUNCTION:ENGINE
-ENGINE_get_default_DH 2488 EXIST::FUNCTION:ENGINE
-ENGINE_get_RSA 2489 EXIST::FUNCTION:ENGINE
-ENGINE_set_default 2490 EXIST::FUNCTION:ENGINE
-ENGINE_get_RAND 2491 EXIST::FUNCTION:ENGINE
-ENGINE_get_first 2492 EXIST::FUNCTION:ENGINE
-ENGINE_by_id 2493 EXIST::FUNCTION:ENGINE
-ENGINE_set_finish_function 2494 EXIST::FUNCTION:ENGINE
-ENGINE_get_def_BN_mod_exp_crt 2495 NOEXIST::FUNCTION:
-ENGINE_get_default_BN_mod_exp_crt 2495 NOEXIST::FUNCTION:
-RSA_get_default_openssl_method 2496 NOEXIST::FUNCTION:
-ENGINE_set_RSA 2497 EXIST::FUNCTION:ENGINE
-ENGINE_load_private_key 2498 EXIST::FUNCTION:ENGINE
-ENGINE_set_default_RAND 2499 EXIST::FUNCTION:ENGINE
-ENGINE_set_BN_mod_exp 2500 NOEXIST::FUNCTION:
-ENGINE_remove 2501 EXIST::FUNCTION:ENGINE
-ENGINE_free 2502 EXIST::FUNCTION:ENGINE
-ENGINE_get_BN_mod_exp_crt 2503 NOEXIST::FUNCTION:
-ENGINE_get_next 2504 EXIST::FUNCTION:ENGINE
-ENGINE_set_name 2505 EXIST::FUNCTION:ENGINE
-ENGINE_get_default_DSA 2506 EXIST::FUNCTION:ENGINE
-ENGINE_set_default_BN_mod_exp 2507 NOEXIST::FUNCTION:
-ENGINE_set_default_RSA 2508 EXIST::FUNCTION:ENGINE
-ENGINE_get_default_RAND 2509 EXIST::FUNCTION:ENGINE
-ENGINE_get_default_BN_mod_exp 2510 NOEXIST::FUNCTION:
-ENGINE_set_RAND 2511 EXIST::FUNCTION:ENGINE
-ENGINE_set_id 2512 EXIST::FUNCTION:ENGINE
-ENGINE_set_BN_mod_exp_crt 2513 NOEXIST::FUNCTION:
-ENGINE_set_default_DH 2514 EXIST::FUNCTION:ENGINE
-ENGINE_new 2515 EXIST::FUNCTION:ENGINE
-ENGINE_get_id 2516 EXIST::FUNCTION:ENGINE
-DSA_set_default_openssl_method 2517 NOEXIST::FUNCTION:
-ENGINE_add 2518 EXIST::FUNCTION:ENGINE
-DH_set_default_openssl_method 2519 NOEXIST::FUNCTION:
-ENGINE_get_DSA 2520 EXIST::FUNCTION:ENGINE
-ENGINE_get_ctrl_function 2521 EXIST::FUNCTION:ENGINE
-ENGINE_set_ctrl_function 2522 EXIST::FUNCTION:ENGINE
-BN_pseudo_rand_range 2523 EXIST::FUNCTION:
-X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION:
-ERR_load_COMP_strings 2525 EXIST::FUNCTION:
-PKCS12_item_decrypt_d2i 2526 EXIST::FUNCTION:
-ASN1_UTF8STRING_it 2527 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_UTF8STRING_it 2527 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_unregister_ciphers 2528 EXIST::FUNCTION:ENGINE
-ENGINE_get_ciphers 2529 EXIST::FUNCTION:ENGINE
-d2i_OCSP_BASICRESP 2530 EXIST::FUNCTION:
-KRB5_CHECKSUM_it 2531 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_CHECKSUM_it 2531 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_POINT_add 2532 EXIST::FUNCTION:EC
-ASN1_item_ex_i2d 2533 EXIST::FUNCTION:
-OCSP_CERTID_it 2534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_CERTID_it 2534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_RESPBYTES 2535 EXIST::FUNCTION:
-X509V3_add1_i2d 2536 EXIST::FUNCTION:
-PKCS7_ENVELOPE_it 2537 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ENVELOPE_it 2537 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_add_input_boolean 2538 EXIST::FUNCTION:
-ENGINE_unregister_RSA 2539 EXIST::FUNCTION:ENGINE
-X509V3_EXT_nconf 2540 EXIST::FUNCTION:
-ASN1_GENERALSTRING_free 2541 EXIST::FUNCTION:
-d2i_OCSP_CERTSTATUS 2542 EXIST::FUNCTION:
-X509_REVOKED_set_serialNumber 2543 EXIST::FUNCTION:
-X509_print_ex 2544 EXIST::FUNCTION:BIO
-OCSP_ONEREQ_get1_ext_d2i 2545 EXIST::FUNCTION:
-ENGINE_register_all_RAND 2546 EXIST::FUNCTION:ENGINE
-ENGINE_load_dynamic 2547 EXIST::FUNCTION:ENGINE
-PBKDF2PARAM_it 2548 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PBKDF2PARAM_it 2548 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EXTENDED_KEY_USAGE_new 2549 EXIST::FUNCTION:
-EC_GROUP_clear_free 2550 EXIST::FUNCTION:EC
-OCSP_sendreq_bio 2551 EXIST::FUNCTION:
-ASN1_item_digest 2552 EXIST::FUNCTION:EVP
-OCSP_BASICRESP_delete_ext 2553 EXIST::FUNCTION:
-OCSP_SIGNATURE_it 2554 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_SIGNATURE_it 2554 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_CRL_it 2555 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CRL_it 2555 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_BASICRESP_add_ext 2556 EXIST::FUNCTION:
-KRB5_ENCKEY_it 2557 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_ENCKEY_it 2557 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_method_set_closer 2558 EXIST::FUNCTION:
-X509_STORE_set_purpose 2559 EXIST::FUNCTION:
-i2d_ASN1_GENERALSTRING 2560 EXIST::FUNCTION:
-OCSP_response_status 2561 EXIST::FUNCTION:
-i2d_OCSP_SERVICELOC 2562 EXIST::FUNCTION:
-ENGINE_get_digest_engine 2563 EXIST::FUNCTION:ENGINE
-EC_GROUP_set_curve_GFp 2564 EXIST::FUNCTION:EC
-OCSP_REQUEST_get_ext_by_OBJ 2565 EXIST::FUNCTION:
-_ossl_old_des_random_key 2566 EXIST::FUNCTION:DES
-ASN1_T61STRING_it 2567 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_T61STRING_it 2567 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GROUP_method_of 2568 EXIST::FUNCTION:EC
-i2d_KRB5_APREQ 2569 EXIST::FUNCTION:
-_ossl_old_des_encrypt 2570 EXIST::FUNCTION:DES
-ASN1_PRINTABLE_new 2571 EXIST::FUNCTION:
-HMAC_Init_ex 2572 EXIST::FUNCTION:HMAC
-d2i_KRB5_AUTHENT 2573 EXIST::FUNCTION:
-OCSP_archive_cutoff_new 2574 EXIST::FUNCTION:
-EC_POINT_set_Jprojective_coordinates_GFp 2575 EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_Jproj_coords_GFp 2575 EXIST:VMS:FUNCTION:EC
-_ossl_old_des_is_weak_key 2576 EXIST::FUNCTION:DES
-OCSP_BASICRESP_get_ext_by_OBJ 2577 EXIST::FUNCTION:
-EC_POINT_oct2point 2578 EXIST::FUNCTION:EC
-OCSP_SINGLERESP_get_ext_count 2579 EXIST::FUNCTION:
-UI_ctrl 2580 EXIST::FUNCTION:
-_shadow_DES_rw_mode 2581 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
-_shadow_DES_rw_mode 2581 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
-asn1_do_adb 2582 EXIST::FUNCTION:
-ASN1_template_i2d 2583 EXIST::FUNCTION:
-ENGINE_register_DH 2584 EXIST::FUNCTION:ENGINE
-UI_construct_prompt 2585 EXIST::FUNCTION:
-X509_STORE_set_trust 2586 EXIST::FUNCTION:
-UI_dup_input_string 2587 EXIST::FUNCTION:
-d2i_KRB5_APREQ 2588 EXIST::FUNCTION:
-EVP_MD_CTX_copy_ex 2589 EXIST::FUNCTION:
-OCSP_request_is_signed 2590 EXIST::FUNCTION:
-i2d_OCSP_REQINFO 2591 EXIST::FUNCTION:
-KRB5_ENCKEY_free 2592 EXIST::FUNCTION:
-OCSP_resp_get0 2593 EXIST::FUNCTION:
-GENERAL_NAME_it 2594 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-GENERAL_NAME_it 2594 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_GENERALIZEDTIME_it 2595 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_GENERALIZEDTIME_it 2595 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_STORE_set_flags 2596 EXIST::FUNCTION:
-EC_POINT_set_compressed_coordinates_GFp 2597 EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_compr_coords_GFp 2597 EXIST:VMS:FUNCTION:EC
-OCSP_response_status_str 2598 EXIST::FUNCTION:
-d2i_OCSP_REVOKEDINFO 2599 EXIST::FUNCTION:
-OCSP_basic_add1_cert 2600 EXIST::FUNCTION:
-ERR_get_implementation 2601 EXIST::FUNCTION:
-EVP_CipherFinal_ex 2602 EXIST::FUNCTION:
-OCSP_CERTSTATUS_new 2603 EXIST::FUNCTION:
-CRYPTO_cleanup_all_ex_data 2604 EXIST::FUNCTION:
-OCSP_resp_find 2605 EXIST::FUNCTION:
-BN_nnmod 2606 EXIST::FUNCTION:
-X509_CRL_sort 2607 EXIST::FUNCTION:
-X509_REVOKED_set_revocationDate 2608 EXIST::FUNCTION:
-ENGINE_register_RAND 2609 EXIST::FUNCTION:ENGINE
-OCSP_SERVICELOC_new 2610 EXIST::FUNCTION:
-EC_POINT_set_affine_coordinates_GFp 2611 EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_affine_coords_GFp 2611 EXIST:VMS:FUNCTION:EC
-_ossl_old_des_options 2612 EXIST::FUNCTION:DES
-SXNET_it 2613 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-SXNET_it 2613 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_dup_input_boolean 2614 EXIST::FUNCTION:
-PKCS12_add_CSPName_asc 2615 EXIST::FUNCTION:
-EC_POINT_is_at_infinity 2616 EXIST::FUNCTION:EC
-ENGINE_load_cryptodev 2617 EXIST::FUNCTION:ENGINE
-DSO_convert_filename 2618 EXIST::FUNCTION:
-POLICYQUALINFO_it 2619 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICYQUALINFO_it 2619 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_register_ciphers 2620 EXIST::FUNCTION:ENGINE
-BN_mod_lshift_quick 2621 EXIST::FUNCTION:
-DSO_set_filename 2622 EXIST::FUNCTION:
-ASN1_item_free 2623 EXIST::FUNCTION:
-KRB5_TKTBODY_free 2624 EXIST::FUNCTION:
-AUTHORITY_KEYID_it 2625 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-AUTHORITY_KEYID_it 2625 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_APREQBODY_new 2626 EXIST::FUNCTION:
-X509V3_EXT_REQ_add_nconf 2627 EXIST::FUNCTION:
-ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION:ENGINE
-i2d_OCSP_RESPDATA 2629 EXIST::FUNCTION:
-EVP_MD_CTX_init 2630 EXIST::FUNCTION:
-EXTENDED_KEY_USAGE_free 2631 EXIST::FUNCTION:
-PKCS7_ATTR_SIGN_it 2632 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ATTR_SIGN_it 2632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_add_error_string 2633 EXIST::FUNCTION:
-KRB5_CHECKSUM_free 2634 EXIST::FUNCTION:
-OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION:
-ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE
-PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS12_unpack_authsafes 2639 EXIST::FUNCTION:
-ASN1_item_unpack 2640 EXIST::FUNCTION:
-NETSCAPE_SPKAC_it 2641 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NETSCAPE_SPKAC_it 2641 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_REVOKED_it 2642 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_REVOKED_it 2642 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_STRING_encode 2643 EXIST::FUNCTION:
-EVP_aes_128_ecb 2644 EXIST::FUNCTION:AES
-KRB5_AUTHENT_free 2645 EXIST::FUNCTION:
-OCSP_BASICRESP_get_ext_by_critical 2646 EXIST:!VMS:FUNCTION:
-OCSP_BASICRESP_get_ext_by_crit 2646 EXIST:VMS:FUNCTION:
-OCSP_cert_status_str 2647 EXIST::FUNCTION:
-d2i_OCSP_REQUEST 2648 EXIST::FUNCTION:
-UI_dup_info_string 2649 EXIST::FUNCTION:
-_ossl_old_des_xwhite_in2out 2650 EXIST::FUNCTION:DES
-PKCS12_it 2651 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_it 2651 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_SINGLERESP_get_ext_by_critical 2652 EXIST:!VMS:FUNCTION:
-OCSP_SINGLERESP_get_ext_by_crit 2652 EXIST:VMS:FUNCTION:
-OCSP_CERTSTATUS_free 2653 EXIST::FUNCTION:
-_ossl_old_des_crypt 2654 EXIST::FUNCTION:DES
-ASN1_item_i2d 2655 EXIST::FUNCTION:
-EVP_DecryptFinal_ex 2656 EXIST::FUNCTION:
-ENGINE_load_openssl 2657 EXIST::FUNCTION:ENGINE
-ENGINE_get_cmd_defns 2658 EXIST::FUNCTION:ENGINE
-ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION:ENGINE
-ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION:ENGINE
-EVP_EncryptFinal_ex 2660 EXIST::FUNCTION:
-ENGINE_set_default_digests 2661 EXIST::FUNCTION:ENGINE
-X509_get0_pubkey_bitstr 2662 EXIST::FUNCTION:
-asn1_ex_i2c 2663 EXIST::FUNCTION:
-ENGINE_register_RSA 2664 EXIST::FUNCTION:ENGINE
-ENGINE_unregister_DSA 2665 EXIST::FUNCTION:ENGINE
-_ossl_old_des_key_sched 2666 EXIST::FUNCTION:DES
-X509_EXTENSION_it 2667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_EXTENSION_it 2667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_KRB5_AUTHENT 2668 EXIST::FUNCTION:
-SXNETID_it 2669 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-SXNETID_it 2669 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_SINGLERESP 2670 EXIST::FUNCTION:
-EDIPARTYNAME_new 2671 EXIST::FUNCTION:
-PKCS12_certbag2x509 2672 EXIST::FUNCTION:
-_ossl_old_des_ofb64_encrypt 2673 EXIST::FUNCTION:DES
-d2i_EXTENDED_KEY_USAGE 2674 EXIST::FUNCTION:
-ERR_print_errors_cb 2675 EXIST::FUNCTION:
-ENGINE_set_ciphers 2676 EXIST::FUNCTION:ENGINE
-d2i_KRB5_APREQBODY 2677 EXIST::FUNCTION:
-UI_method_get_flusher 2678 EXIST::FUNCTION:
-X509_PUBKEY_it 2679 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_PUBKEY_it 2679 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_enc_read 2680 EXIST::FUNCTION:DES
-PKCS7_ENCRYPT_it 2681 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ENCRYPT_it 2681 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_OCSP_RESPONSE 2682 EXIST::FUNCTION:
-EC_GROUP_get_cofactor 2683 EXIST::FUNCTION:EC
-PKCS12_unpack_p7data 2684 EXIST::FUNCTION:
-d2i_KRB5_AUTHDATA 2685 EXIST::FUNCTION:
-OCSP_copy_nonce 2686 EXIST::FUNCTION:
-KRB5_AUTHDATA_new 2687 EXIST::FUNCTION:
-OCSP_RESPDATA_new 2688 EXIST::FUNCTION:
-EC_GFp_mont_method 2689 EXIST::FUNCTION:EC
-OCSP_REVOKEDINFO_free 2690 EXIST::FUNCTION:
-UI_get_ex_data 2691 EXIST::FUNCTION:
-KRB5_APREQBODY_free 2692 EXIST::FUNCTION:
-EC_GROUP_get0_generator 2693 EXIST::FUNCTION:EC
-UI_get_default_method 2694 EXIST::FUNCTION:
-X509V3_set_nconf 2695 EXIST::FUNCTION:
-PKCS12_item_i2d_encrypt 2696 EXIST::FUNCTION:
-X509_add1_ext_i2d 2697 EXIST::FUNCTION:
-PKCS7_SIGNER_INFO_it 2698 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_SIGNER_INFO_it 2698 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_PRINCNAME_new 2699 EXIST::FUNCTION:
-PKCS12_SAFEBAG_it 2700 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_SAFEBAG_it 2700 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GROUP_get_order 2701 EXIST::FUNCTION:EC
-d2i_OCSP_RESPID 2702 EXIST::FUNCTION:
-OCSP_request_verify 2703 EXIST::FUNCTION:
-NCONF_get_number_e 2704 EXIST::FUNCTION:
-_ossl_old_des_decrypt3 2705 EXIST::FUNCTION:DES
-X509_signature_print 2706 EXIST::FUNCTION:EVP
-OCSP_SINGLERESP_free 2707 EXIST::FUNCTION:
-ENGINE_load_builtin_engines 2708 EXIST::FUNCTION:ENGINE
-i2d_OCSP_ONEREQ 2709 EXIST::FUNCTION:
-OCSP_REQUEST_add_ext 2710 EXIST::FUNCTION:
-OCSP_RESPBYTES_new 2711 EXIST::FUNCTION:
-EVP_MD_CTX_create 2712 EXIST::FUNCTION:
-OCSP_resp_find_status 2713 EXIST::FUNCTION:
-X509_ALGOR_it 2714 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_ALGOR_it 2714 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_TIME_it 2715 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_TIME_it 2715 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_request_set1_name 2716 EXIST::FUNCTION:
-OCSP_ONEREQ_get_ext_count 2717 EXIST::FUNCTION:
-UI_get0_result 2718 EXIST::FUNCTION:
-PKCS12_AUTHSAFES_it 2719 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_AUTHSAFES_it 2719 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_aes_256_ecb 2720 EXIST::FUNCTION:AES
-PKCS12_pack_authsafes 2721 EXIST::FUNCTION:
-ASN1_IA5STRING_it 2722 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_IA5STRING_it 2722 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_get_input_flags 2723 EXIST::FUNCTION:
-EC_GROUP_set_generator 2724 EXIST::FUNCTION:EC
-_ossl_old_des_string_to_2keys 2725 EXIST::FUNCTION:DES
-OCSP_CERTID_free 2726 EXIST::FUNCTION:
-X509_CERT_AUX_it 2727 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CERT_AUX_it 2727 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-CERTIFICATEPOLICIES_it 2728 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-CERTIFICATEPOLICIES_it 2728 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_ede3_cbc_encrypt 2729 EXIST::FUNCTION:DES
-RAND_set_rand_engine 2730 EXIST::FUNCTION:ENGINE
-DSO_get_loaded_filename 2731 EXIST::FUNCTION:
-X509_ATTRIBUTE_it 2732 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_ATTRIBUTE_it 2732 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_ONEREQ_get_ext_by_NID 2733 EXIST::FUNCTION:
-PKCS12_decrypt_skey 2734 EXIST::FUNCTION:
-KRB5_AUTHENT_it 2735 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_AUTHENT_it 2735 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_dup_error_string 2736 EXIST::FUNCTION:
-RSAPublicKey_it 2737 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
-RSAPublicKey_it 2737 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
-i2d_OCSP_REQUEST 2738 EXIST::FUNCTION:
-PKCS12_x509crl2certbag 2739 EXIST::FUNCTION:
-OCSP_SERVICELOC_it 2740 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_SERVICELOC_it 2740 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_item_sign 2741 EXIST::FUNCTION:EVP
-X509_CRL_set_issuer_name 2742 EXIST::FUNCTION:
-OBJ_NAME_do_all_sorted 2743 EXIST::FUNCTION:
-i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION:
-i2d_OCSP_RESPBYTES 2745 EXIST::FUNCTION:
-PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION:
-HMAC_CTX_init 2747 EXIST::FUNCTION:HMAC
-ENGINE_get_digest 2748 EXIST::FUNCTION:ENGINE
-OCSP_RESPONSE_print 2749 EXIST::FUNCTION:
-KRB5_TKTBODY_it 2750 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_TKTBODY_it 2750 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ACCESS_DESCRIPTION_it 2751 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ACCESS_DESCRIPTION_it 2751 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS7_ISSUER_AND_SERIAL_it 2752 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ISSUER_AND_SERIAL_it 2752 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PBE2PARAM_it 2753 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PBE2PARAM_it 2753 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS12_certbag2x509crl 2754 EXIST::FUNCTION:
-PKCS7_SIGNED_it 2755 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_SIGNED_it 2755 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_cipher 2756 EXIST::FUNCTION:ENGINE
-i2d_OCSP_CRLID 2757 EXIST::FUNCTION:
-OCSP_SINGLERESP_new 2758 EXIST::FUNCTION:
-ENGINE_cmd_is_executable 2759 EXIST::FUNCTION:ENGINE
-RSA_up_ref 2760 EXIST::FUNCTION:RSA
-ASN1_GENERALSTRING_it 2761 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_GENERALSTRING_it 2761 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_register_DSA 2762 EXIST::FUNCTION:ENGINE
-X509V3_EXT_add_nconf_sk 2763 EXIST::FUNCTION:
-ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION:ENGINE
-PKCS8_decrypt 2765 EXIST::FUNCTION:
-PEM_bytes_read_bio 2766 EXIST::FUNCTION:BIO
-DIRECTORYSTRING_it 2767 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-DIRECTORYSTRING_it 2767 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_CRLID 2768 EXIST::FUNCTION:
-EC_POINT_is_on_curve 2769 EXIST::FUNCTION:EC
-CRYPTO_set_locked_mem_ex_functions 2770 EXIST:!VMS:FUNCTION:
-CRYPTO_set_locked_mem_ex_funcs 2770 EXIST:VMS:FUNCTION:
-d2i_KRB5_CHECKSUM 2771 EXIST::FUNCTION:
-ASN1_item_dup 2772 EXIST::FUNCTION:
-X509_it 2773 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_it 2773 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-BN_mod_add 2774 EXIST::FUNCTION:
-KRB5_AUTHDATA_free 2775 EXIST::FUNCTION:
-_ossl_old_des_cbc_cksum 2776 EXIST::FUNCTION:DES
-ASN1_item_verify 2777 EXIST::FUNCTION:EVP
-CRYPTO_set_mem_ex_functions 2778 EXIST::FUNCTION:
-EC_POINT_get_Jprojective_coordinates_GFp 2779 EXIST:!VMS:FUNCTION:EC
-EC_POINT_get_Jproj_coords_GFp 2779 EXIST:VMS:FUNCTION:EC
-ZLONG_it 2780 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ZLONG_it 2780 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-CRYPTO_get_locked_mem_ex_functions 2781 EXIST:!VMS:FUNCTION:
-CRYPTO_get_locked_mem_ex_funcs 2781 EXIST:VMS:FUNCTION:
-ASN1_TIME_check 2782 EXIST::FUNCTION:
-UI_get0_user_data 2783 EXIST::FUNCTION:
-HMAC_CTX_cleanup 2784 EXIST::FUNCTION:HMAC
-DSA_up_ref 2785 EXIST::FUNCTION:DSA
-_ossl_old_des_ede3_cfb64_encrypt 2786 EXIST:!VMS:FUNCTION:DES
-_ossl_odes_ede3_cfb64_encrypt 2786 EXIST:VMS:FUNCTION:DES
-ASN1_BMPSTRING_it 2787 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_BMPSTRING_it 2787 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_tag2bit 2788 EXIST::FUNCTION:
-UI_method_set_flusher 2789 EXIST::FUNCTION:
-X509_ocspid_print 2790 EXIST::FUNCTION:BIO
-KRB5_ENCDATA_it 2791 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_ENCDATA_it 2791 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION:ENGINE
-UI_add_user_data 2793 EXIST::FUNCTION:
-OCSP_REQUEST_delete_ext 2794 EXIST::FUNCTION:
-UI_get_method 2795 EXIST::FUNCTION:
-OCSP_ONEREQ_free 2796 EXIST::FUNCTION:
-ASN1_PRINTABLESTRING_it 2797 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_PRINTABLESTRING_it 2797 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_CRL_set_nextUpdate 2798 EXIST::FUNCTION:
-OCSP_REQUEST_it 2799 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_REQUEST_it 2799 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_BASICRESP_it 2800 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_BASICRESP_it 2800 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-AES_ecb_encrypt 2801 EXIST::FUNCTION:AES
-BN_mod_sqr 2802 EXIST::FUNCTION:
-NETSCAPE_CERT_SEQUENCE_it 2803 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NETSCAPE_CERT_SEQUENCE_it 2803 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-GENERAL_NAMES_it 2804 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-GENERAL_NAMES_it 2804 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-AUTHORITY_INFO_ACCESS_it 2805 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-AUTHORITY_INFO_ACCESS_it 2805 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_FBOOLEAN_it 2806 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_FBOOLEAN_it 2806 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_set_ex_data 2807 EXIST::FUNCTION:
-_ossl_old_des_string_to_key 2808 EXIST::FUNCTION:DES
-ENGINE_register_all_RSA 2809 EXIST::FUNCTION:ENGINE
-d2i_KRB5_PRINCNAME 2810 EXIST::FUNCTION:
-OCSP_RESPBYTES_it 2811 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_RESPBYTES_it 2811 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_CINF_it 2812 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CINF_it 2812 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_unregister_digests 2813 EXIST::FUNCTION:ENGINE
-d2i_EDIPARTYNAME 2814 EXIST::FUNCTION:
-d2i_OCSP_SERVICELOC 2815 EXIST::FUNCTION:
-ENGINE_get_digests 2816 EXIST::FUNCTION:ENGINE
-_ossl_old_des_set_odd_parity 2817 EXIST::FUNCTION:DES
-OCSP_RESPDATA_free 2818 EXIST::FUNCTION:
-d2i_KRB5_TICKET 2819 EXIST::FUNCTION:
-OTHERNAME_it 2820 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OTHERNAME_it 2820 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_MD_CTX_cleanup 2821 EXIST::FUNCTION:
-d2i_ASN1_GENERALSTRING 2822 EXIST::FUNCTION:
-X509_CRL_set_version 2823 EXIST::FUNCTION:
-BN_mod_sub 2824 EXIST::FUNCTION:
-OCSP_SINGLERESP_get_ext_by_NID 2825 EXIST::FUNCTION:
-ENGINE_get_ex_new_index 2826 EXIST::FUNCTION:ENGINE
-OCSP_REQUEST_free 2827 EXIST::FUNCTION:
-OCSP_REQUEST_add1_ext_i2d 2828 EXIST::FUNCTION:
-X509_VAL_it 2829 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_VAL_it 2829 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_POINTs_make_affine 2830 EXIST::FUNCTION:EC
-EC_POINT_mul 2831 EXIST::FUNCTION:EC
-X509V3_EXT_add_nconf 2832 EXIST::FUNCTION:
-X509_TRUST_set 2833 EXIST::FUNCTION:
-X509_CRL_add1_ext_i2d 2834 EXIST::FUNCTION:
-_ossl_old_des_fcrypt 2835 EXIST::FUNCTION:DES
-DISPLAYTEXT_it 2836 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-DISPLAYTEXT_it 2836 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_CRL_set_lastUpdate 2837 EXIST::FUNCTION:
-OCSP_BASICRESP_free 2838 EXIST::FUNCTION:
-OCSP_BASICRESP_add1_ext_i2d 2839 EXIST::FUNCTION:
-d2i_KRB5_AUTHENTBODY 2840 EXIST::FUNCTION:
-CRYPTO_set_ex_data_implementation 2841 EXIST:!VMS:FUNCTION:
-CRYPTO_set_ex_data_impl 2841 EXIST:VMS:FUNCTION:
-KRB5_ENCDATA_new 2842 EXIST::FUNCTION:
-DSO_up_ref 2843 EXIST::FUNCTION:
-OCSP_crl_reason_str 2844 EXIST::FUNCTION:
-UI_get0_result_string 2845 EXIST::FUNCTION:
-ASN1_GENERALSTRING_new 2846 EXIST::FUNCTION:
-X509_SIG_it 2847 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_SIG_it 2847 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ERR_set_implementation 2848 EXIST::FUNCTION:
-ERR_load_EC_strings 2849 EXIST::FUNCTION:EC
-UI_get0_action_string 2850 EXIST::FUNCTION:
-OCSP_ONEREQ_get_ext 2851 EXIST::FUNCTION:
-EC_POINT_method_of 2852 EXIST::FUNCTION:EC
-i2d_KRB5_APREQBODY 2853 EXIST::FUNCTION:
-_ossl_old_des_ecb3_encrypt 2854 EXIST::FUNCTION:DES
-CRYPTO_get_mem_ex_functions 2855 EXIST::FUNCTION:
-ENGINE_get_ex_data 2856 EXIST::FUNCTION:ENGINE
-UI_destroy_method 2857 EXIST::FUNCTION:
-ASN1_item_i2d_bio 2858 EXIST::FUNCTION:BIO
-OCSP_ONEREQ_get_ext_by_OBJ 2859 EXIST::FUNCTION:
-ASN1_primitive_new 2860 EXIST::FUNCTION:
-ASN1_PRINTABLE_it 2861 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_PRINTABLE_it 2861 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_aes_192_ecb 2862 EXIST::FUNCTION:AES
-OCSP_SIGNATURE_new 2863 EXIST::FUNCTION:
-LONG_it 2864 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-LONG_it 2864 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_VISIBLESTRING_it 2865 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_VISIBLESTRING_it 2865 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_SINGLERESP_add1_ext_i2d 2866 EXIST::FUNCTION:
-d2i_OCSP_CERTID 2867 EXIST::FUNCTION:
-ASN1_item_d2i_fp 2868 EXIST::FUNCTION:FP_API
-CRL_DIST_POINTS_it 2869 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-CRL_DIST_POINTS_it 2869 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-GENERAL_NAME_print 2870 EXIST::FUNCTION:
-OCSP_SINGLERESP_delete_ext 2871 EXIST::FUNCTION:
-PKCS12_SAFEBAGS_it 2872 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_SAFEBAGS_it 2872 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_SIGNATURE 2873 EXIST::FUNCTION:
-OCSP_request_add1_nonce 2874 EXIST::FUNCTION:
-ENGINE_set_cmd_defns 2875 EXIST::FUNCTION:ENGINE
-OCSP_SERVICELOC_free 2876 EXIST::FUNCTION:
-EC_GROUP_free 2877 EXIST::FUNCTION:EC
-ASN1_BIT_STRING_it 2878 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_BIT_STRING_it 2878 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_REQ_it 2879 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_REQ_it 2879 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_cbc_encrypt 2880 EXIST::FUNCTION:DES
-ERR_unload_strings 2881 EXIST::FUNCTION:
-PKCS7_SIGN_ENVELOPE_it 2882 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_SIGN_ENVELOPE_it 2882 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EDIPARTYNAME_free 2883 EXIST::FUNCTION:
-OCSP_REQINFO_free 2884 EXIST::FUNCTION:
-EC_GROUP_new_curve_GFp 2885 EXIST::FUNCTION:EC
-OCSP_REQUEST_get1_ext_d2i 2886 EXIST::FUNCTION:
-PKCS12_item_pack_safebag 2887 EXIST::FUNCTION:
-asn1_ex_c2i 2888 EXIST::FUNCTION:
-ENGINE_register_digests 2889 EXIST::FUNCTION:ENGINE
-i2d_OCSP_REVOKEDINFO 2890 EXIST::FUNCTION:
-asn1_enc_restore 2891 EXIST::FUNCTION:
-UI_free 2892 EXIST::FUNCTION:
-UI_new_method 2893 EXIST::FUNCTION:
-EVP_EncryptInit_ex 2894 EXIST::FUNCTION:
-X509_pubkey_digest 2895 EXIST::FUNCTION:EVP
-EC_POINT_invert 2896 EXIST::FUNCTION:EC
-OCSP_basic_sign 2897 EXIST::FUNCTION:
-i2d_OCSP_RESPID 2898 EXIST::FUNCTION:
-OCSP_check_nonce 2899 EXIST::FUNCTION:
-ENGINE_ctrl_cmd 2900 EXIST::FUNCTION:ENGINE
-d2i_KRB5_ENCKEY 2901 EXIST::FUNCTION:
-OCSP_parse_url 2902 EXIST::FUNCTION:
-OCSP_SINGLERESP_get_ext 2903 EXIST::FUNCTION:
-OCSP_CRLID_free 2904 EXIST::FUNCTION:
-OCSP_BASICRESP_get1_ext_d2i 2905 EXIST::FUNCTION:
-RSAPrivateKey_it 2906 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
-RSAPrivateKey_it 2906 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
-ENGINE_register_all_DH 2907 EXIST::FUNCTION:ENGINE
-i2d_EDIPARTYNAME 2908 EXIST::FUNCTION:
-EC_POINT_get_affine_coordinates_GFp 2909 EXIST:!VMS:FUNCTION:EC
-EC_POINT_get_affine_coords_GFp 2909 EXIST:VMS:FUNCTION:EC
-OCSP_CRLID_new 2910 EXIST::FUNCTION:
-ENGINE_get_flags 2911 EXIST::FUNCTION:ENGINE
-OCSP_ONEREQ_it 2912 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_ONEREQ_it 2912 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_process 2913 EXIST::FUNCTION:
-ASN1_INTEGER_it 2914 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_INTEGER_it 2914 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_CipherInit_ex 2915 EXIST::FUNCTION:
-UI_get_string_type 2916 EXIST::FUNCTION:
-ENGINE_unregister_DH 2917 EXIST::FUNCTION:ENGINE
-ENGINE_register_all_DSA 2918 EXIST::FUNCTION:ENGINE
-OCSP_ONEREQ_get_ext_by_critical 2919 EXIST::FUNCTION:
-bn_dup_expand 2920 EXIST::FUNCTION:DEPRECATED
-OCSP_cert_id_new 2921 EXIST::FUNCTION:
-BASIC_CONSTRAINTS_it 2922 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-BASIC_CONSTRAINTS_it 2922 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-BN_mod_add_quick 2923 EXIST::FUNCTION:
-EC_POINT_new 2924 EXIST::FUNCTION:EC
-EVP_MD_CTX_destroy 2925 EXIST::FUNCTION:
-OCSP_RESPBYTES_free 2926 EXIST::FUNCTION:
-EVP_aes_128_cbc 2927 EXIST::FUNCTION:AES
-OCSP_SINGLERESP_get1_ext_d2i 2928 EXIST::FUNCTION:
-EC_POINT_free 2929 EXIST::FUNCTION:EC
-DH_up_ref 2930 EXIST::FUNCTION:DH
-X509_NAME_ENTRY_it 2931 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_NAME_ENTRY_it 2931 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_get_ex_new_index 2932 EXIST::FUNCTION:
-BN_mod_sub_quick 2933 EXIST::FUNCTION:
-OCSP_ONEREQ_add_ext 2934 EXIST::FUNCTION:
-OCSP_request_sign 2935 EXIST::FUNCTION:
-EVP_DigestFinal_ex 2936 EXIST::FUNCTION:
-ENGINE_set_digests 2937 EXIST::FUNCTION:ENGINE
-OCSP_id_issuer_cmp 2938 EXIST::FUNCTION:
-OBJ_NAME_do_all 2939 EXIST::FUNCTION:
-EC_POINTs_mul 2940 EXIST::FUNCTION:EC
-ENGINE_register_complete 2941 EXIST::FUNCTION:ENGINE
-X509V3_EXT_nconf_nid 2942 EXIST::FUNCTION:
-ASN1_SEQUENCE_it 2943 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_SEQUENCE_it 2943 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_set_default_method 2944 EXIST::FUNCTION:
-RAND_query_egd_bytes 2945 EXIST::FUNCTION:
-UI_method_get_writer 2946 EXIST::FUNCTION:
-UI_OpenSSL 2947 EXIST::FUNCTION:
-PEM_def_callback 2948 EXIST::FUNCTION:
-ENGINE_cleanup 2949 EXIST::FUNCTION:ENGINE
-DIST_POINT_it 2950 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-DIST_POINT_it 2950 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_SINGLERESP_it 2951 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_SINGLERESP_it 2951 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_KRB5_TKTBODY 2952 EXIST::FUNCTION:
-EC_POINT_cmp 2953 EXIST::FUNCTION:EC
-OCSP_REVOKEDINFO_new 2954 EXIST::FUNCTION:
-i2d_OCSP_CERTSTATUS 2955 EXIST::FUNCTION:
-OCSP_basic_add1_nonce 2956 EXIST::FUNCTION:
-ASN1_item_ex_d2i 2957 EXIST::FUNCTION:
-BN_mod_lshift1_quick 2958 EXIST::FUNCTION:
-UI_set_method 2959 EXIST::FUNCTION:
-OCSP_id_get0_info 2960 EXIST::FUNCTION:
-BN_mod_sqrt 2961 EXIST::FUNCTION:
-EC_GROUP_copy 2962 EXIST::FUNCTION:EC
-KRB5_ENCDATA_free 2963 EXIST::FUNCTION:
-_ossl_old_des_cfb_encrypt 2964 EXIST::FUNCTION:DES
-OCSP_SINGLERESP_get_ext_by_OBJ 2965 EXIST::FUNCTION:
-OCSP_cert_to_id 2966 EXIST::FUNCTION:
-OCSP_RESPID_new 2967 EXIST::FUNCTION:
-OCSP_RESPDATA_it 2968 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_RESPDATA_it 2968 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_OCSP_RESPDATA 2969 EXIST::FUNCTION:
-ENGINE_register_all_complete 2970 EXIST::FUNCTION:ENGINE
-OCSP_check_validity 2971 EXIST::FUNCTION:
-PKCS12_BAGS_it 2972 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_BAGS_it 2972 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_url_svcloc_new 2973 EXIST::FUNCTION:
-ASN1_template_free 2974 EXIST::FUNCTION:
-OCSP_SINGLERESP_add_ext 2975 EXIST::FUNCTION:
-KRB5_AUTHENTBODY_it 2976 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_AUTHENTBODY_it 2976 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509_supported_extension 2977 EXIST::FUNCTION:
-i2d_KRB5_AUTHDATA 2978 EXIST::FUNCTION:
-UI_method_get_opener 2979 EXIST::FUNCTION:
-ENGINE_set_ex_data 2980 EXIST::FUNCTION:ENGINE
-OCSP_REQUEST_print 2981 EXIST::FUNCTION:
-CBIGNUM_it 2982 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-CBIGNUM_it 2982 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_TICKET_new 2983 EXIST::FUNCTION:
-KRB5_APREQ_new 2984 EXIST::FUNCTION:
-EC_GROUP_get_curve_GFp 2985 EXIST::FUNCTION:EC
-KRB5_ENCKEY_new 2986 EXIST::FUNCTION:
-ASN1_template_d2i 2987 EXIST::FUNCTION:
-_ossl_old_des_quad_cksum 2988 EXIST::FUNCTION:DES
-OCSP_single_get0_status 2989 EXIST::FUNCTION:
-BN_swap 2990 EXIST::FUNCTION:
-POLICYINFO_it 2991 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICYINFO_it 2991 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_set_destroy_function 2992 EXIST::FUNCTION:ENGINE
-asn1_enc_free 2993 EXIST::FUNCTION:
-OCSP_RESPID_it 2994 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_RESPID_it 2994 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GROUP_new 2995 EXIST::FUNCTION:EC
-EVP_aes_256_cbc 2996 EXIST::FUNCTION:AES
-i2d_KRB5_PRINCNAME 2997 EXIST::FUNCTION:
-_ossl_old_des_encrypt2 2998 EXIST::FUNCTION:DES
-_ossl_old_des_encrypt3 2999 EXIST::FUNCTION:DES
-PKCS8_PRIV_KEY_INFO_it 3000 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS8_PRIV_KEY_INFO_it 3000 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_REQINFO_it 3001 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_REQINFO_it 3001 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PBEPARAM_it 3002 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PBEPARAM_it 3002 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_AUTHENTBODY_new 3003 EXIST::FUNCTION:
-X509_CRL_add0_revoked 3004 EXIST::FUNCTION:
-EDIPARTYNAME_it 3005 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-EDIPARTYNAME_it 3005 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-NETSCAPE_SPKI_it 3006 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NETSCAPE_SPKI_it 3006 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_get0_test_string 3007 EXIST::FUNCTION:
-ENGINE_get_cipher_engine 3008 EXIST::FUNCTION:ENGINE
-ENGINE_register_all_ciphers 3009 EXIST::FUNCTION:ENGINE
-EC_POINT_copy 3010 EXIST::FUNCTION:EC
-BN_kronecker 3011 EXIST::FUNCTION:
-_ossl_old_des_ede3_ofb64_encrypt 3012 EXIST:!VMS:FUNCTION:DES
-_ossl_odes_ede3_ofb64_encrypt 3012 EXIST:VMS:FUNCTION:DES
-UI_method_get_reader 3013 EXIST::FUNCTION:
-OCSP_BASICRESP_get_ext_count 3014 EXIST::FUNCTION:
-ASN1_ENUMERATED_it 3015 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_ENUMERATED_it 3015 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_set_result 3016 EXIST::FUNCTION:
-i2d_KRB5_TICKET 3017 EXIST::FUNCTION:
-X509_print_ex_fp 3018 EXIST::FUNCTION:FP_API
-EVP_CIPHER_CTX_set_padding 3019 EXIST::FUNCTION:
-d2i_OCSP_RESPONSE 3020 EXIST::FUNCTION:
-ASN1_UTCTIME_it 3021 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_UTCTIME_it 3021 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-_ossl_old_des_enc_write 3022 EXIST::FUNCTION:DES
-OCSP_RESPONSE_new 3023 EXIST::FUNCTION:
-AES_set_encrypt_key 3024 EXIST::FUNCTION:AES
-OCSP_resp_count 3025 EXIST::FUNCTION:
-KRB5_CHECKSUM_new 3026 EXIST::FUNCTION:
-ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-OCSP_onereq_get0_id 3028 EXIST::FUNCTION:
-ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE
-NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NOTICEREF_it 3030 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509V3_EXT_CRL_add_nconf 3031 EXIST::FUNCTION:
-OCSP_REVOKEDINFO_it 3032 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_REVOKEDINFO_it 3032 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-AES_encrypt 3033 EXIST::FUNCTION:AES
-OCSP_REQUEST_new 3034 EXIST::FUNCTION:
-ASN1_ANY_it 3035 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_ANY_it 3035 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-CRYPTO_ex_data_new_class 3036 EXIST::FUNCTION:
-_ossl_old_des_ncbc_encrypt 3037 EXIST::FUNCTION:DES
-i2d_KRB5_TKTBODY 3038 EXIST::FUNCTION:
-EC_POINT_clear_free 3039 EXIST::FUNCTION:EC
-AES_decrypt 3040 EXIST::FUNCTION:AES
-asn1_enc_init 3041 EXIST::FUNCTION:
-UI_get_result_maxsize 3042 EXIST::FUNCTION:
-OCSP_CERTID_new 3043 EXIST::FUNCTION:
-ENGINE_unregister_RAND 3044 EXIST::FUNCTION:ENGINE
-UI_method_get_closer 3045 EXIST::FUNCTION:
-d2i_KRB5_ENCDATA 3046 EXIST::FUNCTION:
-OCSP_request_onereq_count 3047 EXIST::FUNCTION:
-OCSP_basic_verify 3048 EXIST::FUNCTION:
-KRB5_AUTHENTBODY_free 3049 EXIST::FUNCTION:
-ASN1_item_d2i 3050 EXIST::FUNCTION:
-ASN1_primitive_free 3051 EXIST::FUNCTION:
-i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION:
-i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION:
-asn1_enc_save 3054 EXIST::FUNCTION:
-ENGINE_load_nuron 3055 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-_ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES
-PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_accept_responses_new 3058 EXIST::FUNCTION:
-asn1_do_lock 3059 EXIST::FUNCTION:
-PKCS7_ATTR_VERIFY_it 3060 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ATTR_VERIFY_it 3060 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-KRB5_APREQBODY_it 3061 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_APREQBODY_it 3061 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_OCSP_SINGLERESP 3062 EXIST::FUNCTION:
-ASN1_item_ex_new 3063 EXIST::FUNCTION:
-UI_add_verify_string 3064 EXIST::FUNCTION:
-_ossl_old_des_set_key 3065 EXIST::FUNCTION:DES
-KRB5_PRINCNAME_it 3066 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_PRINCNAME_it 3066 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_DecryptInit_ex 3067 EXIST::FUNCTION:
-i2d_OCSP_CERTID 3068 EXIST::FUNCTION:
-ASN1_item_d2i_bio 3069 EXIST::FUNCTION:BIO
-EC_POINT_dbl 3070 EXIST::FUNCTION:EC
-asn1_get_choice_selector 3071 EXIST::FUNCTION:
-i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION:
-ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE
-AES_options 3074 EXIST::FUNCTION:AES
-ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-OCSP_id_cmp 3076 EXIST::FUNCTION:
-OCSP_BASICRESP_new 3077 EXIST::FUNCTION:
-OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION:
-KRB5_APREQ_it 3079 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_APREQ_it 3079 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_destroy_function 3080 EXIST::FUNCTION:ENGINE
-CONF_set_nconf 3081 EXIST::FUNCTION:
-ASN1_PRINTABLE_free 3082 EXIST::FUNCTION:
-OCSP_BASICRESP_get_ext_by_NID 3083 EXIST::FUNCTION:
-DIST_POINT_NAME_it 3084 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-DIST_POINT_NAME_it 3084 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-X509V3_extensions_print 3085 EXIST::FUNCTION:
-_ossl_old_des_cfb64_encrypt 3086 EXIST::FUNCTION:DES
-X509_REVOKED_add1_ext_i2d 3087 EXIST::FUNCTION:
-_ossl_old_des_ofb_encrypt 3088 EXIST::FUNCTION:DES
-KRB5_TKTBODY_new 3089 EXIST::FUNCTION:
-ASN1_OCTET_STRING_it 3090 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_OCTET_STRING_it 3090 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ERR_load_UI_strings 3091 EXIST::FUNCTION:
-i2d_KRB5_ENCKEY 3092 EXIST::FUNCTION:
-ASN1_template_new 3093 EXIST::FUNCTION:
-OCSP_SIGNATURE_free 3094 EXIST::FUNCTION:
-ASN1_item_i2d_fp 3095 EXIST::FUNCTION:FP_API
-KRB5_PRINCNAME_free 3096 EXIST::FUNCTION:
-PKCS7_RECIP_INFO_it 3097 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_RECIP_INFO_it 3097 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EXTENDED_KEY_USAGE_it 3098 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-EXTENDED_KEY_USAGE_it 3098 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GFp_simple_method 3099 EXIST::FUNCTION:EC
-EC_GROUP_precompute_mult 3100 EXIST::FUNCTION:EC
-OCSP_request_onereq_get0 3101 EXIST::FUNCTION:
-UI_method_set_writer 3102 EXIST::FUNCTION:
-KRB5_AUTHENT_new 3103 EXIST::FUNCTION:
-X509_CRL_INFO_it 3104 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CRL_INFO_it 3104 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-DSO_set_name_converter 3105 EXIST::FUNCTION:
-AES_set_decrypt_key 3106 EXIST::FUNCTION:AES
-PKCS7_DIGEST_it 3107 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_DIGEST_it 3107 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS12_x5092certbag 3108 EXIST::FUNCTION:
-EVP_DigestInit_ex 3109 EXIST::FUNCTION:
-i2a_ACCESS_DESCRIPTION 3110 EXIST::FUNCTION:
-OCSP_RESPONSE_it 3111 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_RESPONSE_it 3111 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PKCS7_ENC_CONTENT_it 3112 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_ENC_CONTENT_it 3112 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_request_add0_id 3113 EXIST::FUNCTION:
-EC_POINT_make_affine 3114 EXIST::FUNCTION:EC
-DSO_get_filename 3115 EXIST::FUNCTION:
-OCSP_CERTSTATUS_it 3116 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_CERTSTATUS_it 3116 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_request_add1_cert 3117 EXIST::FUNCTION:
-UI_get0_output_string 3118 EXIST::FUNCTION:
-UI_dup_verify_string 3119 EXIST::FUNCTION:
-BN_mod_lshift 3120 EXIST::FUNCTION:
-KRB5_AUTHDATA_it 3121 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_AUTHDATA_it 3121 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-asn1_set_choice_selector 3122 EXIST::FUNCTION:
-OCSP_basic_add1_status 3123 EXIST::FUNCTION:
-OCSP_RESPID_free 3124 EXIST::FUNCTION:
-asn1_get_field_ptr 3125 EXIST::FUNCTION:
-UI_add_input_string 3126 EXIST::FUNCTION:
-OCSP_CRLID_it 3127 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION:
-OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION:
-ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-USERNOTICE_it 3132 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_REQINFO_new 3133 EXIST::FUNCTION:
-OCSP_BASICRESP_get_ext 3134 EXIST::FUNCTION:
-CRYPTO_get_ex_data_implementation 3135 EXIST:!VMS:FUNCTION:
-CRYPTO_get_ex_data_impl 3135 EXIST:VMS:FUNCTION:
-ASN1_item_pack 3136 EXIST::FUNCTION:
-i2d_KRB5_ENCDATA 3137 EXIST::FUNCTION:
-X509_PURPOSE_set 3138 EXIST::FUNCTION:
-X509_REQ_INFO_it 3139 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_REQ_INFO_it 3139 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-UI_method_set_opener 3140 EXIST::FUNCTION:
-ASN1_item_ex_free 3141 EXIST::FUNCTION:
-ASN1_BOOLEAN_it 3142 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_BOOLEAN_it 3142 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ENGINE_get_table_flags 3143 EXIST::FUNCTION:ENGINE
-UI_create_method 3144 EXIST::FUNCTION:
-OCSP_ONEREQ_add1_ext_i2d 3145 EXIST::FUNCTION:
-_shadow_DES_check_key 3146 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
-_shadow_DES_check_key 3146 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
-d2i_OCSP_REQINFO 3147 EXIST::FUNCTION:
-UI_add_info_string 3148 EXIST::FUNCTION:
-UI_get_result_minsize 3149 EXIST::FUNCTION:
-ASN1_NULL_it 3150 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_NULL_it 3150 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-BN_mod_lshift1 3151 EXIST::FUNCTION:
-d2i_OCSP_ONEREQ 3152 EXIST::FUNCTION:
-OCSP_ONEREQ_new 3153 EXIST::FUNCTION:
-KRB5_TICKET_it 3154 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-KRB5_TICKET_it 3154 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EVP_aes_192_cbc 3155 EXIST::FUNCTION:AES
-KRB5_TICKET_free 3156 EXIST::FUNCTION:
-UI_new 3157 EXIST::FUNCTION:
-OCSP_response_create 3158 EXIST::FUNCTION:
-_ossl_old_des_xcbc_encrypt 3159 EXIST::FUNCTION:DES
-PKCS7_it 3160 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PKCS7_it 3160 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_REQUEST_get_ext_by_critical 3161 EXIST:!VMS:FUNCTION:
-OCSP_REQUEST_get_ext_by_crit 3161 EXIST:VMS:FUNCTION:
-ENGINE_set_flags 3162 EXIST::FUNCTION:ENGINE
-_ossl_old_des_ecb_encrypt 3163 EXIST::FUNCTION:DES
-OCSP_response_get1_basic 3164 EXIST::FUNCTION:
-EVP_Digest 3165 EXIST::FUNCTION:
-OCSP_ONEREQ_delete_ext 3166 EXIST::FUNCTION:
-ASN1_TBOOLEAN_it 3167 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_TBOOLEAN_it 3167 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ASN1_item_new 3168 EXIST::FUNCTION:
-ASN1_TIME_to_generalizedtime 3169 EXIST::FUNCTION:
-BIGNUM_it 3170 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-BIGNUM_it 3170 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-AES_cbc_encrypt 3171 EXIST::FUNCTION:AES
-ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION:ENGINE
-ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION:ENGINE
-OCSP_RESPONSE_free 3173 EXIST::FUNCTION:
-UI_method_set_reader 3174 EXIST::FUNCTION:
-i2d_ASN1_T61STRING 3175 EXIST::FUNCTION:
-EC_POINT_set_to_infinity 3176 EXIST::FUNCTION:EC
-ERR_load_OCSP_strings 3177 EXIST::FUNCTION:
-EC_POINT_point2oct 3178 EXIST::FUNCTION:EC
-KRB5_APREQ_free 3179 EXIST::FUNCTION:
-ASN1_OBJECT_it 3180 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_OBJECT_it 3180 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-OCSP_crlID_new 3181 EXIST:!OS2,!VMS,!WIN16:FUNCTION:
-OCSP_crlID2_new 3181 EXIST:OS2,VMS,WIN16:FUNCTION:
-CONF_modules_load_file 3182 EXIST::FUNCTION:
-CONF_imodule_set_usr_data 3183 EXIST::FUNCTION:
-ENGINE_set_default_string 3184 EXIST::FUNCTION:ENGINE
-CONF_module_get_usr_data 3185 EXIST::FUNCTION:
-ASN1_add_oid_module 3186 EXIST::FUNCTION:
-CONF_modules_finish 3187 EXIST::FUNCTION:
-OPENSSL_config 3188 EXIST::FUNCTION:
-CONF_modules_unload 3189 EXIST::FUNCTION:
-CONF_imodule_get_value 3190 EXIST::FUNCTION:
-CONF_module_set_usr_data 3191 EXIST::FUNCTION:
-CONF_parse_list 3192 EXIST::FUNCTION:
-CONF_module_add 3193 EXIST::FUNCTION:
-CONF_get1_default_config_file 3194 EXIST::FUNCTION:
-CONF_imodule_get_flags 3195 EXIST::FUNCTION:
-CONF_imodule_get_module 3196 EXIST::FUNCTION:
-CONF_modules_load 3197 EXIST::FUNCTION:
-CONF_imodule_get_name 3198 EXIST::FUNCTION:
-ERR_peek_top_error 3199 NOEXIST::FUNCTION:
-CONF_imodule_get_usr_data 3200 EXIST::FUNCTION:
-CONF_imodule_set_flags 3201 EXIST::FUNCTION:
-ENGINE_add_conf_module 3202 EXIST::FUNCTION:ENGINE
-ERR_peek_last_error_line 3203 EXIST::FUNCTION:
-ERR_peek_last_error_line_data 3204 EXIST::FUNCTION:
-ERR_peek_last_error 3205 EXIST::FUNCTION:
-DES_read_2passwords 3206 EXIST::FUNCTION:DES
-DES_read_password 3207 EXIST::FUNCTION:DES
-UI_UTIL_read_pw 3208 EXIST::FUNCTION:
-UI_UTIL_read_pw_string 3209 EXIST::FUNCTION:
-ENGINE_load_aep 3210 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-ENGINE_load_sureware 3211 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION:
-OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION:
-OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION:
-OPENSSL_add_all_algo_conf 3213 EXIST:VMS:FUNCTION:
-OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION:
-AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES
-AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES
-AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES
-ENGINE_load_4758cca 3218 EXIST::FUNCTION:ENGINE,STATIC_ENGINE
-_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES
-EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES
-EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES
-EVP_aes_128_cfb128 3222 EXIST::FUNCTION:AES
-EVP_aes_256_cfb128 3223 EXIST::FUNCTION:AES
-EVP_aes_128_ofb 3224 EXIST::FUNCTION:AES
-EVP_aes_192_cfb128 3225 EXIST::FUNCTION:AES
-CONF_modules_free 3226 EXIST::FUNCTION:
-NCONF_default 3227 EXIST::FUNCTION:
-OPENSSL_no_config 3228 EXIST::FUNCTION:
-NCONF_WIN32 3229 EXIST::FUNCTION:
-ASN1_UNIVERSALSTRING_new 3230 EXIST::FUNCTION:
-EVP_des_ede_ecb 3231 EXIST::FUNCTION:DES
-i2d_ASN1_UNIVERSALSTRING 3232 EXIST::FUNCTION:
-ASN1_UNIVERSALSTRING_free 3233 EXIST::FUNCTION:
-ASN1_UNIVERSALSTRING_it 3234 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_UNIVERSALSTRING_it 3234 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-d2i_ASN1_UNIVERSALSTRING 3235 EXIST::FUNCTION:
-EVP_des_ede3_ecb 3236 EXIST::FUNCTION:DES
-X509_REQ_print_ex 3237 EXIST::FUNCTION:BIO
-ENGINE_up_ref 3238 EXIST::FUNCTION:ENGINE
-BUF_MEM_grow_clean 3239 EXIST::FUNCTION:
-CRYPTO_realloc_clean 3240 EXIST::FUNCTION:
-BUF_strlcat 3241 EXIST::FUNCTION:
-BIO_indent 3242 EXIST::FUNCTION:
-BUF_strlcpy 3243 EXIST::FUNCTION:
-OpenSSLDie 3244 EXIST::FUNCTION:
-OPENSSL_cleanse 3245 EXIST::FUNCTION:
-ENGINE_setup_bsd_cryptodev 3246 EXIST:__FreeBSD__:FUNCTION:ENGINE
-ERR_release_err_state_table 3247 EXIST::FUNCTION:LHASH
-EVP_aes_128_cfb8 3248 EXIST::FUNCTION:AES
-FIPS_corrupt_rsa 3249 NOEXIST::FUNCTION:
-FIPS_selftest_des 3250 NOEXIST::FUNCTION:
-EVP_aes_128_cfb1 3251 EXIST::FUNCTION:AES
-EVP_aes_192_cfb8 3252 EXIST::FUNCTION:AES
-FIPS_mode_set 3253 NOEXIST::FUNCTION:
-FIPS_selftest_dsa 3254 NOEXIST::FUNCTION:
-EVP_aes_256_cfb8 3255 EXIST::FUNCTION:AES
-FIPS_allow_md5 3256 NOEXIST::FUNCTION:
-DES_ede3_cfb_encrypt 3257 EXIST::FUNCTION:DES
-EVP_des_ede3_cfb8 3258 EXIST::FUNCTION:DES
-FIPS_rand_seeded 3259 NOEXIST::FUNCTION:
-AES_cfbr_encrypt_block 3260 EXIST::FUNCTION:AES
-AES_cfb8_encrypt 3261 EXIST::FUNCTION:AES
-FIPS_rand_seed 3262 NOEXIST::FUNCTION:
-FIPS_corrupt_des 3263 NOEXIST::FUNCTION:
-EVP_aes_192_cfb1 3264 EXIST::FUNCTION:AES
-FIPS_selftest_aes 3265 NOEXIST::FUNCTION:
-FIPS_set_prng_key 3266 NOEXIST::FUNCTION:
-EVP_des_cfb8 3267 EXIST::FUNCTION:DES
-FIPS_corrupt_dsa 3268 NOEXIST::FUNCTION:
-FIPS_test_mode 3269 NOEXIST::FUNCTION:
-FIPS_rand_method 3270 NOEXIST::FUNCTION:
-EVP_aes_256_cfb1 3271 EXIST::FUNCTION:AES
-ERR_load_FIPS_strings 3272 NOEXIST::FUNCTION:
-FIPS_corrupt_aes 3273 NOEXIST::FUNCTION:
-FIPS_selftest_sha1 3274 NOEXIST::FUNCTION:
-FIPS_selftest_rsa 3275 NOEXIST::FUNCTION:
-FIPS_corrupt_sha1 3276 NOEXIST::FUNCTION:
-EVP_des_cfb1 3277 EXIST::FUNCTION:DES
-FIPS_dsa_check 3278 NOEXIST::FUNCTION:
-AES_cfb1_encrypt 3279 EXIST::FUNCTION:AES
-EVP_des_ede3_cfb1 3280 EXIST::FUNCTION:DES
-FIPS_rand_check 3281 NOEXIST::FUNCTION:
-FIPS_md5_allowed 3282 NOEXIST::FUNCTION:
-FIPS_mode 3283 NOEXIST::FUNCTION:
-FIPS_selftest_failed 3284 NOEXIST::FUNCTION:
-sk_is_sorted 3285 EXIST::FUNCTION:
-X509_check_ca 3286 EXIST::FUNCTION:
-private_idea_set_encrypt_key 3287 NOEXIST::FUNCTION:
-HMAC_CTX_set_flags 3288 NOEXIST::FUNCTION:
-private_SHA_Init 3289 NOEXIST::FUNCTION:
-private_CAST_set_key 3290 NOEXIST::FUNCTION:
-private_RIPEMD160_Init 3291 NOEXIST::FUNCTION:
-private_RC5_32_set_key 3292 NOEXIST::FUNCTION:
-private_MD5_Init 3293 NOEXIST::FUNCTION:
-private_RC4_set_key 3294 NOEXIST::FUNCTION:
-private_MDC2_Init 3295 NOEXIST::FUNCTION:
-private_RC2_set_key 3296 NOEXIST::FUNCTION:
-private_MD4_Init 3297 NOEXIST::FUNCTION:
-private_BF_set_key 3298 NOEXIST::FUNCTION:
-private_MD2_Init 3299 NOEXIST::FUNCTION:
-d2i_PROXY_CERT_INFO_EXTENSION 3300 EXIST::FUNCTION:
-PROXY_POLICY_it 3301 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PROXY_POLICY_it 3301 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-i2d_PROXY_POLICY 3302 EXIST::FUNCTION:
-i2d_PROXY_CERT_INFO_EXTENSION 3303 EXIST::FUNCTION:
-d2i_PROXY_POLICY 3304 EXIST::FUNCTION:
-PROXY_CERT_INFO_EXTENSION_new 3305 EXIST::FUNCTION:
-PROXY_CERT_INFO_EXTENSION_free 3306 EXIST::FUNCTION:
-PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-PROXY_CERT_INFO_EXTENSION_it 3307 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-PROXY_POLICY_free 3308 EXIST::FUNCTION:
-PROXY_POLICY_new 3309 EXIST::FUNCTION:
-BN_MONT_CTX_set_locked 3310 EXIST::FUNCTION:
-FIPS_selftest_rng 3311 NOEXIST::FUNCTION:
-EVP_sha384 3312 EXIST::FUNCTION:SHA,SHA512
-EVP_sha512 3313 EXIST::FUNCTION:SHA,SHA512
-EVP_sha224 3314 EXIST::FUNCTION:SHA,SHA256
-EVP_sha256 3315 EXIST::FUNCTION:SHA,SHA256
-FIPS_selftest_hmac 3316 NOEXIST::FUNCTION:
-FIPS_corrupt_rng 3317 NOEXIST::FUNCTION:
-BN_mod_exp_mont_consttime 3318 EXIST::FUNCTION:
-RSA_X931_hash_id 3319 EXIST::FUNCTION:RSA
-RSA_padding_check_X931 3320 EXIST::FUNCTION:RSA
-RSA_verify_PKCS1_PSS 3321 EXIST::FUNCTION:RSA
-RSA_padding_add_X931 3322 EXIST::FUNCTION:RSA
-RSA_padding_add_PKCS1_PSS 3323 EXIST::FUNCTION:RSA
-PKCS1_MGF1 3324 EXIST::FUNCTION:RSA
-BN_X931_generate_Xpq 3325 NOEXIST::FUNCTION:
-RSA_X931_generate_key 3326 NOEXIST::FUNCTION:
-BN_X931_derive_prime 3327 NOEXIST::FUNCTION:
-BN_X931_generate_prime 3328 NOEXIST::FUNCTION:
-RSA_X931_derive 3329 NOEXIST::FUNCTION:
-BIO_new_dgram 3330 EXIST::FUNCTION:
-BN_get0_nist_prime_384 3331 EXIST::FUNCTION:
-ERR_set_mark 3332 EXIST::FUNCTION:
-X509_STORE_CTX_set0_crls 3333 EXIST::FUNCTION:
-ENGINE_set_STORE 3334 EXIST::FUNCTION:ENGINE
-ENGINE_register_ECDSA 3335 EXIST::FUNCTION:ENGINE
-STORE_method_set_list_start_function 3336 EXIST:!VMS:FUNCTION:
-STORE_meth_set_list_start_fn 3336 EXIST:VMS:FUNCTION:
-BN_BLINDING_invert_ex 3337 EXIST::FUNCTION:
-NAME_CONSTRAINTS_free 3338 EXIST::FUNCTION:
-STORE_ATTR_INFO_set_number 3339 EXIST::FUNCTION:
-BN_BLINDING_get_thread_id 3340 EXIST::FUNCTION:
-X509_STORE_CTX_set0_param 3341 EXIST::FUNCTION:
-POLICY_MAPPING_it 3342 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_MAPPING_it 3342 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_parse_attrs_start 3343 EXIST::FUNCTION:
-POLICY_CONSTRAINTS_free 3344 EXIST::FUNCTION:
-EVP_PKEY_add1_attr_by_NID 3345 EXIST::FUNCTION:
-BN_nist_mod_192 3346 EXIST::FUNCTION:
-EC_GROUP_get_trinomial_basis 3347 EXIST::FUNCTION:EC
-STORE_set_method 3348 EXIST::FUNCTION:
-GENERAL_SUBTREE_free 3349 EXIST::FUNCTION:
-NAME_CONSTRAINTS_it 3350 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-NAME_CONSTRAINTS_it 3350 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-ECDH_get_default_method 3351 EXIST::FUNCTION:ECDH
-PKCS12_add_safe 3352 EXIST::FUNCTION:
-EC_KEY_new_by_curve_name 3353 EXIST::FUNCTION:EC
-STORE_method_get_update_store_function 3354 EXIST:!VMS:FUNCTION:
-STORE_meth_get_update_store_fn 3354 EXIST:VMS:FUNCTION:
-ENGINE_register_ECDH 3355 EXIST::FUNCTION:ENGINE
-SHA512_Update 3356 EXIST::FUNCTION:SHA,SHA512
-i2d_ECPrivateKey 3357 EXIST::FUNCTION:EC
-BN_get0_nist_prime_192 3358 EXIST::FUNCTION:
-STORE_modify_certificate 3359 EXIST::FUNCTION:
-EC_POINT_set_affine_coordinates_GF2m 3360 EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_affine_coords_GF2m 3360 EXIST:VMS:FUNCTION:EC
-BN_GF2m_mod_exp_arr 3361 EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_number 3362 EXIST::FUNCTION:
-X509_keyid_get0 3363 EXIST::FUNCTION:
-ENGINE_load_gmp 3364 EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE
-pitem_new 3365 EXIST::FUNCTION:
-BN_GF2m_mod_mul_arr 3366 EXIST::FUNCTION:
-STORE_list_public_key_endp 3367 EXIST::FUNCTION:
-o2i_ECPublicKey 3368 EXIST::FUNCTION:EC
-EC_KEY_copy 3369 EXIST::FUNCTION:EC
-BIO_dump_fp 3370 EXIST::FUNCTION:FP_API
-X509_policy_node_get0_parent 3371 EXIST::FUNCTION:
-EC_GROUP_check_discriminant 3372 EXIST::FUNCTION:EC
-i2o_ECPublicKey 3373 EXIST::FUNCTION:EC
-EC_KEY_precompute_mult 3374 EXIST::FUNCTION:EC
-a2i_IPADDRESS 3375 EXIST::FUNCTION:
-STORE_method_set_initialise_function 3376 EXIST:!VMS:FUNCTION:
-STORE_meth_set_initialise_fn 3376 EXIST:VMS:FUNCTION:
-X509_STORE_CTX_set_depth 3377 EXIST::FUNCTION:
-X509_VERIFY_PARAM_inherit 3378 EXIST::FUNCTION:
-EC_POINT_point2bn 3379 EXIST::FUNCTION:EC
-STORE_ATTR_INFO_set_dn 3380 EXIST::FUNCTION:
-X509_policy_tree_get0_policies 3381 EXIST::FUNCTION:
-EC_GROUP_new_curve_GF2m 3382 EXIST::FUNCTION:EC
-STORE_destroy_method 3383 EXIST::FUNCTION:
-ENGINE_unregister_STORE 3384 EXIST::FUNCTION:ENGINE
-EVP_PKEY_get1_EC_KEY 3385 EXIST::FUNCTION:EC
-STORE_ATTR_INFO_get0_number 3386 EXIST::FUNCTION:
-ENGINE_get_default_ECDH 3387 EXIST::FUNCTION:ENGINE
-EC_KEY_get_conv_form 3388 EXIST::FUNCTION:EC
-ASN1_OCTET_STRING_NDEF_it 3389 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-ASN1_OCTET_STRING_NDEF_it 3389 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_delete_public_key 3390 EXIST::FUNCTION:
-STORE_get_public_key 3391 EXIST::FUNCTION:
-STORE_modify_arbitrary 3392 EXIST::FUNCTION:
-ENGINE_get_static_state 3393 EXIST::FUNCTION:ENGINE
-pqueue_iterator 3394 EXIST::FUNCTION:
-ECDSA_SIG_new 3395 EXIST::FUNCTION:ECDSA
-OPENSSL_DIR_end 3396 EXIST::FUNCTION:
-BN_GF2m_mod_sqr 3397 EXIST::FUNCTION:
-EC_POINT_bn2point 3398 EXIST::FUNCTION:EC
-X509_VERIFY_PARAM_set_depth 3399 EXIST::FUNCTION:
-EC_KEY_set_asn1_flag 3400 EXIST::FUNCTION:EC
-STORE_get_method 3401 EXIST::FUNCTION:
-EC_KEY_get_key_method_data 3402 EXIST::FUNCTION:EC
-ECDSA_sign_ex 3403 EXIST::FUNCTION:ECDSA
-STORE_parse_attrs_end 3404 EXIST::FUNCTION:
-EC_GROUP_get_point_conversion_form 3405 EXIST:!VMS:FUNCTION:EC
-EC_GROUP_get_point_conv_form 3405 EXIST:VMS:FUNCTION:EC
-STORE_method_set_store_function 3406 EXIST::FUNCTION:
-STORE_ATTR_INFO_in 3407 EXIST::FUNCTION:
-PEM_read_bio_ECPKParameters 3408 EXIST::FUNCTION:EC
-EC_GROUP_get_pentanomial_basis 3409 EXIST::FUNCTION:EC
-EVP_PKEY_add1_attr_by_txt 3410 EXIST::FUNCTION:
-BN_BLINDING_set_flags 3411 EXIST::FUNCTION:
-X509_VERIFY_PARAM_set1_policies 3412 EXIST::FUNCTION:
-X509_VERIFY_PARAM_set1_name 3413 EXIST::FUNCTION:
-X509_VERIFY_PARAM_set_purpose 3414 EXIST::FUNCTION:
-STORE_get_number 3415 EXIST::FUNCTION:
-ECDSA_sign_setup 3416 EXIST::FUNCTION:ECDSA
-BN_GF2m_mod_solve_quad_arr 3417 EXIST::FUNCTION:
-EC_KEY_up_ref 3418 EXIST::FUNCTION:EC
-POLICY_MAPPING_free 3419 EXIST::FUNCTION:
-BN_GF2m_mod_div 3420 EXIST::FUNCTION:
-X509_VERIFY_PARAM_set_flags 3421 EXIST::FUNCTION:
-EC_KEY_free 3422 EXIST::FUNCTION:EC
-STORE_method_set_list_next_function 3423 EXIST:!VMS:FUNCTION:
-STORE_meth_set_list_next_fn 3423 EXIST:VMS:FUNCTION:
-PEM_write_bio_ECPrivateKey 3424 EXIST::FUNCTION:EC
-d2i_EC_PUBKEY 3425 EXIST::FUNCTION:EC
-STORE_method_get_generate_function 3426 EXIST:!VMS:FUNCTION:
-STORE_meth_get_generate_fn 3426 EXIST:VMS:FUNCTION:
-STORE_method_set_list_end_function 3427 EXIST:!VMS:FUNCTION:
-STORE_meth_set_list_end_fn 3427 EXIST:VMS:FUNCTION:
-pqueue_print 3428 EXIST::FUNCTION:
-EC_GROUP_have_precompute_mult 3429 EXIST::FUNCTION:EC
-EC_KEY_print_fp 3430 EXIST::FUNCTION:EC,FP_API
-BN_GF2m_mod_arr 3431 EXIST::FUNCTION:
-PEM_write_bio_X509_CERT_PAIR 3432 EXIST::FUNCTION:
-EVP_PKEY_cmp 3433 EXIST::FUNCTION:
-X509_policy_level_node_count 3434 EXIST::FUNCTION:
-STORE_new_engine 3435 EXIST::FUNCTION:
-STORE_list_public_key_start 3436 EXIST::FUNCTION:
-X509_VERIFY_PARAM_new 3437 EXIST::FUNCTION:
-ECDH_get_ex_data 3438 EXIST::FUNCTION:ECDH
-EVP_PKEY_get_attr 3439 EXIST::FUNCTION:
-ECDSA_do_sign 3440 EXIST::FUNCTION:ECDSA
-ENGINE_unregister_ECDH 3441 EXIST::FUNCTION:ENGINE
-ECDH_OpenSSL 3442 EXIST::FUNCTION:ECDH
-EC_KEY_set_conv_form 3443 EXIST::FUNCTION:EC
-EC_POINT_dup 3444 EXIST::FUNCTION:EC
-GENERAL_SUBTREE_new 3445 EXIST::FUNCTION:
-STORE_list_crl_endp 3446 EXIST::FUNCTION:
-EC_get_builtin_curves 3447 EXIST::FUNCTION:EC
-X509_policy_node_get0_qualifiers 3448 EXIST:!VMS:FUNCTION:
-X509_pcy_node_get0_qualifiers 3448 EXIST:VMS:FUNCTION:
-STORE_list_crl_end 3449 EXIST::FUNCTION:
-EVP_PKEY_set1_EC_KEY 3450 EXIST::FUNCTION:EC
-BN_GF2m_mod_sqrt_arr 3451 EXIST::FUNCTION:
-i2d_ECPrivateKey_bio 3452 EXIST::FUNCTION:BIO,EC
-ECPKParameters_print_fp 3453 EXIST::FUNCTION:EC,FP_API
-pqueue_find 3454 EXIST::FUNCTION:
-ECDSA_SIG_free 3455 EXIST::FUNCTION:ECDSA
-PEM_write_bio_ECPKParameters 3456 EXIST::FUNCTION:EC
-STORE_method_set_ctrl_function 3457 EXIST::FUNCTION:
-STORE_list_public_key_end 3458 EXIST::FUNCTION:
-EC_KEY_set_private_key 3459 EXIST::FUNCTION:EC
-pqueue_peek 3460 EXIST::FUNCTION:
-STORE_get_arbitrary 3461 EXIST::FUNCTION:
-STORE_store_crl 3462 EXIST::FUNCTION:
-X509_policy_node_get0_policy 3463 EXIST::FUNCTION:
-PKCS12_add_safes 3464 EXIST::FUNCTION:
-BN_BLINDING_convert_ex 3465 EXIST::FUNCTION:
-X509_policy_tree_free 3466 EXIST::FUNCTION:
-OPENSSL_ia32cap_loc 3467 EXIST::FUNCTION:
-BN_GF2m_poly2arr 3468 EXIST::FUNCTION:
-STORE_ctrl 3469 EXIST::FUNCTION:
-STORE_ATTR_INFO_compare 3470 EXIST::FUNCTION:
-BN_get0_nist_prime_224 3471 EXIST::FUNCTION:
-i2d_ECParameters 3472 EXIST::FUNCTION:EC
-i2d_ECPKParameters 3473 EXIST::FUNCTION:EC
-BN_GENCB_call 3474 EXIST::FUNCTION:
-d2i_ECPKParameters 3475 EXIST::FUNCTION:EC
-STORE_method_set_generate_function 3476 EXIST:!VMS:FUNCTION:
-STORE_meth_set_generate_fn 3476 EXIST:VMS:FUNCTION:
-ENGINE_set_ECDH 3477 EXIST::FUNCTION:ENGINE
-NAME_CONSTRAINTS_new 3478 EXIST::FUNCTION:
-SHA256_Init 3479 EXIST::FUNCTION:SHA,SHA256
-EC_KEY_get0_public_key 3480 EXIST::FUNCTION:EC
-PEM_write_bio_EC_PUBKEY 3481 EXIST::FUNCTION:EC
-STORE_ATTR_INFO_set_cstr 3482 EXIST::FUNCTION:
-STORE_list_crl_next 3483 EXIST::FUNCTION:
-STORE_ATTR_INFO_in_range 3484 EXIST::FUNCTION:
-ECParameters_print 3485 EXIST::FUNCTION:BIO,EC
-STORE_method_set_delete_function 3486 EXIST:!VMS:FUNCTION:
-STORE_meth_set_delete_fn 3486 EXIST:VMS:FUNCTION:
-STORE_list_certificate_next 3487 EXIST::FUNCTION:
-ASN1_generate_nconf 3488 EXIST::FUNCTION:
-BUF_memdup 3489 EXIST::FUNCTION:
-BN_GF2m_mod_mul 3490 EXIST::FUNCTION:
-STORE_method_get_list_next_function 3491 EXIST:!VMS:FUNCTION:
-STORE_meth_get_list_next_fn 3491 EXIST:VMS:FUNCTION:
-STORE_ATTR_INFO_get0_dn 3492 EXIST::FUNCTION:
-STORE_list_private_key_next 3493 EXIST::FUNCTION:
-EC_GROUP_set_seed 3494 EXIST::FUNCTION:EC
-X509_VERIFY_PARAM_set_trust 3495 EXIST::FUNCTION:
-STORE_ATTR_INFO_free 3496 EXIST::FUNCTION:
-STORE_get_private_key 3497 EXIST::FUNCTION:
-EVP_PKEY_get_attr_count 3498 EXIST::FUNCTION:
-STORE_ATTR_INFO_new 3499 EXIST::FUNCTION:
-EC_GROUP_get_curve_GF2m 3500 EXIST::FUNCTION:EC
-STORE_method_set_revoke_function 3501 EXIST:!VMS:FUNCTION:
-STORE_meth_set_revoke_fn 3501 EXIST:VMS:FUNCTION:
-STORE_store_number 3502 EXIST::FUNCTION:
-BN_is_prime_ex 3503 EXIST::FUNCTION:
-STORE_revoke_public_key 3504 EXIST::FUNCTION:
-X509_STORE_CTX_get0_param 3505 EXIST::FUNCTION:
-STORE_delete_arbitrary 3506 EXIST::FUNCTION:
-PEM_read_X509_CERT_PAIR 3507 EXIST:!WIN16:FUNCTION:
-X509_STORE_set_depth 3508 EXIST::FUNCTION:
-ECDSA_get_ex_data 3509 EXIST::FUNCTION:ECDSA
-SHA224 3510 EXIST::FUNCTION:SHA,SHA256
-BIO_dump_indent_fp 3511 EXIST::FUNCTION:FP_API
-EC_KEY_set_group 3512 EXIST::FUNCTION:EC
-BUF_strndup 3513 EXIST::FUNCTION:
-STORE_list_certificate_start 3514 EXIST::FUNCTION:
-BN_GF2m_mod 3515 EXIST::FUNCTION:
-X509_REQ_check_private_key 3516 EXIST::FUNCTION:
-EC_GROUP_get_seed_len 3517 EXIST::FUNCTION:EC
-ERR_load_STORE_strings 3518 EXIST::FUNCTION:
-PEM_read_bio_EC_PUBKEY 3519 EXIST::FUNCTION:EC
-STORE_list_private_key_end 3520 EXIST::FUNCTION:
-i2d_EC_PUBKEY 3521 EXIST::FUNCTION:EC
-ECDSA_get_default_method 3522 EXIST::FUNCTION:ECDSA
-ASN1_put_eoc 3523 EXIST::FUNCTION:
-X509_STORE_CTX_get_explicit_policy 3524 EXIST:!VMS:FUNCTION:
-X509_STORE_CTX_get_expl_policy 3524 EXIST:VMS:FUNCTION:
-X509_VERIFY_PARAM_table_cleanup 3525 EXIST::FUNCTION:
-STORE_modify_private_key 3526 EXIST::FUNCTION:
-X509_VERIFY_PARAM_free 3527 EXIST::FUNCTION:
-EC_METHOD_get_field_type 3528 EXIST::FUNCTION:EC
-EC_GFp_nist_method 3529 EXIST::FUNCTION:EC
-STORE_method_set_modify_function 3530 EXIST:!VMS:FUNCTION:
-STORE_meth_set_modify_fn 3530 EXIST:VMS:FUNCTION:
-STORE_parse_attrs_next 3531 EXIST::FUNCTION:
-ENGINE_load_padlock 3532 EXIST::FUNCTION:ENGINE
-EC_GROUP_set_curve_name 3533 EXIST::FUNCTION:EC
-X509_CERT_PAIR_it 3534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-X509_CERT_PAIR_it 3534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_method_get_revoke_function 3535 EXIST:!VMS:FUNCTION:
-STORE_meth_get_revoke_fn 3535 EXIST:VMS:FUNCTION:
-STORE_method_set_get_function 3536 EXIST::FUNCTION:
-STORE_modify_number 3537 EXIST::FUNCTION:
-STORE_method_get_store_function 3538 EXIST::FUNCTION:
-STORE_store_private_key 3539 EXIST::FUNCTION:
-BN_GF2m_mod_sqr_arr 3540 EXIST::FUNCTION:
-RSA_setup_blinding 3541 EXIST::FUNCTION:RSA
-BIO_s_datagram 3542 EXIST::FUNCTION:DGRAM
-STORE_Memory 3543 EXIST::FUNCTION:
-sk_find_ex 3544 EXIST::FUNCTION:
-EC_GROUP_set_curve_GF2m 3545 EXIST::FUNCTION:EC
-ENGINE_set_default_ECDSA 3546 EXIST::FUNCTION:ENGINE
-POLICY_CONSTRAINTS_new 3547 EXIST::FUNCTION:
-BN_GF2m_mod_sqrt 3548 EXIST::FUNCTION:
-ECDH_set_default_method 3549 EXIST::FUNCTION:ECDH
-EC_KEY_generate_key 3550 EXIST::FUNCTION:EC
-SHA384_Update 3551 EXIST::FUNCTION:SHA,SHA512
-BN_GF2m_arr2poly 3552 EXIST::FUNCTION:
-STORE_method_get_get_function 3553 EXIST::FUNCTION:
-STORE_method_set_cleanup_function 3554 EXIST:!VMS:FUNCTION:
-STORE_meth_set_cleanup_fn 3554 EXIST:VMS:FUNCTION:
-EC_GROUP_check 3555 EXIST::FUNCTION:EC
-d2i_ECPrivateKey_bio 3556 EXIST::FUNCTION:BIO,EC
-EC_KEY_insert_key_method_data 3557 EXIST::FUNCTION:EC
-STORE_method_get_lock_store_function 3558 EXIST:!VMS:FUNCTION:
-STORE_meth_get_lock_store_fn 3558 EXIST:VMS:FUNCTION:
-X509_VERIFY_PARAM_get_depth 3559 EXIST::FUNCTION:
-SHA224_Final 3560 EXIST::FUNCTION:SHA,SHA256
-STORE_method_set_update_store_function 3561 EXIST:!VMS:FUNCTION:
-STORE_meth_set_update_store_fn 3561 EXIST:VMS:FUNCTION:
-SHA224_Update 3562 EXIST::FUNCTION:SHA,SHA256
-d2i_ECPrivateKey 3563 EXIST::FUNCTION:EC
-ASN1_item_ndef_i2d 3564 EXIST::FUNCTION:
-STORE_delete_private_key 3565 EXIST::FUNCTION:
-ERR_pop_to_mark 3566 EXIST::FUNCTION:
-ENGINE_register_all_STORE 3567 EXIST::FUNCTION:ENGINE
-X509_policy_level_get0_node 3568 EXIST::FUNCTION:
-i2d_PKCS7_NDEF 3569 EXIST::FUNCTION:
-EC_GROUP_get_degree 3570 EXIST::FUNCTION:EC
-ASN1_generate_v3 3571 EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_cstr 3572 EXIST::FUNCTION:
-X509_policy_tree_level_count 3573 EXIST::FUNCTION:
-BN_GF2m_add 3574 EXIST::FUNCTION:
-EC_KEY_get0_group 3575 EXIST::FUNCTION:EC
-STORE_generate_crl 3576 EXIST::FUNCTION:
-STORE_store_public_key 3577 EXIST::FUNCTION:
-X509_CERT_PAIR_free 3578 EXIST::FUNCTION:
-STORE_revoke_private_key 3579 EXIST::FUNCTION:
-BN_nist_mod_224 3580 EXIST::FUNCTION:
-SHA512_Final 3581 EXIST::FUNCTION:SHA,SHA512
-STORE_ATTR_INFO_modify_dn 3582 EXIST::FUNCTION:
-STORE_method_get_initialise_function 3583 EXIST:!VMS:FUNCTION:
-STORE_meth_get_initialise_fn 3583 EXIST:VMS:FUNCTION:
-STORE_delete_number 3584 EXIST::FUNCTION:
-i2d_EC_PUBKEY_bio 3585 EXIST::FUNCTION:BIO,EC
-BIO_dgram_non_fatal_error 3586 EXIST::FUNCTION:
-EC_GROUP_get_asn1_flag 3587 EXIST::FUNCTION:EC
-STORE_ATTR_INFO_in_ex 3588 EXIST::FUNCTION:
-STORE_list_crl_start 3589 EXIST::FUNCTION:
-ECDH_get_ex_new_index 3590 EXIST::FUNCTION:ECDH
-STORE_method_get_modify_function 3591 EXIST:!VMS:FUNCTION:
-STORE_meth_get_modify_fn 3591 EXIST:VMS:FUNCTION:
-v2i_ASN1_BIT_STRING 3592 EXIST::FUNCTION:
-STORE_store_certificate 3593 EXIST::FUNCTION:
-OBJ_bsearch_ex 3594 EXIST::FUNCTION:
-X509_STORE_CTX_set_default 3595 EXIST::FUNCTION:
-STORE_ATTR_INFO_set_sha1str 3596 EXIST::FUNCTION:
-BN_GF2m_mod_inv 3597 EXIST::FUNCTION:
-BN_GF2m_mod_exp 3598 EXIST::FUNCTION:
-STORE_modify_public_key 3599 EXIST::FUNCTION:
-STORE_method_get_list_start_function 3600 EXIST:!VMS:FUNCTION:
-STORE_meth_get_list_start_fn 3600 EXIST:VMS:FUNCTION:
-EC_GROUP_get0_seed 3601 EXIST::FUNCTION:EC
-STORE_store_arbitrary 3602 EXIST::FUNCTION:
-STORE_method_set_unlock_store_function 3603 EXIST:!VMS:FUNCTION:
-STORE_meth_set_unlock_store_fn 3603 EXIST:VMS:FUNCTION:
-BN_GF2m_mod_div_arr 3604 EXIST::FUNCTION:
-ENGINE_set_ECDSA 3605 EXIST::FUNCTION:ENGINE
-STORE_create_method 3606 EXIST::FUNCTION:
-ECPKParameters_print 3607 EXIST::FUNCTION:BIO,EC
-EC_KEY_get0_private_key 3608 EXIST::FUNCTION:EC
-PEM_write_EC_PUBKEY 3609 EXIST:!WIN16:FUNCTION:EC
-X509_VERIFY_PARAM_set1 3610 EXIST::FUNCTION:
-ECDH_set_method 3611 EXIST::FUNCTION:ECDH
-v2i_GENERAL_NAME_ex 3612 EXIST::FUNCTION:
-ECDH_set_ex_data 3613 EXIST::FUNCTION:ECDH
-STORE_generate_key 3614 EXIST::FUNCTION:
-BN_nist_mod_521 3615 EXIST::FUNCTION:
-X509_policy_tree_get0_level 3616 EXIST::FUNCTION:
-EC_GROUP_set_point_conversion_form 3617 EXIST:!VMS:FUNCTION:EC
-EC_GROUP_set_point_conv_form 3617 EXIST:VMS:FUNCTION:EC
-PEM_read_EC_PUBKEY 3618 EXIST:!WIN16:FUNCTION:EC
-i2d_ECDSA_SIG 3619 EXIST::FUNCTION:ECDSA
-ECDSA_OpenSSL 3620 EXIST::FUNCTION:ECDSA
-STORE_delete_crl 3621 EXIST::FUNCTION:
-EC_KEY_get_enc_flags 3622 EXIST::FUNCTION:EC
-ASN1_const_check_infinite_end 3623 EXIST::FUNCTION:
-EVP_PKEY_delete_attr 3624 EXIST::FUNCTION:
-ECDSA_set_default_method 3625 EXIST::FUNCTION:ECDSA
-EC_POINT_set_compressed_coordinates_GF2m 3626 EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_compr_coords_GF2m 3626 EXIST:VMS:FUNCTION:EC
-EC_GROUP_cmp 3627 EXIST::FUNCTION:EC
-STORE_revoke_certificate 3628 EXIST::FUNCTION:
-BN_get0_nist_prime_256 3629 EXIST::FUNCTION:
-STORE_method_get_delete_function 3630 EXIST:!VMS:FUNCTION:
-STORE_meth_get_delete_fn 3630 EXIST:VMS:FUNCTION:
-SHA224_Init 3631 EXIST::FUNCTION:SHA,SHA256
-PEM_read_ECPrivateKey 3632 EXIST:!WIN16:FUNCTION:EC
-SHA512_Init 3633 EXIST::FUNCTION:SHA,SHA512
-STORE_parse_attrs_endp 3634 EXIST::FUNCTION:
-BN_set_negative 3635 EXIST::FUNCTION:
-ERR_load_ECDSA_strings 3636 EXIST::FUNCTION:ECDSA
-EC_GROUP_get_basis_type 3637 EXIST::FUNCTION:EC
-STORE_list_public_key_next 3638 EXIST::FUNCTION:
-i2v_ASN1_BIT_STRING 3639 EXIST::FUNCTION:
-STORE_OBJECT_free 3640 EXIST::FUNCTION:
-BN_nist_mod_384 3641 EXIST::FUNCTION:
-i2d_X509_CERT_PAIR 3642 EXIST::FUNCTION:
-PEM_write_ECPKParameters 3643 EXIST:!WIN16:FUNCTION:EC
-ECDH_compute_key 3644 EXIST::FUNCTION:ECDH
-STORE_ATTR_INFO_get0_sha1str 3645 EXIST::FUNCTION:
-ENGINE_register_all_ECDH 3646 EXIST::FUNCTION:ENGINE
-pqueue_pop 3647 EXIST::FUNCTION:
-STORE_ATTR_INFO_get0_cstr 3648 EXIST::FUNCTION:
-POLICY_CONSTRAINTS_it 3649 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_CONSTRAINTS_it 3649 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-STORE_get_ex_new_index 3650 EXIST::FUNCTION:
-EVP_PKEY_get_attr_by_OBJ 3651 EXIST::FUNCTION:
-X509_VERIFY_PARAM_add0_policy 3652 EXIST::FUNCTION:
-BN_GF2m_mod_solve_quad 3653 EXIST::FUNCTION:
-SHA256 3654 EXIST::FUNCTION:SHA,SHA256
-i2d_ECPrivateKey_fp 3655 EXIST::FUNCTION:EC,FP_API
-X509_policy_tree_get0_user_policies 3656 EXIST:!VMS:FUNCTION:
-X509_pcy_tree_get0_usr_policies 3656 EXIST:VMS:FUNCTION:
-OPENSSL_DIR_read 3657 EXIST::FUNCTION:
-ENGINE_register_all_ECDSA 3658 EXIST::FUNCTION:ENGINE
-X509_VERIFY_PARAM_lookup 3659 EXIST::FUNCTION:
-EC_POINT_get_affine_coordinates_GF2m 3660 EXIST:!VMS:FUNCTION:EC
-EC_POINT_get_affine_coords_GF2m 3660 EXIST:VMS:FUNCTION:EC
-EC_GROUP_dup 3661 EXIST::FUNCTION:EC
-ENGINE_get_default_ECDSA 3662 EXIST::FUNCTION:ENGINE
-EC_KEY_new 3663 EXIST::FUNCTION:EC
-SHA256_Transform 3664 EXIST::FUNCTION:SHA,SHA256
-EC_KEY_set_enc_flags 3665 EXIST::FUNCTION:EC
-ECDSA_verify 3666 EXIST::FUNCTION:ECDSA
-EC_POINT_point2hex 3667 EXIST::FUNCTION:EC
-ENGINE_get_STORE 3668 EXIST::FUNCTION:ENGINE
-SHA512 3669 EXIST::FUNCTION:SHA,SHA512
-STORE_get_certificate 3670 EXIST::FUNCTION:
-ECDSA_do_sign_ex 3671 EXIST::FUNCTION:ECDSA
-ECDSA_do_verify 3672 EXIST::FUNCTION:ECDSA
-d2i_ECPrivateKey_fp 3673 EXIST::FUNCTION:EC,FP_API
-STORE_delete_certificate 3674 EXIST::FUNCTION:
-SHA512_Transform 3675 EXIST::FUNCTION:SHA,SHA512
-X509_STORE_set1_param 3676 EXIST::FUNCTION:
-STORE_method_get_ctrl_function 3677 EXIST::FUNCTION:
-STORE_free 3678 EXIST::FUNCTION:
-PEM_write_ECPrivateKey 3679 EXIST:!WIN16:FUNCTION:EC
-STORE_method_get_unlock_store_function 3680 EXIST:!VMS:FUNCTION:
-STORE_meth_get_unlock_store_fn 3680 EXIST:VMS:FUNCTION:
-STORE_get_ex_data 3681 EXIST::FUNCTION:
-EC_KEY_set_public_key 3682 EXIST::FUNCTION:EC
-PEM_read_ECPKParameters 3683 EXIST:!WIN16:FUNCTION:EC
-X509_CERT_PAIR_new 3684 EXIST::FUNCTION:
-ENGINE_register_STORE 3685 EXIST::FUNCTION:ENGINE
-RSA_generate_key_ex 3686 EXIST::FUNCTION:RSA
-DSA_generate_parameters_ex 3687 EXIST::FUNCTION:DSA
-ECParameters_print_fp 3688 EXIST::FUNCTION:EC,FP_API
-X509V3_NAME_from_section 3689 EXIST::FUNCTION:
-EVP_PKEY_add1_attr 3690 EXIST::FUNCTION:
-STORE_modify_crl 3691 EXIST::FUNCTION:
-STORE_list_private_key_start 3692 EXIST::FUNCTION:
-POLICY_MAPPINGS_it 3693 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-POLICY_MAPPINGS_it 3693 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-GENERAL_SUBTREE_it 3694 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
-GENERAL_SUBTREE_it 3694 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
-EC_GROUP_get_curve_name 3695 EXIST::FUNCTION:EC
-PEM_write_X509_CERT_PAIR 3696 EXIST:!WIN16:FUNCTION:
-BIO_dump_indent_cb 3697 EXIST::FUNCTION:
-d2i_X509_CERT_PAIR 3698 EXIST::FUNCTION:
-STORE_list_private_key_endp 3699 EXIST::FUNCTION:
-asn1_const_Finish 3700 EXIST::FUNCTION:
-i2d_EC_PUBKEY_fp 3701 EXIST::FUNCTION:EC,FP_API
-BN_nist_mod_256 3702 EXIST::FUNCTION:
-X509_VERIFY_PARAM_add0_table 3703 EXIST::FUNCTION:
-pqueue_free 3704 EXIST::FUNCTION:
-BN_BLINDING_create_param 3705 EXIST::FUNCTION:
-ECDSA_size 3706 EXIST::FUNCTION:ECDSA
-d2i_EC_PUBKEY_bio 3707 EXIST::FUNCTION:BIO,EC
-BN_get0_nist_prime_521 3708 EXIST::FUNCTION:
-STORE_ATTR_INFO_modify_sha1str 3709 EXIST::FUNCTION:
-BN_generate_prime_ex 3710 EXIST::FUNCTION:
-EC_GROUP_new_by_curve_name 3711 EXIST::FUNCTION:EC
-SHA256_Final 3712 EXIST::FUNCTION:SHA,SHA256
-DH_generate_parameters_ex 3713 EXIST::FUNCTION:DH
-PEM_read_bio_ECPrivateKey 3714 EXIST::FUNCTION:EC
-STORE_method_get_cleanup_function 3715 EXIST:!VMS:FUNCTION:
-STORE_meth_get_cleanup_fn 3715 EXIST:VMS:FUNCTION:
-ENGINE_get_ECDH 3716 EXIST::FUNCTION:ENGINE
-d2i_ECDSA_SIG 3717 EXIST::FUNCTION:ECDSA
-BN_is_prime_fasttest_ex 3718 EXIST::FUNCTION:
-ECDSA_sign 3719 EXIST::FUNCTION:ECDSA
-X509_policy_check 3720 EXIST::FUNCTION:
-EVP_PKEY_get_attr_by_NID 3721 EXIST::FUNCTION:
-STORE_set_ex_data 3722 EXIST::FUNCTION:
-ENGINE_get_ECDSA 3723 EXIST::FUNCTION:ENGINE
-EVP_ecdsa 3724 EXIST::FUNCTION:SHA
-BN_BLINDING_get_flags 3725 EXIST::FUNCTION:
-PKCS12_add_cert 3726 EXIST::FUNCTION:
-STORE_OBJECT_new 3727 EXIST::FUNCTION:
-ERR_load_ECDH_strings 3728 EXIST::FUNCTION:ECDH
-EC_KEY_dup 3729 EXIST::FUNCTION:EC
-EVP_CIPHER_CTX_rand_key 3730 EXIST::FUNCTION:
-ECDSA_set_method 3731 EXIST::FUNCTION:ECDSA
-a2i_IPADDRESS_NC 3732 EXIST::FUNCTION:
-d2i_ECParameters 3733 EXIST::FUNCTION:EC
-STORE_list_certificate_end 3734 EXIST::FUNCTION:
-STORE_get_crl 3735 EXIST::FUNCTION:
-X509_POLICY_NODE_print 3736 EXIST::FUNCTION:
-SHA384_Init 3737 EXIST::FUNCTION:SHA,SHA512
-EC_GF2m_simple_method 3738 EXIST::FUNCTION:EC
-ECDSA_set_ex_data 3739 EXIST::FUNCTION:ECDSA
-SHA384_Final 3740 EXIST::FUNCTION:SHA,SHA512
-PKCS7_set_digest 3741 EXIST::FUNCTION:
-EC_KEY_print 3742 EXIST::FUNCTION:BIO,EC
-STORE_method_set_lock_store_function 3743 EXIST:!VMS:FUNCTION:
-STORE_meth_set_lock_store_fn 3743 EXIST:VMS:FUNCTION:
-ECDSA_get_ex_new_index 3744 EXIST::FUNCTION:ECDSA
-SHA384 3745 EXIST::FUNCTION:SHA,SHA512
-POLICY_MAPPING_new 3746 EXIST::FUNCTION:
-STORE_list_certificate_endp 3747 EXIST::FUNCTION:
-X509_STORE_CTX_get0_policy_tree 3748 EXIST::FUNCTION:
-EC_GROUP_set_asn1_flag 3749 EXIST::FUNCTION:EC
-EC_KEY_check_key 3750 EXIST::FUNCTION:EC
-d2i_EC_PUBKEY_fp 3751 EXIST::FUNCTION:EC,FP_API
-PKCS7_set0_type_other 3752 EXIST::FUNCTION:
-PEM_read_bio_X509_CERT_PAIR 3753 EXIST::FUNCTION:
-pqueue_next 3754 EXIST::FUNCTION:
-STORE_method_get_list_end_function 3755 EXIST:!VMS:FUNCTION:
-STORE_meth_get_list_end_fn 3755 EXIST:VMS:FUNCTION:
-EVP_PKEY_add1_attr_by_OBJ 3756 EXIST::FUNCTION:
-X509_VERIFY_PARAM_set_time 3757 EXIST::FUNCTION:
-pqueue_new 3758 EXIST::FUNCTION:
-ENGINE_set_default_ECDH 3759 EXIST::FUNCTION:ENGINE
-STORE_new_method 3760 EXIST::FUNCTION:
-PKCS12_add_key 3761 EXIST::FUNCTION:
-DSO_merge 3762 EXIST::FUNCTION:
-EC_POINT_hex2point 3763 EXIST::FUNCTION:EC
-BIO_dump_cb 3764 EXIST::FUNCTION:
-SHA256_Update 3765 EXIST::FUNCTION:SHA,SHA256
-pqueue_insert 3766 EXIST::FUNCTION:
-pitem_free 3767 EXIST::FUNCTION:
-BN_GF2m_mod_inv_arr 3768 EXIST::FUNCTION:
-ENGINE_unregister_ECDSA 3769 EXIST::FUNCTION:ENGINE
-BN_BLINDING_set_thread_id 3770 EXIST::FUNCTION:
-get_rfc3526_prime_8192 3771 EXIST::FUNCTION:
-X509_VERIFY_PARAM_clear_flags 3772 EXIST::FUNCTION:
-get_rfc2409_prime_1024 3773 EXIST::FUNCTION:
-DH_check_pub_key 3774 EXIST::FUNCTION:DH
-get_rfc3526_prime_2048 3775 EXIST::FUNCTION:
-get_rfc3526_prime_6144 3776 EXIST::FUNCTION:
-get_rfc3526_prime_1536 3777 EXIST::FUNCTION:
-get_rfc3526_prime_3072 3778 EXIST::FUNCTION:
-get_rfc3526_prime_4096 3779 EXIST::FUNCTION:
-get_rfc2409_prime_768 3780 EXIST::FUNCTION:
-X509_VERIFY_PARAM_get_flags 3781 EXIST::FUNCTION:
-EVP_CIPHER_CTX_new 3782 EXIST::FUNCTION:
-EVP_CIPHER_CTX_free 3783 EXIST::FUNCTION:
-Camellia_cbc_encrypt 3784 EXIST::FUNCTION:CAMELLIA
-Camellia_cfb128_encrypt 3785 EXIST::FUNCTION:CAMELLIA
-Camellia_cfb1_encrypt 3786 EXIST::FUNCTION:CAMELLIA
-Camellia_cfb8_encrypt 3787 EXIST::FUNCTION:CAMELLIA
-Camellia_ctr128_encrypt 3788 EXIST::FUNCTION:CAMELLIA
-Camellia_cfbr_encrypt_block 3789 EXIST::FUNCTION:CAMELLIA
-Camellia_decrypt 3790 EXIST::FUNCTION:CAMELLIA
-Camellia_ecb_encrypt 3791 EXIST::FUNCTION:CAMELLIA
-Camellia_encrypt 3792 EXIST::FUNCTION:CAMELLIA
-Camellia_ofb128_encrypt 3793 EXIST::FUNCTION:CAMELLIA
-Camellia_set_key 3794 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_cbc 3795 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_cfb128 3796 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_cfb1 3797 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_cfb8 3798 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_ecb 3799 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_128_ofb 3800 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_cbc 3801 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_cfb128 3802 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_cfb1 3803 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_cfb8 3804 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_ecb 3805 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_192_ofb 3806 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_cbc 3807 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_cfb128 3808 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_cfb1 3809 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_cfb8 3810 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_ecb 3811 EXIST::FUNCTION:CAMELLIA
-EVP_camellia_256_ofb 3812 EXIST::FUNCTION:CAMELLIA
-a2i_ipadd 3813 EXIST::FUNCTION:
-ASIdentifiers_free 3814 EXIST::FUNCTION:RFC3779
-i2d_ASIdOrRange 3815 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_block_size 3816 EXIST::FUNCTION:
-v3_asid_is_canonical 3817 EXIST::FUNCTION:RFC3779
-IPAddressChoice_free 3818 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_set_app_data 3819 EXIST::FUNCTION:
-BIO_set_callback_arg 3820 EXIST::FUNCTION:
-v3_addr_add_prefix 3821 EXIST::FUNCTION:RFC3779
-IPAddressOrRange_it 3822 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressOrRange_it 3822 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-BIO_set_flags 3823 EXIST::FUNCTION:
-ASIdentifiers_it 3824 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASIdentifiers_it 3824 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-v3_addr_get_range 3825 EXIST::FUNCTION:RFC3779
-BIO_method_type 3826 EXIST::FUNCTION:
-v3_addr_inherits 3827 EXIST::FUNCTION:RFC3779
-IPAddressChoice_it 3828 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressChoice_it 3828 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-AES_ige_encrypt 3829 EXIST::FUNCTION:AES
-v3_addr_add_range 3830 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_nid 3831 EXIST::FUNCTION:
-d2i_ASRange 3832 EXIST::FUNCTION:RFC3779
-v3_addr_add_inherit 3833 EXIST::FUNCTION:RFC3779
-v3_asid_add_id_or_range 3834 EXIST::FUNCTION:RFC3779
-v3_addr_validate_resource_set 3835 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_iv_length 3836 EXIST::FUNCTION:
-EVP_MD_type 3837 EXIST::FUNCTION:
-v3_asid_canonize 3838 EXIST::FUNCTION:RFC3779
-IPAddressRange_free 3839 EXIST::FUNCTION:RFC3779
-v3_asid_add_inherit 3840 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_key_length 3841 EXIST::FUNCTION:
-IPAddressRange_new 3842 EXIST::FUNCTION:RFC3779
-ASIdOrRange_new 3843 EXIST::FUNCTION:RFC3779
-EVP_MD_size 3844 EXIST::FUNCTION:
-EVP_MD_CTX_test_flags 3845 EXIST::FUNCTION:
-BIO_clear_flags 3846 EXIST::FUNCTION:
-i2d_ASRange 3847 EXIST::FUNCTION:RFC3779
-IPAddressRange_it 3848 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressRange_it 3848 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-IPAddressChoice_new 3849 EXIST::FUNCTION:RFC3779
-ASIdentifierChoice_new 3850 EXIST::FUNCTION:RFC3779
-ASRange_free 3851 EXIST::FUNCTION:RFC3779
-EVP_MD_pkey_type 3852 EXIST::FUNCTION:
-EVP_MD_CTX_clear_flags 3853 EXIST::FUNCTION:
-IPAddressFamily_free 3854 EXIST::FUNCTION:RFC3779
-i2d_IPAddressFamily 3855 EXIST::FUNCTION:RFC3779
-IPAddressOrRange_new 3856 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_flags 3857 EXIST::FUNCTION:
-v3_asid_validate_resource_set 3858 EXIST::FUNCTION:RFC3779
-d2i_IPAddressRange 3859 EXIST::FUNCTION:RFC3779
-AES_bi_ige_encrypt 3860 EXIST::FUNCTION:AES
-BIO_get_callback 3861 EXIST::FUNCTION:
-IPAddressOrRange_free 3862 EXIST::FUNCTION:RFC3779
-v3_addr_subset 3863 EXIST::FUNCTION:RFC3779
-d2i_IPAddressFamily 3864 EXIST::FUNCTION:RFC3779
-v3_asid_subset 3865 EXIST::FUNCTION:RFC3779
-BIO_test_flags 3866 EXIST::FUNCTION:
-i2d_ASIdentifierChoice 3867 EXIST::FUNCTION:RFC3779
-ASRange_it 3868 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASRange_it 3868 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-d2i_ASIdentifiers 3869 EXIST::FUNCTION:RFC3779
-ASRange_new 3870 EXIST::FUNCTION:RFC3779
-d2i_IPAddressChoice 3871 EXIST::FUNCTION:RFC3779
-v3_addr_get_afi 3872 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_key_length 3873 EXIST::FUNCTION:
-EVP_Cipher 3874 EXIST::FUNCTION:
-i2d_IPAddressOrRange 3875 EXIST::FUNCTION:RFC3779
-ASIdOrRange_it 3876 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASIdOrRange_it 3876 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-EVP_CIPHER_nid 3877 EXIST::FUNCTION:
-i2d_IPAddressChoice 3878 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_block_size 3879 EXIST::FUNCTION:
-ASIdentifiers_new 3880 EXIST::FUNCTION:RFC3779
-v3_addr_validate_path 3881 EXIST::FUNCTION:RFC3779
-IPAddressFamily_new 3882 EXIST::FUNCTION:RFC3779
-EVP_MD_CTX_set_flags 3883 EXIST::FUNCTION:
-v3_addr_is_canonical 3884 EXIST::FUNCTION:RFC3779
-i2d_IPAddressRange 3885 EXIST::FUNCTION:RFC3779
-IPAddressFamily_it 3886 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-IPAddressFamily_it 3886 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-v3_asid_inherits 3887 EXIST::FUNCTION:RFC3779
-EVP_CIPHER_CTX_cipher 3888 EXIST::FUNCTION:
-EVP_CIPHER_CTX_get_app_data 3889 EXIST::FUNCTION:
-EVP_MD_block_size 3890 EXIST::FUNCTION:
-EVP_CIPHER_CTX_flags 3891 EXIST::FUNCTION:
-v3_asid_validate_path 3892 EXIST::FUNCTION:RFC3779
-d2i_IPAddressOrRange 3893 EXIST::FUNCTION:RFC3779
-v3_addr_canonize 3894 EXIST::FUNCTION:RFC3779
-ASIdentifierChoice_it 3895 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RFC3779
-ASIdentifierChoice_it 3895 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RFC3779
-EVP_MD_CTX_md 3896 EXIST::FUNCTION:
-d2i_ASIdentifierChoice 3897 EXIST::FUNCTION:RFC3779
-BIO_method_name 3898 EXIST::FUNCTION:
-EVP_CIPHER_CTX_iv_length 3899 EXIST::FUNCTION:
-ASIdOrRange_free 3900 EXIST::FUNCTION:RFC3779
-ASIdentifierChoice_free 3901 EXIST::FUNCTION:RFC3779
-BIO_get_callback_arg 3902 EXIST::FUNCTION:
-BIO_set_callback 3903 EXIST::FUNCTION:
-d2i_ASIdOrRange 3904 EXIST::FUNCTION:RFC3779
-i2d_ASIdentifiers 3905 EXIST::FUNCTION:RFC3779
diff --git a/crypto/openssl/util/mk1mf.pl b/crypto/openssl/util/mk1mf.pl
deleted file mode 100755
index 863e5e4..0000000
--- a/crypto/openssl/util/mk1mf.pl
+++ /dev/null
@@ -1,1092 +0,0 @@
-#!/usr/local/bin/perl
-# A bit of an evil hack but it post processes the file ../MINFO which
-# is generated by `make files` in the top directory.
