From: Peter Avalos Date: Mon, 20 Nov 2006 06:08:43 +0000 (+0000) Subject: Remove files no longer used. X-Git-Tag: v2.0.1~4084 X-Git-Url: https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff_plain/f65a5238eacaa42d6e9afa8f7870edf64feb604a Remove files no longer used. --- diff --git a/crypto/openssl-0.9/bugs/SSLv3 b/crypto/openssl-0.9/bugs/SSLv3 deleted file mode 100644 index a75a1652d9..0000000000 --- a/crypto/openssl-0.9/bugs/SSLv3 +++ /dev/null @@ -1,49 +0,0 @@ -So far... - -ssl3.netscape.com:443 does not support client side dynamic -session-renegotiation. - -ssl3.netscape.com:444 (asks for client cert) sends out all the CA RDN -in an invalid format (the outer sequence is removed). - -Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte -challenge but then appears to only use 16 bytes when generating the -encryption keys. Using 16 bytes is ok but it should be ok to use 32. -According to the SSLv3 spec, one should use 32 bytes for the challenge -when opperating in SSLv2/v3 compatablity mode, but as mentioned above, -this breaks this server so 16 bytes is the way to go. - -www.microsoft.com - when talking SSLv2, if session-id reuse is -performed, the session-id passed back in the server-finished message -is different from the one decided upon. - -ssl3.netscape.com:443, first a connection is established with RC4-MD5. -If it is then resumed, we end up using DES-CBC3-SHA. It should be -RC4-MD5 according to 7.6.1.3, 'cipher_suite'. -Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug. -It only really shows up when connecting via SSLv2/v3 then reconnecting -via SSLv3. The cipher list changes.... -NEW INFORMATION. Try connecting with a cipher list of just -DES-CBC-SHA:RC4-MD5. For some weird reason, each new connection uses -RC4-MD5, but a re-connect tries to use DES-CBC-SHA. So netscape, when -doing a re-connect, always takes the first cipher in the cipher list. - -If we accept a netscape connection, demand a client cert, have a -non-self-signed CA which does not have it's CA in netscape, and the -browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta - -Netscape browsers do not really notice the server sending a -close notify message. I was sending one, and then some invalid data. -netscape complained of an invalid mac. (a fork()ed child doing a -SSL_shutdown() and still sharing the socket with its parent). - -Netscape, when using export ciphers, will accept a 1024 bit temporary -RSA key. It is supposed to only accept 512. - -If Netscape connects to a server which requests a client certificate -it will frequently hang after the user has selected one and never -complete the connection. Hitting "Stop" and reload fixes this and -all subsequent connections work fine. This appears to be because -Netscape wont read any new records in when it is awaiting a server -done message at this point. The fix is to send the certificate request -and server done messages in one record. diff --git a/crypto/openssl-0.9/crypto/aes/asm/aes-586.pl b/crypto/openssl-0.9/crypto/aes/asm/aes-586.pl deleted file mode 100755 index 2774d1cb49..0000000000 --- a/crypto/openssl-0.9/crypto/aes/asm/aes-586.pl +++ /dev/null @@ -1,1532 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the OpenSSL license. -# ==================================================================== -# -# Version 3.6. -# -# You might fail to appreciate this module performance from the first -# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered -# to be *the* best Intel C compiler without -KPIC, performance appears -# to be virtually identical... But try to re-configure with shared -# library support... Aha! Intel compiler "suddenly" lags behind by 30% -# [on P4, more on others]:-) And if compared to position-independent -# code generated by GNU C, this code performs *more* than *twice* as -# fast! Yes, all this buzz about PIC means that unlike other hand- -# coded implementations, this one was explicitly designed to be safe -# to use even in shared library context... This also means that this -# code isn't necessarily absolutely fastest "ever," because in order -# to achieve position independence an extra register has to be -# off-loaded to stack, which affects the benchmark result. -# -# Special note about instruction choice. Do you recall RC4_INT code -# performing poorly on P4? It might be the time to figure out why. -# RC4_INT code implies effective address calculations in base+offset*4 -# form. Trouble is that it seems that offset scaling turned to be -# critical path... At least eliminating scaling resulted in 2.8x RC4 -# performance improvement [as you might recall]. As AES code is hungry -# for scaling too, I [try to] avoid the latter by favoring off-by-2 -# shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF. -# -# As was shown by Dean Gaudet , the above note turned -# void. Performance improvement with off-by-2 shifts was observed on -# intermediate implementation, which was spilling yet another register -# to stack... Final offset*4 code below runs just a tad faster on P4, -# but exhibits up to 10% improvement on other cores. -# -# Second version is "monolithic" replacement for aes_core.c, which in -# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key. -# This made it possible to implement little-endian variant of the -# algorithm without modifying the base C code. Motivating factor for -# the undertaken effort was that it appeared that in tight IA-32 -# register window little-endian flavor could achieve slightly higher -# Instruction Level Parallelism, and it indeed resulted in up to 15% -# better performance on most recent µ-archs... -# -# Third version adds AES_cbc_encrypt implementation, which resulted in -# up to 40% performance imrovement of CBC benchmark results. 40% was -# observed on P4 core, where "overall" imrovement coefficient, i.e. if -# compared to PIC generated by GCC and in CBC mode, was observed to be -# as large as 4x:-) CBC performance is virtually identical to ECB now -# and on some platforms even better, e.g. 17.6 "small" cycles/byte on -# Opteron, because certain function prologues and epilogues are -# effectively taken out of the loop... -# -# Version 3.2 implements compressed tables and prefetch of these tables -# in CBC[!] mode. Former means that 3/4 of table references are now -# misaligned, which unfortunately has negative impact on elder IA-32 -# implementations, Pentium suffered 30% penalty, PIII - 10%. -# -# Version 3.3 avoids L1 cache aliasing between stack frame and -# S-boxes, and 3.4 - L1 cache aliasing even between key schedule. The -# latter is achieved by copying the key schedule to controlled place in -# stack. This unfortunately has rather strong impact on small block CBC -# performance, ~2x deterioration on 16-byte block if compared to 3.3. -# -# Version 3.5 checks if there is L1 cache aliasing between user-supplied -# key schedule and S-boxes and abstains from copying the former if -# there is no. This allows end-user to consciously retain small block -# performance by aligning key schedule in specific manner. -# -# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB. -# -# Current ECB performance numbers for 128-bit key in CPU cycles per -# processed byte [measure commonly used by AES benchmarkers] are: -# -# small footprint fully unrolled -# P4 24 22 -# AMD K8 20 19 -# PIII 25 23 -# Pentium 81 78 - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -&asm_init($ARGV[0],"aes-586.pl",$ARGV[$#ARGV] eq "386"); - -$s0="eax"; -$s1="ebx"; -$s2="ecx"; -$s3="edx"; -$key="edi"; -$acc="esi"; - -$compromise=0; # $compromise=128 abstains from copying key - # schedule to stack when encrypting inputs - # shorter than 128 bytes at the cost of - # risksing aliasing with S-boxes. In return - # you get way better, up to +70%, small block - # performance. -$small_footprint=1; # $small_footprint=1 code is ~5% slower [on - # recent µ-archs], but ~5 times smaller! - # I favor compact code to minimize cache - # contention and in hope to "collect" 5% back - # in real-life applications... -$vertical_spin=0; # shift "verticaly" defaults to 0, because of - # its proof-of-concept status... - -# Note that there is no decvert(), as well as last encryption round is -# performed with "horizontal" shifts. This is because this "vertical" -# implementation [one which groups shifts on a given $s[i] to form a -# "column," unlike "horizontal" one, which groups shifts on different -# $s[i] to form a "row"] is work in progress. It was observed to run -# few percents faster on Intel cores, but not AMD. On AMD K8 core it's -# whole 12% slower:-( So we face a trade-off... Shall it be resolved -# some day? Till then the code is considered experimental and by -# default remains dormant... - -sub encvert() -{ my ($te,@s) = @_; - my $v0 = $acc, $v1 = $key; - - &mov ($v0,$s[3]); # copy s3 - &mov (&DWP(4,"esp"),$s[2]); # save s2 - &mov ($v1,$s[0]); # copy s0 - &mov (&DWP(8,"esp"),$s[1]); # save s1 - - &movz ($s[2],&HB($s[0])); - &and ($s[0],0xFF); - &mov ($s[0],&DWP(0,$te,$s[0],8)); # s0>>0 - &shr ($v1,16); - &mov ($s[3],&DWP(3,$te,$s[2],8)); # s0>>8 - &movz ($s[1],&HB($v1)); - &and ($v1,0xFF); - &mov ($s[2],&DWP(2,$te,$v1,8)); # s0>>16 - &mov ($v1,$v0); - &mov ($s[1],&DWP(1,$te,$s[1],8)); # s0>>24 - - &and ($v0,0xFF); - &xor ($s[3],&DWP(0,$te,$v0,8)); # s3>>0 - &movz ($v0,&HB($v1)); - &shr ($v1,16); - &xor ($s[2],&DWP(3,$te,$v0,8)); # s3>>8 - &movz ($v0,&HB($v1)); - &and ($v1,0xFF); - &xor ($s[1],&DWP(2,$te,$v1,8)); # s3>>16 - &mov ($v1,&DWP(4,"esp")); # restore s2 - &xor ($s[0],&DWP(1,$te,$v0,8)); # s3>>24 - - &mov ($v0,$v1); - &and ($v1,0xFF); - &xor ($s[2],&DWP(0,$te,$v1,8)); # s2>>0 - &movz ($v1,&HB($v0)); - &shr ($v0,16); - &xor ($s[1],&DWP(3,$te,$v1,8)); # s2>>8 - &movz ($v1,&HB($v0)); - &and ($v0,0xFF); - &xor ($s[0],&DWP(2,$te,$v0,8)); # s2>>16 - &mov ($v0,&DWP(8,"esp")); # restore s1 - &xor ($s[3],&DWP(1,$te,$v1,8)); # s2>>24 - - &mov ($v1,$v0); - &and ($v0,0xFF); - &xor ($s[1],&DWP(0,$te,$v0,8)); # s1>>0 - &movz ($v0,&HB($v1)); - &shr ($v1,16); - &xor ($s[0],&DWP(3,$te,$v0,8)); # s1>>8 - &movz ($v0,&HB($v1)); - &and ($v1,0xFF); - &xor ($s[3],&DWP(2,$te,$v1,8)); # s1>>16 - &mov ($key,&DWP(12,"esp")); # reincarnate v1 as key - &xor ($s[2],&DWP(1,$te,$v0,8)); # s1>>24 -} - -sub encstep() -{ my ($i,$te,@s) = @_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - # lines marked with #%e?x[i] denote "reordered" instructions... - if ($i==3) { &mov ($key,&DWP(12,"esp")); }##%edx - else { &mov ($out,$s[0]); - &and ($out,0xFF); } - if ($i==1) { &shr ($s[0],16); }#%ebx[1] - if ($i==2) { &shr ($s[0],24); }#%ecx[2] - &mov ($out,&DWP(0,$te,$out,8)); - - if ($i==3) { $tmp=$s[1]; }##%eax - &movz ($tmp,&HB($s[1])); - &xor ($out,&DWP(3,$te,$tmp,8)); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx - else { &mov ($tmp,$s[2]); - &shr ($tmp,16); } - if ($i==2) { &and ($s[1],0xFF); }#%edx[2] - &and ($tmp,0xFF); - &xor ($out,&DWP(2,$te,$tmp,8)); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx - elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] - else { &mov ($tmp,$s[3]); - &shr ($tmp,24) } - &xor ($out,&DWP(1,$te,$tmp,8)); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$acc); } - &comment(); -} - -sub enclast() -{ my ($i,$te,@s)=@_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - if ($i==3) { &mov ($key,&DWP(12,"esp")); }##%edx - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - if ($i==1) { &shr ($s[0],16); }#%ebx[1] - if ($i==2) { &shr ($s[0],24); }#%ecx[2] - &mov ($out,&DWP(2,$te,$out,8)); - &and ($out,0x000000ff); - - if ($i==3) { $tmp=$s[1]; }##%eax - &movz ($tmp,&HB($s[1])); - &mov ($tmp,&DWP(0,$te,$tmp,8)); - &and ($tmp,0x0000ff00); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],&DWP(4,"esp")); }##%ebx - else { mov ($tmp,$s[2]); - &shr ($tmp,16); } - if ($i==2) { &and ($s[1],0xFF); }#%edx[2] - &and ($tmp,0xFF); - &mov ($tmp,&DWP(0,$te,$tmp,8)); - &and ($tmp,0x00ff0000); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); }##%ecx - elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] - else { &mov ($tmp,$s[3]); - &shr ($tmp,24); } - &mov ($tmp,&DWP(2,$te,$tmp,8)); - &and ($tmp,0xff000000); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],$acc); } -} - -sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } } - -&public_label("AES_Te"); -&function_begin_B("_x86_AES_encrypt"); - if ($vertical_spin) { - # I need high parts of volatile registers to be accessible... - &exch ($s1="edi",$key="ebx"); - &mov ($s2="esi",$acc="ecx"); - } - - # note that caller is expected to allocate stack frame for me! - &mov (&DWP(12,"esp"),$key); # save key - - &xor ($s0,&DWP(0,$key)); # xor with key - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($acc,&DWP(240,$key)); # load key->rounds - - if ($small_footprint) { - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov (&DWP(16,"esp"),$acc); # end of key schedule - &align (4); - &set_label("loop"); - if ($vertical_spin) { - &encvert("ebp",$s0,$s1,$s2,$s3); - } else { - &encstep(0,"ebp",$s0,$s1,$s2,$s3); - &encstep(1,"ebp",$s1,$s2,$s3,$s0); - &encstep(2,"ebp",$s2,$s3,$s0,$s1); - &encstep(3,"ebp",$s3,$s0,$s1,$s2); - } - &add ($key,16); # advance rd_key - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - &cmp ($key,&DWP(16,"esp")); - &mov (&DWP(12,"esp"),$key); - &jb (&label("loop")); - } - else { - &cmp ($acc,10); - &jle (&label("10rounds")); - &cmp ($acc,12); - &jle (&label("12rounds")); - - &set_label("14rounds"); - for ($i=1;$i<3;$i++) { - if ($vertical_spin) { - &encvert("ebp",$s0,$s1,$s2,$s3); - } else { - &encstep(0,"ebp",$s0,$s1,$s2,$s3); - &encstep(1,"ebp",$s1,$s2,$s3,$s0); - &encstep(2,"ebp",$s2,$s3,$s0,$s1); - &encstep(3,"ebp",$s3,$s0,$s1,$s2); - } - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov (&DWP(12,"esp"),$key); # advance rd_key - &set_label("12rounds"); - for ($i=1;$i<3;$i++) { - if ($vertical_spin) { - &encvert("ebp",$s0,$s1,$s2,$s3); - } else { - &encstep(0,"ebp",$s0,$s1,$s2,$s3); - &encstep(1,"ebp",$s1,$s2,$s3,$s0); - &encstep(2,"ebp",$s2,$s3,$s0,$s1); - &encstep(3,"ebp",$s3,$s0,$s1,$s2); - } - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov (&DWP(12,"esp"),$key); # advance rd_key - &set_label("10rounds"); - for ($i=1;$i<10;$i++) { - if ($vertical_spin) { - &encvert("ebp",$s0,$s1,$s2,$s3); - } else { - &encstep(0,"ebp",$s0,$s1,$s2,$s3); - &encstep(1,"ebp",$s1,$s2,$s3,$s0); - &encstep(2,"ebp",$s2,$s3,$s0,$s1); - &encstep(3,"ebp",$s3,$s0,$s1,$s2); - } - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - } - - if ($vertical_spin) { - # "reincarnate" some registers for "horizontal" spin... - &mov ($s1="ebx",$key="edi"); - &mov ($s2="ecx",$acc="esi"); - } - &enclast(0,"ebp",$s0,$s1,$s2,$s3); - &enclast(1,"ebp",$s1,$s2,$s3,$s0); - &enclast(2,"ebp",$s2,$s3,$s0,$s1); - &enclast(3,"ebp",$s3,$s0,$s1,$s2); - - &add ($key,$small_footprint?16:160); - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &ret (); - -&set_label("AES_Te",64); # Yes! I keep it in the code segment! - &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); - &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); - &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56); - &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec); - &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa); - &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb); - &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45); - &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b); - &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c); - &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83); - &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9); - &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a); - &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d); - &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f); - &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df); - &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea); - &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34); - &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b); - &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d); - &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413); - &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1); - &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6); - &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972); - &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85); - &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed); - &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511); - &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe); - &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b); - &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05); - &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1); - &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142); - &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf); - &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3); - &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e); - &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a); - &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6); - &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3); - &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b); - &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428); - &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad); - &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14); - &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8); - &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4); - &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2); - &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda); - &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949); - &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf); - &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810); - &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c); - &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697); - &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e); - &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f); - &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc); - &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c); - &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969); - &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27); - &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122); - &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433); - &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9); - &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5); - &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a); - &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); - &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); - &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); -#rcon: - &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008); - &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080); - &data_word(0x0000001b, 0x00000036, 0, 0, 0, 0, 0, 0); -&function_end_B("_x86_AES_encrypt"); - -# void AES_encrypt (const void *inp,void *out,const AES_KEY *key); -&public_label("AES_Te"); -&function_begin("AES_encrypt"); - &mov ($acc,&wparam(0)); # load inp - &mov ($key,&wparam(2)); # load key - - &mov ($s0,"esp"); - &sub ("esp",24); - &and ("esp",-64); - &add ("esp",4); - &mov (&DWP(16,"esp"),$s0); - - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop("ebp"); - &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); - - &mov ($s0,&DWP(0,$acc)); # load input data - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &call ("_x86_AES_encrypt"); - - &mov ("esp",&DWP(16,"esp")); - - &mov ($acc,&wparam(1)); # load out - &mov (&DWP(0,$acc),$s0); # write output data - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); -&function_end("AES_encrypt"); - -#------------------------------------------------------------------# - -sub decstep() -{ my ($i,$td,@s) = @_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - # no instructions are reordered, as performance appears - # optimal... or rather that all attempts to reorder didn't - # result in better performance [which by the way is not a - # bit lower than ecryption]. - if($i==3) { &mov ($key,&DWP(12,"esp")); } - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - &mov ($out,&DWP(0,$td,$out,8)); - - if ($i==3) { $tmp=$s[1]; } - &movz ($tmp,&HB($s[1])); - &xor ($out,&DWP(3,$td,$tmp,8)); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } - else { &mov ($tmp,$s[2]); } - &shr ($tmp,16); - &and ($tmp,0xFF); - &xor ($out,&DWP(2,$td,$tmp,8)); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); } - else { &mov ($tmp,$s[3]); } - &shr ($tmp,24); - &xor ($out,&DWP(1,$td,$tmp,8)); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],&DWP(4,"esp")); } - &comment(); -} - -sub declast() -{ my ($i,$td,@s)=@_; - my $tmp = $key; - my $out = $i==3?$s[0]:$acc; - - if($i==3) { &mov ($key,&DWP(12,"esp")); } - else { &mov ($out,$s[0]); } - &and ($out,0xFF); - &movz ($out,&DWP(2048,$td,$out,1)); - - if ($i==3) { $tmp=$s[1]; } - &movz ($tmp,&HB($s[1])); - &movz ($tmp,&DWP(2048,$td,$tmp,1)); - &shl ($tmp,8); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } - else { mov ($tmp,$s[2]); } - &shr ($tmp,16); - &and ($tmp,0xFF); - &movz ($tmp,&DWP(2048,$td,$tmp,1)); - &shl ($tmp,16); - &xor ($out,$tmp); - - if ($i==3) { $tmp=$s[3]; &mov ($s[2],&DWP(8,"esp")); } - else { &mov ($tmp,$s[3]); } - &shr ($tmp,24); - &movz ($tmp,&DWP(2048,$td,$tmp,1)); - &shl ($tmp,24); - &xor ($out,$tmp); - if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } - if ($i==3) { &mov ($s[3],&DWP(4,"esp")); } -} - -&public_label("AES_Td"); -&function_begin_B("_x86_AES_decrypt"); - # note that caller is expected to allocate stack frame for me! - &mov (&DWP(12,"esp"),$key); # save key - - &xor ($s0,&DWP(0,$key)); # xor with key - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov ($acc,&DWP(240,$key)); # load key->rounds - - if ($small_footprint) { - &lea ($acc,&DWP(-2,$acc,$acc)); - &lea ($acc,&DWP(0,$key,$acc,8)); - &mov (&DWP(16,"esp"),$acc); # end of key schedule - &align (4); - &set_label("loop"); - &decstep(0,"ebp",$s0,$s3,$s2,$s1); - &decstep(1,"ebp",$s1,$s0,$s3,$s2); - &decstep(2,"ebp",$s2,$s1,$s0,$s3); - &decstep(3,"ebp",$s3,$s2,$s1,$s0); - &add ($key,16); # advance rd_key - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - &cmp ($key,&DWP(16,"esp")); - &mov (&DWP(12,"esp"),$key); - &jb (&label("loop")); - } - else { - &cmp ($acc,10); - &jle (&label("10rounds")); - &cmp ($acc,12); - &jle (&label("12rounds")); - - &set_label("14rounds"); - for ($i=1;$i<3;$i++) { - &decstep(0,"ebp",$s0,$s3,$s2,$s1); - &decstep(1,"ebp",$s1,$s0,$s3,$s2); - &decstep(2,"ebp",$s2,$s1,$s0,$s3); - &decstep(3,"ebp",$s3,$s2,$s1,$s0); - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov (&DWP(12,"esp"),$key); # advance rd_key - &set_label("12rounds"); - for ($i=1;$i<3;$i++) { - &decstep(0,"ebp",$s0,$s3,$s2,$s1); - &decstep(1,"ebp",$s1,$s0,$s3,$s2); - &decstep(2,"ebp",$s2,$s1,$s0,$s3); - &decstep(3,"ebp",$s3,$s2,$s1,$s0); - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - &add ($key,32); - &mov (&DWP(12,"esp"),$key); # advance rd_key - &set_label("10rounds"); - for ($i=1;$i<10;$i++) { - &decstep(0,"ebp",$s0,$s3,$s2,$s1); - &decstep(1,"ebp",$s1,$s0,$s3,$s2); - &decstep(2,"ebp",$s2,$s1,$s0,$s3); - &decstep(3,"ebp",$s3,$s2,$s1,$s0); - &xor ($s0,&DWP(16*$i+0,$key)); - &xor ($s1,&DWP(16*$i+4,$key)); - &xor ($s2,&DWP(16*$i+8,$key)); - &xor ($s3,&DWP(16*$i+12,$key)); - } - } - - &declast(0,"ebp",$s0,$s3,$s2,$s1); - &declast(1,"ebp",$s1,$s0,$s3,$s2); - &declast(2,"ebp",$s2,$s1,$s0,$s3); - &declast(3,"ebp",$s3,$s2,$s1,$s0); - - &add ($key,$small_footprint?16:160); - &xor ($s0,&DWP(0,$key)); - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &ret (); - -&set_label("AES_Td",64); # Yes! I keep it in the code segment! - &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); - &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); - &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5); - &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5); - &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d); - &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b); - &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295); - &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e); - &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927); - &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d); - &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362); - &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9); - &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52); - &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566); - &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3); - &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed); - &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e); - &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4); - &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4); - &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd); - &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d); - &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060); - &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967); - &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879); - &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000); - &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c); - &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36); - &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624); - &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b); - &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c); - &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12); - &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14); - &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3); - &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b); - &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8); - &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684); - &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7); - &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177); - &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947); - &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322); - &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498); - &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f); - &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54); - &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382); - &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf); - &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb); - &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83); - &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef); - &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029); - &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235); - &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733); - &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117); - &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4); - &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546); - &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb); - &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d); - &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb); - &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a); - &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773); - &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478); - &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2); - &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); - &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); - &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); -#Td4: - &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); - &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); - &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); - &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); - &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); - &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); - &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); - &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); - &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); - &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); - &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); - &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); - &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); - &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); - &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); - &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); - &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); - &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); - &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); - &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); - &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); - &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); - &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); - &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); - &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); - &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); - &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); - &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); - &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); - &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); - &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); - &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); -&function_end_B("_x86_AES_decrypt"); - -# void AES_decrypt (const void *inp,void *out,const AES_KEY *key); -&public_label("AES_Td"); -&function_begin("AES_decrypt"); - &mov ($acc,&wparam(0)); # load inp - &mov ($key,&wparam(2)); # load key - - &mov ($s0,"esp"); - &sub ("esp",24); - &and ("esp",-64); - &add ("esp",4); - &mov (&DWP(16,"esp"),$s0); - - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop("ebp"); - &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp")); - - # prefetch Td4 - &lea ("ebp",&DWP(2048+128,"ebp")); - &mov ($s0,&DWP(0-128,"ebp")); - &mov ($s1,&DWP(32-128,"ebp")); - &mov ($s2,&DWP(64-128,"ebp")); - &mov ($s3,&DWP(96-128,"ebp")); - &mov ($s0,&DWP(128-128,"ebp")); - &mov ($s1,&DWP(160-128,"ebp")); - &mov ($s2,&DWP(192-128,"ebp")); - &mov ($s3,&DWP(224-128,"ebp")); - &lea ("ebp",&DWP(-2048-128,"ebp")); - - &mov ($s0,&DWP(0,$acc)); # load input data - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &call ("_x86_AES_decrypt"); - - &mov ("esp",&DWP(16,"esp")); - - &mov ($acc,&wparam(1)); # load out - &mov (&DWP(0,$acc),$s0); # write output data - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); -&function_end("AES_decrypt"); - -# void AES_cbc_encrypt (const void char *inp, unsigned char *out, -# size_t length, const AES_KEY *key, -# unsigned char *ivp,const int enc); -{ -# stack frame layout -# -4(%esp) 0(%esp) return address -# 0(%esp) 4(%esp) tmp1 -# 4(%esp) 8(%esp) tmp2 -# 8(%esp) 12(%esp) key -# 12(%esp) 16(%esp) end of key schedule -my $_esp=&DWP(16,"esp"); #saved %esp -my $_inp=&DWP(20,"esp"); #copy of wparam(0) -my $_out=&DWP(24,"esp"); #copy of wparam(1) -my $_len=&DWP(28,"esp"); #copy of wparam(2) -my $_key=&DWP(32,"esp"); #copy of wparam(3) -my $_ivp=&DWP(36,"esp"); #copy of wparam(4) -my $_tmp=&DWP(40,"esp"); #volatile variable -my $ivec=&DWP(44,"esp"); #ivec[16] -my $aes_key=&DWP(60,"esp"); #copy of aes_key -my $mark=&DWP(60+240,"esp"); #copy of aes_key->rounds - -&public_label("AES_Te"); -&public_label("AES_Td"); -&function_begin("AES_cbc_encrypt"); - &mov ($s2 eq "ecx"? $s2 : "",&wparam(2)); # load len - &cmp ($s2,0); - &je (&label("enc_out")); - - &call (&label("pic_point")); # make it PIC! - &set_label("pic_point"); - &blindpop("ebp"); - - &pushf (); - &cld (); - - &cmp (&wparam(5),0); - &je (&label("DECRYPT")); - - &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); - - # allocate aligned stack frame... - &lea ($key,&DWP(-64-244,"esp")); - &and ($key,-64); - - # ... and make sure it doesn't alias with AES_Te modulo 4096 - &mov ($s0,"ebp"); - &lea ($s1,&DWP(2048,"ebp")); - &mov ($s3,$key); - &and ($s0,0xfff); # s = %ebp&0xfff - &and ($s1,0xfff); # e = (%ebp+2048)&0xfff - &and ($s3,0xfff); # p = %esp&0xfff - - &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e); - &jb (&label("te_break_out")); - &sub ($s3,$s1); - &sub ($key,$s3); - &jmp (&label("te_ok")); - &set_label("te_break_out"); # else %esp -= (p-s)&0xfff + framesz; - &sub ($s3,$s0); - &and ($s3,0xfff); - &add ($s3,64+256); - &sub ($key,$s3); - &align (4); - &set_label("te_ok"); - - &mov ($s0,&wparam(0)); # load inp - &mov ($s1,&wparam(1)); # load out - &mov ($s3,&wparam(3)); # load key - &mov ($acc,&wparam(4)); # load ivp - - &exch ("esp",$key); - &add ("esp",4); # reserve for return address! - &mov ($_esp,$key); # save %esp - - &mov ($_inp,$s0); # save copy of inp - &mov ($_out,$s1); # save copy of out - &mov ($_len,$s2); # save copy of len - &mov ($_key,$s3); # save copy of key - &mov ($_ivp,$acc); # save copy of ivp - - &mov ($mark,0); # copy of aes_key->rounds = 0; - if ($compromise) { - &cmp ($s2,$compromise); - &jb (&label("skip_ecopy")); - } - # do we copy key schedule to stack? - &mov ($s1 eq "ebx" ? $s1 : "",$s3); - &mov ($s2 eq "ecx" ? $s2 : "",244/4); - &sub ($s1,"ebp"); - &mov ("esi",$s3); - &and ($s1,0xfff); - &lea ("edi",$aes_key); - &cmp ($s1,2048); - &jb (&label("do_ecopy")); - &cmp ($s1,4096-244); - &jb (&label("skip_ecopy")); - &align (4); - &set_label("do_ecopy"); - &mov ($_key,"edi"); - &data_word(0xA5F3F689); # rep movsd - &set_label("skip_ecopy"); - - &mov ($acc,$s0); - &mov ($key,16); - &align (4); - &set_label("prefetch_te"); - &mov ($s0,&DWP(0,"ebp")); - &mov ($s1,&DWP(32,"ebp")); - &mov ($s2,&DWP(64,"ebp")); - &mov ($s3,&DWP(96,"ebp")); - &lea ("ebp",&DWP(128,"ebp")); - &dec ($key); - &jnz (&label("prefetch_te")); - &sub ("ebp",2048); - - &mov ($s2,$_len); - &mov ($key,$_ivp); - &test ($s2,0xFFFFFFF0); - &jz (&label("enc_tail")); # short input... - - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - - &align (4); - &set_label("enc_loop"); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - - &xor ($s0,&DWP(0,$acc)); # xor input data - &xor ($s1,&DWP(4,$acc)); - &xor ($s2,&DWP(8,$acc)); - &xor ($s3,&DWP(12,$acc)); - - &mov ($key,$_key); # load key - &call ("_x86_AES_encrypt"); - - &mov ($acc,$_inp); # load inp - &mov ($key,$_out); # load out - - &mov (&DWP(0,$key),$s0); # save output data - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($s2,$_len); # load len - - &lea ($acc,&DWP(16,$acc)); - &mov ($_inp,$acc); # save inp - - &lea ($s3,&DWP(16,$key)); - &mov ($_out,$s3); # save out - - &sub ($s2,16); - &test ($s2,0xFFFFFFF0); - &mov ($_len,$s2); # save len - &jnz (&label("enc_loop")); - &test ($s2,15); - &jnz (&label("enc_tail")); - &mov ($acc,$_ivp); # load ivp - &mov ($s2,&DWP(8,$key)); # restore last dwords - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$acc),$s0); # save ivec - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &cmp ($mark,0); # was the key schedule copied? - &mov ("edi",$_key); - &mov ("esp",$_esp); - &je (&label("skip_ezero")); - # zero copy of key schedule - &mov ("ecx",240/4); - &xor ("eax","eax"); - &align (4); - &data_word(0xABF3F689); # rep stosd - &set_label("skip_ezero") - &popf (); - &set_label("enc_out"); - &function_end_A(); - &pushf (); # kludge, never executed - - &align (4); - &set_label("enc_tail"); - &push ($key eq "edi" ? $key : ""); # push ivp - &mov ($key,$_out); # load out - &mov ($s1,16); - &sub ($s1,$s2); - &cmp ($key,$acc); # compare with inp - &je (&label("enc_in_place")); - &align (4); - &data_word(0xA4F3F689); # rep movsb # copy input - &jmp (&label("enc_skip_in_place")); - &set_label("enc_in_place"); - &lea ($key,&DWP(0,$key,$s2)); - &set_label("enc_skip_in_place"); - &mov ($s2,$s1); - &xor ($s0,$s0); - &align (4); - &data_word(0xAAF3F689); # rep stosb # zero tail - &pop ($key); # pop ivp - - &mov ($acc,$_out); # output as input - &mov ($s0,&DWP(0,$key)); - &mov ($s1,&DWP(4,$key)); - &mov ($_len,16); # len=16 - &jmp (&label("enc_loop")); # one more spin... - -#----------------------------- DECRYPT -----------------------------# -&align (4); -&set_label("DECRYPT"); - &lea ("ebp",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp")); - - # allocate aligned stack frame... - &lea ($key,&DWP(-64-244,"esp")); - &and ($key,-64); - - # ... and make sure it doesn't alias with AES_Td modulo 4096 - &mov ($s0,"ebp"); - &lea ($s1,&DWP(2048+256,"ebp")); - &mov ($s3,$key); - &and ($s0,0xfff); # s = %ebp&0xfff - &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff - &and ($s3,0xfff); # p = %esp&0xfff - - &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e); - &jb (&label("td_break_out")); - &sub ($s3,$s1); - &sub ($key,$s3); - &jmp (&label("td_ok")); - &set_label("td_break_out"); # else %esp -= (p-s)&0xfff + framesz; - &sub ($s3,$s0); - &and ($s3,0xfff); - &add ($s3,64+256); - &sub ($key,$s3); - &align (4); - &set_label("td_ok"); - - &mov ($s0,&wparam(0)); # load inp - &mov ($s1,&wparam(1)); # load out - &mov ($s3,&wparam(3)); # load key - &mov ($acc,&wparam(4)); # load ivp - - &exch ("esp",$key); - &add ("esp",4); # reserve for return address! - &mov ($_esp,$key); # save %esp - - &mov ($_inp,$s0); # save copy of inp - &mov ($_out,$s1); # save copy of out - &mov ($_len,$s2); # save copy of len - &mov ($_key,$s3); # save copy of key - &mov ($_ivp,$acc); # save copy of ivp - - &mov ($mark,0); # copy of aes_key->rounds = 0; - if ($compromise) { - &cmp ($s2,$compromise); - &jb (&label("skip_dcopy")); - } - # do we copy key schedule to stack? - &mov ($s1 eq "ebx" ? $s1 : "",$s3); - &mov ($s2 eq "ecx" ? $s2 : "",244/4); - &sub ($s1,"ebp"); - &mov ("esi",$s3); - &and ($s1,0xfff); - &lea ("edi",$aes_key); - &cmp ($s1,2048+256); - &jb (&label("do_dcopy")); - &cmp ($s1,4096-244); - &jb (&label("skip_dcopy")); - &align (4); - &set_label("do_dcopy"); - &mov ($_key,"edi"); - &data_word(0xA5F3F689); # rep movsd - &set_label("skip_dcopy"); - - &mov ($acc,$s0); - &mov ($key,18); - &align (4); - &set_label("prefetch_td"); - &mov ($s0,&DWP(0,"ebp")); - &mov ($s1,&DWP(32,"ebp")); - &mov ($s2,&DWP(64,"ebp")); - &mov ($s3,&DWP(96,"ebp")); - &lea ("ebp",&DWP(128,"ebp")); - &dec ($key); - &jnz (&label("prefetch_td")); - &sub ("ebp",2048+256); - - &cmp ($acc,$_out); - &je (&label("dec_in_place")); # in-place processing... - - &mov ($key,$_ivp); # load ivp - &mov ($_tmp,$key); - - &align (4); - &set_label("dec_loop"); - &mov ($s0,&DWP(0,$acc)); # read input - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov ($key,$_key); # load key - &call ("_x86_AES_decrypt"); - - &mov ($key,$_tmp); # load ivp - &mov ($acc,$_len); # load len - &xor ($s0,&DWP(0,$key)); # xor iv - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &sub ($acc,16); - &jc (&label("dec_partial")); - &mov ($_len,$acc); # save len - &mov ($acc,$_inp); # load inp - &mov ($key,$_out); # load out - - &mov (&DWP(0,$key),$s0); # write output - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($_tmp,$acc); # save ivp - &lea ($acc,&DWP(16,$acc)); - &mov ($_inp,$acc); # save inp - - &lea ($key,&DWP(16,$key)); - &mov ($_out,$key); # save out - - &jnz (&label("dec_loop")); - &mov ($key,$_tmp); # load temp ivp - &set_label("dec_end"); - &mov ($acc,$_ivp); # load user ivp - &mov ($s0,&DWP(0,$key)); # load iv - &mov ($s1,&DWP(4,$key)); - &mov ($s2,&DWP(8,$key)); - &mov ($s3,&DWP(12,$key)); - &mov (&DWP(0,$acc),$s0); # copy back to user - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - &jmp (&label("dec_out")); - - &align (4); - &set_label("dec_partial"); - &lea ($key,$ivec); - &mov (&DWP(0,$key),$s0); # dump output to stack - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - &lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$acc)); - &mov ($acc eq "esi" ? $acc : "",$key); - &mov ($key eq "edi" ? $key : "",$_out); # load out - &data_word(0xA4F3F689); # rep movsb # copy output - &mov ($key,$_inp); # use inp as temp ivp - &jmp (&label("dec_end")); - - &align (4); - &set_label("dec_in_place"); - &set_label("dec_in_place_loop"); - &lea ($key,$ivec); - &mov ($s0,&DWP(0,$acc)); # read input - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov (&DWP(0,$key),$s0); # copy to temp - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($key,$_key); # load key - &call ("_x86_AES_decrypt"); - - &mov ($key,$_ivp); # load ivp - &mov ($acc,$_out); # load out - &xor ($s0,&DWP(0,$key)); # xor iv - &xor ($s1,&DWP(4,$key)); - &xor ($s2,&DWP(8,$key)); - &xor ($s3,&DWP(12,$key)); - - &mov (&DWP(0,$acc),$s0); # write output - &mov (&DWP(4,$acc),$s1); - &mov (&DWP(8,$acc),$s2); - &mov (&DWP(12,$acc),$s3); - - &lea ($acc,&DWP(16,$acc)); - &mov ($_out,$acc); # save out - - &lea ($acc,$ivec); - &mov ($s0,&DWP(0,$acc)); # read temp - &mov ($s1,&DWP(4,$acc)); - &mov ($s2,&DWP(8,$acc)); - &mov ($s3,&DWP(12,$acc)); - - &mov (&DWP(0,$key),$s0); # copy iv - &mov (&DWP(4,$key),$s1); - &mov (&DWP(8,$key),$s2); - &mov (&DWP(12,$key),$s3); - - &mov ($acc,$_inp); # load inp - - &lea ($acc,&DWP(16,$acc)); - &mov ($_inp,$acc); # save inp - - &mov ($s2,$_len); # load len - &sub ($s2,16); - &jc (&label("dec_in_place_partial")); - &mov ($_len,$s2); # save len - &jnz (&label("dec_in_place_loop")); - &jmp (&label("dec_out")); - - &align (4); - &set_label("dec_in_place_partial"); - # one can argue if this is actually required... - &mov ($key eq "edi" ? $key : "",$_out); - &lea ($acc eq "esi" ? $acc : "",$ivec); - &lea ($key,&DWP(0,$key,$s2)); - &lea ($acc,&DWP(16,$acc,$s2)); - &neg ($s2 eq "ecx" ? $s2 : ""); - &data_word(0xA4F3F689); # rep movsb # restore tail - - &align (4); - &set_label("dec_out"); - &cmp ($mark,0); # was the key schedule copied? - &mov ("edi",$_key); - &mov ("esp",$_esp); - &je (&label("skip_dzero")); - # zero copy of key schedule - &mov ("ecx",240/4); - &xor ("eax","eax"); - &align (4); - &data_word(0xABF3F689); # rep stosd - &set_label("skip_dzero") - &popf (); -&function_end("AES_cbc_encrypt"); -} - -#------------------------------------------------------------------# - -sub enckey() -{ - &movz ("esi",&LB("edx")); # rk[i]>>0 - &mov ("ebx",&DWP(2,"ebp","esi",8)); - &movz ("esi",&HB("edx")); # rk[i]>>8 - &and ("ebx",0xFF000000); - &xor ("eax","ebx"); - - &mov ("ebx",&DWP(2,"ebp","esi",8)); - &shr ("edx",16); - &and ("ebx",0x000000FF); - &movz ("esi",&LB("edx")); # rk[i]>>16 - &xor ("eax","ebx"); - - &mov ("ebx",&DWP(0,"ebp","esi",8)); - &movz ("esi",&HB("edx")); # rk[i]>>24 - &and ("ebx",0x0000FF00); - &xor ("eax","ebx"); - - &mov ("ebx",&DWP(0,"ebp","esi",8)); - &and ("ebx",0x00FF0000); - &xor ("eax","ebx"); - - &xor ("eax",&DWP(2048,"ebp","ecx",4)); # rcon -} - -# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -&public_label("AES_Te"); -&function_begin("AES_set_encrypt_key"); - &mov ("esi",&wparam(0)); # user supplied key - &mov ("edi",&wparam(2)); # private key schedule - - &test ("esi",-1); - &jz (&label("badpointer")); - &test ("edi",-1); - &jz (&label("badpointer")); - - &call (&label("pic_point")); - &set_label("pic_point"); - &blindpop("ebp"); - &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); - - &mov ("ecx",&wparam(1)); # number of bits in key - &cmp ("ecx",128); - &je (&label("10rounds")); - &cmp ("ecx",192); - &je (&label("12rounds")); - &cmp ("ecx",256); - &je (&label("14rounds")); - &mov ("eax",-2); # invalid number of bits - &jmp (&label("exit")); - - &set_label("10rounds"); - &mov ("eax",&DWP(0,"esi")); # copy first 4 dwords - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - - &xor ("ecx","ecx"); - &jmp (&label("10shortcut")); - - &align (4); - &set_label("10loop"); - &mov ("eax",&DWP(0,"edi")); # rk[0] - &mov ("edx",&DWP(12,"edi")); # rk[3] - &set_label("10shortcut"); - &enckey (); - - &mov (&DWP(16,"edi"),"eax"); # rk[4] - &xor ("eax",&DWP(4,"edi")); - &mov (&DWP(20,"edi"),"eax"); # rk[5] - &xor ("eax",&DWP(8,"edi")); - &mov (&DWP(24,"edi"),"eax"); # rk[6] - &xor ("eax",&DWP(12,"edi")); - &mov (&DWP(28,"edi"),"eax"); # rk[7] - &inc ("ecx"); - &add ("edi",16); - &cmp ("ecx",10); - &jl (&label("10loop")); - - &mov (&DWP(80,"edi"),10); # setup number of rounds - &xor ("eax","eax"); - &jmp (&label("exit")); - - &set_label("12rounds"); - &mov ("eax",&DWP(0,"esi")); # copy first 6 dwords - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - &mov ("ecx",&DWP(16,"esi")); - &mov ("edx",&DWP(20,"esi")); - &mov (&DWP(16,"edi"),"ecx"); - &mov (&DWP(20,"edi"),"edx"); - - &xor ("ecx","ecx"); - &jmp (&label("12shortcut")); - - &align (4); - &set_label("12loop"); - &mov ("eax",&DWP(0,"edi")); # rk[0] - &mov ("edx",&DWP(20,"edi")); # rk[5] - &set_label("12shortcut"); - &enckey (); - - &mov (&DWP(24,"edi"),"eax"); # rk[6] - &xor ("eax",&DWP(4,"edi")); - &mov (&DWP(28,"edi"),"eax"); # rk[7] - &xor ("eax",&DWP(8,"edi")); - &mov (&DWP(32,"edi"),"eax"); # rk[8] - &xor ("eax",&DWP(12,"edi")); - &mov (&DWP(36,"edi"),"eax"); # rk[9] - - &cmp ("ecx",7); - &je (&label("12break")); - &inc ("ecx"); - - &xor ("eax",&DWP(16,"edi")); - &mov (&DWP(40,"edi"),"eax"); # rk[10] - &xor ("eax",&DWP(20,"edi")); - &mov (&DWP(44,"edi"),"eax"); # rk[11] - - &add ("edi",24); - &jmp (&label("12loop")); - - &set_label("12break"); - &mov (&DWP(72,"edi"),12); # setup number of rounds - &xor ("eax","eax"); - &jmp (&label("exit")); - - &set_label("14rounds"); - &mov ("eax",&DWP(0,"esi")); # copy first 8 dwords - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(8,"esi")); - &mov ("edx",&DWP(12,"esi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(8,"edi"),"ecx"); - &mov (&DWP(12,"edi"),"edx"); - &mov ("eax",&DWP(16,"esi")); - &mov ("ebx",&DWP(20,"esi")); - &mov ("ecx",&DWP(24,"esi")); - &mov ("edx",&DWP(28,"esi")); - &mov (&DWP(16,"edi"),"eax"); - &mov (&DWP(20,"edi"),"ebx"); - &mov (&DWP(24,"edi"),"ecx"); - &mov (&DWP(28,"edi"),"edx"); - - &xor ("ecx","ecx"); - &jmp (&label("14shortcut")); - - &align (4); - &set_label("14loop"); - &mov ("edx",&DWP(28,"edi")); # rk[7] - &set_label("14shortcut"); - &mov ("eax",&DWP(0,"edi")); # rk[0] - - &enckey (); - - &mov (&DWP(32,"edi"),"eax"); # rk[8] - &xor ("eax",&DWP(4,"edi")); - &mov (&DWP(36,"edi"),"eax"); # rk[9] - &xor ("eax",&DWP(8,"edi")); - &mov (&DWP(40,"edi"),"eax"); # rk[10] - &xor ("eax",&DWP(12,"edi")); - &mov (&DWP(44,"edi"),"eax"); # rk[11] - - &cmp ("ecx",6); - &je (&label("14break")); - &inc ("ecx"); - - &mov ("edx","eax"); - &mov ("eax",&DWP(16,"edi")); # rk[4] - &movz ("esi",&LB("edx")); # rk[11]>>0 - &mov ("ebx",&DWP(2,"ebp","esi",8)); - &movz ("esi",&HB("edx")); # rk[11]>>8 - &and ("ebx",0x000000FF); - &xor ("eax","ebx"); - - &mov ("ebx",&DWP(0,"ebp","esi",8)); - &shr ("edx",16); - &and ("ebx",0x0000FF00); - &movz ("esi",&LB("edx")); # rk[11]>>16 - &xor ("eax","ebx"); - - &mov ("ebx",&DWP(0,"ebp","esi",8)); - &movz ("esi",&HB("edx")); # rk[11]>>24 - &and ("ebx",0x00FF0000); - &xor ("eax","ebx"); - - &mov ("ebx",&DWP(2,"ebp","esi",8)); - &and ("ebx",0xFF000000); - &xor ("eax","ebx"); - - &mov (&DWP(48,"edi"),"eax"); # rk[12] - &xor ("eax",&DWP(20,"edi")); - &mov (&DWP(52,"edi"),"eax"); # rk[13] - &xor ("eax",&DWP(24,"edi")); - &mov (&DWP(56,"edi"),"eax"); # rk[14] - &xor ("eax",&DWP(28,"edi")); - &mov (&DWP(60,"edi"),"eax"); # rk[15] - - &add ("edi",32); - &jmp (&label("14loop")); - - &set_label("14break"); - &mov (&DWP(48,"edi"),14); # setup number of rounds - &xor ("eax","eax"); - &jmp (&label("exit")); - - &set_label("badpointer"); - &mov ("eax",-1); - &set_label("exit"); -&function_end("AES_set_encrypt_key"); - -sub deckey() -{ my ($i,$ptr,$te,$td) = @_; - - &mov ("eax",&DWP($i,$ptr)); - &mov ("edx","eax"); - &movz ("ebx",&HB("eax")); - &shr ("edx",16); - &and ("eax",0xFF); - &movz ("eax",&BP(2,$te,"eax",8)); - &movz ("ebx",&BP(2,$te,"ebx",8)); - &mov ("eax",&DWP(0,$td,"eax",8)); - &xor ("eax",&DWP(3,$td,"ebx",8)); - &movz ("ebx",&HB("edx")); - &and ("edx",0xFF); - &movz ("edx",&BP(2,$te,"edx",8)); - &movz ("ebx",&BP(2,$te,"ebx",8)); - &xor ("eax",&DWP(2,$td,"edx",8)); - &xor ("eax",&DWP(1,$td,"ebx",8)); - &mov (&DWP($i,$ptr),"eax"); -} - -# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, -# AES_KEY *key) -&public_label("AES_Td"); -&public_label("AES_Te"); -&function_begin_B("AES_set_decrypt_key"); - &mov ("eax",&wparam(0)); - &mov ("ecx",&wparam(1)); - &mov ("edx",&wparam(2)); - &sub ("esp",12); - &mov (&DWP(0,"esp"),"eax"); - &mov (&DWP(4,"esp"),"ecx"); - &mov (&DWP(8,"esp"),"edx"); - &call ("AES_set_encrypt_key"); - &add ("esp",12); - &cmp ("eax",0); - &je (&label("proceed")); - &ret (); - - &set_label("proceed"); - &push ("ebp"); - &push ("ebx"); - &push ("esi"); - &push ("edi"); - - &mov ("esi",&wparam(2)); - &mov ("ecx",&DWP(240,"esi")); # pull number of rounds - &lea ("ecx",&DWP(0,"","ecx",4)); - &lea ("edi",&DWP(0,"esi","ecx",4)); # pointer to last chunk - - &align (4); - &set_label("invert"); # invert order of chunks - &mov ("eax",&DWP(0,"esi")); - &mov ("ebx",&DWP(4,"esi")); - &mov ("ecx",&DWP(0,"edi")); - &mov ("edx",&DWP(4,"edi")); - &mov (&DWP(0,"edi"),"eax"); - &mov (&DWP(4,"edi"),"ebx"); - &mov (&DWP(0,"esi"),"ecx"); - &mov (&DWP(4,"esi"),"edx"); - &mov ("eax",&DWP(8,"esi")); - &mov ("ebx",&DWP(12,"esi")); - &mov ("ecx",&DWP(8,"edi")); - &mov ("edx",&DWP(12,"edi")); - &mov (&DWP(8,"edi"),"eax"); - &mov (&DWP(12,"edi"),"ebx"); - &mov (&DWP(8,"esi"),"ecx"); - &mov (&DWP(12,"esi"),"edx"); - &add ("esi",16); - &sub ("edi",16); - &cmp ("esi","edi"); - &jne (&label("invert")); - - &call (&label("pic_point")); - &set_label("pic_point"); - blindpop("ebp"); - &lea ("edi",&DWP(&label("AES_Td")."-".&label("pic_point"),"ebp")); - &lea ("ebp",&DWP(&label("AES_Te")."-".&label("pic_point"),"ebp")); - - &mov ("esi",&wparam(2)); - &mov ("ecx",&DWP(240,"esi")); # pull number of rounds - &dec ("ecx"); - &align (4); - &set_label("permute"); # permute the key schedule - &add ("esi",16); - &deckey (0,"esi","ebp","edi"); - &deckey (4,"esi","ebp","edi"); - &deckey (8,"esi","ebp","edi"); - &deckey (12,"esi","ebp","edi"); - &dec ("ecx"); - &jnz (&label("permute")); - - &xor ("eax","eax"); # return success -&function_end("AES_set_decrypt_key"); - -&asm_finish(); diff --git a/crypto/openssl-0.9/crypto/aes/asm/aes-ia64.S b/crypto/openssl-0.9/crypto/aes/asm/aes-ia64.S deleted file mode 100644 index 542cf335e9..0000000000 --- a/crypto/openssl-0.9/crypto/aes/asm/aes-ia64.S +++ /dev/null @@ -1,1652 +0,0 @@ -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. Rights for redistribution and usage in source and binary -// forms are granted according to the OpenSSL license. -// ==================================================================== -// -// What's wrong with compiler generated code? Compiler never uses -// variable 'shr' which is pairable with 'extr'/'dep' instructions. -// Then it uses 'zxt' which is an I-type, but can be replaced with -// 'and' which in turn can be assigned to M-port [there're double as -// much M-ports as there're I-ports on Itanium 2]. By sacrificing few -// registers for small constants (255, 24 and 16) to be used with -// 'shr' and 'and' instructions I can achieve better ILP, Intruction -// Level Parallelism, and performance. This code outperforms GCC 3.3 -// generated code by over factor of 2 (two), GCC 3.4 - by 70% and -// HP C - by 40%. Measured best-case scenario, i.e. aligned -// big-endian input, ECB timing on Itanium 2 is (18 + 13*rounds) -// ticks per block, or 9.25 CPU cycles per byte for 128 bit key. - -.ident "aes-ia64.S, version 1.1" -.ident "IA-64 ISA artwork by Andy Polyakov " -.explicit -.text - -rk0=r8; rk1=r9; - -prsave=r10; -maskff=r11; -twenty4=r14; -sixteen=r15; - -te00=r16; te11=r17; te22=r18; te33=r19; -te01=r20; te12=r21; te23=r22; te30=r23; -te02=r24; te13=r25; te20=r26; te31=r27; -te03=r28; te10=r29; te21=r30; te32=r31; - -// these are rotating... -t0=r32; s0=r33; -t1=r34; s1=r35; -t2=r36; s2=r37; -t3=r38; s3=r39; - -te0=r40; te1=r41; te2=r42; te3=r43; - -#if defined(_HPUX_SOURCE) && !defined(_LP64) -# define ADDP addp4 -# define KSZ 4 -# define LDKEY ld4 -#else -# define ADDP add -#endif - -// This implies that AES_KEY comprises 32-bit key schedule elements -// even on LP64 platforms. -#ifndef KSZ -# define KSZ 4 -# define LDKEY ld4 -#endif - -.proc _ia64_AES_encrypt# -// Input: rk0-rk1 -// te0 -// te3 as AES_KEY->rounds!!! -// s0-s3 -// maskff,twenty4,sixteen -// Output: r16,r20,r24,r28 as s0-s3 -// Clobber: r16-r31,rk0-rk1,r32-r43 -.align 32 -_ia64_AES_encrypt: -{ .mmi; alloc r16=ar.pfs,12,0,0,8 - LDKEY t0=[rk0],2*KSZ - mov pr.rot=1<<16 } -{ .mmi; LDKEY t1=[rk1],2*KSZ - add te1=1024,te0 - add te3=-3,te3 };; -{ .mib; LDKEY t2=[rk0],2*KSZ - mov ar.ec=3 } -{ .mib; LDKEY t3=[rk1],2*KSZ - add te2=2048,te0 - brp.loop.imp .Le_top,.Le_end-16 };; - -{ .mmi; xor s0=s0,t0 - xor s1=s1,t1 - mov ar.lc=te3 } -{ .mmi; xor s2=s2,t2 - xor s3=s3,t3 - add te3=3072,te0 };; - -.align 32 -.Le_top: -{ .mmi; (p0) LDKEY t0=[rk0],2*KSZ // 0/0:rk[0] - (p0) and te33=s3,maskff // 0/0:s3&0xff - (p0) extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff -{ .mmi; (p0) LDKEY t1=[rk1],2*KSZ // 0/1:rk[1] - (p0) and te30=s0,maskff // 0/1:s0&0xff - (p0) shr.u te00=s0,twenty4 };; // 0/0:s0>>24 -{ .mmi; (p0) LDKEY t2=[rk0],2*KSZ // 1/2:rk[2] - (p0) shladd te33=te33,2,te3 // 1/0:te0+s0>>24 - (p0) extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff -{ .mmi; (p0) LDKEY t3=[rk1],2*KSZ // 1/3:rk[3] - (p0) shladd te30=te30,2,te3 // 1/1:te3+s0 - (p0) shr.u te01=s1,twenty4 };; // 1/1:s1>>24 -{ .mmi; (p0) ld4 te33=[te33] // 2/0:te3[s3&0xff] - (p0) shladd te22=te22,2,te2 // 2/0:te2+s2>>8&0xff - (p0) extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff -{ .mmi; (p0) ld4 te30=[te30] // 2/1:te3[s0] - (p0) shladd te23=te23,2,te2 // 2/1:te2+s3>>8 - (p0) shr.u te02=s2,twenty4 };; // 2/2:s2>>24 -{ .mmi; (p0) ld4 te22=[te22] // 3/0:te2[s2>>8] - (p0) shladd te20=te20,2,te2 // 3/2:te2+s0>>8 - (p0) extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff -{ .mmi; (p0) ld4 te23=[te23] // 3/1:te2[s3>>8] - (p0) shladd te00=te00,2,te0 // 3/0:te0+s0>>24 - (p0) shr.u te03=s3,twenty4 };; // 3/3:s3>>24 -{ .mmi; (p0) ld4 te20=[te20] // 4/2:te2[s0>>8] - (p0) shladd te21=te21,2,te2 // 4/3:te3+s2 - (p0) extr.u te11=s1,16,8 } // 4/0:s1>>16&0xff -{ .mmi; (p0) ld4 te00=[te00] // 4/0:te0[s0>>24] - (p0) shladd te01=te01,2,te0 // 4/1:te0+s1>>24 - (p0) shr.u te13=s3,sixteen };; // 4/2:s3>>16 -{ .mmi; (p0) ld4 te21=[te21] // 5/3:te2[s1>>8] - (p0) shladd te11=te11,2,te1 // 5/0:te1+s1>>16 - (p0) extr.u te12=s2,16,8 } // 5/1:s2>>16&0xff -{ .mmi; (p0) ld4 te01=[te01] // 5/1:te0[s1>>24] - (p0) shladd te02=te02,2,te0 // 5/2:te0+s2>>24 - (p0) and te31=s1,maskff };; // 5/2:s1&0xff - -{ .mmi; (p0) ld4 te11=[te11] // 6/0:te1[s1>>16] - (p0) shladd te12=te12,2,te1 // 6/1:te1+s2>>16 - (p0) extr.u te10=s0,16,8 } // 6/3:s0>>16&0xff -{ .mmi; (p0) ld4 te02=[te02] // 6/2:te0[s2>>24] - (p0) shladd te03=te03,2,te0 // 6/3:te1+s0>>16 - (p0) and te32=s2,maskff };; // 6/3:s2&0xff -{ .mmi; (p0) ld4 te12=[te12] // 7/1:te1[s2>>16] - (p0) shladd te31=te31,2,te3 // 7/2:te3+s1&0xff - (p0) and te13=te13,maskff} // 7/2:s3>>16&0xff -{ .mmi; (p0) ld4 te03=[te03] // 7/3:te0[s3>>24] - (p0) shladd te32=te32,2,te3 // 7/3:te3+s2 - (p0) xor t0=t0,te33 };; // 7/0: -{ .mmi; (p0) ld4 te31=[te31] // 8/2:te3[s1] - (p0) shladd te13=te13,2,te1 // 8/2:te1+s3>>16 - (p0) xor t0=t0,te22 } // 8/0: -{ .mmi; (p0) ld4 te32=[te32] // 8/3:te3[s2] - (p0) shladd te10=te10,2,te1 // 8/3:te1+s0>>16 - (p0) xor t1=t1,te30 };; // 8/1: -{ .mmi; (p0) ld4 te13=[te13] // 9/2:te1[s3>>16] - (p0) xor t0=t0,te00 // 9/0: - (p0) xor t1=t1,te23 } // 9/1: -{ .mmi; (p0) ld4 te10=[te10] // 9/3:te1[s0>>16] - (p0) xor t2=t2,te20 // 9/2: - (p0) xor t3=t3,te21 };; // 9/3: -{ .mmi; (p0) xor t0=t0,te11 // 10/0:done! - (p0) xor t1=t1,te01 // 10/1: - (p0) xor t2=t2,te02 } // 10/2: -{ .mmi; (p0) xor t3=t3,te03 // 10/3: - (p16) cmp.eq p0,p17=r0,r0 };; // 10/clear (p17) -{ .mmi; (p0) xor t1=t1,te12 // 11/1:done! - (p0) xor t2=t2,te31 // 11/2: - (p0) xor t3=t3,te32 } // 11/3: -{ .mmi; (p17) add te0=4096,te0 // 11/ - (p17) add te1=4096,te1 };; // 11/ -{ .mib; (p0) xor t2=t2,te13 // 12/2:done! - (p0) xor t3=t3,te10 } // 12/3:done! -{ .mib; (p17) add te2=4096,te2 // 12/ - (p17) add te3=4096,te3 // 12/ - br.ctop.sptk .Le_top };; -.Le_end: -{ .mib; mov r16=s0 - mov r20=s1 } -{ .mib; mov r24=s2 - mov r28=s3 - br.ret.sptk b6 };; -.endp _ia64_AES_encrypt# - -// void AES_encrypt (const void *in,void *out,const AES_KEY *key); -.global AES_encrypt# -.proc AES_encrypt# -.align 32 -.skip 16 -AES_encrypt: - .prologue - .fframe 0 - .save ar.pfs,r2 - .save ar.lc,r3 -{ .mmi; alloc r2=ar.pfs,3,0,12,0 - addl out8=@ltoff(AES_Te#),gp - mov r3=ar.lc } -{ .mmi; and out0=3,in0 - ADDP in0=0,in0 - ADDP out11=KSZ*60,in2 };; // &AES_KEY->rounds - - .body -{ .mmi; ld8 out8=[out8] // Te0 - ld4 out11=[out11] // AES_KEY->rounds - mov prsave=pr } - -#if defined(_HPUX_SOURCE) // HPUX is big-endian, cut 15+15 cycles... -{ .mib; cmp.ne p6,p0=out0,r0 - add out0=4,in0 -(p6) br.dpnt.many .Le_i_unaligned };; - -{ .mmi; ld4 out1=[in0],8 // s0 - and out9=3,in1 - mov twenty4=24 } -{ .mmi; ld4 out3=[out0],8 // s1 - ADDP rk0=0,in2 - mov sixteen=16 };; -{ .mmi; ld4 out5=[in0] // s2 - cmp.ne p6,p0=out9,r0 - mov maskff=0xff } -{ .mmb; ld4 out7=[out0] // s3 - ADDP rk1=KSZ,in2 - br.call.sptk.many b6=_ia64_AES_encrypt };; - -{ .mib; ADDP in0=4,in1 - ADDP in1=0,in1 -(p6) br.spnt .Le_o_unaligned };; - -{ .mii; mov ar.pfs=r2 - mov ar.lc=r3 } -{ .mmi; st4 [in1]=r16,8 // s0 - st4 [in0]=r20,8 // s1 - mov pr=prsave,0x1ffff };; -{ .mmb; st4 [in1]=r24 // s2 - st4 [in0]=r28 // s3 - br.ret.sptk.many b0 };; -#endif - -.align 32 -.Le_i_unaligned: -{ .mmi; add out0=1,in0 - add out2=2,in0 - add out4=3,in0 };; -{ .mmi; ld1 r16=[in0],4 - ld1 r17=[out0],4 }//;; -{ .mmi; ld1 r18=[out2],4 - ld1 out1=[out4],4 };; // s0 -{ .mmi; ld1 r20=[in0],4 - ld1 r21=[out0],4 }//;; -{ .mmi; ld1 r22=[out2],4 - ld1 out3=[out4],4 };; // s1 -{ .mmi; ld1 r24=[in0],4 - ld1 r25=[out0],4 }//;; -{ .mmi; ld1 r26=[out2],4 - ld1 out5=[out4],4 };; // s2 -{ .mmi; ld1 r28=[in0] - ld1 r29=[out0] }//;; -{ .mmi; ld1 r30=[out2] - ld1 out7=[out4] };; // s3 - -{ .mii; - dep out1=r16,out1,24,8 //;; - dep out3=r20,out3,24,8 }//;; -{ .mii; ADDP rk0=0,in2 - dep out5=r24,out5,24,8 //;; - dep out7=r28,out7,24,8 };; -{ .mii; ADDP rk1=KSZ,in2 - dep out1=r17,out1,16,8 //;; - dep out3=r21,out3,16,8 }//;; -{ .mii; mov twenty4=24 - dep out5=r25,out5,16,8 //;; - dep out7=r29,out7,16,8 };; -{ .mii; mov sixteen=16 - dep out1=r18,out1,8,8 //;; - dep out3=r22,out3,8,8 }//;; -{ .mii; mov maskff=0xff - dep out5=r26,out5,8,8 //;; - dep out7=r30,out7,8,8 };; - -{ .mib; br.call.sptk.many b6=_ia64_AES_encrypt };; - -.Le_o_unaligned: -{ .mii; ADDP out0=0,in1 - extr.u r17=r16,8,8 // s0 - shr.u r19=r16,twenty4 }//;; -{ .mii; ADDP out1=1,in1 - extr.u r18=r16,16,8 - shr.u r23=r20,twenty4 }//;; // s1 -{ .mii; ADDP out2=2,in1 - extr.u r21=r20,8,8 - shr.u r22=r20,sixteen }//;; -{ .mii; ADDP out3=3,in1 - extr.u r25=r24,8,8 // s2 - shr.u r27=r24,twenty4 };; -{ .mii; st1 [out3]=r16,4 - extr.u r26=r24,16,8 - shr.u r31=r28,twenty4 }//;; // s3 -{ .mii; st1 [out2]=r17,4 - extr.u r29=r28,8,8 - shr.u r30=r28,sixteen }//;; - -{ .mmi; st1 [out1]=r18,4 - st1 [out0]=r19,4 };; -{ .mmi; st1 [out3]=r20,4 - st1 [out2]=r21,4 }//;; -{ .mmi; st1 [out1]=r22,4 - st1 [out0]=r23,4 };; -{ .mmi; st1 [out3]=r24,4 - st1 [out2]=r25,4 - mov pr=prsave,0x1ffff }//;; -{ .mmi; st1 [out1]=r26,4 - st1 [out0]=r27,4 - mov ar.pfs=r2 };; -{ .mmi; st1 [out3]=r28 - st1 [out2]=r29 - mov ar.lc=r3 }//;; -{ .mmb; st1 [out1]=r30 - st1 [out0]=r31 - br.ret.sptk.many b0 };; -.endp AES_encrypt# - -// *AES_decrypt are autogenerated by the following script: -#if 0 -#!/usr/bin/env perl -print "// *AES_decrypt are autogenerated by the following script:\n#if 0\n"; -open(PROG,'<'.$0); while() { print; } close(PROG); -print "#endif\n"; -while(<>) { - $process=1 if (/\.proc\s+_ia64_AES_encrypt/); - next if (!$process); - - #s/te00=s0/td00=s0/; s/te00/td00/g; - s/te11=s1/td13=s3/; s/te11/td13/g; - #s/te22=s2/td22=s2/; s/te22/td22/g; - s/te33=s3/td31=s1/; s/te33/td31/g; - - #s/te01=s1/td01=s1/; s/te01/td01/g; - s/te12=s2/td10=s0/; s/te12/td10/g; - #s/te23=s3/td23=s3/; s/te23/td23/g; - s/te30=s0/td32=s2/; s/te30/td32/g; - - #s/te02=s2/td02=s2/; s/te02/td02/g; - s/te13=s3/td11=s1/; s/te13/td11/g; - #s/te20=s0/td20=s0/; s/te20/td20/g; - s/te31=s1/td33=s3/; s/te31/td33/g; - - #s/te03=s3/td03=s3/; s/te03/td03/g; - s/te10=s0/td12=s2/; s/te10/td12/g; - #s/te21=s1/td21=s1/; s/te21/td21/g; - s/te32=s2/td30=s0/; s/te32/td30/g; - - s/td/te/g; - - s/AES_encrypt/AES_decrypt/g; - s/\.Le_/.Ld_/g; - s/AES_Te#/AES_Td#/g; - - print; - - exit if (/\.endp\s+AES_decrypt/); -} -#endif -.proc _ia64_AES_decrypt# -// Input: rk0-rk1 -// te0 -// te3 as AES_KEY->rounds!!! -// s0-s3 -// maskff,twenty4,sixteen -// Output: r16,r20,r24,r28 as s0-s3 -// Clobber: r16-r31,rk0-rk1,r32-r43 -.align 32 -_ia64_AES_decrypt: -{ .mmi; alloc r16=ar.pfs,12,0,0,8 - LDKEY t0=[rk0],2*KSZ - mov pr.rot=1<<16 } -{ .mmi; LDKEY t1=[rk1],2*KSZ - add te1=1024,te0 - add te3=-3,te3 };; -{ .mib; LDKEY t2=[rk0],2*KSZ - mov ar.ec=3 } -{ .mib; LDKEY t3=[rk1],2*KSZ - add te2=2048,te0 - brp.loop.imp .Ld_top,.Ld_end-16 };; - -{ .mmi; xor s0=s0,t0 - xor s1=s1,t1 - mov ar.lc=te3 } -{ .mmi; xor s2=s2,t2 - xor s3=s3,t3 - add te3=3072,te0 };; - -.align 32 -.Ld_top: -{ .mmi; (p0) LDKEY t0=[rk0],2*KSZ // 0/0:rk[0] - (p0) and te31=s1,maskff // 0/0:s3&0xff - (p0) extr.u te22=s2,8,8 } // 0/0:s2>>8&0xff -{ .mmi; (p0) LDKEY t1=[rk1],2*KSZ // 0/1:rk[1] - (p0) and te32=s2,maskff // 0/1:s0&0xff - (p0) shr.u te00=s0,twenty4 };; // 0/0:s0>>24 -{ .mmi; (p0) LDKEY t2=[rk0],2*KSZ // 1/2:rk[2] - (p0) shladd te31=te31,2,te3 // 1/0:te0+s0>>24 - (p0) extr.u te23=s3,8,8 } // 1/1:s3>>8&0xff -{ .mmi; (p0) LDKEY t3=[rk1],2*KSZ // 1/3:rk[3] - (p0) shladd te32=te32,2,te3 // 1/1:te3+s0 - (p0) shr.u te01=s1,twenty4 };; // 1/1:s1>>24 -{ .mmi; (p0) ld4 te31=[te31] // 2/0:te3[s3&0xff] - (p0) shladd te22=te22,2,te2 // 2/0:te2+s2>>8&0xff - (p0) extr.u te20=s0,8,8 } // 2/2:s0>>8&0xff -{ .mmi; (p0) ld4 te32=[te32] // 2/1:te3[s0] - (p0) shladd te23=te23,2,te2 // 2/1:te2+s3>>8 - (p0) shr.u te02=s2,twenty4 };; // 2/2:s2>>24 -{ .mmi; (p0) ld4 te22=[te22] // 3/0:te2[s2>>8] - (p0) shladd te20=te20,2,te2 // 3/2:te2+s0>>8 - (p0) extr.u te21=s1,8,8 } // 3/3:s1>>8&0xff -{ .mmi; (p0) ld4 te23=[te23] // 3/1:te2[s3>>8] - (p0) shladd te00=te00,2,te0 // 3/0:te0+s0>>24 - (p0) shr.u te03=s3,twenty4 };; // 3/3:s3>>24 -{ .mmi; (p0) ld4 te20=[te20] // 4/2:te2[s0>>8] - (p0) shladd te21=te21,2,te2 // 4/3:te3+s2 - (p0) extr.u te13=s3,16,8 } // 4/0:s1>>16&0xff -{ .mmi; (p0) ld4 te00=[te00] // 4/0:te0[s0>>24] - (p0) shladd te01=te01,2,te0 // 4/1:te0+s1>>24 - (p0) shr.u te11=s1,sixteen };; // 4/2:s3>>16 -{ .mmi; (p0) ld4 te21=[te21] // 5/3:te2[s1>>8] - (p0) shladd te13=te13,2,te1 // 5/0:te1+s1>>16 - (p0) extr.u te10=s0,16,8 } // 5/1:s2>>16&0xff -{ .mmi; (p0) ld4 te01=[te01] // 5/1:te0[s1>>24] - (p0) shladd te02=te02,2,te0 // 5/2:te0+s2>>24 - (p0) and te33=s3,maskff };; // 5/2:s1&0xff - -{ .mmi; (p0) ld4 te13=[te13] // 6/0:te1[s1>>16] - (p0) shladd te10=te10,2,te1 // 6/1:te1+s2>>16 - (p0) extr.u te12=s2,16,8 } // 6/3:s0>>16&0xff -{ .mmi; (p0) ld4 te02=[te02] // 6/2:te0[s2>>24] - (p0) shladd te03=te03,2,te0 // 6/3:te1+s0>>16 - (p0) and te30=s0,maskff };; // 6/3:s2&0xff -{ .mmi; (p0) ld4 te10=[te10] // 7/1:te1[s2>>16] - (p0) shladd te33=te33,2,te3 // 7/2:te3+s1&0xff - (p0) and te11=te11,maskff} // 7/2:s3>>16&0xff -{ .mmi; (p0) ld4 te03=[te03] // 7/3:te0[s3>>24] - (p0) shladd te30=te30,2,te3 // 7/3:te3+s2 - (p0) xor t0=t0,te31 };; // 7/0: -{ .mmi; (p0) ld4 te33=[te33] // 8/2:te3[s1] - (p0) shladd te11=te11,2,te1 // 8/2:te1+s3>>16 - (p0) xor t0=t0,te22 } // 8/0: -{ .mmi; (p0) ld4 te30=[te30] // 8/3:te3[s2] - (p0) shladd te12=te12,2,te1 // 8/3:te1+s0>>16 - (p0) xor t1=t1,te32 };; // 8/1: -{ .mmi; (p0) ld4 te11=[te11] // 9/2:te1[s3>>16] - (p0) xor t0=t0,te00 // 9/0: - (p0) xor t1=t1,te23 } // 9/1: -{ .mmi; (p0) ld4 te12=[te12] // 9/3:te1[s0>>16] - (p0) xor t2=t2,te20 // 9/2: - (p0) xor t3=t3,te21 };; // 9/3: -{ .mmi; (p0) xor t0=t0,te13 // 10/0:done! - (p0) xor t1=t1,te01 // 10/1: - (p0) xor t2=t2,te02 } // 10/2: -{ .mmi; (p0) xor t3=t3,te03 // 10/3: - (p16) cmp.eq p0,p17=r0,r0 };; // 10/clear (p17) -{ .mmi; (p0) xor t1=t1,te10 // 11/1:done! - (p0) xor t2=t2,te33 // 11/2: - (p0) xor t3=t3,te30 } // 11/3: -{ .mmi; (p17) add te0=4096,te0 // 11/ - (p17) add te1=4096,te1 };; // 11/ -{ .mib; (p0) xor t2=t2,te11 // 12/2:done! - (p0) xor t3=t3,te12 } // 12/3:done! -{ .mib; (p17) add te2=4096,te2 // 12/ - (p17) add te3=4096,te3 // 12/ - br.ctop.sptk .Ld_top };; -.Ld_end: -{ .mib; mov r16=s0 - mov r20=s1 } -{ .mib; mov r24=s2 - mov r28=s3 - br.ret.sptk b6 };; -.endp _ia64_AES_decrypt# - -// void AES_decrypt (const void *in,void *out,const AES_KEY *key); -.global AES_decrypt# -.proc AES_decrypt# -.align 32 -.skip 16 -AES_decrypt: - .prologue - .fframe 0 - .save ar.pfs,r2 - .save ar.lc,r3 -{ .mmi; alloc r2=ar.pfs,3,0,12,0 - addl out8=@ltoff(AES_Td#),gp - mov r3=ar.lc } -{ .mmi; and out0=3,in0 - ADDP in0=0,in0 - ADDP out11=KSZ*60,in2 };; // &AES_KEY->rounds - - .body -{ .mmi; ld8 out8=[out8] // Te0 - ld4 out11=[out11] // AES_KEY->rounds - mov prsave=pr } - -#if defined(_HPUX_SOURCE) // HPUX is big-endian, cut 15+15 cycles... -{ .mib; cmp.ne p6,p0=out0,r0 - add out0=4,in0 -(p6) br.dpnt.many .Ld_i_unaligned };; - -{ .mmi; ld4 out1=[in0],8 // s0 - and out9=3,in1 - mov twenty4=24 } -{ .mmi; ld4 out3=[out0],8 // s1 - ADDP rk0=0,in2 - mov sixteen=16 };; -{ .mmi; ld4 out5=[in0] // s2 - cmp.ne p6,p0=out9,r0 - mov maskff=0xff } -{ .mmb; ld4 out7=[out0] // s3 - ADDP rk1=KSZ,in2 - br.call.sptk.many b6=_ia64_AES_decrypt };; - -{ .mib; ADDP in0=4,in1 - ADDP in1=0,in1 -(p6) br.spnt .Ld_o_unaligned };; - -{ .mii; mov ar.pfs=r2 - mov ar.lc=r3 } -{ .mmi; st4 [in1]=r16,8 // s0 - st4 [in0]=r20,8 // s1 - mov pr=prsave,0x1ffff };; -{ .mmb; st4 [in1]=r24 // s2 - st4 [in0]=r28 // s3 - br.ret.sptk.many b0 };; -#endif - -.align 32 -.Ld_i_unaligned: -{ .mmi; add out0=1,in0 - add out2=2,in0 - add out4=3,in0 };; -{ .mmi; ld1 r16=[in0],4 - ld1 r17=[out0],4 }//;; -{ .mmi; ld1 r18=[out2],4 - ld1 out1=[out4],4 };; // s0 -{ .mmi; ld1 r20=[in0],4 - ld1 r21=[out0],4 }//;; -{ .mmi; ld1 r22=[out2],4 - ld1 out3=[out4],4 };; // s1 -{ .mmi; ld1 r24=[in0],4 - ld1 r25=[out0],4 }//;; -{ .mmi; ld1 r26=[out2],4 - ld1 out5=[out4],4 };; // s2 -{ .mmi; ld1 r28=[in0] - ld1 r29=[out0] }//;; -{ .mmi; ld1 r30=[out2] - ld1 out7=[out4] };; // s3 - -{ .mii; - dep out1=r16,out1,24,8 //;; - dep out3=r20,out3,24,8 }//;; -{ .mii; ADDP rk0=0,in2 - dep out5=r24,out5,24,8 //;; - dep out7=r28,out7,24,8 };; -{ .mii; ADDP rk1=KSZ,in2 - dep out1=r17,out1,16,8 //;; - dep out3=r21,out3,16,8 }//;; -{ .mii; mov twenty4=24 - dep out5=r25,out5,16,8 //;; - dep out7=r29,out7,16,8 };; -{ .mii; mov sixteen=16 - dep out1=r18,out1,8,8 //;; - dep out3=r22,out3,8,8 }//;; -{ .mii; mov maskff=0xff - dep out5=r26,out5,8,8 //;; - dep out7=r30,out7,8,8 };; - -{ .mib; br.call.sptk.many b6=_ia64_AES_decrypt };; - -.Ld_o_unaligned: -{ .mii; ADDP out0=0,in1 - extr.u r17=r16,8,8 // s0 - shr.u r19=r16,twenty4 }//;; -{ .mii; ADDP out1=1,in1 - extr.u r18=r16,16,8 - shr.u r23=r20,twenty4 }//;; // s1 -{ .mii; ADDP out2=2,in1 - extr.u r21=r20,8,8 - shr.u r22=r20,sixteen }//;; -{ .mii; ADDP out3=3,in1 - extr.u r25=r24,8,8 // s2 - shr.u r27=r24,twenty4 };; -{ .mii; st1 [out3]=r16,4 - extr.u r26=r24,16,8 - shr.u r31=r28,twenty4 }//;; // s3 -{ .mii; st1 [out2]=r17,4 - extr.u r29=r28,8,8 - shr.u r30=r28,sixteen }//;; - -{ .mmi; st1 [out1]=r18,4 - st1 [out0]=r19,4 };; -{ .mmi; st1 [out3]=r20,4 - st1 [out2]=r21,4 }//;; -{ .mmi; st1 [out1]=r22,4 - st1 [out0]=r23,4 };; -{ .mmi; st1 [out3]=r24,4 - st1 [out2]=r25,4 - mov pr=prsave,0x1ffff }//;; -{ .mmi; st1 [out1]=r26,4 - st1 [out0]=r27,4 - mov ar.pfs=r2 };; -{ .mmi; st1 [out3]=r28 - st1 [out2]=r29 - mov ar.lc=r3 }//;; -{ .mmb; st1 [out1]=r30 - st1 [out0]=r31 - br.ret.sptk.many b0 };; -.endp AES_decrypt# - -// leave it in .text segment... -.align 64 -.global AES_Te# -.type AES_Te#,@object -AES_Te: data4 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d - data4 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554 - data4 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d - data4 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a - data4 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87 - data4 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b - data4 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea - data4 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b - data4 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a - data4 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f - data4 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108 - data4 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f - data4 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e - data4 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5 - data4 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d - data4 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f - data4 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e - data4 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb - data4 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce - data4 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497 - data4 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c - data4 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed - data4 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b - data4 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a - data4 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16 - data4 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594 - data4 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81 - data4 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3 - data4 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a - data4 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504 - data4 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163 - data4 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d - data4 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f - data4 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739 - data4 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47 - data4 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395 - data4 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f - data4 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883 - data4 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c - data4 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76 - data4 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e - data4 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4 - data4 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6 - data4 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b - data4 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7 - data4 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0 - data4 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25 - data4 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818 - data4 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72 - data4 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651 - data4 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21 - data4 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85 - data4 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa - data4 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12 - data4 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0 - data4 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9 - data4 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133 - data4 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7 - data4 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920 - data4 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a - data4 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17 - data4 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8 - data4 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11 - data4 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a -// Te1: - data4 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b - data4 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5 - data4 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b - data4 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676 - data4 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d - data4 0x15effafa, 0xebb25959, 0xc98e4747, 0x0bfbf0f0 - data4 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf - data4 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0 - data4 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626 - data4 0x5a6c3636, 0x417e3f3f, 0x02f5f7f7, 0x4f83cccc - data4 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x08f9f1f1 - data4 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515 - data4 0x0c080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3 - data4 0x28301818, 0xa1379696, 0x0f0a0505, 0xb52f9a9a - data4 0x090e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2 - data4 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575 - data4 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a - data4 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0 - data4 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3 - data4 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484 - data4 0xf5a65353, 0x68b9d1d1, 0x00000000, 0x2cc1eded - data4 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b - data4 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939 - data4 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf - data4 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb - data4 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585 - data4 0xcf8a4545, 0x10e9f9f9, 0x06040202, 0x81fe7f7f - data4 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8 - data4 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f - data4 0xad3f9292, 0xbc219d9d, 0x48703838, 0x04f1f5f5 - data4 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121 - data4 0x30201010, 0x1ae5ffff, 0x0efdf3f3, 0x6dbfd2d2 - data4 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec - data4 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717 - data4 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d - data4 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373 - data4 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc - data4 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888 - data4 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414 - data4 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb - data4 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a - data4 0xdb924949, 0x0a0c0606, 0x6c482424, 0xe4b85c5c - data4 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262 - data4 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979 - data4 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d - data4 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9 - data4 0xb4d86c6c, 0xfaac5656, 0x07f3f4f4, 0x25cfeaea - data4 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808 - data4 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e - data4 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6 - data4 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f - data4 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a - data4 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666 - data4 0xd8904848, 0x05060303, 0x01f7f6f6, 0x121c0e0e - data4 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9 - data4 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e - data4 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111 - data4 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494 - data4 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9 - data4 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf - data4 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d - data4 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868 - data4 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f - data4 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616 -// Te2: - data4 0x63a5c663, 0x7c84f87c, 0x7799ee77, 0x7b8df67b - data4 0xf20dfff2, 0x6bbdd66b, 0x6fb1de6f, 0xc55491c5 - data4 0x30506030, 0x01030201, 0x67a9ce67, 0x2b7d562b - data4 0xfe19e7fe, 0xd762b5d7, 0xabe64dab, 0x769aec76 - data4 0xca458fca, 0x829d1f82, 0xc94089c9, 0x7d87fa7d - data4 0xfa15effa, 0x59ebb259, 0x47c98e47, 0xf00bfbf0 - data4 0xadec41ad, 0xd467b3d4, 0xa2fd5fa2, 0xafea45af - data4 0x9cbf239c, 0xa4f753a4, 0x7296e472, 0xc05b9bc0 - data4 0xb7c275b7, 0xfd1ce1fd, 0x93ae3d93, 0x266a4c26 - data4 0x365a6c36, 0x3f417e3f, 0xf702f5f7, 0xcc4f83cc - data4 0x345c6834, 0xa5f451a5, 0xe534d1e5, 0xf108f9f1 - data4 0x7193e271, 0xd873abd8, 0x31536231, 0x153f2a15 - data4 0x040c0804, 0xc75295c7, 0x23654623, 0xc35e9dc3 - data4 0x18283018, 0x96a13796, 0x050f0a05, 0x9ab52f9a - data4 0x07090e07, 0x12362412, 0x809b1b80, 0xe23ddfe2 - data4 0xeb26cdeb, 0x27694e27, 0xb2cd7fb2, 0x759fea75 - data4 0x091b1209, 0x839e1d83, 0x2c74582c, 0x1a2e341a - data4 0x1b2d361b, 0x6eb2dc6e, 0x5aeeb45a, 0xa0fb5ba0 - data4 0x52f6a452, 0x3b4d763b, 0xd661b7d6, 0xb3ce7db3 - data4 0x297b5229, 0xe33edde3, 0x2f715e2f, 0x84971384 - data4 0x53f5a653, 0xd168b9d1, 0x00000000, 0xed2cc1ed - data4 0x20604020, 0xfc1fe3fc, 0xb1c879b1, 0x5bedb65b - data4 0x6abed46a, 0xcb468dcb, 0xbed967be, 0x394b7239 - data4 0x4ade944a, 0x4cd4984c, 0x58e8b058, 0xcf4a85cf - data4 0xd06bbbd0, 0xef2ac5ef, 0xaae54faa, 0xfb16edfb - data4 0x43c58643, 0x4dd79a4d, 0x33556633, 0x85941185 - data4 0x45cf8a45, 0xf910e9f9, 0x02060402, 0x7f81fe7f - data4 0x50f0a050, 0x3c44783c, 0x9fba259f, 0xa8e34ba8 - data4 0x51f3a251, 0xa3fe5da3, 0x40c08040, 0x8f8a058f - data4 0x92ad3f92, 0x9dbc219d, 0x38487038, 0xf504f1f5 - data4 0xbcdf63bc, 0xb6c177b6, 0xda75afda, 0x21634221 - data4 0x10302010, 0xff1ae5ff, 0xf30efdf3, 0xd26dbfd2 - data4 0xcd4c81cd, 0x0c14180c, 0x13352613, 0xec2fc3ec - data4 0x5fe1be5f, 0x97a23597, 0x44cc8844, 0x17392e17 - data4 0xc45793c4, 0xa7f255a7, 0x7e82fc7e, 0x3d477a3d - data4 0x64acc864, 0x5de7ba5d, 0x192b3219, 0x7395e673 - data4 0x60a0c060, 0x81981981, 0x4fd19e4f, 0xdc7fa3dc - data4 0x22664422, 0x2a7e542a, 0x90ab3b90, 0x88830b88 - data4 0x46ca8c46, 0xee29c7ee, 0xb8d36bb8, 0x143c2814 - data4 0xde79a7de, 0x5ee2bc5e, 0x0b1d160b, 0xdb76addb - data4 0xe03bdbe0, 0x32566432, 0x3a4e743a, 0x0a1e140a - data4 0x49db9249, 0x060a0c06, 0x246c4824, 0x5ce4b85c - data4 0xc25d9fc2, 0xd36ebdd3, 0xacef43ac, 0x62a6c462 - data4 0x91a83991, 0x95a43195, 0xe437d3e4, 0x798bf279 - data4 0xe732d5e7, 0xc8438bc8, 0x37596e37, 0x6db7da6d - data4 0x8d8c018d, 0xd564b1d5, 0x4ed29c4e, 0xa9e049a9 - data4 0x6cb4d86c, 0x56faac56, 0xf407f3f4, 0xea25cfea - data4 0x65afca65, 0x7a8ef47a, 0xaee947ae, 0x08181008 - data4 0xbad56fba, 0x7888f078, 0x256f4a25, 0x2e725c2e - data4 0x1c24381c, 0xa6f157a6, 0xb4c773b4, 0xc65197c6 - data4 0xe823cbe8, 0xdd7ca1dd, 0x749ce874, 0x1f213e1f - data4 0x4bdd964b, 0xbddc61bd, 0x8b860d8b, 0x8a850f8a - data4 0x7090e070, 0x3e427c3e, 0xb5c471b5, 0x66aacc66 - data4 0x48d89048, 0x03050603, 0xf601f7f6, 0x0e121c0e - data4 0x61a3c261, 0x355f6a35, 0x57f9ae57, 0xb9d069b9 - data4 0x86911786, 0xc15899c1, 0x1d273a1d, 0x9eb9279e - data4 0xe138d9e1, 0xf813ebf8, 0x98b32b98, 0x11332211 - data4 0x69bbd269, 0xd970a9d9, 0x8e89078e, 0x94a73394 - data4 0x9bb62d9b, 0x1e223c1e, 0x87921587, 0xe920c9e9 - data4 0xce4987ce, 0x55ffaa55, 0x28785028, 0xdf7aa5df - data4 0x8c8f038c, 0xa1f859a1, 0x89800989, 0x0d171a0d - data4 0xbfda65bf, 0xe631d7e6, 0x42c68442, 0x68b8d068 - data4 0x41c38241, 0x99b02999, 0x2d775a2d, 0x0f111e0f - data4 0xb0cb7bb0, 0x54fca854, 0xbbd66dbb, 0x163a2c16 -// Te3: - data4 0x6363a5c6, 0x7c7c84f8, 0x777799ee, 0x7b7b8df6 - data4 0xf2f20dff, 0x6b6bbdd6, 0x6f6fb1de, 0xc5c55491 - data4 0x30305060, 0x01010302, 0x6767a9ce, 0x2b2b7d56 - data4 0xfefe19e7, 0xd7d762b5, 0xababe64d, 0x76769aec - data4 0xcaca458f, 0x82829d1f, 0xc9c94089, 0x7d7d87fa - data4 0xfafa15ef, 0x5959ebb2, 0x4747c98e, 0xf0f00bfb - data4 0xadadec41, 0xd4d467b3, 0xa2a2fd5f, 0xafafea45 - data4 0x9c9cbf23, 0xa4a4f753, 0x727296e4, 0xc0c05b9b - data4 0xb7b7c275, 0xfdfd1ce1, 0x9393ae3d, 0x26266a4c - data4 0x36365a6c, 0x3f3f417e, 0xf7f702f5, 0xcccc4f83 - data4 0x34345c68, 0xa5a5f451, 0xe5e534d1, 0xf1f108f9 - data4 0x717193e2, 0xd8d873ab, 0x31315362, 0x15153f2a - data4 0x04040c08, 0xc7c75295, 0x23236546, 0xc3c35e9d - data4 0x18182830, 0x9696a137, 0x05050f0a, 0x9a9ab52f - data4 0x0707090e, 0x12123624, 0x80809b1b, 0xe2e23ddf - data4 0xebeb26cd, 0x2727694e, 0xb2b2cd7f, 0x75759fea - data4 0x09091b12, 0x83839e1d, 0x2c2c7458, 0x1a1a2e34 - data4 0x1b1b2d36, 0x6e6eb2dc, 0x5a5aeeb4, 0xa0a0fb5b - data4 0x5252f6a4, 0x3b3b4d76, 0xd6d661b7, 0xb3b3ce7d - data4 0x29297b52, 0xe3e33edd, 0x2f2f715e, 0x84849713 - data4 0x5353f5a6, 0xd1d168b9, 0x00000000, 0xeded2cc1 - data4 0x20206040, 0xfcfc1fe3, 0xb1b1c879, 0x5b5bedb6 - data4 0x6a6abed4, 0xcbcb468d, 0xbebed967, 0x39394b72 - data4 0x4a4ade94, 0x4c4cd498, 0x5858e8b0, 0xcfcf4a85 - data4 0xd0d06bbb, 0xefef2ac5, 0xaaaae54f, 0xfbfb16ed - data4 0x4343c586, 0x4d4dd79a, 0x33335566, 0x85859411 - data4 0x4545cf8a, 0xf9f910e9, 0x02020604, 0x7f7f81fe - data4 0x5050f0a0, 0x3c3c4478, 0x9f9fba25, 0xa8a8e34b - data4 0x5151f3a2, 0xa3a3fe5d, 0x4040c080, 0x8f8f8a05 - data4 0x9292ad3f, 0x9d9dbc21, 0x38384870, 0xf5f504f1 - data4 0xbcbcdf63, 0xb6b6c177, 0xdada75af, 0x21216342 - data4 0x10103020, 0xffff1ae5, 0xf3f30efd, 0xd2d26dbf - data4 0xcdcd4c81, 0x0c0c1418, 0x13133526, 0xecec2fc3 - data4 0x5f5fe1be, 0x9797a235, 0x4444cc88, 0x1717392e - data4 0xc4c45793, 0xa7a7f255, 0x7e7e82fc, 0x3d3d477a - data4 0x6464acc8, 0x5d5de7ba, 0x19192b32, 0x737395e6 - data4 0x6060a0c0, 0x81819819, 0x4f4fd19e, 0xdcdc7fa3 - data4 0x22226644, 0x2a2a7e54, 0x9090ab3b, 0x8888830b - data4 0x4646ca8c, 0xeeee29c7, 0xb8b8d36b, 0x14143c28 - data4 0xdede79a7, 0x5e5ee2bc, 0x0b0b1d16, 0xdbdb76ad - data4 0xe0e03bdb, 0x32325664, 0x3a3a4e74, 0x0a0a1e14 - data4 0x4949db92, 0x06060a0c, 0x24246c48, 0x5c5ce4b8 - data4 0xc2c25d9f, 0xd3d36ebd, 0xacacef43, 0x6262a6c4 - data4 0x9191a839, 0x9595a431, 0xe4e437d3, 0x79798bf2 - data4 0xe7e732d5, 0xc8c8438b, 0x3737596e, 0x6d6db7da - data4 0x8d8d8c01, 0xd5d564b1, 0x4e4ed29c, 0xa9a9e049 - data4 0x6c6cb4d8, 0x5656faac, 0xf4f407f3, 0xeaea25cf - data4 0x6565afca, 0x7a7a8ef4, 0xaeaee947, 0x08081810 - data4 0xbabad56f, 0x787888f0, 0x25256f4a, 0x2e2e725c - data4 0x1c1c2438, 0xa6a6f157, 0xb4b4c773, 0xc6c65197 - data4 0xe8e823cb, 0xdddd7ca1, 0x74749ce8, 0x1f1f213e - data4 0x4b4bdd96, 0xbdbddc61, 0x8b8b860d, 0x8a8a850f - data4 0x707090e0, 0x3e3e427c, 0xb5b5c471, 0x6666aacc - data4 0x4848d890, 0x03030506, 0xf6f601f7, 0x0e0e121c - data4 0x6161a3c2, 0x35355f6a, 0x5757f9ae, 0xb9b9d069 - data4 0x86869117, 0xc1c15899, 0x1d1d273a, 0x9e9eb927 - data4 0xe1e138d9, 0xf8f813eb, 0x9898b32b, 0x11113322 - data4 0x6969bbd2, 0xd9d970a9, 0x8e8e8907, 0x9494a733 - data4 0x9b9bb62d, 0x1e1e223c, 0x87879215, 0xe9e920c9 - data4 0xcece4987, 0x5555ffaa, 0x28287850, 0xdfdf7aa5 - data4 0x8c8c8f03, 