-# This script outputs one mega makefile that has no shell stuff or any
-# funny stuff
-#
-
-$INSTALLTOP="/usr/local/ssl";
-$OPTIONS="";
-$ssl_version="";
-$banner="\t\@echo Building OpenSSL";
-
-my $no_static_engine = 0;
-my $engines = "";
-local $zlib_opt = 0; # 0 = no zlib, 1 = static, 2 = dynamic
-local $zlib_lib = "";
-
-
-open(IN,"<Makefile") || die "unable to open Makefile!\n";
-while(<IN>) {
- $ssl_version=$1 if (/^VERSION=(.*)$/);
- $OPTIONS=$1 if (/^OPTIONS=(.*)$/);
- $INSTALLTOP=$1 if (/^INSTALLTOP=(.*$)/);
-}
-close(IN);
-
-die "Makefile is not the toplevel Makefile!\n" if $ssl_version eq "";
-
-$infile="MINFO";
-
-%ops=(
- "VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X",
- "VC-WIN64I", "Microsoft C/C++ - Win64/IA-64",
- "VC-WIN64A", "Microsoft C/C++ - Win64/x64",
- "VC-CE", "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
- "VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY",
- "Mingw32", "GNU C++ - Windows NT or 9x",
- "Mingw32-files", "Create files with DOS copy ...",
- "BC-NT", "Borland C++ 4.5 - Windows NT",
- "linux-elf","Linux elf",
- "ultrix-mips","DEC mips ultrix",
- "FreeBSD","FreeBSD distribution",
- "OS2-EMX", "EMX GCC OS/2",
- "netware-clib", "CodeWarrior for NetWare - CLib - with WinSock Sockets",
- "netware-libc", "CodeWarrior for NetWare - LibC - with WinSock Sockets",
- "netware-libc-bsdsock", "CodeWarrior for NetWare - LibC - with BSD Sockets",
- "default","cc under unix",
- );
-
-$platform="";
-my $xcflags="";
-foreach (@ARGV)
- {
- if (!&read_options && !defined($ops{$_}))
- {
- print STDERR "unknown option - $_\n";
- print STDERR "usage: perl mk1mf.pl [options] [system]\n";
- print STDERR "\nwhere [system] can be one of the following\n";
- foreach $i (sort keys %ops)
- { printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
- print STDERR <<"EOF";
-and [options] can be one of
- no-md2 no-md4 no-md5 no-sha no-mdc2 - Skip this digest
- no-ripemd
- no-rc2 no-rc4 no-rc5 no-idea no-des - Skip this symetric cipher
- no-bf no-cast no-aes no-camellia
- no-rsa no-dsa no-dh - Skip this public key cipher
- no-ssl2 no-ssl3 - Skip this version of SSL
- just-ssl - remove all non-ssl keys/digest
- no-asm - No x86 asm
- no-krb5 - No KRB5
- no-ec - No EC
- no-ecdsa - No ECDSA
- no-ecdh - No ECDH
- no-engine - No engine
- no-hw - No hw
- nasm - Use NASM for x86 asm
- nw-nasm - Use NASM x86 asm for NetWare
- nw-mwasm - Use Metrowerks x86 asm for NetWare
- gaswin - Use GNU as with Mingw32
- no-socks - No socket code
- no-err - No error strings
- dll/shlib - Build shared libraries (MS)
- debug - Debug build
- profile - Profiling build
- gcc - Use Gcc (unix)
-
-Values that can be set
-TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
-
--L<ex_lib_path> -l<ex_lib> - extra library flags (unix)
--<ex_cc_flags> - extra 'cc' flags,
- added (MS), or replace (unix)
-EOF
- exit(1);
- }
- $platform=$_;
- }
-foreach (grep(!/^$/, split(/ /, $OPTIONS)))
- {
- print STDERR "unknown option - $_\n" if !&read_options;
- }
-
-$no_static_engine = 0 if (!$shlib);
-
-$no_mdc2=1 if ($no_des);
-
-$no_ssl3=1 if ($no_md5 || $no_sha);
-$no_ssl3=1 if ($no_rsa && $no_dh);
-
-$no_ssl2=1 if ($no_md5);
-$no_ssl2=1 if ($no_rsa);
-
-$out_def="out";
-$inc_def="outinc";
-$tmp_def="tmp";
-
-$perl="perl" unless defined $perl;
-$mkdir="-mkdir" unless defined $mkdir;
-
-($ssl,$crypto)=("ssl","crypto");
-$ranlib="echo ranlib";
-
-$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
-$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.';
-$bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
-
-# $bin_dir.=$o causes a core dump on my sparc :-(
-
-
-$NT=0;
-
-push(@INC,"util/pl","pl");
-if (($platform =~ /VC-(.+)/))
- {
- $FLAVOR=$1;
- $NT = 1 if $1 eq "NT";
- require 'VC-32.pl';
- }
-elsif ($platform eq "Mingw32")
- {
- require 'Mingw32.pl';
- }
-elsif ($platform eq "Mingw32-files")
- {
- require 'Mingw32f.pl';
- }
-elsif ($platform eq "BC-NT")
- {
- $bc=1;
- require 'BC-32.pl';
- }
-elsif ($platform eq "FreeBSD")
- {
- require 'unix.pl';
- $cflags='-DTERMIO -D_ANSI_SOURCE -O2 -fomit-frame-pointer';
- }
-elsif ($platform eq "linux-elf")
- {
- require "unix.pl";
- require "linux.pl";
- $unix=1;
- }
-elsif ($platform eq "ultrix-mips")
- {
- require "unix.pl";
- require "ultrix.pl";
- $unix=1;
- }
-elsif ($platform eq "OS2-EMX")
- {
- $wc=1;
- require 'OS2-EMX.pl';
- }
-elsif (($platform eq "netware-clib") || ($platform eq "netware-libc") ||
- ($platform eq "netware-libc-bsdsock"))
- {
- $LIBC=1 if $platform eq "netware-libc" || $platform eq "netware-libc-bsdsock";
- $BSDSOCK=1 if $platform eq "netware-libc-bsdsock";
- require 'netware.pl';
- }
-else
- {
- require "unix.pl";
-
- $unix=1;
- $cflags.=' -DTERMIO';
- }
-
-$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
-$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
-$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
-
-$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
-
-$cflags= "$xcflags$cflags" if $xcflags ne "";
-
-$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
-$cflags.=" -DOPENSSL_NO_AES" if $no_aes;
-$cflags.=" -DOPENSSL_NO_CAMELLIA" if $no_camellia;
-$cflags.=" -DOPENSSL_NO_RC2" if $no_rc2;
-$cflags.=" -DOPENSSL_NO_RC4" if $no_rc4;
-$cflags.=" -DOPENSSL_NO_RC5" if $no_rc5;
-$cflags.=" -DOPENSSL_NO_MD2" if $no_md2;
-$cflags.=" -DOPENSSL_NO_MD4" if $no_md4;
-$cflags.=" -DOPENSSL_NO_MD5" if $no_md5;
-$cflags.=" -DOPENSSL_NO_SHA" if $no_sha;
-$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
-$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd;
-$cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
-$cflags.=" -DOPENSSL_NO_BF" if $no_bf;
-$cflags.=" -DOPENSSL_NO_CAST" if $no_cast;
-$cflags.=" -DOPENSSL_NO_DES" if $no_des;
-$cflags.=" -DOPENSSL_NO_RSA" if $no_rsa;
-$cflags.=" -DOPENSSL_NO_DSA" if $no_dsa;
-$cflags.=" -DOPENSSL_NO_DH" if $no_dh;
-$cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
-$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
-$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
-$cflags.=" -DOPENSSL_NO_ERR" if $no_err;
-$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
-$cflags.=" -DOPENSSL_NO_EC" if $no_ec;
-$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
-$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
-$cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine;
-$cflags.=" -DOPENSSL_NO_HW" if $no_hw;
-
-$cflags.= " -DZLIB" if $zlib_opt;
-$cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
-
-if ($no_static_engine)
- {
- $cflags .= " -DOPENSSL_NO_STATIC_ENGINE";
- }
-else
- {
- $cflags .= " -DOPENSSL_NO_DYNAMIC_ENGINE";
- }
-
-#$cflags.=" -DRSAref" if $rsaref ne "";
-
-## if ($unix)
-## { $cflags="$c_flags" if ($c_flags ne ""); }
-##else
- { $cflags="$c_flags$cflags" if ($c_flags ne ""); }
-
-$ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
-
-
-%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
- "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
-
-if ($msdos)
- {
- $banner ="\t\@echo Make sure you have run 'perl Configure $platform' in the\n";
- $banner.="\t\@echo top level directory, if you don't have perl, you will\n";
- $banner.="\t\@echo need to probably edit crypto/bn/bn.h, check the\n";
- $banner.="\t\@echo documentation for details.\n";
- }
-
-# have to do this to allow $(CC) under unix
-$link="$bin_dir$link" if ($link !~ /^\$/);
-
-$INSTALLTOP =~ s|/|$o|g;
-
-#############################################
-# We parse in input file and 'store' info for later printing.
-open(IN,"<$infile") || die "unable to open $infile:$!\n";
-$_=<IN>;
-for (;;)
- {
- chop;
-
- ($key,$val)=/^([^=]+)=(.*)/;
- if ($key eq "RELATIVE_DIRECTORY")
- {
- if ($lib ne "")
- {
- $uc=$lib;
- $uc =~ s/^lib(.*)\.a/$1/;
- $uc =~ tr/a-z/A-Z/;
- $lib_nam{$uc}=$uc;
- $lib_obj{$uc}.=$libobj." ";
- }
- last if ($val eq "FINISHED");
- $lib="";
- $libobj="";
- $dir=$val;
- }
-
- if ($key eq "KRB5_INCLUDES")
- { $cflags .= " $val";}
-
- if ($key eq "ZLIB_INCLUDE")
- { $cflags .= " $val" if $val ne "";}
-
- if ($key eq "LIBZLIB")
- { $zlib_lib = "$val" if $val ne "";}
-
- if ($key eq "LIBKRB5")
- { $ex_libs .= " $val" if $val ne "";}
-
- if ($key eq "TEST")
- { $test.=&var_add($dir,$val, 0); }
-
- if (($key eq "PROGS") || ($key eq "E_OBJ"))
- { $e_exe.=&var_add($dir,$val, 0); }
-
- if ($key eq "LIB")
- {
- $lib=$val;
- $lib =~ s/^.*\/([^\/]+)$/$1/;
- }
-
- if ($key eq "EXHEADER")
- { $exheader.=&var_add($dir,$val, 1); }
-
- if ($key eq "HEADER")
- { $header.=&var_add($dir,$val, 1); }
-
- if ($key eq "LIBOBJ" && ($dir ne "engines" || !$no_static_engine))
- { $libobj=&var_add($dir,$val, 0); }
- if ($key eq "LIBNAMES" && $dir eq "engines" && $no_static_engine)
- { $engines.=$val }
-
- if (!($_=<IN>))
- { $_="RELATIVE_DIRECTORY=FINISHED\n"; }
- }
-close(IN);
-
-if ($shlib)
- {
- $extra_install= <<"EOF";
- \$(CP) \$(O_SSL) \$(INSTALLTOP)${o}bin
- \$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}bin
- \$(CP) \$(L_SSL) \$(INSTALLTOP)${o}lib
- \$(CP) \$(L_CRYPTO) \$(INSTALLTOP)${o}lib
-EOF
- if ($no_static_engine)
- {
- $extra_install .= <<"EOF"
- \$(MKDIR) \$(INSTALLTOP)${o}lib${o}engines
- \$(CP) \$(E_SHLIB) \$(INSTALLTOP)${o}lib${o}engines
-EOF
- }
- }
-else
- {
- $extra_install= <<"EOF";
- \$(CP) \$(O_SSL) \$(INSTALLTOP)${o}lib
- \$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}lib
-EOF
- $ex_libs .= " $zlib_lib" if $zlib_opt == 1;
- }
-
-$defs= <<"EOF";
-# This makefile has been automatically generated from the OpenSSL distribution.
-# This single makefile will build the complete OpenSSL distribution and
-# by default leave the 'intertesting' output files in .${o}out and the stuff
-# that needs deleting in .${o}tmp.
-# The file was generated by running 'make makefile.one', which
-# does a 'make files', which writes all the environment variables from all
-# the makefiles to the file call MINFO. This file is used by
-# util${o}mk1mf.pl to generate makefile.one.
-# The 'makefile per directory' system suites me when developing this
-# library and also so I can 'distribute' indervidual library sections.
-# The one monster makefile better suits building in non-unix
-# environments.
-
-EOF
-
-$defs .= $preamble if defined $preamble;
-
-$defs.= <<"EOF";
-INSTALLTOP=$INSTALLTOP
-
-# Set your compiler options
-PLATFORM=$platform
-CC=$bin_dir${cc}
-CFLAG=$cflags
-APP_CFLAG=$app_cflag
-LIB_CFLAG=$lib_cflag
-SHLIB_CFLAG=$shl_cflag
-APP_EX_OBJ=$app_ex_obj
-SHLIB_EX_OBJ=$shlib_ex_obj
-# add extra libraries to this define, for solaris -lsocket -lnsl would
-# be added
-EX_LIBS=$ex_libs
-
-# The OpenSSL directory
-SRC_D=$src_dir
-
-LINK=$link
-LFLAGS=$lflags
-RSC=$rsc
-
-BN_ASM_OBJ=$bn_asm_obj
-BN_ASM_SRC=$bn_asm_src
-BNCO_ASM_OBJ=$bnco_asm_obj
-BNCO_ASM_SRC=$bnco_asm_src
-DES_ENC_OBJ=$des_enc_obj
-DES_ENC_SRC=$des_enc_src
-BF_ENC_OBJ=$bf_enc_obj
-BF_ENC_SRC=$bf_enc_src
-CAST_ENC_OBJ=$cast_enc_obj
-CAST_ENC_SRC=$cast_enc_src
-RC4_ENC_OBJ=$rc4_enc_obj
-RC4_ENC_SRC=$rc4_enc_src
-RC5_ENC_OBJ=$rc5_enc_obj
-RC5_ENC_SRC=$rc5_enc_src
-MD5_ASM_OBJ=$md5_asm_obj
-MD5_ASM_SRC=$md5_asm_src
-SHA1_ASM_OBJ=$sha1_asm_obj
-SHA1_ASM_SRC=$sha1_asm_src
-RMD160_ASM_OBJ=$rmd160_asm_obj
-RMD160_ASM_SRC=$rmd160_asm_src
-CPUID_ASM_OBJ=$cpuid_asm_obj
-CPUID_ASM_SRC=$cpuid_asm_src
-
-# The output directory for everything intersting
-OUT_D=$out_dir
-# The output directory for all the temporary muck
-TMP_D=$tmp_dir
-# The output directory for the header files
-INC_D=$inc_dir
-INCO_D=$inc_dir${o}openssl
-
-PERL=$perl
-CP=$cp
-RM=$rm
-RANLIB=$ranlib
-MKDIR=$mkdir
-MKLIB=$bin_dir$mklib
-MLFLAGS=$mlflags
-ASM=$bin_dir$asm
-
-######################################################
-# You should not need to touch anything below this point
-######################################################
-
-E_EXE=openssl
-SSL=$ssl
-CRYPTO=$crypto
-
-# BIN_D - Binary output directory
-# TEST_D - Binary test file output directory
-# LIB_D - library output directory
-# ENG_D - dynamic engine output directory
-# Note: if you change these point to different directories then uncomment out
-# the lines around the 'NB' comment below.
-#
-BIN_D=\$(OUT_D)
-TEST_D=\$(OUT_D)
-LIB_D=\$(OUT_D)
-ENG_D=\$(OUT_D)
-
-# INCL_D - local library directory
-# OBJ_D - temp object file directory
-OBJ_D=\$(TMP_D)
-INCL_D=\$(TMP_D)
-
-O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp
-O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
-SO_SSL= $plib\$(SSL)$so_shlibp
-SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
-L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp
-L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp
-
-L_LIBS= \$(L_SSL) \$(L_CRYPTO)
-
-######################################################
-# Don't touch anything below this point
-######################################################
-
-INC=-I\$(INC_D) -I\$(INCL_D)
-APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
-LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
-SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
-LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
-
-#############################################
-EOF
-
-$rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
-
-banner:
-$banner
-
-\$(TMP_D):
- \$(MKDIR) \$(TMP_D)
-# NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different
-#\$(BIN_D):
-# \$(MKDIR) \$(BIN_D)
-#
-#\$(TEST_D):
-# \$(MKDIR) \$(TEST_D)
-
-\$(LIB_D):
- \$(MKDIR) \$(LIB_D)
-
-\$(INCO_D): \$(INC_D)
- \$(MKDIR) \$(INCO_D)
-
-\$(INC_D):
- \$(MKDIR) \$(INC_D)
-
-headers: \$(HEADER) \$(EXHEADER)
- @
-
-lib: \$(LIBS_DEP) \$(E_SHLIB)
-
-exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep
-
-install: all
- \$(MKDIR) \$(INSTALLTOP)
- \$(MKDIR) \$(INSTALLTOP)${o}bin
- \$(MKDIR) \$(INSTALLTOP)${o}include
- \$(MKDIR) \$(INSTALLTOP)${o}include${o}openssl
- \$(MKDIR) \$(INSTALLTOP)${o}lib
- \$(CP) \$(INCO_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include${o}openssl
- \$(CP) \$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin
- \$(CP) apps${o}openssl.cnf \$(INSTALLTOP)
-$extra_install
-
-
-test: \$(T_EXE)
- cd \$(BIN_D)
- ..${o}ms${o}test
-
-clean:
- \$(RM) \$(TMP_D)$o*.*
-
-vclean:
- \$(RM) \$(TMP_D)$o*.*
- \$(RM) \$(OUT_D)$o*.*
-
-EOF
-
-my $platform_cpp_symbol = "MK1MF_PLATFORM_$platform";
-$platform_cpp_symbol =~ s/-/_/g;
-if (open(IN,"crypto/buildinf.h"))
- {
- # Remove entry for this platform in existing file buildinf.h.
-
- my $old_buildinf_h = "";
- while (<IN>)
- {
- if (/^\#ifdef $platform_cpp_symbol$/)
- {
- while (<IN>) { last if (/^\#endif/); }
- }
- else
- {
- $old_buildinf_h .= $_;
- }
- }
- close(IN);
-
- open(OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
- print OUT $old_buildinf_h;
- close(OUT);
- }
-
-open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h";
-printf OUT <<EOF;
-#ifdef $platform_cpp_symbol
- /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
- #define CFLAGS "$cc $cflags"
- #define PLATFORM "$platform"
-EOF
-printf OUT " #define DATE \"%s\"\n", scalar gmtime();
-printf OUT "#endif\n";
-close(OUT);
-
-# Strip of trailing ' '
-foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); }
-$test=&clean_up_ws($test);
-$e_exe=&clean_up_ws($e_exe);
-$exheader=&clean_up_ws($exheader);
-$header=&clean_up_ws($header);
-
-# First we strip the exheaders from the headers list
-foreach (split(/\s+/,$exheader)){ $h{$_}=1; }
-foreach (split(/\s+/,$header)) { $h.=$_." " unless $h{$_}; }
-chop($h); $header=$h;
-
-$defs.=&do_defs("HEADER",$header,"\$(INCL_D)","");
-$rules.=&do_copy_rule("\$(INCL_D)",$header,"");
-
-$defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)","");
-$rules.=&do_copy_rule("\$(INCO_D)",$exheader,"");
-
-$defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj);
-$rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
-
-$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
-$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
-
-foreach (values %lib_nam)
- {
- $lib_obj=$lib_obj{$_};
- local($slib)=$shlib;
-
- if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
- {
- $rules.="\$(O_SSL):\n\n";
- next;
- }
-
- if (($bn_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
- $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
- }
- if (($bnco_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj .= "\$(BNCO_ASM_OBJ)";
- $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src);
- }
- if (($des_enc_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
- $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /;
- $rules.=&do_asm_rule($des_enc_obj,$des_enc_src);
- }
- if (($bf_enc_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s\S*\/bf_enc\S*/ \$(BF_ENC_OBJ)/;
- $rules.=&do_asm_rule($bf_enc_obj,$bf_enc_src);
- }
- if (($cast_enc_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/(\s\S*\/c_enc\S*)/ \$(CAST_ENC_OBJ)/;
- $rules.=&do_asm_rule($cast_enc_obj,$cast_enc_src);
- }
- if (($rc4_enc_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s\S*\/rc4_enc\S*/ \$(RC4_ENC_OBJ)/;
- $rules.=&do_asm_rule($rc4_enc_obj,$rc4_enc_src);
- }
- if (($rc5_enc_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s\S*\/rc5_enc\S*/ \$(RC5_ENC_OBJ)/;
- $rules.=&do_asm_rule($rc5_enc_obj,$rc5_enc_src);
- }
- if (($md5_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/;
- $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src);
- }
- if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/;
- $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src);
- }
- if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/;
- $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src);
- }
- if (($cpuid_asm_obj ne "") && ($_ eq "CRYPTO"))
- {
- $lib_obj =~ s/\s(\S*\/cversion\S*)/ $1 \$(CPUID_ASM_OBJ)/;
- $rules.=&do_asm_rule($cpuid_asm_obj,$cpuid_asm_src);
- }
- $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
- $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
- $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
- }
-
-# hack to add version info on MSVC
-if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) {
- $rules.= <<"EOF";
-\$(OBJ_D)\\\$(CRYPTO).res: ms\\version32.rc
- \$(RSC) /fo"\$(OBJ_D)\\\$(CRYPTO).res" /d CRYPTO ms\\version32.rc
-
-\$(OBJ_D)\\\$(SSL).res: ms\\version32.rc
- \$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc
-
-EOF
-}
-
-$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
-foreach (split(/\s+/,$test))
- {
- $t=&bname($_);
- $tt="\$(OBJ_D)${o}$t${obj}";
- $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
- }
-
-$defs.=&do_defs("E_SHLIB",$engines,"\$(ENG_D)",$shlibp);
-
-foreach (split(/\s+/,$engines))
- {
- $rules.=&do_compile_rule("\$(OBJ_D)","engines${o}e_$_",$lib);
- $rules.= &do_lib_rule("\$(OBJ_D)${o}e_${_}.obj","\$(ENG_D)$o$_$shlibp","",$shlib,"");
- }
-
-
-
-$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
-$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
-
-$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
-
-print $defs;
-
-if ($platform eq "linux-elf") {
- print <<"EOF";
-# Generate perlasm output files
-%.cpp:
- (cd \$(\@D)/..; PERL=perl make -f Makefile asm/\$(\@F))
-EOF
-}
-print "###################################################################\n";
-print $rules;
-
-###############################################
-# strip off any trailing .[och] and append the relative directory
-# also remembering to do nothing if we are in one of the dropped
-# directories
-sub var_add
- {
- local($dir,$val,$keepext)=@_;
- local(@a,$_,$ret);
-
- return("") if $no_engine && $dir =~ /\/engine/;
- return("") if $no_hw && $dir =~ /\/hw/;
- return("") if $no_idea && $dir =~ /\/idea/;
- return("") if $no_aes && $dir =~ /\/aes/;
- return("") if $no_camellia && $dir =~ /\/camellia/;
- return("") if $no_rc2 && $dir =~ /\/rc2/;
- return("") if $no_rc4 && $dir =~ /\/rc4/;
- return("") if $no_rc5 && $dir =~ /\/rc5/;
- return("") if $no_rsa && $dir =~ /\/rsa/;
- return("") if $no_rsa && $dir =~ /^rsaref/;
- return("") if $no_dsa && $dir =~ /\/dsa/;
- return("") if $no_dh && $dir =~ /\/dh/;
- return("") if $no_ec && $dir =~ /\/ec/;
- if ($no_des && $dir =~ /\/des/)
- {
- if ($val =~ /read_pwd/)
- { return("$dir/read_pwd "); }
- else
- { return(""); }
- }
- return("") if $no_mdc2 && $dir =~ /\/mdc2/;
- return("") if $no_sock && $dir =~ /\/proxy/;
- return("") if $no_bf && $dir =~ /\/bf/;
- return("") if $no_cast && $dir =~ /\/cast/;
-
- $val =~ s/^\s*(.*)\s*$/$1/;
- @a=split(/\s+/,$val);
- grep(s/\.[och]$//,@a) unless $keepext;
-
- @a=grep(!/^e_.*_3d$/,@a) if $no_des;
- @a=grep(!/^e_.*_d$/,@a) if $no_des;
- @a=grep(!/^e_.*_ae$/,@a) if $no_idea;
- @a=grep(!/^e_.*_i$/,@a) if $no_aes;
- @a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
- @a=grep(!/^e_.*_r5$/,@a) if $no_rc5;
- @a=grep(!/^e_.*_bf$/,@a) if $no_bf;
- @a=grep(!/^e_.*_c$/,@a) if $no_cast;
- @a=grep(!/^e_rc4$/,@a) if $no_rc4;
- @a=grep(!/^e_camellia$/,@a) if $no_camellia;
-
- @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2;
- @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3;
-
- @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
-
- @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
- @a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
- @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
- @a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd;
-
- @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
- @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
- @a=grep(!/(^pem_seal$)/,@a) if $no_rsa;
-
- @a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa;
- @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa;
-
- @a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4;
-
- @a=grep(!/_dhp$/,@a) if $no_dh;
-
- @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha;
- @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
- @a=grep(!/_mdc2$/,@a) if $no_mdc2;
-
- @a=grep(!/^engine$/,@a) if $no_engine;
- @a=grep(!/^hw$/,@a) if $no_hw;
- @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
- @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
- @a=grep(!/^gendsa$/,@a) if $no_sha1;
- @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
-
- @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
-
- grep($_="$dir/$_",@a);
- @a=grep(!/(^|\/)s_/,@a) if $no_sock;
- @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock;
- $ret=join(' ',@a)." ";
- return($ret);
- }
-
-# change things so that each 'token' is only separated by one space
-sub clean_up_ws
- {
- local($w)=@_;
-
- $w =~ s/^\s*(.*)\s*$/$1/;
- $w =~ s/\s+/ /g;
- return($w);
- }
-
-sub do_defs
- {
- local($var,$files,$location,$postfix)=@_;
- local($_,$ret,$pf);
- local(*OUT,$tmp,$t);
-
- $files =~ s/\//$o/g if $o ne '/';
- $ret="$var=";
- $n=1;
- $Vars{$var}.="";
- foreach (split(/ /,$files))
- {
- $orig=$_;
- $_=&bname($_) unless /^\$/;
- if ($n++ == 2)
- {
- $n=0;
- $ret.="\\\n\t";
- }
- if (($_ =~ /bss_file/) && ($postfix eq ".h"))
- { $pf=".c"; }
- else { $pf=$postfix; }
- if ($_ =~ /BN_ASM/) { $t="$_ "; }
- elsif ($_ =~ /BNCO_ASM/){ $t="$_ "; }
- elsif ($_ =~ /DES_ENC/) { $t="$_ "; }
- elsif ($_ =~ /BF_ENC/) { $t="$_ "; }
- elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
- elsif ($_ =~ /RC4_ENC/) { $t="$_ "; }
- elsif ($_ =~ /RC5_ENC/) { $t="$_ "; }
- elsif ($_ =~ /MD5_ASM/) { $t="$_ "; }
- elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; }
- elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; }
- elsif ($_ =~ /CPUID_ASM/){ $t="$_ "; }
- else { $t="$location${o}$_$pf "; }
-
- $Vars{$var}.="$t ";
- $ret.=$t;
- }
- # hack to add version info on MSVC
- if ($shlib && (($platform eq "VC-WIN32") || ($platform eq "VC-NT")))
- {
- if ($var eq "CRYPTOOBJ")
- { $ret.="\$(OBJ_D)\\\$(CRYPTO).res "; }
- elsif ($var eq "SSLOBJ")
- { $ret.="\$(OBJ_D)\\\$(SSL).res "; }
- }
- chomp($ret);
- $ret.="\n\n";
- return($ret);
- }
-
-# return the name with the leading path removed
-sub bname
- {
- local($ret)=@_;
- $ret =~ s/^.*[\\\/]([^\\\/]+)$/$1/;
- return($ret);
- }
-
-
-##############################################################
-# do a rule for each file that says 'compile' to new direcory
-# compile the files in '$files' into $to
-sub do_compile_rule
- {
- local($to,$files,$ex)=@_;
- local($ret,$_,$n);
-
- $files =~ s/\//$o/g if $o ne '/';
- foreach (split(/\s+/,$files))
- {
- $n=&bname($_);
- $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex)
- }
- return($ret);
- }
-
-##############################################################
-# do a rule for each file that says 'compile' to new direcory
-sub cc_compile_target
- {
- local($target,$source,$ex_flags)=@_;
- local($ret);
-
- $ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);
- $target =~ s/\//$o/g if $o ne "/";
- $source =~ s/\//$o/g if $o ne "/";
- $ret ="$target: \$(SRC_D)$o$source\n\t";
- $ret.="\$(CC) ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n";
- return($ret);
- }
-
-##############################################################
-sub do_asm_rule
- {
- local($target,$src)=@_;
- local($ret,@s,@t,$i);
-
- $target =~ s/\//$o/g if $o ne "/";
- $src =~ s/\//$o/g if $o ne "/";
-
- @s=split(/\s+/,$src);
- @t=split(/\s+/,$target);
-
- for ($i=0; $i<=$#s; $i++)
- {
- $ret.="$t[$i]: $s[$i]\n";
- $ret.="\t\$(ASM) $afile$t[$i] \$(SRC_D)$o$s[$i]\n\n";
- }
- return($ret);
- }
-
-sub do_shlib_rule
- {
- local($n,$def)=@_;
- local($ret,$nn);
- local($t);
-
- ($nn=$n) =~ tr/a-z/A-Z/;
- $ret.="$n.dll: \$(${nn}OBJ)\n";
- if ($vc && $w32)
- {
- $ret.="\t\$(MKSHLIB) $efile$n.dll $def @<<\n \$(${nn}OBJ_F)\n<<\n";
- }
- $ret.="\n";
- return($ret);
- }
-
-# do a rule for each file that says 'copy' to new direcory on change
-sub do_copy_rule
- {
- local($to,$files,$p)=@_;
- local($ret,$_,$n,$pp);
-
- $files =~ s/\//$o/g if $o ne '/';
- foreach (split(/\s+/,$files))
- {
- $n=&bname($_);
- if ($n =~ /bss_file/)
- { $pp=".c"; }
- else { $pp=$p; }
- $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \$(SRC_D)$o$_$pp $to${o}$n$pp\n\n";
- }
- return($ret);
- }
-
-sub read_options
- {
- # Many options are handled in a similar way. In particular
- # no-xxx sets zero or more scalars to 1.
- # Process these using a hash containing the option name and
- # reference to the scalars to set.
-
- my %valid_options = (
- "no-rc2" => \$no_rc2,
- "no-rc4" => \$no_rc4,
- "no-rc5" => \$no_rc5,
- "no-idea" => \$no_idea,
- "no-aes" => \$no_aes,
- "no-camellia" => \$no_camellia,
- "no-des" => \$no_des,
- "no-bf" => \$no_bf,
- "no-cast" => \$no_cast,
- "no-md2" => \$no_md2,
- "no-md4" => \$no_md4,
- "no-md5" => \$no_md5,
- "no-sha" => \$no_sha,
- "no-sha1" => \$no_sha1,
- "no-ripemd" => \$no_ripemd,
- "no-mdc2" => \$no_mdc2,
- "no-patents" =>
- [\$no_rc2, \$no_rc4, \$no_rc5, \$no_idea, \$no_rsa],
- "no-rsa" => \$no_rsa,
- "no-dsa" => \$no_dsa,
- "no-dh" => \$no_dh,
- "no-hmac" => \$no_hmac,
- "no-aes" => \$no_aes,
- "no-camellia" => \$no_camellia,
- "no-asm" => \$no_asm,
- "nasm" => \$nasm,
- "nw-nasm" => \$nw_nasm,
- "nw-mwasm" => \$nw_mwasm,
- "gaswin" => \$gaswin,
- "no-ssl2" => \$no_ssl2,
- "no-ssl3" => \$no_ssl3,
- "no-err" => \$no_err,
- "no-sock" => \$no_sock,
- "no-krb5" => \$no_krb5,
- "no-ec" => \$no_ec,
- "no-ecdsa" => \$no_ecdsa,
- "no-ecdh" => \$no_ecdh,
- "no-engine" => \$no_engine,
- "no-hw" => \$no_hw,
- "just-ssl" =>
- [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
- \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
- \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5,
- \$no_aes, \$no_camellia],
- "rsaref" => 0,
- "gcc" => \$gcc,
- "debug" => \$debug,
- "profile" => \$profile,
- "shlib" => \$shlib,
- "dll" => \$shlib,
- "shared" => 0,
- "no-gmp" => 0,
- "no-rfc3779" => 0,
- "no-shared" => 0,
- "no-zlib" => 0,
- "no-zlib-dynamic" => 0,
- );
-
- if (exists $valid_options{$_})
- {
- my $r = $valid_options{$_};
- if ( ref $r eq "SCALAR")
- { $$r = 1;}
- elsif ( ref $r eq "ARRAY")
- {
- my $r2;
- foreach $r2 (@$r)
- {
- $$r2 = 1;
- }
- }
- }
- elsif (/^no-comp$/) { $xcflags = "-DOPENSSL_NO_COMP $xcflags"; }
- elsif (/^enable-zlib$/) { $zlib_opt = 1 if $zlib_opt == 0 }
- elsif (/^enable-zlib-dynamic$/)
- {
- $zlib_opt = 2;
- }
- elsif (/^no-static-engine/)
- {
- $no_static_engine = 1;
- }
- elsif (/^enable-static-engine/)
- {
- $no_static_engine = 0;
- }
- # There are also enable-xxx options which correspond to
- # the no-xxx. Since the scalars are enabled by default
- # these can be ignored.
- elsif (/^enable-/)
- {
- my $t = $_;
- $t =~ s/^enable/no/;
- if (exists $valid_options{$t})
- {return 1;}
- return 0;
- }
- elsif (/^--with-krb5-flavor=(.*)$/)
- {
- my $krb5_flavor = $1;
- if ($krb5_flavor =~ /^force-[Hh]eimdal$/)
- {
- $xcflags="-DKRB5_HEIMDAL $xcflags";
- }
- elsif ($krb5_flavor =~ /^MIT/i)
- {
- $xcflags="-DKRB5_MIT $xcflags";
- if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i)
- {
- $xcflags="-DKRB5_MIT_OLD11 $xcflags"
- }
- }
- }
- elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
- elsif (/^-[lL].*$/) { $l_flags.="$_ "; }
- elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
- { $c_flags.="$_ "; }
- else { return(0); }
- return(1);
- }
diff --git a/crypto/openssl/util/mkcerts.sh b/crypto/openssl/util/mkcerts.sh
deleted file mode 100755
index 0184fcb..0000000
--- a/crypto/openssl/util/mkcerts.sh
+++ /dev/null
@@ -1,220 +0,0 @@
-#!/bin/sh
-
-# This script will re-make all the required certs.
-# cd apps
-# sh ../util/mkcerts.sh
-# mv ca-cert.pem pca-cert.pem ../certs
-# cd ..
-# cat certs/*.pem >>apps/server.pem
-# cat certs/*.pem >>apps/server2.pem
-# SSLEAY=`pwd`/apps/ssleay; export SSLEAY
-# sh tools/c_rehash certs
-#
-
-CAbits=1024
-SSLEAY="../apps/openssl"
-CONF="-config ../apps/openssl.cnf"
-
-# create pca request.
-echo creating $CAbits bit PCA cert request
-$SSLEAY req $CONF \
- -new -md5 -newkey $CAbits \
- -keyout pca-key.pem \
- -out pca-req.pem -nodes >/dev/null <<EOF
-AU
-Queensland
-.
-CryptSoft Pty Ltd
-.
-Test PCA (1024 bit)
-
-
-
-EOF
-
-if [ $? != 0 ]; then
- echo problems generating PCA request
- exit 1
-fi
-
-#sign it.
-echo
-echo self signing PCA
-$SSLEAY x509 -md5 -days 1461 \
- -req -signkey pca-key.pem \
- -CAcreateserial -CAserial pca-cert.srl \
- -in pca-req.pem -out pca-cert.pem
-
-if [ $? != 0 ]; then
- echo problems self signing PCA cert
- exit 1
-fi
-echo
-
-# create ca request.
-echo creating $CAbits bit CA cert request
-$SSLEAY req $CONF \
- -new -md5 -newkey $CAbits \
- -keyout ca-key.pem \
- -out ca-req.pem -nodes >/dev/null <<EOF
-AU
-Queensland
-.
-CryptSoft Pty Ltd
-.
-Test CA (1024 bit)
-
-
-
-EOF
-
-if [ $? != 0 ]; then
- echo problems generating CA request
- exit 1
-fi
-
-#sign it.
-echo
-echo signing CA
-$SSLEAY x509 -md5 -days 1461 \
- -req \
- -CAcreateserial -CAserial pca-cert.srl \
- -CA pca-cert.pem -CAkey pca-key.pem \
- -in ca-req.pem -out ca-cert.pem
-
-if [ $? != 0 ]; then
- echo problems signing CA cert
- exit 1
-fi
-echo
-
-# create server request.
-echo creating 512 bit server cert request
-$SSLEAY req $CONF \
- -new -md5 -newkey 512 \
- -keyout s512-key.pem \
- -out s512-req.pem -nodes >/dev/null <<EOF
-AU
-Queensland
-.
-CryptSoft Pty Ltd
-.
-Server test cert (512 bit)
-
-
-
-EOF
-
-if [ $? != 0 ]; then
- echo problems generating 512 bit server cert request
- exit 1
-fi
-
-#sign it.
-echo
-echo signing 512 bit server cert
-$SSLEAY x509 -md5 -days 365 \
- -req \
- -CAcreateserial -CAserial ca-cert.srl \
- -CA ca-cert.pem -CAkey ca-key.pem \
- -in s512-req.pem -out server.pem
-
-if [ $? != 0 ]; then
- echo problems signing 512 bit server cert
- exit 1
-fi
-echo
-
-# create 1024 bit server request.
-echo creating 1024 bit server cert request
-$SSLEAY req $CONF \
- -new -md5 -newkey 1024 \
- -keyout s1024key.pem \
- -out s1024req.pem -nodes >/dev/null <<EOF
-AU
-Queensland
-.
-CryptSoft Pty Ltd
-.
-Server test cert (1024 bit)
-
-
-
-EOF
-
-if [ $? != 0 ]; then
- echo problems generating 1024 bit server cert request
- exit 1
-fi
-
-#sign it.
-echo
-echo signing 1024 bit server cert
-$SSLEAY x509 -md5 -days 365 \
- -req \
- -CAcreateserial -CAserial ca-cert.srl \
- -CA ca-cert.pem -CAkey ca-key.pem \
- -in s1024req.pem -out server2.pem
-
-if [ $? != 0 ]; then
- echo problems signing 1024 bit server cert
- exit 1
-fi
-echo
-
-# create 512 bit client request.
-echo creating 512 bit client cert request
-$SSLEAY req $CONF \
- -new -md5 -newkey 512 \
- -keyout c512-key.pem \
- -out c512-req.pem -nodes >/dev/null <<EOF
-AU
-Queensland
-.
-CryptSoft Pty Ltd
-.
-Client test cert (512 bit)
-
-
-
-EOF
-
-if [ $? != 0 ]; then
- echo problems generating 512 bit client cert request
- exit 1
-fi
-
-#sign it.
-echo
-echo signing 512 bit client cert
-$SSLEAY x509 -md5 -days 365 \
- -req \
- -CAcreateserial -CAserial ca-cert.srl \
- -CA ca-cert.pem -CAkey ca-key.pem \
- -in c512-req.pem -out client.pem
-
-if [ $? != 0 ]; then
- echo problems signing 512 bit client cert
- exit 1
-fi
-
-echo cleanup
-
-cat pca-key.pem >> pca-cert.pem
-cat ca-key.pem >> ca-cert.pem
-cat s512-key.pem >> server.pem
-cat s1024key.pem >> server2.pem
-cat c512-key.pem >> client.pem
-
-for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem
-do
-$SSLEAY x509 -issuer -subject -in $i -noout >$$
-cat $$
-/bin/cat $i >>$$
-/bin/mv $$ $i
-done
-
-#/bin/rm -f *key.pem *req.pem *.srl
-
-echo Finished
-
diff --git a/crypto/openssl/util/mkdef.pl b/crypto/openssl/util/mkdef.pl
deleted file mode 100755
index 352932f..0000000
--- a/crypto/openssl/util/mkdef.pl
+++ /dev/null
@@ -1,1447 +0,0 @@
-#!/usr/local/bin/perl -w
-#
-# generate a .def file
-#
-# It does this by parsing the header files and looking for the
-# prototyped functions: it then prunes the output.
-#
-# Intermediary files are created, call libeay.num and ssleay.num,...
-# Previously, they had the following format:
-#
-# routine-name nnnn
-#
-# But that isn't enough for a number of reasons, the first on being that
-# this format is (needlessly) very Win32-centric, and even then...
-# One of the biggest problems is that there's no information about what
-# routines should actually be used, which varies with what crypto algorithms
-# are disabled. Also, some operating systems (for example VMS with VAX C)
-# need to keep track of the global variables as well as the functions.
-#
-# So, a remake of this script is done so as to include information on the
-# kind of symbol it is (function or variable) and what algorithms they're
-# part of. This will allow easy translating to .def files or the corresponding
-# file in other operating systems (a .opt file for VMS, possibly with a .mar
-# file).
-#
-# The format now becomes:
-#
-# routine-name nnnn info
-#
-# and the "info" part is actually a colon-separated string of fields with
-# the following meaning:
-#
-# existence:platform:kind:algorithms
-#
-# - "existence" can be "EXIST" or "NOEXIST" depending on if the symbol is
-# found somewhere in the source,
-# - "platforms" is empty if it exists on all platforms, otherwise it contains
-# comma-separated list of the platform, just as they are if the symbol exists
-# for those platforms, or prepended with a "!" if not. This helps resolve
-# symbol name variants for platforms where the names are too long for the
-# compiler or linker, or if the systems is case insensitive and there is a
-# clash, or the symbol is implemented differently (see
-# EXPORT_VAR_AS_FUNCTION). This script assumes renaming of symbols is found
-# in the file crypto/symhacks.h.
-# The semantics for the platforms is that every item is checked against the
-# environment. For the negative items ("!FOO"), if any of them is false
-# (i.e. "FOO" is true) in the environment, the corresponding symbol can't be
-# used. For the positive itms, if all of them are false in the environment,
-# the corresponding symbol can't be used. Any combination of positive and
-# negative items are possible, and of course leave room for some redundancy.
-# - "kind" is "FUNCTION" or "VARIABLE". The meaning of that is obvious.
-# - "algorithms" is a comma-separated list of algorithm names. This helps
-# exclude symbols that are part of an algorithm that some user wants to
-# exclude.
-#
-
-my $debug=0;
-
-my $crypto_num= "util/libeay.num";
-my $ssl_num= "util/ssleay.num";
-my $libname;
-
-my $do_update = 0;
-my $do_rewrite = 1;
-my $do_crypto = 0;
-my $do_ssl = 0;
-my $do_ctest = 0;
-my $do_ctestall = 0;
-my $do_checkexist = 0;
-
-my $VMSVAX=0;
-my $VMSAlpha=0;
-my $VMS=0;
-my $W32=0;
-my $W16=0;
-my $NT=0;
-my $OS2=0;
-# Set this to make typesafe STACK definitions appear in DEF
-my $safe_stack_def = 0;
-
-my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
- "EXPORT_VAR_AS_FUNCTION" );
-my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
-my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
- "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
- "SHA256", "SHA512", "RIPEMD",
- "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES", "CAMELLIA",
- # Envelope "algorithms"
- "EVP", "X509", "ASN1_TYPEDEFS",
- # Helper "algorithms"
- "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR",
- "LOCKING",
- # External "algorithms"
- "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM",
- # Engines
- "STATIC_ENGINE", "ENGINE", "HW", "GMP",
- # RFC3779 support
- "RFC3779",
- # Deprecated functions
- "DEPRECATED" );
-
-my $options="";
-open(IN,"<Makefile") || die "unable to open Makefile!\n";
-while(<IN>) {
- $options=$1 if (/^OPTIONS=(.*)$/);
-}
-close(IN);
-
-# The following ciphers may be excluded (by Configure). This means functions
-# defined with ifndef(NO_XXX) are not included in the .def file, and everything
-# in directory xxx is ignored.
-my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
-my $no_cast;
-my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
-my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
-my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_camellia;
-my $no_fp_api; my $no_static_engine; my $no_gmp; my $no_deprecated;
-my $no_rfc3779;
-
-
-foreach (@ARGV, split(/ /, $options))
- {
- $debug=1 if $_ eq "debug";
- $W32=1 if $_ eq "32";
- $W16=1 if $_ eq "16";
- if($_ eq "NT") {
- $W32 = 1;
- $NT = 1;
- }
- if ($_ eq "VMS-VAX") {
- $VMS=1;
- $VMSVAX=1;
- }
- if ($_ eq "VMS-Alpha") {
- $VMS=1;
- $VMSAlpha=1;
- }
- $VMS=1 if $_ eq "VMS";
- $OS2=1 if $_ eq "OS2";
-
- $do_ssl=1 if $_ eq "ssleay";
- if ($_ eq "ssl") {
- $do_ssl=1;
- $libname=$_
- }
- $do_crypto=1 if $_ eq "libeay";
- if ($_ eq "crypto") {
- $do_crypto=1;
- $libname=$_;
- }
- $no_static_engine=1 if $_ eq "no-static-engine";
- $no_static_engine=0 if $_ eq "enable-static-engine";
- $do_update=1 if $_ eq "update";
- $do_rewrite=1 if $_ eq "rewrite";
- $do_ctest=1 if $_ eq "ctest";
- $do_ctestall=1 if $_ eq "ctestall";
- $do_checkexist=1 if $_ eq "exist";
- #$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
-
- if (/^no-rc2$/) { $no_rc2=1; }
- elsif (/^no-rc4$/) { $no_rc4=1; }
- elsif (/^no-rc5$/) { $no_rc5=1; }
- elsif (/^no-idea$/) { $no_idea=1; }
- elsif (/^no-des$/) { $no_des=1; $no_mdc2=1; }
- elsif (/^no-bf$/) { $no_bf=1; }
- elsif (/^no-cast$/) { $no_cast=1; }
- elsif (/^no-md2$/) { $no_md2=1; }
- elsif (/^no-md4$/) { $no_md4=1; }
- elsif (/^no-md5$/) { $no_md5=1; }
- elsif (/^no-sha$/) { $no_sha=1; }
- elsif (/^no-ripemd$/) { $no_ripemd=1; }
- elsif (/^no-mdc2$/) { $no_mdc2=1; }
- elsif (/^no-rsa$/) { $no_rsa=1; }
- elsif (/^no-dsa$/) { $no_dsa=1; }
- elsif (/^no-dh$/) { $no_dh=1; }
- elsif (/^no-ec$/) { $no_ec=1; }
- elsif (/^no-ecdsa$/) { $no_ecdsa=1; }
- elsif (/^no-ecdh$/) { $no_ecdh=1; }
- elsif (/^no-hmac$/) { $no_hmac=1; }
- elsif (/^no-aes$/) { $no_aes=1; }
- elsif (/^no-camellia$/) { $no_camellia=1; }
- elsif (/^no-evp$/) { $no_evp=1; }
- elsif (/^no-lhash$/) { $no_lhash=1; }
- elsif (/^no-stack$/) { $no_stack=1; }
- elsif (/^no-err$/) { $no_err=1; }
- elsif (/^no-buffer$/) { $no_buffer=1; }
- elsif (/^no-bio$/) { $no_bio=1; }
- #elsif (/^no-locking$/) { $no_locking=1; }
- elsif (/^no-comp$/) { $no_comp=1; }
- elsif (/^no-dso$/) { $no_dso=1; }
- elsif (/^no-krb5$/) { $no_krb5=1; }
- elsif (/^no-engine$/) { $no_engine=1; }
- elsif (/^no-hw$/) { $no_hw=1; }
- elsif (/^no-gmp$/) { $no_gmp=1; }
- elsif (/^no-rfc3779$/) { $no_rfc3779=1; }
- }
-
-
-if (!$libname) {
- if ($do_ssl) {
- $libname="SSLEAY";
- }
- if ($do_crypto) {
- $libname="LIBEAY";
- }
-}
-
-# If no platform is given, assume WIN32
-if ($W32 + $W16 + $VMS + $OS2 == 0) {
- $W32 = 1;
-}
-
-# Add extra knowledge
-if ($W16) {
- $no_fp_api=1;
-}
-
-if (!$do_ssl && !$do_crypto)
- {
- print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT | OS2 ]\n";
- exit(1);
- }
-
-%ssl_list=&load_numbers($ssl_num);
-$max_ssl = $max_num;
-%crypto_list=&load_numbers($crypto_num);
-$max_crypto = $max_num;
-
-my $ssl="ssl/ssl.h";
-$ssl.=" ssl/kssl.h";
-
-my $crypto ="crypto/crypto.h";
-$crypto.=" crypto/o_dir.h";
-$crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des;
-$crypto.=" crypto/idea/idea.h" ; # unless $no_idea;
-$crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4;
-$crypto.=" crypto/rc5/rc5.h" ; # unless $no_rc5;
-$crypto.=" crypto/rc2/rc2.h" ; # unless $no_rc2;
-$crypto.=" crypto/bf/blowfish.h" ; # unless $no_bf;
-$crypto.=" crypto/cast/cast.h" ; # unless $no_cast;
-$crypto.=" crypto/md2/md2.h" ; # unless $no_md2;
-$crypto.=" crypto/md4/md4.h" ; # unless $no_md4;
-$crypto.=" crypto/md5/md5.h" ; # unless $no_md5;
-$crypto.=" crypto/mdc2/mdc2.h" ; # unless $no_mdc2;
-$crypto.=" crypto/sha/sha.h" ; # unless $no_sha;
-$crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd;
-$crypto.=" crypto/aes/aes.h" ; # unless $no_aes;
-$crypto.=" crypto/camellia/camellia.h" ; # unless $no_camellia;
-
-$crypto.=" crypto/bn/bn.h";
-$crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa;
-$crypto.=" crypto/dsa/dsa.h" ; # unless $no_dsa;
-$crypto.=" crypto/dh/dh.h" ; # unless $no_dh;
-$crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
-$crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa;
-$crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh;
-$crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
-
-$crypto.=" crypto/engine/engine.h"; # unless $no_engine;
-$crypto.=" crypto/stack/stack.h" ; # unless $no_stack;
-$crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer;
-$crypto.=" crypto/bio/bio.h" ; # unless $no_bio;
-$crypto.=" crypto/dso/dso.h" ; # unless $no_dso;
-$crypto.=" crypto/lhash/lhash.h" ; # unless $no_lhash;
-$crypto.=" crypto/conf/conf.h";
-$crypto.=" crypto/txt_db/txt_db.h";
-
-$crypto.=" crypto/evp/evp.h" ; # unless $no_evp;
-$crypto.=" crypto/objects/objects.h";
-$crypto.=" crypto/pem/pem.h";
-#$crypto.=" crypto/meth/meth.h";
-$crypto.=" crypto/asn1/asn1.h";
-$crypto.=" crypto/asn1/asn1t.h";
-$crypto.=" crypto/asn1/asn1_mac.h";
-$crypto.=" crypto/err/err.h" ; # unless $no_err;
-$crypto.=" crypto/pkcs7/pkcs7.h";
-$crypto.=" crypto/pkcs12/pkcs12.h";
-$crypto.=" crypto/x509/x509.h";
-$crypto.=" crypto/x509/x509_vfy.h";
-$crypto.=" crypto/x509v3/x509v3.h";
-$crypto.=" crypto/rand/rand.h";
-$crypto.=" crypto/comp/comp.h" ; # unless $no_comp;
-$crypto.=" crypto/ocsp/ocsp.h";
-$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
-$crypto.=" crypto/krb5/krb5_asn.h";
-$crypto.=" crypto/tmdiff.h";
-$crypto.=" crypto/store/store.h";
-$crypto.=" crypto/pqueue/pqueue.h";
-
-my $symhacks="crypto/symhacks.h";
-
-my @ssl_symbols = &do_defs("SSLEAY", $ssl, $symhacks);
-my @crypto_symbols = &do_defs("LIBEAY", $crypto, $symhacks);
-
-if ($do_update) {
-
-if ($do_ssl == 1) {
-
- &maybe_add_info("SSLEAY",*ssl_list,@ssl_symbols);
- if ($do_rewrite == 1) {
- open(OUT, ">$ssl_num");
- &rewrite_numbers(*OUT,"SSLEAY",*ssl_list,@ssl_symbols);
- } else {
- open(OUT, ">>$ssl_num");
- }
- &update_numbers(*OUT,"SSLEAY",*ssl_list,$max_ssl,@ssl_symbols);
- close OUT;
-}
-
-if($do_crypto == 1) {
-
- &maybe_add_info("LIBEAY",*crypto_list,@crypto_symbols);
- if ($do_rewrite == 1) {
- open(OUT, ">$crypto_num");
- &rewrite_numbers(*OUT,"LIBEAY",*crypto_list,@crypto_symbols);
- } else {
- open(OUT, ">>$crypto_num");
- }
- &update_numbers(*OUT,"LIBEAY",*crypto_list,$max_crypto,@crypto_symbols);
- close OUT;
-}
-
-} elsif ($do_checkexist) {
- &check_existing(*ssl_list, @ssl_symbols)
- if $do_ssl == 1;
- &check_existing(*crypto_list, @crypto_symbols)
- if $do_crypto == 1;
-} elsif ($do_ctest || $do_ctestall) {
-
- print <<"EOF";
-
-/* Test file to check all DEF file symbols are present by trying
- * to link to all of them. This is *not* intended to be run!