0xa1a1f859, 0x89898009, 0x0d0d171a - data4 0xbfbfda65, 0xe6e631d7, 0x4242c684, 0x6868b8d0 - data4 0x4141c382, 0x9999b029, 0x2d2d775a, 0x0f0f111e - data4 0xb0b0cb7b, 0x5454fca8, 0xbbbbd66d, 0x16163a2c -// Te4: - data4 0x63000000, 0x7c000000, 0x77000000, 0x7b000000 - data4 0xf2000000, 0x6b000000, 0x6f000000, 0xc5000000 - data4 0x30000000, 0x01000000, 0x67000000, 0x2b000000 - data4 0xfe000000, 0xd7000000, 0xab000000, 0x76000000 - data4 0xca000000, 0x82000000, 0xc9000000, 0x7d000000 - data4 0xfa000000, 0x59000000, 0x47000000, 0xf0000000 - data4 0xad000000, 0xd4000000, 0xa2000000, 0xaf000000 - data4 0x9c000000, 0xa4000000, 0x72000000, 0xc0000000 - data4 0xb7000000, 0xfd000000, 0x93000000, 0x26000000 - data4 0x36000000, 0x3f000000, 0xf7000000, 0xcc000000 - data4 0x34000000, 0xa5000000, 0xe5000000, 0xf1000000 - data4 0x71000000, 0xd8000000, 0x31000000, 0x15000000 - data4 0x04000000, 0xc7000000, 0x23000000, 0xc3000000 - data4 0x18000000, 0x96000000, 0x05000000, 0x9a000000 - data4 0x07000000, 0x12000000, 0x80000000, 0xe2000000 - data4 0xeb000000, 0x27000000, 0xb2000000, 0x75000000 - data4 0x09000000, 0x83000000, 0x2c000000, 0x1a000000 - data4 0x1b000000, 0x6e000000, 0x5a000000, 0xa0000000 - data4 0x52000000, 0x3b000000, 0xd6000000, 0xb3000000 - data4 0x29000000, 0xe3000000, 0x2f000000, 0x84000000 - data4 0x53000000, 0xd1000000, 0x00000000, 0xed000000 - data4 0x20000000, 0xfc000000, 0xb1000000, 0x5b000000 - data4 0x6a000000, 0xcb000000, 0xbe000000, 0x39000000 - data4 0x4a000000, 0x4c000000, 0x58000000, 0xcf000000 - data4 0xd0000000, 0xef000000, 0xaa000000, 0xfb000000 - data4 0x43000000, 0x4d000000, 0x33000000, 0x85000000 - data4 0x45000000, 0xf9000000, 0x02000000, 0x7f000000 - data4 0x50000000, 0x3c000000, 0x9f000000, 0xa8000000 - data4 0x51000000, 0xa3000000, 0x40000000, 0x8f000000 - data4 0x92000000, 0x9d000000, 0x38000000, 0xf5000000 - data4 0xbc000000, 0xb6000000, 0xda000000, 0x21000000 - data4 0x10000000, 0xff000000, 0xf3000000, 0xd2000000 - data4 0xcd000000, 0x0c000000, 0x13000000, 0xec000000 - data4 0x5f000000, 0x97000000, 0x44000000, 0x17000000 - data4 0xc4000000, 0xa7000000, 0x7e000000, 0x3d000000 - data4 0x64000000, 0x5d000000, 0x19000000, 0x73000000 - data4 0x60000000, 0x81000000, 0x4f000000, 0xdc000000 - data4 0x22000000, 0x2a000000, 0x90000000, 0x88000000 - data4 0x46000000, 0xee000000, 0xb8000000, 0x14000000 - data4 0xde000000, 0x5e000000, 0x0b000000, 0xdb000000 - data4 0xe0000000, 0x32000000, 0x3a000000, 0x0a000000 - data4 0x49000000, 0x06000000, 0x24000000, 0x5c000000 - data4 0xc2000000, 0xd3000000, 0xac000000, 0x62000000 - data4 0x91000000, 0x95000000, 0xe4000000, 0x79000000 - data4 0xe7000000, 0xc8000000, 0x37000000, 0x6d000000 - data4 0x8d000000, 0xd5000000, 0x4e000000, 0xa9000000 - data4 0x6c000000, 0x56000000, 0xf4000000, 0xea000000 - data4 0x65000000, 0x7a000000, 0xae000000, 0x08000000 - data4 0xba000000, 0x78000000, 0x25000000, 0x2e000000 - data4 0x1c000000, 0xa6000000, 0xb4000000, 0xc6000000 - data4 0xe8000000, 0xdd000000, 0x74000000, 0x1f000000 - data4 0x4b000000, 0xbd000000, 0x8b000000, 0x8a000000 - data4 0x70000000, 0x3e000000, 0xb5000000, 0x66000000 - data4 0x48000000, 0x03000000, 0xf6000000, 0x0e000000 - data4 0x61000000, 0x35000000, 0x57000000, 0xb9000000 - data4 0x86000000, 0xc1000000, 0x1d000000, 0x9e000000 - data4 0xe1000000, 0xf8000000, 0x98000000, 0x11000000 - data4 0x69000000, 0xd9000000, 0x8e000000, 0x94000000 - data4 0x9b000000, 0x1e000000, 0x87000000, 0xe9000000 - data4 0xce000000, 0x55000000, 0x28000000, 0xdf000000 - data4 0x8c000000, 0xa1000000, 0x89000000, 0x0d000000 - data4 0xbf000000, 0xe6000000, 0x42000000, 0x68000000 - data4 0x41000000, 0x99000000, 0x2d000000, 0x0f000000 - data4 0xb0000000, 0x54000000, 0xbb000000, 0x16000000 -// Te5: - data4 0x00630000, 0x007c0000, 0x00770000, 0x007b0000 - data4 0x00f20000, 0x006b0000, 0x006f0000, 0x00c50000 - data4 0x00300000, 0x00010000, 0x00670000, 0x002b0000 - data4 0x00fe0000, 0x00d70000, 0x00ab0000, 0x00760000 - data4 0x00ca0000, 0x00820000, 0x00c90000, 0x007d0000 - data4 0x00fa0000, 0x00590000, 0x00470000, 0x00f00000 - data4 0x00ad0000, 0x00d40000, 0x00a20000, 0x00af0000 - data4 0x009c0000, 0x00a40000, 0x00720000, 0x00c00000 - data4 0x00b70000, 0x00fd0000, 0x00930000, 0x00260000 - data4 0x00360000, 0x003f0000, 0x00f70000, 0x00cc0000 - data4 0x00340000, 0x00a50000, 0x00e50000, 0x00f10000 - data4 0x00710000, 0x00d80000, 0x00310000, 0x00150000 - data4 0x00040000, 0x00c70000, 0x00230000, 0x00c30000 - data4 0x00180000, 0x00960000, 0x00050000, 0x009a0000 - data4 0x00070000, 0x00120000, 0x00800000, 0x00e20000 - data4 0x00eb0000, 0x00270000, 0x00b20000, 0x00750000 - data4 0x00090000, 0x00830000, 0x002c0000, 0x001a0000 - data4 0x001b0000, 0x006e0000, 0x005a0000, 0x00a00000 - data4 0x00520000, 0x003b0000, 0x00d60000, 0x00b30000 - data4 0x00290000, 0x00e30000, 0x002f0000, 0x00840000 - data4 0x00530000, 0x00d10000, 0x00000000, 0x00ed0000 - data4 0x00200000, 0x00fc0000, 0x00b10000, 0x005b0000 - data4 0x006a0000, 0x00cb0000, 0x00be0000, 0x00390000 - data4 0x004a0000, 0x004c0000, 0x00580000, 0x00cf0000 - data4 0x00d00000, 0x00ef0000, 0x00aa0000, 0x00fb0000 - data4 0x00430000, 0x004d0000, 0x00330000, 0x00850000 - data4 0x00450000, 0x00f90000, 0x00020000, 0x007f0000 - data4 0x00500000, 0x003c0000, 0x009f0000, 0x00a80000 - data4 0x00510000, 0x00a30000, 0x00400000, 0x008f0000 - data4 0x00920000, 0x009d0000, 0x00380000, 0x00f50000 - data4 0x00bc0000, 0x00b60000, 0x00da0000, 0x00210000 - data4 0x00100000, 0x00ff0000, 0x00f30000, 0x00d20000 - data4 0x00cd0000, 0x000c0000, 0x00130000, 0x00ec0000 - data4 0x005f0000, 0x00970000, 0x00440000, 0x00170000 - data4 0x00c40000, 0x00a70000, 0x007e0000, 0x003d0000 - data4 0x00640000, 0x005d0000, 0x00190000, 0x00730000 - data4 0x00600000, 0x00810000, 0x004f0000, 0x00dc0000 - data4 0x00220000, 0x002a0000, 0x00900000, 0x00880000 - data4 0x00460000, 0x00ee0000, 0x00b80000, 0x00140000 - data4 0x00de0000, 0x005e0000, 0x000b0000, 0x00db0000 - data4 0x00e00000, 0x00320000, 0x003a0000, 0x000a0000 - data4 0x00490000, 0x00060000, 0x00240000, 0x005c0000 - data4 0x00c20000, 0x00d30000, 0x00ac0000, 0x00620000 - data4 0x00910000, 0x00950000, 0x00e40000, 0x00790000 - data4 0x00e70000, 0x00c80000, 0x00370000, 0x006d0000 - data4 0x008d0000, 0x00d50000, 0x004e0000, 0x00a90000 - data4 0x006c0000, 0x00560000, 0x00f40000, 0x00ea0000 - data4 0x00650000, 0x007a0000, 0x00ae0000, 0x00080000 - data4 0x00ba0000, 0x00780000, 0x00250000, 0x002e0000 - data4 0x001c0000, 0x00a60000, 0x00b40000, 0x00c60000 - data4 0x00e80000, 0x00dd0000, 0x00740000, 0x001f0000 - data4 0x004b0000, 0x00bd0000, 0x008b0000, 0x008a0000 - data4 0x00700000, 0x003e0000, 0x00b50000, 0x00660000 - data4 0x00480000, 0x00030000, 0x00f60000, 0x000e0000 - data4 0x00610000, 0x00350000, 0x00570000, 0x00b90000 - data4 0x00860000, 0x00c10000, 0x001d0000, 0x009e0000 - data4 0x00e10000, 0x00f80000, 0x00980000, 0x00110000 - data4 0x00690000, 0x00d90000, 0x008e0000, 0x00940000 - data4 0x009b0000, 0x001e0000, 0x00870000, 0x00e90000 - data4 0x00ce0000, 0x00550000, 0x00280000, 0x00df0000 - data4 0x008c0000, 0x00a10000, 0x00890000, 0x000d0000 - data4 0x00bf0000, 0x00e60000, 0x00420000, 0x00680000 - data4 0x00410000, 0x00990000, 0x002d0000, 0x000f0000 - data4 0x00b00000, 0x00540000, 0x00bb0000, 0x00160000 -// Te6: - data4 0x00006300, 0x00007c00, 0x00007700, 0x00007b00 - data4 0x0000f200, 0x00006b00, 0x00006f00, 0x0000c500 - data4 0x00003000, 0x00000100, 0x00006700, 0x00002b00 - data4 0x0000fe00, 0x0000d700, 0x0000ab00, 0x00007600 - data4 0x0000ca00, 0x00008200, 0x0000c900, 0x00007d00 - data4 0x0000fa00, 0x00005900, 0x00004700, 0x0000f000 - data4 0x0000ad00, 0x0000d400, 0x0000a200, 0x0000af00 - data4 0x00009c00, 0x0000a400, 0x00007200, 0x0000c000 - data4 0x0000b700, 0x0000fd00, 0x00009300, 0x00002600 - data4 0x00003600, 0x00003f00, 0x0000f700, 0x0000cc00 - data4 0x00003400, 0x0000a500, 0x0000e500, 0x0000f100 - data4 0x00007100, 0x0000d800, 0x00003100, 0x00001500 - data4 0x00000400, 0x0000c700, 0x00002300, 0x0000c300 - data4 0x00001800, 0x00009600, 0x00000500, 0x00009a00 - data4 0x00000700, 0x00001200, 0x00008000, 0x0000e200 - data4 0x0000eb00, 0x00002700, 0x0000b200, 0x00007500 - data4 0x00000900, 0x00008300, 0x00002c00, 0x00001a00 - data4 0x00001b00, 0x00006e00, 0x00005a00, 0x0000a000 - data4 0x00005200, 0x00003b00, 0x0000d600, 0x0000b300 - data4 0x00002900, 0x0000e300, 0x00002f00, 0x00008400 - data4 0x00005300, 0x0000d100, 0x00000000, 0x0000ed00 - data4 0x00002000, 0x0000fc00, 0x0000b100, 0x00005b00 - data4 0x00006a00, 0x0000cb00, 0x0000be00, 0x00003900 - data4 0x00004a00, 0x00004c00, 0x00005800, 0x0000cf00 - data4 0x0000d000, 0x0000ef00, 0x0000aa00, 0x0000fb00 - data4 0x00004300, 0x00004d00, 0x00003300, 0x00008500 - data4 0x00004500, 0x0000f900, 0x00000200, 0x00007f00 - data4 0x00005000, 0x00003c00, 0x00009f00, 0x0000a800 - data4 0x00005100, 0x0000a300, 0x00004000, 0x00008f00 - data4 0x00009200, 0x00009d00, 0x00003800, 0x0000f500 - data4 0x0000bc00, 0x0000b600, 0x0000da00, 0x00002100 - data4 0x00001000, 0x0000ff00, 0x0000f300, 0x0000d200 - data4 0x0000cd00, 0x00000c00, 0x00001300, 0x0000ec00 - data4 0x00005f00, 0x00009700, 0x00004400, 0x00001700 - data4 0x0000c400, 0x0000a700, 0x00007e00, 0x00003d00 - data4 0x00006400, 0x00005d00, 0x00001900, 0x00007300 - data4 0x00006000, 0x00008100, 0x00004f00, 0x0000dc00 - data4 0x00002200, 0x00002a00, 0x00009000, 0x00008800 - data4 0x00004600, 0x0000ee00, 0x0000b800, 0x00001400 - data4 0x0000de00, 0x00005e00, 0x00000b00, 0x0000db00 - data4 0x0000e000, 0x00003200, 0x00003a00, 0x00000a00 - data4 0x00004900, 0x00000600, 0x00002400, 0x00005c00 - data4 0x0000c200, 0x0000d300, 0x0000ac00, 0x00006200 - data4 0x00009100, 0x00009500, 0x0000e400, 0x00007900 - data4 0x0000e700, 0x0000c800, 0x00003700, 0x00006d00 - data4 0x00008d00, 0x0000d500, 0x00004e00, 0x0000a900 - data4 0x00006c00, 0x00005600, 0x0000f400, 0x0000ea00 - data4 0x00006500, 0x00007a00, 0x0000ae00, 0x00000800 - data4 0x0000ba00, 0x00007800, 0x00002500, 0x00002e00 - data4 0x00001c00, 0x0000a600, 0x0000b400, 0x0000c600 - data4 0x0000e800, 0x0000dd00, 0x00007400, 0x00001f00 - data4 0x00004b00, 0x0000bd00, 0x00008b00, 0x00008a00 - data4 0x00007000, 0x00003e00, 0x0000b500, 0x00006600 - data4 0x00004800, 0x00000300, 0x0000f600, 0x00000e00 - data4 0x00006100, 0x00003500, 0x00005700, 0x0000b900 - data4 0x00008600, 0x0000c100, 0x00001d00, 0x00009e00 - data4 0x0000e100, 0x0000f800, 0x00009800, 0x00001100 - data4 0x00006900, 0x0000d900, 0x00008e00, 0x00009400 - data4 0x00009b00, 0x00001e00, 0x00008700, 0x0000e900 - data4 0x0000ce00, 0x00005500, 0x00002800, 0x0000df00 - data4 0x00008c00, 0x0000a100, 0x00008900, 0x00000d00 - data4 0x0000bf00, 0x0000e600, 0x00004200, 0x00006800 - data4 0x00004100, 0x00009900, 0x00002d00, 0x00000f00 - data4 0x0000b000, 0x00005400, 0x0000bb00, 0x00001600 -// Te7: - data4 0x00000063, 0x0000007c, 0x00000077, 0x0000007b - data4 0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5 - data4 0x00000030, 0x00000001, 0x00000067, 0x0000002b - data4 0x000000fe, 0x000000d7, 0x000000ab, 0x00000076 - data4 0x000000ca, 0x00000082, 0x000000c9, 0x0000007d - data4 0x000000fa, 0x00000059, 0x00000047, 0x000000f0 - data4 0x000000ad, 0x000000d4, 0x000000a2, 0x000000af - data4 0x0000009c, 0x000000a4, 0x00000072, 0x000000c0 - data4 0x000000b7, 0x000000fd, 0x00000093, 0x00000026 - data4 0x00000036, 0x0000003f, 0x000000f7, 0x000000cc - data4 0x00000034, 0x000000a5, 0x000000e5, 0x000000f1 - data4 0x00000071, 0x000000d8, 0x00000031, 0x00000015 - data4 0x00000004, 0x000000c7, 0x00000023, 0x000000c3 - data4 0x00000018, 0x00000096, 0x00000005, 0x0000009a - data4 0x00000007, 0x00000012, 0x00000080, 0x000000e2 - data4 0x000000eb, 0x00000027, 0x000000b2, 0x00000075 - data4 0x00000009, 0x00000083, 0x0000002c, 0x0000001a - data4 0x0000001b, 0x0000006e, 0x0000005a, 0x000000a0 - data4 0x00000052, 0x0000003b, 0x000000d6, 0x000000b3 - data4 0x00000029, 0x000000e3, 0x0000002f, 0x00000084 - data4 0x00000053, 0x000000d1, 0x00000000, 0x000000ed - data4 0x00000020, 0x000000fc, 0x000000b1, 0x0000005b - data4 0x0000006a, 0x000000cb, 0x000000be, 0x00000039 - data4 0x0000004a, 0x0000004c, 0x00000058, 0x000000cf - data4 0x000000d0, 0x000000ef, 0x000000aa, 0x000000fb - data4 0x00000043, 0x0000004d, 0x00000033, 0x00000085 - data4 0x00000045, 0x000000f9, 0x00000002, 0x0000007f - data4 0x00000050, 0x0000003c, 0x0000009f, 0x000000a8 - data4 0x00000051, 0x000000a3, 0x00000040, 0x0000008f - data4 0x00000092, 0x0000009d, 0x00000038, 0x000000f5 - data4 0x000000bc, 0x000000b6, 0x000000da, 0x00000021 - data4 0x00000010, 0x000000ff, 0x000000f3, 0x000000d2 - data4 0x000000cd, 0x0000000c, 0x00000013, 0x000000ec - data4 0x0000005f, 0x00000097, 0x00000044, 0x00000017 - data4 0x000000c4, 0x000000a7, 0x0000007e, 0x0000003d - data4 0x00000064, 0x0000005d, 0x00000019, 0x00000073 - data4 0x00000060, 0x00000081, 0x0000004f, 0x000000dc - data4 0x00000022, 0x0000002a, 0x00000090, 0x00000088 - data4 0x00000046, 0x000000ee, 0x000000b8, 0x00000014 - data4 0x000000de, 0x0000005e, 0x0000000b, 0x000000db - data4 0x000000e0, 0x00000032, 0x0000003a, 0x0000000a - data4 0x00000049, 0x00000006, 0x00000024, 0x0000005c - data4 0x000000c2, 0x000000d3, 0x000000ac, 0x00000062 - data4 0x00000091, 0x00000095, 0x000000e4, 0x00000079 - data4 0x000000e7, 0x000000c8, 0x00000037, 0x0000006d - data4 0x0000008d, 0x000000d5, 0x0000004e, 0x000000a9 - data4 0x0000006c, 0x00000056, 0x000000f4, 0x000000ea - data4 0x00000065, 0x0000007a, 0x000000ae, 0x00000008 - data4 0x000000ba, 0x00000078, 0x00000025, 0x0000002e - data4 0x0000001c, 0x000000a6, 0x000000b4, 0x000000c6 - data4 0x000000e8, 0x000000dd, 0x00000074, 0x0000001f - data4 0x0000004b, 0x000000bd, 0x0000008b, 0x0000008a - data4 0x00000070, 0x0000003e, 0x000000b5, 0x00000066 - data4 0x00000048, 0x00000003, 0x000000f6, 0x0000000e - data4 0x00000061, 0x00000035, 0x00000057, 0x000000b9 - data4 0x00000086, 0x000000c1, 0x0000001d, 0x0000009e - data4 0x000000e1, 0x000000f8, 0x00000098, 0x00000011 - data4 0x00000069, 0x000000d9, 0x0000008e, 0x00000094 - data4 0x0000009b, 0x0000001e, 0x00000087, 0x000000e9 - data4 0x000000ce, 0x00000055, 0x00000028, 0x000000df - data4 0x0000008c, 0x000000a1, 0x00000089, 0x0000000d - data4 0x000000bf, 0x000000e6, 0x00000042, 0x00000068 - data4 0x00000041, 0x00000099, 0x0000002d, 0x0000000f - data4 0x000000b0, 0x00000054, 0x000000bb, 0x00000016 -.size AES_Te#,8*256*4 // HP-UX assembler fails to ".-AES_Te#" - -.align 64 -.global AES_Td# -.type AES_Td#,@object -AES_Td: data4 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96 - data4 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393 - data4 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25 - data4 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f - data4 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1 - data4 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6 - data4 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da - data4 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844 - data4 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd - data4 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4 - data4 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45 - data4 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94 - data4 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7 - data4 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a - data4 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5 - data4 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c - data4 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1 - data4 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a - data4 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75 - data4 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051 - data4 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46 - data4 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff - data4 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77 - data4 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb - data4 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000 - data4 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e - data4 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927 - data4 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a - data4 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e - data4 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16 - data4 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d - data4 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8 - data4 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd - data4 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34 - data4 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163 - data4 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120 - data4 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d - data4 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0 - data4 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422 - data4 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef - data4 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36 - data4 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4 - data4 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662 - data4 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5 - data4 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3 - data4 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b - data4 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8 - data4 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6 - data4 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6 - data4 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0 - data4 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815 - data4 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f - data4 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df - data4 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f - data4 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e - data4 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713 - data4 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89 - data4 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c - data4 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf - data4 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86 - data4 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f - data4 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541 - data4 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190 - data4 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 -// Td1: - data4 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e - data4 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303 - data4 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c - data4 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3 - data4 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0 - data4 0x02c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9 - data4 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259 - data4 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8 - data4 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971 - data4 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a - data4 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f - data4 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b - data4 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8 - data4 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab - data4 0x07b2eb28, 0x032fb5c2, 0x9a86c57b, 0xa5d33708 - data4 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682 - data4 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2 - data4 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe - data4 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb - data4 0x390b83ec, 0xaa4060ef, 0x065e719f, 0x51bd6e10 - data4 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd - data4 0xb591548d, 0x0571c45d, 0x6f0406d4, 0xff605015 - data4 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e - data4 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee - data4 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x00000000 - data4 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72 - data4 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39 - data4 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e - data4 0xb10c0a67, 0x0f9357e7, 0xd2b4ee96, 0x9e1b9b91 - data4 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a - data4 0x0ae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17 - data4 0x0b0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9 - data4 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60 - data4 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e - data4 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1 - data4 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611 - data4 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1 - data4 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3 - data4 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964 - data4 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390 - data4 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b - data4 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf - data4 0xe42c3a9d, 0x0d507892, 0x9b6a5fcc, 0x62547e46 - data4 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af - data4 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512 - data4 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb - data4 0x09cd2678, 0xf46e5918, 0x01ec9ab7, 0xa8834f9a - data4 0x65e6956e, 0x7eaaffe6, 0x0821bccf, 0xe6ef15e8 - data4 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c - data4 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266 - data4 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8 - data4 0x4af10498, 0xf741ecda, 0x0e7fcd50, 0x2f1791f6 - data4 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604 - data4 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551 - data4 0x049d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41 - data4 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647 - data4 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c - data4 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1 - data4 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737 - data4 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db - data4 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340 - data4 0x72161dc3, 0x0cbce225, 0x8b283c49, 0x41ff0d95 - data4 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1 - data4 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857 -// Td2: - data4 0xa75051f4, 0x65537e41, 0xa4c31a17, 0x5e963a27 - data4 0x6bcb3bab, 0x45f11f9d, 0x58abacfa, 0x03934be3 - data4 0xfa552030, 0x6df6ad76, 0x769188cc, 0x4c25f502 - data4 0xd7fc4fe5, 0xcbd7c52a, 0x44802635, 0xa38fb562 - data4 0x5a49deb1, 0x1b6725ba, 0x0e9845ea, 0xc0e15dfe - data4 0x7502c32f, 0xf012814c, 0x97a38d46, 0xf9c66bd3 - data4 0x5fe7038f, 0x9c951592, 0x7aebbf6d, 0x59da9552 - data4 0x832dd4be, 0x21d35874, 0x692949e0, 0xc8448ec9 - data4 0x896a75c2, 0x7978f48e, 0x3e6b9958, 0x71dd27b9 - data4 0x4fb6bee1, 0xad17f088, 0xac66c920, 0x3ab47dce - data4 0x4a1863df, 0x3182e51a, 0x33609751, 0x7f456253 - data4 0x77e0b164, 0xae84bb6b, 0xa01cfe81, 0x2b94f908 - data4 0x68587048, 0xfd198f45, 0x6c8794de, 0xf8b7527b - data4 0xd323ab73, 0x02e2724b, 0x8f57e31f, 0xab2a6655 - data4 0x2807b2eb, 0xc2032fb5, 0x7b9a86c5, 0x08a5d337 - data4 0x87f23028, 0xa5b223bf, 0x6aba0203, 0x825ced16 - data4 0x1c2b8acf, 0xb492a779, 0xf2f0f307, 0xe2a14e69 - data4 0xf4cd65da, 0xbed50605, 0x621fd134, 0xfe8ac4a6 - data4 0x539d342e, 0x55a0a2f3, 0xe132058a, 0xeb75a4f6 - data4 0xec390b83, 0xefaa4060, 0x9f065e71, 0x1051bd6e - data4 0x8af93e21, 0x063d96dd, 0x05aedd3e, 0xbd464de6 - data4 0x8db59154, 0x5d0571c4, 0xd46f0406, 0x15ff6050 - data4 0xfb241998, 0xe997d6bd, 0x43cc8940, 0x9e7767d9 - data4 0x42bdb0e8, 0x8b880789, 0x5b38e719, 0xeedb79c8 - data4 0x0a47a17c, 0x0fe97c42, 0x1ec9f884, 0x00000000 - data4 0x86830980, 0xed48322b, 0x70ac1e11, 0x724e6c5a - data4 0xfffbfd0e, 0x38560f85, 0xd51e3dae, 0x3927362d - data4 0xd9640a0f, 0xa621685c, 0x54d19b5b, 0x2e3a2436 - data4 0x67b10c0a, 0xe70f9357, 0x96d2b4ee, 0x919e1b9b - data4 0xc54f80c0, 0x20a261dc, 0x4b695a77, 0x1a161c12 - data4 0xba0ae293, 0x2ae5c0a0, 0xe0433c22, 0x171d121b - data4 0x0d0b0e09, 0xc7adf28b, 0xa8b92db6, 0xa9c8141e - data4 0x198557f1, 0x074caf75, 0xddbbee99, 0x60fda37f - data4 0x269ff701, 0xf5bc5c72, 0x3bc54466, 0x7e345bfb - data4 0x29768b43, 0xc6dccb23, 0xfc68b6ed, 0xf163b8e4 - data4 0xdccad731, 0x85104263, 0x22401397, 0x112084c6 - data4 0x247d854a, 0x3df8d2bb, 0x3211aef9, 0xa16dc729 - data4 0x2f4b1d9e, 0x30f3dcb2, 0x52ec0d86, 0xe3d077c1 - data4 0x166c2bb3, 0xb999a970, 0x48fa1194, 0x642247e9 - data4 0x8cc4a8fc, 0x3f1aa0f0, 0x2cd8567d, 0x90ef2233 - data4 0x4ec78749, 0xd1c1d938, 0xa2fe8cca, 0x0b3698d4 - data4 0x81cfa6f5, 0xde28a57a, 0x8e26dab7, 0xbfa43fad - data4 0x9de42c3a, 0x920d5078, 0xcc9b6a5f, 0x4662547e - data4 0x13c2f68d, 0xb8e890d8, 0xf75e2e39, 0xaff582c3 - data4 0x80be9f5d, 0x937c69d0, 0x2da96fd5, 0x12b3cf25 - data4 0x993bc8ac, 0x7da71018, 0x636ee89c, 0xbb7bdb3b - data4 0x7809cd26, 0x18f46e59, 0xb701ec9a, 0x9aa8834f - data4 0x6e65e695, 0xe67eaaff, 0xcf0821bc, 0xe8e6ef15 - data4 0x9bd9bae7, 0x36ce4a6f, 0x09d4ea9f, 0x7cd629b0 - data4 0xb2af31a4, 0x23312a3f, 0x9430c6a5, 0x66c035a2 - data4 0xbc37744e, 0xcaa6fc82, 0xd0b0e090, 0xd81533a7 - data4 0x984af104, 0xdaf741ec, 0x500e7fcd, 0xf62f1791 - data4 0xd68d764d, 0xb04d43ef, 0x4d54ccaa, 0x04dfe496 - data4 0xb5e39ed1, 0x881b4c6a, 0x1fb8c12c, 0x517f4665 - data4 0xea049d5e, 0x355d018c, 0x7473fa87, 0x412efb0b - data4 0x1d5ab367, 0xd25292db, 0x5633e910, 0x47136dd6 - data4 0x618c9ad7, 0x0c7a37a1, 0x148e59f8, 0x3c89eb13 - data4 0x27eecea9, 0xc935b761, 0xe5ede11c, 0xb13c7a47 - data4 0xdf599cd2, 0x733f55f2, 0xce791814, 0x37bf73c7 - data4 0xcdea53f7, 0xaa5b5ffd, 0x6f14df3d, 0xdb867844 - data4 0xf381caaf, 0xc43eb968, 0x342c3824, 0x405fc2a3 - data4 0xc372161d, 0x250cbce2, 0x498b283c, 0x9541ff0d - data4 0x017139a8, 0xb3de080c, 0xe49cd8b4, 0xc1906456 - data4 0x84617bcb, 0xb670d532, 0x5c74486c, 0x5742d0b8 -// Td3: - data4 0xf4a75051, 0x4165537e, 0x17a4c31a, 0x275e963a - data4 0xab6bcb3b, 0x9d45f11f, 0xfa58abac, 0xe303934b - data4 0x30fa5520, 0x766df6ad, 0xcc769188, 0x024c25f5 - data4 0xe5d7fc4f, 0x2acbd7c5, 0x35448026, 0x62a38fb5 - data4 0xb15a49de, 0xba1b6725, 0xea0e9845, 0xfec0e15d - data4 0x2f7502c3, 0x4cf01281, 0x4697a38d, 0xd3f9c66b - data4 0x8f5fe703, 0x929c9515, 0x6d7aebbf, 0x5259da95 - data4 0xbe832dd4, 0x7421d358, 0xe0692949, 0xc9c8448e - data4 0xc2896a75, 0x8e7978f4, 0x583e6b99, 0xb971dd27 - data4 0xe14fb6be, 0x88ad17f0, 0x20ac66c9, 0xce3ab47d - data4 0xdf4a1863, 0x1a3182e5, 0x51336097, 0x537f4562 - data4 0x6477e0b1, 0x6bae84bb, 0x81a01cfe, 0x082b94f9 - data4 0x48685870, 0x45fd198f, 0xde6c8794, 0x7bf8b752 - data4 0x73d323ab, 0x4b02e272, 0x1f8f57e3, 0x55ab2a66 - data4 0xeb2807b2, 0xb5c2032f, 0xc57b9a86, 0x3708a5d3 - data4 0x2887f230, 0xbfa5b223, 0x036aba02, 0x16825ced - data4 0xcf1c2b8a, 0x79b492a7, 0x07f2f0f3, 0x69e2a14e - data4 0xdaf4cd65, 0x05bed506, 0x34621fd1, 0xa6fe8ac4 - data4 0x2e539d34, 0xf355a0a2, 0x8ae13205, 0xf6eb75a4 - data4 0x83ec390b, 0x60efaa40, 0x719f065e, 0x6e1051bd - data4 0x218af93e, 0xdd063d96, 0x3e05aedd, 0xe6bd464d - data4 0x548db591, 0xc45d0571, 0x06d46f04, 0x5015ff60 - data4 0x98fb2419, 0xbde997d6, 0x4043cc89, 0xd99e7767 - data4 0xe842bdb0, 0x898b8807, 0x195b38e7, 0xc8eedb79 - data4 0x7c0a47a1, 0x420fe97c, 0x841ec9f8, 0x00000000 - data4 0x80868309, 0x2bed4832, 0x1170ac1e, 0x5a724e6c - data4 0x0efffbfd, 0x8538560f, 0xaed51e3d, 0x2d392736 - data4 0x0fd9640a, 0x5ca62168, 0x5b54d19b, 0x362e3a24 - data4 0x0a67b10c, 0x57e70f93, 0xee96d2b4, 0x9b919e1b - data4 0xc0c54f80, 0xdc20a261, 0x774b695a, 0x121a161c - data4 0x93ba0ae2, 0xa02ae5c0, 0x22e0433c, 0x1b171d12 - data4 0x090d0b0e, 0x8bc7adf2, 0xb6a8b92d, 0x1ea9c814 - data4 0xf1198557, 0x75074caf, 0x99ddbbee, 0x7f60fda3 - data4 0x01269ff7, 0x72f5bc5c, 0x663bc544, 0xfb7e345b - data4 0x4329768b, 0x23c6dccb, 0xedfc68b6, 0xe4f163b8 - data4 0x31dccad7, 0x63851042, 0x97224013, 0xc6112084 - data4 0x4a247d85, 0xbb3df8d2, 0xf93211ae, 0x29a16dc7 - data4 0x9e2f4b1d, 0xb230f3dc, 0x8652ec0d, 0xc1e3d077 - data4 0xb3166c2b, 0x70b999a9, 0x9448fa11, 0xe9642247 - data4 0xfc8cc4a8, 0xf03f1aa0, 0x7d2cd856, 0x3390ef22 - data4 0x494ec787, 0x38d1c1d9, 0xcaa2fe8c, 0xd40b3698 - data4 0xf581cfa6, 0x7ade28a5, 0xb78e26da, 0xadbfa43f - data4 0x3a9de42c, 0x78920d50, 0x5fcc9b6a, 0x7e466254 - data4 0x8d13c2f6, 0xd8b8e890, 0x39f75e2e, 0xc3aff582 - data4 0x5d80be9f, 0xd0937c69, 0xd52da96f, 0x2512b3cf - data4 0xac993bc8, 0x187da710, 0x9c636ee8, 0x3bbb7bdb - data4 0x267809cd, 0x5918f46e, 0x9ab701ec, 0x4f9aa883 - data4 0x956e65e6, 0xffe67eaa, 0xbccf0821, 0x15e8e6ef - data4 0xe79bd9ba, 0x6f36ce4a, 0x9f09d4ea, 0xb07cd629 - data4 0xa4b2af31, 0x3f23312a, 0xa59430c6, 0xa266c035 - data4 0x4ebc3774, 0x82caa6fc, 0x90d0b0e0, 0xa7d81533 - data4 0x04984af1, 0xecdaf741, 0xcd500e7f, 0x91f62f17 - data4 0x4dd68d76, 0xefb04d43, 0xaa4d54cc, 0x9604dfe4 - data4 0xd1b5e39e, 0x6a881b4c, 0x2c1fb8c1, 0x65517f46 - data4 0x5eea049d, 0x8c355d01, 0x877473fa, 0x0b412efb - data4 0x671d5ab3, 0xdbd25292, 0x105633e9, 0xd647136d - data4 0xd7618c9a, 0xa10c7a37, 0xf8148e59, 0x133c89eb - data4 0xa927eece, 0x61c935b7, 0x1ce5ede1, 0x47b13c7a - data4 0xd2df599c, 0xf2733f55, 0x14ce7918, 0xc737bf73 - data4 0xf7cdea53, 0xfdaa5b5f, 0x3d6f14df, 0x44db8678 - data4 0xaff381ca, 0x68c43eb9, 0x24342c38, 0xa3405fc2 - data4 0x1dc37216, 0xe2250cbc, 0x3c498b28, 0x0d9541ff - data4 0xa8017139, 0x0cb3de08, 0xb4e49cd8, 0x56c19064 - data4 0xcb84617b, 0x32b670d5, 0x6c5c7448, 0xb85742d0 -// Td4: - data4 0x52000000, 0x09000000, 0x6a000000, 0xd5000000 - data4 0x30000000, 0x36000000, 0xa5000000, 0x38000000 - data4 0xbf000000, 0x40000000, 0xa3000000, 0x9e000000 - data4 0x81000000, 0xf3000000, 0xd7000000, 0xfb000000 - data4 0x7c000000, 0xe3000000, 0x39000000, 0x82000000 - data4 0x9b000000, 0x2f000000, 0xff000000, 0x87000000 - data4 0x34000000, 0x8e000000, 0x43000000, 0x44000000 - data4 0xc4000000, 0xde000000, 0xe9000000, 0xcb000000 - data4 0x54000000, 0x7b000000, 0x94000000, 0x32000000 - data4 0xa6000000, 0xc2000000, 0x23000000, 0x3d000000 - data4 0xee000000, 0x4c000000, 0x95000000, 0x0b000000 - data4 0x42000000, 0xfa000000, 0xc3000000, 0x4e000000 - data4 0x08000000, 0x2e000000, 0xa1000000, 0x66000000 - data4 0x28000000, 0xd9000000, 0x24000000, 0xb2000000 - data4 0x76000000, 0x5b000000, 0xa2000000, 0x49000000 - data4 0x6d000000, 0x8b000000, 0xd1000000, 0x25000000 - data4 0x72000000, 0xf8000000, 0xf6000000, 0x64000000 - data4 0x86000000, 0x68000000, 0x98000000, 0x16000000 - data4 0xd4000000, 0xa4000000, 0x5c000000, 0xcc000000 - data4 0x5d000000, 0x65000000, 0xb6000000, 0x92000000 - data4 0x6c000000, 0x70000000, 0x48000000, 0x50000000 - data4 0xfd000000, 0xed000000, 0xb9000000, 0xda000000 - data4 0x5e000000, 0x15000000, 0x46000000, 0x57000000 - data4 0xa7000000, 0x8d000000, 0x9d000000, 0x84000000 - data4 0x90000000, 0xd8000000, 0xab000000, 0x00000000 - data4 0x8c000000, 0xbc000000, 0xd3000000, 0x0a000000 - data4 0xf7000000, 0xe4000000, 0x58000000, 0x05000000 - data4 0xb8000000, 0xb3000000, 0x45000000, 0x06000000 - data4 0xd0000000, 0x2c000000, 0x1e000000, 0x8f000000 - data4 0xca000000, 0x3f000000, 0x0f000000, 0x02000000 - data4 0xc1000000, 0xaf000000, 0xbd000000, 0x03000000 - data4 0x01000000, 0x13000000, 0x8a000000, 0x6b000000 - data4 0x3a000000, 0x91000000, 0x11000000, 0x41000000 - data4 0x4f000000, 0x67000000, 0xdc000000, 0xea000000 - data4 0x97000000, 0xf2000000, 0xcf000000, 0xce000000 - data4 0xf0000000, 0xb4000000, 0xe6000000, 0x73000000 - data4 0x96000000, 0xac000000, 0x74000000, 0x22000000 - data4 0xe7000000, 0xad000000, 0x35000000, 0x85000000 - data4 0xe2000000, 0xf9000000, 0x37000000, 0xe8000000 - data4 0x1c000000, 0x75000000, 0xdf000000, 0x6e000000 - data4 0x47000000, 0xf1000000, 0x1a000000, 0x71000000 - data4 0x1d000000, 0x29000000, 0xc5000000, 0x89000000 - data4 0x6f000000, 0xb7000000, 0x62000000, 0x0e000000 - data4 0xaa000000, 0x18000000, 0xbe000000, 0x1b000000 - data4 0xfc000000, 0x56000000, 0x3e000000, 0x4b000000 - data4 0xc6000000, 0xd2000000, 0x79000000, 0x20000000 - data4 0x9a000000, 0xdb000000, 0xc0000000, 0xfe000000 - data4 0x78000000, 0xcd000000, 0x5a000000, 0xf4000000 - data4 0x1f000000, 0xdd000000, 0xa8000000, 0x33000000 - data4 0x88000000, 0x07000000, 0xc7000000, 0x31000000 - data4 0xb1000000, 0x12000000, 0x10000000, 0x59000000 - data4 0x27000000, 0x80000000, 0xec000000, 0x5f000000 - data4 0x60000000, 0x51000000, 0x7f000000, 0xa9000000 - data4 0x19000000, 0xb5000000, 0x4a000000, 0x0d000000 - data4 0x2d000000, 0xe5000000, 0x7a000000, 0x9f000000 - data4 0x93000000, 0xc9000000, 0x9c000000, 0xef000000 - data4 0xa0000000, 0xe0000000, 0x3b000000, 0x4d000000 - data4 0xae000000, 0x2a000000, 0xf5000000, 0xb0000000 - data4 0xc8000000, 0xeb000000, 0xbb000000, 0x3c000000 - data4 0x83000000, 0x53000000, 0x99000000, 0x61000000 - data4 0x17000000, 0x2b000000, 0x04000000, 0x7e000000 - data4 0xba000000, 0x77000000, 0xd6000000, 0x26000000 - data4 0xe1000000, 0x69000000, 0x14000000, 0x63000000 - data4 0x55000000, 0x21000000, 0x0c000000, 0x7d000000 -// Td5: - data4 0x00520000, 0x00090000, 0x006a0000, 0x00d50000 - data4 0x00300000, 0x00360000, 0x00a50000, 0x00380000 - data4 0x00bf0000, 0x00400000, 0x00a30000, 0x009e0000 - data4 0x00810000, 0x00f30000, 0x00d70000, 0x00fb0000 - data4 0x007c0000, 0x00e30000, 0x00390000, 0x00820000 - data4 0x009b0000, 0x002f0000, 0x00ff0000, 0x00870000 - data4 0x00340000, 0x008e0000, 0x00430000, 0x00440000 - data4 0x00c40000, 0x00de0000, 0x00e90000, 0x00cb0000 - data4 0x00540000, 0x007b0000, 0x00940000, 0x00320000 - data4 0x00a60000, 0x00c20000, 0x00230000, 0x003d0000 - data4 0x00ee0000, 0x004c0000, 0x00950000, 0x000b0000 - data4 0x00420000, 0x00fa0000, 0x00c30000, 0x004e0000 - data4 0x00080000, 0x002e0000, 0x00a10000, 0x00660000 - data4 0x00280000, 0x00d90000, 0x00240000, 0x00b20000 - data4 0x00760000, 0x005b0000, 0x00a20000, 0x00490000 - data4 0x006d0000, 0x008b0000, 0x00d10000, 0x00250000 - data4 0x00720000, 0x00f80000, 0x00f60000, 0x00640000 - data4 0x00860000, 0x00680000, 0x00980000, 0x00160000 - data4 0x00d40000, 0x00a40000, 0x005c0000, 0x00cc0000 - data4 0x005d0000, 0x00650000, 0x00b60000, 0x00920000 - data4 0x006c0000, 0x00700000, 0x00480000, 0x00500000 - data4 0x00fd0000, 0x00ed0000, 0x00b90000, 0x00da0000 - data4 0x005e0000, 0x00150000, 0x00460000, 0x00570000 - data4 0x00a70000, 0x008d0000, 0x009d0000, 0x00840000 - data4 0x00900000, 0x00d80000, 0x00ab0000, 0x00000000 - data4 0x008c0000, 0x00bc0000, 0x00d30000, 0x000a0000 - data4 0x00f70000, 0x00e40000, 0x00580000, 0x00050000 - data4 0x00b80000, 0x00b30000, 0x00450000, 0x00060000 - data4 0x00d00000, 0x002c0000, 0x001e0000, 0x008f0000 - data4 0x00ca0000, 0x003f0000, 0x000f0000, 0x00020000 - data4 0x00c10000, 0x00af0000, 0x00bd0000, 0x00030000 - data4 0x00010000, 0x00130000, 0x008a0000, 0x006b0000 - data4 0x003a0000, 0x00910000, 0x00110000, 0x00410000 - data4 0x004f0000, 0x00670000, 0x00dc0000, 0x00ea0000 - data4 0x00970000, 0x00f20000, 0x00cf0000, 0x00ce0000 - data4 0x00f00000, 0x00b40000, 0x00e60000, 0x00730000 - data4 0x00960000, 0x00ac0000, 0x00740000, 0x00220000 - data4 0x00e70000, 0x00ad0000, 0x00350000, 0x00850000 - data4 0x00e20000, 0x00f90000, 0x00370000, 0x00e80000 - data4 0x001c0000, 0x00750000, 0x00df0000, 0x006e0000 - data4 0x00470000, 0x00f10000, 0x001a0000, 0x00710000 - data4 0x001d0000, 0x00290000, 0x00c50000, 0x00890000 - data4 0x006f0000, 0x00b70000, 0x00620000, 0x000e0000 - data4 0x00aa0000, 0x00180000, 0x00be0000, 0x001b0000 - data4 0x00fc0000, 0x00560000, 0x003e0000, 0x004b0000 - data4 0x00c60000, 0x00d20000, 0x00790000, 0x00200000 - data4 0x009a0000, 0x00db0000, 0x00c00000, 0x00fe0000 - data4 0x00780000, 0x00cd0000, 0x005a0000, 0x00f40000 - data4 0x001f0000, 0x00dd0000, 0x00a80000, 0x00330000 - data4 0x00880000, 0x00070000, 0x00c70000, 0x00310000 - data4 0x00b10000, 0x00120000, 0x00100000, 0x00590000 - data4 0x00270000, 0x00800000, 0x00ec0000, 0x005f0000 - data4 0x00600000, 0x00510000, 0x007f0000, 0x00a90000 - data4 0x00190000, 0x00b50000, 0x004a0000, 0x000d0000 - data4 0x002d0000, 0x00e50000, 0x007a0000, 0x009f0000 - data4 0x00930000, 0x00c90000, 0x009c0000, 0x00ef0000 - data4 0x00a00000, 0x00e00000, 0x003b0000, 0x004d0000 - data4 0x00ae0000, 0x002a0000, 0x00f50000, 0x00b00000 - data4 0x00c80000, 0x00eb0000, 0x00bb0000, 0x003c0000 - data4 0x00830000, 0x00530000, 0x00990000, 0x00610000 - data4 0x00170000, 0x002b0000, 0x00040000, 0x007e0000 - data4 0x00ba0000, 0x00770000, 0x00d60000, 0x00260000 - data4 0x00e10000, 0x00690000, 0x00140000, 0x00630000 - data4 0x00550000, 0x00210000, 0x000c0000, 0x007d0000 -// Td6: - data4 0x00005200, 0x00000900, 0x00006a00, 0x0000d500 - data4 0x00003000, 0x00003600, 0x0000a500, 0x00003800 - data4 0x0000bf00, 0x00004000, 0x0000a300, 0x00009e00 - data4 0x00008100, 0x0000f300, 0x0000d700, 0x0000fb00 - data4 0x00007c00, 0x0000e300, 0x00003900, 0x00008200 - data4 0x00009b00, 0x00002f00, 0x0000ff00, 0x00008700 - data4 0x00003400, 0x00008e00, 0x00004300, 0x00004400 - data4 0x0000c400, 0x0000de00, 0x0000e900, 0x0000cb00 - data4 0x00005400, 0x00007b00, 0x00009400, 0x00003200 - data4 0x0000a600, 0x0000c200, 0x00002300, 0x00003d00 - data4 0x0000ee00, 0x00004c00, 0x00009500, 0x00000b00 - data4 0x00004200, 0x0000fa00, 0x0000c300, 0x00004e00 - data4 0x00000800, 0x00002e00, 0x0000a100, 0x00006600 - data4 0x00002800, 0x0000d900, 0x00002400, 0x0000b200 - data4 0x00007600, 0x00005b00, 0x0000a200, 0x00004900 - data4 0x00006d00, 0x00008b00, 0x0000d100, 0x00002500 - data4 0x00007200, 0x0000f800, 0x0000f600, 0x00006400 - data4 0x00008600, 0x00006800, 0x00009800, 0x00001600 - data4 0x0000d400, 0x0000a400, 0x00005c00, 0x0000cc00 - data4 0x00005d00, 0x00006500, 0x0000b600, 0x00009200 - data4 0x00006c00, 0x00007000, 0x00004800, 0x00005000 - data4 0x0000fd00, 0x0000ed00, 0x0000b900, 0x0000da00 - data4 0x00005e00, 0x00001500, 0x00004600, 0x00005700 - data4 0x0000a700, 0x00008d00, 0x00009d00, 0x00008400 - data4 0x00009000, 0x0000d800, 0x0000ab00, 0x00000000 - data4 0x00008c00, 0x0000bc00, 0x0000d300, 0x00000a00 - data4 0x0000f700, 0x0000e400, 0x00005800, 0x00000500 - data4 0x0000b800, 0x0000b300, 0x00004500, 0x00000600 - data4 0x0000d000, 0x00002c00, 0x00001e00, 0x00008f00 - data4 0x0000ca00, 0x00003f00, 0x00000f00, 0x00000200 - data4 0x0000c100, 0x0000af00, 0x0000bd00, 0x00000300 - data4 0x00000100, 0x00001300, 0x00008a00, 0x00006b00 - data4 0x00003a00, 0x00009100, 0x00001100, 0x00004100 - data4 0x00004f00, 0x00006700, 0x0000dc00, 0x0000ea00 - data4 0x00009700, 0x0000f200, 0x0000cf00, 0x0000ce00 - data4 0x0000f000, 0x0000b400, 0x0000e600, 0x00007300 - data4 0x00009600, 0x0000ac00, 0x00007400, 0x00002200 - data4 0x0000e700, 0x0000ad00, 0x00003500, 0x00008500 - data4 0x0000e200, 0x0000f900, 0x00003700, 0x0000e800 - data4 0x00001c00, 0x00007500, 0x0000df00, 0x00006e00 - data4 0x00004700, 0x0000f100, 0x00001a00, 0x00007100 - data4 0x00001d00, 0x00002900, 0x0000c500, 0x00008900 - data4 0x00006f00, 0x0000b700, 0x00006200, 0x00000e00 - data4 0x0000aa00, 0x00001800, 0x0000be00, 0x00001b00 - data4 0x0000fc00, 0x00005600, 0x00003e00, 0x00004b00 - data4 0x0000c600, 0x0000d200, 0x00007900, 0x00002000 - data4 0x00009a00, 0x0000db00, 0x0000c000, 0x0000fe00 - data4 0x00007800, 0x0000cd00, 0x00005a00, 0x0000f400 - data4 0x00001f00, 0x0000dd00, 0x0000a800, 0x00003300 - data4 0x00008800, 0x00000700, 0x0000c700, 0x00003100 - data4 0x0000b100, 0x00001200, 0x00001000, 0x00005900 - data4 0x00002700, 0x00008000, 0x0000ec00, 0x00005f00 - data4 0x00006000, 0x00005100, 0x00007f00, 0x0000a900 - data4 0x00001900, 0x0000b500, 0x00004a00, 0x00000d00 - data4 0x00002d00, 0x0000e500, 0x00007a00, 0x00009f00 - data4 0x00009300, 0x0000c900, 0x00009c00, 0x0000ef00 - data4 0x0000a000, 0x0000e000, 0x00003b00, 0x00004d00 - data4 0x0000ae00, 0x00002a00, 0x0000f500, 0x0000b000 - data4 0x0000c800, 0x0000eb00, 0x0000bb00, 0x00003c00 - data4 0x00008300, 0x00005300, 0x00009900, 0x00006100 - data4 0x00001700, 0x00002b00, 0x00000400, 0x00007e00 - data4 0x0000ba00, 0x00007700, 0x0000d600, 0x00002600 - data4 0x0000e100, 0x00006900, 0x00001400, 0x00006300 - data4 0x00005500, 0x00002100, 0x00000c00, 0x00007d00 -// Td7: - data4 0x00000052, 0x00000009, 0x0000006a, 0x000000d5 - data4 0x00000030, 0x00000036, 0x000000a5, 0x00000038 - data4 0x000000bf, 0x00000040, 0x000000a3, 0x0000009e - data4 0x00000081, 0x000000f3, 0x000000d7, 0x000000fb - data4 0x0000007c, 0x000000e3, 0x00000039, 0x00000082 - data4 0x0000009b, 0x0000002f, 0x000000ff, 0x00000087 - data4 0x00000034, 0x0000008e, 0x00000043, 0x00000044 - data4 0x000000c4, 0x000000de, 0x000000e9, 0x000000cb - data4 0x00000054, 0x0000007b, 0x00000094, 0x00000032 - data4 0x000000a6, 0x000000c2, 0x00000023, 0x0000003d - data4 0x000000ee, 0x0000004c, 0x00000095, 0x0000000b - data4 0x00000042, 0x000000fa, 0x000000c3, 0x0000004e - data4 0x00000008, 0x0000002e, 0x000000a1, 0x00000066 - data4 0x00000028, 0x000000d9, 0x00000024, 0x000000b2 - data4 0x00000076, 0x0000005b, 0x000000a2, 0x00000049 - data4 0x0000006d, 0x0000008b, 0x000000d1, 0x00000025 - data4 0x00000072, 0x000000f8, 0x000000f6, 0x00000064 - data4 0x00000086, 0x00000068, 0x00000098, 0x00000016 - data4 0x000000d4, 0x000000a4, 0x0000005c, 0x000000cc - data4 0x0000005d, 0x00000065, 0x000000b6, 0x00000092 - data4 0x0000006c, 0x00000070, 0x00000048, 0x00000050 - data4 0x000000fd, 0x000000ed, 0x000000b9, 0x000000da - data4 0x0000005e, 0x00000015, 0x00000046, 0x00000057 - data4 0x000000a7, 0x0000008d, 0x0000009d, 0x00000084 - data4 0x00000090, 0x000000d8, 0x000000ab, 0x00000000 - data4 0x0000008c, 0x000000bc, 0x000000d3, 0x0000000a - data4 0x000000f7, 0x000000e4, 0x00000058, 0x00000005 - data4 0x000000b8, 0x000000b3, 0x00000045, 0x00000006 - data4 0x000000d0, 0x0000002c, 0x0000001e, 0x0000008f - data4 0x000000ca, 0x0000003f, 0x0000000f, 0x00000002 - data4 0x000000c1, 0x000000af, 0x000000bd, 0x00000003 - data4 0x00000001, 0x00000013, 0x0000008a, 0x0000006b - data4 0x0000003a, 0x00000091, 0x00000011, 0x00000041 - data4 0x0000004f, 0x00000067, 0x000000dc, 0x000000ea - data4 0x00000097, 0x000000f2, 0x000000cf, 0x000000ce - data4 0x000000f0, 0x000000b4, 0x000000e6, 0x00000073 - data4 0x00000096, 0x000000ac, 0x00000074, 0x00000022 - data4 0x000000e7, 0x000000ad, 0x00000035, 0x00000085 - data4 0x000000e2, 0x000000f9, 0x00000037, 0x000000e8 - data4 0x0000001c, 0x00000075, 0x000000df, 0x0000006e - data4 0x00000047, 0x000000f1, 0x0000001a, 0x00000071 - data4 0x0000001d, 0x00000029, 0x000000c5, 0x00000089 - data4 0x0000006f, 0x000000b7, 0x00000062, 0x0000000e - data4 0x000000aa, 0x00000018, 0x000000be, 0x0000001b - data4 0x000000fc, 0x00000056, 0x0000003e, 0x0000004b - data4 0x000000c6, 0x000000d2, 0x00000079, 0x00000020 - data4 0x0000009a, 0x000000db, 0x000000c0, 0x000000fe - data4 0x00000078, 0x000000cd, 0x0000005a, 0x000000f4 - data4 0x0000001f, 0x000000dd, 0x000000a8, 0x00000033 - data4 0x00000088, 0x00000007, 0x000000c7, 0x00000031 - data4 0x000000b1, 0x00000012, 0x00000010, 0x00000059 - data4 0x00000027, 0x00000080, 0x000000ec, 0x0000005f - data4 0x00000060, 0x00000051, 0x0000007f, 0x000000a9 - data4 0x00000019, 0x000000b5, 0x0000004a, 0x0000000d - data4 0x0000002d, 0x000000e5, 0x0000007a, 0x0000009f - data4 0x00000093, 0x000000c9, 0x0000009c, 0x000000ef - data4 0x000000a0, 0x000000e0, 0x0000003b, 0x0000004d - data4 0x000000ae, 0x0000002a, 0x000000f5, 0x000000b0 - data4 0x000000c8, 0x000000eb, 0x000000bb, 0x0000003c - data4 0x00000083, 0x00000053, 0x00000099, 0x00000061 - data4 0x00000017, 0x0000002b, 0x00000004, 0x0000007e - data4 0x000000ba, 0x00000077, 0x000000d6, 0x00000026 - data4 0x000000e1, 0x00000069, 0x00000014, 0x00000063 - data4 0x00000055, 0x00000021, 0x0000000c, 0x0000007d -.size AES_Td#,8*256*4 // HP-UX assembler fails to ".-AES_Td#" diff --git a/crypto/openssl-0.9/crypto/bf/asm/bf-586.pl b/crypto/openssl-0.9/crypto/bf/asm/bf-586.pl deleted file mode 100644 index b556642c94..0000000000 --- a/crypto/openssl-0.9/crypto/bf/asm/bf-586.pl +++ /dev/null @@ -1,136 +0,0 @@ -#!/usr/local/bin/perl - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; -require "cbc.pl"; - -&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386"); - -$BF_ROUNDS=16; -$BF_OFF=($BF_ROUNDS+2)*4; -$L="edi"; -$R="esi"; -$P="ebp"; -$tmp1="eax"; -$tmp2="ebx"; -$tmp3="ecx"; -$tmp4="edx"; - -&BF_encrypt("BF_encrypt",1); -&BF_encrypt("BF_decrypt",0); -&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1); -&asm_finish(); - -sub BF_encrypt - { - local($name,$enc)=@_; - - &function_begin_B($name,""); - - &comment(""); - - &push("ebp"); - &push("ebx"); - &mov($tmp2,&wparam(0)); - &mov($P,&wparam(1)); - &push("esi"); - &push("edi"); - - &comment("Load the 2 words"); - &mov($L,&DWP(0,$tmp2,"",0)); - &mov($R,&DWP(4,$tmp2,"",0)); - - &xor( $tmp1, $tmp1); - - # encrypting part - - if ($enc) - { - &mov($tmp2,&DWP(0,$P,"",0)); - &xor( $tmp3, $tmp3); - - &xor($L,$tmp2); - for ($i=0; $i<$BF_ROUNDS; $i+=2) - { - &comment(""); - &comment("Round $i"); - &BF_ENCRYPT($i+1,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,1); - - &comment(""); - &comment("Round ".sprintf("%d",$i+1)); - &BF_ENCRYPT($i+2,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,1); - } - # &mov($tmp1,&wparam(0)); In last loop - &mov($tmp4,&DWP(($BF_ROUNDS+1)*4,$P,"",0)); - } - else - { - &mov($tmp2,&DWP(($BF_ROUNDS+1)*4,$P,"",0)); - &xor( $tmp3, $tmp3); - - &xor($L,$tmp2); - for ($i=$BF_ROUNDS; $i>0; $i-=2) - { - &comment(""); - &comment("Round $i"); - &BF_ENCRYPT($i,$R,$L,$P,$tmp1,$tmp2,$tmp3,$tmp4,0); - &comment(""); - &comment("Round ".sprintf("%d",$i-1)); - &BF_ENCRYPT($i-1,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,0); - } - # &mov($tmp1,&wparam(0)); In last loop - &mov($tmp4,&DWP(0,$P,"",0)); - } - - &xor($R,$tmp4); - &mov(&DWP(4,$tmp1,"",0),$L); - - &mov(&DWP(0,$tmp1,"",0),$R); - &function_end($name); - } - -sub BF_ENCRYPT - { - local($i,$L,$R,$P,$tmp1,$tmp2,$tmp3,$tmp4,$enc)=@_; - - &mov( $tmp4, &DWP(&n2a($i*4),$P,"",0)); # for next round - - &mov( $tmp2, $R); - &xor( $L, $tmp4); - - &shr( $tmp2, 16); - &mov( $tmp4, $R); - - &movb( &LB($tmp1), &HB($tmp2)); # A - &and( $tmp2, 0xff); # B - - &movb( &LB($tmp3), &HB($tmp4)); # C - &and( $tmp4, 0xff); # D - - &mov( $tmp1, &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4)); - &mov( $tmp2, &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4)); - - &add( $tmp2, $tmp1); - &mov( $tmp1, &DWP(&n2a($BF_OFF+0x0800),$P,$tmp3,4)); - - &xor( $tmp2, $tmp1); - &mov( $tmp4, &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp4,4)); - - &add( $tmp2, $tmp4); - if (($enc && ($i != 16)) || ((!$enc) && ($i != 1))) - { &xor( $tmp1, $tmp1); } - else - { - &comment("Load parameter 0 ($i) enc=$enc"); - &mov($tmp1,&wparam(0)); - } # In last loop - - &xor( $L, $tmp2); - # delay - } - -sub n2a - { - sprintf("%d",$_[0]); - } - diff --git a/crypto/openssl-0.9/crypto/bf/asm/bf-686.pl b/crypto/openssl-0.9/crypto/bf/asm/bf-686.pl deleted file mode 100644 index 8e4c25f598..0000000000 --- a/crypto/openssl-0.9/crypto/bf/asm/bf-686.pl +++ /dev/null @@ -1,127 +0,0 @@ -#!/usr/local/bin/perl - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; -require "cbc.pl"; - -&asm_init($ARGV[0],"bf-686.pl"); - -$BF_ROUNDS=16; -$BF_OFF=($BF_ROUNDS+2)*4; -$L="ecx"; -$R="edx"; -$P="edi"; -$tot="esi"; -$tmp1="eax"; -$tmp2="ebx"; -$tmp3="ebp"; - -&des_encrypt("BF_encrypt",1); -&des_encrypt("BF_decrypt",0); -&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1); - -&asm_finish(); - -&file_end(); - -sub des_encrypt - { - local($name,$enc)=@_; - - &function_begin($name,""); - - &comment(""); - &comment("Load the 2 words"); - &mov("eax",&wparam(0)); - &mov($L,&DWP(0,"eax","",0)); - &mov($R,&DWP(4,"eax","",0)); - - &comment(""); - &comment("P pointer, s and enc flag"); - &mov($P,&wparam(1)); - - &xor( $tmp1, $tmp1); - &xor( $tmp2, $tmp2); - - # encrypting part - - if ($enc) - { - &xor($L,&DWP(0,$P,"",0)); - for ($i=0; $i<$BF_ROUNDS; $i+=2) - { - &comment(""); - &comment("Round $i"); - &BF_ENCRYPT($i+1,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3); - - &comment(""); - &comment("Round ".sprintf("%d",$i+1)); - &BF_ENCRYPT($i+2,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3); - } - &xor($R,&DWP(($BF_ROUNDS+1)*4,$P,"",0)); - - &mov("eax",&wparam(0)); - &mov(&DWP(0,"eax","",0),$R); - &mov(&DWP(4,"eax","",0),$L); - &function_end_A($name); - } - else - { - &xor($L,&DWP(($BF_ROUNDS+1)*4,$P,"",0)); - for ($i=$BF_ROUNDS; $i>0; $i-=2) - { - &comment(""); - &comment("Round $i"); - &BF_ENCRYPT($i,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3); - &comment(""); - &comment("Round ".sprintf("%d",$i-1)); - &BF_ENCRYPT($i-1,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3); - } - &xor($R,&DWP(0,$P,"",0)); - - &mov("eax",&wparam(0)); - &mov(&DWP(0,"eax","",0),$R); - &mov(&DWP(4,"eax","",0),$L); - &function_end_A($name); - } - - &function_end_B($name); - } - -sub BF_ENCRYPT - { - local($i,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3)=@_; - - &rotr( $R, 16); - &mov( $tot, &DWP(&n2a($i*4),$P,"",0)); - - &movb( &LB($tmp1), &HB($R)); - &movb( &LB($tmp2), &LB($R)); - - &rotr( $R, 16); - &xor( $L, $tot); - - &mov( $tot, &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4)); - &mov( $tmp3, &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4)); - - &movb( &LB($tmp1), &HB($R)); - &movb( &LB($tmp2), &LB($R)); - - &add( $tot, $tmp3); - &mov( $tmp1, &DWP(&n2a($BF_OFF+0x0800),$P,$tmp1,4)); # delay - - &xor( $tot, $tmp1); - &mov( $tmp3, &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp2,4)); - - &add( $tot, $tmp3); - &xor( $tmp1, $tmp1); - - &xor( $L, $tot); - # delay - } - -sub n2a - { - sprintf("%d",$_[0]); - } - diff --git a/crypto/openssl-0.9/crypto/bf/asm/readme b/crypto/openssl-0.9/crypto/bf/asm/readme deleted file mode 100644 index 2385fa3812..0000000000 --- a/crypto/openssl-0.9/crypto/bf/asm/readme +++ /dev/null @@ -1,10 +0,0 @@ -There are blowfish assembler generation scripts. -bf-586.pl version is for the pentium and -bf-686.pl is my original version, which is faster on the pentium pro. - -When using a bf-586.pl, the pentium pro/II is %8 slower than using -bf-686.pl. When using a bf-686.pl, the pentium is %16 slower -than bf-586.pl - -So the default is bf-586.pl - diff --git a/crypto/openssl-0.9/crypto/bn/asm/README b/crypto/openssl-0.9/crypto/bn/asm/README deleted file mode 100644 index b0f3a68a06..0000000000 --- a/crypto/openssl-0.9/crypto/bn/asm/README +++ /dev/null @@ -1,27 +0,0 @@ - - -All assember in this directory are just version of the file -crypto/bn/bn_asm.c. - -Quite a few of these files are just the assember output from gcc since on -quite a few machines they are 2 times faster than the system compiler. - -For the x86, I have hand written assember because of the bad job all -compilers seem to do on it. This normally gives a 2 time speed up in the RSA -routines. - -For the DEC alpha, I also hand wrote the assember (except the division which -is just the output from the C compiler pasted on the end of the file). -On the 2 alpha C compilers I had access to, it was not possible to do -64b x 64b -> 128b calculations (both long and the long long data types -were 64 bits). So the hand assember gives access to the 128 bit result and -a 2 times speedup :-). - -There are 3 versions of assember for the HP PA-RISC. - -pa-risc.s is the origional one which works fine and generated using gcc :-) - -pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations -by Chris Ruemmler from HP (with some help from the HP C compiler). - - diff --git a/crypto/openssl-0.9/crypto/bn/asm/bn-586.pl b/crypto/openssl-0.9/crypto/bn/asm/bn-586.pl deleted file mode 100644 index 26c2685a72..0000000000 --- a/crypto/openssl-0.9/crypto/bn/asm/bn-586.pl +++ /dev/null @@ -1,675 +0,0 @@ -#!/usr/local/bin/perl - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -&asm_init($ARGV[0],$0); - -$sse2=0; -for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -&external_label("OPENSSL_ia32cap_P") if ($sse2); - -&bn_mul_add_words("bn_mul_add_words"); -&bn_mul_words("bn_mul_words"); -&bn_sqr_words("bn_sqr_words"); -&bn_div_words("bn_div_words"); -&bn_add_words("bn_add_words"); -&bn_sub_words("bn_sub_words"); -&bn_sub_part_words("bn_sub_part_words"); - -&asm_finish(); - -sub bn_mul_add_words - { - local($name)=@_; - - &function_begin($name,$sse2?"EXTRN\t_OPENSSL_ia32cap_P:DWORD":""); - - &comment(""); - $Low="eax"; - $High="edx"; - $a="ebx"; - $w="ebp"; - $r="edi"; - $c="esi"; - - &xor($c,$c); # clear carry - &mov($r,&wparam(0)); # - - &mov("ecx",&wparam(2)); # - &mov($a,&wparam(1)); # - - &and("ecx",0xfffffff8); # num / 8 - &mov($w,&wparam(3)); # - - &push("ecx"); # Up the stack for a tmp variable - - &jz(&label("maw_finish")); - - if ($sse2) { - &picmeup("eax","OPENSSL_ia32cap_P"); - &bt(&DWP(0,"eax"),26); - &jnc(&label("maw_loop")); - - &movd("mm0",$w); # mm0 = w - &pxor("mm1","mm1"); # mm1 = carry_in - - &set_label("maw_sse2_loop",0); - &movd("mm3",&DWP(0,$r,"",0)); # mm3 = r[0] - &paddq("mm1","mm3"); # mm1 = carry_in + r[0] - &movd("mm2",&DWP(0,$a,"",0)); # mm2 = a[0] - &pmuludq("mm2","mm0"); # mm2 = w*a[0] - &movd("mm4",&DWP(4,$a,"",0)); # mm4 = a[1] - &pmuludq("mm4","mm0"); # mm4 = w*a[1] - &movd("mm6",&DWP(8,$a,"",0)); # mm6 = a[2] - &pmuludq("mm6","mm0"); # mm6 = w*a[2] - &movd("mm7",&DWP(12,$a,"",0)); # mm7 = a[3] - &pmuludq("mm7","mm0"); # mm7 = w*a[3] - &paddq("mm1","mm2"); # mm1 = carry_in + r[0] + w*a[0] - &movd("mm3",&DWP(4,$r,"",0)); # mm3 = r[1] - &paddq("mm3","mm4"); # mm3 = r[1] + w*a[1] - &movd("mm5",&DWP(8,$r,"",0)); # mm5 = r[2] - &paddq("mm5","mm6"); # mm5 = r[2] + w*a[2] - &movd("mm4",&DWP(12,$r,"",0)); # mm4 = r[3] - &paddq("mm7","mm4"); # mm7 = r[3] + w*a[3] - &movd(&DWP(0,$r,"",0),"mm1"); - &movd("mm2",&DWP(16,$a,"",0)); # mm2 = a[4] - &pmuludq("mm2","mm0"); # mm2 = w*a[4] - &psrlq("mm1",32); # mm1 = carry0 - &movd("mm4",&DWP(20,$a,"",0)); # mm4 = a[5] - &pmuludq("mm4","mm0"); # mm4 = w*a[5] - &paddq("mm1","mm3"); # mm1 = carry0 + r[1] + w*a[1] - &movd("mm6",&DWP(24,$a,"",0)); # mm6 = a[6] - &pmuludq("mm6","mm0"); # mm6 = w*a[6] - &movd(&DWP(4,$r,"",0),"mm1"); - &psrlq("mm1",32); # mm1 = carry1 - &movd("mm3",&DWP(28,$a,"",0)); # mm3 = a[7] - &add($a,32); - &pmuludq("mm3","mm0"); # mm3 = w*a[7] - &paddq("mm1","mm5"); # mm1 = carry1 + r[2] + w*a[2] - &movd("mm5",&DWP(16,$r,"",0)); # mm5 = r[4] - &paddq("mm2","mm5"); # mm2 = r[4] + w*a[4] - &movd(&DWP(8,$r,"",0),"mm1"); - &psrlq("mm1",32); # mm1 = carry2 - &paddq("mm1","mm7"); # mm1 = carry2 + r[3] + w*a[3] - &movd("mm5",&DWP(20,$r,"",0)); # mm5 = r[5] - &paddq("mm4","mm5"); # mm4 = r[5] + w*a[5] - &movd(&DWP(12,$r,"",0),"mm1"); - &psrlq("mm1",32); # mm1 = carry3 - &paddq("mm1","mm2"); # mm1 = carry3 + r[4] + w*a[4] - &movd("mm5",&DWP(24,$r,"",0)); # mm5 = r[6] - &paddq("mm6","mm5"); # mm6 = r[6] + w*a[6] - &movd(&DWP(16,$r,"",0),"mm1"); - &psrlq("mm1",32); # mm1 = carry4 - &paddq("mm1","mm4"); # mm1 = carry4 + r[5] + w*a[5] - &movd("mm5",&DWP(28,$r,"",0)); # mm5 = r[7] - &paddq("mm3","mm5"); # mm3 = r[7] + w*a[7] - &movd(&DWP(20,$r,"",0),"mm1"); - &psrlq("mm1",32); # mm1 = carry5 - &paddq("mm1","mm6"); # mm1 = carry5 + r[6] + w*a[6] - &movd(&DWP(24,$r,"",0),"mm1"); - &psrlq("mm1",32); # mm1 = carry6 - &paddq("mm1","mm3"); # mm1 = carry6 + r[7] + w*a[7] - &movd(&DWP(28,$r,"",0),"mm1"); - &add($r,32); - &psrlq("mm1",32); # mm1 = carry_out - - &sub("ecx",8); - &jnz(&label("maw_sse2_loop")); - - &movd($c,"mm1"); # c = carry_out - &emms(); - - &jmp(&label("maw_finish")); - } - - &set_label("maw_loop",0); - - &mov(&swtmp(0),"ecx"); # - - for ($i=0; $i<32; $i+=4) - { - &comment("Round $i"); - - &mov("eax",&DWP($i,$a,"",0)); # *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+= *r - &mov($c,&DWP($i,$r,"",0)); # L(t)+= *r - &adc("edx",0); # H(t)+=carry - &add("eax",$c); # L(t)+=c - &adc("edx",0); # H(t)+=carry - &mov(&DWP($i,$r,"",0),"eax"); # *r= L(t); - &mov($c,"edx"); # c= H(t); - } - - &comment(""); - &mov("ecx",&swtmp(0)); # - &add($a,32); - &add($r,32); - &sub("ecx",8); - &jnz(&label("maw_loop")); - - &set_label("maw_finish",0); - &mov("ecx",&wparam(2)); # get num - &and("ecx",7); - &jnz(&label("maw_finish2")); # helps branch prediction - &jmp(&label("maw_end")); - - &set_label("maw_finish2",1); - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov("eax",&DWP($i*4,$a,"",0));# *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+=c - &mov($c,&DWP($i*4,$r,"",0)); # L(t)+= *r - &adc("edx",0); # H(t)+=carry - &add("eax",$c); - &adc("edx",0); # H(t)+=carry - &dec("ecx") if ($i != 7-1); - &mov(&DWP($i*4,$r,"",0),"eax"); # *r= L(t); - &mov($c,"edx"); # c= H(t); - &jz(&label("maw_end")) if ($i != 7-1); - } - &set_label("maw_end",0); - &mov("eax",$c); - - &pop("ecx"); # clear variable from - - &function_end($name); - } - -sub bn_mul_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $Low="eax"; - $High="edx"; - $a="ebx"; - $w="ecx"; - $r="edi"; - $c="esi"; - $num="ebp"; - - &xor($c,$c); # clear carry - &mov($r,&wparam(0)); # - &mov($a,&wparam(1)); # - &mov($num,&wparam(2)); # - &mov($w,&wparam(3)); # - - &and($num,0xfffffff8); # num / 8 - &jz(&label("mw_finish")); - - &set_label("mw_loop",0); - for ($i=0; $i<32; $i+=4) - { - &comment("Round $i"); - - &mov("eax",&DWP($i,$a,"",0)); # *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+=c - # XXX - - &adc("edx",0); # H(t)+=carry - &mov(&DWP($i,$r,"",0),"eax"); # *r= L(t); - - &mov($c,"edx"); # c= H(t); - } - - &comment(""); - &add($a,32); - &add($r,32); - &sub($num,8); - &jz(&label("mw_finish")); - &jmp(&label("mw_loop")); - - &set_label("mw_finish",0); - &mov($num,&wparam(2)); # get num - &and($num,7); - &jnz(&label("mw_finish2")); - &jmp(&label("mw_end")); - - &set_label("mw_finish2",1); - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov("eax",&DWP($i*4,$a,"",0));# *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+=c - # XXX - &adc("edx",0); # H(t)+=carry - &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t); - &mov($c,"edx"); # c= H(t); - &dec($num) if ($i != 7-1); - &jz(&label("mw_end")) if ($i != 7-1); - } - &set_label("mw_end",0); - &mov("eax",$c); - - &function_end($name); - } - -sub bn_sqr_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $r="esi"; - $a="edi"; - $num="ebx"; - - &mov($r,&wparam(0)); # - &mov($a,&wparam(1)); # - &mov($num,&wparam(2)); # - - &and($num,0xfffffff8); # num / 8 - &jz(&label("sw_finish")); - - &set_label("sw_loop",0); - for ($i=0; $i<32; $i+=4) - { - &comment("Round $i"); - &mov("eax",&DWP($i,$a,"",0)); # *a - # XXX - &mul("eax"); # *a * *a - &mov(&DWP($i*2,$r,"",0),"eax"); # - &mov(&DWP($i*2+4,$r,"",0),"edx");# - } - - &comment(""); - &add($a,32); - &add($r,64); - &sub($num,8); - &jnz(&label("sw_loop")); - - &set_label("sw_finish",0); - &mov($num,&wparam(2)); # get num - &and($num,7); - &jz(&label("sw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov("eax",&DWP($i*4,$a,"",0)); # *a - # XXX - &mul("eax"); # *a * *a - &mov(&DWP($i*8,$r,"",0),"eax"); # - &dec($num) if ($i != 7-1); - &mov(&DWP($i*8+4,$r,"",0),"edx"); - &jz(&label("sw_end")) if ($i != 7-1); - } - &set_label("sw_end",0); - - &function_end($name); - } - -sub bn_div_words - { - local($name)=@_; - - &function_begin($name,""); - &mov("edx",&wparam(0)); # - &mov("eax",&wparam(1)); # - &mov("ebx",&wparam(2)); # - &div("ebx"); - &function_end($name); - } - -sub bn_add_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $a="esi"; - $b="edi"; - $c="eax"; - $r="ebx"; - $tmp1="ecx"; - $tmp2="edx"; - $num="ebp"; - - &mov($r,&wparam(0)); # get r - &mov($a,&wparam(1)); # get a - &mov($b,&wparam(2)); # get b - &mov($num,&wparam(3)); # get num - &xor($c,$c); # clear carry - &and($num,0xfffffff8); # num / 8 - - &jz(&label("aw_finish")); - - &set_label("aw_loop",0); - for ($i=0; $i<8; $i++) - { - &comment("Round $i"); - - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0)); # *b - &add($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &add($tmp1,$tmp2); - &adc($c,0); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - } - - &comment(""); - &add($a,32); - &add($b,32); - &add($r,32); - &sub($num,8); - &jnz(&label("aw_loop")); - - &set_label("aw_finish",0); - &mov($num,&wparam(3)); # get num - &and($num,7); - &jz(&label("aw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0));# *b - &add($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &add($tmp1,$tmp2); - &adc($c,0); - &dec($num) if ($i != 6); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - &jz(&label("aw_end")) if ($i != 6); - } - &set_label("aw_end",0); - -# &mov("eax",$c); # $c is "eax" - - &function_end($name); - } - -sub bn_sub_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $a="esi"; - $b="edi"; - $c="eax"; - $r="ebx"; - $tmp1="ecx"; - $tmp2="edx"; - $num="ebp"; - - &mov($r,&wparam(0)); # get r - &mov($a,&wparam(1)); # get a - &mov($b,&wparam(2)); # get b - &mov($num,&wparam(3)); # get num - &xor($c,$c); # clear carry - &and($num,0xfffffff8); # num / 8 - - &jz(&label("aw_finish")); - - &set_label("aw_loop",0); - for ($i=0; $i<8; $i++) - { - &comment("Round $i"); - - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0)); # *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - } - - &comment(""); - &add($a,32); - &add($b,32); - &add($r,32); - &sub($num,8); - &jnz(&label("aw_loop")); - - &set_label("aw_finish",0); - &mov($num,&wparam(3)); # get num - &and($num,7); - &jz(&label("aw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0));# *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &dec($num) if ($i != 6); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - &jz(&label("aw_end")) if ($i != 6); - } - &set_label("aw_end",0); - -# &mov("eax",$c); # $c is "eax" - - &function_end($name); - } - -sub bn_sub_part_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $a="esi"; - $b="edi"; - $c="eax"; - $r="ebx"; - $tmp1="ecx"; - $tmp2="edx"; - $num="ebp"; - - &mov($r,&wparam(0)); # get r - &mov($a,&wparam(1)); # get a - &mov($b,&wparam(2)); # get b - &mov($num,&wparam(3)); # get num - &xor($c,$c); # clear carry - &and($num,0xfffffff8); # num / 8 - - &jz(&label("aw_finish")); - - &set_label("aw_loop",0); - for ($i=0; $i<8; $i++) - { - &comment("Round $i"); - - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0)); # *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - } - - &comment(""); - &add($a,32); - &add($b,32); - &add($r,32); - &sub($num,8); - &jnz(&label("aw_loop")); - - &set_label("aw_finish",0); - &mov($num,&wparam(3)); # get num - &and($num,7); - &jz(&label("aw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov($tmp1,&DWP(0,$a,"",0)); # *a - &mov($tmp2,&DWP(0,$b,"",0));# *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &mov(&DWP(0,$r,"",0),$tmp1); # *r - &add($a, 4); - &add($b, 4); - &add($r, 4); - &dec($num) if ($i != 6); - &jz(&label("aw_end")) if ($i != 6); - } - &set_label("aw_end",0); - - &cmp(&wparam(4),0); - &je(&label("pw_end")); - - &mov($num,&wparam(4)); # get dl - &cmp($num,0); - &je(&label("pw_end")); - &jge(&label("pw_pos")); - - &comment("pw_neg"); - &mov($tmp2,0); - &sub($tmp2,$num); - &mov($num,$tmp2); - &and($num,0xfffffff8); # num / 8 - &jz(&label("pw_neg_finish")); - - &set_label("pw_neg_loop",0); - for ($i=0; $i<8; $i++) - { - &comment("dl<0 Round $i"); - - &mov($tmp1,0); - &mov($tmp2,&DWP($i*4,$b,"",0)); # *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - } - - &comment(""); - &add($b,32); - &add($r,32); - &sub($num,8); - &jnz(&label("pw_neg_loop")); - - &set_label("pw_neg_finish",0); - &mov($tmp2,&wparam(4)); # get dl - &mov($num,0); - &sub($num,$tmp2); - &and($num,7); - &jz(&label("pw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("dl<0 Tail Round $i"); - &mov($tmp1,0); - &mov($tmp2,&DWP($i*4,$b,"",0));# *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &dec($num) if ($i != 6); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - &jz(&label("pw_end")) if ($i != 6); - } - - &jmp(&label("pw_end")); - - &set_label("pw_pos",0); - - &and($num,0xfffffff8); # num / 8 - &jz(&label("pw_pos_finish")); - - &set_label("pw_pos_loop",0); - - for ($i=0; $i<8; $i++) - { - &comment("dl>0 Round $i"); - - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &sub($tmp1,$c); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - &jnc(&label("pw_nc".$i)); - } - - &comment(""); - &add($a,32); - &add($r,32); - &sub($num,8); - &jnz(&label("pw_pos_loop")); - - &set_label("pw_pos_finish",0); - &mov($num,&wparam(4)); # get dl - &and($num,7); - &jz(&label("pw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("dl>0 Tail Round $i"); - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &sub($tmp1,$c); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - &jnc(&label("pw_tail_nc".$i)); - &dec($num) if ($i != 6); - &jz(&label("pw_end")) if ($i != 6); - } - &mov($c,1); - &jmp(&label("pw_end")); - - &set_label("pw_nc_loop",0); - for ($i=0; $i<8; $i++) - { - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - &set_label("pw_nc".$i,0); - } - - &comment(""); - &add($a,32); - &add($r,32); - &sub($num,8); - &jnz(&label("pw_nc_loop")); - - &mov($num,&wparam(4)); # get dl - &and($num,7); - &jz(&label("pw_nc_end")); - - for ($i=0; $i<7; $i++) - { - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - &set_label("pw_tail_nc".$i,0); - &dec($num) if ($i != 6); - &jz(&label("pw_nc_end")) if ($i != 6); - } - - &set_label("pw_nc_end",0); - &mov($c,0); - - &set_label("pw_end",0); - -# &mov("eax",$c); # $c is "eax" - - &function_end($name); - } - diff --git a/crypto/openssl-0.9/crypto/bn/asm/co-586.pl b/crypto/openssl-0.9/crypto/bn/asm/co-586.pl deleted file mode 100644 index 5d962cb957..0000000000 --- a/crypto/openssl-0.9/crypto/bn/asm/co-586.pl +++ /dev/null @@ -1,286 +0,0 @@ -#!/usr/local/bin/perl - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -&asm_init($ARGV[0],$0); - -&bn_mul_comba("bn_mul_comba8",8); -&bn_mul_comba("bn_mul_comba4",4); -&bn_sqr_comba("bn_sqr_comba8",8); -&bn_sqr_comba("bn_sqr_comba4",4); - -&asm_finish(); - -sub mul_add_c - { - local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_; - - # pos == -1 if eax and edx are pre-loaded, 0 to load from next - # words, and 1 if load return value - - &comment("mul a[$ai]*b[$bi]"); - - # "eax" and "edx" will always be pre-loaded. - # &mov("eax",&DWP($ai*4,$a,"",0)) ; - # &mov("edx",&DWP($bi*4,$b,"",0)); - - &mul("edx"); - &add($c0,"eax"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # laod next a - &mov("eax",&wparam(0)) if $pos > 0; # load r[] - ### - &adc($c1,"edx"); - &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # laod next b - &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # laod next b - ### - &adc($c2,0); - # is pos > 1, it means it is the last loop - &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0; # save r[]; - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # laod next a - } - -sub sqr_add_c - { - local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_; - - # pos == -1 if eax and edx are pre-loaded, 0 to load from next - # words, and 1 if load return value - - &comment("sqr a[$ai]*a[$bi]"); - - # "eax" and "edx" will always be pre-loaded. - # &mov("eax",&DWP($ai*4,$a,"",0)) ; - # &mov("edx",&DWP($bi*4,$b,"",0)); - - if ($ai == $bi) - { &mul("eax");} - else - { &mul("edx");} - &add($c0,"eax"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a - ### - &adc($c1,"edx"); - &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb); - ### - &adc($c2,0); - # is pos > 1, it means it is the last loop - &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0; # save r[]; - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next b - } - -sub sqr_add_c2 - { - local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_; - - # pos == -1 if eax and edx are pre-loaded, 0 to load from next - # words, and 1 if load return value - - &comment("sqr a[$ai]*a[$bi]"); - - # "eax" and "edx" will always be pre-loaded. - # &mov("eax",&DWP($ai*4,$a,"",0)) ; - # &mov("edx",&DWP($bi*4,$a,"",0)); - - if ($ai == $bi) - { &mul("eax");} - else - { &mul("edx");} - &add("eax","eax"); - ### - &adc("edx","edx"); - ### - &adc($c2,0); - &add($c0,"eax"); - &adc($c1,"edx"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next b - &adc($c2,0); - &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0; # save r[]; - &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb); - ### - } - -sub bn_mul_comba - { - local($name,$num)=@_; - local($a,$b,$c0,$c1,$c2); - local($i,$as,$ae,$bs,$be,$ai,$bi); - local($tot,$end); - - &function_begin_B($name,""); - - $c0="ebx"; - $c1="ecx"; - $c2="ebp"; - $a="esi"; - $b="edi"; - - $as=0; - $ae=0; - $bs=0; - $be=0; - $tot=$num+$num-1; - - &push("esi"); - &mov($a,&wparam(1)); - &push("edi"); - &mov($b,&wparam(2)); - &push("ebp"); - &push("ebx"); - - &xor($c0,$c0); - &mov("eax",&DWP(0,$a,"",0)); # load the first word - &xor($c1,$c1); - &mov("edx",&DWP(0,$b,"",0)); # load the first second - - for ($i=0; $i<$tot; $i++) - { - $ai=$as; - $bi=$bs; - $end=$be+1; - - &comment("################## Calculate word $i"); - - for ($j=$bs; $j<$end; $j++) - { - &xor($c2,$c2) if ($j == $bs); - if (($j+1) == $end) - { - $v=1; - $v=2 if (($i+1) == $tot); - } - else - { $v=0; } - if (($j+1) != $end) - { - $na=($ai-1); - $nb=($bi+1); - } - else - { - $na=$as+($i < ($num-1)); - $nb=$bs+($i >= ($num-1)); - } -#printf STDERR "[$ai,$bi] -> [$na,$nb]\n"; - &mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb); - if ($v) - { - &comment("saved r[$i]"); - # &mov("eax",&wparam(0)); - # &mov(&DWP($i*4,"eax","",0),$c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - } - $ai--; - $bi++; - } - $as++ if ($i < ($num-1)); - $ae++ if ($i >= ($num-1)); - - $bs++ if ($i >= ($num-1)); - $be++ if ($i < ($num-1)); - } - &comment("save r[$i]"); - # &mov("eax",&wparam(0)); - &mov(&DWP($i*4,"eax","",0),$c0); - - &pop("ebx"); - &pop("ebp"); - &pop("edi"); - &pop("esi"); - &ret(); - &function_end_B($name); - } - -sub bn_sqr_comba - { - local($name,$num)=@_; - local($r,$a,$c0,$c1,$c2)=@_; - local($i,$as,$ae,$bs,$be,$ai,$bi); - local($b,$tot,$end,$half); - - &function_begin_B($name,""); - - $c0="ebx"; - $c1="ecx"; - $c2="ebp"; - $a="esi"; - $r="edi"; - - &push("esi"); - &push("edi"); - &push("ebp"); - &push("ebx"); - &mov($r,&wparam(0)); - &mov($a,&wparam(1)); - &xor($c0,$c0); - &xor($c1,$c1); - &mov("eax",&DWP(0,$a,"",0)); # load the first word - - $as=0; - $ae=0; - $bs=0; - $be=0; - $tot=$num+$num-1; - - for ($i=0; $i<$tot; $i++) - { - $ai=$as; - $bi=$bs; - $end=$be+1; - - &comment("############### Calculate word $i"); - for ($j=$bs; $j<$end; $j++) - { - &xor($c2,$c2) if ($j == $bs); - if (($ai-1) < ($bi+1)) - { - $v=1; - $v=2 if ($i+1) == $tot; - } - else - { $v=0; } - if (!$v) - { - $na=$ai-1; - $nb=$bi+1; - } - else - { - $na=$as+($i < ($num-1)); - $nb=$bs+($i >= ($num-1)); - } - if ($ai == $bi) - { - &sqr_add_c($r,$a,$ai,$bi, - $c0,$c1,$c2,$v,$i,$na,$nb); - } - else - { - &sqr_add_c2($r,$a,$ai,$bi, - $c0,$c1,$c2,$v,$i,$na,$nb); - } - if ($v) - { - &comment("saved r[$i]"); - #&mov(&DWP($i*4,$r,"",0),$c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - last; - } - $ai--; - $bi++; - } - $as++ if ($i < ($num-1)); - $ae++ if ($i >= ($num-1)); - - $bs++ if ($i >= ($num-1)); - $be++ if ($i < ($num-1)); - } - &mov(&DWP($i*4,$r,"",0),$c0); - &pop("ebx"); - &pop("ebp"); - &pop("edi"); - &pop("esi"); - &ret(); - &function_end_B($name); - } diff --git a/crypto/openssl-0.9/crypto/bn/asm/x86.pl b/crypto/openssl-0.9/crypto/bn/asm/x86.pl deleted file mode 100644 index 1bc4f1bb27..0000000000 --- a/crypto/openssl-0.9/crypto/bn/asm/x86.pl +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/local/bin/perl - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -require("x86/mul_add.pl"); -require("x86/mul.pl"); -require("x86/sqr.pl"); -require("x86/div.pl"); -require("x86/add.pl"); -require("x86/sub.pl"); -require("x86/comba.pl"); - -&asm_init($ARGV[0],$0); - -&bn_mul_add_words("bn_mul_add_words"); -&bn_mul_words("bn_mul_words"); -&bn_sqr_words("bn_sqr_words"); -&bn_div_words("bn_div_words"); -&bn_add_words("bn_add_words"); -&bn_sub_words("bn_sub_words"); -&bn_mul_comba("bn_mul_comba8",8); -&bn_mul_comba("bn_mul_comba4",4); -&bn_sqr_comba("bn_sqr_comba8",8); -&bn_sqr_comba("bn_sqr_comba4",4); - -&asm_finish(); - diff --git a/crypto/openssl-0.9/crypto/bn/asm/x86/add.pl b/crypto/openssl-0.9/crypto/bn/asm/x86/add.pl deleted file mode 100644 index 0b5cf583e3..0000000000 --- a/crypto/openssl-0.9/crypto/bn/asm/x86/add.pl +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - -sub bn_add_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $a="esi"; - $b="edi"; - $c="eax"; - $r="ebx"; - $tmp1="ecx"; - $tmp2="edx"; - $num="ebp"; - - &mov($r,&wparam(0)); # get r - &mov($a,&wparam(1)); # get a - &mov($b,&wparam(2)); # get b - &mov($num,&wparam(3)); # get num - &xor($c,$c); # clear carry - &and($num,0xfffffff8); # num / 8 - - &jz(&label("aw_finish")); - - &set_label("aw_loop",0); - for ($i=0; $i<8; $i++) - { - &comment("Round $i"); - - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0)); # *b - &add($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &add($tmp1,$tmp2); - &adc($c,0); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - } - - &comment(""); - &add($a,32); - &add($b,32); - &add($r,32); - &sub($num,8); - &jnz(&label("aw_loop")); - - &set_label("aw_finish",0); - &mov($num,&wparam(3)); # get num - &and($num,7); - &jz(&label("aw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0));# *b - &add($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &add($tmp1,$tmp2); - &adc($c,0); - &dec($num) if ($i != 6); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *a - &jz(&label("aw_end")) if ($i != 6); - } - &set_label("aw_end",0); - -# &mov("eax",$c); # $c is "eax" - - &function_end($name); - } - -1; diff --git a/crypto/openssl-0.9/crypto/bn/asm/x86/comba.pl b/crypto/openssl-0.9/crypto/bn/asm/x86/comba.pl deleted file mode 100644 index 2291253629..0000000000 --- a/crypto/openssl-0.9/crypto/bn/asm/x86/comba.pl +++ /dev/null @@ -1,277 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - -sub mul_add_c - { - local($a,$ai,$b,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_; - - # pos == -1 if eax and edx are pre-loaded, 0 to load from next - # words, and 1 if load return value - - &comment("mul a[$ai]*b[$bi]"); - - # "eax" and "edx" will always be pre-loaded. - # &mov("eax",&DWP($ai*4,$a,"",0)) ; - # &mov("edx",&DWP($bi*4,$b,"",0)); - - &mul("edx"); - &add($c0,"eax"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # laod next a - &mov("eax",&wparam(0)) if $pos > 0; # load r[] - ### - &adc($c1,"edx"); - &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0; # laod next b - &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1; # laod next b - ### - &adc($c2,0); - # is pos > 1, it means it is the last loop - &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0; # save r[]; - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # laod next a - } - -sub sqr_add_c - { - local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_; - - # pos == -1 if eax and edx are pre-loaded, 0 to load from next - # words, and 1 if load return value - - &comment("sqr a[$ai]*a[$bi]"); - - # "eax" and "edx" will always be pre-loaded. - # &mov("eax",&DWP($ai*4,$a,"",0)) ; - # &mov("edx",&DWP($bi*4,$b,"",0)); - - if ($ai == $bi) - { &mul("eax");} - else - { &mul("edx");} - &add($c0,"eax"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a - ### - &adc($c1,"edx"); - &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos == 1) && ($na != $nb); - ### - &adc($c2,0); - # is pos > 1, it means it is the last loop - &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0; # save r[]; - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next b - } - -sub sqr_add_c2 - { - local($r,$a,$ai,$bi,$c0,$c1,$c2,$pos,$i,$na,$nb)=@_; - - # pos == -1 if eax and edx are pre-loaded, 0 to load from next - # words, and 1 if load return value - - &comment("sqr a[$ai]*a[$bi]"); - - # "eax" and "edx" will always be pre-loaded. - # &mov("eax",&DWP($ai*4,$a,"",0)) ; - # &mov("edx",&DWP($bi*4,$a,"",0)); - - if ($ai == $bi) - { &mul("eax");} - else - { &mul("edx");} - &add("eax","eax"); - ### - &adc("edx","edx"); - ### - &adc($c2,0); - &add($c0,"eax"); - &adc($c1,"edx"); - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0; # load next a - &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1; # load next b - &adc($c2,0); - &mov(&DWP($i*4,$r,"",0),$c0) if $pos > 0; # save r[]; - &mov("edx",&DWP(($nb)*4,$a,"",0)) if ($pos <= 1) && ($na != $nb); - ### - } - -sub bn_mul_comba - { - local($name,$num)=@_; - local($a,$b,$c0,$c1,$c2); - local($i,$as,$ae,$bs,$be,$ai,$bi); - local($tot,$end); - - &function_begin_B($name,""); - - $c0="ebx"; - $c1="ecx"; - $c2="ebp"; - $a="esi"; - $b="edi"; - - $as=0; - $ae=0; - $bs=0; - $be=0; - $tot=$num+$num-1; - - &push("esi"); - &mov($a,&wparam(1)); - &push("edi"); - &mov($b,&wparam(2)); - &push("ebp"); - &push("ebx"); - - &xor($c0,$c0); - &mov("eax",&DWP(0,$a,"",0)); # load the first word - &xor($c1,$c1); - &mov("edx",&DWP(0,$b,"",0)); # load the first second - - for ($i=0; $i<$tot; $i++) - { - $ai=$as; - $bi=$bs; - $end=$be+1; - - &comment("################## Calculate word $i"); - - for ($j=$bs; $j<$end; $j++) - { - &xor($c2,$c2) if ($j == $bs); - if (($j+1) == $end) - { - $v=1; - $v=2 if (($i+1) == $tot); - } - else - { $v=0; } - if (($j+1) != $end) - { - $na=($ai-1); - $nb=($bi+1); - } - else - { - $na=$as+($i < ($num-1)); - $nb=$bs+($i >= ($num-1)); - } -#printf STDERR "[$ai,$bi] -> [$na,$nb]\n"; - &mul_add_c($a,$ai,$b,$bi,$c0,$c1,$c2,$v,$i,$na,$nb); - if ($v) - { - &comment("saved r[$i]"); - # &mov("eax",&wparam(0)); - # &mov(&DWP($i*4,"eax","",0),$c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - } - $ai--; - $bi++; - } - $as++ if ($i < ($num-1)); - $ae++ if ($i >= ($num-1)); - - $bs++ if ($i >= ($num-1)); - $be++ if ($i < ($num-1)); - } - &comment("save r[$i]"); - # &mov("eax",&wparam(0)); - &mov(&DWP($i*4,"eax","",0),$c0); - - &pop("ebx"); - &pop("ebp"); - &pop("edi"); - &pop("esi"); - &ret(); - &function_end_B($name); - } - -sub bn_sqr_comba - { - local($name,$num)=@_; - local($r,$a,$c0,$c1,$c2)=@_; - local($i,$as,$ae,$bs,$be,$ai,$bi); - local($b,$tot,$end,$half); - - &function_begin_B($name,""); - - $c0="ebx"; - $c1="ecx"; - $c2="ebp"; - $a="esi"; - $r="edi"; - - &push("esi"); - &push("edi"); - &push("ebp"); - &push("ebx"); - &mov($r,&wparam(0)); - &mov($a,&wparam(1)); - &xor($c0,$c0); - &xor($c1,$c1); - &mov("eax",&DWP(0,$a,"",0)); # load the first word - - $as=0; - $ae=0; - $bs=0; - $be=0; - $tot=$num+$num-1; - - for ($i=0; $i<$tot; $i++) - { - $ai=$as; - $bi=$bs; - $end=$be+1; - - &comment("############### Calculate word $i"); - for ($j=$bs; $j<$end; $j++) - { - &xor($c2,$c2) if ($j == $bs); - if (($ai-1) < ($bi+1)) - { - $v=1; - $v=2 if ($i+1) == $tot; - } - else - { $v=0; } - if (!