- */
-
-int main()
-{
-EOF
- &print_test_file(*STDOUT,"SSLEAY",*ssl_list,$do_ctestall,@ssl_symbols)
- if $do_ssl == 1;
-
- &print_test_file(*STDOUT,"LIBEAY",*crypto_list,$do_ctestall,@crypto_symbols)
- if $do_crypto == 1;
-
- print "}\n";
-
-} else {
-
- &print_def_file(*STDOUT,$libname,*ssl_list,@ssl_symbols)
- if $do_ssl == 1;
-
- &print_def_file(*STDOUT,$libname,*crypto_list,@crypto_symbols)
- if $do_crypto == 1;
-
-}
-
-
-sub do_defs
-{
- my($name,$files,$symhacksfile)=@_;
- my $file;
- my @ret;
- my %syms;
- my %platform; # For anything undefined, we assume ""
- my %kind; # For anything undefined, we assume "FUNCTION"
- my %algorithm; # For anything undefined, we assume ""
- my %variant;
- my %variant_cnt; # To be able to allocate "name{n}" if "name"
- # is the same name as the original.
- my $cpp;
- my %unknown_algorithms = ();
-
- foreach $file (split(/\s+/,$symhacksfile." ".$files))
- {
- print STDERR "DEBUG: starting on $file:\n" if $debug;
- open(IN,"<$file") || die "unable to open $file:$!\n";
- my $line = "", my $def= "";
- my %tag = (
- (map { $_ => 0 } @known_platforms),
- (map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms),
- (map { "OPENSSL_NO_".$_ => 0 } @known_algorithms),
- NOPROTO => 0,
- PERL5 => 0,
- _WINDLL => 0,
- CONST_STRICT => 0,
- TRUE => 1,
- );
- my $symhacking = $file eq $symhacksfile;
- my @current_platforms = ();
- my @current_algorithms = ();
-
- # params: symbol, alias, platforms, kind
- # The reason to put this subroutine in a variable is that
- # it will otherwise create it's own, unshared, version of
- # %tag and %variant...
- my $make_variant = sub
- {
- my ($s, $a, $p, $k) = @_;
- my ($a1, $a2);
-
- print STDERR "DEBUG: make_variant: Entered with ",$s,", ",$a,", ",(defined($p)?$p:""),", ",(defined($k)?$k:""),"\n" if $debug;
- if (defined($p))
- {
- $a1 = join(",",$p,
- grep(!/^$/,
- map { $tag{$_} == 1 ? $_ : "" }
- @known_platforms));
- }
- else
- {
- $a1 = join(",",
- grep(!/^$/,
- map { $tag{$_} == 1 ? $_ : "" }
- @known_platforms));
- }
- $a2 = join(",",
- grep(!/^$/,
- map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ : "" }
- @known_ossl_platforms));
- print STDERR "DEBUG: make_variant: a1 = $a1; a2 = $a2\n" if $debug;
- if ($a1 eq "") { $a1 = $a2; }
- elsif ($a1 ne "" && $a2 ne "") { $a1 .= ",".$a2; }
- if ($a eq $s)
- {
- if (!defined($variant_cnt{$s}))
- {
- $variant_cnt{$s} = 0;
- }
- $variant_cnt{$s}++;
- $a .= "{$variant_cnt{$s}}";
- }
- my $toadd = $a.":".$a1.(defined($k)?":".$k:"");
- my $togrep = $s.'(\{[0-9]+\})?:'.$a1.(defined($k)?":".$k:"");
- if (!grep(/^$togrep$/,
- split(/;/, defined($variant{$s})?$variant{$s}:""))) {
- if (defined($variant{$s})) { $variant{$s} .= ";"; }
- $variant{$s} .= $toadd;
- }
- print STDERR "DEBUG: make_variant: Exit with variant of ",$s," = ",$variant{$s},"\n" if $debug;
- };
-
- print STDERR "DEBUG: parsing ----------\n" if $debug;
- while(<IN>) {
- if (/\/\* Error codes for the \w+ functions\. \*\//)
- {
- undef @tag;
- last;
- }
- if ($line ne '') {
- $_ = $line . $_;
- $line = '';
- }
-
- if (/\\$/) {
- chomp; # remove eol
- chop; # remove ending backslash
- $line = $_;
- next;
- }
-
- if(/\/\*/) {
- if (not /\*\//) { # multiline comment...
- $line = $_; # ... just accumulate
- next;
- } else {
- s/\/\*.*?\*\///gs;# wipe it
- }
- }
-
- if ($cpp) {
- $cpp++ if /^#\s*if/;
- $cpp-- if /^#\s*endif/;
- next;
- }
- $cpp = 1 if /^#.*ifdef.*cplusplus/;
-
- s/{[^{}]*}//gs; # ignore {} blocks
- print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne "";
- print STDERR "DEBUG: \$_=\"$_\"\n" if $debug;
- if (/^\#\s*ifndef\s+(.*)/) {
- push(@tag,"-");
- push(@tag,$1);
- $tag{$1}=-1;
- print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
- } elsif (/^\#\s*if\s+!defined\(([^\)]+)\)/) {
- push(@tag,"-");
- if (/^\#\s*if\s+(!defined\(([^\)]+)\)(\s+\&\&\s+!defined\(([^\)]+)\))*)$/) {
- my $tmp_1 = $1;
- my $tmp_;
- foreach $tmp_ (split '\&\&',$tmp_1) {
- $tmp_ =~ /!defined\(([^\)]+)\)/;
- print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
- push(@tag,$1);
- $tag{$1}=-1;
- }
- } else {
- print STDERR "Warning: $file: complicated expression: $_" if $debug; # because it is O...
- print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
- push(@tag,$1);
- $tag{$1}=-1;
- }
- } elsif (/^\#\s*ifdef\s+(\S*)/) {
- push(@tag,"-");
- push(@tag,$1);
- $tag{$1}=1;
- print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
- } elsif (/^\#\s*if\s+defined\(([^\)]+)\)/) {
- push(@tag,"-");
- if (/^\#\s*if\s+(defined\(([^\)]+)\)(\s+\|\|\s+defined\(([^\)]+)\))*)$/) {
- my $tmp_1 = $1;
- my $tmp_;
- foreach $tmp_ (split '\|\|',$tmp_1) {
- $tmp_ =~ /defined\(([^\)]+)\)/;
- print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
- push(@tag,$1);
- $tag{$1}=1;
- }
- } else {
- print STDERR "Warning: $file: complicated expression: $_\n" if $debug; # because it is O...
- print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
- push(@tag,$1);
- $tag{$1}=1;
- }
- } elsif (/^\#\s*error\s+(\w+) is disabled\./) {
- my $tag_i = $#tag;
- while($tag[$tag_i] ne "-") {
- if ($tag[$tag_i] eq "OPENSSL_NO_".$1) {
- $tag{$tag[$tag_i]}=2;
- print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug;
- }
- $tag_i--;
- }
- } elsif (/^\#\s*endif/) {
- my $tag_i = $#tag;
- while($tag_i > 0 && $tag[$tag_i] ne "-") {
- my $t=$tag[$tag_i];
- print STDERR "DEBUG: \$t=\"$t\"\n" if $debug;
- if ($tag{$t}==2) {
- $tag{$t}=-1;
- } else {
- $tag{$t}=0;
- }
- print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
- pop(@tag);
- if ($t =~ /^OPENSSL_NO_([A-Z0-9_]+)$/) {
- $t=$1;
- } else {
- $t="";
- }
- if ($t ne ""
- && !grep(/^$t$/, @known_algorithms)) {
- $unknown_algorithms{$t} = 1;
- #print STDERR "DEBUG: Added as unknown algorithm: $t\n" if $debug;
- }
- $tag_i--;
- }
- pop(@tag);
- } elsif (/^\#\s*else/) {
- my $tag_i = $#tag;
- while($tag[$tag_i] ne "-") {
- my $t=$tag[$tag_i];
- $tag{$t}= -$tag{$t};
- print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
- $tag_i--;
- }
- } elsif (/^\#\s*if\s+1/) {
- push(@tag,"-");
- # Dummy tag
- push(@tag,"TRUE");
- $tag{"TRUE"}=1;
- print STDERR "DEBUG: $file: found 1\n" if $debug;
- } elsif (/^\#\s*if\s+0/) {
- push(@tag,"-");
- # Dummy tag
- push(@tag,"TRUE");
- $tag{"TRUE"}=-1;
- print STDERR "DEBUG: $file: found 0\n" if $debug;
- } elsif (/^\#\s*define\s+(\w+)\s+(\w+)/
- && $symhacking && $tag{'TRUE'} != -1) {
- # This is for aliasing. When we find an alias,
- # we have to invert
- &$make_variant($1,$2);
- print STDERR "DEBUG: $file: defined $1 = $2\n" if $debug;
- }
- if (/^\#/) {
- @current_platforms =
- grep(!/^$/,
- map { $tag{$_} == 1 ? $_ :
- $tag{$_} == -1 ? "!".$_ : "" }
- @known_platforms);
- push @current_platforms
- , grep(!/^$/,
- map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ :
- $tag{"OPENSSL_SYS_".$_} == -1 ? "!".$_ : "" }
- @known_ossl_platforms);
- @current_algorithms =
- grep(!/^$/,
- map { $tag{"OPENSSL_NO_".$_} == -1 ? $_ : "" }
- @known_algorithms);
- $def .=
- "#INFO:"
- .join(',',@current_platforms).":"
- .join(',',@current_algorithms).";";
- next;
- }
- if ($tag{'TRUE'} != -1) {
- if (/^\s*DECLARE_STACK_OF\s*\(\s*(\w*)\s*\)/) {
- next;
- } elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
- $def .= "int d2i_$3(void);";
- $def .= "int i2d_$3(void);";
- # Variant for platforms that do not
- # have to access globale variables
- # in shared libraries through functions
- $def .=
- "#INFO:"
- .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
- .join(',',@current_algorithms).";";
- $def .= "OPENSSL_EXTERN int $2_it;";
- $def .=
- "#INFO:"
- .join(',',@current_platforms).":"
- .join(',',@current_algorithms).";";
- # Variant for platforms that have to
- # access globale variables in shared
- # libraries through functions
- &$make_variant("$2_it","$2_it",
- "EXPORT_VAR_AS_FUNCTION",
- "FUNCTION");
- next;
- } elsif (/^\s*DECLARE_ASN1_FUNCTIONS_fname\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
- $def .= "int d2i_$3(void);";
- $def .= "int i2d_$3(void);";
- $def .= "int $3_free(void);";
- $def .= "int $3_new(void);";
- # Variant for platforms that do not
- # have to access globale variables
- # in shared libraries through functions
- $def .=
- "#INFO:"
- .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
- .join(',',@current_algorithms).";";
- $def .= "OPENSSL_EXTERN int $2_it;";
- $def .=
- "#INFO:"
- .join(',',@current_platforms).":"
- .join(',',@current_algorithms).";";
- # Variant for platforms that have to
- # access globale variables in shared
- # libraries through functions
- &$make_variant("$2_it","$2_it",
- "EXPORT_VAR_AS_FUNCTION",
- "FUNCTION");
- next;
- } elsif (/^\s*DECLARE_ASN1_FUNCTIONS\s*\(\s*(\w*)\s*\)/ ||
- /^\s*DECLARE_ASN1_FUNCTIONS_const\s*\(\s*(\w*)\s*\)/) {
- $def .= "int d2i_$1(void);";
- $def .= "int i2d_$1(void);";
- $def .= "int $1_free(void);";
- $def .= "int $1_new(void);";
- # Variant for platforms that do not
- # have to access globale variables
- # in shared libraries through functions
- $def .=
- "#INFO:"
- .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
- .join(',',@current_algorithms).";";
- $def .= "OPENSSL_EXTERN int $1_it;";
- $def .=
- "#INFO:"
- .join(',',@current_platforms).":"
- .join(',',@current_algorithms).";";
- # Variant for platforms that have to
- # access globale variables in shared
- # libraries through functions
- &$make_variant("$1_it","$1_it",
- "EXPORT_VAR_AS_FUNCTION",
- "FUNCTION");
- next;
- } elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS_const\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
- $def .= "int d2i_$2(void);";
- $def .= "int i2d_$2(void);";
- # Variant for platforms that do not
- # have to access globale variables
- # in shared libraries through functions
- $def .=
- "#INFO:"
- .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
- .join(',',@current_algorithms).";";
- $def .= "OPENSSL_EXTERN int $2_it;";
- $def .=
- "#INFO:"
- .join(',',@current_platforms).":"
- .join(',',@current_algorithms).";";
- # Variant for platforms that have to
- # access globale variables in shared
- # libraries through functions
- &$make_variant("$2_it","$2_it",
- "EXPORT_VAR_AS_FUNCTION",
- "FUNCTION");
- next;
- } elsif (/^\s*DECLARE_ASN1_ALLOC_FUNCTIONS\s*\(\s*(\w*)\s*\)/) {
- $def .= "int $1_free(void);";
- $def .= "int $1_new(void);";
- next;
- } elsif (/^\s*DECLARE_ASN1_FUNCTIONS_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
- $def .= "int d2i_$2(void);";
- $def .= "int i2d_$2(void);";
- $def .= "int $2_free(void);";
- $def .= "int $2_new(void);";
- # Variant for platforms that do not
- # have to access globale variables
- # in shared libraries through functions
- $def .=
- "#INFO:"
- .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
- .join(',',@current_algorithms).";";
- $def .= "OPENSSL_EXTERN int $2_it;";
- $def .=
- "#INFO:"
- .join(',',@current_platforms).":"
- .join(',',@current_algorithms).";";
- # Variant for platforms that have to
- # access globale variables in shared
- # libraries through functions
- &$make_variant("$2_it","$2_it",
- "EXPORT_VAR_AS_FUNCTION",
- "FUNCTION");
- next;
- } elsif (/^\s*DECLARE_ASN1_ITEM\s*\(\s*(\w*)\s*\)/) {
- # Variant for platforms that do not
- # have to access globale variables
- # in shared libraries through functions
- $def .=
- "#INFO:"
- .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
- .join(',',@current_algorithms).";";
- $def .= "OPENSSL_EXTERN int $1_it;";
- $def .=
- "#INFO:"
- .join(',',@current_platforms).":"
- .join(',',@current_algorithms).";";
- # Variant for platforms that have to
- # access globale variables in shared
- # libraries through functions
- &$make_variant("$1_it","$1_it",
- "EXPORT_VAR_AS_FUNCTION",
- "FUNCTION");
- next;
- } elsif (/^\s*DECLARE_ASN1_NDEF_FUNCTION\s*\(\s*(\w*)\s*\)/) {
- $def .= "int i2d_$1_NDEF(void);";
- } elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
- next;
- } elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION\s*\(\s*(\w*)\s*\)/) {
- $def .= "int $1_print_ctx(void);";
- next;
- } elsif (/^\s*DECLARE_ASN1_PRINT_FUNCTION_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
- $def .= "int $2_print_ctx(void);";
- next;
- } elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) {
- next;
- } elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
- /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ||
- /^DECLARE_PEM_rw_const\s*\(\s*(\w*)\s*,/ ) {
- # Things not in Win16
- $def .=
- "#INFO:"
- .join(',',"!WIN16",@current_platforms).":"
- .join(',',@current_algorithms).";";
- $def .= "int PEM_read_$1(void);";
- $def .= "int PEM_write_$1(void);";
- $def .=
- "#INFO:"
- .join(',',@current_platforms).":"
- .join(',',@current_algorithms).";";
- # Things that are everywhere
- $def .= "int PEM_read_bio_$1(void);";
- $def .= "int PEM_write_bio_$1(void);";
- next;
- } elsif (/^DECLARE_PEM_write\s*\(\s*(\w*)\s*,/ ||
- /^DECLARE_PEM_write_cb\s*\(\s*(\w*)\s*,/ ) {
- # Things not in Win16
- $def .=
- "#INFO:"
- .join(',',"!WIN16",@current_platforms).":"
- .join(',',@current_algorithms).";";
- $def .= "int PEM_write_$1(void);";
- $def .=
- "#INFO:"
- .join(',',@current_platforms).":"
- .join(',',@current_algorithms).";";
- # Things that are everywhere
- $def .= "int PEM_write_bio_$1(void);";
- next;
- } elsif (/^DECLARE_PEM_read\s*\(\s*(\w*)\s*,/ ||
- /^DECLARE_PEM_read_cb\s*\(\s*(\w*)\s*,/ ) {
- # Things not in Win16
- $def .=
- "#INFO:"
- .join(',',"!WIN16",@current_platforms).":"
- .join(',',@current_algorithms).";";
- $def .= "int PEM_read_$1(void);";
- $def .=
- "#INFO:"
- .join(',',@current_platforms).":"
- .join(',',@current_algorithms).";";
- # Things that are everywhere
- $def .= "int PEM_read_bio_$1(void);";
- next;
- } elsif (/^OPENSSL_DECLARE_GLOBAL\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
- # Variant for platforms that do not
- # have to access globale variables
- # in shared libraries through functions
- $def .=
- "#INFO:"
- .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
- .join(',',@current_algorithms).";";
- $def .= "OPENSSL_EXTERN int _shadow_$2;";
- $def .=
- "#INFO:"
- .join(',',@current_platforms).":"
- .join(',',@current_algorithms).";";
- # Variant for platforms that have to
- # access globale variables in shared
- # libraries through functions
- &$make_variant("_shadow_$2","_shadow_$2",
- "EXPORT_VAR_AS_FUNCTION",
- "FUNCTION");
- } elsif ($tag{'CONST_STRICT'} != 1) {
- if (/\{|\/\*|\([^\)]*$/) {
- $line = $_;
- } else {
- $def .= $_;
- }
- }
- }
- }
- close(IN);
-
- my $algs;
- my $plays;
-
- print STDERR "DEBUG: postprocessing ----------\n" if $debug;
- foreach (split /;/, $def) {
- my $s; my $k = "FUNCTION"; my $p; my $a;
- s/^[\n\s]*//g;
- s/[\n\s]*$//g;
- next if(/\#undef/);
- next if(/typedef\W/);
- next if(/\#define/);
-
- # Reduce argument lists to empty ()
- # fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {}
- while(/\(.*\)/s) {
- s/\([^\(\)]+\)/\{\}/gs;
- s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs; #(*f{}) -> f
- }
- # pretend as we didn't use curly braces: {} -> ()
- s/\{\}/\(\)/gs;
-
- s/STACK_OF\(\)/void/gs;
-
- print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug;
- if (/^\#INFO:([^:]*):(.*)$/) {
- $plats = $1;
- $algs = $2;
- print STDERR "DEBUG: found info on platforms ($plats) and algorithms ($algs)\n" if $debug;
- next;
- } elsif (/^\s*OPENSSL_EXTERN\s.*?(\w+(\{[0-9]+\})?)(\[[0-9]*\])*\s*$/) {
- $s = $1;
- $k = "VARIABLE";
- print STDERR "DEBUG: found external variable $s\n" if $debug;
- } elsif (/TYPEDEF_\w+_OF/s) {
- next;
- } elsif (/(\w+)\s*\(\).*/s) { # first token prior [first] () is
- $s = $1; # a function name!
- print STDERR "DEBUG: found function $s\n" if $debug;
- } elsif (/\(/ and not (/=/)) {
- print STDERR "File $file: cannot parse: $_;\n";
- next;
- } else {
- next;
- }
-
- $syms{$s} = 1;
- $kind{$s} = $k;
-
- $p = $plats;
- $a = $algs;
- $a .= ",BF" if($s =~ /EVP_bf/);
- $a .= ",CAST" if($s =~ /EVP_cast/);
- $a .= ",DES" if($s =~ /EVP_des/);
- $a .= ",DSA" if($s =~ /EVP_dss/);
- $a .= ",IDEA" if($s =~ /EVP_idea/);
- $a .= ",MD2" if($s =~ /EVP_md2/);
- $a .= ",MD4" if($s =~ /EVP_md4/);
- $a .= ",MD5" if($s =~ /EVP_md5/);
- $a .= ",RC2" if($s =~ /EVP_rc2/);
- $a .= ",RC4" if($s =~ /EVP_rc4/);
- $a .= ",RC5" if($s =~ /EVP_rc5/);
- $a .= ",RIPEMD" if($s =~ /EVP_ripemd/);
- $a .= ",SHA" if($s =~ /EVP_sha/);
- $a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/);
- $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
- $a .= ",RSA" if($s =~ /RSAPrivateKey/);
- $a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
-
- $platform{$s} =
- &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
- $algorithm{$s} .= ','.$a;
-
- if (defined($variant{$s})) {
- foreach $v (split /;/,$variant{$s}) {
- (my $r, my $p, my $k) = split(/:/,$v);
- my $ip = join ',',map({ /^!(.*)$/ ? $1 : "!".$_ } split /,/, $p);
- $syms{$r} = 1;
- if (!defined($k)) { $k = $kind{$s}; }
- $kind{$r} = $k."(".$s.")";
- $algorithm{$r} = $algorithm{$s};
- $platform{$r} = &reduce_platforms($platform{$s}.",".$p.",".$p);
- $platform{$s} = &reduce_platforms($platform{$s}.','.$ip.','.$ip);
- print STDERR "DEBUG: \$variant{\"$s\"} = ",$v,"; \$r = $r; \$p = ",$platform{$r},"; \$a = ",$algorithm{$r},"; \$kind = ",$kind{$r},"\n" if $debug;
- }
- }
- print STDERR "DEBUG: \$s = $s; \$p = ",$platform{$s},"; \$a = ",$algorithm{$s},"; \$kind = ",$kind{$s},"\n" if $debug;
- }
- }
-
- # Prune the returned symbols
-
- delete $syms{"bn_dump1"};
- $platform{"BIO_s_log"} .= ",!WIN32,!WIN16,!macintosh";
-
- $platform{"PEM_read_NS_CERT_SEQ"} = "VMS";
- $platform{"PEM_write_NS_CERT_SEQ"} = "VMS";
- $platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS";
- $platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS";
-
- # Info we know about
-
- push @ret, map { $_."\\".&info_string($_,"EXIST",
- $platform{$_},
- $kind{$_},
- $algorithm{$_}) } keys %syms;
-
- if (keys %unknown_algorithms) {
- print STDERR "WARNING: mkdef.pl doesn't know the following algorithms:\n";
- print STDERR "\t",join("\n\t",keys %unknown_algorithms),"\n";
- }
- return(@ret);
-}
-
-# Param: string of comma-separated platform-specs.
-sub reduce_platforms
-{
- my ($platforms) = @_;
- my $pl = defined($platforms) ? $platforms : "";
- my %p = map { $_ => 0 } split /,/, $pl;
- my $ret;
-
- print STDERR "DEBUG: Entered reduce_platforms with \"$platforms\"\n"
- if $debug;
- # We do this, because if there's code like the following, it really
- # means the function exists in all cases and should therefore be
- # everywhere. By increasing and decreasing, we may attain 0:
- #
- # ifndef WIN16
- # int foo();
- # else
- # int _fat foo();
- # endif
- foreach $platform (split /,/, $pl) {
- if ($platform =~ /^!(.*)$/) {
- $p{$1}--;
- } else {
- $p{$platform}++;
- }
- }
- foreach $platform (keys %p) {
- if ($p{$platform} == 0) { delete $p{$platform}; }
- }
-
- delete $p{""};
-
- $ret = join(',',sort(map { $p{$_} < 0 ? "!".$_ : $_ } keys %p));
- print STDERR "DEBUG: Exiting reduce_platforms with \"$ret\"\n"
- if $debug;
- return $ret;
-}
-
-sub info_string {
- (my $symbol, my $exist, my $platforms, my $kind, my $algorithms) = @_;
-
- my %a = defined($algorithms) ?
- map { $_ => 1 } split /,/, $algorithms : ();
- my $k = defined($kind) ? $kind : "FUNCTION";
- my $ret;
- my $p = &reduce_platforms($platforms);
-
- delete $a{""};
-
- $ret = $exist;
- $ret .= ":".$p;
- $ret .= ":".$k;
- $ret .= ":".join(',',sort keys %a);
- return $ret;
-}
-
-sub maybe_add_info {
- (my $name, *nums, my @symbols) = @_;
- my $sym;
- my $new_info = 0;
- my %syms=();
-
- print STDERR "Updating $name info\n";
- foreach $sym (@symbols) {
- (my $s, my $i) = split /\\/, $sym;
- if (defined($nums{$s})) {
- $i =~ s/^(.*?:.*?:\w+)(\(\w+\))?/$1/;
- (my $n, my $dummy) = split /\\/, $nums{$s};
- if (!defined($dummy) || $i ne $dummy) {
- $nums{$s} = $n."\\".$i;
- $new_info++;
- print STDERR "DEBUG: maybe_add_info for $s: \"$dummy\" => \"$i\"\n" if $debug;
- }
- }
- $syms{$s} = 1;
- }
-
- my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums;
- foreach $sym (@s) {
- (my $n, my $i) = split /\\/, $nums{$sym};
- if (!defined($syms{$sym}) && $i !~ /^NOEXIST:/) {
- $new_info++;
- print STDERR "DEBUG: maybe_add_info for $sym: -> undefined\n" if $debug;
- }
- }
- if ($new_info) {
- print STDERR "$new_info old symbols got an info update\n";
- if (!$do_rewrite) {
- print STDERR "You should do a rewrite to fix this.\n";
- }
- } else {
- print STDERR "No old symbols needed info update\n";
- }
-}
-
-# Param: string of comma-separated keywords, each possibly prefixed with a "!"
-sub is_valid
-{
- my ($keywords_txt,$platforms) = @_;
- my (@keywords) = split /,/,$keywords_txt;
- my ($falsesum, $truesum) = (0, 1);
-
- # Param: one keyword
- sub recognise
- {
- my ($keyword,$platforms) = @_;
-
- if ($platforms) {
- # platforms
- if ($keyword eq "VMS" && $VMS) { return 1; }
- if ($keyword eq "WIN32" && $W32) { return 1; }
- if ($keyword eq "WIN16" && $W16) { return 1; }
- if ($keyword eq "WINNT" && $NT) { return 1; }
- if ($keyword eq "OS2" && $OS2) { return 1; }
- # Special platforms:
- # EXPORT_VAR_AS_FUNCTION means that global variables
- # will be represented as functions. This currently
- # only happens on VMS-VAX.
- if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) {
- return 1;
- }
- return 0;
- } else {
- # algorithms
- if ($keyword eq "RC2" && $no_rc2) { return 0; }
- if ($keyword eq "RC4" && $no_rc4) { return 0; }
- if ($keyword eq "RC5" && $no_rc5) { return 0; }
- if ($keyword eq "IDEA" && $no_idea) { return 0; }
- if ($keyword eq "DES" && $no_des) { return 0; }
- if ($keyword eq "BF" && $no_bf) { return 0; }
- if ($keyword eq "CAST" && $no_cast) { return 0; }
- if ($keyword eq "MD2" && $no_md2) { return 0; }
- if ($keyword eq "MD4" && $no_md4) { return 0; }
- if ($keyword eq "MD5" && $no_md5) { return 0; }
- if ($keyword eq "SHA" && $no_sha) { return 0; }
- if ($keyword eq "RIPEMD" && $no_ripemd) { return 0; }
- if ($keyword eq "MDC2" && $no_mdc2) { return 0; }
- if ($keyword eq "RSA" && $no_rsa) { return 0; }
- if ($keyword eq "DSA" && $no_dsa) { return 0; }
- if ($keyword eq "DH" && $no_dh) { return 0; }
- if ($keyword eq "EC" && $no_ec) { return 0; }
- if ($keyword eq "ECDSA" && $no_ecdsa) { return 0; }
- if ($keyword eq "ECDH" && $no_ecdh) { return 0; }
- if ($keyword eq "HMAC" && $no_hmac) { return 0; }
- if ($keyword eq "AES" && $no_aes) { return 0; }
- if ($keyword eq "CAMELLIA" && $no_camellia) { return 0; }
- if ($keyword eq "EVP" && $no_evp) { return 0; }
- if ($keyword eq "LHASH" && $no_lhash) { return 0; }
- if ($keyword eq "STACK" && $no_stack) { return 0; }
- if ($keyword eq "ERR" && $no_err) { return 0; }
- if ($keyword eq "BUFFER" && $no_buffer) { return 0; }
- if ($keyword eq "BIO" && $no_bio) { return 0; }
- if ($keyword eq "COMP" && $no_comp) { return 0; }
- if ($keyword eq "DSO" && $no_dso) { return 0; }
- if ($keyword eq "KRB5" && $no_krb5) { return 0; }
- if ($keyword eq "ENGINE" && $no_engine) { return 0; }
- if ($keyword eq "HW" && $no_hw) { return 0; }
- if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
- if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
- if ($keyword eq "GMP" && $no_gmp) { return 0; }
- if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; }
- if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
-
- # Nothing recognise as true
- return 1;
- }
- }
-
- foreach $k (@keywords) {
- if ($k =~ /^!(.*)$/) {
- $falsesum += &recognise($1,$platforms);
- } else {
- $truesum *= &recognise($k,$platforms);
- }
- }
- print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
- return (!$falsesum) && $truesum;
-}
-
-sub print_test_file
-{
- (*OUT,my $name,*nums,my $testall,my @symbols)=@_;
- my $n = 1; my @e; my @r;
- my $sym; my $prev = ""; my $prefSSLeay;
-
- (@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols);
- (@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:.*/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols);
- @symbols=((sort @e),(sort @r));
-
- foreach $sym (@symbols) {
- (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
- my $v = 0;
- $v = 1 if $i=~ /^.*?:.*?:VARIABLE/;
- my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
- my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
- if (!defined($nums{$s})) {
- print STDERR "Warning: $s does not have a number assigned\n"
- if(!$do_update);
- } elsif (is_valid($p,1) && is_valid($a,0)) {
- my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
- if ($prev eq $s2) {
- print OUT "\t/* The following has already appeared previously */\n";
- print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
- }
- $prev = $s2; # To warn about duplicates...
-
- ($nn,$ni)=($nums{$s2} =~ /^(.*?)\\(.*)$/);
- if ($v) {
- print OUT "\textern int $s2; /* type unknown */ /* $nn $ni */\n";
- } else {
- print OUT "\textern int $s2(); /* type unknown */ /* $nn $ni */\n";
- }
- }
- }
-}
-
-sub get_version {
- local *MF;
- my $v = '?';
- open MF, 'Makefile' or return $v;
- while (<MF>) {
- $v = $1, last if /^VERSION=(.*?)\s*$/;
- }
- close MF;
- return $v;
-}
-
-sub print_def_file
-{
- (*OUT,my $name,*nums,my @symbols)=@_;
- my $n = 1; my @e; my @r; my @v; my $prev="";
- my $liboptions="";
- my $libname = $name;
- my $http_vendor = 'www.openssl.org/';
- my $version = get_version();
- my $what = "OpenSSL: implementation of Secure Socket Layer";
- my $description = "$what $version, $name - http://$http_vendor";
-
- if ($W32)
- { $libname.="32"; }
- elsif ($W16)
- { $libname.="16"; }
- elsif ($OS2)
- { # DLL names should not clash on the whole system.
- # However, they should not have any particular relationship
- # to the name of the static library. Chose descriptive names
- # (must be at most 8 chars).
- my %translate = (ssl => 'open_ssl', crypto => 'cryptssl');
- $libname = $translate{$name} || $name;
- $liboptions = <<EOO;
-INITINSTANCE
-DATA MULTIPLE NONSHARED
-EOO
- # Vendor field can't contain colon, drat; so we omit http://
- $description = "\@#$http_vendor:$version#\@$what; DLL for library $name. Build for EMX -Zmtd";
- }
-
- print OUT <<"EOF";
-;
-; Definition file for the DLL version of the $name library from OpenSSL
-;
-
-LIBRARY $libname $liboptions
-
-DESCRIPTION '$description'
-
-EOF
-
- if ($W16) {
- print <<"EOF";
-CODE PRELOAD MOVEABLE
-DATA PRELOAD MOVEABLE SINGLE
-
-EXETYPE WINDOWS
-
-HEAPSIZE 4096
-STACKSIZE 8192
-
-EOF
- }
-
- print "EXPORTS\n";
-
- (@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
- (@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:FUNCTION/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
- (@v)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:VARIABLE/,@symbols);
- @symbols=((sort @e),(sort @r), (sort @v));
-
-
- foreach $sym (@symbols) {
- (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
- my $v = 0;
- $v = 1 if $i =~ /^.*?:.*?:VARIABLE/;
- if (!defined($nums{$s})) {
- printf STDERR "Warning: $s does not have a number assigned\n"
- if(!$do_update);
- } else {
- (my $n, my $dummy) = split /\\/, $nums{$s};
- my %pf = ();
- my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
- my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
- if (is_valid($p,1) && is_valid($a,0)) {
- my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
- if ($prev eq $s2) {
- print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
- }
- $prev = $s2; # To warn about duplicates...
- if($v && !$OS2) {
- printf OUT " %s%-39s @%-8d DATA\n",($W32)?"":"_",$s2,$n;
- } else {
- printf OUT " %s%-39s @%d\n",($W32||$OS2)?"":"_",$s2,$n;
- }
- }
- }
- }
- printf OUT "\n";
-}
-
-sub load_numbers
-{
- my($name)=@_;
- my(@a,%ret);
-
- $max_num = 0;
- $num_noinfo = 0;
- $prev = "";
- $prev_cnt = 0;
-
- open(IN,"<$name") || die "unable to open $name:$!\n";
- while (<IN>) {
- chop;
- s/#.*$//;
- next if /^\s*$/;
- @a=split;
- if (defined $ret{$a[0]}) {
- # This is actually perfectly OK
- #print STDERR "Warning: Symbol '",$a[0],"' redefined. old=",$ret{$a[0]},", new=",$a[1],"\n";
- }
- if ($max_num > $a[1]) {
- print STDERR "Warning: Number decreased from ",$max_num," to ",$a[1],"\n";
- }
- elsif ($max_num == $a[1]) {
- # This is actually perfectly OK
- #print STDERR "Warning: Symbol ",$a[0]," has same number as previous ",$prev,": ",$a[1],"\n";
- if ($a[0] eq $prev) {
- $prev_cnt++;
- $a[0] .= "{$prev_cnt}";
- }
- }
- else {
- $prev_cnt = 0;
- }
- if ($#a < 2) {
- # Existence will be proven later, in do_defs
- $ret{$a[0]}=$a[1];
- $num_noinfo++;
- } else {
- $ret{$a[0]}=$a[1]."\\".$a[2]; # \\ is a special marker
- }
- $max_num = $a[1] if $a[1] > $max_num;
- $prev=$a[0];
- }
- if ($num_noinfo) {
- print STDERR "Warning: $num_noinfo symbols were without info.";
- if ($do_rewrite) {
- printf STDERR " The rewrite will fix this.\n";
- } else {
- printf STDERR " You should do a rewrite to fix this.\n";
- }
- }
- close(IN);
- return(%ret);
-}
-
-sub parse_number
-{
- (my $str, my $what) = @_;
- (my $n, my $i) = split(/\\/,$str);
- if ($what eq "n") {
- return $n;
- } else {
- return $i;
- }
-}
-
-sub rewrite_numbers
-{
- (*OUT,$name,*nums,@symbols)=@_;
- my $thing;
-
- print STDERR "Rewriting $name\n";
-
- my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
- my $r; my %r; my %rsyms;
- foreach $r (@r) {
- (my $s, my $i) = split /\\/, $r;
- my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
- $i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
- $r{$a} = $s."\\".$i;
- $rsyms{$s} = 1;
- }
-
- my %syms = ();
- foreach $_ (@symbols) {
- (my $n, my $i) = split /\\/;
- $syms{$n} = 1;
- }
-
- my @s=sort {
- &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n")
- || $a cmp $b
- } keys %nums;
- foreach $sym (@s) {
- (my $n, my $i) = split /\\/, $nums{$sym};
- next if defined($i) && $i =~ /^.*?:.*?:\w+\(\w+\)/;
- next if defined($rsyms{$sym});
- print STDERR "DEBUG: rewrite_numbers for sym = ",$sym,": i = ",$i,", n = ",$n,", rsym{sym} = ",$rsyms{$sym},"syms{sym} = ",$syms{$sym},"\n" if $debug;
- $i="NOEXIST::FUNCTION:"
- if !defined($i) || $i eq "" || !defined($syms{$sym});
- my $s2 = $sym;
- $s2 =~ s/\{[0-9]+\}$//;
- printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
- if (exists $r{$sym}) {
- (my $s, $i) = split /\\/,$r{$sym};
- my $s2 = $s;
- $s2 =~ s/\{[0-9]+\}$//;
- printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
- }
- }
-}
-
-sub update_numbers
-{
- (*OUT,$name,*nums,my $start_num, my @symbols)=@_;
- my $new_syms = 0;
-
- print STDERR "Updating $name numbers\n";
-
- my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
- my $r; my %r; my %rsyms;
- foreach $r (@r) {
- (my $s, my $i) = split /\\/, $r;
- my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
- $i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
- $r{$a} = $s."\\".$i;
- $rsyms{$s} = 1;
- }
-
- foreach $sym (@symbols) {
- (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
- next if $i =~ /^.*?:.*?:\w+\(\w+\)/;
- next if defined($rsyms{$sym});
- die "ERROR: Symbol $sym had no info attached to it."
- if $i eq "";
- if (!exists $nums{$s}) {
- $new_syms++;
- my $s2 = $s;
- $s2 =~ s/\{[0-9]+\}$//;
- printf OUT "%s%-39s %d\t%s\n","",$s2, ++$start_num,$i;
- if (exists $r{$s}) {
- ($s, $i) = split /\\/,$r{$s};
- $s =~ s/\{[0-9]+\}$//;
- printf OUT "%s%-39s %d\t%s\n","",$s, $start_num,$i;
- }
- }
- }
- if($new_syms) {
- print STDERR "$new_syms New symbols added\n";
- } else {
- print STDERR "No New symbols Added\n";
- }
-}
-
-sub check_existing
-{
- (*nums, my @symbols)=@_;
- my %existing; my @remaining;
- @remaining=();
- foreach $sym (@symbols) {
- (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
- $existing{$s}=1;
- }
- foreach $sym (keys %nums) {
- if (!exists $existing{$sym}) {
- push @remaining, $sym;
- }
- }
- if(@remaining) {
- print STDERR "The following symbols do not seem to exist:\n";
- foreach $sym (@remaining) {
- print STDERR "\t",$sym,"\n";
- }
- }
-}
-
diff --git a/crypto/openssl/util/mkdir-p.pl b/crypto/openssl/util/mkdir-p.pl
deleted file mode 100755
index e73d02b..0000000
--- a/crypto/openssl/util/mkdir-p.pl
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/usr/local/bin/perl
-
-# mkdir-p.pl
-
-# On some systems, the -p option to mkdir (= also create any missing parent
-# directories) is not available.
-
-my $arg;
-
-foreach $arg (@ARGV) {
- $arg =~ tr|\\|/|;
- &do_mkdir_p($arg);
-}
-
-
-sub do_mkdir_p {
- local($dir) = @_;
-
- $dir =~ s|/*\Z(?!\n)||s;
-
- if (-d $dir) {
- return;
- }
-
- if ($dir =~ m|[^/]/|s) {
- local($parent) = $dir;
- $parent =~ s|[^/]*\Z(?!\n)||s;
-
- do_mkdir_p($parent);
- }
-
- mkdir($dir, 0777) || die "Cannot create directory $dir: $!\n";
- print "created directory `$dir'\n";
-}
diff --git a/crypto/openssl/util/mkerr.pl b/crypto/openssl/util/mkerr.pl
deleted file mode 100644
index fac7125..0000000
--- a/crypto/openssl/util/mkerr.pl
+++ /dev/null
@@ -1,714 +0,0 @@
-#!/usr/local/bin/perl -w
-
-my $config = "crypto/err/openssl.ec";
-my $debug = 0;
-my $rebuild = 0;
-my $static = 1;
-my $recurse = 0;
-my $reindex = 0;
-my $dowrite = 0;
-my $staticloader = "";
-
-my $pack_errcode;
-my $load_errcode;
-
-while (@ARGV) {
- my $arg = $ARGV[0];
- if($arg eq "-conf") {
- shift @ARGV;
- $config = shift @ARGV;
- } elsif($arg eq "-debug") {
- $debug = 1;
- shift @ARGV;
- } elsif($arg eq "-rebuild") {
- $rebuild = 1;
- shift @ARGV;
- } elsif($arg eq "-recurse") {
- $recurse = 1;
- shift @ARGV;
- } elsif($arg eq "-reindex") {
- $reindex = 1;
- shift @ARGV;
- } elsif($arg eq "-nostatic") {
- $static = 0;
- shift @ARGV;
- } elsif($arg eq "-staticloader") {
- $staticloader = "static ";
- shift @ARGV;
- } elsif($arg eq "-write") {
- $dowrite = 1;
- shift @ARGV;
- } else {
- last;
- }
-}
-
-if($recurse) {
- @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>);
-} else {
- @source = @ARGV;
-}
-
-# Read in the config file
-
-open(IN, "<$config") || die "Can't open config file $config";
-
-# Parse config file
-
-while(<IN>)
-{
- if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) {
- $hinc{$1} = $2;
- $libinc{$2} = $1;
- $cskip{$3} = $1;
- if($3 ne "NONE") {
- $csrc{$1} = $3;
- $fmax{$1} = 99;
- $rmax{$1} = 99;
- $fassigned{$1} = ":";
- $rassigned{$1} = ":";
- $fnew{$1} = 0;
- $rnew{$1} = 0;
- }
- } elsif (/^F\s+(\S+)/) {
- # Add extra function with $1
- } elsif (/^R\s+(\S+)\s+(\S+)/) {
- $rextra{$1} = $2;
- $rcodes{$1} = $2;
- }
-}
-
-close IN;
-
-# Scan each header file in turn and make a list of error codes
-# and function names
-
-while (($hdr, $lib) = each %libinc)
-{
- next if($hdr eq "NONE");
- print STDERR "Scanning header file $hdr\n" if $debug;
- my $line = "", $def= "", $linenr = 0, $gotfile = 0;
- if (open(IN, "<$hdr")) {
- $gotfile = 1;
- while(<IN>) {
- $linenr++;
- print STDERR "line: $linenr\r" if $debug;
-
- last if(/BEGIN\s+ERROR\s+CODES/);
- if ($line ne '') {
- $_ = $line . $_;
- $line = '';
- }
-
- if (/\\$/) {
- $line = $_;
- next;
- }
-
- if(/\/\*/) {
- if (not /\*\//) { # multiline comment...
- $line = $_; # ... just accumulate
- next;
- } else {
- s/\/\*.*?\*\///gs; # wipe it
- }
- }
-
- if ($cpp) {
- $cpp++ if /^#\s*if/;
- $cpp-- if /^#\s*endif/;
- next;
- }
- $cpp = 1 if /^#.*ifdef.*cplusplus/; # skip "C" declaration
-
- next if (/^\#/); # skip preprocessor directives
-
- s/{[^{}]*}//gs; # ignore {} blocks
-
- if (/\{|\/\*/) { # Add a } so editor works...
- $line = $_;
- } else {
- $def .= $_;
- }
- }
- }
-
- print STDERR " \r" if $debug;
- $defnr = 0;
- # Delete any DECLARE_ macros
- $def =~ s/DECLARE_\w+\([\w,\s]+\)//gs;
- foreach (split /;/, $def) {
- $defnr++;
- print STDERR "def: $defnr\r" if $debug;
-
- # The goal is to collect function names from function declarations.
-
- s/^[\n\s]*//g;
- s/[\n\s]*$//g;
-
- # Skip over recognized non-function declarations
- next if(/typedef\W/ or /DECLARE_STACK_OF/ or /TYPEDEF_.*_OF/);
-
- # Remove STACK_OF(foo)
- s/STACK_OF\(\w+\)/void/;
-
- # Reduce argument lists to empty ()
- # fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {}
- while(/\(.*\)/s) {
- s/\([^\(\)]+\)/\{\}/gs;
- s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs; #(*f{}) -> f
- }
- # pretend as we didn't use curly braces: {} -> ()
- s/\{\}/\(\)/gs;
-
- if (/(\w+)\s*\(\).*/s) { # first token prior [first] () is
- my $name = $1; # a function name!
- $name =~ tr/[a-z]/[A-Z]/;
- $ftrans{$name} = $1;
- } elsif (/[\(\)]/ and not (/=/)) {
- print STDERR "Header $hdr: cannot parse: $_;\n";
- }
- }
-
- print STDERR " \r" if $debug;
-
- next if $reindex;
-
- # Scan function and reason codes and store them: keep a note of the
- # maximum code used.
-
- if ($gotfile) {
- while(<IN>) {
- if(/^\#define\s+(\S+)\s+(\S+)/) {
- $name = $1;
- $code = $2;
- next if $name =~ /^${lib}err/;
- unless($name =~ /^${lib}_([RF])_(\w+)$/) {
- print STDERR "Invalid error code $name\n";
- next;
- }
- if($1 eq "R") {
- $rcodes{$name} = $code;
- if ($rassigned{$lib} =~ /:$code:/) {
- print STDERR "!! ERROR: $lib reason code $code assigned twice\n";
- }
- $rassigned{$lib} .= "$code:";
- if(!(exists $rextra{$name}) &&
- ($code > $rmax{$lib}) ) {
- $rmax{$lib} = $code;
- }
- } else {
- if ($fassigned{$lib} =~ /:$code:/) {
- print STDERR "!! ERROR: $lib function code $code assigned twice\n";
- }
- $fassigned{$lib} .= "$code:";
- if($code > $fmax{$lib}) {
- $fmax{$lib} = $code;
- }
- $fcodes{$name} = $code;
- }
- }
- }
- }
-
- if ($debug) {
- if (defined($fmax{$lib})) {
- print STDERR "Max function code fmax" . "{" . "$lib" . "} = $fmax{$lib}\n";
- $fassigned{$lib} =~ m/^:(.*):$/;
- @fassigned = sort {$a <=> $b} split(":", $1);
- print STDERR " @fassigned\n";
- }
- if (defined($rmax{$lib})) {
- print STDERR "Max reason code rmax" . "{" . "$lib" . "} = $rmax{$lib}\n";
- $rassigned{$lib} =~ m/^:(.*):$/;
- @rassigned = sort {$a <=> $b} split(":", $1);
- print STDERR " @rassigned\n";
- }
- }
-
- if ($lib eq "SSL") {
- if ($rmax{$lib} >= 1000) {
- print STDERR "!! ERROR: SSL error codes 1000+ are reserved for alerts.\n";
- print STDERR "!! Any new alerts must be added to $config.\n";
- print STDERR "\n";
- }
- }
- close IN;
-}
-
-# Scan each C source file and look for function and reason codes
-# This is done by looking for strings that "look like" function or
-# reason codes: basically anything consisting of all upper case and
-# numerics which has _F_ or _R_ in it and which has the name of an
-# error library at the start. This seems to work fine except for the
-# oddly named structure BIO_F_CTX which needs to be ignored.
-# If a code doesn't exist in list compiled from headers then mark it
-# with the value "X" as a place holder to give it a value later.
-# Store all function and reason codes found in %ufcodes and %urcodes
-# so all those unreferenced can be printed out.
-
-
-foreach $file (@source) {
- # Don't parse the error source file.
- next if exists $cskip{$file};
- print STDERR "File loaded: ".$file."\r" if $debug;
- open(IN, "<$file") || die "Can't open source file $file\n";
- while(<IN>) {
- if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) {
- next unless exists $csrc{$2};
- next if($1 eq "BIO_F_BUFFER_CTX");
- $ufcodes{$1} = 1;
- if(!exists $fcodes{$1}) {
- $fcodes{$1} = "X";
- $fnew{$2}++;
- }
- $notrans{$1} = 1 unless exists $ftrans{$3};
- }
- if(/(([A-Z0-9]+)_R_[A-Z0-9_]+)/) {
- next unless exists $csrc{$2};
- $urcodes{$1} = 1;
- if(!exists $rcodes{$1}) {
- $rcodes{$1} = "X";
- $rnew{$2}++;
- }
- }
- }
- close IN;
-}
-print STDERR " \n" if $debug;
-
-# Now process each library in turn.
-
-foreach $lib (keys %csrc)
-{
- my $hfile = $hinc{$lib};
- my $cfile = $csrc{$lib};
- if(!$fnew{$lib} && !$rnew{$lib}) {
- print STDERR "$lib:\t\tNo new error codes\n";
- next unless $rebuild;
- } else {
- print STDERR "$lib:\t\t$fnew{$lib} New Functions,";
- print STDERR " $rnew{$lib} New Reasons.\n";
- next unless $dowrite;
- }
-
- # If we get here then we have some new error codes so we
- # need to rebuild the header file and C file.
-
- # Make a sorted list of error and reason codes for later use.
-
- my @function = sort grep(/^${lib}_/,keys %fcodes);
- my @reasons = sort grep(/^${lib}_/,keys %rcodes);
-
- # Rewrite the header file
-
- if (open(IN, "<$hfile")) {
- # Copy across the old file
- while(<IN>) {
- push @out, $_;
- last if (/BEGIN ERROR CODES/);
- }
- close IN;
- } else {
- push @out,
-"/* ====================================================================\n",
-" * Copyright (c) 2001-2005 The OpenSSL Project. All rights reserved.\n",
-" *\n",
-" * Redistribution and use in source and binary forms, with or without\n",
-" * modification, are permitted provided that the following conditions\n",
-" * are met:\n",
-" *\n",
-" * 1. Redistributions of source code must retain the above copyright\n",
-" * notice, this list of conditions and the following disclaimer. \n",
-" *\n",
-" * 2. Redistributions in binary form must reproduce the above copyright\n",
-" * notice, this list of conditions and the following disclaimer in\n",
-" * the documentation and/or other materials provided with the\n",
-" * distribution.\n",
-" *\n",
-" * 3. All advertising materials mentioning features or use of this\n",
-" * software must display the following acknowledgment:\n",
-" * \"This product includes software developed by the OpenSSL Project\n",
-" * for use in the OpenSSL Toolkit. (http://www.openssl.org/)\"\n",
-" *\n",
-" * 4. The names \"OpenSSL Toolkit\" and \"OpenSSL Project\" must not be used to\n",
-" * endorse or promote products derived from this software without\n",
-" * prior written permission. For written permission, please contact\n",
-" * openssl-core\@openssl.org.\n",
-" *\n",
-" * 5. Products derived from this software may not be called \"OpenSSL\"\n",
-" * nor may \"OpenSSL\" appear in their names without prior written\n",
-" * permission of the OpenSSL Project.\n",
-" *\n",
-" * 6. Redistributions of any form whatsoever must retain the following\n",
-" * acknowledgment:\n",
-" * \"This product includes software developed by the OpenSSL Project\n",
-" * for use in the OpenSSL Toolkit (http://www.openssl.org/)\"\n",
-" *\n",
-" * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY\n",
-" * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n",
-" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n",
-" * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR\n",
-" * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n",
-" * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n",
-" * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\n",
-" * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n",
-" * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n",
-" * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)\n",
-" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED\n",
-" * OF THE POSSIBILITY OF SUCH DAMAGE.\n",
-" * ====================================================================\n",
-" *\n",
-" * This product includes cryptographic software written by Eric Young\n",
-" * (eay\@cryptsoft.com). This product includes software written by Tim\n",
-" * Hudson (tjh\@cryptsoft.com).\n",
-" *\n",
-" */\n",
-"\n",
-"#ifndef HEADER_${lib}_ERR_H\n",
-"#define HEADER_${lib}_ERR_H\n",
-"\n",
-"/* BEGIN ERROR CODES */\n";
- }
- open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n";
-
- print OUT @out;
- undef @out;
- print OUT <<"EOF";
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-EOF
- if($static) {
- print OUT <<"EOF";
-${staticloader}void ERR_load_${lib}_strings(void);
-
-EOF
- } else {
- print OUT <<"EOF";
-${staticloader}void ERR_load_${lib}_strings(void);
-${staticloader}void ERR_unload_${lib}_strings(void);
-${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
-#define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
-
-EOF
- }
- print OUT <<"EOF";
-/* Error codes for the $lib functions. */
-
-/* Function codes. */
-EOF
-
- foreach $i (@function) {
- $z=6-int(length($i)/8);
- if($fcodes{$i} eq "X") {
- $fassigned{$lib} =~ m/^:([^:]*):/;
- $findcode = $1;
- if (!defined($findcode)) {
- $findcode = $fmax{$lib};
- }
- while ($fassigned{$lib} =~ m/:$findcode:/) {
- $findcode++;
- }
- $fcodes{$i} = $findcode;
- $fassigned{$lib} .= "$findcode:";
- print STDERR "New Function code $i\n" if $debug;
- }
- printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z;
- }
-
- print OUT "\n/* Reason codes. */\n";
-
- foreach $i (@reasons) {
- $z=6-int(length($i)/8);
- if($rcodes{$i} eq "X") {
- $rassigned{$lib} =~ m/^:([^:]*):/;
- $findcode = $1;
- if (!defined($findcode)) {
- $findcode = $rmax{$lib};
- }
- while ($rassigned{$lib} =~ m/:$findcode:/) {
- $findcode++;
- }
- $rcodes{$i} = $findcode;
- $rassigned{$lib} .= "$findcode:";
- print STDERR "New Reason code $i\n" if $debug;
- }
- printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z;
- }
- print OUT <<"EOF";
-
-#ifdef __cplusplus
-}
-#endif
-#endif
-EOF
- close OUT;
-
- # Rewrite the C source file containing the error details.