$v) - { - $na=$ai-1; - $nb=$bi+1; - } - else - { - $na=$as+($i < ($num-1)); - $nb=$bs+($i >= ($num-1)); - } - if ($ai == $bi) - { - &sqr_add_c($r,$a,$ai,$bi, - $c0,$c1,$c2,$v,$i,$na,$nb); - } - else - { - &sqr_add_c2($r,$a,$ai,$bi, - $c0,$c1,$c2,$v,$i,$na,$nb); - } - if ($v) - { - &comment("saved r[$i]"); - #&mov(&DWP($i*4,$r,"",0),$c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - last; - } - $ai--; - $bi++; - } - $as++ if ($i < ($num-1)); - $ae++ if ($i >= ($num-1)); - - $bs++ if ($i >= ($num-1)); - $be++ if ($i < ($num-1)); - } - &mov(&DWP($i*4,$r,"",0),$c0); - &pop("ebx"); - &pop("ebp"); - &pop("edi"); - &pop("esi"); - &ret(); - &function_end_B($name); - } - -1; diff --git a/crypto/openssl-0.9/crypto/bn/asm/x86/div.pl b/crypto/openssl-0.9/crypto/bn/asm/x86/div.pl deleted file mode 100644 index 0e90152caa..0000000000 --- a/crypto/openssl-0.9/crypto/bn/asm/x86/div.pl +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - -sub bn_div_words - { - local($name)=@_; - - &function_begin($name,""); - &mov("edx",&wparam(0)); # - &mov("eax",&wparam(1)); # - &mov("ebx",&wparam(2)); # - &div("ebx"); - &function_end($name); - } -1; diff --git a/crypto/openssl-0.9/crypto/bn/asm/x86/f b/crypto/openssl-0.9/crypto/bn/asm/x86/f deleted file mode 100644 index 22e4112224..0000000000 --- a/crypto/openssl-0.9/crypto/bn/asm/x86/f +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - diff --git a/crypto/openssl-0.9/crypto/bn/asm/x86/mul.pl b/crypto/openssl-0.9/crypto/bn/asm/x86/mul.pl deleted file mode 100644 index 674cb9b055..0000000000 --- a/crypto/openssl-0.9/crypto/bn/asm/x86/mul.pl +++ /dev/null @@ -1,77 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - -sub bn_mul_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $Low="eax"; - $High="edx"; - $a="ebx"; - $w="ecx"; - $r="edi"; - $c="esi"; - $num="ebp"; - - &xor($c,$c); # clear carry - &mov($r,&wparam(0)); # - &mov($a,&wparam(1)); # - &mov($num,&wparam(2)); # - &mov($w,&wparam(3)); # - - &and($num,0xfffffff8); # num / 8 - &jz(&label("mw_finish")); - - &set_label("mw_loop",0); - for ($i=0; $i<32; $i+=4) - { - &comment("Round $i"); - - &mov("eax",&DWP($i,$a,"",0)); # *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+=c - # XXX - - &adc("edx",0); # H(t)+=carry - &mov(&DWP($i,$r,"",0),"eax"); # *r= L(t); - - &mov($c,"edx"); # c= H(t); - } - - &comment(""); - &add($a,32); - &add($r,32); - &sub($num,8); - &jz(&label("mw_finish")); - &jmp(&label("mw_loop")); - - &set_label("mw_finish",0); - &mov($num,&wparam(2)); # get num - &and($num,7); - &jnz(&label("mw_finish2")); - &jmp(&label("mw_end")); - - &set_label("mw_finish2",1); - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov("eax",&DWP($i*4,$a,"",0));# *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+=c - # XXX - &adc("edx",0); # H(t)+=carry - &mov(&DWP($i*4,$r,"",0),"eax");# *r= L(t); - &mov($c,"edx"); # c= H(t); - &dec($num) if ($i != 7-1); - &jz(&label("mw_end")) if ($i != 7-1); - } - &set_label("mw_end",0); - &mov("eax",$c); - - &function_end($name); - } - -1; diff --git a/crypto/openssl-0.9/crypto/bn/asm/x86/mul_add.pl b/crypto/openssl-0.9/crypto/bn/asm/x86/mul_add.pl deleted file mode 100644 index 61830d3a90..0000000000 --- a/crypto/openssl-0.9/crypto/bn/asm/x86/mul_add.pl +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - -sub bn_mul_add_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $Low="eax"; - $High="edx"; - $a="ebx"; - $w="ebp"; - $r="edi"; - $c="esi"; - - &xor($c,$c); # clear carry - &mov($r,&wparam(0)); # - - &mov("ecx",&wparam(2)); # - &mov($a,&wparam(1)); # - - &and("ecx",0xfffffff8); # num / 8 - &mov($w,&wparam(3)); # - - &push("ecx"); # Up the stack for a tmp variable - - &jz(&label("maw_finish")); - - &set_label("maw_loop",0); - - &mov(&swtmp(0),"ecx"); # - - for ($i=0; $i<32; $i+=4) - { - &comment("Round $i"); - - &mov("eax",&DWP($i,$a,"",0)); # *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+= *r - &mov($c,&DWP($i,$r,"",0)); # L(t)+= *r - &adc("edx",0); # H(t)+=carry - &add("eax",$c); # L(t)+=c - &adc("edx",0); # H(t)+=carry - &mov(&DWP($i,$r,"",0),"eax"); # *r= L(t); - &mov($c,"edx"); # c= H(t); - } - - &comment(""); - &mov("ecx",&swtmp(0)); # - &add($a,32); - &add($r,32); - &sub("ecx",8); - &jnz(&label("maw_loop")); - - &set_label("maw_finish",0); - &mov("ecx",&wparam(2)); # get num - &and("ecx",7); - &jnz(&label("maw_finish2")); # helps branch prediction - &jmp(&label("maw_end")); - - &set_label("maw_finish2",1); - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov("eax",&DWP($i*4,$a,"",0));# *a - &mul($w); # *a * w - &add("eax",$c); # L(t)+=c - &mov($c,&DWP($i*4,$r,"",0)); # L(t)+= *r - &adc("edx",0); # H(t)+=carry - &add("eax",$c); - &adc("edx",0); # H(t)+=carry - &dec("ecx") if ($i != 7-1); - &mov(&DWP($i*4,$r,"",0),"eax"); # *r= L(t); - &mov($c,"edx"); # c= H(t); - &jz(&label("maw_end")) if ($i != 7-1); - } - &set_label("maw_end",0); - &mov("eax",$c); - - &pop("ecx"); # clear variable from - - &function_end($name); - } - -1; diff --git a/crypto/openssl-0.9/crypto/bn/asm/x86/sqr.pl b/crypto/openssl-0.9/crypto/bn/asm/x86/sqr.pl deleted file mode 100644 index 1f90993cf6..0000000000 --- a/crypto/openssl-0.9/crypto/bn/asm/x86/sqr.pl +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - -sub bn_sqr_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $r="esi"; - $a="edi"; - $num="ebx"; - - &mov($r,&wparam(0)); # - &mov($a,&wparam(1)); # - &mov($num,&wparam(2)); # - - &and($num,0xfffffff8); # num / 8 - &jz(&label("sw_finish")); - - &set_label("sw_loop",0); - for ($i=0; $i<32; $i+=4) - { - &comment("Round $i"); - &mov("eax",&DWP($i,$a,"",0)); # *a - # XXX - &mul("eax"); # *a * *a - &mov(&DWP($i*2,$r,"",0),"eax"); # - &mov(&DWP($i*2+4,$r,"",0),"edx");# - } - - &comment(""); - &add($a,32); - &add($r,64); - &sub($num,8); - &jnz(&label("sw_loop")); - - &set_label("sw_finish",0); - &mov($num,&wparam(2)); # get num - &and($num,7); - &jz(&label("sw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov("eax",&DWP($i*4,$a,"",0)); # *a - # XXX - &mul("eax"); # *a * *a - &mov(&DWP($i*8,$r,"",0),"eax"); # - &dec($num) if ($i != 7-1); - &mov(&DWP($i*8+4,$r,"",0),"edx"); - &jz(&label("sw_end")) if ($i != 7-1); - } - &set_label("sw_end",0); - - &function_end($name); - } - -1; diff --git a/crypto/openssl-0.9/crypto/bn/asm/x86/sub.pl b/crypto/openssl-0.9/crypto/bn/asm/x86/sub.pl deleted file mode 100644 index 837b0e1b07..0000000000 --- a/crypto/openssl-0.9/crypto/bn/asm/x86/sub.pl +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - -sub bn_sub_words - { - local($name)=@_; - - &function_begin($name,""); - - &comment(""); - $a="esi"; - $b="edi"; - $c="eax"; - $r="ebx"; - $tmp1="ecx"; - $tmp2="edx"; - $num="ebp"; - - &mov($r,&wparam(0)); # get r - &mov($a,&wparam(1)); # get a - &mov($b,&wparam(2)); # get b - &mov($num,&wparam(3)); # get num - &xor($c,$c); # clear carry - &and($num,0xfffffff8); # num / 8 - - &jz(&label("aw_finish")); - - &set_label("aw_loop",0); - for ($i=0; $i<8; $i++) - { - &comment("Round $i"); - - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0)); # *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *r - } - - &comment(""); - &add($a,32); - &add($b,32); - &add($r,32); - &sub($num,8); - &jnz(&label("aw_loop")); - - &set_label("aw_finish",0); - &mov($num,&wparam(3)); # get num - &and($num,7); - &jz(&label("aw_end")); - - for ($i=0; $i<7; $i++) - { - &comment("Tail Round $i"); - &mov($tmp1,&DWP($i*4,$a,"",0)); # *a - &mov($tmp2,&DWP($i*4,$b,"",0));# *b - &sub($tmp1,$c); - &mov($c,0); - &adc($c,$c); - &sub($tmp1,$tmp2); - &adc($c,0); - &dec($num) if ($i != 6); - &mov(&DWP($i*4,$r,"",0),$tmp1); # *a - &jz(&label("aw_end")) if ($i != 6); - } - &set_label("aw_end",0); - -# &mov("eax",$c); # $c is "eax" - - &function_end($name); - } - -1; diff --git a/crypto/openssl-0.9/crypto/bn/asm/x86_64-gcc.c b/crypto/openssl-0.9/crypto/bn/asm/x86_64-gcc.c deleted file mode 100644 index f13f52dd85..0000000000 --- a/crypto/openssl-0.9/crypto/bn/asm/x86_64-gcc.c +++ /dev/null @@ -1,597 +0,0 @@ -#ifdef __SUNPRO_C -# include "../bn_asm.c" /* kind of dirty hack for Sun Studio */ -#else -/* - * x86_64 BIGNUM accelerator version 0.1, December 2002. - * - * Implemented by Andy Polyakov for the OpenSSL - * project. - * - * Rights for redistribution and usage in source and binary forms are - * granted according to the OpenSSL license. Warranty of any kind is - * disclaimed. - * - * Q. Version 0.1? It doesn't sound like Andy, he used to assign real - * versions, like 1.0... - * A. Well, that's because this code is basically a quick-n-dirty - * proof-of-concept hack. As you can see it's implemented with - * inline assembler, which means that you're bound to GCC and that - * there might be enough room for further improvement. - * - * Q. Why inline assembler? - * A. x86_64 features own ABI which I'm not familiar with. This is - * why I decided to let the compiler take care of subroutine - * prologue/epilogue as well as register allocation. For reference. - * Win64 implements different ABI for AMD64, different from Linux. - * - * Q. How much faster does it get? - * A. 'apps/openssl speed rsa dsa' output with no-asm: - * - * sign verify sign/s verify/s - * rsa 512 bits 0.0006s 0.0001s 1683.8 18456.2 - * rsa 1024 bits 0.0028s 0.0002s 356.0 6407.0 - * rsa 2048 bits 0.0172s 0.0005s 58.0 1957.8 - * rsa 4096 bits 0.1155s 0.0018s 8.7 555.6 - * sign verify sign/s verify/s - * dsa 512 bits 0.0005s 0.0006s 2100.8 1768.3 - * dsa 1024 bits 0.0014s 0.0018s 692.3 559.2 - * dsa 2048 bits 0.0049s 0.0061s 204.7 165.0 - * - * 'apps/openssl speed rsa dsa' output with this module: - * - * sign verify sign/s verify/s - * rsa 512 bits 0.0004s 0.0000s 2767.1 33297.9 - * rsa 1024 bits 0.0012s 0.0001s 867.4 14674.7 - * rsa 2048 bits 0.0061s 0.0002s 164.0 5270.0 - * rsa 4096 bits 0.0384s 0.0006s 26.1 1650.8 - * sign verify sign/s verify/s - * dsa 512 bits 0.0002s 0.0003s 4442.2 3786.3 - * dsa 1024 bits 0.0005s 0.0007s 1835.1 1497.4 - * dsa 2048 bits 0.0016s 0.0020s 620.4 504.6 - * - * For the reference. IA-32 assembler implementation performs - * very much like 64-bit code compiled with no-asm on the same - * machine. - */ - -#define BN_ULONG unsigned long - -/* - * "m"(a), "+m"(r) is the way to favor DirectPath µ-code; - * "g"(0) let the compiler to decide where does it - * want to keep the value of zero; - */ -#define mul_add(r,a,word,carry) do { \ - register BN_ULONG high,low; \ - asm ("mulq %3" \ - : "=a"(low),"=d"(high) \ - : "a"(word),"m"(a) \ - : "cc"); \ - asm ("addq %2,%0; adcq %3,%1" \ - : "+r"(carry),"+d"(high)\ - : "a"(low),"g"(0) \ - : "cc"); \ - asm ("addq %2,%0; adcq %3,%1" \ - : "+m"(r),"+d"(high) \ - : "r"(carry),"g"(0) \ - : "cc"); \ - carry=high; \ - } while (0) - -#define mul(r,a,word,carry) do { \ - register BN_ULONG high,low; \ - asm ("mulq %3" \ - : "=a"(low),"=d"(high) \ - : "a"(word),"g"(a) \ - : "cc"); \ - asm ("addq %2,%0; adcq %3,%1" \ - : "+r"(carry),"+d"(high)\ - : "a"(low),"g"(0) \ - : "cc"); \ - (r)=carry, carry=high; \ - } while (0) - -#define sqr(r0,r1,a) \ - asm ("mulq %2" \ - : "=a"(r0),"=d"(r1) \ - : "a"(a) \ - : "cc"); - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) - { - BN_ULONG c1=0; - - if (num <= 0) return(c1); - - while (num&~3) - { - mul_add(rp[0],ap[0],w,c1); - mul_add(rp[1],ap[1],w,c1); - mul_add(rp[2],ap[2],w,c1); - mul_add(rp[3],ap[3],w,c1); - ap+=4; rp+=4; num-=4; - } - if (num) - { - mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1; - mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1; - mul_add(rp[2],ap[2],w,c1); return c1; - } - - return(c1); - } - -BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) - { - BN_ULONG c1=0; - - if (num <= 0) return(c1); - - while (num&~3) - { - mul(rp[0],ap[0],w,c1); - mul(rp[1],ap[1],w,c1); - mul(rp[2],ap[2],w,c1); - mul(rp[3],ap[3],w,c1); - ap+=4; rp+=4; num-=4; - } - if (num) - { - mul(rp[0],ap[0],w,c1); if (--num == 0) return c1; - mul(rp[1],ap[1],w,c1); if (--num == 0) return c1; - mul(rp[2],ap[2],w,c1); - } - return(c1); - } - -void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) - { - if (n <= 0) return; - - while (n&~3) - { - sqr(r[0],r[1],a[0]); - sqr(r[2],r[3],a[1]); - sqr(r[4],r[5],a[2]); - sqr(r[6],r[7],a[3]); - a+=4; r+=8; n-=4; - } - if (n) - { - sqr(r[0],r[1],a[0]); if (--n == 0) return; - sqr(r[2],r[3],a[1]); if (--n == 0) return; - sqr(r[4],r[5],a[2]); - } - } - -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) -{ BN_ULONG ret,waste; - - asm ("divq %4" - : "=a"(ret),"=d"(waste) - : "a"(l),"d"(h),"g"(d) - : "cc"); - - return ret; -} - -BN_ULONG bn_add_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) -{ BN_ULONG ret=0,i=0; - - if (n <= 0) return 0; - - asm ( - " subq %2,%2 \n" - ".align 16 \n" - "1: movq (%4,%2,8),%0 \n" - " adcq (%5,%2,8),%0 \n" - " movq %0,(%3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n" - : "=&a"(ret),"+c"(n),"=&r"(i) - : "r"(rp),"r"(ap),"r"(bp) - : "cc" - ); - - return ret&1; -} - -#ifndef SIMICS -BN_ULONG bn_sub_words (BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int n) -{ BN_ULONG ret=0,i=0; - - if (n <= 0) return 0; - - asm ( - " subq %2,%2 \n" - ".align 16 \n" - "1: movq (%4,%2,8),%0 \n" - " sbbq (%5,%2,8),%0 \n" - " movq %0,(%3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n" - : "=&a"(ret),"+c"(n),"=&r"(i) - : "r"(rp),"r"(ap),"r"(bp) - : "cc" - ); - - return ret&1; -} -#else -/* Simics 1.4<7 has buggy sbbq:-( */ -#define BN_MASK2 0xffffffffffffffffL -BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) - { - BN_ULONG t1,t2; - int c=0; - - if (n <= 0) return((BN_ULONG)0); - - for (;;) - { - t1=a[0]; t2=b[0]; - r[0]=(t1-t2-c)&BN_MASK2; - if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - - t1=a[1]; t2=b[1]; - r[1]=(t1-t2-c)&BN_MASK2; - if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - - t1=a[2]; t2=b[2]; - r[2]=(t1-t2-c)&BN_MASK2; - if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - - t1=a[3]; t2=b[3]; - r[3]=(t1-t2-c)&BN_MASK2; - if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - - a+=4; - b+=4; - r+=4; - } - return(c); - } -#endif - -/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ -/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ -/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ -/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ - -#if 0 -/* original macros are kept for reference purposes */ -#define mul_add_c(a,b,c0,c1,c2) { \ - BN_ULONG ta=(a),tb=(b); \ - t1 = ta * tb; \ - t2 = BN_UMULT_HIGH(ta,tb); \ - c0 += t1; t2 += (c0=1 && !$normal; - - &rotl($a,$s); - - &xor($tmp1,&Np($d)) if $pos <= 0; # I function - part = first time - &mov($tmp1,&DWP( 0,$tmp2,"",0)) if $pos > 0; - &add($a,$b); - } - - -sub md5_block - { - local($name)=@_; - - &function_begin_B($name,"",3); - - # parameter 1 is the MD5_CTX structure. - # A 0 - # B 4 - # C 8 - # D 12 - - &push("esi"); - &push("edi"); - &mov($tmp1, &wparam(0)); # edi - &mov($X, &wparam(1)); # esi - &mov($C, &wparam(2)); - &push("ebp"); - &shl($C, 6); - &push("ebx"); - &add($C, $X); # offset we end at - &sub($C, 64); - &mov($A, &DWP( 0,$tmp1,"",0)); - &push($C); # Put on the TOS - &mov($B, &DWP( 4,$tmp1,"",0)); - &mov($C, &DWP( 8,$tmp1,"",0)); - &mov($D, &DWP(12,$tmp1,"",0)); - - &set_label("start") unless $normal; - &comment(""); - &comment("R0 section"); - - &R0(-2,$A,$B,$C,$D,$X, 0, 7,0xd76aa478); - &R0( 0,$D,$A,$B,$C,$X, 1,12,0xe8c7b756); - &R0( 0,$C,$D,$A,$B,$X, 2,17,0x242070db); - &R0( 0,$B,$C,$D,$A,$X, 3,22,0xc1bdceee); - &R0( 0,$A,$B,$C,$D,$X, 4, 7,0xf57c0faf); - &R0( 0,$D,$A,$B,$C,$X, 5,12,0x4787c62a); - &R0( 0,$C,$D,$A,$B,$X, 6,17,0xa8304613); - &R0( 0,$B,$C,$D,$A,$X, 7,22,0xfd469501); - &R0( 0,$A,$B,$C,$D,$X, 8, 7,0x698098d8); - &R0( 0,$D,$A,$B,$C,$X, 9,12,0x8b44f7af); - &R0( 0,$C,$D,$A,$B,$X,10,17,0xffff5bb1); - &R0( 0,$B,$C,$D,$A,$X,11,22,0x895cd7be); - &R0( 0,$A,$B,$C,$D,$X,12, 7,0x6b901122); - &R0( 0,$D,$A,$B,$C,$X,13,12,0xfd987193); - &R0( 0,$C,$D,$A,$B,$X,14,17,0xa679438e); - &R0( 1,$B,$C,$D,$A,$X,15,22,0x49b40821); - - &comment(""); - &comment("R1 section"); - &R1(-1,$A,$B,$C,$D,$X,16, 5,0xf61e2562); - &R1( 0,$D,$A,$B,$C,$X,17, 9,0xc040b340); - &R1( 0,$C,$D,$A,$B,$X,18,14,0x265e5a51); - &R1( 0,$B,$C,$D,$A,$X,19,20,0xe9b6c7aa); - &R1( 0,$A,$B,$C,$D,$X,20, 5,0xd62f105d); - &R1( 0,$D,$A,$B,$C,$X,21, 9,0x02441453); - &R1( 0,$C,$D,$A,$B,$X,22,14,0xd8a1e681); - &R1( 0,$B,$C,$D,$A,$X,23,20,0xe7d3fbc8); - &R1( 0,$A,$B,$C,$D,$X,24, 5,0x21e1cde6); - &R1( 0,$D,$A,$B,$C,$X,25, 9,0xc33707d6); - &R1( 0,$C,$D,$A,$B,$X,26,14,0xf4d50d87); - &R1( 0,$B,$C,$D,$A,$X,27,20,0x455a14ed); - &R1( 0,$A,$B,$C,$D,$X,28, 5,0xa9e3e905); - &R1( 0,$D,$A,$B,$C,$X,29, 9,0xfcefa3f8); - &R1( 0,$C,$D,$A,$B,$X,30,14,0x676f02d9); - &R1( 1,$B,$C,$D,$A,$X,31,20,0x8d2a4c8a); - - &comment(""); - &comment("R2 section"); - &R2( 0,-1,$A,$B,$C,$D,$X,32, 4,0xfffa3942); - &R2( 1, 0,$D,$A,$B,$C,$X,33,11,0x8771f681); - &R2( 2, 0,$C,$D,$A,$B,$X,34,16,0x6d9d6122); - &R2( 3, 0,$B,$C,$D,$A,$X,35,23,0xfde5380c); - &R2( 4, 0,$A,$B,$C,$D,$X,36, 4,0xa4beea44); - &R2( 5, 0,$D,$A,$B,$C,$X,37,11,0x4bdecfa9); - &R2( 6, 0,$C,$D,$A,$B,$X,38,16,0xf6bb4b60); - &R2( 7, 0,$B,$C,$D,$A,$X,39,23,0xbebfbc70); - &R2( 8, 0,$A,$B,$C,$D,$X,40, 4,0x289b7ec6); - &R2( 9, 0,$D,$A,$B,$C,$X,41,11,0xeaa127fa); - &R2(10, 0,$C,$D,$A,$B,$X,42,16,0xd4ef3085); - &R2(11, 0,$B,$C,$D,$A,$X,43,23,0x04881d05); - &R2(12, 0,$A,$B,$C,$D,$X,44, 4,0xd9d4d039); - &R2(13, 0,$D,$A,$B,$C,$X,45,11,0xe6db99e5); - &R2(14, 0,$C,$D,$A,$B,$X,46,16,0x1fa27cf8); - &R2(15, 1,$B,$C,$D,$A,$X,47,23,0xc4ac5665); - - &comment(""); - &comment("R3 section"); - &R3(-1,$A,$B,$C,$D,$X,48, 6,0xf4292244); - &R3( 0,$D,$A,$B,$C,$X,49,10,0x432aff97); - &R3( 0,$C,$D,$A,$B,$X,50,15,0xab9423a7); - &R3( 0,$B,$C,$D,$A,$X,51,21,0xfc93a039); - &R3( 0,$A,$B,$C,$D,$X,52, 6,0x655b59c3); - &R3( 0,$D,$A,$B,$C,$X,53,10,0x8f0ccc92); - &R3( 0,$C,$D,$A,$B,$X,54,15,0xffeff47d); - &R3( 0,$B,$C,$D,$A,$X,55,21,0x85845dd1); - &R3( 0,$A,$B,$C,$D,$X,56, 6,0x6fa87e4f); - &R3( 0,$D,$A,$B,$C,$X,57,10,0xfe2ce6e0); - &R3( 0,$C,$D,$A,$B,$X,58,15,0xa3014314); - &R3( 0,$B,$C,$D,$A,$X,59,21,0x4e0811a1); - &R3( 0,$A,$B,$C,$D,$X,60, 6,0xf7537e82); - &R3( 0,$D,$A,$B,$C,$X,61,10,0xbd3af235); - &R3( 0,$C,$D,$A,$B,$X,62,15,0x2ad7d2bb); - &R3( 2,$B,$C,$D,$A,$X,63,21,0xeb86d391); - - # &mov($tmp2,&wparam(0)); # done in the last R3 - # &mov($tmp1, &DWP( 0,$tmp2,"",0)); # done is the last R3 - - &add($A,$tmp1); - &mov($tmp1, &DWP( 4,$tmp2,"",0)); - - &add($B,$tmp1); - &mov($tmp1, &DWP( 8,$tmp2,"",0)); - - &add($C,$tmp1); - &mov($tmp1, &DWP(12,$tmp2,"",0)); - - &add($D,$tmp1); - &mov(&DWP( 0,$tmp2,"",0),$A); - - &mov(&DWP( 4,$tmp2,"",0),$B); - &mov($tmp1,&swtmp(0)) unless $normal; - - &mov(&DWP( 8,$tmp2,"",0),$C); - &mov(&DWP(12,$tmp2,"",0),$D); - - &cmp($tmp1,$X) unless $normal; # check count - &jae(&label("start")) unless $normal; - - &pop("eax"); # pop the temp variable off the stack - &pop("ebx"); - &pop("ebp"); - &pop("edi"); - &pop("esi"); - &ret(); - &function_end_B($name); - } - diff --git a/crypto/openssl-0.9/crypto/md5/asm/md5-x86_64.pl b/crypto/openssl-0.9/crypto/md5/asm/md5-x86_64.pl deleted file mode 100755 index c36a7febf7..0000000000 --- a/crypto/openssl-0.9/crypto/md5/asm/md5-x86_64.pl +++ /dev/null @@ -1,245 +0,0 @@ -#!/usr/bin/perl -w -# -# MD5 optimized for AMD64. -# -# Author: Marc Bevand -# Licence: I hereby disclaim the copyright on this code and place it -# in the public domain. -# - -use strict; - -my $code; - -# round1_step() does: -# dst = x + ((dst + F(x,y,z) + X[k] + T_i) <<< s) -# %r10d = X[k_next] -# %r11d = z' (copy of z for the next step) -# Each round1_step() takes about 5.71 clocks (9 instructions, 1.58 IPC) -sub round1_step -{ - my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_; - $code .= " mov 0*4(%rsi), %r10d /* (NEXT STEP) X[0] */\n" if ($pos == -1); - $code .= " mov %edx, %r11d /* (NEXT STEP) z' = %edx */\n" if ($pos == -1); - $code .= <A - mov 1*4(%rbp), %ebx # ebx = ctx->B - mov 2*4(%rbp), %ecx # ecx = ctx->C - mov 3*4(%rbp), %edx # edx = ctx->D - # end is 'rdi' - # ptr is 'rsi' - # A is 'eax' - # B is 'ebx' - # C is 'ecx' - # D is 'edx' - - cmp %rdi, %rsi # cmp end with ptr - je .Lend # jmp if ptr == end - - # BEGIN of loop over 16-word blocks -.Lloop: # save old values of A, B, C, D - mov %eax, %r8d - mov %ebx, %r9d - mov %ecx, %r14d - mov %edx, %r15d -EOF -round1_step(-1,'%eax','%ebx','%ecx','%edx', '1','0xd76aa478', '7'); -round1_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xe8c7b756','12'); -round1_step( 0,'%ecx','%edx','%eax','%ebx', '3','0x242070db','17'); -round1_step( 0,'%ebx','%ecx','%edx','%eax', '4','0xc1bdceee','22'); -round1_step( 0,'%eax','%ebx','%ecx','%edx', '5','0xf57c0faf', '7'); -round1_step( 0,'%edx','%eax','%ebx','%ecx', '6','0x4787c62a','12'); -round1_step( 0,'%ecx','%edx','%eax','%ebx', '7','0xa8304613','17'); -round1_step( 0,'%ebx','%ecx','%edx','%eax', '8','0xfd469501','22'); -round1_step( 0,'%eax','%ebx','%ecx','%edx', '9','0x698098d8', '7'); -round1_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8b44f7af','12'); -round1_step( 0,'%ecx','%edx','%eax','%ebx','11','0xffff5bb1','17'); -round1_step( 0,'%ebx','%ecx','%edx','%eax','12','0x895cd7be','22'); -round1_step( 0,'%eax','%ebx','%ecx','%edx','13','0x6b901122', '7'); -round1_step( 0,'%edx','%eax','%ebx','%ecx','14','0xfd987193','12'); -round1_step( 0,'%ecx','%edx','%eax','%ebx','15','0xa679438e','17'); -round1_step( 1,'%ebx','%ecx','%edx','%eax', '0','0x49b40821','22'); - -round2_step(-1,'%eax','%ebx','%ecx','%edx', '6','0xf61e2562', '5'); -round2_step( 0,'%edx','%eax','%ebx','%ecx','11','0xc040b340', '9'); -round2_step( 0,'%ecx','%edx','%eax','%ebx', '0','0x265e5a51','14'); -round2_step( 0,'%ebx','%ecx','%edx','%eax', '5','0xe9b6c7aa','20'); -round2_step( 0,'%eax','%ebx','%ecx','%edx','10','0xd62f105d', '5'); -round2_step( 0,'%edx','%eax','%ebx','%ecx','15', '0x2441453', '9'); -round2_step( 0,'%ecx','%edx','%eax','%ebx', '4','0xd8a1e681','14'); -round2_step( 0,'%ebx','%ecx','%edx','%eax', '9','0xe7d3fbc8','20'); -round2_step( 0,'%eax','%ebx','%ecx','%edx','14','0x21e1cde6', '5'); -round2_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xc33707d6', '9'); -round2_step( 0,'%ecx','%edx','%eax','%ebx', '8','0xf4d50d87','14'); -round2_step( 0,'%ebx','%ecx','%edx','%eax','13','0x455a14ed','20'); -round2_step( 0,'%eax','%ebx','%ecx','%edx', '2','0xa9e3e905', '5'); -round2_step( 0,'%edx','%eax','%ebx','%ecx', '7','0xfcefa3f8', '9'); -round2_step( 0,'%ecx','%edx','%eax','%ebx','12','0x676f02d9','14'); -round2_step( 1,'%ebx','%ecx','%edx','%eax', '0','0x8d2a4c8a','20'); - -round3_step(-1,'%eax','%ebx','%ecx','%edx', '8','0xfffa3942', '4'); -round3_step( 0,'%edx','%eax','%ebx','%ecx','11','0x8771f681','11'); -round3_step( 0,'%ecx','%edx','%eax','%ebx','14','0x6d9d6122','16'); -round3_step( 0,'%ebx','%ecx','%edx','%eax', '1','0xfde5380c','23'); -round3_step( 0,'%eax','%ebx','%ecx','%edx', '4','0xa4beea44', '4'); -round3_step( 0,'%edx','%eax','%ebx','%ecx', '7','0x4bdecfa9','11'); -round3_step( 0,'%ecx','%edx','%eax','%ebx','10','0xf6bb4b60','16'); -round3_step( 0,'%ebx','%ecx','%edx','%eax','13','0xbebfbc70','23'); -round3_step( 0,'%eax','%ebx','%ecx','%edx', '0','0x289b7ec6', '4'); -round3_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xeaa127fa','11'); -round3_step( 0,'%ecx','%edx','%eax','%ebx', '6','0xd4ef3085','16'); -round3_step( 0,'%ebx','%ecx','%edx','%eax', '9', '0x4881d05','23'); -round3_step( 0,'%eax','%ebx','%ecx','%edx','12','0xd9d4d039', '4'); -round3_step( 0,'%edx','%eax','%ebx','%ecx','15','0xe6db99e5','11'); -round3_step( 0,'%ecx','%edx','%eax','%ebx', '2','0x1fa27cf8','16'); -round3_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xc4ac5665','23'); - -round4_step(-1,'%eax','%ebx','%ecx','%edx', '7','0xf4292244', '6'); -round4_step( 0,'%edx','%eax','%ebx','%ecx','14','0x432aff97','10'); -round4_step( 0,'%ecx','%edx','%eax','%ebx', '5','0xab9423a7','15'); -round4_step( 0,'%ebx','%ecx','%edx','%eax','12','0xfc93a039','21'); -round4_step( 0,'%eax','%ebx','%ecx','%edx', '3','0x655b59c3', '6'); -round4_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8f0ccc92','10'); -round4_step( 0,'%ecx','%edx','%eax','%ebx', '1','0xffeff47d','15'); -round4_step( 0,'%ebx','%ecx','%edx','%eax', '8','0x85845dd1','21'); -round4_step( 0,'%eax','%ebx','%ecx','%edx','15','0x6fa87e4f', '6'); -round4_step( 0,'%edx','%eax','%ebx','%ecx', '6','0xfe2ce6e0','10'); -round4_step( 0,'%ecx','%edx','%eax','%ebx','13','0xa3014314','15'); -round4_step( 0,'%ebx','%ecx','%edx','%eax', '4','0x4e0811a1','21'); -round4_step( 0,'%eax','%ebx','%ecx','%edx','11','0xf7537e82', '6'); -round4_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xbd3af235','10'); -round4_step( 0,'%ecx','%edx','%eax','%ebx', '9','0x2ad7d2bb','15'); -round4_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xeb86d391','21'); -$code .= <A = A - mov %ebx, 1*4(%rbp) # ctx->B = B - mov %ecx, 2*4(%rbp) # ctx->C = C - mov %edx, 3*4(%rbp) # ctx->D = D - - pop %r15 - pop %r14 - pop %rbx - pop %rbp - ret -.size md5_block_asm_host_order,.-md5_block_asm_host_order -EOF - -print $code; - -close STDOUT; diff --git a/crypto/openssl-0.9/crypto/opensslconf.h.in b/crypto/openssl-0.9/crypto/opensslconf.h.in deleted file mode 100644 index cee83acf98..0000000000 --- a/crypto/openssl-0.9/crypto/opensslconf.h.in +++ /dev/null @@ -1,159 +0,0 @@ -/* crypto/opensslconf.h.in */ - -/* Generate 80386 code? */ -#undef I386_ONLY - -#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ -#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define ENGINESDIR "/usr/local/lib/engines" -#define OPENSSLDIR "/usr/local/ssl" -#endif -#endif - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) -#define IDEA_INT unsigned int -#endif - -#if defined(HEADER_MD2_H) && !defined(MD2_INT) -#define MD2_INT unsigned int -#endif - -#if defined(HEADER_RC2_H) && !defined(RC2_INT) -/* I need to put in a mod for the alpha - eay */ -#define RC2_INT unsigned int -#endif - -#if defined(HEADER_RC4_H) -#if !defined(RC4_INT) -/* using int types make the structure larger but make the code faster - * on most boxes I have tested - up to %20 faster. */ -/* - * I don't know what does "most" mean, but declaring "int" is a must on: - * - Intel P6 because partial register stalls are very expensive; - * - elder Alpha because it lacks byte load/store instructions; - */ -#define RC4_INT unsigned int -#endif -#if !defined(RC4_CHUNK) -/* - * This enables code handling data aligned at natural CPU word - * boundary. See crypto/rc4/rc4_enc.c for further details. - */ -#undef RC4_CHUNK -#endif -#endif - -#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -#ifndef DES_LONG -#define DES_LONG unsigned long -#endif -#endif - -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) -#define CONFIG_HEADER_BN_H -#undef BN_LLONG - -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ -#undef SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT -#endif - -#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) -#define CONFIG_HEADER_RC4_LOCL_H -/* if this is defined data[i] is used instead of *data, this is a %20 - * speedup on x86 */ -#undef RC4_INDEX -#endif - -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -#define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR -#endif /* HEADER_BF_LOCL_H */ - -#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) -#define CONFIG_HEADER_DES_LOCL_H -#ifndef DES_DEFAULT_OPTIONS -/* the following is tweaked from a config script, that is why it is a - * protected undef/define */ -#ifndef DES_PTR -#undef DES_PTR -#endif - -/* This helps C compiler generate the correct code for multiple functional - * units. It reduces register dependancies at the expense of 2 more - * registers */ -#ifndef DES_RISC1 -#undef DES_RISC1 -#endif - -#ifndef DES_RISC2 -#undef DES_RISC2 -#endif - -#if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -#endif - -/* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ -#ifndef DES_UNROLL -#undef DES_UNROLL -#endif - -/* These default values were supplied by - * Peter Gutman - * They are only used if nothing else has been defined */ -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -/* Special defines which change the way the code is built depending on the - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find - even newer MIPS CPU's, but at the moment one size fits all for - optimization options. Older Sparc's work better with only UNROLL, but - there's no way to tell at compile time what it is you're running on */ - -#if defined( sun ) /* Newer Sparc's */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#elif defined( __ultrix ) /* Older MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined( __osf1__ ) /* Alpha */ -# define DES_PTR -# define DES_RISC2 -#elif defined ( _AIX ) /* RS6000 */ - /* Unknown */ -#elif defined( __hpux ) /* HP-PA */ - /* Unknown */ -#elif defined( __aux ) /* 68K */ - /* Unknown */ -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ -# define DES_UNROLL -#elif defined( __sgi ) /* Newer MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#endif /* Systems-specific speed defines */ -#endif - -#endif /* DES_DEFAULT_OPTIONS */ -#endif /* HEADER_DES_LOCL_H */ diff --git a/crypto/openssl-0.9/crypto/perlasm/cbc.pl b/crypto/openssl-0.9/crypto/perlasm/cbc.pl deleted file mode 100644 index e43dc9ae15..0000000000 --- a/crypto/openssl-0.9/crypto/perlasm/cbc.pl +++ /dev/null @@ -1,351 +0,0 @@ -#!/usr/local/bin/perl - -# void des_ncbc_encrypt(input, output, length, schedule, ivec, enc) -# des_cblock (*input); -# des_cblock (*output); -# long length; -# des_key_schedule schedule; -# des_cblock (*ivec); -# int enc; -# -# calls -# des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); -# - -#&cbc("des_ncbc_encrypt","des_encrypt",0); -#&cbc("BF_cbc_encrypt","BF_encrypt","BF_encrypt", -# 1,4,5,3,5,-1); -#&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt", -# 0,4,5,3,5,-1); -#&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3", -# 0,6,7,3,4,5); -# -# When doing a cipher that needs bigendian order, -# for encrypt, the iv is kept in bigendian form, -# while for decrypt, it is kept in little endian. -sub cbc - { - local($name,$enc_func,$dec_func,$swap,$iv_off,$enc_off,$p1,$p2,$p3)=@_; - # name is the function name - # enc_func and dec_func and the functions to call for encrypt/decrypt - # swap is true if byte order needs to be reversed - # iv_off is parameter number for the iv - # enc_off is parameter number for the encrypt/decrypt flag - # p1,p2,p3 are the offsets for parameters to be passed to the - # underlying calls. - - &function_begin_B($name,""); - &comment(""); - - $in="esi"; - $out="edi"; - $count="ebp"; - - &push("ebp"); - &push("ebx"); - &push("esi"); - &push("edi"); - - $data_off=4; - $data_off+=4 if ($p1 > 0); - $data_off+=4 if ($p2 > 0); - $data_off+=4 if ($p3 > 0); - - &mov($count, &wparam(2)); # length - - &comment("getting iv ptr from parameter $iv_off"); - &mov("ebx", &wparam($iv_off)); # Get iv ptr - - &mov($in, &DWP(0,"ebx","",0));# iv[0] - &mov($out, &DWP(4,"ebx","",0));# iv[1] - - &push($out); - &push($in); - &push($out); # used in decrypt for iv[1] - &push($in); # used in decrypt for iv[0] - - &mov("ebx", "esp"); # This is the address of tin[2] - - &mov($in, &wparam(0)); # in - &mov($out, &wparam(1)); # out - - # We have loaded them all, how lets push things - &comment("getting encrypt flag from parameter $enc_off"); - &mov("ecx", &wparam($enc_off)); # Get enc flag - if ($p3 > 0) - { - &comment("get and push parameter $p3"); - if ($enc_off != $p3) - { &mov("eax", &wparam($p3)); &push("eax"); } - else { &push("ecx"); } - } - if ($p2 > 0) - { - &comment("get and push parameter $p2"); - if ($enc_off != $p2) - { &mov("eax", &wparam($p2)); &push("eax"); } - else { &push("ecx"); } - } - if ($p1 > 0) - { - &comment("get and push parameter $p1"); - if ($enc_off != $p1) - { &mov("eax", &wparam($p1)); &push("eax"); } - else { &push("ecx"); } - } - &push("ebx"); # push data/iv - - &cmp("ecx",0); - &jz(&label("decrypt")); - - &and($count,0xfffffff8); - &mov("eax", &DWP($data_off,"esp","",0)); # load iv[0] - &mov("ebx", &DWP($data_off+4,"esp","",0)); # load iv[1] - - &jz(&label("encrypt_finish")); - - ############################################################# - - &set_label("encrypt_loop"); - # encrypt start - # "eax" and "ebx" hold iv (or the last cipher text) - - &mov("ecx", &DWP(0,$in,"",0)); # load first 4 bytes - &mov("edx", &DWP(4,$in,"",0)); # second 4 bytes - - &xor("eax", "ecx"); - &xor("ebx", "edx"); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($enc_func); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP(0,$out,"",0),"eax"); - &mov(&DWP(4,$out,"",0),"ebx"); - - # eax and ebx are the next iv. - - &add($in, 8); - &add($out, 8); - - &sub($count, 8); - &jnz(&label("encrypt_loop")); - -###################################################################3 - &set_label("encrypt_finish"); - &mov($count, &wparam(2)); # length - &and($count, 7); - &jz(&label("finish")); - &call(&label("PIC_point")); -&set_label("PIC_point"); - &blindpop("edx"); - &lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx")); - &mov($count,&DWP(0,"ecx",$count,4)) - &add($count,"edx"); - &xor("ecx","ecx"); - &xor("edx","edx"); - #&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4)); - &jmp_ptr($count); - -&set_label("ej7"); - &xor("edx", "edx") if $ppro; # ppro friendly - &movb(&HB("edx"), &BP(6,$in,"",0)); - &shl("edx",8); -&set_label("ej6"); - &movb(&HB("edx"), &BP(5,$in,"",0)); -&set_label("ej5"); - &movb(&LB("edx"), &BP(4,$in,"",0)); -&set_label("ej4"); - &mov("ecx", &DWP(0,$in,"",0)); - &jmp(&label("ejend")); -&set_label("ej3"); - &movb(&HB("ecx"), &BP(2,$in,"",0)); - &xor("ecx", "ecx") if $ppro; # ppro friendly - &shl("ecx",8); -&set_label("ej2"); - &movb(&HB("ecx"), &BP(1,$in,"",0)); -&set_label("ej1"); - &movb(&LB("ecx"), &BP(0,$in,"",0)); -&set_label("ejend"); - - &xor("eax", "ecx"); - &xor("ebx", "edx"); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($enc_func); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP(0,$out,"",0),"eax"); - &mov(&DWP(4,$out,"",0),"ebx"); - - &jmp(&label("finish")); - - ############################################################# - ############################################################# - &set_label("decrypt",1); - # decrypt start - &and($count,0xfffffff8); - # The next 2 instructions are only for if the jz is taken - &mov("eax", &DWP($data_off+8,"esp","",0)); # get iv[0] - &mov("ebx", &DWP($data_off+12,"esp","",0)); # get iv[1] - &jz(&label("decrypt_finish")); - - &set_label("decrypt_loop"); - &mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes - &mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($dec_func); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0] - &mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1] - - &xor("ecx", "eax"); - &xor("edx", "ebx"); - - &mov("eax", &DWP(0,$in,"",0)); # get old cipher text, - &mov("ebx", &DWP(4,$in,"",0)); # next iv actually - - &mov(&DWP(0,$out,"",0),"ecx"); - &mov(&DWP(4,$out,"",0),"edx"); - - &mov(&DWP($data_off+8,"esp","",0), "eax"); # save iv - &mov(&DWP($data_off+12,"esp","",0), "ebx"); # - - &add($in, 8); - &add($out, 8); - - &sub($count, 8); - &jnz(&label("decrypt_loop")); -############################ ENDIT #######################3 - &set_label("decrypt_finish"); - &mov($count, &wparam(2)); # length - &and($count, 7); - &jz(&label("finish")); - - &mov("eax", &DWP(0,$in,"",0)); # load first 4 bytes - &mov("ebx", &DWP(4,$in,"",0)); # second 4 bytes - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - - &call($dec_func); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # - - &bswap("eax") if $swap; - &bswap("ebx") if $swap; - - &mov("ecx", &DWP($data_off+8,"esp","",0)); # get iv[0] - &mov("edx", &DWP($data_off+12,"esp","",0)); # get iv[1] - - &xor("ecx", "eax"); - &xor("edx", "ebx"); - - # this is for when we exit - &mov("eax", &DWP(0,$in,"",0)); # get old cipher text, - &mov("ebx", &DWP(4,$in,"",0)); # next iv actually - -&set_label("dj7"); - &rotr("edx", 16); - &movb(&BP(6,$out,"",0), &LB("edx")); - &shr("edx",16); -&set_label("dj6"); - &movb(&BP(5,$out,"",0), &HB("edx")); -&set_label("dj5"); - &movb(&BP(4,$out,"",0), &LB("edx")); -&set_label("dj4"); - &mov(&DWP(0,$out,"",0), "ecx"); - &jmp(&label("djend")); -&set_label("dj3"); - &rotr("ecx", 16); - &movb(&BP(2,$out,"",0), &LB("ecx")); - &shl("ecx",16); -&set_label("dj2"); - &movb(&BP(1,$in,"",0), &HB("ecx")); -&set_label("dj1"); - &movb(&BP(0,$in,"",0), &LB("ecx")); -&set_label("djend"); - - # final iv is still in eax:ebx - &jmp(&label("finish")); - - -############################ FINISH #######################3 - &set_label("finish",1); - &mov("ecx", &wparam($iv_off)); # Get iv ptr - - ################################################# - $total=16+4; - $total+=4 if ($p1 > 0); - $total+=4 if ($p2 > 0); - $total+=4 if ($p3 > 0); - &add("esp",$total); - - &mov(&DWP(0,"ecx","",0), "eax"); # save iv - &mov(&DWP(4,"ecx","",0), "ebx"); # save iv - - &function_end_A($name); - - &align(64); - &set_label("cbc_enc_jmp_table"); - &data_word("0"); - &data_word(&label("ej1")."-".&label("PIC_point")); - &data_word(&label("ej2")."-".&label("PIC_point")); - &data_word(&label("ej3")."-".&label("PIC_point")); - &data_word(&label("ej4")."-".&label("PIC_point")); - &data_word(&label("ej5")."-".&label("PIC_point")); - &data_word(&label("ej6")."-".&label("PIC_point")); - &data_word(&label("ej7")."-".&label("PIC_point")); - # not used - #&set_label("cbc_dec_jmp_table",1); - #&data_word("0"); - #&data_word(&label("dj1")."-".&label("PIC_point")); - #&data_word(&label("dj2")."-".&label("PIC_point")); - #&data_word(&label("dj3")."-".&label("PIC_point")); - #&data_word(&label("dj4")."-".&label("PIC_point")); - #&data_word(&label("dj5")."-".&label("PIC_point")); - #&data_word(&label("dj6")."-".&label("PIC_point")); - #&data_word(&label("dj7")."-".&label("PIC_point")); - &align(64); - - &function_end_B($name); - - } - -1; diff --git a/crypto/openssl-0.9/crypto/perlasm/readme b/crypto/openssl-0.9/crypto/perlasm/readme deleted file mode 100644 index f02bbee75a..0000000000 --- a/crypto/openssl-0.9/crypto/perlasm/readme +++ /dev/null @@ -1,124 +0,0 @@ -The perl scripts in this directory are my 'hack' to generate -multiple different assembler formats via the one origional script. - -The way to use this library is to start with adding the path to this directory -and then include it. - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -The first thing we do is setup the file and type of assember - -&asm_init($ARGV[0],$0); - -The first argument is the 'type'. Currently -'cpp', 'sol', 'a.out', 'elf' or 'win32'. -Argument 2 is the file name. - -The reciprocal function is -&asm_finish() which should be called at the end. - -There are 2 main 'packages'. x86ms.pl, which is the microsoft assembler, -and x86unix.pl which is the unix (gas) version. - -Functions of interest are: -&external_label("des_SPtrans"); declare and external variable -&LB(reg); Low byte for a register -&HB(reg); High byte for a register -&BP(off,base,index,scale) Byte pointer addressing -&DWP(off,base,index,scale) Word pointer addressing -&stack_push(num) Basically a 'sub esp, num*4' with extra -&stack_pop(num) inverse of stack_push -&function_begin(name,extra) Start a function with pushing of - edi, esi, ebx and ebp. extra is extra win32 - external info that may be required. -&function_begin_B(name,extra) Same as norma function_begin but no pushing. -&function_end(name) Call at end of function. -&function_end_A(name) Standard pop and ret, for use inside functions -&function_end_B(name) Call at end but with poping or 'ret'. -&swtmp(num) Address on stack temp word. -&wparam(num) Parameter number num, that was push - in C convention. This all works over pushes - and pops. -&comment("hello there") Put in a comment. -&label("loop") Refer to a label, normally a jmp target. -&set_label("loop") Set a label at this point. -&data_word(word) Put in a word of data. - -So how does this all hold together? Given - -int calc(int len, int *data) - { - int i,j=0; - - for (i=0; i. -# -# Why AT&T to MASM and not vice versa? Several reasons. Because AT&T -# format is way easier to parse. Because it's simpler to "gear" from -# Unix ABI to Windows one [see cross-reference "card" at the end of -# file]. Because Linux targets were available first... -# -# In addition the script also "distills" code suitable for GNU -# assembler, so that it can be compiled with more rigid assemblers, -# such as Solaris /usr/ccs/bin/as. -# -# This translator is not designed to convert *arbitrary* assembler -# code from AT&T format to MASM one. It's designed to convert just -# enough to provide for dual-ABI OpenSSL modules development... -# There *are* limitations and you might have to modify your assembler -# code or this script to achieve the desired result... -# -# Currently recognized limitations: -# -# - can't use multiple ops per line; -# - indirect calls and jumps are not supported; -# -# Dual-ABI styling rules. -# -# 1. Adhere to Unix register and stack layout [see the end for -# explanation]. -# 2. Forget about "red zone," stick to more traditional blended -# stack frame allocation. If volatile storage is actually required -# that is. If not, just leave the stack as is. -# 3. Functions tagged with ".type name,@function" get crafted with -# unified Win64 prologue and epilogue automatically. If you want -# to take care of ABI differences yourself, tag functions as -# ".type name,@abi-omnipotent" instead. -# 4. To optimize the Win64 prologue you can specify number of input -# arguments as ".type name,@function,N." Keep in mind that if N is -# larger than 6, then you *have to* write "abi-omnipotent" code, -# because >6 cases can't be addressed with unified prologue. -# 5. Name local labels as .L*, do *not* use dynamic labels such as 1: -# (sorry about latter). -# 6. Don't use [or hand-code with .byte] "rep ret." "ret" mnemonic is -# required to identify the spots, where to inject Win64 epilogue! -# But on the pros, it's then prefixed with rep automatically:-) -# 7. Due to MASM limitations [and certain general counter-intuitivity -# of ip-relative addressing] generation of position-independent -# code is assisted by synthetic directive, .picmeup, which puts -# address of the *next* instruction into target register. -# -# Example 1: -# .picmeup %rax -# lea .Label-.(%rax),%rax -# Example 2: -# .picmeup %rcx -# .Lpic_point: -# ... -# lea .Label-.Lpic_point(%rcx),%rbp - -my $output = shift; -open STDOUT,">$output" || die "can't open $output: $!"; - -my $masm=1 if ($output =~ /\.asm/); - -my $current_segment; -my $current_function; - -{ package opcode; # pick up opcodes - sub re { - my $self = shift; # single instance in enough... - local *line = shift; - undef $ret; - - if ($line =~ /^([a-z]+)/i) { - $self->{op} = $1; - $ret = $self; - $line = substr($line,@+[0]); $line =~ s/^\s+//; - - undef $self->{sz}; - if ($self->{op} =~ /(movz)b.*/) { # movz is pain... - $self->{op} = $1; - $self->{sz} = "b"; - } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])/) { - $self->{op} = $1; - $self->{sz} = $2; - } - } - $ret; - } - sub size { - my $self = shift; - my $sz = shift; - $self->{sz} = $sz if (defined($sz) && !defined($self->{sz})); - $self->{sz}; - } - sub out { - my $self = shift; - if (!$masm) { - if ($self->{op} eq "movz") { # movz in pain... - sprintf "%s%s%s",$self->{op},$self->{sz},shift; - } elsif ($self->{op} eq "ret") { - ".byte 0xf3,0xc3"; - } else { - "$self->{op}$self->{sz}"; - } - } else { - $self->{op} =~ s/movz/movzx/; - if ($self->{op} eq "ret") { - $self->{op} = ""; - if ($current_function->{abi} eq "svr4") { - $self->{op} = "mov rdi,QWORD PTR 8[rsp]\t;WIN64 epilogue\n\t". - "mov rsi,QWORD PTR 16[rsp]\n\t"; - } - $self->{op} .= "DB\t0F3h,0C3h\t\t;repret"; - } - $self->{op}; - } - } -} -{ package const; # pick up constants, which start with $ - sub re { - my $self = shift; # single instance in enough... - local *line = shift; - undef $ret; - - if ($line =~ /^\$([^,]+)/) { - $self->{value} = $1; - $ret = $self; - $line = substr($line,@+[0]); $line =~ s/^\s+//; - } - $ret; - } - sub out { - my $self = shift; - - if (!$masm) { - sprintf "\$%s",$self->{value}; - } else { - $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig; - sprintf "%s",$self->{value}; - } - } -} -{ package ea; # pick up effective addresses: expr(%reg,%reg,scale) - sub re { - my $self = shift; # single instance in enough... - local *line = shift; - undef $ret; - - if ($line =~ /^([^\(,]*)\(([%\w,]+)\)/) { - $self->{label} = $1; - ($self->{base},$self->{index},$self->{scale})=split(/,/,$2); - $self->{scale} = 1 if (!defined($self->{scale})); - $ret = $self; - $line = substr($line,@+[0]); $line =~ s/^\s+//; - - $self->{base} =~ s/^%//; - $self->{index} =~ s/^%// if (defined($self->{index})); - } - $ret; - } - sub size {} - sub out { - my $self = shift; - my $sz = shift; - - if (!$masm) { - # elder GNU assembler insists on 64-bit EAs:-( - # on pros side, this results in more compact code:-) - $self->{index} =~ s/^[er](.?[0-9xp])[d]?$/r\1/; - $self->{base} =~ s/^[er](.?[0-9xp])[d]?$/r\1/; - # Solaris /usr/ccs/bin/as can't handle multiplications - # in $self->{label} - $self->{label} =~ s/(?