-
- # First, read any existing reason string definitions:
- my %err_reason_strings;
- if (open(IN,"<$cfile")) {
- while (<IN>) {
- if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) {
- $err_reason_strings{$1} = $2;
- }
- }
- close(IN);
- }
-
- my $hincf;
- if($static) {
- $hfile =~ /([^\/]+)$/;
- $hincf = "<openssl/$1>";
- } else {
- $hincf = "\"$hfile\"";
- }
-
- # If static we know the error code at compile time so use it
- # in error definitions.
-
- if ($static)
- {
- $pack_errcode = "ERR_LIB_${lib}";
- $load_errcode = "0";
- }
- else
- {
- $pack_errcode = "0";
- $load_errcode = "ERR_LIB_${lib}";
- }
-
-
- open (OUT,">$cfile") || die "Can't open $cfile for writing";
-
- print OUT <<"EOF";
-/* $cfile */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core\@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay\@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh\@cryptsoft.com).
- *
- */
-
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
- */
-
-#include <stdio.h>
-#include <openssl/err.h>
-#include $hincf
-
-/* BEGIN ERROR CODES */
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0)
-#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason)
-
-static ERR_STRING_DATA ${lib}_str_functs[]=
- {
-EOF
- # Add each function code: if a function name is found then use it.
- foreach $i (@function) {
- my $fn;
- $i =~ /^${lib}_F_(\S+)$/;
- $fn = $1;
- if(exists $ftrans{$fn}) {
- $fn = $ftrans{$fn};
- }
-# print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n";
- print OUT "{ERR_FUNC($i),\t\"$fn\"},\n";
- }
- print OUT <<"EOF";
-{0,NULL}
- };
-
-static ERR_STRING_DATA ${lib}_str_reasons[]=
- {
-EOF
- # Add each reason code.
- foreach $i (@reasons) {
- my $rn;
- my $rstr = "ERR_REASON($i)";
- my $nspc = 0;
- if (exists $err_reason_strings{$i}) {
- $rn = $err_reason_strings{$i};
- } else {
- $i =~ /^${lib}_R_(\S+)$/;
- $rn = $1;
- $rn =~ tr/_[A-Z]/ [a-z]/;
- }
- $nspc = 40 - length($rstr) unless length($rstr) > 40;
- $nspc = " " x $nspc;
- print OUT "{${rstr}${nspc},\"$rn\"},\n";
- }
-if($static) {
- print OUT <<"EOF";
-{0,NULL}
- };
-
-#endif
-
-${staticloader}void ERR_load_${lib}_strings(void)
- {
-#ifndef OPENSSL_NO_ERR
-
- if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL)
- {
- ERR_load_strings($load_errcode,${lib}_str_functs);
- ERR_load_strings($load_errcode,${lib}_str_reasons);
- }
-#endif
- }
-EOF
-} else {
- print OUT <<"EOF";
-{0,NULL}
- };
-
-#endif
-
-#ifdef ${lib}_LIB_NAME
-static ERR_STRING_DATA ${lib}_lib_name[]=
- {
-{0 ,${lib}_LIB_NAME},
-{0,NULL}
- };
-#endif
-
-
-static int ${lib}_lib_error_code=0;
-static int ${lib}_error_init=1;
-
-${staticloader}void ERR_load_${lib}_strings(void)
- {
- if (${lib}_lib_error_code == 0)
- ${lib}_lib_error_code=ERR_get_next_error_library();
-
- if (${lib}_error_init)
- {
- ${lib}_error_init=0;
-#ifndef OPENSSL_NO_ERR
- ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs);
- ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons);
-#endif
-
-#ifdef ${lib}_LIB_NAME
- ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0);
- ERR_load_strings(0,${lib}_lib_name);
-#endif
- }
- }
-
-${staticloader}void ERR_unload_${lib}_strings(void)
- {
- if (${lib}_error_init == 0)
- {
-#ifndef OPENSSL_NO_ERR
- ERR_unload_strings(${lib}_lib_error_code,${lib}_str_functs);
- ERR_unload_strings(${lib}_lib_error_code,${lib}_str_reasons);
-#endif
-
-#ifdef ${lib}_LIB_NAME
- ERR_unload_strings(0,${lib}_lib_name);
-#endif
- ${lib}_error_init=1;
- }
- }
-
-${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line)
- {
- if (${lib}_lib_error_code == 0)
- ${lib}_lib_error_code=ERR_get_next_error_library();
- ERR_PUT_error(${lib}_lib_error_code,function,reason,file,line);
- }
-EOF
-
-}
-
- close OUT;
- undef %err_reason_strings;
-}
-
-if($debug && defined(%notrans)) {
- print STDERR "The following function codes were not translated:\n";
- foreach(sort keys %notrans)
- {
- print STDERR "$_\n";
- }
-}
-
-# Make a list of unreferenced function and reason codes
-
-foreach (keys %fcodes) {
- push (@funref, $_) unless exists $ufcodes{$_};
-}
-
-foreach (keys %rcodes) {
- push (@runref, $_) unless exists $urcodes{$_};
-}
-
-if($debug && defined(@funref) ) {
- print STDERR "The following function codes were not referenced:\n";
- foreach(sort @funref)
- {
- print STDERR "$_\n";
- }
-}
-
-if($debug && defined(@runref) ) {
- print STDERR "The following reason codes were not referenced:\n";
- foreach(sort @runref)
- {
- print STDERR "$_\n";
- }
-}
diff --git a/crypto/openssl/util/mkfiles.pl b/crypto/openssl/util/mkfiles.pl
deleted file mode 100755
index f55d5b6..0000000
--- a/crypto/openssl/util/mkfiles.pl
+++ /dev/null
@@ -1,123 +0,0 @@
-#!/usr/local/bin/perl
-#
-# This is a hacked version of files.pl for systems that can't do a 'make files'.
-# Do a perl util/mkminfo.pl >MINFO to build MINFO
-# Written by Steve Henson 1999.
-
-# List of directories to process
-
-my @dirs = (
-".",
-"crypto",
-"crypto/md2",
-"crypto/md4",
-"crypto/md5",
-"crypto/sha",
-"crypto/mdc2",
-"crypto/hmac",
-"crypto/ripemd",
-"crypto/des",
-"crypto/rc2",
-"crypto/rc4",
-"crypto/rc5",
-"crypto/idea",
-"crypto/bf",
-"crypto/cast",
-"crypto/aes",
-"crypto/camellia",
-"crypto/bn",
-"crypto/rsa",
-"crypto/dsa",
-"crypto/dso",
-"crypto/dh",
-"crypto/ec",
-"crypto/ecdh",
-"crypto/ecdsa",
-"crypto/buffer",
-"crypto/bio",
-"crypto/stack",
-"crypto/lhash",
-"crypto/rand",
-"crypto/err",
-"crypto/objects",
-"crypto/evp",
-"crypto/asn1",
-"crypto/pem",
-"crypto/x509",
-"crypto/x509v3",
-"crypto/conf",
-"crypto/txt_db",
-"crypto/pkcs7",
-"crypto/pkcs12",
-"crypto/comp",
-"crypto/engine",
-"crypto/ocsp",
-"crypto/ui",
-"crypto/krb5",
-"crypto/store",
-"crypto/pqueue",
-"ssl",
-"apps",
-"engines",
-"test",
-"tools"
-);
-
-foreach (@dirs) {
- &files_dir ($_, "Makefile");
-}
-
-exit(0);
-
-sub files_dir
-{
-my ($dir, $makefile) = @_;
-
-my %sym;
-
-open (IN, "$dir/$makefile") || die "Can't open $dir/$makefile";
-
-my $s="";
-
-while (<IN>)
- {
- chop;
- s/#.*//;
- if (/^(\S+)\s*=\s*(.*)$/)
- {
- $o="";
- ($s,$b)=($1,$2);
- for (;;)
- {
- if ($b =~ /\\$/)
- {
- chop($b);
- $o.=$b." ";
- $b=<IN>;
- chop($b);
- }
- else
- {
- $o.=$b." ";
- last;
- }
- }
- $o =~ s/^\s+//;
- $o =~ s/\s+$//;
- $o =~ s/\s+/ /g;
-
- $o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g;
- $sym{$s}=$o;
- }
- }
-
-print "RELATIVE_DIRECTORY=$dir\n";
-
-foreach (sort keys %sym)
- {
- print "$_=$sym{$_}\n";
- }
-print "RELATIVE_DIRECTORY=\n";
-
-close (IN);
-}
diff --git a/crypto/openssl/util/mklink.pl b/crypto/openssl/util/mklink.pl
deleted file mode 100755
index d9bc98a..0000000
--- a/crypto/openssl/util/mklink.pl
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/usr/local/bin/perl
-
-# mklink.pl
-
-# The first command line argument is a non-empty relative path
-# specifying the "from" directory.
-# Each other argument is a file name not containing / and
-# names a file in the current directory.
-#
-# For each of these files, we create in the "from" directory a link
-# of the same name pointing to the local file.
-#
-# We assume that the directory structure is a tree, i.e. that it does
-# not contain symbolic links and that the parent of / is never referenced.
-# Apart from this, this script should be able to handle even the most
-# pathological cases.
-
-use Cwd;
-
-my $from = shift;
-my @files = @ARGV;
-
-my @from_path = split(/[\\\/]/, $from);
-my $pwd = getcwd();
-chomp($pwd);
-my @pwd_path = split(/[\\\/]/, $pwd);
-
-my @to_path = ();
-
-my $dirname;
-foreach $dirname (@from_path) {
-
- # In this loop, @to_path always is a relative path from
- # @pwd_path (interpreted is an absolute path) to the original pwd.
-
- # At the end, @from_path (as a relative path from the original pwd)
- # designates the same directory as the absolute path @pwd_path,
- # which means that @to_path then is a path from there to the original pwd.
-
- next if ($dirname eq "" || $dirname eq ".");
-
- if ($dirname eq "..") {
- @to_path = (pop(@pwd_path), @to_path);
- } else {
- @to_path = ("..", @to_path);
- push(@pwd_path, $dirname);
- }
-}
-
-my $to = join('/', @to_path);
-
-my $file;
-$symlink_exists=eval {symlink("",""); 1};
-foreach $file (@files) {
- my $err = "";
- if ($symlink_exists) {
- unlink "$from/$file";
- symlink("$to/$file", "$from/$file") or $err = " [$!]";
- } else {
- unlink "$from/$file";
- open (OLD, "<$file") or die "Can't open $file: $!";
- open (NEW, ">$from/$file") or die "Can't open $from/$file: $!";
- binmode(OLD);
- binmode(NEW);
- while (<OLD>) {
- print NEW $_;
- }
- close (OLD) or die "Can't close $file: $!";
- close (NEW) or die "Can't close $from/$file: $!";
- }
- print $file . " => $from/$file$err\n";
-}
diff --git a/crypto/openssl/util/mkstack.pl b/crypto/openssl/util/mkstack.pl
deleted file mode 100755
index 2a968f3..0000000
--- a/crypto/openssl/util/mkstack.pl
+++ /dev/null
@@ -1,126 +0,0 @@
-#!/usr/local/bin/perl -w
-
-# This is a utility that searches out "DECLARE_STACK_OF()"
-# declarations in .h and .c files, and updates/creates/replaces
-# the corresponding macro declarations in crypto/stack/safestack.h.
-# As it's not generally possible to have macros that generate macros,
-# we need to control this from the "outside", here in this script.
-#
-# Geoff Thorpe, June, 2000 (with massive Perl-hacking
-# help from Steve Robb)
-
-my $safestack = "crypto/stack/safestack";
-
-my $do_write;
-while (@ARGV) {
- my $arg = $ARGV[0];
- if($arg eq "-write") {
- $do_write = 1;
- }
- shift @ARGV;
-}
-
-
-@source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <ssl/*.[ch]>);
-foreach $file (@source) {
- next if -l $file;
-
- # Open the .c/.h file for reading
- open(IN, "< $file") || die "Can't open $file for reading: $!";
-
- while(<IN>) {
- if (/^DECLARE_STACK_OF\(([^)]+)\)/) {
- push @stacklst, $1;
- } if (/^DECLARE_ASN1_SET_OF\(([^)]+)\)/) {
- push @asn1setlst, $1;
- } if (/^DECLARE_PKCS12_STACK_OF\(([^)]+)\)/) {
- push @p12stklst, $1;
- }
- }
- close(IN);
-}
-
-
-
-my $old_stackfile = "";
-my $new_stackfile = "";
-my $inside_block = 0;
-my $type_thing;
-
-open(IN, "< $safestack.h") || die "Can't open input file: $!";
-while(<IN>) {
- $old_stackfile .= $_;
-
- if (m|^/\* This block of defines is updated by util/mkstack.pl, please do not touch! \*/|) {
- $inside_block = 1;
- }
- if (m|^/\* End of util/mkstack.pl block, you may now edit :-\) \*/|) {
- $inside_block = 0;
- } elsif ($inside_block == 0) {
- $new_stackfile .= $_;
- }
- next if($inside_block != 1);
- $new_stackfile .= "/* This block of defines is updated by util/mkstack.pl, please do not touch! */";
-
- foreach $type_thing (sort @stacklst) {
- $new_stackfile .= <<EOF;
-
-#define sk_${type_thing}_new(st) SKM_sk_new($type_thing, (st))
-#define sk_${type_thing}_new_null() SKM_sk_new_null($type_thing)
-#define sk_${type_thing}_free(st) SKM_sk_free($type_thing, (st))
-#define sk_${type_thing}_num(st) SKM_sk_num($type_thing, (st))
-#define sk_${type_thing}_value(st, i) SKM_sk_value($type_thing, (st), (i))
-#define sk_${type_thing}_set(st, i, val) SKM_sk_set($type_thing, (st), (i), (val))
-#define sk_${type_thing}_zero(st) SKM_sk_zero($type_thing, (st))
-#define sk_${type_thing}_push(st, val) SKM_sk_push($type_thing, (st), (val))
-#define sk_${type_thing}_unshift(st, val) SKM_sk_unshift($type_thing, (st), (val))
-#define sk_${type_thing}_find(st, val) SKM_sk_find($type_thing, (st), (val))
-#define sk_${type_thing}_find_ex(st, val) SKM_sk_find_ex($type_thing, (st), (val))
-#define sk_${type_thing}_delete(st, i) SKM_sk_delete($type_thing, (st), (i))
-#define sk_${type_thing}_delete_ptr(st, ptr) SKM_sk_delete_ptr($type_thing, (st), (ptr))
-#define sk_${type_thing}_insert(st, val, i) SKM_sk_insert($type_thing, (st), (val), (i))
-#define sk_${type_thing}_set_cmp_func(st, cmp) SKM_sk_set_cmp_func($type_thing, (st), (cmp))
-#define sk_${type_thing}_dup(st) SKM_sk_dup($type_thing, st)
-#define sk_${type_thing}_pop_free(st, free_func) SKM_sk_pop_free($type_thing, (st), (free_func))
-#define sk_${type_thing}_shift(st) SKM_sk_shift($type_thing, (st))
-#define sk_${type_thing}_pop(st) SKM_sk_pop($type_thing, (st))
-#define sk_${type_thing}_sort(st) SKM_sk_sort($type_thing, (st))
-#define sk_${type_thing}_is_sorted(st) SKM_sk_is_sorted($type_thing, (st))
-EOF
- }
- foreach $type_thing (sort @asn1setlst) {
- $new_stackfile .= <<EOF;
-
-#define d2i_ASN1_SET_OF_${type_thing}(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \\
- SKM_ASN1_SET_OF_d2i($type_thing, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
-#define i2d_ASN1_SET_OF_${type_thing}(st, pp, i2d_func, ex_tag, ex_class, is_set) \\
- SKM_ASN1_SET_OF_i2d($type_thing, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
-#define ASN1_seq_pack_${type_thing}(st, i2d_func, buf, len) \\
- SKM_ASN1_seq_pack($type_thing, (st), (i2d_func), (buf), (len))
-#define ASN1_seq_unpack_${type_thing}(buf, len, d2i_func, free_func) \\
- SKM_ASN1_seq_unpack($type_thing, (buf), (len), (d2i_func), (free_func))
-EOF
- }
- foreach $type_thing (sort @p12stklst) {
- $new_stackfile .= <<EOF;
-
-#define PKCS12_decrypt_d2i_${type_thing}(algor, d2i_func, free_func, pass, passlen, oct, seq) \\
- SKM_PKCS12_decrypt_d2i($type_thing, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
-EOF
- }
- $new_stackfile .= "/* End of util/mkstack.pl block, you may now edit :-) */\n";
- $inside_block = 2;
-}
-
-
-if ($new_stackfile eq $old_stackfile) {
- print "No changes to $safestack.h.\n";
- exit 0; # avoid unnecessary rebuild
-}
-
-if ($do_write) {
- print "Writing new $safestack.h.\n";
- open OUT, ">$safestack.h" || die "Can't open output file";
- print OUT $new_stackfile;
- close OUT;
-}
diff --git a/crypto/openssl/util/opensslwrap.sh b/crypto/openssl/util/opensslwrap.sh
deleted file mode 100755
index 91d29e2..0000000
--- a/crypto/openssl/util/opensslwrap.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/sh
-
-HERE="`echo $0 | sed -e 's|[^/]*$||'`"
-OPENSSL="${HERE}../apps/openssl"
-
-if [ -x "${OPENSSL}.exe" ]; then
- # The original reason for this script existence is to work around
- # certain caveats in run-time linker behaviour. On Windows platforms
- # adjusting $PATH used to be sufficient, but with introduction of
- # SafeDllSearchMode in XP/2003 the only way to get it right in
- # *all* possible situations is to copy newly built .DLLs to apps/
- # and test/, which is now done elsewhere... The $PATH is adjusted
- # for backward compatibility (and nostagical reasons:-).
- if [ "$OSTYPE" != msdosdjgpp ]; then
- PATH="${HERE}..:$PATH"; export PATH
- fi
- exec "${OPENSSL}.exe" "$@"
-elif [ -x "${OPENSSL}" -a -x "${HERE}shlib_wrap.sh" ]; then
- exec "${HERE}shlib_wrap.sh" "${OPENSSL}" "$@"
-else
- exec "${OPENSSL}" "$@" # hope for the best...
-fi
diff --git a/crypto/openssl/util/perlpath.pl b/crypto/openssl/util/perlpath.pl
deleted file mode 100755
index a1f236b..0000000
--- a/crypto/openssl/util/perlpath.pl
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/usr/local/bin/perl
-#
-# modify the '#!/usr/local/bin/perl'
-# line in all scripts that rely on perl.
-#
-
-require "find.pl";
-
-$#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
-&find(".");
-
-sub wanted
- {
- return unless /\.pl$/ || /^[Cc]onfigur/;
-
- open(IN,"<$_") || die "unable to open $dir/$_:$!\n";
- @a=<IN>;
- close(IN);
-
- if (-d $ARGV[0]) {
- $a[0]="#!$ARGV[0]/perl\n";
- }
- else {
- $a[0]="#!$ARGV[0]\n";
- }
-
- # Playing it safe...
- $new="$_.new";
- open(OUT,">$new") || die "unable to open $dir/$new:$!\n";
- print OUT @a;
- close(OUT);
-
- rename($new,$_) || die "unable to rename $dir/$new:$!\n";
- chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n";
- }
diff --git a/crypto/openssl/util/pl/BC-16.pl b/crypto/openssl/util/pl/BC-16.pl
deleted file mode 100644
index 8030653..0000000
--- a/crypto/openssl/util/pl/BC-16.pl
+++ /dev/null
@@ -1,151 +0,0 @@
-#!/usr/local/bin/perl
-# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
-#
-
-$o='\\';
-$cp='copy';
-$rm='del';
-
-# C compiler stuff
-$cc='bcc';
-
-if ($debug)
- { $op="-v "; }
-else { $op="-O "; }
-
-$cflags="-d -ml $op -DL_ENDIAN";
-# I add the stack opt
-$base_lflags="/c /C";
-$lflags="$base_lflags";
-
-if ($win16)
- {
- $shlib=1;
- $cflags.=" -DOPENSSL_SYSNAME_WIN16";
- $app_cflag="-W";
- $lib_cflag="-WD";
- $lflags.="/Twe";
- }
-else
- {
- $cflags.=" -DOENSSL_SYSNAME_MSDOS";
- $lflags.=" /Tde";
- }
-
-if ($shlib)
- {
- $mlflags=" /Twd $base_lflags"; # stack if defined in .def file
- $libs="libw ldllcew";
- $no_asm=1;
- }
-else
- { $mlflags=''; }
-
-$obj='.obj';
-$ofile="-o";
-
-# EXE linking stuff
-$link="tlink";
-$efile="";
-$exep='.exe';
-$ex_libs="CL";
-$ex_libs.=$no_sock?"":" winsock.lib";
-
-$app_ex_obj="C0L.obj ";
-$shlib_ex_obj="" if ($shlib);
-
-# static library stuff
-$mklib='tlib';
-$ranlib='echo no ranlib';
-$plib="";
-$libp=".lib";
-$shlibp=($shlib)?".dll":".lib";
-$lfile='';
-
-$asm='bcc -c -B -Tml';
-$afile='/o';
-if ($no_asm || $fips)
- {
- $bn_asm_obj='';
- $bn_asm_src='';
- }
-elsif ($asmbits == 32)
- {
- $bn_asm_obj='crypto\bn\asm\x86w32.obj';
- $bn_asm_src='crypto\bn\asm\x86w32.asm';
- }
-else
- {
- $bn_asm_obj='crypto\bn\asm\x86w16.obj';
- $bn_asm_src='crypto\bn\asm\x86w16.asm';
- }
-
-sub do_lib_rule
- {
- local($target,$name,$shlib)=@_;
- local($ret,$Name);
-
- $taget =~ s/\//$o/g if $o ne '/';
- ($Name=$name) =~ tr/a-z/A-Z/;
-
- $ret.="$target: \$(${Name}OBJ)\n";
- $ret.="\t\$(RM) \$(O_$Name)\n";
-
- # Due to a pathetic line length limit, I unwrap the args.
- local($lib_names)="";
- local($dll_names)="";
- foreach $_ (sort split(/\s+/,$Vars{"${Name}OBJ"}))
- {
- $lib_names.=" +$_ &\n";
- $dll_names.=" $_\n";
- }
-
- if (!$shlib)
- {
- $ret.="\t\$(MKLIB) $target & <<|\n$lib_names\n,\n|\n";
- }
- else
- {
- local($ex)=($Name eq "SSL")?' $(L_CRYPTO) winsock':"";
- $ret.="\t\$(LINK) \$(MLFLAGS) @&&|\n";
- $ret.=$dll_names;
- $ret.="\n $target\n\n $ex $libs\nms$o${name}16.def;\n|\n";
- ($out_lib=$target) =~ s/O_/L_/;
- $ret.="\timplib /nowep $out_lib $target\n\n";
- }
- $ret.="\n";
- return($ret);
- }
-
-sub do_link_rule
- {
- local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
- local($ret,$f,$_,@f);
-
- $file =~ s/\//$o/g if $o ne '/';
- $n=&bname($target);
- $ret.="$target: $files $dep_libs\n";
- $ret.=" \$(LINK) @&&|";
-
- # Due to a pathetic line length limit, I have to unwrap the args.
- $ret.=" \$(LFLAGS) ";
- if ($files =~ /\(([^)]*)\)$/)
- {
- $ret.=" \$(APP_EX_OBJ)";
- foreach $_ (sort split(/\s+/,$Vars{$1}))
- { $ret.="\n $r $_ +"; }
- chop($ret);
- $ret.="\n";
- }
- else
- { $ret.="\n $r \$(APP_EX_OBJ) $files\n"; }
- $ret.=" $target\n\n $libs\n\n|\n";
- if (defined $sha1file)
- {
- $ret.=" $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
- }
- $ret.="\n";
- return($ret);
- }
-
-1;
diff --git a/crypto/openssl/util/pl/BC-32.pl b/crypto/openssl/util/pl/BC-32.pl
deleted file mode 100644
index 99b8c058..0000000
--- a/crypto/openssl/util/pl/BC-32.pl
+++ /dev/null
@@ -1,139 +0,0 @@
-#!/usr/local/bin/perl
-# Borland C++ builder 3 and 4 -- Janez Jere <jj@void.si>
-#
-
-$ssl= "ssleay32";
-$crypto="libeay32";
-
-$o='\\';
-$cp='copy';
-$rm='del';
-
-# C compiler stuff
-$cc='bcc32';
-$lflags="-ap -Tpe -x -Gn ";
-$mlflags='';
-
-$out_def="out32";
-$tmp_def="tmp32";
-$inc_def="inc32";
-#enable max error messages, disable most common warnings
-$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp ";
-if ($debug)
-{
- $cflags.="-Od -y -v -vi- -D_DEBUG";
- $mlflags.=' ';
-}
-else
-{
- $cflags.="-O2 -ff -fp";
-}
-
-$obj='.obj';
-$ofile="-o";
-
-# EXE linking stuff
-$link="ilink32";
-$efile="";
-$exep='.exe';
-if ($no_sock)
- { $ex_libs=""; }
-else { $ex_libs="cw32mt.lib import32.lib"; }
-
-# static library stuff
-$mklib='tlib /P64';
-$ranlib='';
-$plib="";
-$libp=".lib";
-$shlibp=($shlib)?".dll":".lib";
-$lfile='';
-
-$shlib_ex_obj="";
-$app_ex_obj="c0x32.obj";
-
-$asm='nasmw -f obj -d__omf__';
-$asm.=" /Zi" if $debug;
-$afile='-o';
-
-$bn_mulw_obj='';
-$bn_mulw_src='';
-$des_enc_obj='';
-$des_enc_src='';
-$bf_enc_obj='';
-$bf_enc_src='';
-
-if (!$no_asm)
- {
- $bn_mulw_obj='crypto\bn\asm\bn_win32.obj';
- $bn_mulw_src='crypto\bn\asm\bn_win32.asm';
- $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
- $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
- $bf_enc_obj='crypto\bf\asm\b_win32.obj';
- $bf_enc_src='crypto\bf\asm\b_win32.asm';
- $cast_enc_obj='crypto\cast\asm\c_win32.obj';
- $cast_enc_src='crypto\cast\asm\c_win32.asm';
- $rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
- $rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
- $rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
- $rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
- $md5_asm_obj='crypto\md5\asm\m5_win32.obj';
- $md5_asm_src='crypto\md5\asm\m5_win32.asm';
- $sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
- $sha1_asm_src='crypto\sha\asm\s1_win32.asm';
- $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
- $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
- $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
- }
-
-if ($shlib)
- {
- $mlflags.=" $lflags /dll";
-# $cflags =~ s| /MD| /MT|;
- $lib_cflag=" /GD -D_WINDLL -D_DLL";
- $out_def="out32dll";
- $tmp_def="tmp32dll";
- }
-
-sub do_lib_rule
- {
- local($objs,$target,$name,$shlib)=@_;
- local($ret,$Name);
-
- $taget =~ s/\//$o/g if $o ne '/';
- ($Name=$name) =~ tr/a-z/A-Z/;
-
-# $target="\$(LIB_D)$o$target";
- $ret.="$target: $objs\n";
- if (!$shlib)
- {
- $ret.=<<___;
- -\$(RM) $lfile$target
- \$(MKLIB) $lfile$target \@&&!
-+\$(**: = &^
-+)
-!
-___
- }
- else
- {
- local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
- $ex.=' wsock32.lib gdi32.lib';
- $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
- }
- $ret.="\n";
- return($ret);
- }
-
-sub do_link_rule
- {
- local($target,$files,$dep_libs,$libs)=@_;
- local($ret,$_);
-
- $file =~ s/\//$o/g if $o ne '/';
- $n=&bname($targer);
- $ret.="$target: $files $dep_libs\n";
- $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n";
- return($ret);
- }
-
-1;
diff --git a/crypto/openssl/util/pl/Mingw32.pl b/crypto/openssl/util/pl/Mingw32.pl
deleted file mode 100644
index 8f0483f..0000000
--- a/crypto/openssl/util/pl/Mingw32.pl
+++ /dev/null
@@ -1,106 +0,0 @@
-#!/usr/local/bin/perl
-#
-# Mingw32.pl -- Mingw
-#
-
-$o='/';
-$cp='cp';
-$rm='rm -f';
-$mkdir='gmkdir';
-
-$o='\\';
-$cp='copy';
-$rm='del';
-$mkdir='mkdir';
-
-# C compiler stuff
-
-$cc='gcc';
-if ($debug)
- { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; }
-else
- { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -march=i486 -Wall"; }
-
-if ($gaswin and !$no_asm)
- {
- $bn_asm_obj='$(OBJ_D)\bn-win32.o';
- $bn_asm_src='crypto/bn/asm/bn-win32.s';
- $bnco_asm_obj='$(OBJ_D)\co-win32.o';
- $bnco_asm_src='crypto/bn/asm/co-win32.s';
- $des_enc_obj='$(OBJ_D)\d-win32.o $(OBJ_D)\y-win32.o';
- $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s';
- $bf_enc_obj='$(OBJ_D)\b-win32.o';
- $bf_enc_src='crypto/bf/asm/b-win32.s';
-# $cast_enc_obj='$(OBJ_D)\c-win32.o';
-# $cast_enc_src='crypto/cast/asm/c-win32.s';
- $rc4_enc_obj='$(OBJ_D)\r4-win32.o';
- $rc4_enc_src='crypto/rc4/asm/r4-win32.s';
- $rc5_enc_obj='$(OBJ_D)\r5-win32.o';
- $rc5_enc_src='crypto/rc5/asm/r5-win32.s';
- $md5_asm_obj='$(OBJ_D)\m5-win32.o';
- $md5_asm_src='crypto/md5/asm/m5-win32.s';
- $rmd160_asm_obj='$(OBJ_D)\rm-win32.o';
- $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s';
- $sha1_asm_obj='$(OBJ_D)\s1-win32.o';
- $sha1_asm_src='crypto/sha/asm/s1-win32.s';
- $cpuid_asm_obj='$(OBJ_D)\cpu-win32.o';
- $cpuid_asm_src='crypto/cpu-win32.s';
- $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
- }
-
-
-$obj='.o';
-$ofile='-o ';
-
-# EXE linking stuff
-$link='${CC}';
-$lflags='${CFLAGS}';
-$efile='-o ';
-$exep='';
-$ex_libs="-lwsock32 -lgdi32";
-
-# static library stuff
-$mklib='ar r';
-$mlflags='';
-$ranlib='ranlib';
-$plib='lib';
-$libp=".a";
-$shlibp=".a";
-$lfile='';
-
-$asm='as';
-$afile='-o ';
-#$bn_asm_obj="";
-#$bn_asm_src="";
-#$des_enc_obj="";
-#$des_enc_src="";
-#$bf_enc_obj="";
-#$bf_enc_src="";
-
-sub do_lib_rule
- {
- local($obj,$target,$name,$shlib)=@_;
- local($ret,$_,$Name);
-
- $target =~ s/\//$o/g if $o ne '/';
- $target="$target";
- ($Name=$name) =~ tr/a-z/A-Z/;
-
- $ret.="$target: \$(${Name}OBJ)\n";
- $ret.="\tif exist $target \$(RM) $target\n";
- $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
- $ret.="\t\$(RANLIB) $target\n\n";
- }
-
-sub do_link_rule
- {
- local($target,$files,$dep_libs,$libs)=@_;
- local($ret,$_);
-
- $file =~ s/\//$o/g if $o ne '/';
- $n=&bname($target);
- $ret.="$target: $files $dep_libs\n";
- $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
- return($ret);
- }
-1;
diff --git a/crypto/openssl/util/pl/OS2-EMX.pl b/crypto/openssl/util/pl/OS2-EMX.pl
deleted file mode 100644
index 28cd116..0000000
--- a/crypto/openssl/util/pl/OS2-EMX.pl
+++ /dev/null
@@ -1,120 +0,0 @@
-#!/usr/local/bin/perl
-#
-# OS2-EMX.pl - for EMX GCC on OS/2
-#
-
-$o='/';
-$cp='cp';
-$rm='rm -f';
-
-$preamble = "SHELL=sh\n";
-
-# C compiler stuff
-
-$cc='gcc';
-$cflags="-DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Zmtd -Wall ";
-$cflags.="-Zomf " if $shlib;
-$shl_cflag="-Zdll";
-
-if ($debug) {
- $cflags.="-g ";
-}
-
-$obj=$shlib ? '.obj' : '.o';
-$ofile='-o ';
-
-# EXE linking stuff
-$link='${CC}';
-$lflags='${CFLAGS} -Zbsd-signals -s';
-$efile='-o ';
-$exep='.exe';
-$ex_libs="-lsocket";
-
-# static library stuff
-$mklib='ar r';
-$mlflags='';
-$ranlib="ar s";
-$plib='';
-$libp=$shlib ? ".lib" : ".a";
-$shlibp=$shlib ? ".dll" : ".a";
-$lfile='';
-
-$asm=$shlib ? 'as -Zomf' : 'as';
-$afile='-o ';
-$bn_asm_obj="";
-$bn_asm_src="";
-$des_enc_obj="";
-$des_enc_src="";
-$bf_enc_obj="";
-$bf_enc_src="";
-
-if (!$no_asm)
- {
- $bn_asm_obj="crypto/bn/asm/bn-os2$obj crypto/bn/asm/co-os2$obj";
- $bn_asm_src="crypto/bn/asm/bn-os2.asm crypto/bn/asm/co-os2.asm";
- $des_enc_obj="crypto/des/asm/d-os2$obj crypto/des/asm/y-os2$obj";
- $des_enc_src="crypto/des/asm/d-os2.asm crypto/des/asm/y-os2.asm";
- $bf_enc_obj="crypto/bf/asm/b-os2$obj";
- $bf_enc_src="crypto/bf/asm/b-os2.asm";
- $cast_enc_obj="crypto/cast/asm/c-os2$obj";
- $cast_enc_src="crypto/cast/asm/c-os2.asm";
- $rc4_enc_obj="crypto/rc4/asm/r4-os2$obj";
- $rc4_enc_src="crypto/rc4/asm/r4-os2.asm";
- $rc5_enc_obj="crypto/rc5/asm/r5-os2$obj";
- $rc5_enc_src="crypto/rc5/asm/r5-os2.asm";
- $md5_asm_obj="crypto/md5/asm/m5-os2$obj";
- $md5_asm_src="crypto/md5/asm/m5-os2.asm";
- $sha1_asm_obj="crypto/sha/asm/s1-os2$obj";
- $sha1_asm_src="crypto/sha/asm/s1-os2.asm";
- $rmd160_asm_obj="crypto/ripemd/asm/rm-os2$obj";
- $rmd160_asm_src="crypto/ripemd/asm/rm-os2.asm";
- $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
- }
-
-if ($shlib)
- {
- $mlflags.=" $lflags -Zdll";
- $lib_cflag=" -D_DLL";
- $out_def="out_dll";
- $tmp_def="tmp_dll";
- }
-
-sub do_lib_rule
- {
- local($obj,$target,$name,$shlib)=@_;
- local($ret,$_,$Name);
-
- $target =~ s/\//$o/g if $o ne '/';
- $target="$target";
- ($Name=$name) =~ tr/a-z/A-Z/;
-
- $ret.="$target: \$(${Name}OBJ)\n";
- if (!$shlib)
- {
- $ret.="\t\$(RM) $target\n";
- $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
- $ret.="\t\$(RANLIB) $target\n\n";
- }
- else
- {
- local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
- $ex.=' -lsocket';
- $ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
- $ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n";
- $ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n";
- }
- }
-
-sub do_link_rule
- {
- local($target,$files,$dep_libs,$libs)=@_;
- local($ret,$_);
-
- $file =~ s/\//$o/g if $o ne '/';
- $n=&bname($target);
- $ret.="$target: $files $dep_libs\n";
- $ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n";
- return($ret);
- }
-
-1;
diff --git a/crypto/openssl/util/pl/VC-16.pl b/crypto/openssl/util/pl/VC-16.pl
deleted file mode 100644
index 564ba3f..0000000
--- a/crypto/openssl/util/pl/VC-16.pl
+++ /dev/null
@@ -1,177 +0,0 @@
-#!/usr/local/bin/perl
-# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
-#
-
-$ssl= "ssleay16";
-$crypto="libeay16";
-
-$o='\\';
-$cp='copy';
-$rm='del';
-
-# C compiler stuff
-$cc='cl';
-
-$out_def="out16";
-$tmp_def="tmp16";
-$inc_def="inc16";
-
-if ($debug)
- {
- $op="/Od /Zi /Zd";
- $base_lflags="/CO";
- }
-else {
- $op="/G2 /f- /Ocgnotb2";
- }
-$base_lflags.=" /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000";
-if ($win16) { $base_lflags.=" /PACKD:60000"; }
-
-$cflags="/ALw /Gx- /Gt256 /Gf $op /W3 /WX -DL_ENDIAN /nologo";
-# I add the stack opt
-$lflags="$base_lflags /STACK:20000";
-
-if ($win16)
- {
- $cflags.=" -DOPENSSL_SYSNAME_WIN16";
- $app_cflag="/Gw /FPi87";
- $lib_cflag="/Gw";
- $lib_cflag.=" -D_WINDLL -D_DLL" if $shlib;
- $lib_cflag.=" -DWIN16TTY" if !$shlib;
- $lflags.=" /ALIGN:256";
- $ex_libs.="oldnames llibcewq libw";
- }
-else
- {
- $no_sock=1;
- $cflags.=" -DMSDOS";
- $lflags.=" /EXEPACK";
- $ex_libs.="oldnames.lib llibce.lib";
- }
-
-if ($shlib)
- {
- $mlflags="$base_lflags";
- $libs="oldnames ldllcew libw";
- $shlib_ex_obj="";
-# $no_asm=1;
- $out_def="out16dll";
- $tmp_def="tmp16dll";
- }
-else
- { $mlflags=''; }
-
-$app_ex_obj="";
-
-$obj='.obj';
-$ofile="/Fo";
-
-# EXE linking stuff
-$link="link";
-$efile="";
-$exep='.exe';
-$ex_libs.=$no_sock?"":" winsock";
-
-# static library stuff
-$mklib='lib /PAGESIZE:1024';
-$ranlib='';
-$plib="";
-$libp=".lib";
-$shlibp=($shlib)?".dll":".lib";
-$lfile='';
-
-$asm='ml /Cp /c /Cx';
-$afile='/Fo';
-
-$bn_asm_obj='';
-$bn_asm_src='';
-$des_enc_obj='';
-$des_enc_src='';
-$bf_enc_obj='';
-$bf_enc_src='';
-
-if (!$no_asm && !$fips)
- {
- if ($asmbits == 32)
- {
- $bn_asm_obj='crypto\bn\asm\x86w32.obj';
- $bn_asm_src='crypto\bn\asm\x86w32.asm';
- }
- else
- {
- $bn_asm_obj='crypto\bn\asm\x86w16.obj';
- $bn_asm_src='crypto\bn\asm\x86w16.asm';
- }
- }
-
-sub do_lib_rule
- {
- local($objs,$target,$name,$shlib)=@_;
- local($ret,$Name);
-
- $taget =~ s/\//$o/g if $o ne '/';
- ($Name=$name) =~ tr/a-z/A-Z/;
-
-# $target="\$(LIB_D)$o$target";
- $ret.="$target: $objs\n";
-# $ret.="\t\$(RM) \$(O_$Name)\n";
-
- # Due to a pathetic line length limit, I unwrap the args.
- local($lib_names)="";
- local($dll_names)=" \$(SHLIB_EX_OBJ) +\n";
- ($obj)= ($objs =~ /\((.*)\)/);
- foreach $_ (sort split(/\s+/,$Vars{$obj}))
- {
- $lib_names.="+$_ &\n";
- $dll_names.=" $_ +\n";
- }
-
- if (!$shlib)
- {
- $ret.="\tdel $target\n";
- $ret.="\t\$(MKLIB) @<<\n$target\ny\n$lib_names\n\n<<\n";
- }
- else
- {
- local($ex)=($target =~ /O_SSL/)?'$(L_CRYPTO)':"";
- $ex.=' winsock';
- $ret.="\t\$(LINK) \$(MLFLAGS) @<<\n";
- $ret.=$dll_names;
- $ret.="\n $target\n\n $ex $libs\nms$o${name}.def;\n<<\n";
- ($out_lib=$target) =~ s/O_/L_/;
- $ret.="\timplib /noignorecase /nowep $out_lib $target\n";
- }
- $ret.="\n";
- return($ret);
- }
-
-sub do_link_rule
- {
- local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
- local($ret,$f,$_,@f);
-
- $file =~ s/\//$o/g if $o ne '/';
- $n=&bname($targer);
- $ret.="$target: $files $dep_libs\n";
- $ret.=" \$(LINK) \$(LFLAGS) @<<\n";
-
- # Due to a pathetic line length limit, I have to unwrap the args.
- if ($files =~ /\(([^)]*)\)$/)
- {
- @a=('$(APP_EX_OBJ)');
- push(@a,sort split(/\s+/,$Vars{$1}));
- for $_ (@a)
- { $ret.=" $_ +\n"; }
- }
- else
- { $ret.=" \$(APP_EX_OBJ) $files"; }
- $ret.="\n $target\n\n $libs\n\n<<\n";
- if (defined $sha1file)
- {
- $ret.=" $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
- }
- $ret.="\n";
- return($ret);
- }
-
-1;
diff --git a/crypto/openssl/util/pl/VC-32.pl b/crypto/openssl/util/pl/VC-32.pl
deleted file mode 100644
index 81e92f0..0000000
--- a/crypto/openssl/util/pl/VC-32.pl
+++ /dev/null
@@ -1,298 +0,0 @@
-#!/usr/local/bin/perl
-# VC-32.pl - unified script for Microsoft Visual C++, covering Win32,
-# Win64 and WinCE [follow $FLAVOR variable to trace the differences].
-#
-
-$ssl= "ssleay32";
-$crypto="libeay32";
-
-$o='\\';
-$cp='$(PERL) util/copy.pl';
-$mkdir='$(PERL) util/mkdir-p.pl';
-$rm='del';
-
-$zlib_lib="zlib1.lib";
-
-# C compiler stuff
-$cc='cl';
-if ($FLAVOR =~ /WIN64/)
- {
- # Note that we currently don't have /WX on Win64! There is a lot of
- # warnings, but only of two types:
- #
- # C4344: conversion from '__int64' to 'int/long', possible loss of data
- # C4267: conversion from 'size_t' to 'int/long', possible loss of data
- #
- # Amount of latter type is minimized by aliasing strlen to function of
- # own desing and limiting its return value to 2GB-1 (see e_os.h). As
- # per 0.9.8 release remaining warnings were explicitly examined and
- # considered safe to ignore.
- #
- $base_cflags=' /W3 /Gs0 /GF /Gy /nologo -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DOPENSSL_SYSNAME_WIN32 -DOPENSSL_SYSNAME_WINNT -DUNICODE -D_UNICODE';
- $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8
- $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8
- $opt_cflags=' /MD /Ox';
- $dbg_cflags=' /MDd /Od -DDEBUG -D_DEBUG';
- $lflags="/nologo /subsystem:console /opt:ref";
- }
-elsif ($FLAVOR =~ /CE/)
- {
- # sanity check
- die '%OSVERSION% is not defined' if (!defined($ENV{'OSVERSION'}));
- die '%PLATFORM% is not defined' if (!defined($ENV{'PLATFORM'}));
- die '%TARGETCPU% is not defined' if (!defined($ENV{'TARGETCPU'}));
-
- #
- # Idea behind this is to mimic flags set by eVC++ IDE...
- #
- $wcevers = $ENV{'OSVERSION'}; # WCENNN
- die '%OSVERSION% value is insane' if ($wcevers !~ /^WCE([1-9])([0-9]{2})$/);
- $wcecdefs = "-D_WIN32_WCE=$1$2 -DUNDER_CE=$1$2"; # -D_WIN32_WCE=NNN
- $wcelflag = "/subsystem:windowsce,$1.$2"; # ...,N.NN
-
- $wceplatf = $ENV{'PLATFORM'};
- $wceplatf =~ tr/a-z0-9 /A-Z0-9_/d;
- $wcecdefs .= " -DWCE_PLATFORM_$wceplatf";
-
- $wcetgt = $ENV{'TARGETCPU'}; # just shorter name...
- SWITCH: for($wcetgt) {
- /^X86/ && do { $wcecdefs.=" -Dx86 -D_X86_ -D_i386_ -Di_386_";
- $wcelflag.=" /machine:IX86"; last; };
- /^ARMV4[IT]/ && do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt";
- $wcecdefs.=" -DTHUMB -D_THUMB_" if($wcetgt=~/T$/);
- $wcecdefs.=" -QRarch4T -QRinterwork-return";
- $wcelflag.=" /machine:THUMB"; last; };
- /^ARM/ && do { $wcecdefs.=" -DARM -D_ARM_ -D$wcetgt";
- $wcelflag.=" /machine:ARM"; last; };
- /^MIPSIV/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
- $wcecdefs.=" -D_MIPS64 -QMmips4 -QMn32";
- $wcelflag.=" /machine:MIPSFPU"; last; };
- /^MIPS16/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
- $wcecdefs.=" -DMIPSII -QMmips16";
- $wcelflag.=" /machine:MIPS16"; last; };
- /^MIPSII/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000 -D$wcetgt";
- $wcecdefs.=" -QMmips2";
- $wcelflag.=" /machine:MIPS"; last; };
- /^R4[0-9]{3}/ && do { $wcecdefs.=" -DMIPS -D_MIPS_ -DR4000";
- $wcelflag.=" /machine:MIPS"; last; };
- /^SH[0-9]/ && do { $wcecdefs.=" -D$wcetgt -D_$wcetgt_ -DSHx";
- $wcecdefs.=" -Qsh4" if ($wcetgt =~ /^SH4/);
- $wcelflag.=" /machine:$wcetgt"; last; };
- { $wcecdefs.=" -D$wcetgt -D_$wcetgt_";
- $wcelflag.=" /machine:$wcetgt"; last; };
- }
-
- $cc='$(CC)';
- $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include -DOPENSSL_SMALL_FOOTPRINT';
- $base_cflags.=" $wcecdefs";
- $opt_cflags=' /MC /O1i'; # optimize for space, but with intrinsics...
- $dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG';
- $lflags="/nologo /opt:ref $wcelflag";
- }
-else # Win32
- {
- $base_cflags=' /W3 /WX /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
- $base_cflags.=' -D_CRT_SECURE_NO_DEPRECATE'; # shut up VC8
- $base_cflags.=' -D_CRT_NONSTDC_NO_DEPRECATE'; # shut up VC8
- $opt_cflags=' /MD /Ox /O2 /Ob2';
- $dbg_cflags=' /MDd /Od -DDEBUG -D_DEBUG';
- $lflags="/nologo /subsystem:console /opt:ref";
- }
-$mlflags='';
-
-$out_def="out32"; $out_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/);
-$tmp_def="tmp32"; $tmp_def.='_$(TARGETCPU)' if ($FLAVOR =~ /CE/);
-$inc_def="inc32";
-
-if ($debug)
- {
- $cflags=$dbg_cflags.$base_cflags;
- $lflags.=" /debug";
- $mlflags.=' /debug';
- }
-else
- {
- $cflags=$opt_cflags.$base_cflags;
- }
-
-$obj='.obj';
-$ofile="/Fo";
-
-# EXE linking stuff
-$link="link";
-$rsc="rc";
-$efile="/out:";
-$exep='.exe';
-if ($no_sock) { $ex_libs=''; }
-elsif ($FLAVOR =~ /CE/) { $ex_libs='winsock.lib'; }
-else { $ex_libs='wsock32.lib'; }
-
-if ($FLAVOR =~ /CE/)
- {
- $ex_libs.=' $(WCECOMPAT)/lib/wcecompatex.lib';
- $ex_libs.=' /nodefaultlib:oldnames.lib coredll.lib corelibc.lib' if ($ENV{'TARGETCPU'} eq "X86");
- }
-else
- {
- $ex_libs.=' gdi32.lib advapi32.lib user32.lib';
- $ex_libs.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);
- }
-
-# As native NT API is pure UNICODE, our WIN-NT build defaults to UNICODE,
-# but gets linked with unicows.lib to ensure backward compatibility.
-if ($FLAVOR =~ /NT/)
- {
- $cflags.=" -DOPENSSL_SYSNAME_WINNT -DUNICODE -D_UNICODE";
- $ex_libs="unicows.lib $ex_libs";
- }
-# static library stuff
-$mklib='lib';
-$ranlib='';
-$plib="";
-$libp=".lib";
-$shlibp=($shlib)?".dll":".lib";
-$lfile='/out:';
-
-$shlib_ex_obj="";
-$app_ex_obj="setargv.obj" if ($FLAVOR !~ /CE/);
-if ($nasm) {
- $asm='nasmw -f win32';
- $afile='-o ';
-} else {
- $asm='ml /Cp /coff /c /Cx';
- $asm.=" /Zi" if $debug;
- $afile='/Fo';
-}
-
-$bn_asm_obj='';
-$bn_asm_src='';
-$des_enc_obj='';
-$des_enc_src='';
-$bf_enc_obj='';
-$bf_enc_src='';
-
-if (!$no_asm)
- {
- $bn_asm_obj='crypto\bn\asm\bn_win32.obj';
- $bn_asm_src='crypto\bn\asm\bn_win32.asm';
- $des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
- $des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
- $bf_enc_obj='crypto\bf\asm\b_win32.obj';
- $bf_enc_src='crypto\bf\asm\b_win32.asm';
- $cast_enc_obj='crypto\cast\asm\c_win32.obj';
- $cast_enc_src='crypto\cast\asm\c_win32.asm';
- $rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
- $rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
- $rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
- $rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
- $md5_asm_obj='crypto\md5\asm\m5_win32.obj';
- $md5_asm_src='crypto\md5\asm\m5_win32.asm';
- $sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
- $sha1_asm_src='crypto\sha\asm\s1_win32.asm';
- $rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
- $rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
- $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
- }
-
-if ($shlib && $FLAVOR !~ /CE/)
- {
- $mlflags.=" $lflags /dll";
-# $cflags =~ s| /MD| /MT|;
- $lib_cflag=" -D_WINDLL";
- $out_def="out32dll";
- $tmp_def="tmp32dll";
- #
- # Engage Applink...
- #
- $app_ex_obj.=" \$(OBJ_D)\\applink.obj /implib:\$(TMP_D)\\junk.lib";
- $cflags.=" -DOPENSSL_USE_APPLINK -I.";
- # I'm open for better suggestions than overriding $banner...
- $banner=<<'___';
- @echo Building OpenSSL
-
-$(OBJ_D)\applink.obj: ms\applink.c
- $(CC) /Fo$(OBJ_D)\applink.obj $(APP_CFLAGS) -c ms\applink.c
-$(OBJ_D)\uplink.obj: ms\uplink.c ms\applink.c
- $(CC) /Fo$(OBJ_D)\uplink.obj $(SHLIB_CFLAGS) -c ms\uplink.c
-$(INCO_D)\applink.c: ms\applink.c
- $(CP) ms\applink.c $(INCO_D)\applink.c
-
-EXHEADER= $(EXHEADER) $(INCO_D)\applink.c
-
-LIBS_DEP=$(LIBS_DEP) $(OBJ_D)\applink.obj
-CRYPTOOBJ=$(OBJ_D)\uplink.obj $(CRYPTOOBJ)
-___
- $banner.=<<'___' if ($FLAVOR =~ /WIN64/);
-CRYPTOOBJ=ms\uptable.obj $(CRYPTOOBJ)
-___
- }
-elsif ($shlib && $FLAVOR =~ /CE/)
- {
- $mlflags.=" $lflags /dll";
- $lib_cflag=" -D_WINDLL -D_DLL";
- $out_def='out32dll_$(TARGETCPU)';
- $tmp_def='tmp32dll_$(TARGETCPU)';
- }
-
-$cflags.=" /Fd$out_def";
-
-sub do_lib_rule
- {
- local($objs,$target,$name,$shlib)=@_;
- local($ret);
-
- $taget =~ s/\//$o/g if $o ne '/';
- if ($name ne "")
- {
- $name =~ tr/a-z/A-Z/;
- $name = "/def:ms/${name}.def";
- }
-
-# $target="\$(LIB_D)$o$target";
- $ret.="$target: $objs\n";
- if (!$shlib)
- {
-# $ret.="\t\$(RM) \$(O_$Name)\n";
- $ex =' ';
- $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n";
- }
- else
- {
- local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)';
- if ($name eq "")
- {
- $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);
- }
- elsif ($FLAVOR =~ /CE/)
- {
- $ex.=' winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib';
- }
- else
- {
- $ex.=' unicows.lib' if ($FLAVOR =~ /NT/);
- $ex.=' wsock32.lib gdi32.lib advapi32.lib user32.lib';
- $ex.=' bufferoverflowu.lib' if ($FLAVOR =~ /WIN64/);
- }
- $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
- $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
- $ret.="\tIF EXIST \$@.manifest mt -manifest \$@.manifest -outputresource:\$@;2\n\n";
- }
- $ret.="\n";
- return($ret);
- }
-
-sub do_link_rule
- {
- local($target,$files,$dep_libs,$libs)=@_;
- local($ret,$_);
-
- $file =~ s/\//$o/g if $o ne '/';
- $n=&bname($targer);
- $ret.="$target: $files $dep_libs\n";
- $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
- $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";
- $ret.="\tIF EXIST \$@.manifest mt -manifest \$@.manifest -outputresource:\$@;1\n\n";
- return($ret);
- }
-
-1;
diff --git a/crypto/openssl/util/pl/VC-CE.pl b/crypto/openssl/util/pl/VC-CE.pl
deleted file mode 100644
index 2fd0c4d..0000000
--- a/crypto/openssl/util/pl/VC-CE.pl
+++ /dev/null
@@ -1,116 +0,0 @@
-#!/usr/local/bin/perl
-# VC-CE.pl - the file for eMbedded Visual C++ 3.0 for windows CE, static libraries
-#
-
-$ssl= "ssleay32";
-$crypto="libeay32";
-$RSAref="RSAref32";
-
-$o='\\';
-$cp='copy nul+'; # Timestamps get stuffed otherwise
-$rm='del';
-
-# C compiler stuff
-$cc='$(CC)';
-$cflags=' /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo $(WCETARGETDEFS) -DUNICODE -D_UNICODE -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include';
-$lflags='/nologo /subsystem:windowsce,$(WCELDVERSION) /machine:$(WCELDMACHINE) /opt:ref';
-$mlflags='';
-
-$out_def='out32_$(TARGETCPU)';
-$tmp_def='tmp32_$(TARGETCPU)';
-$inc_def="inc32";
-
-if ($debug)
- {
- $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
- $lflags.=" /debug";
- $mlflags.=' /debug';
- }
-
-$obj='.obj';
-$ofile="/Fo";
-
-# EXE linking stuff
-$link="link";
-$efile="/out:";
-$exep='.exe';
-if ($no_sock)
- { $ex_libs=""; }
-else { $ex_libs='winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib $(WCELDFLAGS)'; }
-
-# static library stuff
-$mklib='lib';
-$ranlib='';
-$plib="";
-$libp=".lib";
-$shlibp=($shlib)?".dll":".lib";
-$lfile='/out:';
-
-$shlib_ex_obj="";
-$app_ex_obj="";
-$app_ex_obj="";
-
-$bn_asm_obj='';
-$bn_asm_src='';
-$des_enc_obj='';
-$des_enc_src='';
-$bf_enc_obj='';
-$bf_enc_src='';
-
-if ($shlib)
- {
- $mlflags.=" $lflags /dll";
-# $cflags =~ s| /MD| /MT|;
- $lib_cflag=" -D_WINDLL -D_DLL";
- $out_def='out32dll_$(TARGETCPU)';
- $tmp_def='tmp32dll_$(TARGETCPU)';
- }
-
-$cflags.=" /Fd$out_def";
-
-sub do_lib_rule
- {
- local($objs,$target,$name,$shlib)=@_;
- local($ret,$Name);
-
- $taget =~ s/\//$o/g if $o ne '/';
- ($Name=$name) =~ tr/a-z/A-Z/;
-
-# $target="\$(LIB_D)$o$target";
- $ret.="$target: $objs\n";
- if (!$shlib)
- {
-# $ret.="\t\$(RM) \$(O_$Name)\n";
- $ex =' ';
- $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n";
- }
- else
- {
- local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
-# $ex.=' winsock.lib coredll.lib $(WCECOMPAT)/lib/wcecompatex.lib';
- $ex.=' winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib';
- $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
- }
- $ret.="\n";
- return($ret);
- }
-
-sub do_link_rule
- {
- local($target,$files,$dep_libs,$libs,$sha1file,$openssl)=@_;
- local($ret,$_);
-
- $file =~ s/\//$o/g if $o ne '/';
- $n=&bname($targer);
- $ret.="$target: $files $dep_libs\n";
- $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n";
- $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n";
- if (defined $sha1file)
- {
- $ret.=" $openssl sha1 -hmac etaonrishdlcupfm -binary $target > $sha1file";
- }
- $ret.="\n";
- return($ret);
- }
-
-1;
diff --git a/crypto/openssl/util/pl/linux.pl b/crypto/openssl/util/pl/linux.pl
deleted file mode 100644
index d24f7b7..0000000
--- a/crypto/openssl/util/pl/linux.pl
+++ /dev/null
@@ -1,104 +0,0 @@
-#!/usr/local/bin/perl
-#
-# linux.pl - the standard unix makefile stuff.