{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg; - - if (defined($self->{index})) { - sprintf "%s(%%%s,%%%s,%d)", - $self->{label},$self->{base}, - $self->{index},$self->{scale}; - } else { - sprintf "%s(%%%s)", $self->{label},$self->{base}; - } - } else { - %szmap = ( b=>"BYTE", w=>"WORD", l=>"DWORD", q=>"QWORD" ); - - $self->{label} =~ s/\./\$/g; - $self->{label} =~ s/0x([0-9a-f]+)/0$1h/ig; - $self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/); - - if (defined($self->{index})) { - sprintf "%s PTR %s[%s*%d+%s]",$szmap{$sz}, - $self->{label}, - $self->{index},$self->{scale}, - $self->{base}; - } else { - sprintf "%s PTR %s[%s]",$szmap{$sz}, - $self->{label},$self->{base}; - } - } - } -} -{ package register; # pick up registers, which start with %. - sub re { - my $class = shift; # muliple instances... - my $self = {}; - local *line = shift; - undef $ret; - - if ($line =~ /^%(\w+)/) { - bless $self,$class; - $self->{value} = $1; - $ret = $self; - $line = substr($line,@+[0]); $line =~ s/^\s+//; - } - $ret; - } - sub size { - my $self = shift; - undef $ret; - - if ($self->{value} =~ /^r[\d]+b$/i) { $ret="b"; } - elsif ($self->{value} =~ /^r[\d]+w$/i) { $ret="w"; } - elsif ($self->{value} =~ /^r[\d]+d$/i) { $ret="l"; } - elsif ($self->{value} =~ /^r[\w]+$/i) { $ret="q"; } - elsif ($self->{value} =~ /^[a-d][hl]$/i){ $ret="b"; } - elsif ($self->{value} =~ /^[\w]{2}l$/i) { $ret="b"; } - elsif ($self->{value} =~ /^[\w]{2}$/i) { $ret="w"; } - elsif ($self->{value} =~ /^e[a-z]{2}$/i){ $ret="l"; } - - $ret; - } - sub out { - my $self = shift; - sprintf $masm?"%s":"%%%s",$self->{value}; - } -} -{ package label; # pick up labels, which end with : - sub re { - my $self = shift; # single instance is enough... - local *line = shift; - undef $ret; - - if ($line =~ /(^[\.\w]+\:)/) { - $self->{value} = $1; - $ret = $self; - $line = substr($line,@+[0]); $line =~ s/^\s+//; - - $self->{value} =~ s/\.L/\$L/ if ($masm); - } - $ret; - } - sub out { - my $self = shift; - - if (!$masm) { - $self->{value}; - } elsif ($self->{value} ne "$current_function->{name}:") { - $self->{value}; - } elsif ($current_function->{abi} eq "svr4") { - my $func = "$current_function->{name} PROC\n". - " mov QWORD PTR 8[rsp],rdi\t;WIN64 prologue\n". - " mov QWORD PTR 16[rsp],rsi\n"; - my $narg = $current_function->{narg}; - $narg=6 if (!defined($narg)); - $func .= " mov rdi,rcx\n" if ($narg>0); - $func .= " mov rsi,rdx\n" if ($narg>1); - $func .= " mov rdx,r8\n" if ($narg>2); - $func .= " mov rcx,r9\n" if ($narg>3); - $func .= " mov r8,QWORD PTR 40[rsp]\n" if ($narg>4); - $func .= " mov r9,QWORD PTR 48[rsp]\n" if ($narg>5); - $func .= "\n"; - } else { - "$current_function->{name} PROC"; - } - } -} -{ package expr; # pick up expressioins - sub re { - my $self = shift; # single instance is enough... - local *line = shift; - undef $ret; - - if ($line =~ /(^[^,]+)/) { - $self->{value} = $1; - $ret = $self; - $line = substr($line,@+[0]); $line =~ s/^\s+//; - - $self->{value} =~ s/\.L/\$L/g if ($masm); - } - $ret; - } - sub out { - my $self = shift; - $self->{value}; - } -} -{ package directive; # pick up directives, which start with . - sub re { - my $self = shift; # single instance is enough... - local *line = shift; - undef $ret; - my $dir; - my %opcode = # lea 2f-1f(%rip),%dst; 1: nop; 2: - ( "%rax"=>0x01058d48, "%rcx"=>0x010d8d48, - "%rdx"=>0x01158d48, "%rbx"=>0x011d8d48, - "%rsp"=>0x01258d48, "%rbp"=>0x012d8d48, - "%rsi"=>0x01358d48, "%rdi"=>0x013d8d48, - "%r8" =>0x01058d4c, "%r9" =>0x010d8d4c, - "%r10"=>0x01158d4c, "%r11"=>0x011d8d4c, - "%r12"=>0x01258d4c, "%r13"=>0x012d8d4c, - "%r14"=>0x01358d4c, "%r15"=>0x013d8d4c ); - - if ($line =~ /^\s*(\.\w+)/) { - if (!$masm) { - $self->{value} = $1; - $line =~ s/\@abi\-omnipotent/\@function/; - $line =~ s/\@function.*/\@function/; - if ($line =~ /\.picmeup\s+(%r[\w]+)/i) { - $self->{value} = sprintf "\t.long\t0x%x,0x90000000",$opcode{$1}; - } else { - $self->{value} = $line; - } - $line = ""; - return $self; - } - - $dir = $1; - $ret = $self; - undef $self->{value}; - $line = substr($line,@+[0]); $line =~ s/^\s+//; - SWITCH: for ($dir) { - /\.(text)/ - && do { my $v=undef; - $v="$current_segment\tENDS\n" if ($current_segment); - $current_segment = "_$1\$"; - $current_segment =~ tr/[a-z]/[A-Z]/; - $v.="$current_segment\tSEGMENT ALIGN(64) 'CODE'"; - $self->{value} = $v; - last; - }; - /\.globl/ && do { $self->{value} = "PUBLIC\t".$line; last; }; - /\.type/ && do { ($sym,$type,$narg) = split(',',$line); - if ($type eq "\@function") { - undef $current_function; - $current_function->{name} = $sym; - $current_function->{abi} = "svr4"; - $current_function->{narg} = $narg; - } elsif ($type eq "\@abi-omnipotent") { - undef $current_function; - $current_function->{name} = $sym; - } - last; - }; - /\.size/ && do { if (defined($current_function)) { - $self->{value}="$current_function->{name}\tENDP"; - undef $current_function; - } - last; - }; - /\.align/ && do { $self->{value} = "ALIGN\t".$line; last; }; - /\.(byte|value|long|quad)/ - && do { my @arr = split(',',$line); - my $sz = substr($1,0,1); - my $last = pop(@arr); - - $sz =~ tr/bvlq/BWDQ/; - $self->{value} = "\tD$sz\t"; - for (@arr) { $self->{value} .= sprintf"0%Xh,",oct; } - $self->{value} .= sprintf"0%Xh",oct($last); - last; - }; - /\.picmeup/ && do { $self->{value} = sprintf"\tDD\t 0%Xh,090000000h",$opcode{$line}; - last; - }; - } - $line = ""; - } - - $ret; - } - sub out { - my $self = shift; - $self->{value}; - } -} - -while($line=<>) { - - chomp($line); - - $line =~ s|[#!].*$||; # get rid of asm-style comments... - $line =~ s|/\*.*\*/||; # ... and C-style comments... - $line =~ s|^\s+||; # ... and skip white spaces in beginning - - undef $label; - undef $opcode; - undef $dst; - undef $src; - undef $sz; - - if ($label=label->re(\$line)) { print $label->out(); } - - if (directive->re(\$line)) { - printf "%s",directive->out(); - } elsif ($opcode=opcode->re(\$line)) { ARGUMENT: { - - if ($src=register->re(\$line)) { opcode->size($src->size()); } - elsif ($src=const->re(\$line)) { } - elsif ($src=ea->re(\$line)) { } - elsif ($src=expr->re(\$line)) { } - - last ARGUMENT if ($line !~ /^,/); - - $line = substr($line,1); $line =~ s/^\s+//; - - if ($dst=register->re(\$line)) { opcode->size($dst->size()); } - elsif ($dst=const->re(\$line)) { } - elsif ($dst=ea->re(\$line)) { } - - } # ARGUMENT: - - $sz=opcode->size(); - - if (defined($dst)) { - if (!$masm) { - printf "\t%s\t%s,%s", $opcode->out($dst->size()), - $src->out($sz),$dst->out($sz); - } else { - printf "\t%s\t%s,%s", $opcode->out(), - $dst->out($sz),$src->out($sz); - } - } elsif (defined($src)) { - printf "\t%s\t%s",$opcode->out(),$src->out($sz); - } else { - printf "\t%s",$opcode->out(); - } - } - - print $line,"\n"; -} - -print "\n$current_segment\tENDS\nEND\n" if ($masm); - -close STDOUT; - -################################################# -# Cross-reference x86_64 ABI "card" -# -# Unix Win64 -# %rax * * -# %rbx - - -# %rcx #4 #1 -# %rdx #3 #2 -# %rsi #2 - -# %rdi #1 - -# %rbp - - -# %rsp - - -# %r8 #5 #3 -# %r9 #6 #4 -# %r10 * * -# %r11 * * -# %r12 - - -# %r13 - - -# %r14 - - -# %r15 - - -# -# (*) volatile register -# (-) preserved by callee -# (#) Nth argument, volatile -# -# In Unix terms top of stack is argument transfer area for arguments -# which could not be accomodated in registers. Or in other words 7th -# [integer] argument resides at 8(%rsp) upon function entry point. -# 128 bytes above %rsp constitute a "red zone" which is not touched -# by signal handlers and can be used as temporal storage without -# allocating a frame. -# -# In Win64 terms N*8 bytes on top of stack is argument transfer area, -# which belongs to/can be overwritten by callee. N is the number of -# arguments passed to callee, *but* not less than 4! This means that -# upon function entry point 5th argument resides at 40(%rsp), as well -# as that 32 bytes from 8(%rsp) can always be used as temporal -# storage [without allocating a frame]. -# -# All the above means that if assembler programmer adheres to Unix -# register and stack layout, but disregards the "red zone" existense, -# it's possible to use following prologue and epilogue to "gear" from -# Unix to Win64 ABI in leaf functions with not more than 6 arguments. -# -# omnipotent_function: -# ifdef WIN64 -# movq %rdi,8(%rsp) -# movq %rsi,16(%rsp) -# movq %rcx,%rdi ; if 1st argument is actually present -# movq %rdx,%rsi ; if 2nd argument is actually ... -# movq %r8,%rdx ; if 3rd argument is ... -# movq %r9,%rcx ; if 4th argument ... -# movq 40(%rsp),%r8 ; if 5th ... -# movq 48(%rsp),%r9 ; if 6th ... -# endif -# ... -# ifdef WIN64 -# movq 8(%rsp),%rdi -# movq 16(%rsp),%rsi -# endif -# ret diff --git a/crypto/openssl-0.9/crypto/perlasm/x86asm.pl b/crypto/openssl-0.9/crypto/perlasm/x86asm.pl deleted file mode 100644 index 5979122158..0000000000 --- a/crypto/openssl-0.9/crypto/perlasm/x86asm.pl +++ /dev/null @@ -1,130 +0,0 @@ -#!/usr/local/bin/perl - -# require 'x86asm.pl'; -# &asm_init("cpp","des-586.pl"); -# XXX -# XXX -# main'asm_finish - -sub main'asm_finish - { - &file_end(); - &asm_finish_cpp() if $cpp; - print &asm_get_output(); - } - -sub main'asm_init - { - ($type,$fn,$i386)=@_; - $filename=$fn; - - $elf=$cpp=$coff=$aout=$win32=$netware=$mwerks=0; - if ( ($type eq "elf")) - { $elf=1; require "x86unix.pl"; } - elsif ( ($type eq "a.out")) - { $aout=1; require "x86unix.pl"; } - elsif ( ($type eq "coff" or $type eq "gaswin")) - { $coff=1; require "x86unix.pl"; } - elsif ( ($type eq "cpp")) - { $cpp=1; require "x86unix.pl"; } - elsif ( ($type eq "win32")) - { $win32=1; require "x86ms.pl"; } - elsif ( ($type eq "win32n")) - { $win32=1; require "x86nasm.pl"; } - elsif ( ($type eq "nw-nasm")) - { $netware=1; require "x86nasm.pl"; } - elsif ( ($type eq "nw-mwasm")) - { $netware=1; $mwerks=1; require "x86nasm.pl"; } - else - { - print STDERR <<"EOF"; -Pick one target type from - elf - Linux, FreeBSD, Solaris x86, etc. - a.out - OpenBSD, DJGPP, etc. - coff - GAS/COFF such as Win32 targets - win32 - Windows 95/Windows NT - win32n - Windows 95/Windows NT NASM format - nw-nasm - NetWare NASM format - nw-mwasm- NetWare Metrowerks Assembler -EOF - exit(1); - } - - $pic=0; - for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); } - - &asm_init_output(); - -&comment("Don't even think of reading this code"); -&comment("It was automatically generated by $filename"); -&comment("Which is a perl program used to generate the x86 assember for"); -&comment("any of ELF, a.out, COFF, Win32, ..."); -&comment("eric "); -&comment(""); - - $filename =~ s/\.pl$//; - &file($filename); - } - -sub asm_finish_cpp - { - return unless $cpp; - - local($tmp,$i); - foreach $i (&get_labels()) - { - $tmp.="#define $i _$i\n"; - } - print <<"EOF"; -/* Run the C pre-processor over this file with one of the following defined - * ELF - elf object files, - * OUT - a.out object files, - * BSDI - BSDI style a.out object files - * SOL - Solaris style elf - */ - -#define TYPE(a,b) .type a,b -#define SIZE(a,b) .size a,b - -#if defined(OUT) || (defined(BSDI) && !defined(ELF)) -$tmp -#endif - -#ifdef OUT -#define OK 1 -#define ALIGN 4 -#if defined(__CYGWIN__) || defined(__DJGPP__) || (__MINGW32__) -#undef SIZE -#undef TYPE -#define SIZE(a,b) -#define TYPE(a,b) .def a; .scl 2; .type 32; .endef -#endif /* __CYGWIN || __DJGPP */ -#endif - -#if defined(BSDI) && !defined(ELF) -#define OK 1 -#define ALIGN 4 -#undef SIZE -#undef TYPE -#define SIZE(a,b) -#define TYPE(a,b) -#endif - -#if defined(ELF) || defined(SOL) -#define OK 1 -#define ALIGN 16 -#endif - -#ifndef OK -You need to define one of -ELF - elf systems - linux-elf, NetBSD and DG-UX -OUT - a.out systems - linux-a.out and FreeBSD -SOL - solaris systems, which are elf with strange comment lines -BSDI - a.out with a very primative version of as. -#endif - -/* Let the Assembler begin :-) */ -EOF - } - -1; diff --git a/crypto/openssl-0.9/crypto/perlasm/x86unix.pl b/crypto/openssl-0.9/crypto/perlasm/x86unix.pl deleted file mode 100644 index e71050b6bc..0000000000 --- a/crypto/openssl-0.9/crypto/perlasm/x86unix.pl +++ /dev/null @@ -1,761 +0,0 @@ -#!/usr/local/bin/perl - -package x86unix; # GAS actually... - -$label="L000"; -$const=""; -$constl=0; - -$align=($main'aout)?"4":"16"; -$under=($main'aout or $main'coff)?"_":""; -$dot=($main'aout)?"":"."; -$com_start="#" if ($main'aout or $main'coff); - -sub main'asm_init_output { @out=(); } -sub main'asm_get_output { return(@out); } -sub main'get_labels { return(@labels); } -sub main'external_label { push(@labels,@_); } - -if ($main'cpp) - { - $align="ALIGN"; - $under=""; - $com_start='/*'; - $com_end='*/'; - } - -%lb=( 'eax', '%al', - 'ebx', '%bl', - 'ecx', '%cl', - 'edx', '%dl', - 'ax', '%al', - 'bx', '%bl', - 'cx', '%cl', - 'dx', '%dl', - ); - -%hb=( 'eax', '%ah', - 'ebx', '%bh', - 'ecx', '%ch', - 'edx', '%dh', - 'ax', '%ah', - 'bx', '%bh', - 'cx', '%ch', - 'dx', '%dh', - ); - -%regs=( 'eax', '%eax', - 'ebx', '%ebx', - 'ecx', '%ecx', - 'edx', '%edx', - 'esi', '%esi', - 'edi', '%edi', - 'ebp', '%ebp', - 'esp', '%esp', - - 'mm0', '%mm0', - 'mm1', '%mm1', - 'mm2', '%mm2', - 'mm3', '%mm3', - 'mm4', '%mm4', - 'mm5', '%mm5', - 'mm6', '%mm6', - 'mm7', '%mm7', - - 'xmm0', '%xmm0', - 'xmm1', '%xmm1', - 'xmm2', '%xmm2', - 'xmm3', '%xmm3', - 'xmm4', '%xmm4', - 'xmm5', '%xmm5', - 'xmm6', '%xmm6', - 'xmm7', '%xmm7', - ); - -%reg_val=( - 'eax', 0x00, - 'ebx', 0x03, - 'ecx', 0x01, - 'edx', 0x02, - 'esi', 0x06, - 'edi', 0x07, - 'ebp', 0x05, - 'esp', 0x04, - ); - -sub main'LB - { - (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; - return($lb{$_[0]}); - } - -sub main'HB - { - (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; - return($hb{$_[0]}); - } - -sub main'DWP - { - local($addr,$reg1,$reg2,$idx)=@_; - - $ret=""; - $addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/; - $reg1="$regs{$reg1}" if defined($regs{$reg1}); - $reg2="$regs{$reg2}" if defined($regs{$reg2}); - $ret.=$addr if ($addr ne "") && ($addr ne 0); - if ($reg2 ne "") - { - if($idx ne "" && $idx != 0) - { $ret.="($reg1,$reg2,$idx)"; } - else - { $ret.="($reg1,$reg2)"; } - } - elsif ($reg1 ne "") - { $ret.="($reg1)" } - return($ret); - } - -sub main'QWP - { - return(&main'DWP(@_)); - } - -sub main'BP - { - return(&main'DWP(@_)); - } - -sub main'BC - { - return @_; - } - -sub main'DWC - { - return @_; - } - -#sub main'BP -# { -# local($addr,$reg1,$reg2,$idx)=@_; -# -# $ret=""; -# -# $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/; -# $reg1="$regs{$reg1}" if defined($regs{$reg1}); -# $reg2="$regs{$reg2}" if defined($regs{$reg2}); -# $ret.=$addr if ($addr ne "") && ($addr ne 0); -# if ($reg2 ne "") -# { $ret.="($reg1,$reg2,$idx)"; } -# else -# { $ret.="($reg1)" } -# return($ret); -# } - -sub main'mov { &out2("movl",@_); } -sub main'movb { &out2("movb",@_); } -sub main'and { &out2("andl",@_); } -sub main'or { &out2("orl",@_); } -sub main'shl { &out2("sall",@_); } -sub main'shr { &out2("shrl",@_); } -sub main'xor { &out2("xorl",@_); } -sub main'xorb { &out2("xorb",@_); } -sub main'add { &out2($_[0]=~/%[a-d][lh]/?"addb":"addl",@_); } -sub main'adc { &out2("adcl",@_); } -sub main'sub { &out2("subl",@_); } -sub main'sbb { &out2("sbbl",@_); } -sub main'rotl { &out2("roll",@_); } -sub main'rotr { &out2("rorl",@_); } -sub main'exch { &out2($_[0]=~/%[a-d][lh]/?"xchgb":"xchgl",@_); } -sub main'cmp { &out2("cmpl",@_); } -sub main'lea { &out2("leal",@_); } -sub main'mul { &out1("mull",@_); } -sub main'div { &out1("divl",@_); } -sub main'jmp { &out1("jmp",@_); } -sub main'jmp_ptr { &out1p("jmp",@_); } -sub main'je { &out1("je",@_); } -sub main'jle { &out1("jle",@_); } -sub main'jne { &out1("jne",@_); } -sub main'jnz { &out1("jnz",@_); } -sub main'jz { &out1("jz",@_); } -sub main'jge { &out1("jge",@_); } -sub main'jl { &out1("jl",@_); } -sub main'ja { &out1("ja",@_); } -sub main'jae { &out1("jae",@_); } -sub main'jb { &out1("jb",@_); } -sub main'jbe { &out1("jbe",@_); } -sub main'jc { &out1("jc",@_); } -sub main'jnc { &out1("jnc",@_); } -sub main'jno { &out1("jno",@_); } -sub main'dec { &out1("decl",@_); } -sub main'inc { &out1($_[0]=~/%[a-d][hl]/?"incb":"incl",@_); } -sub main'push { &out1("pushl",@_); $stack+=4; } -sub main'pop { &out1("popl",@_); $stack-=4; } -sub main'pushf { &out0("pushfl"); $stack+=4; } -sub main'popf { &out0("popfl"); $stack-=4; } -sub main'not { &out1("notl",@_); } -sub main'call { my $pre=$under; - foreach $i (%label) - { if ($label{$i} eq $_[0]) { $pre=''; last; } } - &out1("call",$pre.$_[0]); - } -sub main'call_ptr { &out1p("call",@_); } -sub main'ret { &out0("ret"); } -sub main'nop { &out0("nop"); } -sub main'test { &out2("testl",@_); } -sub main'bt { &out2("btl",@_); } -sub main'leave { &out0("leave"); } -sub main'cpuid { &out0(".byte\t0x0f,0xa2"); } -sub main'rdtsc { &out0(".byte\t0x0f,0x31"); } -sub main'halt { &out0("hlt"); } -sub main'movz { &out2("movzbl",@_); } -sub main'neg { &out1("negl",@_); } -sub main'cld { &out0("cld"); } - -# SSE2 -sub main'emms { &out0("emms"); } -sub main'movd { &out2("movd",@_); } -sub main'movdqu { &out2("movdqu",@_); } -sub main'movdqa { &out2("movdqa",@_); } -sub main'movdq2q{ &out2("movdq2q",@_); } -sub main'movq2dq{ &out2("movq2dq",@_); } -sub main'paddq { &out2("paddq",@_); } -sub main'pmuludq{ &out2("pmuludq",@_); } -sub main'psrlq { &out2("psrlq",@_); } -sub main'psllq { &out2("psllq",@_); } -sub main'pxor { &out2("pxor",@_); } -sub main'por { &out2("por",@_); } -sub main'pand { &out2("pand",@_); } -sub main'movq { - local($p1,$p2,$optimize)=@_; - if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/) - # movq between mmx registers can sink Intel CPUs - { push(@out,"\tpshufw\t\$0xe4,%$p2,%$p1\n"); } - else { &out2("movq",@_); } - } - -# The bswapl instruction is new for the 486. Emulate if i386. -sub main'bswap - { - if ($main'i386) - { - &main'comment("bswapl @_"); - &main'exch(main'HB(@_),main'LB(@_)); - &main'rotr(@_,16); - &main'exch(main'HB(@_),main'LB(@_)); - } - else - { - &out1("bswapl",@_); - } - } - -sub out2 - { - local($name,$p1,$p2)=@_; - local($l,$ll,$t); - local(%special)=( "roll",0xD1C0,"rorl",0xD1C8, - "rcll",0xD1D0,"rcrl",0xD1D8, - "shll",0xD1E0,"shrl",0xD1E8, - "sarl",0xD1F8); - - if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1)) - { - $op=$special{$name}|$reg_val{$p1}; - $tmp1=sprintf(".byte %d\n",($op>>8)&0xff); - $tmp2=sprintf(".byte %d\t",$op &0xff); - push(@out,$tmp1); - push(@out,$tmp2); - - $p2=&conv($p2); - $p1=&conv($p1); - &main'comment("$name $p2 $p1"); - return; - } - - push(@out,"\t$name\t"); - $t=&conv($p2).","; - $l=length($t); - push(@out,$t); - $ll=4-($l+9)/8; - $tmp1=sprintf("\t" x $ll); - push(@out,$tmp1); - push(@out,&conv($p1)."\n"); - } - -sub out1 - { - local($name,$p1)=@_; - local($l,$t); - local(%special)=("bswapl",0x0FC8); - - if ((defined($special{$name})) && defined($regs{$p1})) - { - $op=$special{$name}|$reg_val{$p1}; - $tmp1=sprintf(".byte %d\n",($op>>8)&0xff); - $tmp2=sprintf(".byte %d\t",$op &0xff); - push(@out,$tmp1); - push(@out,$tmp2); - - $p2=&conv($p2); - $p1=&conv($p1); - &main'comment("$name $p2 $p1"); - return; - } - - push(@out,"\t$name\t".&conv($p1)."\n"); - } - -sub out1p - { - local($name,$p1)=@_; - local($l,$t); - - push(@out,"\t$name\t*".&conv($p1)."\n"); - } - -sub out0 - { - push(@out,"\t$_[0]\n"); - } - -sub conv - { - local($p)=@_; - -# $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; - - $p=$regs{$p} if (defined($regs{$p})); - - $p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/; - $p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/; - return $p; - } - -sub main'file - { - local($file)=@_; - - local($tmp)=<<"EOF"; - .file "$file.s" -EOF - push(@out,$tmp); - } - -sub main'function_begin - { - local($func)=@_; - - &main'external_label($func); - $func=$under.$func; - - local($tmp)=<<"EOF"; -.text -.globl $func -EOF - push(@out,$tmp); - if ($main'cpp) - { $tmp=push(@out,"TYPE($func,\@function)\n"); } - elsif ($main'coff) - { $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } - elsif ($main'aout and !$main'pic) - { } - else { $tmp=push(@out,".type\t$func,\@function\n"); } - push(@out,".align\t$align\n"); - push(@out,"$func:\n"); - $tmp=<<"EOF"; - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - -EOF - push(@out,$tmp); - $stack=20; - } - -sub main'function_begin_B - { - local($func,$extra)=@_; - - &main'external_label($func); - $func=$under.$func; - - local($tmp)=<<"EOF"; -.text -.globl $func -EOF - push(@out,$tmp); - if ($main'cpp) - { push(@out,"TYPE($func,\@function)\n"); } - elsif ($main'coff) - { $tmp=push(@out,".def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } - elsif ($main'aout and !$main'pic) - { } - else { push(@out,".type $func,\@function\n"); } - push(@out,".align\t$align\n"); - push(@out,"$func:\n"); - $stack=4; - } - -sub main'function_end - { - local($func)=@_; - - $func=$under.$func; - - local($tmp)=<<"EOF"; - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -${dot}L_${func}_end: -EOF - push(@out,$tmp); - - if ($main'cpp) - { push(@out,"SIZE($func,${dot}L_${func}_end-$func)\n"); } - elsif ($main'coff or $main'aout) - { } - else { push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); } - push(@out,".ident \"$func\"\n"); - $stack=0; - %label=(); - } - -sub main'function_end_A - { - local($func)=@_; - - local($tmp)=<<"EOF"; - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -EOF - push(@out,$tmp); - } - -sub main'function_end_B - { - local($func)=@_; - - $func=$under.$func; - - push(@out,"${dot}L_${func}_end:\n"); - if ($main'cpp) - { push(@out,"SIZE($func,${dot}L_${func}_end-$func)\n"); } - elsif ($main'coff or $main'aout) - { } - else { push(@out,".size\t$func,${dot}L_${func}_end-$func\n"); } - push(@out,".ident \"$func\"\n"); - $stack=0; - %label=(); - } - -sub main'wparam - { - local($num)=@_; - - return(&main'DWP($stack+$num*4,"esp","",0)); - } - -sub main'stack_push - { - local($num)=@_; - $stack+=$num*4; - &main'sub("esp",$num*4); - } - -sub main'stack_pop - { - local($num)=@_; - $stack-=$num*4; - &main'add("esp",$num*4); - } - -sub main'swtmp - { - return(&main'DWP($_[0]*4,"esp","",0)); - } - -# Should use swtmp, which is above esp. Linix can trash the stack above esp -#sub main'wtmp -# { -# local($num)=@_; -# -# return(&main'DWP(-($num+1)*4,"esp","",0)); -# } - -sub main'comment - { - if (!defined($com_start) or $main'elf) - { # Regarding $main'elf above... - # GNU and SVR4 as'es use different comment delimiters, - push(@out,"\n"); # so we just skip ELF comments... - return; - } - foreach (@_) - { - if (/^\s*$/) - { push(@out,"\n"); } - else - { push(@out,"\t$com_start $_ $com_end\n"); } - } - } - -sub main'public_label - { - $label{$_[0]}="${under}${_[0]}" if (!defined($label{$_[0]})); - push(@out,".globl\t$label{$_[0]}\n"); - } - -sub main'label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="${dot}${label}${_[0]}"; - $label++; - } - return($label{$_[0]}); - } - -sub main'set_label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="${dot}${label}${_[0]}"; - $label++; - } - if ($_[1]!=0) - { - if ($_[1]>1) { main'align($_[1]); } - else { push(@out,".align $align\n"); } - } - push(@out,"$label{$_[0]}:\n"); - } - -sub main'file_end - { - # try to detect if SSE2 or MMX extensions were used on ELF platform... - if ($main'elf && grep {/%[x]*mm[0-7]/i} @out) { - local($tmp); - - push (@out,"\n.section\t.bss\n"); - push (@out,".comm\t${under}OPENSSL_ia32cap_P,4,4\n"); - - push (@out,".section\t.init\n"); - # One can argue that it's wasteful to craft every - # SSE/MMX module with this snippet... Well, it's 72 - # bytes long and for the moment we have two modules. - # Let's argue when we have 7 modules or so... - # - # $1<<10 sets a reserved bit to signal that variable - # was initialized already... - &main'picmeup("edx","OPENSSL_ia32cap_P"); - $tmp=<<___; - cmpl \$0,(%edx) - jne 1f - movl \$1<<10,(%edx) - pushf - popl %eax - movl %eax,%ecx - xorl \$1<<21,%eax - pushl %eax - popf - pushf - popl %eax - xorl %ecx,%eax - btl \$21,%eax - jnc 1f - pushl %edi - pushl %ebx - movl %edx,%edi - movl \$1,%eax - .byte 0x0f,0xa2 - orl \$1<<10,%edx - movl %edx,0(%edi) - popl %ebx - popl %edi - jmp 1f - .align $align - 1: -___ - push (@out,$tmp); - } - - if ($const ne "") - { - push(@out,".section .rodata\n"); - push(@out,$const); - $const=""; - } - } - -sub main'data_byte - { - push(@out,"\t.byte\t".join(',',@_)."\n"); - } - -sub main'data_word - { - push(@out,"\t.long\t".join(',',@_)."\n"); - } - -sub main'align - { - my $val=$_[0],$p2,$i; - if ($main'aout) { - for ($p2=0;$val!=0;$val>>=1) { $p2++; } - $val=$p2-1; - $val.=",0x90"; - } - push(@out,".align\t$val\n"); - } - -# debug output functions: puts, putx, printf - -sub main'puts - { - &pushvars(); - &main'push('$Lstring' . ++$constl); - &main'call('puts'); - $stack-=4; - &main'add("esp",4); - &popvars(); - - $const .= "Lstring$constl:\n\t.string \"@_[0]\"\n"; - } - -sub main'putx - { - &pushvars(); - &main'push($_[0]); - &main'push('$Lstring' . ++$constl); - &main'call('printf'); - &main'add("esp",8); - $stack-=8; - &popvars(); - - $const .= "Lstring$constl:\n\t.string \"\%X\"\n"; - } - -sub main'printf - { - $ostack = $stack; - &pushvars(); - for ($i = @_ - 1; $i >= 0; $i--) - { - if ($i == 0) # change this to support %s format strings - { - &main'push('$Lstring' . ++$constl); - $const .= "Lstring$constl:\n\t.string \"@_[$i]\"\n"; - } - else - { - if ($_[$i] =~ /([0-9]*)\(%esp\)/) - { - &main'push(($1 + $stack - $ostack) . '(%esp)'); - } - else - { - &main'push($_[$i]); - } - } - } - &main'call('printf'); - $stack-=4*@_; - &main'add("esp",4*@_); - &popvars(); - } - -sub pushvars - { - &main'pushf(); - &main'push("edx"); - &main'push("ecx"); - &main'push("eax"); - } - -sub popvars - { - &main'pop("eax"); - &main'pop("ecx"); - &main'pop("edx"); - &main'popf(); - } - -sub main'picmeup - { - local($dst,$sym)=@_; - if ($main'cpp) - { - local($tmp)=<<___; -#if (defined(ELF) || defined(SOL)) && defined(PIC) - call 1f -1: popl $regs{$dst} - addl \$_GLOBAL_OFFSET_TABLE_+[.-1b],$regs{$dst} - movl $sym\@GOT($regs{$dst}),$regs{$dst} -#else - leal $sym,$regs{$dst} -#endif -___ - push(@out,$tmp); - } - elsif ($main'pic && ($main'elf || $main'aout)) - { - &main'call(&main'label("PIC_me_up")); - &main'set_label("PIC_me_up"); - &main'blindpop($dst); - &main'add($dst,"\$${under}_GLOBAL_OFFSET_TABLE_+[.-". - &main'label("PIC_me_up") . "]"); - &main'mov($dst,&main'DWP($under.$sym."\@GOT",$dst)); - } - else - { - &main'lea($dst,&main'DWP($sym)); - } - } - -sub main'blindpop { &out1("popl",@_); } - -sub main'initseg - { - local($f)=@_; - local($tmp); - if ($main'elf) - { - $tmp=<<___; -.section .init - call $under$f - jmp .Linitalign -.align $align -.Linitalign: -___ - } - elsif ($main'coff) - { - $tmp=<<___; # applies to both Cygwin and Mingw -.section .ctors -.long $under$f -___ - } - elsif ($main'aout) - { - local($ctor)="${under}_GLOBAL_\$I\$$f"; - $tmp=".text\n"; - $tmp.=".type $ctor,\@function\n" if ($main'pic); - $tmp.=<<___; # OpenBSD way... -.globl $ctor -.align 2 -$ctor: - jmp $under$f -___ - } - push(@out,$tmp) if ($tmp); - } - -1; diff --git a/crypto/openssl-0.9/crypto/rc4/asm/rc4-586.pl b/crypto/openssl-0.9/crypto/rc4/asm/rc4-586.pl deleted file mode 100644 index 22bda4b451..0000000000 --- a/crypto/openssl-0.9/crypto/rc4/asm/rc4-586.pl +++ /dev/null @@ -1,230 +0,0 @@ -#!/usr/local/bin/perl - -# At some point it became apparent that the original SSLeay RC4 -# assembler implementation performs suboptimaly on latest IA-32 -# microarchitectures. After re-tuning performance has changed as -# following: -# -# Pentium +0% -# Pentium III +17% -# AMD +52%(*) -# P4 +180%(**) -# -# (*) This number is actually a trade-off:-) It's possible to -# achieve +72%, but at the cost of -48% off PIII performance. -# In other words code performing further 13% faster on AMD -# would perform almost 2 times slower on Intel PIII... -# For reference! This code delivers ~80% of rc4-amd64.pl -# performance on the same Opteron machine. -# (**) This number requires compressed key schedule set up by -# RC4_set_key and therefore doesn't apply to 0.9.7 [option for -# compressed key schedule is implemented in 0.9.8 and later, -# see commentary section in rc4_skey.c for further details]. -# -# - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -&asm_init($ARGV[0],"rc4-586.pl"); - -$x="eax"; -$y="ebx"; -$tx="ecx"; -$ty="edx"; -$in="esi"; -$out="edi"; -$d="ebp"; - -&RC4("RC4"); - -&asm_finish(); - -sub RC4_loop - { - local($n,$p,$char)=@_; - - &comment("Round $n"); - - if ($char) - { - if ($p >= 0) - { - &mov($ty, &swtmp(2)); - &cmp($ty, $in); - &jbe(&label("finished")); - &inc($in); - } - else - { - &add($ty, 8); - &inc($in); - &cmp($ty, $in); - &jb(&label("finished")); - &mov(&swtmp(2), $ty); - } - } - # Moved out - # &mov( $tx, &DWP(0,$d,$x,4)) if $p < 0; - - &add( &LB($y), &LB($tx)); - &mov( $ty, &DWP(0,$d,$y,4)); - # XXX - &mov( &DWP(0,$d,$x,4),$ty); - &add( $ty, $tx); - &mov( &DWP(0,$d,$y,4),$tx); - &and( $ty, 0xff); - &inc( &LB($x)); # NEXT ROUND - &mov( $tx, &DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND - &mov( $ty, &DWP(0,$d,$ty,4)); - - if (!$char) - { - #moved up into last round - if ($p >= 1) - { - &add( $out, 8) - } - &movb( &BP($n,"esp","",0), &LB($ty)); - } - else - { - # Note in+=8 has occured - &movb( &HB($ty), &BP(-1,$in,"",0)); - # XXX - &xorb(&LB($ty), &HB($ty)); - # XXX - &movb(&BP($n,$out,"",0),&LB($ty)); - } - } - - -sub RC4 - { - local($name)=@_; - - &function_begin_B($name,""); - - &mov($ty,&wparam(1)); # len - &cmp($ty,0); - &jne(&label("proceed")); - &ret(); - &set_label("proceed"); - - &comment(""); - - &push("ebp"); - &push("ebx"); - &push("esi"); - &xor( $x, $x); # avoid partial register stalls - &push("edi"); - &xor( $y, $y); # avoid partial register stalls - &mov( $d, &wparam(0)); # key - &mov( $in, &wparam(2)); - - &movb( &LB($x), &BP(0,$d,"",1)); - &movb( &LB($y), &BP(4,$d,"",1)); - - &mov( $out, &wparam(3)); - &inc( &LB($x)); - - &stack_push(3); # 3 temp variables - &add( $d, 8); - - # detect compressed schedule, see commentary section in rc4_skey.c... - # in 0.9.7 context ~50 bytes below RC4_CHAR label remain redundant, - # as compressed key schedule is set up in 0.9.8 and later. - &cmp(&DWP(256,$d),-1); - &je(&label("RC4_CHAR")); - - &lea( $ty, &DWP(-8,$ty,$in)); - - # check for 0 length input - - &mov( &swtmp(2), $ty); # this is now address to exit at - &mov( $tx, &DWP(0,$d,$x,4)); - - &cmp( $ty, $in); - &jb( &label("end")); # less than 8 bytes - - &set_label("start"); - - # filling DELAY SLOT - &add( $in, 8); - - &RC4_loop(0,-1,0); - &RC4_loop(1,0,0); - &RC4_loop(2,0,0); - &RC4_loop(3,0,0); - &RC4_loop(4,0,0); - &RC4_loop(5,0,0); - &RC4_loop(6,0,0); - &RC4_loop(7,1,0); - - &comment("apply the cipher text"); - # xor the cipher data with input - - #&add( $out, 8); #moved up into last round - - &mov( $tx, &swtmp(0)); - &mov( $ty, &DWP(-8,$in,"",0)); - &xor( $tx, $ty); - &mov( $ty, &DWP(-4,$in,"",0)); - &mov( &DWP(-8,$out,"",0), $tx); - &mov( $tx, &swtmp(1)); - &xor( $tx, $ty); - &mov( $ty, &swtmp(2)); # load end ptr; - &mov( &DWP(-4,$out,"",0), $tx); - &mov( $tx, &DWP(0,$d,$x,4)); - &cmp($in, $ty); - &jbe(&label("start")); - - &set_label("end"); - - # There is quite a bit of extra crap in RC4_loop() for this - # first round - &RC4_loop(0,-1,1); - &RC4_loop(1,0,1); - &RC4_loop(2,0,1); - &RC4_loop(3,0,1); - &RC4_loop(4,0,1); - &RC4_loop(5,0,1); - &RC4_loop(6,1,1); - - &jmp(&label("finished")); - - &align(16); - # this is essentially Intel P4 specific codepath, see rc4_skey.c, - # and is engaged in 0.9.8 and later context... - &set_label("RC4_CHAR"); - - &lea ($ty,&DWP(0,$in,$ty)); - &mov (&swtmp(2),$ty); - &movz ($tx,&BP(0,$d,$x)); - - # strangely enough unrolled loop performs over 20% slower... - &set_label("RC4_CHAR_loop"); - &add (&LB($y),&LB($tx)); - &movz ($ty,&BP(0,$d,$y)); - &movb (&BP(0,$d,$y),&LB($tx)); - &movb (&BP(0,$d,$x),&LB($ty)); - &add (&LB($ty),&LB($tx)); - &movz ($ty,&BP(0,$d,$ty)); - &add (&LB($x),1); - &xorb (&LB($ty),&BP(0,$in)); - &lea ($in,&BP(1,$in)); - &movz ($tx,&BP(0,$d,$x)); - &cmp ($in,&swtmp(2)); - &movb (&BP(0,$out),&LB($ty)); - &lea ($out,&BP(1,$out)); - &jb (&label("RC4_CHAR_loop")); - - &set_label("finished"); - &dec( $x); - &stack_pop(3); - &movb( &BP(-4,$d,"",0),&LB($y)); - &movb( &BP(-8,$d,"",0),&LB($x)); - - &function_end($name); - } - diff --git a/crypto/openssl-0.9/crypto/rc4/asm/rc4-ia64.S b/crypto/openssl-0.9/crypto/rc4/asm/rc4-ia64.S deleted file mode 100644 index a322d0c718..0000000000 --- a/crypto/openssl-0.9/crypto/rc4/asm/rc4-ia64.S +++ /dev/null @@ -1,160 +0,0 @@ -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. -// -// Rights for redistribution and usage in source and binary forms are -// granted according to the OpenSSL license. Warranty of any kind is -// disclaimed. -// ==================================================================== - -.ident "rc4-ia64.S, Version 2.0" -.ident "IA-64 ISA artwork by Andy Polyakov " - -// What's wrong with compiler generated code? Because of the nature of -// C language, compiler doesn't [dare to] reorder load and stores. But -// being memory-bound, RC4 should benefit from reorder [on in-order- -// execution core such as IA-64]. But what can we reorder? At the very -// least we can safely reorder references to key schedule in respect -// to input and output streams. Secondly, from the first [close] glance -// it appeared that it's possible to pull up some references to -// elements of the key schedule itself. Original rationale ["prior -// loads are not safe only for "degenerated" key schedule, when some -// elements equal to the same value"] was kind of sloppy. I should have -// formulated as it really was: if we assume that pulling up reference -// to key[x+1] is not safe, then it would mean that key schedule would -// "degenerate," which is never the case. The problem is that this -// holds true in respect to references to key[x], but not to key[y]. -// Legitimate "collisions" do occur within every 256^2 bytes window. -// Fortunately there're enough free instruction slots to keep prior -// reference to key[x+1], detect "collision" and compensate for it. -// All this without sacrificing a single clock cycle:-) Throughput is -// ~210MBps on 900MHz CPU, which is is >3x faster than gcc generated -// code and +30% - if compared to HP-UX C. Unrolling loop below should -// give >30% on top of that... - -.text -.explicit - -#if defined(_HPUX_SOURCE) && !defined(_LP64) -# define ADDP addp4 -#else -# define ADDP add -#endif - -#ifndef SZ -#define SZ 4 // this is set to sizeof(RC4_INT) -#endif -// SZ==4 seems to be optimal. At least SZ==8 is not any faster, not for -// assembler implementation, while SZ==1 code is ~30% slower. -#if SZ==1 // RC4_INT is unsigned char -# define LDKEY ld1 -# define STKEY st1 -# define OFF 0 -#elif SZ==4 // RC4_INT is unsigned int -# define LDKEY ld4 -# define STKEY st4 -# define OFF 2 -#elif SZ==8 // RC4_INT is unsigned long -# define LDKEY ld8 -# define STKEY st8 -# define OFF 3 -#endif - -out=r8; // [expanded] output pointer -inp=r9; // [expanded] output pointer -prsave=r10; -key=r28; // [expanded] pointer to RC4_KEY -ksch=r29; // (key->data+255)[&~(sizeof(key->data)-1)] -xx=r30; -yy=r31; - -// void RC4(RC4_KEY *key,size_t len,const void *inp,void *out); -.global RC4# -.proc RC4# -.align 32 -.skip 16 -RC4: - .prologue - .fframe 0 - .save ar.pfs,r2 - .save ar.lc,r3 - .save pr,prsave -{ .mii; alloc r2=ar.pfs,4,12,0,16 - mov prsave=pr - ADDP key=0,in0 };; -{ .mib; cmp.eq p6,p0=0,in1 // len==0? - mov r3=ar.lc -(p6) br.ret.spnt.many b0 };; // emergency exit - - .body - .rotr dat[4],key_x[4],tx[2],rnd[2],key_y[2],ty[1]; - -{ .mib; LDKEY xx=[key],SZ // load key->x - add in1=-1,in1 // adjust len for loop counter - nop.b 0 } -{ .mib; ADDP inp=0,in2 - ADDP out=0,in3 - brp.loop.imp .Ltop,.Lexit-16 };; -{ .mmi; LDKEY yy=[key] // load key->y - add ksch=SZ,key - mov ar.lc=in1 } -{ .mmi; mov key_y[1]=r0 // guarantee inequality - // in first iteration - add xx=1,xx - mov pr.rot=1<<16 };; -{ .mii; nop.m 0 - dep key_x[1]=xx,r0,OFF,8 - mov ar.ec=3 };; // note that epilogue counter - // is off by 1. I compensate - // for this at exit... -.Ltop: -// The loop is scheduled for 4*(n+2) spin-rate on Itanium 2, which -// theoretically gives asymptotic performance of clock frequency -// divided by 4 bytes per seconds, or 400MBps on 1.6GHz CPU. This is -// for sizeof(RC4_INT)==4. For smaller RC4_INT STKEY inadvertently -// splits the last bundle and you end up with 5*n spin-rate:-( -// Originally the loop was scheduled for 3*n and relied on key -// schedule to be aligned at 256*sizeof(RC4_INT) boundary. But -// *(out++)=dat, which maps to st1, had same effect [inadvertent -// bundle split] and holded the loop back. Rescheduling for 4*n -// made it possible to eliminate dependence on specific alignment -// and allow OpenSSH keep "abusing" our API. Reaching for 3*n would -// require unrolling, sticking to variable shift instruction for -// collecting output [to avoid starvation for integer shifter] and -// copying of key schedule to controlled place in stack [so that -// deposit instruction can serve as substitute for whole -// key->data+((x&255)<data[0])))]... -{ .mmi; (p19) st1 [out]=dat[3],1 // *(out++)=dat - (p16) add xx=1,xx // x++ - (p18) dep rnd[1]=rnd[1],r0,OFF,8 } // ((tx+ty)&255)<y - mov pr=prsave,0x1ffff - nop.b 0 } -{ .mib; st1 [out]=dat[3],1 // compensate for truncated - // epilogue counter - add xx=-1,xx - nop.b 0 };; -{ .mib; STKEY [key]=xx // save key->x - mov ar.lc=r3 - br.ret.sptk.many b0 };; -.endp RC4# diff --git a/crypto/openssl-0.9/crypto/rc4/asm/rc4-x86_64.pl b/crypto/openssl-0.9/crypto/rc4/asm/rc4-x86_64.pl deleted file mode 100755 index 4b990cba07..0000000000 --- a/crypto/openssl-0.9/crypto/rc4/asm/rc4-x86_64.pl +++ /dev/null @@ -1,240 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the OpenSSL license. -# ==================================================================== -# -# 2.22x RC4 tune-up:-) It should be noted though that my hand [as in -# "hand-coded assembler"] doesn't stand for the whole improvement -# coefficient. It turned out that eliminating RC4_CHAR from config -# line results in ~40% improvement (yes, even for C implementation). -# Presumably it has everything to do with AMD cache architecture and -# RAW or whatever penalties. Once again! The module *requires* config -# line *without* RC4_CHAR! As for coding "secret," I bet on partial -# register arithmetics. For example instead of 'inc %r8; and $255,%r8' -# I simply 'inc %r8b'. Even though optimization manual discourages -# to operate on partial registers, it turned out to be the best bet. -# At least for AMD... How IA32E would perform remains to be seen... - -# As was shown by Marc Bevand reordering of couple of load operations -# results in even higher performance gain of 3.3x:-) At least on -# Opteron... For reference, 1x in this case is RC4_CHAR C-code -# compiled with gcc 3.3.2, which performs at ~54MBps per 1GHz clock. -# Latter means that if you want to *estimate* what to expect from -# *your* Opteron, then multiply 54 by 3.3 and clock frequency in GHz. - -# Intel P4 EM64T core was found to run the AMD64 code really slow... -# The only way to achieve comparable performance on P4 was to keep -# RC4_CHAR. Kind of ironic, huh? As it's apparently impossible to -# compose blended code, which would perform even within 30% marginal -# on either AMD and Intel platforms, I implement both cases. See -# rc4_skey.c for further details... - -# P4 EM64T core appears to be "allergic" to 64-bit inc/dec. Replacing -# those with add/sub results in 50% performance improvement of folded -# loop... - -# As was shown by Zou Nanhai loop unrolling can improve Intel EM64T -# performance by >30% [unlike P4 32-bit case that is]. But this is -# provided that loads are reordered even more aggressively! Both code -# pathes, AMD64 and EM64T, reorder loads in essentially same manner -# as my IA-64 implementation. On Opteron this resulted in modest 5% -# improvement [I had to test it], while final Intel P4 performance -# achieves respectful 432MBps on 2.8GHz processor now. For reference. -# If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than -# RC4_INT code-path. While if executed on Opteron, it's only 25% -# slower than the RC4_INT one [meaning that if CPU µ-arch detection -# is not implemented, then this final RC4_CHAR code-path should be -# preferred, as it provides better *all-round* performance]. - -$output=shift; -open STDOUT,"| $^X ../perlasm/x86_64-xlate.pl $output"; - -$dat="%rdi"; # arg1 -$len="%rsi"; # arg2 -$inp="%rdx"; # arg3 -$out="%rcx"; # arg4 - -@XX=("%r8","%r10"); -@TX=("%r9","%r11"); -$YY="%r12"; -$TY="%r13"; - -$code=<<___; -.text - -.globl RC4 -.type RC4,\@function,4 -.align 16 -RC4: or $len,$len - jne .Lentry - ret -.Lentry: - push %r12 - push %r13 - - add \$8,$dat - movl -8($dat),$XX[0]#d - movl -4($dat),$YY#d - cmpl \$-1,256($dat) - je .LRC4_CHAR - inc $XX[0]#b - movl ($dat,$XX[0],4),$TX[0]#d - test \$-8,$len - jz .Lloop1 - jmp .Lloop8 -.align 16 -.Lloop8: -___ -for ($i=0;$i<8;$i++) { -$code.=<<___; - add $TX[0]#b,$YY#b - mov $XX[0],$XX[1] - movl ($dat,$YY,4),$TY#d - ror \$8,%rax # ror is redundant when $i=0 - inc $XX[1]#b - movl ($dat,$XX[1],4),$TX[1]#d - cmp $XX[1],$YY - movl $TX[0]#d,($dat,$YY,4) - cmove $TX[0],$TX[1] - movl $TY#d,($dat,$XX[0],4) - add $TX[0]#b,$TY#b - movb ($dat,$TY,4),%al -___ -push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers -} -$code.=<<___; - ror \$8,%rax - sub \$8,$len - - xor ($inp),%rax - add \$8,$inp - mov %rax,($out) - add \$8,$out - - test \$-8,$len - jnz .Lloop8 - cmp \$0,$len - jne .Lloop1 -___ -$code.=<<___; -.Lexit: - sub \$1,$XX[0]#b - movl $XX[0]#d,-8($dat) - movl $YY#d,-4($dat) - - pop %r13 - pop %r12 - ret -.align 16 -.Lloop1: - add $TX[0]#b,$YY#b - movl ($dat,$YY,4),$TY#d - movl $TX[0]#d,($dat,$YY,4) - movl $TY#d,($dat,$XX[0],4) - add $TY#b,$TX[0]#b - inc $XX[0]#b - movl ($dat,$TX[0],4),$TY#d - movl ($dat,$XX[0],4),$TX[0]#d - xorb ($inp),$TY#b - inc $inp - movb $TY#b,($out) - inc $out - dec $len - jnz .Lloop1 - jmp .Lexit - -.align 16 -.LRC4_CHAR: - add \$1,$XX[0]#b - movzb ($dat,$XX[0]),$TX[0]#d - test \$-8,$len - jz .Lcloop1 - push %rbx - jmp .Lcloop8 -.align 16 -.Lcloop8: - mov ($inp),%eax - mov 4($inp),%ebx -___ -# unroll 2x4-wise, because 64-bit rotates kill Intel P4... -for ($i=0;$i<4;$i++) { -$code.=<<___; - add $TX[0]#b,$YY#b - lea 1($XX[0]),$XX[1] - movzb ($dat,$YY),$TY#d - movzb $XX[1]#b,$XX[1]#d - movzb ($dat,$XX[1]),$TX[1]#d - movb $TX[0]#b,($dat,$YY) - cmp $XX[1],$YY - movb $TY#b,($dat,$XX[0]) - jne .Lcmov$i # Intel cmov is sloooow... - mov $TX[0],$TX[1] -.Lcmov$i: - add $TX[0]#b,$TY#b - xor ($dat,$TY),%al - ror \$8,%eax -___ -push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers -} -for ($i=4;$i<8;$i++) { -$code.=<<___; - add $TX[0]#b,$YY#b - lea 1($XX[0]),$XX[1] - movzb ($dat,$YY),$TY#d - movzb $XX[1]#b,$XX[1]#d - movzb ($dat,$XX[1]),$TX[1]#d - movb $TX[0]#b,($dat,$YY) - cmp $XX[1],$YY - movb $TY#b,($dat,$XX[0]) - jne .Lcmov$i # Intel cmov is sloooow... - mov $TX[0],$TX[1] -.Lcmov$i: - add $TX[0]#b,$TY#b - xor ($dat,$TY),%bl - ror \$8,%ebx -___ -push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers -} -$code.=<<___; - lea -8($len),$len - mov %eax,($out) - lea 8($inp),$inp - mov %ebx,4($out) - lea 8($out),$out - - test \$-8,$len - jnz .Lcloop8 - pop %rbx - cmp \$0,$len - jne .Lcloop1 - jmp .Lexit -___ -$code.=<<___; -.align 16 -.Lcloop1: - add $TX[0]#b,$YY#b - movzb ($dat,$YY),$TY#d - movb $TX[0]#b,($dat,$YY) - movb $TY#b,($dat,$XX[0]) - add $TX[0]#b,$TY#b - add \$1,$XX[0]#b - movzb ($dat,$TY),$TY#d - movzb ($dat,$XX[0]),$TX[0]#d - xorb ($inp),$TY#b - lea 1($inp),$inp - movb $TY#b,($out) - lea 1($out),$out - sub \$1,$len - jnz .Lcloop1 - jmp .Lexit -.size RC4,.-RC4 -___ - -$code =~ s/#([bwd])/$1/gm; - -print $code; - -close STDOUT; diff --git a/crypto/openssl-0.9/crypto/ripemd/asm/rips.cpp b/crypto/openssl-0.9/crypto/ripemd/asm/rips.cpp deleted file mode 100644 index f7a13677a9..0000000000 --- a/crypto/openssl-0.9/crypto/ripemd/asm/rips.cpp +++ /dev/null @@ -1,82 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -#define ripemd160_block_x86 ripemd160_block_asm_host_order - -extern "C" { -void ripemd160_block_x86(RIPEMD160_CTX *ctx, unsigned char *buffer,int num); -} - -void main(int argc,char *argv[]) - { - unsigned char buffer[64*256]; - RIPEMD160_CTX ctx; - unsigned long s1,s2,e1,e2; - unsigned char k[16]; - unsigned long data[2]; - unsigned char iv[8]; - int i,num=0,numm; - int j=0; - - if (argc >= 2) - num=atoi(argv[1]); - - if (num == 0) num=16; - if (num > 250) num=16; - numm=num+2; -#if 0 - num*=64; - numm*=64; -#endif - - for (j=0; j<6; j++) - { - for (i=0; i<10; i++) /**/ - { - ripemd160_block_x86(&ctx,buffer,numm); - GetTSC(s1); - ripemd160_block_x86(&ctx,buffer,numm); - GetTSC(e1); - GetTSC(s2); - ripemd160_block_x86(&ctx,buffer,num); - GetTSC(e2); - ripemd160_block_x86(&ctx,buffer,num); - } - printf("ripemd160 (%d bytes) %d %d (%.2f)\n",num*64, - e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2); - } - } - diff --git a/crypto/openssl-0.9/crypto/ripemd/asm/rmd-586.pl b/crypto/openssl-0.9/crypto/ripemd/asm/rmd-586.pl deleted file mode 100644 index 0ab6f76bff..0000000000 --- a/crypto/openssl-0.9/crypto/ripemd/asm/rmd-586.pl +++ /dev/null @@ -1,590 +0,0 @@ -#!/usr/local/bin/perl - -# Normal is the -# ripemd160_block_asm_host_order(RIPEMD160_CTX *c, ULONG *X,int blocks); - -$normal=0; - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -&asm_init($ARGV[0],$0); - -$A="ecx"; -$B="esi"; -$C="edi"; -$D="ebx"; -$E="ebp"; -$tmp1="eax"; -$tmp2="edx"; - -$KL1=0x5A827999; -$KL2=0x6ED9EBA1; -$KL3=0x8F1BBCDC; -$KL4=0xA953FD4E; -$KR0=0x50A28BE6; -$KR1=0x5C4DD124; -$KR2=0x6D703EF3; -$KR3=0x7A6D76E9; - - -@wl=( 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15, - 7, 4,13, 1,10, 6,15, 3,12, 0, 9, 5, 2,14,11, 8, - 3,10,14, 4, 9,15, 8, 1, 2, 7, 0, 6,13,11, 5,12, - 1, 9,11,10, 0, 8,12, 4,13, 3, 7,15,14, 5, 6, 2, - 4, 0, 5, 9, 7,12, 2,10,14, 1, 3, 8,11, 6,15,13, - ); - -@wr=( 5,14, 7, 0, 9, 2,11, 4,13, 6,15, 8, 1,10, 3,12, - 6,11, 3, 7, 0,13, 5,10,14,15, 8,12, 4, 9, 1, 2, - 15, 5, 1, 3, 7,14, 6, 9,11, 8,12, 2,10, 0, 4,13, - 8, 6, 4, 1, 3,11,15, 0, 5,12, 2,13, 9, 7,10,14, - 12,15,10, 4, 1, 5, 8, 7, 6, 2,13,14, 0, 3, 9,11, - ); - -@sl=( 11,14,15,12, 5, 8, 7, 9,11,13,14,15, 6, 7, 9, 8, - 7, 6, 8,13,11, 9, 7,15, 7,12,15, 9,11, 7,13,12, - 11,13, 6, 7,14, 9,13,15,14, 8,13, 6, 5,12, 7, 5, - 11,12,14,15,14,15, 9, 8, 9,14, 5, 6, 8, 6, 5,12, - 9,15, 5,11, 6, 8,13,12, 5,12,13,14,11, 8, 5, 6, - ); - -@sr=( 8, 9, 9,11,13,15,15, 5, 7, 7, 8,11,14,14,12, 6, - 9,13,15, 7,12, 8, 9,11, 7, 7,12, 7, 6,15,13,11, - 9, 7,15,11, 8, 6, 6,14,12,13, 5,14,13,13, 7, 5, - 15, 5, 8,11,14,14, 6,14, 6, 9,12, 9,12, 5,15, 8, - 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11, - ); - -&ripemd160_block("ripemd160_block_asm_host_order"); -&asm_finish(); - -sub Xv - { - local($n)=@_; - return(&swtmp($n)); - # tmp on stack - } - -sub Np - { - local($p)=@_; - local(%n)=($A,$E,$B,$A,$C,$B,$D,$C,$E,$D); - return($n{$p}); - } - -sub RIP1 - { - local($a,$b,$c,$d,$e,$pos,$s,$o,$pos2)=@_; - - &comment($p++); - if ($p & 1) - { - #&mov($tmp1, $c) if $o == -1; - &xor($tmp1, $d) if $o == -1; - &mov($tmp2, &Xv($pos)); - &xor($tmp1, $b); - &add($a, $tmp2); - &rotl($c, 10); - &add($a, $tmp1); - &mov($tmp1, &Np($c)); # NEXT - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - &xor($tmp1, $d); - &mov($tmp2, &Xv($pos)); - &xor($tmp1, $b); - &add($a, $tmp1); - &mov($tmp1, &Np($c)) if $o <= 0; - &mov($tmp1, -1) if $o == 1; - # XXX if $o == 2; - &rotl($c, 10); - &add($a, $tmp2); - &xor($tmp1, &Np($d)) if $o <= 0; - &mov($tmp2, &Xv($pos2)) if $o == 1; - &mov($tmp2, &wparam(0)) if $o == 2; - &rotl($a, $s); - &add($a, $e); - } - } - -sub RIP2 - { - local($a,$b,$c,$d,$e,$pos,$pos2,$s,$K,$o)=@_; - -# XXXXXX - &comment($p++); - if ($p & 1) - { -# &mov($tmp2, &Xv($pos)) if $o < -1; -# &mov($tmp1, -1) if $o < -1; - - &add($a, $tmp2); - &mov($tmp2, $c); - &sub($tmp1, $b); - &and($tmp2, $b); - &and($tmp1, $d); - &or($tmp2, $tmp1); - &mov($tmp1, &Xv($pos2)) if $o <= 0; # XXXXXXXXXXXXXX - # XXX - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2,1)); - &mov($tmp2, -1) if $o <= 0; - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - # XXX - &add($a, $tmp1); - &mov($tmp1, $c); - &sub($tmp2, $b); - &and($tmp1, $b); - &and($tmp2, $d); - if ($o != 2) - { - &or($tmp1, $tmp2); - &mov($tmp2, &Xv($pos2)) if $o <= 0; - &mov($tmp2, -1) if $o == 1; - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp1,1)); - &mov($tmp1, -1) if $o <= 0; - &sub($tmp2, &Np($c)) if $o == 1; - } else { - &or($tmp2, $tmp1); - &mov($tmp1, &Np($c)); - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2,1)); - &xor($tmp1, &Np($d)); - } - &rotl($a, $s); - &add($a, $e); - } - } - -sub RIP3 - { - local($a,$b,$c,$d,$e,$pos,$s,$K,$o,$pos2)=@_; - - &comment($p++); - if ($p & 1) - { -# &mov($tmp2, -1) if $o < -1; -# &sub($tmp2, $c) if $o < -1; - &mov($tmp1, &Xv($pos)); - &or($tmp2, $b); - &add($a, $tmp1); - &xor($tmp2, $d); - &mov($tmp1, -1) if $o <= 0; # NEXT - # XXX - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2,1)); - &sub($tmp1, &Np($c)) if $o <= 0; # NEXT - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - &mov($tmp2, &Xv($pos)); - &or($tmp1, $b); - &add($a, $tmp2); - &xor($tmp1, $d); - &mov($tmp2, -1) if $o <= 0; # NEXT - &mov($tmp2, -1) if $o == 1; - &mov($tmp2, &Xv($pos2)) if $o == 2; - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp1,1)); - &sub($tmp2, &Np($c)) if $o <= 0; # NEXT - &mov($tmp1, &Np($d)) if $o == 1; - &mov($tmp1, -1) if $o == 2; - &rotl($a, $s); - &add($a, $e); - } - } - -sub RIP4 - { - local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_; - - &comment($p++); - if ($p & 1) - { -# &mov($tmp2, -1) if $o == -2; -# &mov($tmp1, $d) if $o == -2; - &sub($tmp2, $d); - &and($tmp1, $b); - &and($tmp2, $c); - &or($tmp2, $tmp1); - &mov($tmp1, &Xv($pos)); - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2)); - &mov($tmp2, -1) unless $o > 0; # NEXT - # XXX - &add($a, $tmp1); - &mov($tmp1, &Np($d)) unless $o > 0; # NEXT - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - &sub($tmp2, $d); - &and($tmp1, $b); - &and($tmp2, $c); - &or($tmp2, $tmp1); - &mov($tmp1, &Xv($pos)); - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2)); - &mov($tmp2, -1) if $o == 0; # NEXT - &mov($tmp2, -1) if $o == 1; - &mov($tmp2, -1) if $o == 2; - # XXX - &add($a, $tmp1); - &mov($tmp1, &Np($d)) if $o == 0; # NEXT - &sub($tmp2, &Np($d)) if $o == 1; - &sub($tmp2, &Np($c)) if $o == 2; - # XXX - &rotl($a, $s); - &add($a, $e); - } - } - -sub RIP5 - { - local($a,$b,$c,$d,$e,$pos,$s,$K,$o)=@_; - - &comment($p++); - if ($p & 1) - { - &mov($tmp2, -1) if $o == -2; - &sub($tmp2, $d) if $o == -2; - &mov($tmp1, &Xv($pos)); - &or($tmp2, $c); - &add($a, $tmp1); - &xor($tmp2, $b); - &mov($tmp1, -1) if $o <= 0; - # XXX - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp2,1)); - &sub($tmp1, &Np($d)) if $o <= 0; - # XXX - &rotl($a, $s); - &add($a, $e); - } - else - { - &mov($tmp2, &Xv($pos)); - &or($tmp1, $c); - &add($a, $tmp2); - &xor($tmp1, $b); - &mov($tmp2, -1) if $o <= 0; - &mov($tmp2, &wparam(0)) if $o == 1; # Middle code - &mov($tmp2, -1) if $o == 2; - &rotl($c, 10); - &lea($a, &DWP($K,$a,$tmp1,1)); - &sub($tmp2, &Np($d)) if $o <= 0; - &mov(&swtmp(16), $A) if $o == 1; - &mov($tmp1, &Np($d)) if $o == 2; - &rotl($a, $s); - &add($a, $e); - } - } - -sub ripemd160_block - { - local($name)=@_; - - &function_begin_B($name,"",3); - - # parameter 1 is the RIPEMD160_CTX structure. - # A 0 - # B 4 - # C 8 - # D 12 - # E 16 - - &mov($tmp2, &wparam(0)); - &mov($tmp1, &wparam(1)); - &push("esi"); - &mov($A, &DWP( 0,$tmp2,"",0)); - &push("edi"); - &mov($B, &DWP( 4,$tmp2,"",0)); - &push("ebp"); - &mov($C, &DWP( 8,$tmp2,"",0)); - &push("ebx"); - &stack_push(16+5+6); - # Special comment about the figure of 6. - # Idea is to pad the current frame so - # that the top of the stack gets fairly - # aligned. Well, as you realize it would - # always depend on how the frame below is - # aligned. The good news are that gcc-2.95 - # and later does keep first argument at - # least double-wise aligned. - # - - &set_label("start") unless $normal; - &comment(""); - - # &mov($tmp1, &wparam(1)); # Done at end of loop - # &mov($tmp2, &wparam(0)); # Done at end of loop - - for ($z=0; $z<16; $z+=2) - { - &mov($D, &DWP( $z*4,$tmp1,"",0)); - &mov($E, &DWP( ($z+1)*4,$tmp1,"",0)); - &mov(&swtmp($z), $D); - &mov(&swtmp($z+1), $E); - } - &mov($tmp1, $C); - &mov($D, &DWP(12,$tmp2,"",0)); - &mov($E, &DWP(16,$tmp2,"",0)); - - &RIP1($A,$B,$C,$D,$E,$wl[ 0],$sl[ 0],-1); - &RIP1($E,$A,$B,$C,$D,$wl[ 1],$sl[ 1],0); - &RIP1($D,$E,$A,$B,$C,$wl[ 2],$sl[ 2],0); - &RIP1($C,$D,$E,$A,$B,$wl[ 3],$sl[ 3],0); - &RIP1($B,$C,$D,$E,$A,$wl[ 4],$sl[ 4],0); - &RIP1($A,$B,$C,$D,$E,$wl[ 5],$sl[ 5],0); - &RIP1($E,$A,$B,$C,$D,$wl[ 6],$sl[ 6],0); - &RIP1($D,$E,$A,$B,$C,$wl[ 7],$sl[ 7],0); - &RIP1($C,$D,$E,$A,$B,$wl[ 8],$sl[ 8],0); - &RIP1($B,$C,$D,$E,$A,$wl[ 9],$sl[ 9],0); - &RIP1($A,$B,$C,$D,$E,$wl[10],$sl[10],0); - &RIP1($E,$A,$B,$C,$D,$wl[11],$sl[11],0); - &RIP1($D,$E,$A,$B,$C,$wl[12],$sl[12],0); - &RIP1($C,$D,$E,$A,$B,$wl[13],$sl[13],0); - &RIP1($B,$C,$D,$E,$A,$wl[14],$sl[14],0); - &RIP1($A,$B,$C,$D,$E,$wl[15],$sl[15],1,$wl[16]); - - &RIP2($E,$A,$B,$C,$D,$wl[16],$wl[17],$sl[16],$KL1,-1); - &RIP2($D,$E,$A,$B,$C,$wl[17],$wl[18],$sl[17],$KL1,0); - &RIP2($C,$D,$E,$A,$B,$wl[18],$wl[19],$sl[18],$KL1,0); - &RIP2($B,$C,$D,$E,$A,$wl[19],$wl[20],$sl[19],$KL1,0); - &RIP2($A,$B,$C,$D,$E,$wl[20],$wl[21],$sl[20],$KL1,0); - &RIP2($E,$A,$B,$C,$D,$wl[21],$wl[22],$sl[21],$KL1,0); - &RIP2($D,$E,$A,$B,$C,$wl[22],$wl[23],$sl[22],$KL1,0); - &RIP2($C,$D,$E,$A,$B,$wl[23],$wl[24],$sl[23],$KL1,0); - &RIP2($B,$C,$D,$E,$A,$wl[24],$wl[25],$sl[24],$KL1,0); - &RIP2($A,$B,$C,$D,$E,$wl[25],$wl[26],$sl[25],$KL1,0); - &RIP2($E,$A,$B,$C,$D,$wl[26],$wl[27],$sl[26],$KL1,0); - &RIP2($D,$E,$A,$B,$C,$wl[27],$wl[28],$sl[27],$KL1,0); - &RIP2($C,$D,$E,$A,$B,$wl[28],$wl[29],$sl[28],$KL1,0); - &RIP2($B,$C,$D,$E,$A,$wl[29],$wl[30],$sl[29],$KL1,0); - &RIP2($A,$B,$C,$D,$E,$wl[30],$wl[31],$sl[30],$KL1,0); - &RIP2($E,$A,$B,$C,$D,$wl[31],$wl[32],$sl[31],$KL1,1); - - &RIP3($D,$E,$A,$B,$C,$wl[32],$sl[32],$KL2,-1); - &RIP3($C,$D,$E,$A,$B,$wl[33],$sl[33],$KL2,0); - &RIP3($B,$C,$D,$E,$A,$wl[34],$sl[34],$KL2,0); - &RIP3($A,$B,$C,$D,$E,$wl[35],$sl[35],$KL2,0); - &RIP3($E,$A,$B,$C,$D,$wl[36],$sl[36],$KL2,0); - &RIP3($D,$E,$A,$B,$C,$wl[37],$sl[37],$KL2,0); - &RIP3($C,$D,$E,$A,$B,$wl[38],$sl[38],$KL2,0); - &RIP3($B,$C,$D,$E,$A,$wl[39],$sl[39],$KL2,0); - &RIP3($A,$B,$C,$D,$E,$wl[40],$sl[40],$KL2,0); - &RIP3($E,$A,$B,$C,$D,$wl[41],$sl[41],$KL2,0); - &RIP3($D,$E,$A,$B,$C,$wl[42],$sl[42],$KL2,0); - &RIP3($C,$D,$E,$A,$B,$wl[43],$sl[43],$KL2,0); - &RIP3($B,$C,$D,$E,$A,$wl[44],$sl[44],$KL2,0); - &RIP3($A,$B,$C,$D,$E,$wl[45],$sl[45],$KL2,0); - &RIP3($E,$A,$B,$C,$D,$wl[46],$sl[46],$KL2,0); - &RIP3($D,$E,$A,$B,$C,$wl[47],$sl[47],$KL2,1); - - &RIP4($C,$D,$E,$A,$B,$wl[48],$sl[48],$KL3,-1); - &RIP4($B,$C,$D,$E,$A,$wl[49],$sl[49],$KL3,0); - &RIP4($A,$B,$C,$D,$E,$wl[50],$sl[50],$KL3,0); - &RIP4($E,$A,$B,$C,$D,$wl[51],$sl[51],$KL3,0); - &RIP4($D,$E,$A,$B,$C,$wl[52],$sl[52],$KL3,0); - &RIP4($C,$D,$E,$A,$B,$wl[53],$sl[53],$KL3,0); - &RIP4($B,$C,$D,$E,$A,$wl[54],$sl[54],$KL3,0); - &RIP4($A,$B,$C,$D,$E,$wl[55],$sl[55],$KL3,0); - &RIP4($E,$A,$B,$C,$D,$wl[56],$sl[56],$KL3,0); - &RIP4($D,$E,$A,$B,$C,$wl[57],$sl[57],$KL3,0); - &RIP4($C,$D,$E,$A,$B,$wl[58],$sl[58],$KL3,0); - &RIP4($B,$C,$D,$E,$A,$wl[59],$sl[59],$KL3,0); - &RIP4($A,$B,$C,$D,$E,$wl[60],$sl[60],$KL3,0); - &RIP4($E,$A,$B,$C,$D,$wl[61],$sl[61],$KL3,0); - &RIP4($D,$E,$A,$B,$C,$wl[62],$sl[62],$KL3,0); - &RIP4($C,$D,$E,$A,$B,$wl[63],$sl[63],$KL3,1); - - &RIP5($B,$C,$D,$E,$A,$wl[64],$sl[64],$KL4,-1); - &RIP5($A,$B,$C,$D,$E,$wl[65],$sl[65],$KL4,0); - &RIP5($E,$A,$B,$C,$D,$wl[66],$sl[66],$KL4,0); - &RIP5($D,$E,$A,$B,$C,$wl[67],$sl[67],$KL4,0); - &RIP5($C,$D,$E,$A,$B,$wl[68],$sl[68],$KL4,0); - &RIP5($B,$C,$D,$E,$A,$wl[69],$sl[69],$KL4,0); - &RIP5($A,$B,$C,$D,$E,$wl[70],$sl[70],$KL4,0); - &RIP5($E,$A,$B,$C,$D,$wl[71],$sl[71],$KL4,0); - &RIP5($D,$E,$A,$B,$C,$wl[72],$sl[72],$KL4,0); - &RIP5($C,$D,$E,$A,$B,$wl[73],$sl[73],$KL4,0); - &RIP5($B,$C,$D,$E,$A,$wl[74],$sl[74],$KL4,0); - &RIP5($A,$B,$C,$D,$E,$wl[75],$sl[75],$KL4,0); - &RIP5($E,$A,$B,$C,$D,$wl[76],$sl[76],$KL4,0); - &RIP5($D,$E,$A,$B,$C,$wl[77],$sl[77],$KL4,0); - &RIP5($C,$D,$E,$A,$B,$wl[78],$sl[78],$KL4,0); - &RIP5($B,$C,$D,$E,$A,$wl[79],$sl[79],$KL4,1); - - # &mov($tmp2, &wparam(0)); # moved into last RIP5 - # &mov(&swtmp(16), $A); - &mov($A, &DWP( 0,$tmp2,"",0)); - &mov(&swtmp(16+1), $B); - &mov(&swtmp(16+2), $C); - &mov($B, &DWP( 4,$tmp2,"",0)); - &mov(&swtmp(16+3), $D); - &mov($C, &DWP( 8,$tmp2,"",0)); - &mov(&swtmp(16+4), $E); - &mov($D, &DWP(12,$tmp2,"",0)); - &mov($E, &DWP(16,$tmp2,"",0)); - - &RIP5($A,$B,$C,$D,$E,$wr[ 0],$sr[ 0],$KR0,-2); - &RIP5($E,$A,$B,$C,$D,$wr[ 1],$sr[ 1],$KR0,0); - &RIP5($D,$E,$A,$B,$C,$wr[ 2],$sr[ 2],$KR0,0); - &RIP5($C,$D,$E,$A,$B,$wr[ 3],$sr[ 3],$KR0,0); - &RIP5($B,$C,$D,$E,$A,$wr[ 4],$sr[ 4],$KR0,0); - &RIP5($A,$B,$C,$D,$E,$wr[ 5],$sr[ 5],$KR0,0); - &RIP5($E,$A,$B,$C,$D,$wr[ 6],$sr[ 6],$KR0,0); - &RIP5($D,$E,$A,$B,$C,$wr[ 7],$sr[ 7],$KR0,0); - &RIP5($C,$D,$E,$A,$B,$wr[ 8],$sr[ 8],$KR0,0); - &RIP5($B,$C,$D,$E,$A,$wr[ 9],$sr[ 9],$KR0,0); - &RIP5($A,$B,$C,$D,$E,$wr[10],$sr[10],$KR0,0); - &RIP5($E,$A,$B,$C,$D,$wr[11],$sr[11],$KR0,0); - &RIP5($D,$E,$A,$B,$C,$wr[12],$sr[12],$KR0,0); - &RIP5($C,$D,$E,$A,$B,$wr[13],$sr[13],$KR0,0); - &RIP5($B,$C,$D,$E,$A,$wr[14],$sr[14],$KR0,0); - &RIP5($A,$B,$C,$D,$E,$wr[15],$sr[15],$KR0,2); - - &RIP4($E,$A,$B,$C,$D,$wr[16],$sr[16],$KR1,-2); - &RIP4($D,$E,$A,$B,$C,$wr[17],$sr[17],$KR1,0); - &RIP4($C,$D,$E,$A,$B,$wr[18],$sr[18],$KR1,0); - &RIP4($B,$C,$D,$E,$A,$wr[19],$sr[19],$KR1,0); - &RIP4($A,$B,$C,$D,$E,$wr[20],$sr[20],$KR1,0); - &RIP4($E,$A,$B,$C,$D,$wr[21],$sr[21],$KR1,0); - &RIP4($D,$E,$A,$B,$C,$wr[22],$sr[22],$KR1,0); - &RIP4($C,$D,$E,$A,$B,$wr[23],$sr[23],$KR1,0); - &RIP4($B,$C,$D,$E,$A,$wr[24],$sr[24],$KR1,0); - &RIP4($A,$B,$C,$D,$E,$wr[25],$sr[25],$KR1,0); - &RIP4($E,$A,$B,$C,$D,$wr[26],$sr[26],$KR1,0); - &RIP4($D,$E,$A,$B,$C,$wr[27],$sr[27],$KR1,0); - &RIP4($C,$D,$E,$A,$B,$wr[28],$sr[28],$KR1,0); - &RIP4($B,$C,$D,$E,$A,$wr[29],$sr[29],$KR1,0); - &RIP4($A,$B,$C,$D,$E,$wr[30],$sr[30],$KR1,0); - &RIP4($E,$A,$B,$C,$D,$wr[31],$sr[31],$KR1,2); - - &RIP3($D,$E,$A,$B,$C,$wr[32],$sr[32],$KR2,-2); - &RIP3($C,$D,$E,$A,$B,$wr[33],$sr[33],$KR2,0); - &RIP3($B,$C,$D,$E,$A,$wr[34],$sr[34],$KR2,0); - &RIP3($A,$B,$C,$D,$E,$wr[35],$sr[35],$KR2,0); - &RIP3($E,$A,$B,$C,$D,$wr[36],$sr[36],$KR2,0); - &RIP3($D,$E,$A,$B,$C,$wr[37],$sr[37],$KR2,0); - &RIP3($C,$D,$E,$A,$B,$wr[38],$sr[38],$KR2,0); - &RIP3($B,$C,$D,$E,$A,$wr[39],$sr[39],$KR2,0); - &RIP3($A,$B,$C,$D,$E,$wr[40],$sr[40],$KR2,0); - &RIP3($E,$A,$B,$C,$D,$wr[41],$sr[41],$KR2,0); - &RIP3($D,$E,$A,$B,$C,$wr[42],$sr[42],$KR2,0); - &RIP3($C,$D,$E,$A,$B,$wr[43],$sr[43],$KR2,0); - &RIP3($B,$C,$D,$E,$A,$wr[44],$sr[44],$KR2,0); - &RIP3($A,$B,$C,$D,$E,$wr[45],$sr[45],$KR2,0); - &RIP3($E,$A,$B,$C,$D,$wr[46],$sr[46],$KR2,0); - &RIP3($D,$E,$A,$B,$C,$wr[47],$sr[47],$KR2,2,$wr[48]); - - &RIP2($C,$D,$E,$A,$B,$wr[48],$wr[49],$sr[48],$KR3,-2); - &RIP2($B,$C,$D,$E,$A,$wr[49],$wr[50],$sr[49],$KR3,0); - &RIP2($A,$B,$C,$D,$E,$wr[50],$wr[51],$sr[50],$KR3,0); - &RIP2($E,$A,$B,$C,$D,$wr[51],$wr[52],$sr[51],$KR3,0); - &RIP2($D,$E,$A,$B,$C,$wr[52],$wr[53],$sr[52],$KR3,0); - &RIP2($C,$D,$E,$A,$B,$wr[53],$wr[54],$sr[53],$KR3,0); - &RIP2($B,$C,$D,$E,$A,$wr[54],$wr[55],$sr[54],$KR3,0); - &RIP2($A,$B,$C,$D,$E,$wr[55],$wr[56],$sr[55],$KR3,0); - &RIP2($E,$A,$B,$C,$D,$wr[56],$wr[57],$sr[56],$KR3,0); - &RIP2($D,$E,$A,$B,$C,$wr[57],$wr[58],$sr[57],$KR3,0); - &RIP2($C,$D,$E,$A,$B,$wr[58],$wr[59],$sr[58],$KR3,0); - &RIP2($B,$C,$D,$E,$A,$wr[59],$wr[60],$sr[59],$KR3,0); - &RIP2($A,$B,$C,$D,$E,$wr[60],$wr[61],$sr[60],$KR3,0); - &RIP2($E,$A,$B,$C,$D,$wr[61],$wr[62],$sr[61],$KR3,0); - &RIP2($D,$E,$A,$B,$C,$wr[62],$wr[63],$sr[62],$KR3,0); - &RIP2($C,$D,$E,$A,$B,$wr[63],$wr[64],$sr[63],$KR3,2); - - &RIP1($B,$C,$D,$E,$A,$wr[64],$sr[64],-2); - &RIP1($A,$B,$C,$D,$E,$wr[65],$sr[65],0); - &RIP1($E,$A,$B,$C,$D,$wr[66],$sr[66],0); - &RIP1($D,$E,$A,$B,$C,$wr[67],$sr[67],0); - &RIP1($C,$D,$E,$A,$B,$wr[68],$sr[68],0); - &RIP1($B,$C,$D,$E,$A,$wr[69],$sr[69],0); - &RIP1($A,$B,$C,$D,$E,$wr[70],$sr[70],0); - &RIP1($E,$A,$B,$C,$D,$wr[71],$sr[71],0); - &RIP1($D,$E,$A,$B,$C,$wr[72],$sr[72],0); - &RIP1($C,$D,$E,$A,$B,$wr[73],$sr[73],0); - &RIP1($B,$C,$D,$E,$A,$wr[74],$sr[74],0); - &RIP1($A,$B,$C,$D,$E,$wr[75],$sr[75],0); - &RIP1($E,$A,$B,$C,$D,$wr[76],$sr[76],0); - &RIP1($D,$E,$A,$B,$C,$wr[77],$sr[77],0); - &RIP1($C,$D,$E,$A,$B,$wr[78],$sr[78],0); - &RIP1($B,$C,$D,$E,$A,$wr[79],$sr[79],2); - - # &mov($tmp2, &wparam(0)); # Moved into last round - - &mov($tmp1, &DWP( 4,$tmp2,"",0)); # ctx->B - &add($D, $tmp1); - &mov($tmp1, &swtmp(16+2)); # $c - &add($D, $tmp1); - - &mov($tmp1, &DWP( 8,$tmp2,"",0)); # ctx->C - &add($E, $tmp1); - &mov($tmp1, &swtmp(16+3)); # $d - &add($E, $tmp1); - - &mov($tmp1, &DWP(12,$tmp2,"",0)); # ctx->D - &add($A, $tmp1); - &mov($tmp1, &swtmp(16+4)); # $e - &add($A, $tmp1); - - - &mov($tmp1, &DWP(16,$tmp2,"",0)); # ctx->E - &add($B, $tmp1); - &mov($tmp1, &swtmp(16+0)); # $a - &add($B, $tmp1); - - &mov($tmp1, &DWP( 0,$tmp2,"",0)); # ctx->A - &add($C, $tmp1); - &mov($tmp1, &swtmp(16+1)); # $b - &add($C, $tmp1); - - &mov($tmp1, &wparam(2)); - - &mov(&DWP( 0,$tmp2,"",0), $D); - &mov(&DWP( 4,$tmp2,"",0), $E); - &mov(&DWP( 8,$tmp2,"",0), $A); - &sub($tmp1,1); - &mov(&DWP(12,$tmp2,"",0), $B); - &mov(&DWP(16,$tmp2,"",0), $C); - - &jle(&label("get_out")); - - &mov(&wparam(2),$tmp1); - &mov($C, $A); - &mov($tmp1, &wparam(1)); - &mov($A, $D); - &add($tmp1, 64); - &mov($B, $E); - &mov(&wparam(1),$tmp1); - - &jmp(&label("start")); - - &set_label("get_out"); - - &stack_pop(16+5+6); - - &pop("ebx"); - &pop("ebp"); - &pop("edi"); - &pop("esi"); - &ret(); - &function_end_B($name); - } - diff --git a/crypto/openssl-0.9/crypto/sha/asm/README b/crypto/openssl-0.9/crypto/sha/asm/README deleted file mode 100644 index b7e755765f..0000000000 --- a/crypto/openssl-0.9/crypto/sha/asm/README +++ /dev/null @@ -1 +0,0 @@ -C2.pl works diff --git a/crypto/openssl-0.9/crypto/sha/asm/sha1-586.pl b/crypto/openssl-0.9/crypto/sha/asm/sha1-586.pl deleted file mode 100644 index 4f8521f1e2..0000000000 --- a/crypto/openssl-0.9/crypto/sha/asm/sha1-586.pl +++ /dev/null @@ -1,430 +0,0 @@ -#!/usr/local/bin/perl - -# It was noted that Intel IA-32 C compiler generates code which -# performs ~30% *faster* on P4 CPU than original *hand-coded* -# SHA1 assembler implementation. To address this problem (and -# prove that humans are still better than machines:-), the -# original code was overhauled, which resulted in following -# performance changes: -# -# compared with original compared with Intel cc -# assembler impl. generated code -# Pentium -16% +48% -# PIII/AMD +8% +16% -# P4 +85%(!) +45% -# -# As you can see Pentium came out as looser:-( Yet I reckoned that -# improvement on P4 outweights the loss and incorporate this -# re-tuned code to 0.9.7 and later. -# ---------------------------------------------------------------- -# Those who for any particular reason absolutely must score on -# Pentium can replace this module with one from 0.9.6 distribution. -# This "offer" shall be revoked the moment programming interface to -# this module is changed, in which case this paragraph should be -# removed. -# ---------------------------------------------------------------- -# - -$normal=0; - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -&asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386"); - -$A="eax"; -$B="ecx"; -$C="ebx"; -$D="edx"; -$E="edi"; -$T="esi"; -$tmp1="ebp"; - -$off=9*4; - -@K=(0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6); - -&sha1_block_data("sha1_block_asm_data_order"); - -&asm_finish(); - -sub Nn - { - local($p)=@_; - local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E); - return($n{$p}); - } - -sub Np - { - local($p)=@_; - local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E); - local(%n)=($A,$B,$B,$C,$C,$D,$D,$E,$E,$T,$T,$A); - return($n{$p}); - } - -sub Na - { - local($n)=@_; - return( (($n )&0x0f), - (($n+ 2)&0x0f), - (($n+ 8)&0x0f), - (($n+13)&0x0f), - (($n+ 1)&0x0f)); - } - -sub X_expand - { - local($in)=@_; - - &comment("First, load the words onto the stack in network byte order"); - for ($i=0; $i<16; $i+=2) - { - &mov($A,&DWP(($i+0)*4,$in,"",0));# unless $i == 0; - &mov($B,&DWP(($i+1)*4,$in,"",0)); - &bswap($A); - &bswap($B); - &mov(&swtmp($i+0),$A); - &mov(&swtmp($i+1),$B); - } - - &comment("We now have the X array on the stack"); - &comment("starting at sp-4"); - } - -# Rules of engagement -# F is always trashable at the start, the running total. -# E becomes the next F so it can be trashed after it has been 'accumulated' -# F becomes A in the next round. We don't need to access it much. -# During the X update part, the result ends up in $X[$n0]. - -sub BODY_00_15 - { - local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; - - &comment("00_15 $n"); - - &mov($f,$c); # f to hold F_00_19(b,c,d) - if ($n==0) { &mov($tmp1,$a); } - else { &mov($a,$tmp1); } - &rotl($tmp1,5); # tmp1=ROTATE(a,5) - &xor($f,$d); - &and($f,$b); - &add($tmp1,$e); # tmp1+=e; - &mov($e,&swtmp($n)); # e becomes volatile and - # is loaded with xi - &xor($f,$d); # f holds F_00_19(b,c,d) - &rotr($b,2); # b=ROTATE(b,30) - &lea($tmp1,&DWP($K,$tmp1,$e,1));# tmp1+=K_00_19+xi - - if ($n==15) { &add($f,$tmp1); } # f+=tmp1 - else { &add($tmp1,$f); } - } - -sub BODY_16_19 - { - local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; - local($n0,$n1,$n2,$n3,$np)=&Na($n); - - &comment("16_19 $n"); - - &mov($f,&swtmp($n1)); # f to hold Xupdate(xi,xa,xb,xc,xd) - &mov($tmp1,$c); # tmp1 to hold F_00_19(b,c,d) - &xor($f,&swtmp($n0)); - &xor($tmp1,$d); - &xor($f,&swtmp($n2)); - &and($tmp1,$b); # tmp1 holds F_00_19(b,c,d) - &rotr($b,2); # b=ROTATE(b,30) - &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd - &rotl($f,1); # f=ROATE(f,1) - &xor($tmp1,$d); # tmp1=F_00_19(b,c,d) - &mov(&swtmp($n0),$f); # xi=f - &lea($f,&DWP($K,$f,$e,1)); # f+=K_00_19+e - &mov($e,$a); # e becomes volatile - &rotl($e,5); # e=ROTATE(a,5) - &add($f,$tmp1); # f+=F_00_19(b,c,d) - &add($f,$e); # f+=ROTATE(a,5) - } - -sub BODY_20_39 - { - local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; - - &comment("20_39 $n"); - local($n0,$n1,$n2,$n3,$np)=&Na($n); - - &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d) - &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd) - &rotr($b,2); # b=ROTATE(b,30) - &xor($f,&swtmp($n1)); - &xor($tmp1,$c); - &xor($f,&swtmp($n2)); - &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d) - &xor($f,&swtmp($n3)); # f holds xa^xb^xc^xd - &rotl($f,1); # f=ROTATE(f,1) - &add($tmp1,$e); - &mov(&swtmp($n0),$f); # xi=f - &mov($e,$a); # e becomes volatile - &rotl($e,5); # e=ROTATE(a,5) - &lea($f,&DWP($K,$f,$tmp1,1)); # f+=K_20_39+e - &add($f,$e); # f+=ROTATE(a,5) - } - -sub BODY_40_59 - { - local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; - - &comment("40_59 $n"); - local($n0,$n1,$n2,$n3,$np)=&Na($n); - - &mov($f,&swtmp($n0)); # f to hold Xupdate(xi,xa,xb,xc,xd) - &mov($tmp1,&swtmp($n1)); - &xor($f,$tmp1); - &mov($tmp1,&swtmp($n2)); - &xor($f,$tmp1); - &mov($tmp1,&swtmp($n3)); - &xor($f,$tmp1); # f holds xa^xb^xc^xd - &mov($tmp1,$b); # tmp1 to hold F_40_59(b,c,d) - &rotl($f,1); # f=ROTATE(f,1) - &or($tmp1,$c); - &mov(&swtmp($n0),$f); # xi=f - &and($tmp1,$d); - &lea($f,&DWP($K,$f,$e,1)); # f+=K_40_59+e - &mov($e,$b); # e becomes volatile and is used - # to calculate F_40_59(b,c,d) - &rotr($b,2); # b=ROTATE(b,30) - &and($e,$c); - &or($tmp1,$e); # tmp1 holds F_40_59(b,c,d) - &mov($e,$a); - &rotl($e,5); # e=ROTATE(a,5) - &add($f,$tmp1); # f+=tmp1; - &add($f,$e); # f+=ROTATE(a,5) - } - -sub BODY_60_79 - { - &BODY_20_39(@_); - } - -sub sha1_block_host - { - local($name, $sclabel)=@_; - - &function_begin_B($name,""); - - # parameter 1 is the MD5_CTX structure. - # A 0 - # B 4 - # C 8 - # D 12 - # E 16 - - &mov("ecx", &wparam(2)); - &push("esi"); - &shl("ecx",6); - &mov("esi", &wparam(1)); - &push("ebp"); - &add("ecx","esi"); # offset to leave on - &push("ebx"); - &mov("ebp", &wparam(0)); - &push("edi"); - &mov($D, &DWP(12,"ebp","",0)); - &stack_push(18+9); - &mov($E, &DWP(16,"ebp","",0)); - &mov($C, &DWP( 8,"ebp","",0)); - &mov(&swtmp(17),"ecx"); - - &comment("First we need to setup the X array"); - - for ($i=0; $i<16; $i+=2) - { - &mov($A,&DWP(($i+0)*4,"esi","",0));# unless $i == 0; - &mov($B,&DWP(($i+1)*4,"esi","",0)); - &mov(&swtmp($i+0),$A); - &mov(&swtmp($i+1),$B); - } - &jmp($sclabel); - &function_end_B($name); - } - - -sub sha1_block_data - { - local($name)=@_; - - &function_begin_B($name,""); - - # parameter 1 is the MD5_CTX structure. - # A 0 - # B 4 - # C 8 - # D 12 - # E 16 - - &mov("ecx", &wparam(2)); - &push("esi"); - &shl("ecx",6); - &mov("esi", &wparam(1)); - &push("ebp"); - &add("ecx","esi"); # offset to leave on - &push("ebx"); - &mov("ebp", &wparam(0)); - &push("edi"); - &mov($D, &DWP(12,"ebp","",0)); - &stack_push(18+9); - &mov($E, &DWP(16,"ebp","",0)); - &mov($C, &DWP( 8,"ebp","",0)); - &mov(&swtmp(17),"ecx"); - - &comment("First we need to setup the X array"); - - &set_label("start") unless $normal; - - &X_expand("esi"); - &mov(&wparam(1),"esi"); - - &set_label("shortcut", 0, 1); - &comment(""); - &comment("Start processing"); - - # odd start - &mov($A, &DWP( 0,"ebp","",0)); - &mov($B, &DWP( 4,"ebp","",0)); - $X="esp"; - &BODY_00_15(-2,$K[0],$X, 0,$A,$B,$C,$D,$E,$T); - &BODY_00_15( 0,$K[0],$X, 1,$T,$A,$B,$C,$D,$E); - &BODY_00_15( 0,$K[0],$X, 2,$E,$T,$A,$B,$C,$D); - &BODY_00_15( 0,$K[0],$X, 3,$D,$E,$T,$A,$B,$C); - &BODY_00_15( 0,$K[0],$X, 4,$C,$D,$E,$T,$A,$B); - &BODY_00_15( 0,$K[0],$X, 5,$B,$C,$D,$E,$T,$A); - &BODY_00_15( 0,$K[0],$X, 6,$A,$B,$C,$D,$E,$T); - &BODY_00_15( 0,$K[0],$X, 7,$T,$A,$B,$C,$D,$E); - &BODY_00_15( 0,$K[0],$X, 8,$E,$T,$A,$B,$C,$D); - &BODY_00_15( 0,$K[0],$X, 9,$D,$E,$T,$A,$B,$C); - &BODY_00_15( 0,$K[0],$X,10,$C,$D,$E,$T,$A,$B); - &BODY_00_15( 0,$K[0],$X,11,$B,$C,$D,$E,$T,$A); - &BODY_00_15( 0,$K[0],$X,12,$A,$B,$C,$D,$E,$T); - &BODY_00_15( 0,$K[0],$X,13,$T,$A,$B,$C,$D,$E); - &BODY_00_15( 0,$K[0],$X,14,$E,$T,$A,$B,$C,$D); - &BODY_00_15( 1,$K[0],$X,15,$D,$E,$T,$A,$B,$C); - &BODY_16_19(-1,$K[0],$X,16,$C,$D,$E,$T,$A,$B); - &BODY_16_19( 0,$K[0],$X,17,$B,$C,$D,$E,$T,$A); - &BODY_16_19( 0,$K[0],$X,18,$A,$B,$C,$D,$E,$T); - &BODY_16_19( 1,$K[0],$X,19,$T,$A,$B,$C,$D,$E); - - &BODY_20_39(-1,$K[1],$X,20,$E,$T,$A,$B,$C,$D); - &BODY_20_39( 0,$K[1],$X,21,$D,$E,$T,$A,$B,$C); - &BODY_20_39( 0,$K[1],$X,22,$C,$D,$E,$T,$A,$B); - &BODY_20_39( 0,$K[1],$X,23,$B,$C,$D,$E,$T,$A); - &BODY_20_39( 0,$K[1],$X,24,$A,$B,$C,$D,$E,$T); - &BODY_20_39( 0,$K[1],$X,25,$T,$A,$B,$C,$D,$E); - &BODY_20_39( 0,$K[1],$X,26,$E,$T,$A,$B,$C,$D); - &BODY_20_39( 0,$K[1],$X,27,$D,$E,$T,$A,$B,$C); - &BODY_20_39( 0,$K[1],$X,28,$C,$D,$E,$T,$A,$B); - &BODY_20_39( 0,$K[1],$X,29,$B,$C,$D,$E,$T,$A); - &BODY_20_39( 0,$K[1],$X,30,$A,$B,$C,$D,$E,$T); - &BODY_20_39( 0,$K[1],$X,31,$T,$A,$B,$C,$D,$E); - &BODY_20_39( 0,$K[1],$X,32,$E,$T,$A,$B,$C,$D); - &BODY_20_39( 0,$K[1],$X,33,$D,$E,$T,$A,$B,$C); - &BODY_20_39( 0,$K[1],$X,34,$C,$D,$E,$T,$A,$B); - &BODY_20_39( 0,$K[1],$X,35,$B,$C,$D,$E,$T,$A); - &BODY_20_39( 0,$K[1],$X,36,$A,$B,$C,$D,$E,$T); - &BODY_20_39( 0,$K[1],$X,37,$T,$A,$B,$C,$D,$E); - &BODY_20_39( 0,$K[1],$X,38,$E,$T,$A,$B,$C,$D); - &BODY_20_39( 1,$K[1],$X,39,$D,$E,$T,$A,$B,$C); - - &BODY_40_59(-1,$K[2],$X,40,$C,$D,$E,$T,$A,$B); - &BODY_40_59( 0,$K[2],$X,41,$B,$C,$D,$E,$T,$A); - &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T); - &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E); - &BODY_40_59( 0,$K[2],$X,44,$E,$T,$A,$B,$C,$D); - &BODY_40_59( 0,$K[2],$X,45,$D,$E,$T,$A,$B,$C); - &BODY_40_59( 0,$K[2],$X,46,$C,$D,$E,$T,$A,$B); - &BODY_40_59( 0,$K[2],$X,47,$B,$C,$D,$E,$T,$A); - &BODY_40_59( 0,$K[2],$X,48,$A,$B,$C,$D,$E,$T); - &BODY_40_59( 0,$K[2],$X,49,$T,$A,$B,$C,$D,$E); - &BODY_40_59( 0,$K[2],$X,50,$E,$T,$A,$B,$C,$D); - &BODY_40_59( 0,$K[2],$X,51,$D,$E,$T,$A,$B,$C); - &BODY_40_59( 0,$K[2],$X,52,$C,$D,$E,$T,$A,$B); - &BODY_40_59( 0,$K[2],$X,53,$B,$C,$D,$E,$T,$A); - &BODY_40_59( 0,$K[2],$X,54,$A,$B,$C,$D,$E,$T); - &BODY_40_59( 0,$K[2],$X,55,$T,$A,$B,$C,$D,$E); - &BODY_40_59( 0,$K[2],$X,56,$E,$T,$A,$B,$C,$D); - &BODY_40_59( 0,$K[2],$X,57,$D,$E,$T,$A,$B,$C); - &BODY_40_59( 0,$K[2],$X,58,$C,$D,$E,$T,$A,$B); - &BODY_40_59( 1,$K[2],$X,59,$B,$C,$D,$E,$T,$A); - - &BODY_60_79(-1,$K[3],$X,60,$A,$B,$C,$D,$E,$T); - &BODY_60_79( 0,$K[3],$X,61,$T,$A,$B,$C,$D,$E); - &BODY_60_79( 0,$K[3],$X,62,$E,$T,$A,$B,$C,$D); - &BODY_60_79( 0,$K[3],$X,63,$D,$E,$T,$A,$B,$C); - &BODY_60_79( 0,$K[3],$X,64,$C,$D,$E,$T,$A,$B); - &BODY_60_79( 0,$K[3],$X,65,$B,$C,$D,$E,$T,$A); - &BODY_60_79( 0,$K[3],$X,66,$A,$B,$C,$D,$E,$T); - &BODY_60_79( 0,$K[3],$X,67,$T,$A,$B,$C,$D,$E); - &BODY_60_79( 0,$K[3],$X,68,$E,$T,$A,$B,$C,$D); - &BODY_60_79( 0,$K[3],$X,69,$D,$E,$T,$A,$B,$C); - &BODY_60_79( 0,$K[3],$X,70,$C,$D,$E,$T,$A,$B); - &BODY_60_79( 0,$K[3],$X,71,$B,$C,$D,$E,$T,$A); - &BODY_60_79( 0,$K[3],$X,72,$A,$B,$C,$D,$E,$T); - &BODY_60_79( 0,$K[3],$X,73,$T,$A,$B,$C,$D,$E); - &BODY_60_79( 0,$K[3],$X,74,$E,$T,$A,$B,$C,$D); - &BODY_60_79( 0,$K[3],$X,75,$D,$E,$T,$A,$B,$C); - &BODY_60_79( 0,$K[3],$X,76,$C,$D,$E,$T,$A,$B); - &BODY_60_79( 0,$K[3],$X,77,$B,$C,$D,$E,$T,$A); - &BODY_60_79( 0,$K[3],$X,78,$A,$B,$C,$D,$E,$T); - &BODY_60_79( 2,$K[3],$X,79,$T,$A,$B,$C,$D,$E); - - &comment("End processing"); - &comment(""); - # D is the tmp value - - # E -> A - # T -> B - # A -> C - # B -> D - # C -> E - # D -> T - - &mov($tmp1,&wparam(0)); - - &mov($D, &DWP(12,$tmp1,"",0)); - &add($D,$B); - &mov($B, &DWP( 4,$tmp1,"",0)); - &add($B,$T); - &mov($T, $A); - &mov($A, &DWP( 0,$tmp1,"",0)); - &mov(&DWP(12,$tmp1,"",0),$D); - - &add($A,$E); - &mov($E, &DWP(16,$tmp1,"",0)); - &add($E,$C); - &mov($C, &DWP( 8,$tmp1,"",0)); - &add($C,$T); - - &mov(&DWP( 0,$tmp1,"",0),$A); - &mov("esi",&wparam(1)); - &mov(&DWP( 8,$tmp1,"",0),$C); - &add("esi",64); - &mov("eax",&swtmp(17)); - &mov(&DWP(16,$tmp1,"",0),$E); - &cmp("esi","eax"); - &mov(&DWP( 4,$tmp1,"",0),$B); - &jb(&label("start")); - - &stack_pop(18+9); - &pop("edi"); - &pop("ebx"); - &pop("ebp"); - &pop("esi"); - &ret(); - - # keep a note of shortcut label so it can be used outside - # block. - my $sclabel = &label("shortcut"); - - &function_end_B($name); - # Putting this here avoids problems with MASM in debugging mode - &sha1_block_host("sha1_block_asm_host_order", $sclabel); - } - diff --git a/crypto/openssl-0.9/crypto/sha/asm/sha1-ia64.pl b/crypto/openssl-0.9/crypto/sha/asm/sha1-ia64.pl deleted file mode 100644 index cb9dfad124..0000000000 --- a/crypto/openssl-0.9/crypto/sha/asm/sha1-ia64.pl +++ /dev/null @@ -1,549 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the OpenSSL license. -# ==================================================================== -# -# Eternal question is what's wrong with compiler generated code? The -# trick is that it's possible to reduce the number of shifts required -# to perform rotations by maintaining copy of 32-bit value in upper -# bits of 64-bit register. Just follow mux2 and shrp instructions... -# Performance under big-endian OS such as HP-UX is 179MBps*1GHz, which -# is >50% better than HP C and >2x better than gcc. As of this moment -# performance under little-endian OS such as Linux and Windows will be -# a bit lower, because data has to be picked in reverse byte-order. -# It's possible to resolve this issue by implementing third function, -# sha1_block_asm_data_order_aligned, which would temporarily flip -# BE field in User Mask register... - -$code=<<___; -.ident \"sha1-ia64.s, version 1.0\" -.ident \"IA-64 ISA artwork by Andy Polyakov \" -.explicit - -___ - - -if ($^O eq "hpux") { - $ADDP="addp4"; - for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); } -} else { $ADDP="add"; } -for (@ARGV) { $big_endian=1 if (/\-DB_ENDIAN/); - $big_endian=0 if (/\-DL_ENDIAN/); } -if (!defined($big_endian)) - { $big_endian=(unpack('L',pack('N',1))==1); } - -#$human=1; -if ($human) { # useful for visual code auditing... - ($A,$B,$C,$D,$E,$T) = ("A","B","C","D","E","T"); - ($h0,$h1,$h2,$h3,$h4) = ("h0","h1","h2","h3","h4"); - ($K_00_19, $K_20_39, $K_40_59, $K_60_79) = - ( "K_00_19","K_20_39","K_40_59","K_60_79" ); - @X= ( "X0", "X1", "X2", "X3", "X4", "X5", "X6", "X7", - "X8", "X9","X10","X11","X12","X13","X14","X15" ); -} -else { - ($A,$B,$C,$D,$E,$T) = ("loc0","loc1","loc2","loc3","loc4","loc5"); - ($h0,$h1,$h2,$h3,$h4) = ("loc6","loc7","loc8","loc9","loc10"); - ($K_00_19, $K_20_39, $K_40_59, $K_60_79) = - ( "r14", "r15", "loc11", "loc12" ); - @X= ( "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23", - "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31" ); -} - -sub BODY_00_15 { -local *code=shift; -local ($i,$a,$b,$c,$d,$e,$f,$unaligned)=@_; - -if ($unaligned) { - $code.=<<___; -{ .mmi; ld1 tmp0=[inp],2 // MSB - ld1 tmp1=[tmp3],2 };; -{ .mmi; ld1 tmp2=[inp],2 - ld1 $X[$i&0xf]=[tmp3],2 // LSB - dep tmp1=tmp0,tmp1,8,8 };; -{ .mii; cmp.ne p16,p0=r0,r0 // no misaligned prefetch - dep $X[$i&0xf]=tmp2,$X[$i&0xf],8,8;; - dep $X[$i&0xf]=tmp1,$X[$i&0xf],16,16 };; -{ .mmi; nop.m 0 -___ - } -elsif ($i<15) { - $code.=<<___; -{ .mmi; ld4 $X[($i+1)&0xf]=[inp],4 // prefetch -___ - } -else { - $code.=<<___; -{ .mmi; nop.m 0 -___ - } -if ($i<15) { - $code.=<<___; - and tmp0=$c,$b - dep.z tmp5=$a,5,27 } // a<<5 -{ .mmi; andcm tmp1=$d,$b - add tmp4=$e,$K_00_19 };; -{ .mmi; or tmp0=tmp0,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) - add $f=tmp4,$X[$i&0xf] // f=xi+e+K_00_19 - extr.u tmp1=$a,27,5 };; // a>>27 -{ .mib; add $f=$f,tmp0 // f+=F_00_19(b,c,d) - shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) -{ .mib; or tmp1=tmp1,tmp5 // ROTATE(a,5) - mux2 tmp6=$a,0x44 };; // see b in next iteration -{ .mii; add $f=$f,tmp1 // f+=ROTATE(a,5) - mux2 $X[$i&0xf]=$X[$i&0xf],0x44 - nop.i 0 };; - -___ - } -else { - $code.=<<___; - and tmp0=$c,$b - dep.z tmp5=$a,5,27 } // a<<5 ;;? -{ .mmi; andcm tmp1=$d,$b - add tmp4=$e,$K_00_19 };; -{ .mmi; or tmp0=tmp0,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) - add $f=tmp4,$X[$i&0xf] // f=xi+e+K_00_19 - extr.u tmp1=$a,27,5 } // a>>27 -{ .mmi; xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1 - xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1 - nop.i 0 };; -{ .mmi; add $f=$f,tmp0 // f+=F_00_19(b,c,d) - xor tmp2=tmp2,tmp3 // +1 - shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) -{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) - mux2 tmp6=$a,0x44 };; // see b in next iteration -{ .mii; add $f=$f,tmp1 // f+=ROTATE(a,5) - shrp $e=tmp2,tmp2,31 // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1) - mux2 $X[$i&0xf]=$X[$i&0xf],0x44 };; - -___ - } -} - -sub BODY_16_19 { -local *code=shift; -local ($i,$a,$b,$c,$d,$e,$f)=@_; - -$code.=<<___; -{ .mmi; mov $X[$i&0xf]=$f // Xupdate - and tmp0=$c,$b - dep.z tmp5=$a,5,27 } // a<<5 -{ .mmi; andcm tmp1=$d,$b - add tmp4=$e,$K_00_19 };; -{ .mmi; or tmp0=tmp0,tmp1 // F_00_19(b,c,d)=(b&c)|(~b&d) - add $f=$f,tmp4 // f+=e+K_00_19 - extr.u tmp1=$a,27,5 } // a>>27 -{ .mmi; xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1 - xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1 - nop.i 0 };; -{ .mmi; add $f=$f,tmp0 // f+=F_00_19(b,c,d) - xor tmp2=tmp2,tmp3 // +1 - shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) -{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) - mux2 tmp6=$a,0x44 };; // see b in next iteration -{ .mii; add $f=$f,tmp1 // f+=ROTATE(a,5) - shrp $e=tmp2,tmp2,31 // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1) - nop.i 0 };; - -___ -} - -sub BODY_20_39 { -local *code=shift; -local ($i,$a,$b,$c,$d,$e,$f,$Konst)=@_; - $Konst = $K_20_39 if (!defined($Konst)); - -if ($i<79) { -$code.=<<___; -{ .mib; mov $X[$i&0xf]=$f // Xupdate - dep.z tmp5=$a,5,27 } // a<<5 -{ .mib; xor tmp0=$c,$b - add tmp4=$e,$Konst };; -{ .mmi; xor tmp0=tmp0,$d // F_20_39(b,c,d)=b^c^d - add $f=$f,tmp4 // f+=e+K_20_39 - extr.u tmp1=$a,27,5 } // a>>27 -{ .mmi; xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1 - xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1 - nop.i 0 };; -{ .mmi; add $f=$f,tmp0 // f+=F_20_39(b,c,d) - xor tmp2=tmp2,tmp3 // +1 - shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) -{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) - mux2 tmp6=$a,0x44 };; // see b in next iteration -{ .mii; add $f=$f,tmp1 // f+=ROTATE(a,5) - shrp $e=tmp2,tmp2,31 // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1) - nop.i 0 };; - -___ -} -else { -$code.=<<___; -{ .mib; mov $X[$i&0xf]=$f // Xupdate - dep.z tmp5=$a,5,27 } // a<<5 -{ .mib; xor tmp0=$c,$b - add tmp4=$e,$Konst };; -{ .mib; xor tmp0=tmp0,$d // F_20_39(b,c,d)=b^c^d - extr.u tmp1=$a,27,5 } // a>>27 -{ .mib; add $f=$f,tmp4 // f+=e+K_20_39 - add $h1=$h1,$a };; // wrap up -{ .mmi; -(p16) ld4.s $X[0]=[inp],4 // non-faulting prefetch - add $f=$f,tmp0 // f+=F_20_39(b,c,d) - shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) ;;? -{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) - add $h3=$h3,$c };; // wrap up -{ .mib; add tmp3=1,inp // used in unaligned codepath - add $f=$f,tmp1 } // f+=ROTATE(a,5) -{ .mib; add $h2=$h2,$b // wrap up - add $h4=$h4,$d };; // wrap up - -___ -} -} - -sub BODY_40_59 { -local *code=shift; -local ($i,$a,$b,$c,$d,$e,$f)=@_; - -$code.=<<___; -{ .mmi; mov $X[$i&0xf]=$f // Xupdate - and tmp0=$c,$b - dep.z tmp5=$a,5,27 } // a<<5 -{ .mmi; and tmp1=$d,$b - add tmp4=$e,$K_40_59 };; -{ .mmi; or tmp0=tmp0,tmp1 // (b&c)|(b&d) - add $f=$f,tmp4 // f+=e+K_40_59 - extr.u tmp1=$a,27,5 } // a>>27 -{ .mmi; and tmp4=$c,$d - xor tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf] // +1 - xor tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1 - };; -{ .mmi; or tmp1=tmp1,tmp5 // ROTATE(a,5) - xor tmp2=tmp2,tmp3 // +1 - shrp $b=tmp6,tmp6,2 } // b=ROTATE(b,30) -{ .mmi; or tmp0=tmp0,tmp4 // F_40_59(b,c,d)=(b&c)|(b&d)|(c&d) - mux2 tmp6=$a,0x44 };; // see b in next iteration -{ .mii; add $f=$f,tmp0 // f+=F_40_59(b,c,d) - shrp $e=tmp2,tmp2,31;; // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1) - add $f=$f,tmp1 };; // f+=ROTATE(a,5) - -___ -} -sub BODY_60_79 { &BODY_20_39(@_,$K_60_79); } - -$code.