-#
-
-$o='/';
-$cp='/bin/cp';
-$rm='/bin/rm -f';
-
-# C compiler stuff
-
-$cc='gcc';
-if ($debug)
- { $cflags="-g2 -ggdb -DREF_CHECK -DCRYPTO_MDEBUG"; }
-elsif ($profile)
- { $cflags="-pg -O3"; }
-else
- { $cflags="-O3 -fomit-frame-pointer"; }
-
-if (!$no_asm)
- {
- $bn_asm_obj='$(OBJ_D)/bn86-elf.o';
- $bn_asm_src='crypto/bn/asm/bn86unix.cpp';
- $bnco_asm_obj='$(OBJ_D)/co86-elf.o';
- $bnco_asm_src='crypto/bn/asm/co86unix.cpp';
- $des_enc_obj='$(OBJ_D)/dx86-elf.o $(OBJ_D)/yx86-elf.o';
- $des_enc_src='crypto/des/asm/dx86unix.cpp crypto/des/asm/yx86unix.cpp';
- $bf_enc_obj='$(OBJ_D)/bx86-elf.o';
- $bf_enc_src='crypto/bf/asm/bx86unix.cpp';
- $cast_enc_obj='$(OBJ_D)/cx86-elf.o';
- $cast_enc_src='crypto/cast/asm/cx86unix.cpp';
- $rc4_enc_obj='$(OBJ_D)/rx86-elf.o';
- $rc4_enc_src='crypto/rc4/asm/rx86unix.cpp';
- $rc5_enc_obj='$(OBJ_D)/r586-elf.o';
- $rc5_enc_src='crypto/rc5/asm/r586unix.cpp';
- $md5_asm_obj='$(OBJ_D)/mx86-elf.o';
- $md5_asm_src='crypto/md5/asm/mx86unix.cpp';
- $rmd160_asm_obj='$(OBJ_D)/rm86-elf.o';
- $rmd160_asm_src='crypto/ripemd/asm/rm86unix.cpp';
- $sha1_asm_obj='$(OBJ_D)/sx86-elf.o';
- $sha1_asm_src='crypto/sha/asm/sx86unix.cpp';
- $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DOPENSSL_BN_ASM_PART_WORDS";
- }
-
-$cflags.=" -DTERMIO -DL_ENDIAN -m486 -Wall";
-
-if ($shlib)
- {
- $shl_cflag=" -DPIC -fpic";
- $shlibp=".so.$ssl_version";
- $so_shlibp=".so";
- }
-
-sub do_shlib_rule
- {
- local($obj,$target,$name,$shlib,$so_name)=@_;
- local($ret,$_,$Name);
-
- $target =~ s/\//$o/g if $o ne '/';
- ($Name=$name) =~ tr/a-z/A-Z/;
-
- $ret.="$target: \$(${Name}OBJ)\n";
- $ret.="\t\$(RM) target\n";
- $ret.="\tgcc \${CFLAGS} -shared -Wl,-soname,$target -o $target \$(${Name}OBJ)\n";
- ($t=$target) =~ s/(^.*)\/[^\/]*$/$1/;
- if ($so_name ne "")
- {
- $ret.="\t\$(RM) \$(LIB_D)$o$so_name\n";
- $ret.="\tln -s $target \$(LIB_D)$o$so_name\n\n";
- }
- }
-
-sub do_link_rule
- {
- local($target,$files,$dep_libs,$libs)=@_;
- local($ret,$_);
-
- $file =~ s/\//$o/g if $o ne '/';
- $n=&bname($target);
- $ret.="$target: $files $dep_libs\n";
- $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
- return($ret);
- }
-
-sub do_asm_rule
- {
- local($target,$src)=@_;
- local($ret,@s,@t,$i);
-
- $target =~ s/\//$o/g if $o ne "/";
- $src =~ s/\//$o/g if $o ne "/";
-
- @s=split(/\s+/,$src);
- @t=split(/\s+/,$target);
-
- for ($i=0; $i<=$#s; $i++)
- {
- $ret.="$t[$i]: $s[$i]\n";
- $ret.="\tgcc -E -DELF \$(SRC_D)$o$s[$i]|\$(AS) $afile$t[$i]\n\n";
- }
- return($ret);
- }
-
-1;
diff --git a/crypto/openssl/util/pl/netware.pl b/crypto/openssl/util/pl/netware.pl
deleted file mode 100644
index c05789b..0000000
--- a/crypto/openssl/util/pl/netware.pl
+++ /dev/null
@@ -1,341 +0,0 @@
-# Metrowerks Codewarrior for NetWare
-#
-
-# The import files and other misc imports needed to link
-@misc_imports = ("GetProcessSwitchCount", "RunningProcess",
- "GetSuperHighResolutionTimer");
-if ($LIBC)
-{
- @import_files = ("libc.imp");
- @module_files = ("libc");
-}
-else
-{
- # clib build
- @import_files = ("clib.imp");
- @module_files = ("clib");
- push(@misc_imports, "_rt_modu64%16", "_rt_divu64%16");
-}
-if (!$BSDSOCK)
-{
- push(@import_files, "ws2nlm.imp");
-}
-
-
-# The "IMPORTS" environment variable must be set and point to the location
-# where import files (*.imp) can be found.
-# Example: set IMPORTS=c:\ndk\nwsdk\imports
-$import_path = $ENV{"IMPORTS"} || die ("IMPORTS environment variable not set\n");
-
-
-# The "PRELUDE" environment variable must be set and point to the location
-# and name of the prelude source to link with ( nwpre.obj is recommended ).
-# Example: set PRELUDE=c:\codewar\novell support\metrowerks support\libraries\runtime\nwpre.obj
-$prelude = $ENV{"PRELUDE"} || die ("PRELUDE environment variable not set\n");
-
-#$ssl= "ssleay32";
-#$crypto="libeay32";
-
-$o='\\\\';
-$cp='copy >nul:';
-$rm='del';
-
-# C compiler
-$cc="mwccnlm";
-
-# Linker
-$link="mwldnlm";
-
-# librarian
-$mklib="mwldnlm";
-
-# assembler
-if ($nw_nasm)
-{
- $asm="nasmw -s -f coff";
- $afile="-o ";
- $asm.=" -g" if $debug;
-}
-elsif ($nw_mwasm)
-{
- $asm="mwasmnlm -maxerrors 20";
- $afile="-o ";
- $asm.=" -g" if $debug;
-}
-elsif ($nw_masm)
-{
-# masm assembly settings - it should be possible to use masm but haven't
-# got it working.
-# $asm='ml /Cp /coff /c /Cx';
-# $asm.=" /Zi" if $debug;
-# $afile='/Fo';
- die("Support for masm assembler not yet functional\n");
-}
-else
-{
- $asm="";
- $afile="";
-}
-
-
-
-# compile flags
-#
-# NOTES: Several c files in the crypto subdirectory include headers from
-# their local directories. Metrowerks wouldn't find these h files
-# without adding individual include directives as compile flags
-# or modifying the c files. Instead of adding individual include
-# paths for each subdirectory a recursive include directive
-# is used ( -ir crypto ).
-#
-# A similar issue exists for the engines and apps subdirectories.
-#
-# Turned off the "possible" warnings ( -w nopossible ). Metrowerks
-# complained a lot about various stuff. May want to turn back
-# on for further development.
-$cflags="-ir crypto -ir engines -ir apps -msgstyle gcc -align 4 -processor pentium \\
- -char unsigned -w on -w nolargeargs -w nopossible -w nounusedarg \\
- -w noimplicitconv -relax_pointers -nosyspath -DL_ENDIAN \\
- -DOPENSSL_SYSNAME_NETWARE -U_WIN32 -maxerrors 20 ";
-
-# link flags
-$lflags="-msgstyle gcc -zerobss -stacksize 32768 -nostdlib -sym internal ";
-
-
-# additional flags based upon debug | non-debug
-if ($debug)
-{
- $cflags.=" -opt off -g -sym internal -DDEBUG";
-}
-else
-{
-# CodeWarrior compiler has a problem with optimizations for floating
-# points - no optimizations until further investigation
-# $cflags.=" -opt all";
-}
-
-# If LibC build add in NKS_LIBC define and set the entry/exit
-# routines - The default entry/exit routines are for CLib and don't exist
-# in LibC
-if ($LIBC)
-{
- $cflags.=" -DNETWARE_LIBC";
- $lflags.=" -entry _LibCPrelude -exit _LibCPostlude -flags pseudopreemption";
-}
-else
-{
- $cflags.=" -DNETWARE_CLIB";
- $lflags.=" -entry _Prelude -exit _Stop";
-}
-
-# If BSD Socket support is requested, set a define for the compiler
-if ($BSDSOCK)
-{
- $cflags.=" -DNETWARE_BSDSOCK";
-}
-
-
-# linking stuff
-# for the output directories use the mk1mf.pl values with "_nw" appended
-if ($shlib)
-{
- if ($LIBC)
- {
- $out_def.="_nw_libc_nlm";
- $tmp_def.="_nw_libc_nlm";
- $inc_def.="_nw_libc_nlm";
- }
- else # NETWARE_CLIB
- {
- $out_def.="_nw_clib_nlm";
- $tmp_def.="_nw_clib_nlm";
- $inc_def.="_nw_clib_nlm";
- }
-}
-else
-{
- $libp=".lib";
- $shlibp=".lib";
- $lib_flags="-nodefaults -type library";
- if ($LIBC)
- {
- $out_def.="_nw_libc";
- $tmp_def.="_nw_libc";
- $inc_def.="_nw_libc";
- }
- else # NETWARE_CLIB
- {
- $out_def.="_nw_clib";
- $tmp_def.="_nw_clib";
- $inc_def.="_nw_clib";
- }
-}
-
-# used by mk1mf.pl
-$obj='.obj';
-$ofile='-o ';
-$efile='';
-$exep='.nlm';
-$ex_libs='';
-
-if (!$no_asm)
-{
- $bn_asm_obj="crypto${o}bn${o}asm${o}bn-nw.obj";
- $bn_asm_src="crypto${o}bn${o}asm${o}bn-nw.asm";
- $des_enc_obj="crypto${o}des${o}asm${o}d-nw.obj crypto${o}des${o}asm${o}y-nw.obj";
- $des_enc_src="crypto${o}des${o}asm${o}d-nw.asm crypto${o}des${o}asm${o}y-nw.asm";
- $bf_enc_obj="crypto${o}bf${o}asm${o}b-nw.obj";
- $bf_enc_src="crypto${o}bf${o}asm${o}b-nw.asm";
- $cast_enc_obj="crypto${o}cast${o}asm${o}c-nw.obj";
- $cast_enc_src="crypto${o}cast${o}asm${o}c-nw.asm";
- $rc4_enc_obj="crypto${o}rc4${o}asm${o}r4-nw.obj";
- $rc4_enc_src="crypto${o}rc4${o}asm${o}r4-nw.asm";
- $rc5_enc_obj="crypto${o}rc5${o}asm${o}r5-nw.obj";
- $rc5_enc_src="crypto${o}rc5${o}asm${o}r5-nw.asm";
- $md5_asm_obj="crypto${o}md5${o}asm${o}m5-nw.obj";
- $md5_asm_src="crypto${o}md5${o}asm${o}m5-nw.asm";
- $sha1_asm_obj="crypto${o}sha${o}asm${o}s1-nw.obj";
- $sha1_asm_src="crypto${o}sha${o}asm${o}s1-nw.asm";
- $rmd160_asm_obj="crypto${o}ripemd${o}asm${o}rm-nw.obj";
- $rmd160_asm_src="crypto${o}ripemd${o}asm${o}rm-nw.asm";
- $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
-}
-else
-{
- $bn_asm_obj='';
- $bn_asm_src='';
- $des_enc_obj='';
- $des_enc_src='';
- $bf_enc_obj='';
- $bf_enc_src='';
- $cast_enc_obj='';
- $cast_enc_src='';
- $rc4_enc_obj='';
- $rc4_enc_src='';
- $rc5_enc_obj='';
- $rc5_enc_src='';
- $md5_asm_obj='';
- $md5_asm_src='';
- $sha1_asm_obj='';
- $sha1_asm_src='';
- $rmd160_asm_obj='';
- $rmd160_asm_src='';
-}
-
-# create the *.def linker command files in \openssl\netware\ directory
-sub do_def_file
-{
- # strip off the leading path
- my($target) = bname(@_);
- my($def_file);
- my($mod_file);
- my($i);
-
- if ($target =~ /(.*).nlm/)
- {
- $target = $1;
- }
-
- # special case for openssl - the mk1mf.pl defines E_EXE = openssl
- if ($target =~ /E_EXE/)
- {
- $target = "openssl";
- }
-
- # Note: originally tried to use full path ( \openssl\netware\$target.def )
- # Metrowerks linker choked on this with an assertion failure. bug???
- #
- $def_file = "netware\\$target.def";
-
- open(DEF_OUT, ">$def_file") || die("unable to open file $def_file\n");
-
- print( DEF_OUT "# command file generated by netware.pl for Metrowerks build\n" );
- print( DEF_OUT "#\n");
- print( DEF_OUT "DESCRIPTION \"$target\"\n");
-
- foreach $i (@misc_imports)
- {
- print( DEF_OUT "IMPORT $i\n");
- }
-
- foreach $i (@import_files)
- {
- print( DEF_OUT "IMPORT \@$import_path\\$i\n");
- }
-
- foreach $i (@module_files)
- {
- print( DEF_OUT "MODULE $i\n");
- }
-
- close(DEF_OUT);
- return($def_file);
-}
-
-sub do_lib_rule
-{
- my($objs,$target,$name,$shlib)=@_;
- my($ret);
-
- $ret.="$target: $objs\n";
- if (!$shlib)
- {
- $ret.="\t\@echo Building Lib: $name\n";
- $ret.="\t\$(MKLIB) $lib_flags -o $target $objs\n";
- $ret.="\t\@echo .\n"
- }
- else
- {
- die( "Building as NLM not currently supported!" );
- }
-
- $ret.="\n";
- return($ret);
-}
-
-sub do_link_rule
-{
- my($target,$files,$dep_libs,$libs)=@_;
- my($ret);
- my($def_file);
-
- $def_file = do_def_file($target);
-
- # special case for openssl - the mk1mf.pl defines E_EXE = openssl
-
- # NOTE: When building the test nlms no screen name is given
- # which causes the console screen to be used. By using the console
- # screen there is no "<press any key to continue>" message which
- # requires user interaction. The test script ( tests.pl ) needs to be
- # able to run the tests without requiring user interaction.
- #
- # However, the sample program "openssl.nlm" is used by the tests and is
- # a interactive sample so a screen is desired when not be run by the
- # tests. To solve the problem, two versions of the program are built:
- # openssl2 - no screen used by tests
- # openssl - default screen - use for normal interactive modes
- #
- if ($target =~ /E_EXE/)
- {
- my($target2) = $target;
-
- $target2 =~ s/\(E_EXE\)/\(E_EXE\)2/;
-
- $ret.="$target: $files $dep_libs\n";
-
- # openssl
- $ret.="\t\$(LINK) \$(LFLAGS) -screenname openssl -commandfile $def_file $files \"$prelude\" $libs -o $target\n";
- # openssl2
- $ret.="\t\$(LINK) \$(LFLAGS) -commandfile $def_file $files \"$prelude\" $libs -o $target2\n";
- }
- else
- {
- $ret.="$target: $files $dep_libs\n";
- $ret.="\t\$(LINK) \$(LFLAGS) -commandfile $def_file $files \"$prelude\" $libs -o $target\n";
- }
-
- $ret.="\n";
- return($ret);
-}
-
-1;
diff --git a/crypto/openssl/util/pl/ultrix.pl b/crypto/openssl/util/pl/ultrix.pl
deleted file mode 100644
index ea370c7..0000000
--- a/crypto/openssl/util/pl/ultrix.pl
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/usr/local/bin/perl
-#
-# linux.pl - the standard unix makefile stuff.
-#
-
-$o='/';
-$cp='/bin/cp';
-$rm='/bin/rm -f';
-
-# C compiler stuff
-
-$cc='cc';
-if ($debug)
- { $cflags="-g -DREF_CHECK -DCRYPTO_MDEBUG"; }
-else
- { $cflags="-O2"; }
-
-$cflags.=" -std1 -DL_ENDIAN";
-
-if (!$no_asm)
- {
- $bn_asm_obj='$(OBJ_D)/mips1.o';
- $bn_asm_src='crypto/bn/asm/mips1.s';
- }
-
-sub do_link_rule
- {
- local($target,$files,$dep_libs,$libs)=@_;
- local($ret,$_);
-
- $file =~ s/\//$o/g if $o ne '/';
- $n=&bname($target);
- $ret.="$target: $files $dep_libs\n";
- $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
- return($ret);
- }
-
-1;
diff --git a/crypto/openssl/util/pl/unix.pl b/crypto/openssl/util/pl/unix.pl
deleted file mode 100644
index 146611a..0000000
--- a/crypto/openssl/util/pl/unix.pl
+++ /dev/null
@@ -1,96 +0,0 @@
-#!/usr/local/bin/perl
-#
-# unix.pl - the standard unix makefile stuff.
-#
-
-$o='/';
-$cp='/bin/cp';
-$rm='/bin/rm -f';
-
-# C compiler stuff
-
-if ($gcc)
- {
- $cc='gcc';
- if ($debug)
- { $cflags="-g2 -ggdb"; }
- else
- { $cflags="-O3 -fomit-frame-pointer"; }
- }
-else
- {
- $cc='cc';
- if ($debug)
- { $cflags="-g"; }
- else
- { $cflags="-O"; }
- }
-$obj='.o';
-$ofile='-o ';
-
-# EXE linking stuff
-$link='${CC}';
-$lflags='${CFLAGS}';
-$efile='-o ';
-$exep='';
-$ex_libs="";
-
-# static library stuff
-$mklib='ar r';
-$mlflags='';
-$ranlib=&which("ranlib") or $ranlib="true";
-$plib='lib';
-$libp=".a";
-$shlibp=".a";
-$lfile='';
-
-$asm='as';
-$afile='-o ';
-$bn_asm_obj="";
-$bn_asm_src="";
-$des_enc_obj="";
-$des_enc_src="";
-$bf_enc_obj="";
-$bf_enc_src="";
-
-sub do_lib_rule
- {
- local($obj,$target,$name,$shlib)=@_;
- local($ret,$_,$Name);
-
- $target =~ s/\//$o/g if $o ne '/';
- $target="$target";
- ($Name=$name) =~ tr/a-z/A-Z/;
-
- $ret.="$target: \$(${Name}OBJ)\n";
- $ret.="\t\$(RM) $target\n";
- $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
- $ret.="\t\$(RANLIB) $target\n\n";
- }
-
-sub do_link_rule
- {
- local($target,$files,$dep_libs,$libs)=@_;
- local($ret,$_);
-
- $file =~ s/\//$o/g if $o ne '/';
- $n=&bname($target);
- $ret.="$target: $files $dep_libs\n";
- $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
- return($ret);
- }
-
-sub which
- {
- my ($name)=@_;
- my $path;
- foreach $path (split /:/, $ENV{PATH})
- {
- if (-x "$path/$name")
- {
- return "$path/$name";
- }
- }
- }
-
-1;
diff --git a/crypto/openssl/util/pod2man.pl b/crypto/openssl/util/pod2man.pl
deleted file mode 100755
index 546d1ec..0000000
--- a/crypto/openssl/util/pod2man.pl
+++ /dev/null
@@ -1,1184 +0,0 @@
-: #!/usr/bin/perl-5.005
- eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
- if $running_under_some_shell;
-
-$DEF_PM_SECTION = '3pm' || '3';
-
-=head1 NAME
-
-pod2man - translate embedded Perl pod directives into man pages
-
-=head1 SYNOPSIS
-
-B<pod2man>
-[ B<--section=>I<manext> ]
-[ B<--release=>I<relpatch> ]
-[ B<--center=>I<string> ]
-[ B<--date=>I<string> ]
-[ B<--fixed=>I<font> ]
-[ B<--official> ]
-[ B<--lax> ]
-I<inputfile>
-
-=head1 DESCRIPTION
-
-B<pod2man> converts its input file containing embedded pod directives (see
-L<perlpod>) into nroff source suitable for viewing with nroff(1) or
-troff(1) using the man(7) macro set.
-
-Besides the obvious pod conversions, B<pod2man> also takes care of
-func(), func(n), and simple variable references like $foo or @bar so
-you don't have to use code escapes for them; complex expressions like
-C<$fred{'stuff'}> will still need to be escaped, though. Other nagging
-little roffish things that it catches include translating the minus in
-something like foo-bar, making a long dash--like this--into a real em
-dash, fixing up "paired quotes", putting a little space after the
-parens in something like func(), making C++ and PI look right, making
-double underbars have a little tiny space between them, making ALLCAPS
-a teeny bit smaller in troff(1), and escaping backslashes so you don't
-have to.
-
-=head1 OPTIONS
-
-=over 8
-
-=item center
-
-Set the centered header to a specific string. The default is
-"User Contributed Perl Documentation", unless the C<--official> flag is
-given, in which case the default is "Perl Programmers Reference Guide".
-
-=item date
-
-Set the left-hand footer string to this value. By default,
-the modification date of the input file will be used.
-
-=item fixed
-
-The fixed font to use for code refs. Defaults to CW.
-
-=item official
-
-Set the default header to indicate that this page is of
-the standard release in case C<--center> is not given.
-
-=item release
-
-Set the centered footer. By default, this is the current
-perl release.
-
-=item section
-
-Set the section for the C<.TH> macro. The standard conventions on
-sections are to use 1 for user commands, 2 for system calls, 3 for
-functions, 4 for devices, 5 for file formats, 6 for games, 7 for
-miscellaneous information, and 8 for administrator commands. This works
-best if you put your Perl man pages in a separate tree, like
-F</usr/local/perl/man/>. By default, section 1 will be used
-unless the file ends in F<.pm> in which case section 3 will be selected.
-
-=item lax
-
-Don't complain when required sections aren't present.
-
-=back
-
-=head1 Anatomy of a Proper Man Page
-
-For those not sure of the proper layout of a man page, here's
-an example of the skeleton of a proper man page. Head of the
-major headers should be setout as a C<=head1> directive, and
-are historically written in the rather startling ALL UPPER CASE
-format, although this is not mandatory.
-Minor headers may be included using C<=head2>, and are
-typically in mixed case.
-
-=over 10
-
-=item NAME
-
-Mandatory section; should be a comma-separated list of programs or
-functions documented by this podpage, such as:
-
- foo, bar - programs to do something
-
-=item SYNOPSIS
-
-A short usage summary for programs and functions, which
-may someday be deemed mandatory.
-
-=item DESCRIPTION
-
-Long drawn out discussion of the program. It's a good idea to break this
-up into subsections using the C<=head2> directives, like
-
- =head2 A Sample Subection
-
- =head2 Yet Another Sample Subection
-
-=item OPTIONS
-
-Some people make this separate from the description.
-
-=item RETURN VALUE
-
-What the program or function returns if successful.
-
-=item ERRORS
-
-Exceptions, return codes, exit stati, and errno settings.
-
-=item EXAMPLES
-
-Give some example uses of the program.
-
-=item ENVIRONMENT
-
-Envariables this program might care about.
-
-=item FILES
-
-All files used by the program. You should probably use the FE<lt>E<gt>
-for these.
-
-=item SEE ALSO
-
-Other man pages to check out, like man(1), man(7), makewhatis(8), or catman(8).
-
-=item NOTES
-
-Miscellaneous commentary.
-
-=item CAVEATS
-
-Things to take special care with; sometimes called WARNINGS.
-
-=item DIAGNOSTICS
-
-All possible messages the program can print out--and
-what they mean.
-
-=item BUGS
-
-Things that are broken or just don't work quite right.
-
-=item RESTRICTIONS
-
-Bugs you don't plan to fix :-)
-
-=item AUTHOR
-
-Who wrote it (or AUTHORS if multiple).
-
-=item HISTORY
-
-Programs derived from other sources sometimes have this, or
-you might keep a modification log here.
-
-=back
-
-=head1 EXAMPLES
-
- pod2man program > program.1
- pod2man some_module.pm > /usr/perl/man/man3/some_module.3
- pod2man --section=7 note.pod > note.7
-
-=head1 DIAGNOSTICS
-
-The following diagnostics are generated by B<pod2man>. Items
-marked "(W)" are non-fatal, whereas the "(F)" errors will cause
-B<pod2man> to immediately exit with a non-zero status.
-
-=over 4
-
-=item bad option in paragraph %d of %s: ``%s'' should be [%s]<%s>
-
-(W) If you start include an option, you should set it off
-as bold, italic, or code.
-
-=item can't open %s: %s
-
-(F) The input file wasn't available for the given reason.
-
-=item Improper man page - no dash in NAME header in paragraph %d of %s
-
-(W) The NAME header did not have an isolated dash in it. This is
-considered important.
-
-=item Invalid man page - no NAME line in %s
-
-(F) You did not include a NAME header, which is essential.
-
-=item roff font should be 1 or 2 chars, not `%s' (F)
-
-(F) The font specified with the C<--fixed> option was not
-a one- or two-digit roff font.
-
-=item %s is missing required section: %s
-
-(W) Required sections include NAME, DESCRIPTION, and if you're
-using a section starting with a 3, also a SYNOPSIS. Actually,
-not having a NAME is a fatal.
-
-=item Unknown escape: %s in %s
-
-(W) An unknown HTML entity (probably for an 8-bit character) was given via
-a C<EE<lt>E<gt>> directive. Besides amp, lt, gt, and quot, recognized
-entities are Aacute, aacute, Acirc, acirc, AElig, aelig, Agrave, agrave,
-Aring, aring, Atilde, atilde, Auml, auml, Ccedil, ccedil, Eacute, eacute,
-Ecirc, ecirc, Egrave, egrave, ETH, eth, Euml, euml, Iacute, iacute, Icirc,
-icirc, Igrave, igrave, Iuml, iuml, Ntilde, ntilde, Oacute, oacute, Ocirc,
-ocirc, Ograve, ograve, Oslash, oslash, Otilde, otilde, Ouml, ouml, szlig,
-THORN, thorn, Uacute, uacute, Ucirc, ucirc, Ugrave, ugrave, Uuml, uuml,
-Yacute, yacute, and yuml.
-
-=item Unmatched =back
-
-(W) You have a C<=back> without a corresponding C<=over>.
-
-=item Unrecognized pod directive: %s
-
-(W) You specified a pod directive that isn't in the known list of
-C<=head1>, C<=head2>, C<=item>, C<=over>, C<=back>, or C<=cut>.
-
-
-=back
-
-=head1 NOTES
-
-If you would like to print out a lot of man page continuously, you
-probably want to set the C and D registers to set contiguous page
-numbering and even/odd paging, at least on some versions of man(7).
-Settting the F register will get you some additional experimental
-indexing:
-
- troff -man -rC1 -rD1 -rF1 perl.1 perldata.1 perlsyn.1 ...
-
-The indexing merely outputs messages via C<.tm> for each
-major page, section, subsection, item, and any C<XE<lt>E<gt>>
-directives.
-
-
-=head1 RESTRICTIONS
-
-None at this time.
-
-=head1 BUGS
-
-The =over and =back directives don't really work right. They
-take absolute positions instead of offsets, don't nest well, and
-making people count is suboptimal in any event.
-
-=head1 AUTHORS
-
-Original prototype by Larry Wall, but so massively hacked over by
-Tom Christiansen such that Larry probably doesn't recognize it anymore.
-
-=cut
-
-$/ = "";
-$cutting = 1;
-@Indices = ();
-
-# We try first to get the version number from a local binary, in case we're
-# running an installed version of Perl to produce documentation from an
-# uninstalled newer version's pod files.
-if ($^O ne 'plan9' and $^O ne 'dos' and $^O ne 'os2' and $^O ne 'MSWin32') {
- my $perl = (-x './perl' && -f './perl' ) ?
- './perl' :
- ((-x '../perl' && -f '../perl') ?
- '../perl' :
- '');
- ($version,$patch) = `$perl -e 'print $]'` =~ /^(\d\.\d{3})(\d{2})?/ if $perl;
-}
-# No luck; we'll just go with the running Perl's version
-($version,$patch) = $] =~ /^(.{5})(\d{2})?/ unless $version;
-$DEF_RELEASE = "perl $version";
-$DEF_RELEASE .= ", patch $patch" if $patch;
-
-
-sub makedate {
- my $secs = shift;
- my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs);
- my $mname = (qw{Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec})[$mon];
- $year += 1900;
- return "$mday/$mname/$year";
-}
-
-use Getopt::Long;
-
-$DEF_SECTION = 1;
-$DEF_CENTER = "User Contributed Perl Documentation";
-$STD_CENTER = "Perl Programmers Reference Guide";
-$DEF_FIXED = 'CW';
-$DEF_LAX = 0;
-
-sub usage {
- warn "$0: @_\n" if @_;
- die <<EOF;
-usage: $0 [options] podpage
-Options are:
- --section=manext (default "$DEF_SECTION")
- --release=relpatch (default "$DEF_RELEASE")
- --center=string (default "$DEF_CENTER")
- --date=string (default "$DEF_DATE")
- --fixed=font (default "$DEF_FIXED")
- --official (default NOT)
- --lax (default NOT)
-EOF
-}
-
-$uok = GetOptions( qw(
- section=s
- release=s
- center=s
- date=s
- fixed=s
- official
- lax
- help));
-
-$DEF_DATE = makedate((stat($ARGV[0]))[9] || time());
-
-usage("Usage error!") unless $uok;
-usage() if $opt_help;
-usage("Need one and only one podpage argument") unless @ARGV == 1;
-
-$section = $opt_section || ($ARGV[0] =~ /\.pm$/
- ? $DEF_PM_SECTION : $DEF_SECTION);
-$RP = $opt_release || $DEF_RELEASE;
-$center = $opt_center || ($opt_official ? $STD_CENTER : $DEF_CENTER);
-$lax = $opt_lax || $DEF_LAX;
-
-$CFont = $opt_fixed || $DEF_FIXED;
-
-if (length($CFont) == 2) {
- $CFont_embed = "\\f($CFont";
-}
-elsif (length($CFont) == 1) {
- $CFont_embed = "\\f$CFont";
-}
-else {
- die "roff font should be 1 or 2 chars, not `$CFont_embed'";
-}
-
-$date = $opt_date || $DEF_DATE;
-
-for (qw{NAME DESCRIPTION}) {
-# for (qw{NAME DESCRIPTION AUTHOR}) {
- $wanna_see{$_}++;
-}
-$wanna_see{SYNOPSIS}++ if $section =~ /^3/;
-
-
-$name = @ARGV ? $ARGV[0] : "<STDIN>";
-$Filename = $name;
-if ($section =~ /^1/) {
- require File::Basename;
- $name = uc File::Basename::basename($name);
-}
-$name =~ s/\.(pod|p[lm])$//i;
-
-# Lose everything up to the first of
-# */lib/*perl* standard or site_perl module
-# */*perl*/lib from -D prefix=/opt/perl
-# */*perl*/ random module hierarchy
-# which works.
-$name =~ s-//+-/-g;
-if ($name =~ s-^.*?/lib/[^/]*perl[^/]*/--i
- or $name =~ s-^.*?/[^/]*perl[^/]*/lib/--i
- or $name =~ s-^.*?/[^/]*perl[^/]*/--i) {
- # Lose ^site(_perl)?/.
- $name =~ s-^site(_perl)?/--;
- # Lose ^arch/. (XXX should we use Config? Just for archname?)
- $name =~ s~^(.*-$^O|$^O-.*)/~~o;
- # Lose ^version/.
- $name =~ s-^\d+\.\d+/--;
-}
-
-# Translate Getopt/Long to Getopt::Long, etc.
-$name =~ s(/)(::)g;
-
-if ($name ne 'something') {
- FCHECK: {
- open(F, "< $ARGV[0]") || die "can't open $ARGV[0]: $!";
- while (<F>) {
- next unless /^=\b/;
- if (/^=head1\s+NAME\s*$/) { # an /m would forgive mistakes
- $_ = <F>;
- unless (/\s*-+\s+/) {
- $oops++;
- warn "$0: Improper man page - no dash in NAME header in paragraph $. of $ARGV[0]\n"
- } else {
- my @n = split /\s+-+\s+/;
- if (@n != 2) {
- $oops++;
- warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n"
- }
- else {
- $n[0] =~ s/\n/ /g;
- $n[1] =~ s/\n/ /g;
- %namedesc = @n;
- }
- }
- last FCHECK;
- }
- next if /^=cut\b/; # DB_File and Net::Ping have =cut before NAME
- next if /^=pod\b/; # It is OK to have =pod before NAME
- next if /^=for\s+comment\b/; # It is OK to have =for comment before NAME
- die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;
- }
- die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;
- }
- close F;
-}
-
-print <<"END";
-.rn '' }`
-''' \$RCSfile\$\$Revision\$\$Date\$
-'''
-''' \$Log\$
-'''
-.de Sh
-.br
-.if t .Sp
-.ne 5
-.PP
-\\fB\\\\\$1\\fR
-.PP
-..
-.de Sp
-.if t .sp .5v
-.if n .sp
-..
-.de Ip
-.br
-.ie \\\\n(.\$>=3 .ne \\\\\$3
-.el .ne 3
-.IP "\\\\\$1" \\\\\$2
-..
-.de Vb
-.ft $CFont
-.nf
-.ne \\\\\$1
-..
-.de Ve
-.ft R
-
-.fi
-..
-'''
-'''
-''' Set up \\*(-- to give an unbreakable dash;
-''' string Tr holds user defined translation string.
-''' Bell System Logo is used as a dummy character.
-'''
-.tr \\(*W-|\\(bv\\*(Tr
-.ie n \\{\\
-.ds -- \\(*W-
-.ds PI pi
-.if (\\n(.H=4u)&(1m=24u) .ds -- \\(*W\\h'-12u'\\(*W\\h'-12u'-\\" diablo 10 pitch
-.if (\\n(.H=4u)&(1m=20u) .ds -- \\(*W\\h'-12u'\\(*W\\h'-8u'-\\" diablo 12 pitch
-.ds L" ""
-.ds R" ""
-''' \\*(M", \\*(S", \\*(N" and \\*(T" are the equivalent of
-''' \\*(L" and \\*(R", except that they are used on ".xx" lines,
-''' such as .IP and .SH, which do another additional levels of
-''' double-quote interpretation
-.ds M" """
-.ds S" """
-.ds N" """""
-.ds T" """""
-.ds L' '
-.ds R' '
-.ds M' '
-.ds S' '
-.ds N' '
-.ds T' '
-'br\\}
-.el\\{\\
-.ds -- \\(em\\|
-.tr \\*(Tr
-.ds L" ``
-.ds R" ''
-.ds M" ``
-.ds S" ''
-.ds N" ``
-.ds T" ''
-.ds L' `
-.ds R' '
-.ds M' `
-.ds S' '
-.ds N' `
-.ds T' '
-.ds PI \\(*p
-'br\\}
-END
-
-print <<'END';
-.\" If the F register is turned on, we'll generate
-.\" index entries out stderr for the following things:
-.\" TH Title
-.\" SH Header
-.\" Sh Subsection
-.\" Ip Item
-.\" X<> Xref (embedded
-.\" Of course, you have to process the output yourself
-.\" in some meaninful fashion.
-.if \nF \{
-.de IX
-.tm Index:\\$1\t\\n%\t"\\$2"
-..
-.nr % 0
-.rr F
-.\}
-END
-
-print <<"END";
-.TH $name $section "$RP" "$date" "$center"
-.UC
-END
-
-push(@Indices, qq{.IX Title "$name $section"});
-
-while (($name, $desc) = each %namedesc) {
- for ($name, $desc) { s/^\s+//; s/\s+$//; }
- push(@Indices, qq(.IX Name "$name - $desc"\n));
-}
-
-print <<'END';
-.if n .hy 0
-.if n .na
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.de CQ \" put $1 in typewriter font
-END
-print ".ft $CFont\n";
-print <<'END';
-'if n "\c
-'if t \\&\\$1\c
-'if n \\&\\$1\c
-'if n \&"
-\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
-'.ft R
-..
-.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
-. \" AM - accent mark definitions
-.bd B 3
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds ? ?
-. ds ! !
-. ds /
-. ds q
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
-. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
-.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
-.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
-.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-.ds oe o\h'-(\w'o'u*4/10)'e
-.ds Oe O\h'-(\w'O'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds v \h'-1'\o'\(aa\(ga'
-. ds _ \h'-1'^
-. ds . \h'-1'.
-. ds 3 3
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-. ds oe oe
-. ds Oe OE
-.\}
-.rm #[ #] #H #V #F C
-END
-
-$indent = 0;
-
-$begun = "";
-
-# Unrolling [^A-Z>]|[A-Z](?!<) gives: // MRE pp 165.
-my $nonest = '(?:[^A-Z>]*(?:[A-Z](?!<)[^A-Z>]*)*)';
-
-while (<>) {
- if ($cutting) {
- next unless /^=/;
- $cutting = 0;
- }
- if ($begun) {
- if (/^=end\s+$begun/) {
- $begun = "";
- }
- elsif ($begun =~ /^(roff|man)$/) {
- print STDOUT $_;
- }
- next;
- }
- chomp;
-
- # Translate verbatim paragraph
-
- if (/^\s/) {
- @lines = split(/\n/);
- for (@lines) {
- 1 while s
- {^( [^\t]* ) \t ( \t* ) }
- { $1 . ' ' x (8 - (length($1)%8) + 8 * (length($2))) }ex;
- s/\\/\\e/g;
- s/\A/\\&/s;
- }
- $lines = @lines;
- makespace() unless $verbatim++;
- print ".Vb $lines\n";
- print join("\n", @lines), "\n";
- print ".Ve\n";
- $needspace = 0;
- next;
- }
-
- $verbatim = 0;
-
- if (/^=for\s+(\S+)\s*/s) {
- if ($1 eq "man" or $1 eq "roff") {
- print STDOUT $',"\n\n";
- } else {
- # ignore unknown for
- }
- next;
- }
- elsif (/^=begin\s+(\S+)\s*/s) {
- $begun = $1;
- if ($1 eq "man" or $1 eq "roff") {
- print STDOUT $'."\n\n";
- }
- next;
- }
-
- # check for things that'll hosed our noremap scheme; affects $_
- init_noremap();
-
- if (!/^=item/) {
-
- # trofficate backslashes; must do it before what happens below
- s/\\/noremap('\\e')/ge;
-
- # protect leading periods and quotes against *roff
- # mistaking them for directives
- s/^(?:[A-Z]<)?[.']/\\&$&/gm;
-
- # first hide the escapes in case we need to
- # intuit something and get it wrong due to fmting
-
- 1 while s/([A-Z]<$nonest>)/noremap($1)/ge;
-
- # func() is a reference to a perl function
- s{
- \b
- (
- [:\w]+ \(\)
- )
- } {I<$1>}gx;
-
- # func(n) is a reference to a perl function or a man page
- s{
- ([:\w]+)
- (
- \( [^\051]+ \)
- )
- } {I<$1>\\|$2}gx;
-
- # convert simple variable references
- s/(\s+)([\$\@%][\w:]+)(?!\()/${1}C<$2>/g;
-
- if (m{ (
- [\-\w]+
- \(
- [^\051]*?
- [\@\$,]
- [^\051]*?
- \)
- )
- }x && $` !~ /([LCI]<[^<>]*|-)$/ && !/^=\w/)
- {
- warn "$0: bad option in paragraph $. of $ARGV: ``$1'' should be [LCI]<$1>\n";
- $oops++;
- }
-
- while (/(-[a-zA-Z])\b/g && $` !~ /[\w\-]$/) {
- warn "$0: bad option in paragraph $. of $ARGV: ``$1'' should be [CB]<$1>\n";
- $oops++;
- }
-
- # put it back so we get the <> processed again;
- clear_noremap(0); # 0 means leave the E's
-
- } else {
- # trofficate backslashes
- s/\\/noremap('\\e')/ge;
-
- }
-
- # need to hide E<> first; they're processed in clear_noremap
- s/(E<[^<>]+>)/noremap($1)/ge;
-
-
- $maxnest = 10;
- while ($maxnest-- && /[A-Z]</) {
-
- # can't do C font here
- s/([BI])<($nonest)>/font($1) . $2 . font('R')/eg;
-
- # files and filelike refs in italics
- s/F<($nonest)>/I<$1>/g;
-
- # no break -- usually we want C<> for this
- s/S<($nonest)>/nobreak($1)/eg;
-
- # LREF: a la HREF L<show this text|man/section>
- s:L<([^|>]+)\|[^>]+>:$1:g;
-
- # LREF: a manpage(3f)
- s:L<([a-zA-Z][^\s\/]+)(\([^\)]+\))?>:the I<$1>$2 manpage:g;
-
- # LREF: an =item on another manpage
- s{
- L<
- ([^/]+)
- /
- (
- [:\w]+
- (\(\))?
- )
- >
- } {the C<$2> entry in the I<$1> manpage}gx;
-
- # LREF: an =item on this manpage
- s{
- ((?:
- L<
- /
- (
- [:\w]+
- (\(\))?
- )
- >
- (,?\s+(and\s+)?)?
- )+)
- } { internal_lrefs($1) }gex;
-
- # LREF: a =head2 (head1?), maybe on a manpage, maybe right here
- # the "func" can disambiguate
- s{
- L<
- (?:
- ([a-zA-Z]\S+?) /
- )?
- "?(.*?)"?
- >
- }{
- do {
- $1 # if no $1, assume it means on this page.
- ? "the section on I<$2> in the I<$1> manpage"
- : "the section on I<$2>"
- }
- }gesx; # s in case it goes over multiple lines, so . matches \n
-
- s/Z<>/\\&/g;
-
- # comes last because not subject to reprocessing
- s/C<($nonest)>/noremap("${CFont_embed}${1}\\fR")/eg;
- }
-
- if (s/^=//) {
- $needspace = 0; # Assume this.
-
- s/\n/ /g;
-
- ($Cmd, $_) = split(' ', $_, 2);
-
- $dotlevel = 1;
- if ($Cmd eq 'head1') {
- $dotlevel = 1;
- }
- elsif ($Cmd eq 'head2') {
- $dotlevel = 1;
- }
- elsif ($Cmd eq 'item') {
- $dotlevel = 2;
- }
-
- if (defined $_) {
- &escapes($dotlevel);
- s/"/""/g;
- }
-
- clear_noremap(1);
-
- if ($Cmd eq 'cut') {
- $cutting = 1;
- }
- elsif ($Cmd eq 'head1') {
- s/\s+$//;
- delete $wanna_see{$_} if exists $wanna_see{$_};
- print qq{.SH "$_"\n};
- push(@Indices, qq{.IX Header "$_"\n});
- }
- elsif ($Cmd eq 'head2') {
- print qq{.Sh "$_"\n};
- push(@Indices, qq{.IX Subsection "$_"\n});
- }
- elsif ($Cmd eq 'over') {
- push(@indent,$indent);
- $indent += ($_ + 0) || 5;
- }
- elsif ($Cmd eq 'back') {
- $indent = pop(@indent);
- warn "$0: Unmatched =back in paragraph $. of $ARGV\n" unless defined $indent;
- $needspace = 1;
- }
- elsif ($Cmd eq 'item') {
- s/^\*( |$)/\\(bu$1/g;
- # if you know how to get ":s please do
- s/\\\*\(L"([^"]+?)\\\*\(R"/'$1'/g;
- s/\\\*\(L"([^"]+?)""/'$1'/g;
- s/[^"]""([^"]+?)""[^"]/'$1'/g;
- # here do something about the $" in perlvar?
- print STDOUT qq{.Ip "$_" $indent\n};
- push(@Indices, qq{.IX Item "$_"\n});
- }
- elsif ($Cmd eq 'pod') {
- # this is just a comment
- }
- else {
- warn "$0: Unrecognized pod directive in paragraph $. of $ARGV: $Cmd\n";
- }
- }
- else {
- if ($needspace) {
- &makespace;
- }
- &escapes(0);
- clear_noremap(1);
- print $_, "\n";
- $needspace = 1;
- }
-}
-
-print <<"END";
-
-.rn }` ''
-END
-
-if (%wanna_see && !$lax) {
- @missing = keys %wanna_see;
- warn "$0: $Filename is missing required section"
- . (@missing > 1 && "s")
- . ": @missing\n";
- $oops++;
-}
-
-foreach (@Indices) { print "$_\n"; }
-
-exit;
-#exit ($oops != 0);
-
-#########################################################################
-
-sub nobreak {
- my $string = shift;
- $string =~ s/ /\\ /g;
- $string;
-}
-
-sub escapes {
- my $indot = shift;
-
- s/X<(.*?)>/mkindex($1)/ge;
-
- # translate the minus in foo-bar into foo\-bar for roff
- s/([^0-9a-z-])-([^-])/$1\\-$2/g;
-
- # make -- into the string version \*(-- (defined above)
- s/\b--\b/\\*(--/g;
- s/"--([^"])/"\\*(--$1/g; # should be a better way
- s/([^"])--"/$1\\*(--"/g;
-
- # fix up quotes; this is somewhat tricky
- my $dotmacroL = 'L';
- my $dotmacroR = 'R';
- if ( $indot == 1 ) {
- $dotmacroL = 'M';
- $dotmacroR = 'S';
- }
- elsif ( $indot >= 2 ) {
- $dotmacroL = 'N';
- $dotmacroR = 'T';
- }
- if (!/""/) {
- s/(^|\s)(['"])/noremap("$1\\*($dotmacroL$2")/ge;
- s/(['"])($|[\-\s,;\\!?.])/noremap("\\*($dotmacroR$1$2")/ge;
- }
-
- #s/(?!")(?:.)--(?!")(?:.)/\\*(--/g;
- #s/(?:(?!")(?:.)--(?:"))|(?:(?:")--(?!")(?:.))/\\*(--/g;
-
-
- # make sure that func() keeps a bit a space tween the parens
- ### s/\b\(\)/\\|()/g;
- ### s/\b\(\)/(\\|)/g;
-
- # make C++ into \*C+, which is a squinched version (defined above)
- s/\bC\+\+/\\*(C+/g;
-
- # make double underbars have a little tiny space between them
- s/__/_\\|_/g;
-
- # PI goes to \*(PI (defined above)
- s/\bPI\b/noremap('\\*(PI')/ge;
-
- # make all caps a teeny bit smaller, but don't muck with embedded code literals
- my $hidCFont = font('C');
- if ($Cmd !~ /^head1/) { # SH already makes smaller
- # /g isn't enough; 1 while or we'll be off
-
-# 1 while s{
-# (?!$hidCFont)(..|^.|^)
-# \b
-# (
-# [A-Z][\/A-Z+:\-\d_$.]+
-# )
-# (s?)
-# \b
-# } {$1\\s-1$2\\s0}gmox;
-
- 1 while s{
- (?!$hidCFont)(..|^.|^)
- (
- \b[A-Z]{2,}[\/A-Z+:\-\d_\$]*\b
- )
- } {
- $1 . noremap( '\\s-1' . $2 . '\\s0' )
- }egmox;
-
- }
-}
-
-# make troff just be normal, but make small nroff get quoted
-# decided to just put the quotes in the text; sigh;
-sub ccvt {
- local($_,$prev) = @_;
- noremap(qq{.CQ "$_" \n\\&});
-}
-
-sub makespace {
- if ($indent) {
- print ".Sp\n";
- }
- else {
- print ".PP\n";
- }
-}
-
-sub mkindex {
- my ($entry) = @_;
- my @entries = split m:\s*/\s*:, $entry;
- push @Indices, ".IX Xref " . join ' ', map {qq("$_")} @entries;
- return '';
-}
-
-sub font {
- local($font) = shift;
- return '\\f' . noremap($font);
-}
-
-sub noremap {
- local($thing_to_hide) = shift;
- $thing_to_hide =~ tr/\000-\177/\200-\377/;
- return $thing_to_hide;
-}
-
-sub init_noremap {
- # escape high bit characters in input stream
- s/([\200-\377])/"E<".ord($1).">"/ge;
-}
-
-sub clear_noremap {
- my $ready_to_print = $_[0];
-
- tr/\200-\377/\000-\177/;
-
- # trofficate backslashes
- # s/(?!\\e)(?:..|^.|^)\\/\\e/g;
-
- # now for the E<>s, which have been hidden until now
- # otherwise the interative \w<> processing would have
- # been hosed by the E<gt>
- s {
- E<
- (
- ( \d + )
- | ( [A-Za-z]+ )
- )
- >
- } {
- do {
- defined $2
- ? chr($2)
- :
- exists $HTML_Escapes{$3}
- ? do { $HTML_Escapes{$3} }
- : do {
- warn "$0: Unknown escape in paragraph $. of $ARGV: ``$&''\n";
- "E<$1>";
- }
- }
- }egx if $ready_to_print;
-}
-
-sub internal_lrefs {
- local($_) = shift;
- local $trailing_and = s/and\s+$// ? "and " : "";
-
- s{L</([^>]+)>}{$1}g;
- my(@items) = split( /(?:,?\s+(?:and\s+)?)/ );
- my $retstr = "the ";
- my $i;
- for ($i = 0; $i <= $#items; $i++) {
- $retstr .= "C<$items[$i]>";
- $retstr .= ", " if @items > 2 && $i != $#items;
- $retstr .= " and " if $i+2 == @items;
- }
-
- $retstr .= " entr" . ( @items > 1 ? "ies" : "y" )
- . " elsewhere in this document";
- # terminal space to avoid words running together (pattern used
- # strips terminal spaces)
- $retstr .= " " if length $trailing_and;
- $retstr .= $trailing_and;
-
- return $retstr;
-
-}
-
-BEGIN {
-%HTML_Escapes = (
- 'amp' => '&', # ampersand
- 'lt' => '<', # left chevron, less-than
- 'gt' => '>', # right chevron, greater-than
- 'quot' => '"', # double quote
-
- "Aacute" => "A\\*'", # capital A, acute accent
- "aacute" => "a\\*'", # small a, acute accent
- "Acirc" => "A\\*^", # capital A, circumflex accent
- "acirc" => "a\\*^", # small a, circumflex accent
- "AElig" => '\*(AE', # capital AE diphthong (ligature)
- "aelig" => '\*(ae', # small ae diphthong (ligature)
- "Agrave" => "A\\*`", # capital A, grave accent
- "agrave" => "A\\*`", # small a, grave accent
- "Aring" => 'A\\*o', # capital A, ring
- "aring" => 'a\\*o', # small a, ring
- "Atilde" => 'A\\*~', # capital A, tilde
- "atilde" => 'a\\*~', # small a, tilde
- "Auml" => 'A\\*:', # capital A, dieresis or umlaut mark
- "auml" => 'a\\*:', # small a, dieresis or umlaut mark
- "Ccedil" => 'C\\*,', # capital C, cedilla
- "ccedil" => 'c\\*,', # small c, cedilla
- "Eacute" => "E\\*'", # capital E, acute accent
- "eacute" => "e\\*'", # small e, acute accent
- "Ecirc" => "E\\*^", # capital E, circumflex accent
- "ecirc" => "e\\*^", # small e, circumflex accent
- "Egrave" => "E\\*`", # capital E, grave accent
- "egrave" => "e\\*`", # small e, grave accent
- "ETH" => '\\*(D-', # capital Eth, Icelandic
- "eth" => '\\*(d-', # small eth, Icelandic
- "Euml" => "E\\*:", # capital E, dieresis or umlaut mark
- "euml" => "e\\*:", # small e, dieresis or umlaut mark
- "Iacute" => "I\\*'", # capital I, acute accent
- "iacute" => "i\\*'", # small i, acute accent
- "Icirc" => "I\\*^", # capital I, circumflex accent
- "icirc" => "i\\*^", # small i, circumflex accent
- "Igrave" => "I\\*`", # capital I, grave accent
- "igrave" => "i\\*`", # small i, grave accent
- "Iuml" => "I\\*:", # capital I, dieresis or umlaut mark
- "iuml" => "i\\*:", # small i, dieresis or umlaut mark
- "Ntilde" => 'N\*~', # capital N, tilde
- "ntilde" => 'n\*~', # small n, tilde
- "Oacute" => "O\\*'", # capital O, acute accent
- "oacute" => "o\\*'", # small o, acute accent
- "Ocirc" => "O\\*^", # capital O, circumflex accent
- "ocirc" => "o\\*^", # small o, circumflex accent
- "Ograve" => "O\\*`", # capital O, grave accent
- "ograve" => "o\\*`", # small o, grave accent
- "Oslash" => "O\\*/", # capital O, slash
- "oslash" => "o\\*/", # small o, slash
- "Otilde" => "O\\*~", # capital O, tilde
- "otilde" => "o\\*~", # small o, tilde
- "Ouml" => "O\\*:", # capital O, dieresis or umlaut mark
- "ouml" => "o\\*:", # small o, dieresis or umlaut mark
- "szlig" => '\*8', # small sharp s, German (sz ligature)
- "THORN" => '\\*(Th', # capital THORN, Icelandic
- "thorn" => '\\*(th',, # small thorn, Icelandic
- "Uacute" => "U\\*'", # capital U, acute accent
- "uacute" => "u\\*'", # small u, acute accent
- "Ucirc" => "U\\*^", # capital U, circumflex accent
- "ucirc" => "u\\*^", # small u, circumflex accent
- "Ugrave" => "U\\*`", # capital U, grave accent
- "ugrave" => "u\\*`", # small u, grave accent
- "Uuml" => "U\\*:", # capital U, dieresis or umlaut mark
- "uuml" => "u\\*:", # small u, dieresis or umlaut mark
- "Yacute" => "Y\\*'", # capital Y, acute accent
- "yacute" => "y\\*'", # small y, acute accent
- "yuml" => "y\\*:", # small y, dieresis or umlaut mark
-);
-}
-
diff --git a/crypto/openssl/util/pod2mantest b/crypto/openssl/util/pod2mantest
deleted file mode 100755
index 384e683..0000000
--- a/crypto/openssl/util/pod2mantest
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/bin/sh
-
-# This script is used by test/Makefile to check whether a sane 'pod2man'
-# is installed.
-# ('make install' should not try to run 'pod2man' if it does not exist or if
-# it is a broken 'pod2man' version that is known to cause trouble. if we find
-# the system 'pod2man' to be broken, we use our own copy instead)
-#
-# In any case, output an appropriate command line for running (or not
-# running) pod2man.
-
-
-IFS=:
-if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi
-
-try_without_dir=true
-# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
-for dir in dummy${IFS}$PATH; do
- if [ "$try_without_dir" = true ]; then
- # first iteration
- pod2man=pod2man
- try_without_dir=false
- else
- # second and later iterations
- pod2man="$dir/pod2man"
- if [ ! -f "$pod2man" ]; then # '-x' is not available on Ultrix
- pod2man=''
- fi
- fi
-
- if [ ! "$pod2man" = '' ]; then
- failure=none
-
- if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
- :
- else
- failure=BasicTest
- fi
-
- if [ "$failure" = none ]; then
- if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
- failure=MultilineTest
- fi
- fi
-
-
- if [ "$failure" = none ]; then
- echo "$pod2man"
- exit 0
- fi
-
- echo "$pod2man does not work properly ('$failure' failed). Looking for another pod2man ..." >&2
- fi
-done
-
-echo "No working pod2man found. Consider installing a new version." >&2
-echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
-echo "$1 ../../util/pod2man.pl"
diff --git a/crypto/openssl/util/pod2mantest.pod b/crypto/openssl/util/pod2mantest.pod
deleted file mode 100644
index 5d2539a..0000000
--- a/crypto/openssl/util/pod2mantest.pod
+++ /dev/null
@@ -1,15 +0,0 @@
-=pod
-
-=head1 NAME
-
-foo, bar,
-MARKER - test of multiline name section
-
-=head1 DESCRIPTION
-
-This is a test .pod file to see if we have a buggy pod2man or not.
-If we have a buggy implementation, we will get a line matching the
-regular expression "^ +MARKER - test of multiline name section *$"
-at the end of the resulting document.
-
-=cut
diff --git a/crypto/openssl/util/point.sh b/crypto/openssl/util/point.sh
deleted file mode 100755
index 4790e08..0000000
--- a/crypto/openssl/util/point.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-
-rm -f "$2"
-if test "$OSTYPE" = msdosdjgpp; then
- cp "$1" "$2"
-else
- ln -s "$1" "$2"
-fi
-echo "$2 => $1"
-
diff --git a/crypto/openssl/util/selftest.pl b/crypto/openssl/util/selftest.pl
deleted file mode 100644
index 4778c5a..0000000
--- a/crypto/openssl/util/selftest.pl
+++ /dev/null
@@ -1,201 +0,0 @@
-#!/usr/local/bin/perl -w
-#
-# Run the test suite and generate a report
-#
-
-if (! -f "Configure") {
- print "Please run perl util/selftest.pl in the OpenSSL directory.\n";
- exit 1;
-}
-
-my $report="testlog";
-my $os="??";
-my $version="??";
-my $platform0="??";
-my $platform="??";
-my $options="??";
-my $last="??";
-my $ok=0;
-my $cc="cc";
-my $cversion="??";
-my $sep="-----------------------------------------------------------------------------\n";
-my $not_our_fault="\nPlease ask your system administrator/vendor for more information.\n[Problems with your operating system setup should not be reported\nto the OpenSSL project.]\n";
-
-open(OUT,">$report") or die;
-
-print OUT "OpenSSL self-test report:\n\n";
-
-$uname=`uname -a`;
-$uname="??\n" if $uname eq "";
-
-$c=`sh config -t`;
-foreach $_ (split("\n",$c)) {
- $os=$1 if (/Operating system: (.*)$/);
- $platform0=$1 if (/Configuring for (.*)$/);
-}
-
-system "sh config" if (! -f "Makefile");
-
-if (open(IN,"<Makefile")) {
- while (<IN>) {
- $version=$1 if (/^VERSION=(.*)$/);
- $platform=$1 if (/^PLATFORM=(.*)$/);
- $options=$1 if (/^OPTIONS=(.*)$/);
- $cc=$1 if (/^CC= *(.*)$/);
- }
- close(IN);
-} else {
- print OUT "Error running config!\n";
-}
-
-$cversion=`$cc -v 2>&1`;
-$cversion=`$cc -V 2>&1` if $cversion =~ "[Uu]sage";
-$cversion=`$cc -V |head -1` if $cversion =~ "Error";
-$cversion=`$cc --version` if $cversion eq "";
-$cversion =~ s/Reading specs.*\n//;
-$cversion =~ s/usage.*\n//;
-chomp $cversion;
-
-if (open(IN,"<CHANGES")) {
- while(<IN>) {
- if (/\*\) (.{0,55})/ && !/applies to/) {
- $last=$1;
- last;
- }
- }
- close(IN);
-}
-
-print OUT "OpenSSL version: $version\n";
-print OUT "Last change: $last...\n";
-print OUT "Options: $options\n" if $options ne "";
-print OUT "OS (uname): $uname";
-print OUT "OS (config): $os\n";
-print OUT "Target (default): $platform0\n";
-print OUT "Target: $platform\n";
-print OUT "Compiler: $cversion\n";
-print OUT "\n";
-
-print "Checking compiler...\n";
-if (open(TEST,">cctest.c")) {
- print TEST "#include <stdio.h>\n#include <errno.h>\nmain(){printf(\"Hello world\\n\");}\n";
- close(TEST);
- system("$cc -o cctest cctest.c");
- if (`./cctest` !~ /Hello world/) {
- print OUT "Compiler doesn't work.\n";
- print OUT $not_our_fault;
- goto err;
- }
- system("ar r cctest.a /dev/null");
- if (not -f "cctest.a") {
- print OUT "Check your archive tool (ar).\n";
- print OUT $not_our_fault;
- goto err;
- }
-} else {
- print OUT "Can't create cctest.c\n";
-}
-if (open(TEST,">cctest.c")) {
- print TEST "#include <openssl/opensslv.h>\nmain(){printf(OPENSSL_VERSION_TEXT);}\n";
- close(TEST);
- system("$cc -o cctest -Iinclude cctest.c");
- $cctest = `./cctest`;
- if ($cctest !~ /OpenSSL $version/) {
- if ($cctest =~ /OpenSSL/) {
- print OUT "#include uses headers from different OpenSSL version!\n";
- } else {
- print OUT "Can't compile test program!\n";
- }
- print OUT $not_our_fault;
- goto err;
- }
-} else {
- print OUT "Can't create cctest.c\n";
-}
-
-print "Running make...\n";
-if (system("make 2>&1 | tee make.log") > 255) {
-
- print OUT "make failed!\n";
- if (open(IN,"<make.log")) {
- print OUT $sep;
- while (<IN>) {
- print OUT;
- }
- close(IN);
- print OUT $sep;
- } else {
- print OUT "make.log not found!\n";
- }
- goto err;
-}
-
-# Not sure why this is here. The tests themselves can detect if their
-# particular feature isn't included, and should therefore skip themselves.
-# To skip *all* tests just because one algorithm isn't included is like
-# shooting mosquito with an elephant gun...
-# -- Richard Levitte, inspired by problem report 1089
-#
-#$_=$options;
-#s/no-asm//;
-#s/no-shared//;
-#s/no-krb5//;
-#if (/no-/)
-#{
-# print OUT "Test skipped.\n";
-# goto err;
-#}
-
-print "Running make test...\n";
-if (system("make test 2>&1 | tee maketest.log") > 255)
- {
- print OUT "make test failed!\n";
-} else {
- $ok=1;
-}
-
-if ($ok and open(IN,"<maketest.log")) {
- while (<IN>) {
- $ok=2 if /^platform: $platform/;
- }
- close(IN);
-}
-
-if ($ok != 2) {
- print OUT "Failure!\n";
- if (open(IN,"<make.log")) {
- print OUT $sep;
- while (<IN>) {
- print OUT;
- }
- close(IN);
- print OUT $sep;
- } else {
- print OUT "make.log not found!\n";
- }
- if (open(IN,"<maketest.log")) {
- while (<IN>) {
- print OUT;
- }
- close(IN);
- print OUT $sep;
- } else {
- print OUT "maketest.log not found!\n";
- }
-} else {
- print OUT "Test passed.\n";
-}
-err:
-close(OUT);
-
-print "\n";
-open(IN,"<$report") or die;
-while (<IN>) {
- if (/$sep/) {
- print "[...]\n";
- last;
- }
- print;
-}
-print "\nTest report in file $report\n";
-
diff --git a/crypto/openssl/util/shlib_wrap.sh b/crypto/openssl/util/shlib_wrap.sh
deleted file mode 100755
index dc5f5b1c..0000000
--- a/crypto/openssl/util/shlib_wrap.sh
+++ /dev/null
@@ -1,70 +0,0 @@
-#!/bin/sh
-
-[ $# -ne 0 ] || set -x # debug mode without arguments:-)
-
-THERE="`echo $0 | sed -e 's|[^/]*$||' 2>/dev/null`.."
-[ -d "${THERE}" ] || exec "$@" # should never happen...
-
-# Alternative to this is to parse ${THERE}/Makefile...
-LIBCRYPTOSO="${THERE}/libcrypto.so"
-if [ -f "$LIBCRYPTOSO" ]; then
- while [ -h "$LIBCRYPTOSO" ]; do
- LIBCRYPTOSO="${THERE}/`ls -l "$LIBCRYPTOSO" | sed -e 's|.*\-> ||'`"
- done
- SOSUFFIX=`echo ${LIBCRYPTOSO} | sed -e 's|.*\.so||' 2>/dev/null`
- LIBSSLSO="${THERE}/libssl.so${SOSUFFIX}"
-fi
-
-SYSNAME=`(uname -s) 2>/dev/null`;
-case "$SYSNAME" in
-SunOS|IRIX*)
- # SunOS and IRIX run-time linkers evaluate alternative
- # variables depending on target ABI...
- rld_var=LD_LIBRARY_PATH
- case "`(/usr/bin/file "$LIBCRYPTOSO") 2>/dev/null`" in
- *ELF\ 64*SPARC*)
- [ -n "$LD_LIBRARY_PATH_64" ] && rld_var=LD_LIBRARY_PATH_64
- ;;
- *ELF\ N32*MIPS*)
- [ -n "$LD_LIBRARYN32_PATH" ] && rld_var=LD_LIBRARYN32_PATH
- _RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST
- ;;
- *ELF\ 64*MIPS*)
- [ -n "$LD_LIBRARY64_PATH" ] && rld_var=LD_LIBRARY64_PATH
- _RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST
- ;;
- esac
- eval $rld_var=\"${THERE}:'$'$rld_var\"; export $rld_var
- unset rld_var
- ;;
-*) LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH" # Linux, ELF HP-UX
- DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH" # MacOS X
- SHLIB_PATH="${THERE}:$SHLIB_PATH" # legacy HP-UX
- LIBPATH="${THERE}:$LIBPATH" # AIX, OS/2
- export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH
- # Even though $PATH is adjusted [for Windows sake], it doesn't
- # necessarily does the trick. Trouble is that with introduction
- # of SafeDllSearchMode in XP/2003 it's more appropriate to copy
- # .DLLs in vicinity of executable, which is done elsewhere...
- if [ "$OSTYPE" != msdosdjgpp ]; then
- PATH="${THERE}:$PATH"; export PATH
- fi
- ;;
-esac
-
-if [ -f "$LIBCRYPTOSO" ]; then
- # Following three lines are major excuse for isolating them into
- # this wrapper script. Original reason for setting LD_PRELOAD
- # was to make it possible to pass 'make test' when user linked
- # with -rpath pointing to previous version installation. Wrapping
- # it into a script makes it possible to do so on multi-ABI
- # platforms.
- case "$SYSNAME" in
- *BSD) LD_PRELOAD="$LIBCRYPTOSO:$LIBSSLSO" ;; # *BSD
- *) LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" ;; # SunOS, Linux, ELF HP-UX
- esac
- _RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT" # Tru64, o32 IRIX
- export LD_PRELOAD _RLD_LIST
-fi
-
-exec "$@"
diff --git a/crypto/openssl/util/sp-diff.pl b/crypto/openssl/util/sp-diff.pl
deleted file mode 100755
index 9d6c603..0000000
--- a/crypto/openssl/util/sp-diff.pl
+++ /dev/null
@@ -1,80 +0,0 @@
-#!/usr/local/bin/perl
-#
-# This file takes as input, the files that have been output from
-# ssleay speed.
-# It prints a table of the relative differences with %100 being 'no difference'
-#
-
-($#ARGV == 1) || die "$0 speedout1 speedout2\n";
-
-%one=&loadfile($ARGV[0]);
-%two=&loadfile($ARGV[1]);
-
-$line=0;
-foreach $a ("md2","md4","md5","sha","sha1","rc4","des cfb","des cbc","des ede3",
- "idea cfb","idea cbc","rc2 cfb","rc2 cbc","blowfish cbc","cast cbc")
- {
- if (defined($one{$a,8}) && defined($two{$a,8}))
- {
- print "type 8 byte% 64 byte% 256 byte% 1024 byte% 8192 byte%\n"
- unless $line;
- $line++;
- printf "%-12s ",$a;
- foreach $b (8,64,256,1024,8192)
- {
- $r=$two{$a,$b}/$one{$a,$b}*100;
- printf "%12.2f",$r;
- }
- print "\n";
- }
- }
-
-foreach $a (
- "rsa 512","rsa 1024","rsa 2048","rsa 4096",
- "dsa 512","dsa 1024","dsa 2048",
- )
- {
- if (defined($one{$a,1}) && defined($two{$a,1}))
- {
- $r1=($one{$a,1}/$two{$a,1})*100;
- $r2=($one{$a,2}/$two{$a,2})*100;
- printf "$a bits %% %6.2f %% %6.2f\n",$r1,$r2;
- }
- }
-
-sub loadfile
- {
- local($file)=@_;
- local($_,%ret);
-
- open(IN,"<$file") || die "unable to open '$file' for input\n";
- $header=1;
- while (<IN>)
- {
- $header=0 if /^[dr]sa/;
- if (/^type/) { $header=0; next; }
- next if $header;
- chop;
- @a=split;
- if ($a[0] =~ /^[dr]sa$/)
- {
- ($n,$t1,$t2)=($_ =~ /^([dr]sa\s+\d+)\s+bits\s+([.\d]+)s\s+([.\d]+)/);
- $ret{$n,1}=$t1;
- $ret{$n,2}=$t2;
- }
- else
- {
- $n=join(' ',grep(/[^k]$/,@a));
- @k=grep(s/k$//,@a);
-
- $ret{$n, 8}=$k[0];
- $ret{$n, 64}=$k[1];
- $ret{$n, 256}=$k[2];
- $ret{$n,1024}=$k[3];
- $ret{$n,8192}=$k[4];
- }
- }
- close(IN);
- return(%ret);
- }
-
diff --git a/crypto/openssl/util/speed.sh b/crypto/openssl/util/speed.sh
deleted file mode 100755
index f489706..0000000
--- a/crypto/openssl/util/speed.sh
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-#
-# This is a ugly script use, in conjuction with editing the 'b'
-# configuration in the $(TOP)/Configure script which will
-# output when finished a file called speed.log which is the
-# timings of SSLeay with various options turned on or off.
-#
-# from the $(TOP) directory
-# Edit Configure, modifying things to do with the b/bl-4c-2c etc
-# configurations.
-#
-
-make clean
-perl Configure b
-make
-apps/ssleay version -v -b -f >speed.1
-apps/ssleay speed >speed.1l
-
-perl Configure bl-4c-2c
-/bin/rm -f crypto/rc4/*.o crypto/bn/bn*.o crypto/md2/md2_dgst.o
-make
-apps/ssleay speed rc4 rsa md2 >speed.2l
-
-perl Configure bl-4c-ri
-/bin/rm -f crypto/rc4/rc4*.o
-make
-apps/ssleay speed rc4 >speed.3l
-
-perl Configure b2-is-ri-dp
-/bin/rm -f crypto/idea/i_*.o crypto/rc4/*.o crypto/des/ecb_enc.o crypto/bn/bn*.o
-apps/ssleay speed rsa rc4 idea des >speed.4l
-
-cat speed.1 >speed.log
-cat speed.1l >>speed.log
-perl util/sp-diff.pl speed.1l speed.2l >>speed.log
-perl util/sp-diff.pl speed.1l speed.3l >>speed.log
-perl util/sp-diff.pl speed.1l speed.4l >>speed.log
-
diff --git a/crypto/openssl/util/src-dep.pl b/crypto/openssl/util/src-dep.pl
deleted file mode 100755
index ad997e4..0000000
--- a/crypto/openssl/util/src-dep.pl
+++ /dev/null
@@ -1,147 +0,0 @@
-#!/usr/local/bin/perl
-
-# we make up an array of
-# $file{function_name}=filename;
-# $unres{filename}="func1 func2 ...."
-$debug=1;
-#$nm_func="parse_linux";
-$nm_func="parse_solaris";
-
-foreach (@ARGV)
- {
- &$nm_func($_);
- }
-
-foreach $file (sort keys %unres)
- {
- @a=split(/\s+/,$unres{$file});
- %ff=();
- foreach $func (@a)
- {
- $f=$file{$func};
- $ff{$f}=1 if $f ne "";
- }
-
- foreach $a (keys %ff)
- { $we_need{$file}.="$a "; }
- }
-
-foreach $file (sort keys %we_need)
- {
-# print " $file $we_need{$file}\n";
- foreach $bit (split(/\s+/,$we_need{$file}))
- { push(@final,&walk($bit)); }
-
- foreach (@final) { $fin{$_}=1; }
- @final="";
- foreach (sort keys %fin)
- { push(@final,$_); }
-
- print "$file: @final\n";
- }
-
-sub walk
- {
- local($f)=@_;
- local(@a,%seen,@ret,$r);
-
- @ret="";
- $f =~ s/^\s+//;
- $f =~ s/\s+$//;
- return "" if ($f =~ "^\s*$");
-
- return(split(/\s/,$done{$f})) if defined ($done{$f});
-
- return if $in{$f} > 0;
- $in{$f}++;
- push(@ret,$f);
- foreach $r (split(/\s+/,$we_need{$f}))
- {
- push(@ret,&walk($r));
- }
- $in{$f}--;
- $done{$f}=join(" ",@ret);
- return(@ret);
- }
-
-sub parse_linux
- {
- local($name)=@_;
-
- open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n";
- while (<IN>)
- {
- chop;
- next if /^\s*$/;
- if (/^[^[](.*):$/)
- {
- $file=$1;
- $file="$1.c" if /\[(.*).o\]/;
- print STDERR "$file\n";
- $we_need{$file}=" ";
- next;
- }
-
- @a=split(/\s*\|\s*/);
- next unless $#a == 7;
- next unless $a[4] eq "GLOB";
- if ($a[6] eq "UNDEF")
- {
- $unres{$file}.=$a[7]." ";
- }
- else
- {
- if ($file{$a[7]} ne "")
- {
- print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n";
- }
- else
- {
- $file{$a[7]}=$file;
- }
- }
- }
- close(IN);
- }
-
-sub parse_solaris
- {
- local($name)=@_;
-
- open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n";
- while (<IN>)
- {
- chop;
- next if /^\s*$/;
- if (/^(\S+):$/)
- {
- $file=$1;
- #$file="$1.c" if $file =~ /^(.*).o$/;
- print STDERR "$file\n";
- $we_need{$file}=" ";
- next;
- }
- @a=split(/\s*\|\s*/);
- next unless $#a == 7;
- next unless $a[4] eq "GLOB";
- if ($a[6] eq "UNDEF")
- {
- $unres{$file}.=$a[7]." ";
- print STDERR "$file needs $a[7]\n" if $debug;
- }
- else
- {
- if ($file{$a[7]} ne "")
- {
- print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n";
- }
- else
- {
- $file{$a[7]}=$file;
- print STDERR "$file has $a[7]\n" if $debug;
- }
- }
- }
- close(IN);
- }
-
diff --git a/crypto/openssl/util/ssleay.num b/crypto/openssl/util/ssleay.num
deleted file mode 100755
index b424aec..0000000
--- a/crypto/openssl/util/ssleay.num
+++ /dev/null
@@ -1,240 +0,0 @@
-ERR_load_SSL_strings 1 EXIST::FUNCTION:
-SSL_CIPHER_description 2 EXIST::FUNCTION:
-SSL_CTX_add_client_CA 3 EXIST::FUNCTION:
-SSL_CTX_add_session 4 EXIST::FUNCTION:
-SSL_CTX_check_private_key 5 EXIST::FUNCTION:
-SSL_CTX_ctrl 6 EXIST::FUNCTION:
-SSL_CTX_flush_sessions 7 EXIST::FUNCTION:
-SSL_CTX_free 8 EXIST::FUNCTION:
-SSL_CTX_get_client_CA_list 9 EXIST::FUNCTION:
-SSL_CTX_get_verify_callback 10 EXIST::FUNCTION:
-SSL_CTX_get_verify_mode 11 EXIST::FUNCTION:
-SSL_CTX_new 12 EXIST::FUNCTION:
-SSL_CTX_remove_session 13 EXIST::FUNCTION:
-SSL_CTX_set_cipher_list 15 EXIST::FUNCTION:
-SSL_CTX_set_client_CA_list 16 EXIST::FUNCTION:
-SSL_CTX_set_default_passwd_cb 17 EXIST::FUNCTION:
-SSL_CTX_set_ssl_version 19 EXIST::FUNCTION:
-SSL_CTX_set_verify 21 EXIST::FUNCTION:
-SSL_CTX_use_PrivateKey 22 EXIST::FUNCTION:
-SSL_CTX_use_PrivateKey_ASN1 23 EXIST::FUNCTION:
-SSL_CTX_use_PrivateKey_file 24 EXIST::FUNCTION:STDIO
-SSL_CTX_use_RSAPrivateKey 25 EXIST::FUNCTION:RSA
-SSL_CTX_use_RSAPrivateKey_ASN1 26 EXIST::FUNCTION:RSA
-SSL_CTX_use_RSAPrivateKey_file 27 EXIST::FUNCTION:RSA,STDIO
-SSL_CTX_use_certificate 28 EXIST::FUNCTION:
-SSL_CTX_use_certificate_ASN1 29 EXIST::FUNCTION:
-SSL_CTX_use_certificate_file 30 EXIST::FUNCTION:STDIO
-SSL_SESSION_free 31 EXIST::FUNCTION:
-SSL_SESSION_new 32 EXIST::FUNCTION:
-SSL_SESSION_print 33 EXIST::FUNCTION:BIO
-SSL_SESSION_print_fp 34 EXIST::FUNCTION:FP_API
-SSL_accept 35 EXIST::FUNCTION:
-SSL_add_client_CA 36 EXIST::FUNCTION:
-SSL_alert_desc_string 37 EXIST::FUNCTION:
-SSL_alert_desc_string_long 38 EXIST::FUNCTION:
-SSL_alert_type_string 39 EXIST::FUNCTION:
-SSL_alert_type_string_long 40 EXIST::FUNCTION:
-SSL_check_private_key 41 EXIST::FUNCTION:
-SSL_clear 42 EXIST::FUNCTION:
-SSL_connect 43 EXIST::FUNCTION:
-SSL_copy_session_id 44 EXIST::FUNCTION:
-SSL_ctrl 45 EXIST::FUNCTION:
-SSL_dup 46 EXIST::FUNCTION:
-SSL_dup_CA_list 47 EXIST::FUNCTION:
-SSL_free 48 EXIST::FUNCTION:
-SSL_get_certificate 49 EXIST::FUNCTION:
-SSL_get_cipher_list 52 EXIST::FUNCTION:
-SSL_get_ciphers 55 EXIST::FUNCTION:
-SSL_get_client_CA_list 56 EXIST::FUNCTION:
-SSL_get_default_timeout 57 EXIST::FUNCTION:
-SSL_get_error 58 EXIST::FUNCTION:
-SSL_get_fd 59 EXIST::FUNCTION:
-SSL_get_peer_cert_chain 60 EXIST::FUNCTION:
-SSL_get_peer_certificate 61 EXIST::FUNCTION:
-SSL_get_rbio 63 EXIST::FUNCTION:BIO
-SSL_get_read_ahead 64 EXIST::FUNCTION:
-SSL_get_shared_ciphers 65 EXIST::FUNCTION:
-SSL_get_ssl_method 66 EXIST::FUNCTION:
-SSL_get_verify_callback 69 EXIST::FUNCTION:
-SSL_get_verify_mode 70 EXIST::FUNCTION:
-SSL_get_version 71 EXIST::FUNCTION:
-SSL_get_wbio 72 EXIST::FUNCTION:BIO
-SSL_load_client_CA_file 73 EXIST::FUNCTION:STDIO
-SSL_load_error_strings 74 EXIST::FUNCTION:
-SSL_new 75 EXIST::FUNCTION:
-SSL_peek 76 EXIST::FUNCTION:
-SSL_pending 77 EXIST::FUNCTION:
-SSL_read 78 EXIST::FUNCTION:
-SSL_renegotiate 79 EXIST::FUNCTION:
-SSL_rstate_string 80 EXIST::FUNCTION:
-SSL_rstate_string_long 81 EXIST::FUNCTION:
-SSL_set_accept_state 82 EXIST::FUNCTION:
-SSL_set_bio 83 EXIST::FUNCTION:BIO
-SSL_set_cipher_list 84 EXIST::FUNCTION:
-SSL_set_client_CA_list 85 EXIST::FUNCTION:
-SSL_set_connect_state 86 EXIST::FUNCTION:
-SSL_set_fd 87 EXIST::FUNCTION:SOCK
-SSL_set_read_ahead 88 EXIST::FUNCTION:
-SSL_set_rfd 89 EXIST::FUNCTION:SOCK
-SSL_set_session 90 EXIST::FUNCTION:
-SSL_set_ssl_method 91 EXIST::FUNCTION:
-SSL_set_verify 94 EXIST::FUNCTION:
-SSL_set_wfd 95 EXIST::FUNCTION:SOCK
-SSL_shutdown 96 EXIST::FUNCTION:
-SSL_state_string 97 EXIST::FUNCTION:
-SSL_state_string_long 98 EXIST::FUNCTION:
-SSL_use_PrivateKey 99 EXIST::FUNCTION:
-SSL_use_PrivateKey_ASN1 100 EXIST::FUNCTION:
-SSL_use_PrivateKey_file 101 EXIST::FUNCTION:STDIO
-SSL_use_RSAPrivateKey 102 EXIST::FUNCTION:RSA
-SSL_use_RSAPrivateKey_ASN1 103 EXIST::FUNCTION:RSA
-SSL_use_RSAPrivateKey_file 104 EXIST::FUNCTION:RSA,STDIO
-SSL_use_certificate 105 EXIST::FUNCTION:
-SSL_use_certificate_ASN1 106 EXIST::FUNCTION:
-SSL_use_certificate_file 107 EXIST::FUNCTION:STDIO
-SSL_write 108 EXIST::FUNCTION:
-SSLeay_add_ssl_algorithms 109 NOEXIST::FUNCTION:
-SSLv23_client_method 110 EXIST::FUNCTION:RSA
-SSLv23_method 111 EXIST::FUNCTION:RSA
-SSLv23_server_method 112 EXIST::FUNCTION:RSA
-SSLv2_client_method 113 EXIST::FUNCTION:RSA
-SSLv2_method 114 EXIST::FUNCTION:RSA
-SSLv2_server_method 115 EXIST::FUNCTION:RSA
-SSLv3_client_method 116 EXIST::FUNCTION:
-SSLv3_method 117 EXIST::FUNCTION:
-SSLv3_server_method 118 EXIST::FUNCTION:
-d2i_SSL_SESSION 119 EXIST::FUNCTION:
-i2d_SSL_SESSION 120 EXIST::FUNCTION:
-BIO_f_ssl 121 EXIST::FUNCTION:BIO
-BIO_new_ssl 122 EXIST::FUNCTION:BIO
-BIO_proxy_ssl_copy_session_id 123 NOEXIST::FUNCTION:
-BIO_ssl_copy_session_id 124 EXIST::FUNCTION:BIO
-SSL_do_handshake 125 EXIST::FUNCTION:
-SSL_get_privatekey 126 EXIST::FUNCTION:
-SSL_get_current_cipher 127 EXIST::FUNCTION:
-SSL_CIPHER_get_bits 128 EXIST::FUNCTION:
-SSL_CIPHER_get_version 129 EXIST::FUNCTION:
-SSL_CIPHER_get_name 130 EXIST::FUNCTION:
-BIO_ssl_shutdown 131 EXIST::FUNCTION:BIO
-SSL_SESSION_cmp 132 EXIST::FUNCTION:
-SSL_SESSION_hash 133 EXIST::FUNCTION:
-SSL_SESSION_get_time 134 EXIST::FUNCTION:
-SSL_SESSION_set_time 135 EXIST::FUNCTION:
-SSL_SESSION_get_timeout 136 EXIST::FUNCTION:
-SSL_SESSION_set_timeout 137 EXIST::FUNCTION:
-SSL_CTX_get_ex_data 138 EXIST::FUNCTION:
-SSL_CTX_get_quiet_shutdown 140 EXIST::FUNCTION:
-SSL_CTX_load_verify_locations 141 EXIST::FUNCTION:
-SSL_CTX_set_default_verify_paths 142 EXIST:!VMS:FUNCTION:
-SSL_CTX_set_def_verify_paths 142 EXIST:VMS:FUNCTION:
-SSL_CTX_set_ex_data 143 EXIST::FUNCTION:
-SSL_CTX_set_quiet_shutdown 145 EXIST::FUNCTION:
-SSL_SESSION_get_ex_data 146 EXIST::FUNCTION:
-SSL_SESSION_set_ex_data 148 EXIST::FUNCTION:
-SSL_get_SSL_CTX 150 EXIST::FUNCTION:
-SSL_get_ex_data 151 EXIST::FUNCTION:
-SSL_get_quiet_shutdown 153 EXIST::FUNCTION:
-SSL_get_session 154 EXIST::FUNCTION:
-SSL_get_shutdown 155 EXIST::FUNCTION:
-SSL_get_verify_result 157 EXIST::FUNCTION:
-SSL_set_ex_data 158 EXIST::FUNCTION:
-SSL_set_info_callback 160 EXIST::FUNCTION:
-SSL_set_quiet_shutdown 161 EXIST::FUNCTION:
-SSL_set_shutdown 162 EXIST::FUNCTION:
-SSL_set_verify_result 163 EXIST::FUNCTION:
-SSL_version 164 EXIST::FUNCTION:
-SSL_get_info_callback 165 EXIST::FUNCTION:
-SSL_state 166 EXIST::FUNCTION:
-SSL_CTX_get_ex_new_index 167 EXIST::FUNCTION:
-SSL_SESSION_get_ex_new_index 168 EXIST::FUNCTION:
-SSL_get_ex_new_index 169 EXIST::FUNCTION:
-TLSv1_method 170 EXIST::FUNCTION:
-TLSv1_server_method 171 EXIST::FUNCTION:
-TLSv1_client_method 172 EXIST::FUNCTION:
-BIO_new_buffer_ssl_connect 173 EXIST::FUNCTION:BIO
-BIO_new_ssl_connect 174 EXIST::FUNCTION:BIO
-SSL_get_ex_data_X509_STORE_CTX_idx 175 EXIST:!VMS:FUNCTION:
-SSL_get_ex_d_X509_STORE_CTX_idx 175 EXIST:VMS:FUNCTION:
-SSL_CTX_set_tmp_dh_callback 176 EXIST::FUNCTION:DH
-SSL_CTX_set_tmp_rsa_callback 177 EXIST::FUNCTION:RSA
-SSL_CTX_set_timeout 178 EXIST::FUNCTION:
-SSL_CTX_get_timeout 179 EXIST::FUNCTION:
-SSL_CTX_get_cert_store 180 EXIST::FUNCTION:
-SSL_CTX_set_cert_store 181 EXIST::FUNCTION:
-SSL_want 182 EXIST::FUNCTION:
-SSL_library_init 183 EXIST::FUNCTION:
-SSL_COMP_add_compression_method 184 EXIST::FUNCTION:COMP
-SSL_add_file_cert_subjects_to_stack 185 EXIST:!VMS:FUNCTION:STDIO
-SSL_add_file_cert_subjs_to_stk 185 EXIST:VMS:FUNCTION:STDIO
-SSL_set_tmp_rsa_callback 186 EXIST::FUNCTION:RSA
-SSL_set_tmp_dh_callback 187 EXIST::FUNCTION:DH
-SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS:FUNCTION:STDIO
-SSL_add_dir_cert_subjs_to_stk 188 EXIST:VMS:FUNCTION:STDIO
-SSL_set_session_id_context 189 EXIST::FUNCTION:
-SSL_CTX_use_certificate_chain_file 222 EXIST:!VMS:FUNCTION:STDIO
-SSL_CTX_use_cert_chain_file 222 EXIST:VMS:FUNCTION:STDIO
-SSL_CTX_set_verify_depth 225 EXIST::FUNCTION:
-SSL_set_verify_depth 226 EXIST::FUNCTION:
-SSL_CTX_get_verify_depth 228 EXIST::FUNCTION:
-SSL_get_verify_depth 229 EXIST::FUNCTION:
-SSL_CTX_set_session_id_context 231 EXIST::FUNCTION:
-SSL_CTX_set_cert_verify_callback 232 EXIST:!VMS:FUNCTION:
-SSL_CTX_set_cert_verify_cb 232 EXIST:VMS:FUNCTION:
-SSL_CTX_set_default_passwd_cb_userdata 235 EXIST:!VMS:FUNCTION:
-SSL_CTX_set_def_passwd_cb_ud 235 EXIST:VMS:FUNCTION:
-SSL_set_purpose 236 EXIST::FUNCTION:
-SSL_CTX_set_trust 237 EXIST::FUNCTION:
-SSL_CTX_set_purpose 238 EXIST::FUNCTION:
-SSL_set_trust 239 EXIST::FUNCTION:
-SSL_get_finished 240 EXIST::FUNCTION:
-SSL_get_peer_finished 241 EXIST::FUNCTION:
-SSL_get1_session 242 EXIST::FUNCTION:
-SSL_CTX_callback_ctrl 243 EXIST::FUNCTION:
-SSL_callback_ctrl 244 EXIST::FUNCTION:
-SSL_CTX_sessions 245 EXIST::FUNCTION:
-SSL_get_rfd 246 EXIST::FUNCTION:
-SSL_get_wfd 247 EXIST::FUNCTION:
-kssl_cget_tkt 248 EXIST::FUNCTION:KRB5
-SSL_has_matching_session_id 249 EXIST::FUNCTION:
-kssl_err_set 250 EXIST::FUNCTION:KRB5
-kssl_ctx_show 251 EXIST::FUNCTION:KRB5
-kssl_validate_times 252 EXIST::FUNCTION:KRB5
-kssl_check_authent 253 EXIST::FUNCTION:KRB5
-kssl_ctx_new 254 EXIST::FUNCTION:KRB5
-kssl_build_principal_2 255 EXIST::FUNCTION:KRB5
-kssl_skip_confound 256 EXIST::FUNCTION:KRB5
-kssl_sget_tkt 257 EXIST::FUNCTION:KRB5
-SSL_set_generate_session_id 258 EXIST::FUNCTION:
-kssl_ctx_setkey 259 EXIST::FUNCTION:KRB5
-kssl_ctx_setprinc 260 EXIST::FUNCTION:KRB5
-kssl_ctx_free 261 EXIST::FUNCTION:KRB5
-kssl_krb5_free_data_contents 262 EXIST::FUNCTION:KRB5
-kssl_ctx_setstring 263 EXIST::FUNCTION:KRB5
-SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION:
-SSL_renegotiate_pending 265 EXIST::FUNCTION:
-SSL_CTX_set_msg_callback 266 EXIST::FUNCTION:
-SSL_set_msg_callback 267 EXIST::FUNCTION:
-DTLSv1_client_method 268 EXIST::FUNCTION:
-SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:ECDH
-SSL_set_tmp_ecdh_callback 270 EXIST::FUNCTION:ECDH
-SSL_COMP_get_name 271 EXIST::FUNCTION:COMP
-SSL_get_current_compression 272 EXIST::FUNCTION:COMP
-DTLSv1_method 273 EXIST::FUNCTION:
-SSL_get_current_expansion 274 EXIST::FUNCTION:COMP
-DTLSv1_server_method 275 EXIST::FUNCTION:
-SSL_COMP_get_compression_methods 276 EXIST:!VMS:FUNCTION:COMP
-SSL_COMP_get_compress_methods 276 EXIST:VMS:FUNCTION:COMP
-SSL_SESSION_get_id 277 EXIST::FUNCTION:
-SSL_CTX_sess_set_new_cb 278 EXIST::FUNCTION:
-SSL_CTX_sess_get_get_cb 279 EXIST::FUNCTION:
-SSL_CTX_sess_set_get_cb 280 EXIST::FUNCTION:
-SSL_CTX_set_cookie_verify_cb 281 EXIST::FUNCTION:
-SSL_CTX_get_info_callback 282 EXIST::FUNCTION:
-SSL_CTX_set_cookie_generate_cb 283 EXIST::FUNCTION:
-SSL_CTX_set_client_cert_cb 284 EXIST::FUNCTION:
-SSL_CTX_sess_set_remove_cb 285 EXIST::FUNCTION:
-SSL_CTX_set_info_callback 286 EXIST::FUNCTION:
-SSL_CTX_sess_get_new_cb 287 EXIST::FUNCTION:
-SSL_CTX_get_client_cert_cb 288 EXIST::FUNCTION:
-SSL_CTX_sess_get_remove_cb 289 EXIST::FUNCTION:
diff --git a/crypto/openssl/util/tab_num.pl b/crypto/openssl/util/tab_num.pl
deleted file mode 100755
index a81ed0e..0000000
--- a/crypto/openssl/util/tab_num.pl
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/usr/local/bin/perl
-
-$num=1;
-$width=40;
-
-while (<>)
- {
- chop;
-
- $i=length($_);
-
- $n=$width-$i;
- $i=int(($n+7)/8);
- print $_.("\t" x $i).$num."\n";
- $num++;
- }
-
diff --git a/crypto/openssl/util/x86asm.sh b/crypto/openssl/util/x86asm.sh
deleted file mode 100755
index d2090a9..0000000
--- a/crypto/openssl/util/x86asm.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/sh
-
-echo Generating x86 assember
-echo Bignum
-(cd crypto/bn/asm; perl x86.pl cpp > bn86unix.cpp)
-(cd crypto/bn/asm; perl x86.pl win32 > bn-win32.asm)
-
-echo DES
-(cd crypto/des/asm; perl des-586.pl cpp > dx86unix.cpp)
-(cd crypto/des/asm; perl des-586.pl win32 > d-win32.asm)
-
-echo "crypt(3)"
-(cd crypto/des/asm; perl crypt586.pl cpp > yx86unix.cpp)
-(cd crypto/des/asm; perl crypt586.pl win32 > y-win32.asm)
-
-echo Blowfish
-(cd crypto/bf/asm; perl bf-586.pl cpp > bx86unix.cpp)
-(cd crypto/bf/asm; perl bf-586.pl win32 > b-win32.asm)
-
-echo CAST5
-(cd crypto/cast/asm; perl cast-586.pl cpp > cx86unix.cpp)
-(cd crypto/cast/asm; perl cast-586.pl win32 > c-win32.asm)
-
-echo RC4
-(cd crypto/rc4/asm; perl rc4-586.pl cpp > rx86unix.cpp)
-(cd crypto/rc4/asm; perl rc4-586.pl win32 > r4-win32.asm)
-
-echo MD5
-(cd crypto/md5/asm; perl md5-586.pl cpp > mx86unix.cpp)
-(cd crypto/md5/asm; perl md5-586.pl win32 > m5-win32.asm)
-
-echo SHA1
-(cd crypto/sha/asm; perl sha1-586.pl cpp > sx86unix.cpp)
-(cd crypto/sha/asm; perl sha1-586.pl win32 > s1-win32.asm)
-
-echo RIPEMD160
-(cd crypto/ripemd/asm; perl rmd-586.pl cpp > rm86unix.cpp)
-(cd crypto/ripemd/asm; perl rmd-586.pl win32 > rm-win32.asm)
-
-echo RC5/32
-(cd crypto/rc5/asm; perl rc5-586.pl cpp > r586unix.cpp)
-(cd crypto/rc5/asm; perl rc5-586.pl win32 > r5-win32.asm)
diff --git a/crypto/openssl/crypto/opensslconf.h b/crypto/opensslconf.h
index 4620e0e..4620e0e 100644
--- a/crypto/openssl/crypto/opensslconf.h
+++ b/crypto/opensslconf.h
diff --git a/crypto/openssl/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
index cee83ac..cee83ac 100644
--- a/crypto/openssl/crypto/opensslconf.h.in
+++ b/crypto/opensslconf.h.in
diff --git a/crypto/openssl/crypto/opensslv.h b/crypto/opensslv.h
index 8a5b34e..8a5b34e 100644
--- a/crypto/openssl/crypto/opensslv.h
+++ b/crypto/opensslv.h
diff --git a/crypto/openssl/crypto/ossl_typ.h b/crypto/ossl_typ.h
index 9c335a1..9c335a1 100644
--- a/crypto/openssl/crypto/ossl_typ.h
+++ b/crypto/ossl_typ.h
diff --git a/crypto/openssl/crypto/pem/Makefile b/crypto/pem/Makefile
index 742194f..742194f 100644
--- a/crypto/openssl/crypto/pem/Makefile
+++ b/crypto/pem/Makefile
diff --git a/crypto/openssl/crypto/pem/message b/crypto/pem/message
index e8bf9d7..e8bf9d7 100644
--- a/crypto/openssl/crypto/pem/message
+++ b/crypto/pem/message
diff --git a/crypto/openssl/crypto/pem/pem.h b/crypto/pem/pem.h
index c28706d..c28706d 100644
--- a/crypto/openssl/crypto/pem/pem.h
+++ b/crypto/pem/pem.h
diff --git a/crypto/openssl/crypto/pem/pem2.h b/crypto/pem/pem2.h
index f31790d..f31790d 100644
--- a/crypto/openssl/crypto/pem/pem2.h
+++ b/crypto/pem/pem2.h
diff --git a/crypto/openssl/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
index 66cbc7e..66cbc7e 100644
--- a/crypto/openssl/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
diff --git a/crypto/openssl/crypto/pem/pem_err.c b/crypto/pem/pem_err.c
index 3133563..3133563 100644
--- a/crypto/openssl/crypto/pem/pem_err.c
+++ b/crypto/pem/pem_err.c
diff --git a/crypto/openssl/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index 1644dfc..1644dfc 100644
--- a/crypto/openssl/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
diff --git a/crypto/openssl/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 9bae4c8..9bae4c8 100644
--- a/crypto/openssl/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
diff --git a/crypto/openssl/crypto/pem/pem_oth.c b/crypto/pem/pem_oth.c
index b33868d..b33868d 100644
--- a/crypto/openssl/crypto/pem/pem_oth.c
+++ b/crypto/pem/pem_oth.c
diff --git a/crypto/openssl/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
index 6deab8c..6deab8c 100644
--- a/crypto/openssl/crypto/pem/pem_pk8.c
+++ b/crypto/pem/pem_pk8.c
diff --git a/crypto/openssl/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c
index 4da4c31..4da4c31 100644
--- a/crypto/openssl/crypto/pem/pem_pkey.c
+++ b/crypto/pem/pem_pkey.c
diff --git a/crypto/openssl/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c
index 4e554e5..4e554e5 100644
--- a/crypto/openssl/crypto/pem/pem_seal.c
+++ b/crypto/pem/pem_seal.c
diff --git a/crypto/openssl/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c
index c3b9808..c3b9808 100644
--- a/crypto/openssl/crypto/pem/pem_sign.c
+++ b/crypto/pem/pem_sign.c
diff --git a/crypto/openssl/crypto/pem/pem_x509.c b/crypto/pem/pem_x509.c
index 19f88d8..19f88d8 100644
--- a/crypto/openssl/crypto/pem/pem_x509.c
+++ b/crypto/pem/pem_x509.c
diff --git a/crypto/openssl/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.c
index 63ce660..63ce660 100644
--- a/crypto/openssl/crypto/pem/pem_xaux.c
+++ b/crypto/pem/pem_xaux.c
diff --git a/crypto/openssl/crypto/pem/pkcs7.lis b/crypto/pem/pkcs7.lis
index be90c5d..be90c5d 100644
--- a/crypto/openssl/crypto/pem/pkcs7.lis
+++ b/crypto/pem/pkcs7.lis
diff --git a/crypto/openssl/crypto/perlasm/alpha.pl b/crypto/perlasm/alpha.pl
index 3dac571..3dac571 100644
--- a/crypto/openssl/crypto/perlasm/alpha.pl
+++ b/crypto/perlasm/alpha.pl
diff --git a/crypto/openssl/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl
index e43dc9a..e43dc9a 100644
--- a/crypto/openssl/crypto/perlasm/cbc.pl
+++ b/crypto/perlasm/cbc.pl
diff --git a/crypto/openssl/crypto/perlasm/readme b/crypto/perlasm/readme
index f02bbee..f02bbee 100644
--- a/crypto/openssl/crypto/perlasm/readme
+++ b/crypto/perlasm/readme
diff --git a/crypto/openssl/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index ef1a4ce..ef1a4ce 100755
--- a/crypto/openssl/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
diff --git a/crypto/openssl/crypto/perlasm/x86asm.pl b/crypto/perlasm/x86asm.pl
index 5979122..5979122 100644
--- a/crypto/openssl/crypto/perlasm/x86asm.pl
+++ b/crypto/perlasm/x86asm.pl
diff --git a/crypto/openssl/crypto/perlasm/x86ms.pl b/crypto/perlasm/x86ms.pl
index 82538a9..82538a9 100644
--- a/crypto/openssl/crypto/perlasm/x86ms.pl
+++ b/crypto/perlasm/x86ms.pl
diff --git a/crypto/openssl/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl
index b6dfcbd..b6dfcbd 100644
--- a/crypto/openssl/crypto/perlasm/x86nasm.pl
+++ b/crypto/perlasm/x86nasm.pl
diff --git a/crypto/openssl/crypto/perlasm/x86unix.pl b/crypto/perlasm/x86unix.pl
index e71050b..e71050b 100644
--- a/crypto/openssl/crypto/perlasm/x86unix.pl
+++ b/crypto/perlasm/x86unix.pl
diff --git a/crypto/openssl/crypto/pkcs12/Makefile b/crypto/pkcs12/Makefile
index 3a7498f..3a7498f 100644
--- a/crypto/openssl/crypto/pkcs12/Makefile
+++ b/crypto/pkcs12/Makefile
diff --git a/crypto/openssl/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
index 41bdc00..41bdc00 100644
--- a/crypto/openssl/crypto/pkcs12/p12_add.c
+++ b/crypto/pkcs12/p12_add.c
diff --git a/crypto/openssl/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c
index a3739fe..a3739fe 100644
--- a/crypto/openssl/crypto/pkcs12/p12_asn.c
+++ b/crypto/pkcs12/p12_asn.c
diff --git a/crypto/openssl/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c
index 026cf38..026cf38 100644
--- a/crypto/openssl/crypto/pkcs12/p12_attr.c
+++ b/crypto/pkcs12/p12_attr.c
diff --git a/crypto/openssl/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
index 3ad33c4..3ad33c4 100644
--- a/crypto/openssl/crypto/pkcs12/p12_crpt.c
+++ b/crypto/pkcs12/p12_crpt.c
diff --git a/crypto/openssl/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
index dbafda1..dbafda1 100644
--- a/crypto/openssl/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
diff --git a/crypto/openssl/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
index 74c961a..74c961a 100644
--- a/crypto/openssl/crypto/pkcs12/p12_decr.c
+++ b/crypto/pkcs12/p12_decr.c
diff --git a/crypto/openssl/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c
index 6bdc132..6bdc132 100644
--- a/crypto/openssl/crypto/pkcs12/p12_init.c
+++ b/crypto/pkcs12/p12_init.c
diff --git a/crypto/openssl/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
index 18e72d0..18e72d0 100644
--- a/crypto/openssl/crypto/pkcs12/p12_key.c
+++ b/crypto/pkcs12/p12_key.c
diff --git a/crypto/openssl/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
index c2ee2cc..c2ee2cc 100644
--- a/crypto/openssl/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
diff --git a/crypto/openssl/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
index c408cc8..c408cc8 100644
--- a/crypto/openssl/crypto/pkcs12/p12_mutl.c
+++ b/crypto/pkcs12/p12_mutl.c
diff --git a/crypto/openssl/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
index 48eacc5..48eacc5 100644
--- a/crypto/openssl/crypto/pkcs12/p12_npas.c
+++ b/crypto/pkcs12/p12_npas.c
diff --git a/crypto/openssl/crypto/pkcs12/p12_p8d.c b/crypto/pkcs12/p12_p8d.c
index 3c6f377..3c6f377 100644
--- a/crypto/openssl/crypto/pkcs12/p12_p8d.c
+++ b/crypto/pkcs12/p12_p8d.c
diff --git a/crypto/openssl/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c
index 3d47956..3d47956 100644
--- a/crypto/openssl/crypto/pkcs12/p12_p8e.c
+++ b/crypto/pkcs12/p12_p8e.c
diff --git a/crypto/openssl/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
index 243ec76..243ec76 100644
--- a/crypto/openssl/crypto/pkcs12/p12_utl.c
+++ b/crypto/pkcs12/p12_utl.c
diff --git a/crypto/openssl/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c
index 07a1fb6..07a1fb6 100644
--- a/crypto/openssl/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
diff --git a/crypto/openssl/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h
index a2d7e35..a2d7e35 100644
--- a/crypto/openssl/crypto/pkcs12/pkcs12.h
+++ b/crypto/pkcs12/pkcs12.h
diff --git a/crypto/openssl/crypto/pkcs7/Makefile b/crypto/pkcs7/Makefile
index 3f7e88b..3f7e88b 100644
--- a/crypto/openssl/crypto/pkcs7/Makefile
+++ b/crypto/pkcs7/Makefile
diff --git a/crypto/openssl/crypto/pkcs7/bio_ber.c b/crypto/pkcs7/bio_ber.c
index 31973fc..31973fc 100644
--- a/crypto/openssl/crypto/pkcs7/bio_ber.c
+++ b/crypto/pkcs7/bio_ber.c
diff --git a/crypto/openssl/crypto/pkcs7/dec.c b/crypto/pkcs7/dec.c
index 6752ec5..6752ec5 100644
--- a/crypto/openssl/crypto/pkcs7/dec.c
+++ b/crypto/pkcs7/dec.c
diff --git a/crypto/openssl/crypto/pkcs7/des.pem b/crypto/pkcs7/des.pem
index 62d1657..62d1657 100644
--- a/crypto/openssl/crypto/pkcs7/des.pem
+++ b/crypto/pkcs7/des.pem
diff --git a/crypto/openssl/crypto/pkcs7/doc b/crypto/pkcs7/doc
index d2e8b7b..d2e8b7b 100644
--- a/crypto/openssl/crypto/pkcs7/doc
+++ b/crypto/pkcs7/doc
diff --git a/crypto/openssl/crypto/pkcs7/enc.c b/crypto/pkcs7/enc.c
index 7417f8a..7417f8a 100644
--- a/crypto/openssl/crypto/pkcs7/enc.c
+++ b/crypto/pkcs7/enc.c
diff --git a/crypto/openssl/crypto/pkcs7/es1.pem b/crypto/pkcs7/es1.pem
index 47112a2..47112a2 100644
--- a/crypto/openssl/crypto/pkcs7/es1.pem
+++ b/crypto/pkcs7/es1.pem
diff --git a/crypto/openssl/crypto/pkcs7/example.c b/crypto/pkcs7/example.c
index 2953d04..2953d04 100644
--- a/crypto/openssl/crypto/pkcs7/example.c
+++ b/crypto/pkcs7/example.c
diff --git a/crypto/openssl/crypto/pkcs7/example.h b/crypto/pkcs7/example.h
index 96167de..96167de 100644
--- a/crypto/openssl/crypto/pkcs7/example.h
+++ b/crypto/pkcs7/example.h
diff --git a/crypto/openssl/crypto/pkcs7/info.pem b/crypto/pkcs7/info.pem
index 989baf8..989baf8 100644
--- a/crypto/openssl/crypto/pkcs7/info.pem
+++ b/crypto/pkcs7/info.pem
diff --git a/crypto/openssl/crypto/pkcs7/infokey.pem b/crypto/pkcs7/infokey.pem
index 1e2acc9..1e2acc9 100644
--- a/crypto/openssl/crypto/pkcs7/infokey.pem
+++ b/crypto/pkcs7/infokey.pem
diff --git a/crypto/openssl/crypto/pkcs7/p7/a1 b/crypto/pkcs7/p7/a1
index 56ca943..56ca943 100644
--- a/crypto/openssl/crypto/pkcs7/p7/a1
+++ b/crypto/pkcs7/p7/a1
diff --git a/crypto/openssl/crypto/pkcs7/p7/a2 b/crypto/pkcs7/p7/a2
index 23d8fb5..23d8fb5 100644
--- a/crypto/openssl/crypto/pkcs7/p7/a2
+++ b/crypto/pkcs7/p7/a2
diff --git a/crypto/openssl/crypto/pkcs7/p7/cert.p7c b/crypto/pkcs7/p7/cert.p7c
index 2b75ec0..2b75ec0 100644
--- a/crypto/openssl/crypto/pkcs7/p7/cert.p7c
+++ b/crypto/pkcs7/p7/cert.p7c
Binary files differ
diff --git a/crypto/openssl/crypto/pkcs7/p7/smime.p7m b/crypto/pkcs7/p7/smime.p7m
index 2b6e6f8..2b6e6f8 100644
--- a/crypto/openssl/crypto/pkcs7/p7/smime.p7m
+++ b/crypto/pkcs7/p7/smime.p7m
Binary files differ
diff --git a/crypto/openssl/crypto/pkcs7/p7/smime.p7s b/crypto/pkcs7/p7/smime.p7s
index 2b5d4fb..2b5d4fb 100644
--- a/crypto/openssl/crypto/pkcs7/p7/smime.p7s
+++ b/crypto/pkcs7/p7/smime.p7s
Binary files differ
diff --git a/crypto/openssl/crypto/pkcs7/pk7_asn1.c b/crypto/pkcs7/pk7_asn1.c
index 77931fe..77931fe 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_asn1.c
+++ b/crypto/pkcs7/pk7_asn1.c
diff --git a/crypto/openssl/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c
index 735c880..735c880 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_attr.c
+++ b/crypto/pkcs7/pk7_attr.c
diff --git a/crypto/openssl/crypto/pkcs7/pk7_dgst.c b/crypto/pkcs7/pk7_dgst.c
index 90edfa5..90edfa5 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_dgst.c
+++ b/crypto/pkcs7/pk7_dgst.c
diff --git a/crypto/openssl/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index a03d7eb..a03d7eb 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
diff --git a/crypto/openssl/crypto/pkcs7/pk7_enc.c b/crypto/pkcs7/pk7_enc.c
index acbb189..acbb189 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_enc.c
+++ b/crypto/pkcs7/pk7_enc.c
diff --git a/crypto/openssl/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index f249094..f249094 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
diff --git a/crypto/openssl/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
index 134746c..134746c 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_mime.c
+++ b/crypto/pkcs7/pk7_mime.c
diff --git a/crypto/openssl/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
index fab8513..fab8513 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_smime.c
+++ b/crypto/pkcs7/pk7_smime.c
diff --git a/crypto/openssl/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h
index cc092d2..cc092d2 100644
--- a/crypto/openssl/crypto/pkcs7/pkcs7.h
+++ b/crypto/pkcs7/pkcs7.h
diff --git a/crypto/openssl/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c
index c0e3d4c..c0e3d4c 100644
--- a/crypto/openssl/crypto/pkcs7/pkcs7err.c
+++ b/crypto/pkcs7/pkcs7err.c
diff --git a/crypto/openssl/crypto/pkcs7/server.pem b/crypto/pkcs7/server.pem
index 750aac2..750aac2 100644
--- a/crypto/openssl/crypto/pkcs7/server.pem
+++ b/crypto/pkcs7/server.pem
diff --git a/crypto/openssl/crypto/pkcs7/sign.c b/crypto/pkcs7/sign.c
index 8b59885..8b59885 100644
--- a/crypto/openssl/crypto/pkcs7/sign.c
+++ b/crypto/pkcs7/sign.c
diff --git a/crypto/openssl/crypto/pkcs7/t/3des.pem b/crypto/pkcs7/t/3des.pem
index b2b5081..b2b5081 100644
--- a/crypto/openssl/crypto/pkcs7/t/3des.pem
+++ b/crypto/pkcs7/t/3des.pem
diff --git a/crypto/openssl/crypto/pkcs7/t/3dess.pem b/crypto/pkcs7/t/3dess.pem
index 23f0135..23f0135 100644
--- a/crypto/openssl/crypto/pkcs7/t/3dess.pem
+++ b/crypto/pkcs7/t/3dess.pem
diff --git a/crypto/openssl/crypto/pkcs7/t/c.pem b/crypto/pkcs7/t/c.pem
index a4b55e3..a4b55e3 100644
--- a/crypto/openssl/crypto/pkcs7/t/c.pem
+++ b/crypto/pkcs7/t/c.pem
diff --git a/crypto/openssl/crypto/pkcs7/t/ff b/crypto/pkcs7/t/ff
index 23f0135..23f0135 100644
--- a/crypto/openssl/crypto/pkcs7/t/ff
+++ b/crypto/pkcs7/t/ff
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-e b/crypto/pkcs7/t/msie-e
index aafae69..aafae69 100644
--- a/crypto/openssl/crypto/pkcs7/t/msie-e
+++ b/crypto/pkcs7/t/msie-e
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-e.pem b/crypto/pkcs7/t/msie-e.pem
index a2a5e24..a2a5e24 100644
--- a/crypto/openssl/crypto/pkcs7/t/msie-e.pem
+++ b/crypto/pkcs7/t/msie-e.pem
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-enc-01 b/crypto/pkcs7/t/msie-enc-01
index 2c93ab6..2c93ab6 100644
--- a/crypto/openssl/crypto/pkcs7/t/msie-enc-01
+++ b/crypto/pkcs7/t/msie-enc-01
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem b/crypto/pkcs7/t/msie-enc-01.pem
index 9abf00b..9abf00b 100644
--- a/crypto/openssl/crypto/pkcs7/t/msie-enc-01.pem
+++ b/crypto/pkcs7/t/msie-enc-01.pem
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-enc-02 b/crypto/pkcs7/t/msie-enc-02
index 7017055..7017055 100644
--- a/crypto/openssl/crypto/pkcs7/t/msie-enc-02
+++ b/crypto/pkcs7/t/msie-enc-02
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem b/crypto/pkcs7/t/msie-enc-02.pem
index 279c5d8..279c5d8 100644
--- a/crypto/openssl/crypto/pkcs7/t/msie-enc-02.pem
+++ b/crypto/pkcs7/t/msie-enc-02.pem
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-s-a-e b/crypto/pkcs7/t/msie-s-a-e
index 0067794..0067794 100644
--- a/crypto/openssl/crypto/pkcs7/t/msie-s-a-e
+++ b/crypto/pkcs7/t/msie-s-a-e
diff --git a/crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem b/crypto/pkcs7/t/msie-s-a-e.pem
index 55dbd8f..55dbd8f 100644
--- a/crypto/openssl/crypto/pkcs7/t/msie-s-a-e.pem
+++ b/crypto/pkcs7/t/msie-s-a-e.pem
diff --git a/crypto/openssl/crypto/pkcs7/t/nav-smime b/crypto/pkcs7/t/nav-smime
index 6ee4b59..6ee4b59 100644
--- a/crypto/openssl/crypto/pkcs7/t/nav-smime
+++ b/crypto/pkcs7/t/nav-smime
diff --git a/crypto/openssl/crypto/pkcs7/t/s.pem b/crypto/pkcs7/t/s.pem
index 4fa925b..4fa925b 100644
--- a/crypto/openssl/crypto/pkcs7/t/s.pem
+++ b/crypto/pkcs7/t/s.pem
diff --git a/crypto/openssl/crypto/pkcs7/t/server.pem b/crypto/pkcs7/t/server.pem
index 989baf8..989baf8 100644
--- a/crypto/openssl/crypto/pkcs7/t/server.pem
+++ b/crypto/pkcs7/t/server.pem
diff --git a/crypto/openssl/crypto/pkcs7/verify.c b/crypto/pkcs7/verify.c
index b40f260..b40f260 100644
--- a/crypto/openssl/crypto/pkcs7/verify.c
+++ b/crypto/pkcs7/verify.c
diff --git a/crypto/openssl/crypto/pqueue/Makefile b/crypto/pqueue/Makefile
index d0c39d2..d0c39d2 100644
--- a/crypto/openssl/crypto/pqueue/Makefile
+++ b/crypto/pqueue/Makefile
diff --git a/crypto/openssl/crypto/pqueue/pq_compat.h b/crypto/pqueue/pq_compat.h
index 28c58a0..28c58a0 100644
--- a/crypto/openssl/crypto/pqueue/pq_compat.h
+++ b/crypto/pqueue/pq_compat.h
diff --git a/crypto/openssl/crypto/pqueue/pq_test.c b/crypto/pqueue/pq_test.c
index 8d496dfc..8d496dfc 100644
--- a/crypto/openssl/crypto/pqueue/pq_test.c
+++ b/crypto/pqueue/pq_test.c
diff --git a/crypto/openssl/crypto/pqueue/pqueue.c b/crypto/pqueue/pqueue.c
index 5cc1852..5cc1852 100644
--- a/crypto/openssl/crypto/pqueue/pqueue.c
+++ b/crypto/pqueue/pqueue.c
diff --git a/crypto/openssl/crypto/pqueue/pqueue.h b/crypto/pqueue/pqueue.h
index 02386d1..02386d1 100644
--- a/crypto/openssl/crypto/pqueue/pqueue.h
+++ b/crypto/pqueue/pqueue.h
diff --git a/crypto/openssl/crypto/rand/Makefile b/crypto/rand/Makefile
index 3c1ab5b..3c1ab5b 100644
--- a/crypto/openssl/crypto/rand/Makefile
+++ b/crypto/rand/Makefile
diff --git a/crypto/openssl/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 9783d0c..9783d0c 100644
--- a/crypto/openssl/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
diff --git a/crypto/openssl/crypto/rand/rand.h b/crypto/rand/rand.h
index ac6c021..ac6c021 100644
--- a/crypto/openssl/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
diff --git a/crypto/openssl/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
index 50bce6c..50bce6c 100644
--- a/crypto/openssl/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
diff --git a/crypto/openssl/crypto/rand/rand_err.c b/crypto/rand/rand_err.c
index 386934d..386934d 100644
--- a/crypto/openssl/crypto/rand/rand_err.c
+++ b/crypto/rand/rand_err.c
diff --git a/crypto/openssl/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
index 618a8ec..618a8ec 100755
--- a/crypto/openssl/crypto/rand/rand_lcl.h
+++ b/crypto/rand/rand_lcl.h
diff --git a/crypto/openssl/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 513e338..513e338 100644
--- a/crypto/openssl/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
diff --git a/crypto/openssl/crypto/rand/rand_nw.c b/crypto/rand/rand_nw.c
index ba57812..ba57812 100644
--- a/crypto/openssl/crypto/rand/rand_nw.c
+++ b/crypto/rand/rand_nw.c
diff --git a/crypto/openssl/crypto/rand/rand_os2.c b/crypto/rand/rand_os2.c
index c3e36d4..c3e36d4 100644
--- a/crypto/openssl/crypto/rand/rand_os2.c
+++ b/crypto/rand/rand_os2.c
diff --git a/crypto/openssl/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 6c2be5c..6c2be5c 100644
--- a/crypto/openssl/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
diff --git a/crypto/openssl/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c
index 1267a3a..1267a3a 100644
--- a/crypto/openssl/crypto/rand/rand_vms.c
+++ b/crypto/rand/rand_vms.c
diff --git a/crypto/openssl/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
index 00dbe42..00dbe42 100644
--- a/crypto/openssl/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
diff --git a/crypto/openssl/crypto/rand/randfile.c b/crypto/rand/randfile.c
index d69bdf8..d69bdf8 100644
--- a/crypto/openssl/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
diff --git a/crypto/openssl/crypto/rand/randtest.c b/crypto/rand/randtest.c
index 9e92a70..9e92a70 100644
--- a/crypto/openssl/crypto/rand/randtest.c
+++ b/crypto/rand/randtest.c
diff --git a/crypto/openssl/crypto/rc2/Makefile b/crypto/rc2/Makefile
index 73eac34..73eac34 100644
--- a/crypto/openssl/crypto/rc2/Makefile
+++ b/crypto/rc2/Makefile
diff --git a/crypto/openssl/crypto/rc2/rc2.h b/crypto/rc2/rc2.h
index 34c8362..34c8362 100644
--- a/crypto/openssl/crypto/rc2/rc2.h
+++ b/crypto/rc2/rc2.h
diff --git a/crypto/openssl/crypto/rc2/rc2_cbc.c b/crypto/rc2/rc2_cbc.c
index 74f48d3..74f48d3 100644
--- a/crypto/openssl/crypto/rc2/rc2_cbc.c
+++ b/crypto/rc2/rc2_cbc.c
diff --git a/crypto/openssl/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c
index fff86c7..fff86c7 100644
--- a/crypto/openssl/crypto/rc2/rc2_ecb.c
+++ b/crypto/rc2/rc2_ecb.c
diff --git a/crypto/openssl/crypto/rc2/rc2_locl.h b/crypto/rc2/rc2_locl.h
index 565cd17..565cd17 100644
--- a/crypto/openssl/crypto/rc2/rc2_locl.h
+++ b/crypto/rc2/rc2_locl.h
diff --git a/crypto/openssl/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c
index 4953642..4953642 100644
--- a/crypto/openssl/crypto/rc2/rc2_skey.c
+++ b/crypto/rc2/rc2_skey.c
diff --git a/crypto/openssl/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c
index b3a0158..b3a0158 100644
--- a/crypto/openssl/crypto/rc2/rc2cfb64.c
+++ b/crypto/rc2/rc2cfb64.c
diff --git a/crypto/openssl/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c
index 9e29786..9e29786 100644
--- a/crypto/openssl/crypto/rc2/rc2ofb64.c
+++ b/crypto/rc2/rc2ofb64.c
diff --git a/crypto/openssl/crypto/rc2/rc2speed.c b/crypto/rc2/rc2speed.c
index 85cf6f6..85cf6f6 100644
--- a/crypto/openssl/crypto/rc2/rc2speed.c
+++ b/crypto/rc2/rc2speed.c
diff --git a/crypto/openssl/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c
index 0e11743..0e11743 100644
--- a/crypto/openssl/crypto/rc2/rc2test.c
+++ b/crypto/rc2/rc2test.c
diff --git a/crypto/openssl/crypto/rc2/rrc2.doc b/crypto/rc2/rrc2.doc
index f93ee00..f93ee00 100644
--- a/crypto/openssl/crypto/rc2/rrc2.doc
+++ b/crypto/rc2/rrc2.doc
diff --git a/crypto/openssl/crypto/rc2/tab.c b/crypto/rc2/tab.c
index 25dc14e..25dc14e 100644
--- a/crypto/openssl/crypto/rc2/tab.c
+++ b/crypto/rc2/tab.c
diff --git a/crypto/openssl/crypto/rc2/version b/crypto/rc2/version
index 6f89d59..6f89d59 100644
--- a/crypto/openssl/crypto/rc2/version
+++ b/crypto/rc2/version
diff --git a/crypto/openssl/crypto/rc4/Makefile b/crypto/rc4/Makefile
index 7857c95..7857c95 100644
--- a/crypto/openssl/crypto/rc4/Makefile
+++ b/crypto/rc4/Makefile
diff --git a/crypto/openssl/crypto/rc4/asm/rc4-586.pl b/crypto/rc4/asm/rc4-586.pl
index 22bda4b..22bda4b 100644
--- a/crypto/openssl/crypto/rc4/asm/rc4-586.pl
+++ b/crypto/rc4/asm/rc4-586.pl
diff --git a/crypto/openssl/crypto/rc4/asm/rc4-ia64.S b/crypto/rc4/asm/rc4-ia64.S
index a322d0c..a322d0c 100644
--- a/crypto/openssl/crypto/rc4/asm/rc4-ia64.S
+++ b/crypto/rc4/asm/rc4-ia64.S
diff --git a/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl b/crypto/rc4/asm/rc4-x86_64.pl
index 4b990cb..4b990cb 100755
--- a/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl
+++ b/crypto/rc4/asm/rc4-x86_64.pl
diff --git a/crypto/openssl/crypto/rc4/rc4.c b/crypto/rc4/rc4.c
index c900b26..c900b26 100644
--- a/crypto/openssl/crypto/rc4/rc4.c
+++ b/crypto/rc4/rc4.c
diff --git a/crypto/openssl/crypto/rc4/rc4.h b/crypto/rc4/rc4.h
index 7aec04f..7aec04f 100644
--- a/crypto/openssl/crypto/rc4/rc4.h
+++ b/crypto/rc4/rc4.h
diff --git a/crypto/openssl/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c
index 0660ea6..0660ea6 100644
--- a/crypto/openssl/crypto/rc4/rc4_enc.c
+++ b/crypto/rc4/rc4_enc.c
diff --git a/crypto/openssl/crypto/rc4/rc4_locl.h b/crypto/rc4/rc4_locl.h
index c712e16..c712e16 100644
--- a/crypto/openssl/crypto/rc4/rc4_locl.h
+++ b/crypto/rc4/rc4_locl.h
diff --git a/crypto/openssl/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c
index b22c40b..b22c40b 100644
--- a/crypto/openssl/crypto/rc4/rc4_skey.c
+++ b/crypto/rc4/rc4_skey.c
diff --git a/crypto/openssl/crypto/rc4/rc4s.cpp b/crypto/rc4/rc4s.cpp
index 3814fde..3814fde 100644
--- a/crypto/openssl/crypto/rc4/rc4s.cpp
+++ b/crypto/rc4/rc4s.cpp
diff --git a/crypto/openssl/crypto/rc4/rc4speed.c b/crypto/rc4/rc4speed.c
index 0ebd381..0ebd381 100644
--- a/crypto/openssl/crypto/rc4/rc4speed.c
+++ b/crypto/rc4/rc4speed.c
diff --git a/crypto/openssl/crypto/rc4/rc4test.c b/crypto/rc4/rc4test.c
index 54b597f..54b597f 100644
--- a/crypto/openssl/crypto/rc4/rc4test.c
+++ b/crypto/rc4/rc4test.c
diff --git a/crypto/openssl/crypto/rc4/rrc4.doc b/crypto/rc4/rrc4.doc
index 2f9a953..2f9a953 100644
--- a/crypto/openssl/crypto/rc4/rrc4.doc
+++ b/crypto/rc4/rrc4.doc
diff --git a/crypto/openssl/crypto/rc5/Makefile b/crypto/rc5/Makefile
index efb0f36..efb0f36 100644
--- a/crypto/openssl/crypto/rc5/Makefile
+++ b/crypto/rc5/Makefile
diff --git a/crypto/openssl/crypto/rc5/asm/rc5-586.pl b/crypto/rc5/asm/rc5-586.pl
index edff1d1..edff1d1 100644
--- a/crypto/openssl/crypto/rc5/asm/rc5-586.pl
+++ b/crypto/rc5/asm/rc5-586.pl
diff --git a/crypto/openssl/crypto/rc5/rc5.h b/crypto/rc5/rc5.h
index 4b3c153..4b3c153 100644
--- a/crypto/openssl/crypto/rc5/rc5.h
+++ b/crypto/rc5/rc5.h
diff --git a/crypto/openssl/crypto/rc5/rc5_ecb.c b/crypto/rc5/rc5_ecb.c
index e72b535..e72b535 100644
--- a/crypto/openssl/crypto/rc5/rc5_ecb.c
+++ b/crypto/rc5/rc5_ecb.c
diff --git a/crypto/openssl/crypto/rc5/rc5_enc.c b/crypto/rc5/rc5_enc.c
index f327d32..f327d32 100644
--- a/crypto/openssl/crypto/rc5/rc5_enc.c
+++ b/crypto/rc5/rc5_enc.c
diff --git a/crypto/openssl/crypto/rc5/rc5_locl.h b/crypto/rc5/rc5_locl.h
index 282dd38..282dd38 100644
--- a/crypto/openssl/crypto/rc5/rc5_locl.h
+++ b/crypto/rc5/rc5_locl.h
diff --git a/crypto/openssl/crypto/rc5/rc5_skey.c b/crypto/rc5/rc5_skey.c
index a2e00a4..a2e00a4 100644
--- a/crypto/openssl/crypto/rc5/rc5_skey.c
+++ b/crypto/rc5/rc5_skey.c
diff --git a/crypto/openssl/crypto/rc5/rc5cfb64.c b/crypto/rc5/rc5cfb64.c
index 3a8b60b..3a8b60b 100644
--- a/crypto/openssl/crypto/rc5/rc5cfb64.c
+++ b/crypto/rc5/rc5cfb64.c
diff --git a/crypto/openssl/crypto/rc5/rc5ofb64.c b/crypto/rc5/rc5ofb64.c
index d412215..d412215 100644
--- a/crypto/openssl/crypto/rc5/rc5ofb64.c
+++ b/crypto/rc5/rc5ofb64.c
diff --git a/crypto/openssl/crypto/rc5/rc5s.cpp b/crypto/rc5/rc5s.cpp
index 1c5518b..1c5518b 100644
--- a/crypto/openssl/crypto/rc5/rc5s.cpp
+++ b/crypto/rc5/rc5s.cpp
diff --git a/crypto/openssl/crypto/rc5/rc5speed.c b/crypto/rc5/rc5speed.c
index 8e363be..8e363be 100644
--- a/crypto/openssl/crypto/rc5/rc5speed.c
+++ b/crypto/rc5/rc5speed.c
diff --git a/crypto/openssl/crypto/rc5/rc5test.c b/crypto/rc5/rc5test.c
index ce3d0cc..ce3d0cc 100644
--- a/crypto/openssl/crypto/rc5/rc5test.c
+++ b/crypto/rc5/rc5test.c
diff --git a/crypto/openssl/crypto/ripemd/Makefile b/crypto/ripemd/Makefile
index d55875c..d55875c 100644
--- a/crypto/openssl/crypto/ripemd/Makefile
+++ b/crypto/ripemd/Makefile
diff --git a/crypto/openssl/crypto/ripemd/README b/crypto/ripemd/README
index 7097707..7097707 100644
--- a/crypto/openssl/crypto/ripemd/README
+++ b/crypto/ripemd/README
diff --git a/crypto/openssl/crypto/ripemd/asm/rips.cpp b/crypto/ripemd/asm/rips.cpp
index f7a1367..f7a1367 100644
--- a/crypto/openssl/crypto/ripemd/asm/rips.cpp
+++ b/crypto/ripemd/asm/rips.cpp
diff --git a/crypto/openssl/crypto/ripemd/asm/rmd-586.pl b/crypto/ripemd/asm/rmd-586.pl
index 0ab6f76..0ab6f76 100644
--- a/crypto/openssl/crypto/ripemd/asm/rmd-586.pl
+++ b/crypto/ripemd/asm/rmd-586.pl
diff --git a/crypto/openssl/crypto/ripemd/ripemd.h b/crypto/ripemd/ripemd.h
index 033a596..033a596 100644
--- a/crypto/openssl/crypto/ripemd/ripemd.h
+++ b/crypto/ripemd/ripemd.h
diff --git a/crypto/openssl/crypto/ripemd/rmd160.c b/crypto/ripemd/rmd160.c
index b0ec574..b0ec574 100644
--- a/crypto/openssl/crypto/ripemd/rmd160.c
+++ b/crypto/ripemd/rmd160.c
diff --git a/crypto/openssl/crypto/ripemd/rmd_dgst.c b/crypto/ripemd/rmd_dgst.c
index 9608a8f..9608a8f 100644
--- a/crypto/openssl/crypto/ripemd/rmd_dgst.c
+++ b/crypto/ripemd/rmd_dgst.c
diff --git a/crypto/openssl/crypto/ripemd/rmd_locl.h b/crypto/ripemd/rmd_locl.h
index b52d786..b52d786 100644
--- a/crypto/openssl/crypto/ripemd/rmd_locl.h
+++ b/crypto/ripemd/rmd_locl.h
diff --git a/crypto/openssl/crypto/ripemd/rmd_one.c b/crypto/ripemd/rmd_one.c
index 3efb137..3efb137 100644
--- a/crypto/openssl/crypto/ripemd/rmd_one.c
+++ b/crypto/ripemd/rmd_one.c
diff --git a/crypto/openssl/crypto/ripemd/rmdconst.h b/crypto/ripemd/rmdconst.h
index 59c48de..59c48de 100644
--- a/crypto/openssl/crypto/ripemd/rmdconst.h
+++ b/crypto/ripemd/rmdconst.h
diff --git a/crypto/openssl/crypto/ripemd/rmdtest.c b/crypto/ripemd/rmdtest.c
index cbfdf2a..cbfdf2a 100644
--- a/crypto/openssl/crypto/ripemd/rmdtest.c
+++ b/crypto/ripemd/rmdtest.c
diff --git a/crypto/openssl/crypto/rsa/Makefile b/crypto/rsa/Makefile
index 1390081..1390081 100644
--- a/crypto/openssl/crypto/rsa/Makefile
+++ b/crypto/rsa/Makefile
diff --git a/crypto/openssl/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index b19c556..b19c556 100644
--- a/crypto/openssl/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
diff --git a/crypto/openssl/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c
index bbbf26d..bbbf26d 100644
--- a/crypto/openssl/crypto/rsa/rsa_asn1.c
+++ b/crypto/rsa/rsa_asn1.c
diff --git a/crypto/openssl/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c
index 9d848db..9d848db 100644
--- a/crypto/openssl/crypto/rsa/rsa_chk.c
+++ b/crypto/rsa/rsa_chk.c
diff --git a/crypto/openssl/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c
index a859ded..a859ded 100644
--- a/crypto/openssl/crypto/rsa/rsa_depr.c
+++ b/crypto/rsa/rsa_depr.c
diff --git a/crypto/openssl/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index e7b7a9c..e7b7a9c 100644
--- a/crypto/openssl/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
diff --git a/crypto/openssl/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index fe3ba1b..fe3ba1b 100644
--- a/crypto/openssl/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
diff --git a/crypto/openssl/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 742f8b1..742f8b1 100644
--- a/crypto/openssl/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index cca32c0..cca32c0 100644
--- a/crypto/openssl/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
diff --git a/crypto/openssl/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c
index e6f3e62..e6f3e62 100644
--- a/crypto/openssl/crypto/rsa/rsa_none.c
+++ b/crypto/rsa/rsa_none.c
diff --git a/crypto/openssl/crypto/rsa/rsa_null.c b/crypto/rsa/rsa_null.c
index 491572c..491572c 100644
--- a/crypto/openssl/crypto/rsa/rsa_null.c
+++ b/crypto/rsa/rsa_null.c
diff --git a/crypto/openssl/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 45d6f6e..45d6f6e 100644
--- a/crypto/openssl/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
diff --git a/crypto/openssl/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
index 8560755..8560755 100644
--- a/crypto/openssl/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
diff --git a/crypto/openssl/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
index e19d18c..e19d18c 100644
--- a/crypto/openssl/crypto/rsa/rsa_pss.c
+++ b/crypto/rsa/rsa_pss.c
diff --git a/crypto/openssl/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
index f98e0a8..f98e0a8 100644
--- a/crypto/openssl/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
diff --git a/crypto/openssl/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 71aabee..71aabee 100644
--- a/crypto/openssl/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
diff --git a/crypto/openssl/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
index ea72629..ea72629 100644
--- a/crypto/openssl/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
diff --git a/crypto/openssl/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c
index 0f8059c..0f8059c 100644
--- a/crypto/openssl/crypto/rsa/rsa_test.c
+++ b/crypto/rsa/rsa_test.c
diff --git a/crypto/openssl/crypto/rsa/rsa_x931.c b/crypto/rsa/rsa_x931.c
index e918654..e918654 100644
--- a/crypto/openssl/crypto/rsa/rsa_x931.c
+++ b/crypto/rsa/rsa_x931.c
diff --git a/crypto/openssl/crypto/sha/Makefile b/crypto/sha/Makefile
index 42a8c5b..42a8c5b 100644
--- a/crypto/openssl/crypto/sha/Makefile
+++ b/crypto/sha/Makefile
diff --git a/crypto/openssl/crypto/sha/asm/README b/crypto/sha/asm/README
index b7e7557..b7e7557 100644
--- a/crypto/openssl/crypto/sha/asm/README
+++ b/crypto/sha/asm/README
diff --git a/crypto/openssl/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl
index 4f8521f..4f8521f 100644
--- a/crypto/openssl/crypto/sha/asm/sha1-586.pl
+++ b/crypto/sha/asm/sha1-586.pl
diff --git a/crypto/openssl/crypto/sha/asm/sha1-ia64.pl b/crypto/sha/asm/sha1-ia64.pl
index cb9dfad1..cb9dfad1 100644
--- a/crypto/openssl/crypto/sha/asm/sha1-ia64.pl
+++ b/crypto/sha/asm/sha1-ia64.pl
diff --git a/crypto/openssl/crypto/sha/asm/sha512-ia64.pl b/crypto/sha/asm/sha512-ia64.pl
index 0aea023..0aea023 100755
--- a/crypto/openssl/crypto/sha/asm/sha512-ia64.pl
+++ b/crypto/sha/asm/sha512-ia64.pl
diff --git a/crypto/openssl/crypto/sha/asm/sha512-sse2.pl b/crypto/sha/asm/sha512-sse2.pl
index 10902bf..10902bf 100644
--- a/crypto/openssl/crypto/sha/asm/sha512-sse2.pl
+++ b/crypto/sha/asm/sha512-sse2.pl
diff --git a/crypto/openssl/crypto/sha/sha.c b/crypto/sha/sha.c
index 4212655..4212655 100644
--- a/crypto/openssl/crypto/sha/sha.c
+++ b/crypto/sha/sha.c
diff --git a/crypto/openssl/crypto/sha/sha.h b/crypto/sha/sha.h
index eed44d7..eed44d7 100644
--- a/crypto/openssl/crypto/sha/sha.h
+++ b/crypto/sha/sha.h
diff --git a/crypto/openssl/crypto/sha/sha1.c b/crypto/sha/sha1.c
index d350c88..d350c88 100644
--- a/crypto/openssl/crypto/sha/sha1.c
+++ b/crypto/sha/sha1.c
diff --git a/crypto/openssl/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c
index 7c65b60..7c65b60 100644
--- a/crypto/openssl/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
diff --git a/crypto/openssl/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c
index 50d1925..50d1925 100644
--- a/crypto/openssl/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
diff --git a/crypto/openssl/crypto/sha/sha1s.cpp b/crypto/sha/sha1s.cpp
index af23d1e..af23d1e 100644
--- a/crypto/openssl/crypto/sha/sha1s.cpp
+++ b/crypto/sha/sha1s.cpp
diff --git a/crypto/openssl/crypto/sha/sha1test.c b/crypto/sha/sha1test.c
index b0650c7..b0650c7 100644
--- a/crypto/openssl/crypto/sha/sha1test.c
+++ b/crypto/sha/sha1test.c
diff --git a/crypto/openssl/crypto/sha/sha256.c b/crypto/sha/sha256.c
index 05ae944..05ae944 100644
--- a/crypto/openssl/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
diff --git a/crypto/openssl/crypto/sha/sha256t.c b/crypto/sha/sha256t.c
index 6b4a3bd..6b4a3bd 100644
--- a/crypto/openssl/crypto/sha/sha256t.c
+++ b/crypto/sha/sha256t.c
diff --git a/crypto/openssl/crypto/sha/sha512.c b/crypto/sha/sha512.c
index 39d18b8..39d18b8 100644
--- a/crypto/openssl/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
diff --git a/crypto/openssl/crypto/sha/sha512t.c b/crypto/sha/sha512t.c
index 210041d..210041d 100644
--- a/crypto/openssl/crypto/sha/sha512t.c
+++ b/crypto/sha/sha512t.c
diff --git a/crypto/openssl/crypto/sha/sha_dgst.c b/crypto/sha/sha_dgst.c
index 70eb560..70eb560 100644
--- a/crypto/openssl/crypto/sha/sha_dgst.c
+++ b/crypto/sha/sha_dgst.c
diff --git a/crypto/openssl/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h
index 6281313..6281313 100644
--- a/crypto/openssl/crypto/sha/sha_locl.h
+++ b/crypto/sha/sha_locl.h
diff --git a/crypto/openssl/crypto/sha/sha_one.c b/crypto/sha/sha_one.c
index 3bae623..3bae623 100644
--- a/crypto/openssl/crypto/sha/sha_one.c
+++ b/crypto/sha/sha_one.c
diff --git a/crypto/openssl/crypto/sha/shatest.c b/crypto/sha/shatest.c
index bfb11f0..bfb11f0 100644
--- a/crypto/openssl/crypto/sha/shatest.c
+++ b/crypto/sha/shatest.c
diff --git a/crypto/openssl/crypto/sparccpuid.S b/crypto/sparccpuid.S
index c17350f..c17350f 100644
--- a/crypto/openssl/crypto/sparccpuid.S
+++ b/crypto/sparccpuid.S
diff --git a/crypto/openssl/crypto/stack/Makefile b/crypto/stack/Makefile
index 5327692..5327692 100644
--- a/crypto/openssl/crypto/stack/Makefile
+++ b/crypto/stack/Makefile
diff --git a/crypto/openssl/crypto/stack/safestack.h b/crypto/stack/safestack.h
index d496f36..d496f36 100644
--- a/crypto/openssl/crypto/stack/safestack.h
+++ b/crypto/stack/safestack.h
diff --git a/crypto/openssl/crypto/stack/stack.c b/crypto/stack/stack.c
index 378bd7c..378bd7c 100644
--- a/crypto/openssl/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
diff --git a/crypto/openssl/crypto/stack/stack.h b/crypto/stack/stack.h
index 5cbb116..5cbb116 100644
--- a/crypto/openssl/crypto/stack/stack.h
+++ b/crypto/stack/stack.h
diff --git a/crypto/openssl/crypto/store/Makefile b/crypto/store/Makefile
index 0dcfd78..0dcfd78 100644
--- a/crypto/openssl/crypto/store/Makefile
+++ b/crypto/store/Makefile
diff --git a/crypto/openssl/crypto/store/README b/crypto/store/README
index 966168f..966168f 100644
--- a/crypto/openssl/crypto/store/README
+++ b/crypto/store/README
diff --git a/crypto/openssl/crypto/store/store.h b/crypto/store/store.h
index 6458337..6458337 100644
--- a/crypto/openssl/crypto/store/store.h
+++ b/crypto/store/store.h
diff --git a/crypto/openssl/crypto/store/str_err.c b/crypto/store/str_err.c
index 6fee649..6fee649 100644
--- a/crypto/openssl/crypto/store/str_err.c
+++ b/crypto/store/str_err.c
diff --git a/crypto/openssl/crypto/store/str_lib.c b/crypto/store/str_lib.c
index c0ad763..c0ad763 100644
--- a/crypto/openssl/crypto/store/str_lib.c
+++ b/crypto/store/str_lib.c
diff --git a/crypto/openssl/crypto/store/str_locl.h b/crypto/store/str_locl.h
index 3f8cb75..3f8cb75 100644
--- a/crypto/openssl/crypto/store/str_locl.h
+++ b/crypto/store/str_locl.h
diff --git a/crypto/openssl/crypto/store/str_mem.c b/crypto/store/str_mem.c
index 527757ae..527757ae 100644
--- a/crypto/openssl/crypto/store/str_mem.c
+++ b/crypto/store/str_mem.c
diff --git a/crypto/openssl/crypto/store/str_meth.c b/crypto/store/str_meth.c
index a46de03..a46de03 100644
--- a/crypto/openssl/crypto/store/str_meth.c
+++ b/crypto/store/str_meth.c
diff --git a/crypto/openssl/crypto/symhacks.h b/crypto/symhacks.h
index 7e3602d..7e3602d 100644
--- a/crypto/openssl/crypto/symhacks.h
+++ b/crypto/symhacks.h
diff --git a/crypto/openssl/crypto/threads/README b/crypto/threads/README
index df6b26e..df6b26e 100644
--- a/crypto/openssl/crypto/threads/README
+++ b/crypto/threads/README
diff --git a/crypto/openssl/crypto/threads/mttest.c b/crypto/threads/mttest.c
index f6f3df4..f6f3df4 100644
--- a/crypto/openssl/crypto/threads/mttest.c
+++ b/crypto/threads/mttest.c
diff --git a/crypto/openssl/crypto/threads/profile.sh b/crypto/threads/profile.sh
index 6e3e342..6e3e342 100644
--- a/crypto/openssl/crypto/threads/profile.sh
+++ b/crypto/threads/profile.sh
diff --git a/crypto/openssl/crypto/threads/pthread.sh b/crypto/threads/pthread.sh
index f1c4982..f1c4982 100644
--- a/crypto/openssl/crypto/threads/pthread.sh
+++ b/crypto/threads/pthread.sh
diff --git a/crypto/openssl/crypto/threads/pthread2.sh b/crypto/threads/pthread2.sh
index 41264c6..41264c6 100755
--- a/crypto/openssl/crypto/threads/pthread2.sh
+++ b/crypto/threads/pthread2.sh
diff --git a/crypto/openssl/crypto/threads/purify.sh b/crypto/threads/purify.sh
index 6d44fe2..6d44fe2 100644
--- a/crypto/openssl/crypto/threads/purify.sh
+++ b/crypto/threads/purify.sh
diff --git a/crypto/openssl/crypto/threads/th-lock.c b/crypto/threads/th-lock.c
index 14aae5f..14aae5f 100644
--- a/crypto/openssl/crypto/threads/th-lock.c
+++ b/crypto/threads/th-lock.c
diff --git a/crypto/openssl/crypto/tmdiff.c b/crypto/tmdiff.c
index 1c6e052..1c6e052 100644
--- a/crypto/openssl/crypto/tmdiff.c
+++ b/crypto/tmdiff.c
diff --git a/crypto/openssl/crypto/tmdiff.h b/crypto/tmdiff.h
index af5c41c..af5c41c 100644
--- a/crypto/openssl/crypto/tmdiff.h
+++ b/crypto/tmdiff.h
diff --git a/crypto/openssl/crypto/txt_db/Makefile b/crypto/txt_db/Makefile
index e6f3033..e6f3033 100644
--- a/crypto/openssl/crypto/txt_db/Makefile
+++ b/crypto/txt_db/Makefile
diff --git a/crypto/openssl/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c
index 3ed5f72..3ed5f72 100644
--- a/crypto/openssl/crypto/txt_db/txt_db.c
+++ b/crypto/txt_db/txt_db.c
diff --git a/crypto/openssl/crypto/txt_db/txt_db.h b/crypto/txt_db/txt_db.h
index 307e1ba..307e1ba 100644
--- a/crypto/openssl/crypto/txt_db/txt_db.h
+++ b/crypto/txt_db/txt_db.h
diff --git a/crypto/openssl/crypto/ui/Makefile b/crypto/ui/Makefile
index a685659..a685659 100644
--- a/crypto/openssl/crypto/ui/Makefile
+++ b/crypto/ui/Makefile
diff --git a/crypto/openssl/crypto/ui/ui.h b/crypto/ui/ui.h
index 0182964..0182964 100644
--- a/crypto/openssl/crypto/ui/ui.h
+++ b/crypto/ui/ui.h
diff --git a/crypto/openssl/crypto/ui/ui_compat.c b/crypto/ui/ui_compat.c
index 13e0f70..13e0f70 100644
--- a/crypto/openssl/crypto/ui/ui_compat.c
+++ b/crypto/ui/ui_compat.c
diff --git a/crypto/openssl/crypto/ui/ui_compat.h b/crypto/ui/ui_compat.h
index b35c9bb..b35c9bb 100644
--- a/crypto/openssl/crypto/ui/ui_compat.h
+++ b/crypto/ui/ui_compat.h
diff --git a/crypto/openssl/crypto/ui/ui_err.c b/crypto/ui/ui_err.c
index 786bd0d..786bd0d 100644
--- a/crypto/openssl/crypto/ui/ui_err.c
+++ b/crypto/ui/ui_err.c
diff --git a/crypto/openssl/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
index 7ab249c..7ab249c 100644
--- a/crypto/openssl/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
diff --git a/crypto/openssl/crypto/ui/ui_locl.h b/crypto/ui/ui_locl.h
index aa4a556..aa4a556 100644
--- a/crypto/openssl/crypto/ui/ui_locl.h
+++ b/crypto/ui/ui_locl.h
diff --git a/crypto/openssl/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
index 1f23a45..1f23a45 100644
--- a/crypto/openssl/crypto/ui/ui_openssl.c
+++ b/crypto/ui/ui_openssl.c
diff --git a/crypto/openssl/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
index 5d9760b..5d9760b 100644
--- a/crypto/openssl/crypto/ui/ui_util.c
+++ b/crypto/ui/ui_util.c
diff --git a/crypto/openssl/crypto/uid.c b/crypto/uid.c
index b1fd52b..b1fd52b 100644
--- a/crypto/openssl/crypto/uid.c
+++ b/crypto/uid.c
diff --git a/crypto/openssl/crypto/x509/Makefile b/crypto/x509/Makefile
index ddcc312..ddcc312 100644
--- a/crypto/openssl/crypto/x509/Makefile
+++ b/crypto/x509/Makefile
diff --git a/crypto/openssl/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 37f9a48..37f9a48 100644
--- a/crypto/openssl/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
diff --git a/crypto/openssl/crypto/x509/by_file.c b/crypto/x509/by_file.c
index a5e0d4a..a5e0d4a 100644
--- a/crypto/openssl/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
diff --git a/crypto/openssl/crypto/x509/x509.h b/crypto/x509/x509.h
index 16a954f..16a954f 100644
--- a/crypto/openssl/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
diff --git a/crypto/openssl/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
index 65968c4..65968c4 100644
--- a/crypto/openssl/crypto/x509/x509_att.c
+++ b/crypto/x509/x509_att.c
diff --git a/crypto/openssl/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 0d6bc65..0d6bc65 100644
--- a/crypto/openssl/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
diff --git a/crypto/openssl/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c
index 51410cf..51410cf 100644
--- a/crypto/openssl/crypto/x509/x509_d2.c
+++ b/crypto/x509/x509_d2.c
diff --git a/crypto/openssl/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
index e0ac151a..e0ac151a 100644
--- a/crypto/openssl/crypto/x509/x509_def.c
+++ b/crypto/x509/x509_def.c
diff --git a/crypto/openssl/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index fb37729..fb37729 100644
--- a/crypto/openssl/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
diff --git a/crypto/openssl/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c
index e7fdacb..e7fdacb 100644
--- a/crypto/openssl/crypto/x509/x509_ext.c
+++ b/crypto/x509/x509_ext.c
diff --git a/crypto/openssl/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index cd2cfb6..cd2cfb6 100644
--- a/crypto/openssl/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
diff --git a/crypto/openssl/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index 1e718f7..1e718f7 100644
--- a/crypto/openssl/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
diff --git a/crypto/openssl/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index 254a146..254a146 100644
--- a/crypto/openssl/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
diff --git a/crypto/openssl/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index 3872e1f..3872e1f 100644
--- a/crypto/openssl/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
diff --git a/crypto/openssl/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index aaf61ca..aaf61ca 100644
--- a/crypto/openssl/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
diff --git a/crypto/openssl/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
index 9c84a59..9c84a59 100644
--- a/crypto/openssl/crypto/x509/x509_trs.c
+++ b/crypto/x509/x509_trs.c
diff --git a/crypto/openssl/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index a80c87e..a80c87e 100644
--- a/crypto/openssl/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
diff --git a/crypto/openssl/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index 42e6f0a..42e6f0a 100644
--- a/crypto/openssl/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 07df21f..07df21f 100644
--- a/crypto/openssl/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
diff --git a/crypto/openssl/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index 76c76e1..76c76e1 100644
--- a/crypto/openssl/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
diff --git a/crypto/openssl/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 5e69259..5e69259 100644
--- a/crypto/openssl/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
diff --git a/crypto/openssl/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index 9d1646d..9d1646d 100644
--- a/crypto/openssl/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
diff --git a/crypto/openssl/crypto/x509/x509name.c b/crypto/x509/x509name.c
index 068abfe..068abfe 100644
--- a/crypto/openssl/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
diff --git a/crypto/openssl/crypto/x509/x509rset.c b/crypto/x509/x509rset.c
index d9f6b57..d9f6b57 100644
--- a/crypto/openssl/crypto/x509/x509rset.c
+++ b/crypto/x509/x509rset.c
diff --git a/crypto/openssl/crypto/x509/x509spki.c b/crypto/x509/x509spki.c
index ed868b8..ed868b8 100644
--- a/crypto/openssl/crypto/x509/x509spki.c
+++ b/crypto/x509/x509spki.c
diff --git a/crypto/openssl/crypto/x509/x509type.c b/crypto/x509/x509type.c
index 2cd994c..2cd994c 100644
--- a/crypto/openssl/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
diff --git a/crypto/openssl/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 9039caa..9039caa 100644
--- a/crypto/openssl/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
diff --git a/crypto/openssl/crypto/x509v3/Makefile b/crypto/x509v3/Makefile
index 556ef35..556ef35 100644
--- a/crypto/openssl/crypto/x509v3/Makefile
+++ b/crypto/x509v3/Makefile
diff --git a/crypto/openssl/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index 5c063ac..5c063ac 100644
--- a/crypto/openssl/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
diff --git a/crypto/openssl/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c
index c18beb8..c18beb8 100644
--- a/crypto/openssl/crypto/x509v3/pcy_cache.c
+++ b/crypto/x509v3/pcy_cache.c
diff --git a/crypto/openssl/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c
index 614d2b4..614d2b4 100644
--- a/crypto/openssl/crypto/x509v3/pcy_data.c
+++ b/crypto/x509v3/pcy_data.c
diff --git a/crypto/openssl/crypto/x509v3/pcy_int.h b/crypto/x509v3/pcy_int.h
index ba62a20..ba62a20 100644
--- a/crypto/openssl/crypto/x509v3/pcy_int.h
+++ b/crypto/x509v3/pcy_int.h
diff --git a/crypto/openssl/crypto/x509v3/pcy_lib.c b/crypto/x509v3/pcy_lib.c
index dae4840..dae4840 100644
--- a/crypto/openssl/crypto/x509v3/pcy_lib.c
+++ b/crypto/x509v3/pcy_lib.c
diff --git a/crypto/openssl/crypto/x509v3/pcy_map.c b/crypto/x509v3/pcy_map.c
index 35221e8..35221e8 100644
--- a/crypto/openssl/crypto/x509v3/pcy_map.c
+++ b/crypto/x509v3/pcy_map.c
diff --git a/crypto/openssl/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c
index dcc1554..dcc1554 100644
--- a/crypto/openssl/crypto/x509v3/pcy_node.c
+++ b/crypto/x509v3/pcy_node.c
diff --git a/crypto/openssl/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index 27d29f2..27d29f2 100644
--- a/crypto/openssl/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
diff --git a/crypto/openssl/crypto/x509v3/tabtest.c b/crypto/x509v3/tabtest.c
index dad0d38..dad0d38 100644
--- a/crypto/openssl/crypto/x509v3/tabtest.c
+++ b/crypto/x509v3/tabtest.c
diff --git a/crypto/openssl/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index ed9847b..ed9847b 100644
--- a/crypto/openssl/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
diff --git a/crypto/openssl/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c
index ac0548b..ac0548b 100644
--- a/crypto/openssl/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c
diff --git a/crypto/openssl/crypto/x509v3/v3_akeya.c b/crypto/x509v3/v3_akeya.c
index 2aafa26..2aafa26 100644
--- a/crypto/openssl/crypto/x509v3/v3_akeya.c
+++ b/crypto/x509v3/v3_akeya.c
diff --git a/crypto/openssl/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
index bb2f5bc..bb2f5bc 100644
--- a/crypto/openssl/crypto/x509v3/v3_alt.c
+++ b/crypto/x509v3/v3_alt.c
diff --git a/crypto/openssl/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
index 271930f..271930f 100644
--- a/crypto/openssl/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
diff --git a/crypto/openssl/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c
index 74b1233..74b1233 100644
--- a/crypto/openssl/crypto/x509v3/v3_bcons.c
+++ b/crypto/x509v3/v3_bcons.c
diff --git a/crypto/openssl/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c
index cf31f08..cf31f08 100644
--- a/crypto/openssl/crypto/x509v3/v3_bitst.c
+++ b/crypto/x509v3/v3_bitst.c
diff --git a/crypto/openssl/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
index 2b86730..2b86730 100644
--- a/crypto/openssl/crypto/x509v3/v3_conf.c
+++ b/crypto/x509v3/v3_conf.c
diff --git a/crypto/openssl/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index a40f490..a40f490 100644
--- a/crypto/openssl/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
diff --git a/crypto/openssl/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c
index c6e3eba..c6e3eba 100644
--- a/crypto/openssl/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
diff --git a/crypto/openssl/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c
index a236cb2..a236cb2 100644
--- a/crypto/openssl/crypto/x509v3/v3_enum.c
+++ b/crypto/x509v3/v3_enum.c
diff --git a/crypto/openssl/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c
index a4efe00..a4efe00 100644
--- a/crypto/openssl/crypto/x509v3/v3_extku.c
+++ b/crypto/x509v3/v3_extku.c
diff --git a/crypto/openssl/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
index 650b510..650b510 100644
--- a/crypto/openssl/crypto/x509v3/v3_genn.c
+++ b/crypto/x509v3/v3_genn.c
diff --git a/crypto/openssl/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c
index b739ccd..b739ccd 100644
--- a/crypto/openssl/crypto/x509v3/v3_ia5.c
+++ b/crypto/x509v3/v3_ia5.c
diff --git a/crypto/openssl/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c
index e0ef69d..e0ef69d 100644
--- a/crypto/openssl/crypto/x509v3/v3_info.c
+++ b/crypto/x509v3/v3_info.c
diff --git a/crypto/openssl/crypto/x509v3/v3_int.c b/crypto/x509v3/v3_int.c
index 9a48dc1..9a48dc1 100644
--- a/crypto/openssl/crypto/x509v3/v3_int.c
+++ b/crypto/x509v3/v3_int.c
diff --git a/crypto/openssl/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
index f3015ea..f3015ea 100644
--- a/crypto/openssl/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
diff --git a/crypto/openssl/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index 42e7f5a..42e7f5a 100644
--- a/crypto/openssl/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
diff --git a/crypto/openssl/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c
index 62aac06..62aac06 100644
--- a/crypto/openssl/crypto/x509v3/v3_ocsp.c
+++ b/crypto/x509v3/v3_ocsp.c
diff --git a/crypto/openssl/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index 5158b1d..5158b1d 100644
--- a/crypto/openssl/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
diff --git a/crypto/openssl/crypto/x509v3/v3_pcia.c b/crypto/x509v3/v3_pcia.c
index bb362e0..bb362e0 100644
--- a/crypto/openssl/crypto/x509v3/v3_pcia.c
+++ b/crypto/x509v3/v3_pcia.c
diff --git a/crypto/openssl/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c
index 13248c2..13248c2 100644
--- a/crypto/openssl/crypto/x509v3/v3_pcons.c
+++ b/crypto/x509v3/v3_pcons.c
diff --git a/crypto/openssl/crypto/x509v3/v3_pku.c b/crypto/x509v3/v3_pku.c
index 5c4626e..5c4626e 100644
--- a/crypto/openssl/crypto/x509v3/v3_pku.c
+++ b/crypto/x509v3/v3_pku.c
diff --git a/crypto/openssl/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c
index 6263032..6263032 100644
--- a/crypto/openssl/crypto/x509v3/v3_pmaps.c
+++ b/crypto/x509v3/v3_pmaps.c
diff --git a/crypto/openssl/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
index 20bd9bd..20bd9bd 100644
--- a/crypto/openssl/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
diff --git a/crypto/openssl/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index b2f5cdf..b2f5cdf 100644
--- a/crypto/openssl/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
diff --git a/crypto/openssl/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
index da0a355..da0a355 100644
--- a/crypto/openssl/crypto/x509v3/v3_skey.c
+++ b/crypto/x509v3/v3_skey.c
diff --git a/crypto/openssl/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
index eaea9ea..eaea9ea 100644
--- a/crypto/openssl/crypto/x509v3/v3_sxnet.c
+++ b/crypto/x509v3/v3_sxnet.c
diff --git a/crypto/openssl/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 3dba055..3dba055 100644
--- a/crypto/openssl/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
diff --git a/crypto/openssl/crypto/x509v3/v3conf.c b/crypto/x509v3/v3conf.c
index 00cf5b4..00cf5b4 100644
--- a/crypto/openssl/crypto/x509v3/v3conf.c
+++ b/crypto/x509v3/v3conf.c
diff --git a/crypto/openssl/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c
index d538ad8..d538ad8 100644
--- a/crypto/openssl/crypto/x509v3/v3err.c
+++ b/crypto/x509v3/v3err.c
diff --git a/crypto/openssl/crypto/x509v3/v3prin.c b/crypto/x509v3/v3prin.c
index b529814..b529814 100644
--- a/crypto/openssl/crypto/x509v3/v3prin.c
+++ b/crypto/x509v3/v3prin.c
diff --git a/crypto/openssl/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index 91d2fb5..91d2fb5 100644
--- a/crypto/openssl/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
diff --git a/crypto/openssl/crypto/x86_64cpuid.pl b/crypto/x86_64cpuid.pl
index 4d88ad1..4d88ad1 100644
--- a/crypto/openssl/crypto/x86_64cpuid.pl
+++ b/crypto/x86_64cpuid.pl
diff --git a/crypto/openssl/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
index c53c9bc..c53c9bc 100644
--- a/crypto/openssl/crypto/x86cpuid.pl
+++ b/crypto/x86cpuid.pl
OpenPOWER on IntegriCloud