=<<___; -.text - -tmp0=r8; -tmp1=r9; -tmp2=r10; -tmp3=r11; -ctx=r32; // in0 -inp=r33; // in1 - -// void sha1_block_asm_host_order(SHA_CTX *c,const void *p,size_t num); -.global sha1_block_asm_host_order# -.proc sha1_block_asm_host_order# -.align 32 -sha1_block_asm_host_order: - .prologue - .fframe 0 - .save ar.pfs,r0 - .save ar.lc,r3 -{ .mmi; alloc tmp1=ar.pfs,3,15,0,0 - $ADDP tmp0=4,ctx - mov r3=ar.lc } -{ .mmi; $ADDP ctx=0,ctx - $ADDP inp=0,inp - mov r2=pr };; -tmp4=in2; -tmp5=loc13; -tmp6=loc14; - .body -{ .mlx; ld4 $h0=[ctx],8 - movl $K_00_19=0x5a827999 } -{ .mlx; ld4 $h1=[tmp0],8 - movl $K_20_39=0x6ed9eba1 };; -{ .mlx; ld4 $h2=[ctx],8 - movl $K_40_59=0x8f1bbcdc } -{ .mlx; ld4 $h3=[tmp0] - movl $K_60_79=0xca62c1d6 };; -{ .mmi; ld4 $h4=[ctx],-16 - add in2=-1,in2 // adjust num for ar.lc - mov ar.ec=1 };; -{ .mmi; ld4 $X[0]=[inp],4 // prefetch - cmp.ne p16,p0=r0,in2 // prefecth at loop end - mov ar.lc=in2 };; // brp.loop.imp: too far - -.Lhtop: -{ .mmi; mov $A=$h0 - mov $B=$h1 - mux2 tmp6=$h1,0x44 } -{ .mmi; mov $C=$h2 - mov $D=$h3 - mov $E=$h4 };; - -___ - - &BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T); - &BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E); - &BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D); - &BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C); - &BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B); - &BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A); - &BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T); - &BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E); - &BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D); - &BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C); - &BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B); - &BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A); - &BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T); - &BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E); - &BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D); - &BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C); - - &BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B); - &BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A); - &BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T); - &BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E); - - &BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C); - &BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B); - &BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A); - &BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T); - &BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E); - &BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C); - &BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B); - &BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A); - &BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T); - &BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E); - &BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C); - &BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B); - &BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A); - &BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T); - &BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E); - &BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C); - - &BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A); - &BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T); - &BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E); - &BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D); - &BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C); - &BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A); - &BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T); - &BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E); - &BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D); - &BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C); - &BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A); - &BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T); - &BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E); - &BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D); - &BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C); - &BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A); - - &BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E); - &BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D); - &BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C); - &BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B); - &BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A); - &BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E); - &BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D); - &BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C); - &BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B); - &BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A); - &BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E); - &BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D); - &BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C); - &BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B); - &BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A); - &BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E); - -$code.=<<___; -{ .mmb; add $h0=$h0,$E - nop.m 0 - br.ctop.dptk.many .Lhtop };; -.Lhend: -{ .mmi; add tmp0=4,ctx - mov ar.lc=r3 };; -{ .mmi; st4 [ctx]=$h0,8 - st4 [tmp0]=$h1,8 };; -{ .mmi; st4 [ctx]=$h2,8 - st4 [tmp0]=$h3 };; -{ .mib; st4 [ctx]=$h4,-16 - mov pr=r2,0x1ffff - br.ret.sptk.many b0 };; -.endp sha1_block_asm_host_order# -___ - - -$code.=<<___; -// void sha1_block_asm_data_order(SHA_CTX *c,const void *p,size_t num); -.global sha1_block_asm_data_order# -.proc sha1_block_asm_data_order# -.align 32 -sha1_block_asm_data_order: -___ -$code.=<<___ if ($big_endian); -{ .mmi; and r2=3,inp };; -{ .mib; cmp.eq p6,p0=r0,r2 -(p6) br.dptk.many sha1_block_asm_host_order };; -___ -$code.=<<___; - .prologue - .fframe 0 - .save ar.pfs,r0 - .save ar.lc,r3 -{ .mmi; alloc tmp1=ar.pfs,3,15,0,0 - $ADDP tmp0=4,ctx - mov r3=ar.lc } -{ .mmi; $ADDP ctx=0,ctx - $ADDP inp=0,inp - mov r2=pr };; -tmp4=in2; -tmp5=loc13; -tmp6=loc14; - .body -{ .mlx; ld4 $h0=[ctx],8 - movl $K_00_19=0x5a827999 } -{ .mlx; ld4 $h1=[tmp0],8 - movl $K_20_39=0x6ed9eba1 };; -{ .mlx; ld4 $h2=[ctx],8 - movl $K_40_59=0x8f1bbcdc } -{ .mlx; ld4 $h3=[tmp0] - movl $K_60_79=0xca62c1d6 };; -{ .mmi; ld4 $h4=[ctx],-16 - add in2=-1,in2 // adjust num for ar.lc - mov ar.ec=1 };; -{ .mmi; nop.m 0 - add tmp3=1,inp - mov ar.lc=in2 };; // brp.loop.imp: too far - -.Ldtop: -{ .mmi; mov $A=$h0 - mov $B=$h1 - mux2 tmp6=$h1,0x44 } -{ .mmi; mov $C=$h2 - mov $D=$h3 - mov $E=$h4 };; - -___ - - &BODY_00_15(\$code, 0,$A,$B,$C,$D,$E,$T,1); - &BODY_00_15(\$code, 1,$T,$A,$B,$C,$D,$E,1); - &BODY_00_15(\$code, 2,$E,$T,$A,$B,$C,$D,1); - &BODY_00_15(\$code, 3,$D,$E,$T,$A,$B,$C,1); - &BODY_00_15(\$code, 4,$C,$D,$E,$T,$A,$B,1); - &BODY_00_15(\$code, 5,$B,$C,$D,$E,$T,$A,1); - &BODY_00_15(\$code, 6,$A,$B,$C,$D,$E,$T,1); - &BODY_00_15(\$code, 7,$T,$A,$B,$C,$D,$E,1); - &BODY_00_15(\$code, 8,$E,$T,$A,$B,$C,$D,1); - &BODY_00_15(\$code, 9,$D,$E,$T,$A,$B,$C,1); - &BODY_00_15(\$code,10,$C,$D,$E,$T,$A,$B,1); - &BODY_00_15(\$code,11,$B,$C,$D,$E,$T,$A,1); - &BODY_00_15(\$code,12,$A,$B,$C,$D,$E,$T,1); - &BODY_00_15(\$code,13,$T,$A,$B,$C,$D,$E,1); - &BODY_00_15(\$code,14,$E,$T,$A,$B,$C,$D,1); - &BODY_00_15(\$code,15,$D,$E,$T,$A,$B,$C,1); - - &BODY_16_19(\$code,16,$C,$D,$E,$T,$A,$B); - &BODY_16_19(\$code,17,$B,$C,$D,$E,$T,$A); - &BODY_16_19(\$code,18,$A,$B,$C,$D,$E,$T); - &BODY_16_19(\$code,19,$T,$A,$B,$C,$D,$E); - - &BODY_20_39(\$code,20,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,21,$D,$E,$T,$A,$B,$C); - &BODY_20_39(\$code,22,$C,$D,$E,$T,$A,$B); - &BODY_20_39(\$code,23,$B,$C,$D,$E,$T,$A); - &BODY_20_39(\$code,24,$A,$B,$C,$D,$E,$T); - &BODY_20_39(\$code,25,$T,$A,$B,$C,$D,$E); - &BODY_20_39(\$code,26,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,27,$D,$E,$T,$A,$B,$C); - &BODY_20_39(\$code,28,$C,$D,$E,$T,$A,$B); - &BODY_20_39(\$code,29,$B,$C,$D,$E,$T,$A); - &BODY_20_39(\$code,30,$A,$B,$C,$D,$E,$T); - &BODY_20_39(\$code,31,$T,$A,$B,$C,$D,$E); - &BODY_20_39(\$code,32,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,33,$D,$E,$T,$A,$B,$C); - &BODY_20_39(\$code,34,$C,$D,$E,$T,$A,$B); - &BODY_20_39(\$code,35,$B,$C,$D,$E,$T,$A); - &BODY_20_39(\$code,36,$A,$B,$C,$D,$E,$T); - &BODY_20_39(\$code,37,$T,$A,$B,$C,$D,$E); - &BODY_20_39(\$code,38,$E,$T,$A,$B,$C,$D); - &BODY_20_39(\$code,39,$D,$E,$T,$A,$B,$C); - - &BODY_40_59(\$code,40,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,41,$B,$C,$D,$E,$T,$A); - &BODY_40_59(\$code,42,$A,$B,$C,$D,$E,$T); - &BODY_40_59(\$code,43,$T,$A,$B,$C,$D,$E); - &BODY_40_59(\$code,44,$E,$T,$A,$B,$C,$D); - &BODY_40_59(\$code,45,$D,$E,$T,$A,$B,$C); - &BODY_40_59(\$code,46,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,47,$B,$C,$D,$E,$T,$A); - &BODY_40_59(\$code,48,$A,$B,$C,$D,$E,$T); - &BODY_40_59(\$code,49,$T,$A,$B,$C,$D,$E); - &BODY_40_59(\$code,50,$E,$T,$A,$B,$C,$D); - &BODY_40_59(\$code,51,$D,$E,$T,$A,$B,$C); - &BODY_40_59(\$code,52,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,53,$B,$C,$D,$E,$T,$A); - &BODY_40_59(\$code,54,$A,$B,$C,$D,$E,$T); - &BODY_40_59(\$code,55,$T,$A,$B,$C,$D,$E); - &BODY_40_59(\$code,56,$E,$T,$A,$B,$C,$D); - &BODY_40_59(\$code,57,$D,$E,$T,$A,$B,$C); - &BODY_40_59(\$code,58,$C,$D,$E,$T,$A,$B); - &BODY_40_59(\$code,59,$B,$C,$D,$E,$T,$A); - - &BODY_60_79(\$code,60,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,61,$T,$A,$B,$C,$D,$E); - &BODY_60_79(\$code,62,$E,$T,$A,$B,$C,$D); - &BODY_60_79(\$code,63,$D,$E,$T,$A,$B,$C); - &BODY_60_79(\$code,64,$C,$D,$E,$T,$A,$B); - &BODY_60_79(\$code,65,$B,$C,$D,$E,$T,$A); - &BODY_60_79(\$code,66,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,67,$T,$A,$B,$C,$D,$E); - &BODY_60_79(\$code,68,$E,$T,$A,$B,$C,$D); - &BODY_60_79(\$code,69,$D,$E,$T,$A,$B,$C); - &BODY_60_79(\$code,70,$C,$D,$E,$T,$A,$B); - &BODY_60_79(\$code,71,$B,$C,$D,$E,$T,$A); - &BODY_60_79(\$code,72,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,73,$T,$A,$B,$C,$D,$E); - &BODY_60_79(\$code,74,$E,$T,$A,$B,$C,$D); - &BODY_60_79(\$code,75,$D,$E,$T,$A,$B,$C); - &BODY_60_79(\$code,76,$C,$D,$E,$T,$A,$B); - &BODY_60_79(\$code,77,$B,$C,$D,$E,$T,$A); - &BODY_60_79(\$code,78,$A,$B,$C,$D,$E,$T); - &BODY_60_79(\$code,79,$T,$A,$B,$C,$D,$E); - -$code.=<<___; -{ .mmb; add $h0=$h0,$E - nop.m 0 - br.ctop.dptk.many .Ldtop };; -.Ldend: -{ .mmi; add tmp0=4,ctx - mov ar.lc=r3 };; -{ .mmi; st4 [ctx]=$h0,8 - st4 [tmp0]=$h1,8 };; -{ .mmi; st4 [ctx]=$h2,8 - st4 [tmp0]=$h3 };; -{ .mib; st4 [ctx]=$h4,-16 - mov pr=r2,0x1ffff - br.ret.sptk.many b0 };; -.endp sha1_block_asm_data_order# -___ - -print $code; diff --git a/crypto/openssl-0.9/crypto/sha/asm/sha512-ia64.pl b/crypto/openssl-0.9/crypto/sha/asm/sha512-ia64.pl deleted file mode 100755 index 0aea02399a..0000000000 --- a/crypto/openssl-0.9/crypto/sha/asm/sha512-ia64.pl +++ /dev/null @@ -1,432 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the OpenSSL license. -# ==================================================================== -# -# SHA256/512_Transform for Itanium. -# -# sha512_block runs in 1003 cycles on Itanium 2, which is almost 50% -# faster than gcc and >60%(!) faster than code generated by HP-UX -# compiler (yes, HP-UX is generating slower code, because unlike gcc, -# it failed to deploy "shift right pair," 'shrp' instruction, which -# substitutes for 64-bit rotate). -# -# 924 cycles long sha256_block outperforms gcc by over factor of 2(!) -# and HP-UX compiler - by >40% (yes, gcc won sha512_block, but lost -# this one big time). Note that "formally" 924 is about 100 cycles -# too much. I mean it's 64 32-bit rounds vs. 80 virtually identical -# 64-bit ones and 1003*64/80 gives 802. Extra cycles, 2 per round, -# are spent on extra work to provide for 32-bit rotations. 32-bit -# rotations are still handled by 'shrp' instruction and for this -# reason lower 32 bits are deposited to upper half of 64-bit register -# prior 'shrp' issue. And in order to minimize the amount of such -# operations, X[16] values are *maintained* with copies of lower -# halves in upper halves, which is why you'll spot such instructions -# as custom 'mux2', "parallel 32-bit add," 'padd4' and "parallel -# 32-bit unsigned right shift," 'pshr4.u' instructions here. -# -# Rules of engagement. -# -# There is only one integer shifter meaning that if I have two rotate, -# deposit or extract instructions in adjacent bundles, they shall -# split [at run-time if they have to]. But note that variable and -# parallel shifts are performed by multi-media ALU and *are* pairable -# with rotates [and alike]. On the backside MMALU is rather slow: it -# takes 2 extra cycles before the result of integer operation is -# available *to* MMALU and 2(*) extra cycles before the result of MM -# operation is available "back" *to* integer ALU, not to mention that -# MMALU itself has 2 cycles latency. However! I explicitly scheduled -# these MM instructions to avoid MM stalls, so that all these extra -# latencies get "hidden" in instruction-level parallelism. -# -# (*) 2 cycles on Itanium 1 and 1 cycle on Itanium 2. But I schedule -# for 2 in order to provide for best *overall* performance, -# because on Itanium 1 stall on MM result is accompanied by -# pipeline flush, which takes 6 cycles:-( -# -# Resulting performance numbers for 900MHz Itanium 2 system: -# -# The 'numbers' are in 1000s of bytes per second processed. -# type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -# sha1(*) 6210.14k 20376.30k 52447.83k 85870.05k 105478.12k -# sha256 7476.45k 20572.05k 41538.34k 56062.29k 62093.18k -# sha512 4996.56k 20026.28k 47597.20k 85278.79k 111501.31k -# -# (*) SHA1 numbers are for HP-UX compiler and are presented purely -# for reference purposes. I bet it can improved too... -# -# To generate code, pass the file name with either 256 or 512 in its -# name and compiler flags. - -$output=shift; - -if ($output =~ /512.*\.[s|asm]/) { - $SZ=8; - $BITS=8*$SZ; - $LDW="ld8"; - $STW="st8"; - $ADD="add"; - $SHRU="shr.u"; - $TABLE="K512"; - $func="sha512_block"; - @Sigma0=(28,34,39); - @Sigma1=(14,18,41); - @sigma0=(1, 8, 7); - @sigma1=(19,61, 6); - $rounds=80; -} elsif ($output =~ /256.*\.[s|asm]/) { - $SZ=4; - $BITS=8*$SZ; - $LDW="ld4"; - $STW="st4"; - $ADD="padd4"; - $SHRU="pshr4.u"; - $TABLE="K256"; - $func="sha256_block"; - @Sigma0=( 2,13,22); - @Sigma1=( 6,11,25); - @sigma0=( 7,18, 3); - @sigma1=(17,19,10); - $rounds=64; -} else { die "nonsense $output"; } - -open STDOUT,">$output" || die "can't open $output: $!"; - -if ($^O eq "hpux") { - $ADDP="addp4"; - for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); } -} else { $ADDP="add"; } -for (@ARGV) { $big_endian=1 if (/\-DB_ENDIAN/); - $big_endian=0 if (/\-DL_ENDIAN/); } -if (!defined($big_endian)) - { $big_endian=(unpack('L',pack('N',1))==1); } - -$code=<<___; -.ident \"$output, version 1.0\" -.ident \"IA-64 ISA artwork by Andy Polyakov \" -.explicit -.text - -prsave=r14; -K=r15; -A=r16; B=r17; C=r18; D=r19; -E=r20; F=r21; G=r22; H=r23; -T1=r24; T2=r25; -s0=r26; s1=r27; t0=r28; t1=r29; -Ktbl=r30; -ctx=r31; // 1st arg -input=r48; // 2nd arg -num=r49; // 3rd arg -sgm0=r50; sgm1=r51; // small constants - -// void $func (SHA_CTX *ctx, const void *in,size_t num[,int host]) -.global $func# -.proc $func# -.align 32 -$func: - .prologue - .fframe 0 - .save ar.pfs,r2 - .save ar.lc,r3 - .save pr,prsave -{ .mmi; alloc r2=ar.pfs,3,17,0,16 - $ADDP ctx=0,r32 // 1st arg - mov r3=ar.lc } -{ .mmi; $ADDP input=0,r33 // 2nd arg - addl Ktbl=\@ltoff($TABLE#),gp - mov prsave=pr };; - - .body -{ .mii; ld8 Ktbl=[Ktbl] - mov num=r34 };; // 3rd arg - -{ .mib; add r8=0*$SZ,ctx - add r9=1*$SZ,ctx - brp.loop.imp .L_first16,.L_first16_ctop - } -{ .mib; add r10=2*$SZ,ctx - add r11=3*$SZ,ctx - brp.loop.imp .L_rest,.L_rest_ctop - };; -// load A-H -{ .mmi; $LDW A=[r8],4*$SZ - $LDW B=[r9],4*$SZ - mov sgm0=$sigma0[2] } -{ .mmi; $LDW C=[r10],4*$SZ - $LDW D=[r11],4*$SZ - mov sgm1=$sigma1[2] };; -{ .mmi; $LDW E=[r8] - $LDW F=[r9] } -{ .mmi; $LDW G=[r10] - $LDW H=[r11] - cmp.ne p15,p14=0,r35 };; // used in sha256_block - -.L_outer: -{ .mii; mov ar.lc=15 - mov ar.ec=1 };; -.align 32 -.L_first16: -.rotr X[16] -___ -$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32); -{ .mib; (p14) add r9=1,input - (p14) add r10=2,input } -{ .mib; (p14) add r11=3,input - (p15) br.dptk.few .L_host };; -{ .mmi; (p14) ld1 r8=[input],$SZ - (p14) ld1 r9=[r9] } -{ .mmi; (p14) ld1 r10=[r10] - (p14) ld1 r11=[r11] };; -{ .mii; (p14) dep r9=r8,r9,8,8 - (p14) dep r11=r10,r11,8,8 };; -{ .mib; (p14) dep X[15]=r9,r11,16,16 };; -.L_host: -{ .mib; (p15) $LDW X[15]=[input],$SZ // X[i]=*input++ - dep.z $t1=E,32,32 } -{ .mib; $LDW K=[Ktbl],$SZ - zxt4 E=E };; -{ .mmi; or $t1=$t1,E - and T1=F,E - and T2=A,B } -{ .mmi; andcm r8=G,E - and r9=A,C - mux2 $t0=A,0x44 };; // copy lower half to upper -{ .mib; xor T1=T1,r8 // T1=((e & f) ^ (~e & g)) - _rotr r11=$t1,$Sigma1[0] } // ROTR(e,14) -{ .mib; and r10=B,C - xor T2=T2,r9 };; -___ -$t0="A", $t1="E", $code.=<<___ if ($BITS==64); -{ .mmi; $LDW X[15]=[input],$SZ // X[i]=*input++ - and T1=F,E - and T2=A,B } -{ .mmi; $LDW K=[Ktbl],$SZ - andcm r8=G,E - and r9=A,C };; -{ .mmi; xor T1=T1,r8 //T1=((e & f) ^ (~e & g)) - and r10=B,C - _rotr r11=$t1,$Sigma1[0] } // ROTR(e,14) -{ .mmi; xor T2=T2,r9 - mux1 X[15]=X[15],\@rev };; // eliminated in big-endian -___ -$code.=<<___; -{ .mib; add T1=T1,H // T1=Ch(e,f,g)+h - _rotr r8=$t1,$Sigma1[1] } // ROTR(e,18) -{ .mib; xor T2=T2,r10 // T2=((a & b) ^ (a & c) ^ (b & c)) - mov H=G };; -{ .mib; xor r11=r8,r11 - _rotr r9=$t1,$Sigma1[2] } // ROTR(e,41) -{ .mib; mov G=F - mov F=E };; -{ .mib; xor r9=r9,r11 // r9=Sigma1(e) - _rotr r10=$t0,$Sigma0[0] } // ROTR(a,28) -{ .mib; add T1=T1,K // T1=Ch(e,f,g)+h+K512[i] - mov E=D };; -{ .mib; add T1=T1,r9 // T1+=Sigma1(e) - _rotr r11=$t0,$Sigma0[1] } // ROTR(a,34) -{ .mib; mov D=C - mov C=B };; -{ .mib; add T1=T1,X[15] // T1+=X[i] - _rotr r8=$t0,$Sigma0[2] } // ROTR(a,39) -{ .mib; xor r10=r10,r11 - mux2 X[15]=X[15],0x44 };; // eliminated in 64-bit -{ .mmi; xor r10=r8,r10 // r10=Sigma0(a) - mov B=A - add A=T1,T2 };; -.L_first16_ctop: -{ .mib; add E=E,T1 - add A=A,r10 // T2=Maj(a,b,c)+Sigma0(a) - br.ctop.sptk .L_first16 };; - -{ .mib; mov ar.lc=$rounds-17 } -{ .mib; mov ar.ec=1 };; -.align 32 -.L_rest: -.rotr X[16] -{ .mib; $LDW K=[Ktbl],$SZ - _rotr r8=X[15-1],$sigma0[0] } // ROTR(s0,1) -{ .mib; $ADD X[15]=X[15],X[15-9] // X[i&0xF]+=X[(i+9)&0xF] - $SHRU s0=X[15-1],sgm0 };; // s0=X[(i+1)&0xF]>>7 -{ .mib; and T1=F,E - _rotr r9=X[15-1],$sigma0[1] } // ROTR(s0,8) -{ .mib; andcm r10=G,E - $SHRU s1=X[15-14],sgm1 };; // s1=X[(i+14)&0xF]>>6 -{ .mmi; xor T1=T1,r10 // T1=((e & f) ^ (~e & g)) - xor r9=r8,r9 - _rotr r10=X[15-14],$sigma1[0] };;// ROTR(s1,19) -{ .mib; and T2=A,B - _rotr r11=X[15-14],$sigma1[1] }// ROTR(s1,61) -{ .mib; and r8=A,C };; -___ -$t0="t0", $t1="t1", $code.=<<___ if ($BITS==32); -// I adhere to mmi; in order to hold Itanium 1 back and avoid 6 cycle -// pipeline flush in last bundle. Note that even on Itanium2 the -// latter stalls for one clock cycle... -{ .mmi; xor s0=s0,r9 // s0=sigma0(X[(i+1)&0xF]) - dep.z $t1=E,32,32 } -{ .mmi; xor r10=r11,r10 - zxt4 E=E };; -{ .mmi; or $t1=$t1,E - xor s1=s1,r10 // s1=sigma1(X[(i+14)&0xF]) - mux2 $t0=A,0x44 };; // copy lower half to upper -{ .mmi; xor T2=T2,r8 - _rotr r9=$t1,$Sigma1[0] } // ROTR(e,14) -{ .mmi; and r10=B,C - add T1=T1,H // T1=Ch(e,f,g)+h - $ADD X[15]=X[15],s0 };; // X[i&0xF]+=sigma0(X[(i+1)&0xF]) -___ -$t0="A", $t1="E", $code.=<<___ if ($BITS==64); -{ .mib; xor s0=s0,r9 // s0=sigma0(X[(i+1)&0xF]) - _rotr r9=$t1,$Sigma1[0] } // ROTR(e,14) -{ .mib; xor r10=r11,r10 - xor T2=T2,r8 };; -{ .mib; xor s1=s1,r10 // s1=sigma1(X[(i+14)&0xF]) - add T1=T1,H } -{ .mib; and r10=B,C - $ADD X[15]=X[15],s0 };; // X[i&0xF]+=sigma0(X[(i+1)&0xF]) -___ -$code.=<<___; -{ .mmi; xor T2=T2,r10 // T2=((a & b) ^ (a & c) ^ (b & c)) - mov H=G - _rotr r8=$t1,$Sigma1[1] };; // ROTR(e,18) -{ .mmi; xor r11=r8,r9 - $ADD X[15]=X[15],s1 // X[i&0xF]+=sigma1(X[(i+14)&0xF]) - _rotr r9=$t1,$Sigma1[2] } // ROTR(e,41) -{ .mmi; mov G=F - mov F=E };; -{ .mib; xor r9=r9,r11 // r9=Sigma1(e) - _rotr r10=$t0,$Sigma0[0] } // ROTR(a,28) -{ .mib; add T1=T1,K // T1=Ch(e,f,g)+h+K512[i] - mov E=D };; -{ .mib; add T1=T1,r9 // T1+=Sigma1(e) - _rotr r11=$t0,$Sigma0[1] } // ROTR(a,34) -{ .mib; mov D=C - mov C=B };; -{ .mmi; add T1=T1,X[15] // T1+=X[i] - xor r10=r10,r11 - _rotr r8=$t0,$Sigma0[2] };; // ROTR(a,39) -{ .mmi; xor r10=r8,r10 // r10=Sigma0(a) - mov B=A - add A=T1,T2 };; -.L_rest_ctop: -{ .mib; add E=E,T1 - add A=A,r10 // T2=Maj(a,b,c)+Sigma0(a) - br.ctop.sptk .L_rest };; - -{ .mib; add r8=0*$SZ,ctx - add r9=1*$SZ,ctx } -{ .mib; add r10=2*$SZ,ctx - add r11=3*$SZ,ctx };; -{ .mmi; $LDW r32=[r8],4*$SZ - $LDW r33=[r9],4*$SZ } -{ .mmi; $LDW r34=[r10],4*$SZ - $LDW r35=[r11],4*$SZ - cmp.ltu p6,p7=1,num };; -{ .mmi; $LDW r36=[r8],-4*$SZ - $LDW r37=[r9],-4*$SZ -(p6) add Ktbl=-$SZ*$rounds,Ktbl } -{ .mmi; $LDW r38=[r10],-4*$SZ - $LDW r39=[r11],-4*$SZ -(p7) mov ar.lc=r3 };; -{ .mmi; add A=A,r32 - add B=B,r33 - add C=C,r34 } -{ .mmi; add D=D,r35 - add E=E,r36 - add F=F,r37 };; -{ .mmi; $STW [r8]=A,4*$SZ - $STW [r9]=B,4*$SZ - add G=G,r38 } -{ .mmi; $STW [r10]=C,4*$SZ - $STW [r11]=D,4*$SZ - add H=H,r39 };; -{ .mmi; $STW [r8]=E - $STW [r9]=F -(p6) add num=-1,num } -{ .mmb; $STW [r10]=G - $STW [r11]=H -(p6) br.dptk.many .L_outer };; - -{ .mib; mov pr=prsave,0x1ffff - br.ret.sptk.many b0 };; -.endp $func# -___ - -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/_rotr(\s+)([^=]+)=([^,]+),([0-9]+)/shrp$1$2=$3,$3,$4/gm; -if ($BITS==64) { - $code =~ s/mux2(\s+)\S+/nop.i$1 0x0/gm; - $code =~ s/mux1(\s+)\S+/nop.i$1 0x0/gm if ($big_endian); -} - -print $code; - -print<<___ if ($BITS==32); -.align 64 -.type K256#,\@object -K256: data4 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 - data4 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 - data4 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 - data4 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 - data4 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc - data4 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da - data4 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 - data4 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 - data4 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 - data4 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 - data4 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 - data4 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 - data4 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 - data4 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 - data4 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 - data4 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 -.size K256#,$SZ*$rounds -___ -print<<___ if ($BITS==64); -.align 64 -.type K512#,\@object -K512: data8 0x428a2f98d728ae22,0x7137449123ef65cd - data8 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc - data8 0x3956c25bf348b538,0x59f111f1b605d019 - data8 0x923f82a4af194f9b,0xab1c5ed5da6d8118 - data8 0xd807aa98a3030242,0x12835b0145706fbe - data8 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 - data8 0x72be5d74f27b896f,0x80deb1fe3b1696b1 - data8 0x9bdc06a725c71235,0xc19bf174cf692694 - data8 0xe49b69c19ef14ad2,0xefbe4786384f25e3 - data8 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 - data8 0x2de92c6f592b0275,0x4a7484aa6ea6e483 - data8 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 - data8 0x983e5152ee66dfab,0xa831c66d2db43210 - data8 0xb00327c898fb213f,0xbf597fc7beef0ee4 - data8 0xc6e00bf33da88fc2,0xd5a79147930aa725 - data8 0x06ca6351e003826f,0x142929670a0e6e70 - data8 0x27b70a8546d22ffc,0x2e1b21385c26c926 - data8 0x4d2c6dfc5ac42aed,0x53380d139d95b3df - data8 0x650a73548baf63de,0x766a0abb3c77b2a8 - data8 0x81c2c92e47edaee6,0x92722c851482353b - data8 0xa2bfe8a14cf10364,0xa81a664bbc423001 - data8 0xc24b8b70d0f89791,0xc76c51a30654be30 - data8 0xd192e819d6ef5218,0xd69906245565a910 - data8 0xf40e35855771202a,0x106aa07032bbd1b8 - data8 0x19a4c116b8d2d0c8,0x1e376c085141ab53 - data8 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 - data8 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb - data8 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 - data8 0x748f82ee5defb2fc,0x78a5636f43172f60 - data8 0x84c87814a1f0ab72,0x8cc702081a6439ec - data8 0x90befffa23631e28,0xa4506cebde82bde9 - data8 0xbef9a3f7b2c67915,0xc67178f2e372532b - data8 0xca273eceea26619c,0xd186b8c721c0c207 - data8 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 - data8 0x06f067aa72176fba,0x0a637dc5a2c898a6 - data8 0x113f9804bef90dae,0x1b710b35131c471b - data8 0x28db77f523047d84,0x32caab7b40c72493 - data8 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c - data8 0x4cc5d4becb3e42b6,0x597f299cfc657e2a - data8 0x5fcb6fab3ad6faec,0x6c44198c4a475817 -.size K512#,$SZ*$rounds -___ diff --git a/crypto/openssl-0.9/crypto/sha/asm/sha512-sse2.pl b/crypto/openssl-0.9/crypto/sha/asm/sha512-sse2.pl deleted file mode 100644 index 10902bf673..0000000000 --- a/crypto/openssl-0.9/crypto/sha/asm/sha512-sse2.pl +++ /dev/null @@ -1,404 +0,0 @@ -#!/usr/bin/env perl -# -# ==================================================================== -# Written by Andy Polyakov for the OpenSSL -# project. Rights for redistribution and usage in source and binary -# forms are granted according to the OpenSSL license. -# ==================================================================== -# -# SHA512_Transform_SSE2. -# -# As the name suggests, this is an IA-32 SSE2 implementation of -# SHA512_Transform. Motivating factor for the undertaken effort was that -# SHA512 was observed to *consistently* perform *significantly* poorer -# than SHA256 [2x and slower is common] on 32-bit platforms. On 64-bit -# platforms on the other hand SHA512 tend to outperform SHA256 [~50% -# seem to be common improvement factor]. All this is perfectly natural, -# as SHA512 is a 64-bit algorithm. But isn't IA-32 SSE2 essentially -# a 64-bit instruction set? Is it rich enough to implement SHA512? -# If answer was "no," then you wouldn't have been reading this... -# -# Throughput performance in MBps (larger is better): -# -# 2.4GHz P4 1.4GHz AMD32 1.4GHz AMD64(*) -# SHA256/gcc(*) 54 43 59 -# SHA512/gcc 17 23 92 -# SHA512/sse2 61(**) 57(**) -# SHA512/icc 26 28 -# SHA256/icc(*) 65 54 -# -# (*) AMD64 and SHA256 numbers are presented mostly for amusement or -# reference purposes. -# (**) I.e. it gives ~2-3x speed-up if compared with compiler generated -# code. One can argue that hand-coded *non*-SSE2 implementation -# would perform better than compiler generated one as well, and -# that comparison is therefore not exactly fair. Well, as SHA512 -# puts enormous pressure on IA-32 GP register bank, I reckon that -# hand-coded version wouldn't perform significantly better than -# one compiled with icc, ~20% perhaps... So that this code would -# still outperform it with distinguishing marginal. But feel free -# to prove me wrong:-) -# -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; - -&asm_init($ARGV[0],"sha512-sse2.pl",$ARGV[$#ARGV] eq "386"); - -$K512="esi"; # K512[80] table, found at the end... -#$W512="esp"; # $W512 is not just W512[16]: it comprises *two* copies - # of W512[16] and a copy of A-H variables... -$W512_SZ=8*(16+16+8); # see above... -#$Kidx="ebx"; # index in K512 table, advances from 0 to 80... -$Widx="edx"; # index in W512, wraps around at 16... -$data="edi"; # 16 qwords of input data... -$A="mm0"; # B-D and -$E="mm1"; # F-H are allocated dynamically... -$Aoff=256+0; # A-H offsets relative to $W512... -$Boff=256+8; -$Coff=256+16; -$Doff=256+24; -$Eoff=256+32; -$Foff=256+40; -$Goff=256+48; -$Hoff=256+56; - -sub SHA2_ROUND() -{ local ($kidx,$widx)=@_; - - # One can argue that one could reorder instructions for better - # performance. Well, I tried and it doesn't seem to make any - # noticeable difference. Modern out-of-order execution cores - # reorder instructions to their liking in either case and they - # apparently do decent job. So we can keep the code more - # readable/regular/comprehensible:-) - - # I adhere to 64-bit %mmX registers in order to avoid/not care - # about #GP exceptions on misaligned 128-bit access, most - # notably in paddq with memory operand. Not to mention that - # SSE2 intructions operating on %mmX can be scheduled every - # cycle [and not every second one if operating on %xmmN]. - - &movq ("mm4",&QWP($Foff,$W512)); # load f - &movq ("mm5",&QWP($Goff,$W512)); # load g - &movq ("mm6",&QWP($Hoff,$W512)); # load h - - &movq ("mm2",$E); # %mm2 is sliding right - &movq ("mm3",$E); # %mm3 is sliding left - &psrlq ("mm2",14); - &psllq ("mm3",23); - &movq ("mm7","mm2"); # %mm7 is T1 - &pxor ("mm7","mm3"); - &psrlq ("mm2",4); - &psllq ("mm3",23); - &pxor ("mm7","mm2"); - &pxor ("mm7","mm3"); - &psrlq ("mm2",23); - &psllq ("mm3",4); - &pxor ("mm7","mm2"); - &pxor ("mm7","mm3"); # T1=Sigma1_512(e) - - &movq (&QWP($Foff,$W512),$E); # f = e - &movq (&QWP($Goff,$W512),"mm4"); # g = f - &movq (&QWP($Hoff,$W512),"mm5"); # h = g - - &pxor ("mm4","mm5"); # f^=g - &pand ("mm4",$E); # f&=e - &pxor ("mm4","mm5"); # f^=g - &paddq ("mm7","mm4"); # T1+=Ch(e,f,g) - - &movq ("mm2",&QWP($Boff,$W512)); # load b - &movq ("mm3",&QWP($Coff,$W512)); # load c - &movq ($E,&QWP($Doff,$W512)); # e = d - - &paddq ("mm7","mm6"); # T1+=h - &paddq ("mm7",&QWP(0,$K512,$kidx,8)); # T1+=K512[i] - &paddq ("mm7",&QWP(0,$W512,$widx,8)); # T1+=W512[i] - &paddq ($E,"mm7"); # e += T1 - - &movq ("mm4",$A); # %mm4 is sliding right - &movq ("mm5",$A); # %mm5 is sliding left - &psrlq ("mm4",28); - &psllq ("mm5",25); - &movq ("mm6","mm4"); # %mm6 is T2 - &pxor ("mm6","mm5"); - &psrlq ("mm4",6); - &psllq ("mm5",5); - &pxor ("mm6","mm4"); - &pxor ("mm6","mm5"); - &psrlq ("mm4",5); - &psllq ("mm5",6); - &pxor ("mm6","mm4"); - &pxor ("mm6","mm5"); # T2=Sigma0_512(a) - - &movq (&QWP($Boff,$W512),$A); # b = a - &movq (&QWP($Coff,$W512),"mm2"); # c = b - &movq (&QWP($Doff,$W512),"mm3"); # d = c - - &movq ("mm4",$A); # %mm4=a - &por ($A,"mm3"); # a=a|c - &pand ("mm4","mm3"); # %mm4=a&c - &pand ($A,"mm2"); # a=(a|c)&b - &por ("mm4",$A); # %mm4=(a&c)|((a|c)&b) - &paddq ("mm6","mm4"); # T2+=Maj(a,b,c) - - &movq ($A,"mm7"); # a=T1 - &paddq ($A,"mm6"); # a+=T2 -} - -$func="sha512_block_sse2"; - -&function_begin_B($func); - if (0) {# Caller is expected to check if it's appropriate to - # call this routine. Below 3 lines are retained for - # debugging purposes... - &picmeup("eax","OPENSSL_ia32cap"); - &bt (&DWP(0,"eax"),26); - &jnc ("SHA512_Transform"); - } - - &push ("ebp"); - &mov ("ebp","esp"); - &push ("ebx"); - &push ("esi"); - &push ("edi"); - - &mov ($Widx,&DWP(8,"ebp")); # A-H state, 1st arg - &mov ($data,&DWP(12,"ebp")); # input data, 2nd arg - &call (&label("pic_point")); # make it PIC! -&set_label("pic_point"); - &blindpop($K512); - &lea ($K512,&DWP(&label("K512")."-".&label("pic_point"),$K512)); - - $W512 = "esp"; # start using %esp as W512 - &sub ($W512,$W512_SZ); - &and ($W512,-16); # ensure 128-bit alignment - - # make private copy of A-H - # v assume the worst and stick to unaligned load - &movdqu ("xmm0",&QWP(0,$Widx)); - &movdqu ("xmm1",&QWP(16,$Widx)); - &movdqu ("xmm2",&QWP(32,$Widx)); - &movdqu ("xmm3",&QWP(48,$Widx)); - -&align(8); -&set_label("_chunk_loop"); - - &movdqa (&QWP($Aoff,$W512),"xmm0"); # a,b - &movdqa (&QWP($Coff,$W512),"xmm1"); # c,d - &movdqa (&QWP($Eoff,$W512),"xmm2"); # e,f - &movdqa (&QWP($Goff,$W512),"xmm3"); # g,h - - &xor ($Widx,$Widx); - - &movdq2q($A,"xmm0"); # load a - &movdq2q($E,"xmm2"); # load e - - # Why aren't loops unrolled? It makes sense to unroll if - # execution time for loop body is comparable with branch - # penalties and/or if whole data-set resides in register bank. - # Neither is case here... Well, it would be possible to - # eliminate few store operations, but it would hardly affect - # so to say stop-watch performance, as there is a lot of - # available memory slots to fill. It will only relieve some - # pressure off memory bus... - - # flip input stream byte order... - &mov ("eax",&DWP(0,$data,$Widx,8)); - &mov ("ebx",&DWP(4,$data,$Widx,8)); - &bswap ("eax"); - &bswap ("ebx"); - &mov (&DWP(0,$W512,$Widx,8),"ebx"); # W512[i] - &mov (&DWP(4,$W512,$Widx,8),"eax"); - &mov (&DWP(128+0,$W512,$Widx,8),"ebx"); # copy of W512[i] - &mov (&DWP(128+4,$W512,$Widx,8),"eax"); - -&align(8); -&set_label("_1st_loop"); # 0-15 - # flip input stream byte order... - &mov ("eax",&DWP(0+8,$data,$Widx,8)); - &mov ("ebx",&DWP(4+8,$data,$Widx,8)); - &bswap ("eax"); - &bswap ("ebx"); - &mov (&DWP(0+8,$W512,$Widx,8),"ebx"); # W512[i] - &mov (&DWP(4+8,$W512,$Widx,8),"eax"); - &mov (&DWP(128+0+8,$W512,$Widx,8),"ebx"); # copy of W512[i] - &mov (&DWP(128+4+8,$W512,$Widx,8),"eax"); -&set_label("_1st_looplet"); - &SHA2_ROUND($Widx,$Widx); &inc($Widx); - -&cmp ($Widx,15) -&jl (&label("_1st_loop")); -&je (&label("_1st_looplet")); # playing similar trick on 2nd loop - # does not improve performance... - - $Kidx = "ebx"; # start using %ebx as Kidx - &mov ($Kidx,$Widx); - -&align(8); -&set_label("_2nd_loop"); # 16-79 - &and($Widx,0xf); - - # 128-bit fragment! I update W512[i] and W512[i+1] in - # parallel:-) Note that I refer to W512[(i&0xf)+N] and not to - # W512[(i+N)&0xf]! This is exactly what I maintain the second - # copy of W512[16] for... - &movdqu ("xmm0",&QWP(8*1,$W512,$Widx,8)); # s0=W512[i+1] - &movdqa ("xmm2","xmm0"); # %xmm2 is sliding right - &movdqa ("xmm3","xmm0"); # %xmm3 is sliding left - &psrlq ("xmm2",1); - &psllq ("xmm3",56); - &movdqa ("xmm0","xmm2"); - &pxor ("xmm0","xmm3"); - &psrlq ("xmm2",6); - &psllq ("xmm3",7); - &pxor ("xmm0","xmm2"); - &pxor ("xmm0","xmm3"); - &psrlq ("xmm2",1); - &pxor ("xmm0","xmm2"); # s0 = sigma0_512(s0); - - &movdqa ("xmm1",&QWP(8*14,$W512,$Widx,8)); # s1=W512[i+14] - &movdqa ("xmm4","xmm1"); # %xmm4 is sliding right - &movdqa ("xmm5","xmm1"); # %xmm5 is sliding left - &psrlq ("xmm4",6); - &psllq ("xmm5",3); - &movdqa ("xmm1","xmm4"); - &pxor ("xmm1","xmm5"); - &psrlq ("xmm4",13); - &psllq ("xmm5",42); - &pxor ("xmm1","xmm4"); - &pxor ("xmm1","xmm5"); - &psrlq ("xmm4",42); - &pxor ("xmm1","xmm4"); # s1 = sigma1_512(s1); - - # + have to explictly load W512[i+9] as it's not 128-bit - # v aligned and paddq would throw an exception... - &movdqu ("xmm6",&QWP(8*9,$W512,$Widx,8)); - &paddq ("xmm0","xmm1"); # s0 += s1 - &paddq ("xmm0","xmm6"); # s0 += W512[i+9] - &paddq ("xmm0",&QWP(0,$W512,$Widx,8)); # s0 += W512[i] - - &movdqa (&QWP(0,$W512,$Widx,8),"xmm0"); # W512[i] = s0 - &movdqa (&QWP(16*8,$W512,$Widx,8),"xmm0"); # copy of W512[i] - - # as the above fragment was 128-bit, we "owe" 2 rounds... - &SHA2_ROUND($Kidx,$Widx); &inc($Kidx); &inc($Widx); - &SHA2_ROUND($Kidx,$Widx); &inc($Kidx); &inc($Widx); - -&cmp ($Kidx,80); -&jl (&label("_2nd_loop")); - - # update A-H state - &mov ($Widx,&DWP(8,"ebp")); # A-H state, 1st arg - &movq (&QWP($Aoff,$W512),$A); # write out a - &movq (&QWP($Eoff,$W512),$E); # write out e - &movdqu ("xmm0",&QWP(0,$Widx)); - &movdqu ("xmm1",&QWP(16,$Widx)); - &movdqu ("xmm2",&QWP(32,$Widx)); - &movdqu ("xmm3",&QWP(48,$Widx)); - &paddq ("xmm0",&QWP($Aoff,$W512)); # 128-bit additions... - &paddq ("xmm1",&QWP($Coff,$W512)); - &paddq ("xmm2",&QWP($Eoff,$W512)); - &paddq ("xmm3",&QWP($Goff,$W512)); - &movdqu (&QWP(0,$Widx),"xmm0"); - &movdqu (&QWP(16,$Widx),"xmm1"); - &movdqu (&QWP(32,$Widx),"xmm2"); - &movdqu (&QWP(48,$Widx),"xmm3"); - -&add ($data,16*8); # advance input data pointer -&dec (&DWP(16,"ebp")); # decrement 3rd arg -&jnz (&label("_chunk_loop")); - - # epilogue - &emms (); # required for at least ELF and Win32 ABIs - &mov ("edi",&DWP(-12,"ebp")); - &mov ("esi",&DWP(-8,"ebp")); - &mov ("ebx",&DWP(-4,"ebp")); - &leave (); -&ret (); - -&align(64); -&set_label("K512"); # Yes! I keep it in the code segment! - &data_word(0xd728ae22,0x428a2f98); # u64 - &data_word(0x23ef65cd,0x71374491); # u64 - &data_word(0xec4d3b2f,0xb5c0fbcf); # u64 - &data_word(0x8189dbbc,0xe9b5dba5); # u64 - &data_word(0xf348b538,0x3956c25b); # u64 - &data_word(0xb605d019,0x59f111f1); # u64 - &data_word(0xaf194f9b,0x923f82a4); # u64 - &data_word(0xda6d8118,0xab1c5ed5); # u64 - &data_word(0xa3030242,0xd807aa98); # u64 - &data_word(0x45706fbe,0x12835b01); # u64 - &data_word(0x4ee4b28c,0x243185be); # u64 - &data_word(0xd5ffb4e2,0x550c7dc3); # u64 - &data_word(0xf27b896f,0x72be5d74); # u64 - &data_word(0x3b1696b1,0x80deb1fe); # u64 - &data_word(0x25c71235,0x9bdc06a7); # u64 - &data_word(0xcf692694,0xc19bf174); # u64 - &data_word(0x9ef14ad2,0xe49b69c1); # u64 - &data_word(0x384f25e3,0xefbe4786); # u64 - &data_word(0x8b8cd5b5,0x0fc19dc6); # u64 - &data_word(0x77ac9c65,0x240ca1cc); # u64 - &data_word(0x592b0275,0x2de92c6f); # u64 - &data_word(0x6ea6e483,0x4a7484aa); # u64 - &data_word(0xbd41fbd4,0x5cb0a9dc); # u64 - &data_word(0x831153b5,0x76f988da); # u64 - &data_word(0xee66dfab,0x983e5152); # u64 - &data_word(0x2db43210,0xa831c66d); # u64 - &data_word(0x98fb213f,0xb00327c8); # u64 - &data_word(0xbeef0ee4,0xbf597fc7); # u64 - &data_word(0x3da88fc2,0xc6e00bf3); # u64 - &data_word(0x930aa725,0xd5a79147); # u64 - &data_word(0xe003826f,0x06ca6351); # u64 - &data_word(0x0a0e6e70,0x14292967); # u64 - &data_word(0x46d22ffc,0x27b70a85); # u64 - &data_word(0x5c26c926,0x2e1b2138); # u64 - &data_word(0x5ac42aed,0x4d2c6dfc); # u64 - &data_word(0x9d95b3df,0x53380d13); # u64 - &data_word(0x8baf63de,0x650a7354); # u64 - &data_word(0x3c77b2a8,0x766a0abb); # u64 - &data_word(0x47edaee6,0x81c2c92e); # u64 - &data_word(0x1482353b,0x92722c85); # u64 - &data_word(0x4cf10364,0xa2bfe8a1); # u64 - &data_word(0xbc423001,0xa81a664b); # u64 - &data_word(0xd0f89791,0xc24b8b70); # u64 - &data_word(0x0654be30,0xc76c51a3); # u64 - &data_word(0xd6ef5218,0xd192e819); # u64 - &data_word(0x5565a910,0xd6990624); # u64 - &data_word(0x5771202a,0xf40e3585); # u64 - &data_word(0x32bbd1b8,0x106aa070); # u64 - &data_word(0xb8d2d0c8,0x19a4c116); # u64 - &data_word(0x5141ab53,0x1e376c08); # u64 - &data_word(0xdf8eeb99,0x2748774c); # u64 - &data_word(0xe19b48a8,0x34b0bcb5); # u64 - &data_word(0xc5c95a63,0x391c0cb3); # u64 - &data_word(0xe3418acb,0x4ed8aa4a); # u64 - &data_word(0x7763e373,0x5b9cca4f); # u64 - &data_word(0xd6b2b8a3,0x682e6ff3); # u64 - &data_word(0x5defb2fc,0x748f82ee); # u64 - &data_word(0x43172f60,0x78a5636f); # u64 - &data_word(0xa1f0ab72,0x84c87814); # u64 - &data_word(0x1a6439ec,0x8cc70208); # u64 - &data_word(0x23631e28,0x90befffa); # u64 - &data_word(0xde82bde9,0xa4506ceb); # u64 - &data_word(0xb2c67915,0xbef9a3f7); # u64 - &data_word(0xe372532b,0xc67178f2); # u64 - &data_word(0xea26619c,0xca273ece); # u64 - &data_word(0x21c0c207,0xd186b8c7); # u64 - &data_word(0xcde0eb1e,0xeada7dd6); # u64 - &data_word(0xee6ed178,0xf57d4f7f); # u64 - &data_word(0x72176fba,0x06f067aa); # u64 - &data_word(0xa2c898a6,0x0a637dc5); # u64 - &data_word(0xbef90dae,0x113f9804); # u64 - &data_word(0x131c471b,0x1b710b35); # u64 - &data_word(0x23047d84,0x28db77f5); # u64 - &data_word(0x40c72493,0x32caab7b); # u64 - &data_word(0x15c9bebc,0x3c9ebe0a); # u64 - &data_word(0x9c100d4c,0x431d67c4); # u64 - &data_word(0xcb3e42b6,0x4cc5d4be); # u64 - &data_word(0xfc657e2a,0x597f299c); # u64 - &data_word(0x3ad6faec,0x5fcb6fab); # u64 - &data_word(0x4a475817,0x6c44198c); # u64 - -&function_end_B($func); - -&asm_finish(); diff --git a/crypto/openssl-0.9/crypto/x86_64cpuid.pl b/crypto/openssl-0.9/crypto/x86_64cpuid.pl deleted file mode 100644 index 4d88ad191b..0000000000 --- a/crypto/openssl-0.9/crypto/x86_64cpuid.pl +++ /dev/null @@ -1,138 +0,0 @@ -#!/usr/bin/env perl - -$output=shift; -$win64a=1 if ($output =~ /win64a\.[s|asm]/); -open STDOUT,">$output" || die "can't open $output: $!"; - -print<<___ if(defined($win64a)); -_TEXT SEGMENT -PUBLIC OPENSSL_rdtsc -ALIGN 16 -OPENSSL_rdtsc PROC - rdtsc - shl rdx,32 - or rax,rdx - ret -OPENSSL_rdtsc ENDP - -PUBLIC OPENSSL_atomic_add -ALIGN 16 -OPENSSL_atomic_add PROC - mov eax,DWORD PTR[rcx] -\$Lspin: lea r8,DWORD PTR[rdx+rax] -lock cmpxchg DWORD PTR[rcx],r8d - jne \$Lspin - mov eax,r8d - cdqe - ret -OPENSSL_atomic_add ENDP - -PUBLIC OPENSSL_wipe_cpu -ALIGN 16 -OPENSSL_wipe_cpu PROC - pxor xmm0,xmm0 - pxor xmm1,xmm1 - pxor xmm2,xmm2 - pxor xmm3,xmm3 - pxor xmm4,xmm4 - pxor xmm5,xmm5 - xor rcx,rcx - xor rdx,rdx - xor r8,r8 - xor r9,r9 - xor r10,r10 - xor r11,r11 - lea rax,QWORD PTR[rsp+8] - ret -OPENSSL_wipe_cpu ENDP - -OPENSSL_ia32_cpuid PROC - mov r8,rbx - mov eax,1 - cpuid - shl rcx,32 - mov eax,edx - mov rbx,r8 - or rax,rcx - ret -OPENSSL_ia32_cpuid ENDP -_TEXT ENDS - -CRT\$XIU SEGMENT -EXTRN OPENSSL_cpuid_setup:PROC -DQ OPENSSL_cpuid_setup -CRT\$XIU ENDS -END -___ -print<<___ if(!defined($win64a)); -.text -.globl OPENSSL_rdtsc -.align 16 -OPENSSL_rdtsc: - rdtsc - shlq \$32,%rdx - orq %rdx,%rax - ret -.size OPENSSL_rdtsc,.-OPENSSL_rdtsc - -.globl OPENSSL_atomic_add -.type OPENSSL_atomic_add,\@function -.align 16 -OPENSSL_atomic_add: - movl (%rdi),%eax -.Lspin: leaq (%rsi,%rax),%r8 -lock; cmpxchgl %r8d,(%rdi) - jne .Lspin - movl %r8d,%eax - .byte 0x48,0x98 - ret -.size OPENSSL_atomic_add,.-OPENSSL_atomic_add - -.globl OPENSSL_wipe_cpu -.type OPENSSL_wipe_cpu,\@function -.align 16 -OPENSSL_wipe_cpu: - pxor %xmm0,%xmm0 - pxor %xmm1,%xmm1 - pxor %xmm2,%xmm2 - pxor %xmm3,%xmm3 - pxor %xmm4,%xmm4 - pxor %xmm5,%xmm5 - pxor %xmm6,%xmm6 - pxor %xmm7,%xmm7 - pxor %xmm8,%xmm8 - pxor %xmm9,%xmm9 - pxor %xmm10,%xmm10 - pxor %xmm11,%xmm11 - pxor %xmm12,%xmm12 - pxor %xmm13,%xmm13 - pxor %xmm14,%xmm14 - pxor %xmm15,%xmm15 - xorq %rcx,%rcx - xorq %rdx,%rdx - xorq %rsi,%rsi - xorq %rdi,%rdi - xorq %r8,%r8 - xorq %r9,%r9 - xorq %r10,%r10 - xorq %r11,%r11 - leaq 8(%rsp),%rax - ret -.size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu - -.globl OPENSSL_ia32_cpuid -.align 16 -OPENSSL_ia32_cpuid: - movq %rbx,%r8 - movl \$1,%eax - cpuid - shlq \$32,%rcx - movl %edx,%eax - movq %r8,%rbx - orq %rcx,%rax - ret -.size OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid - -.section .init - call OPENSSL_cpuid_setup -___ diff --git a/crypto/openssl-0.9/crypto/x86cpuid.pl b/crypto/openssl-0.9/crypto/x86cpuid.pl deleted file mode 100644 index c53c9bc998..0000000000 --- a/crypto/openssl-0.9/crypto/x86cpuid.pl +++ /dev/null @@ -1,197 +0,0 @@ -#!/usr/bin/env perl - -push(@INC,"perlasm"); -require "x86asm.pl"; - -&asm_init($ARGV[0],"x86cpuid"); - -for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -&function_begin("OPENSSL_ia32_cpuid"); - &xor ("edx","edx"); - &pushf (); - &pop ("eax"); - &mov ("ecx","eax"); - &xor ("eax",1<<21); - &push ("eax"); - &popf (); - &pushf (); - &pop ("eax"); - &xor ("ecx","eax"); - &bt ("ecx",21); - &jnc (&label("nocpuid")); - &mov ("eax",1); - &cpuid (); -&set_label("nocpuid"); - &mov ("eax","edx"); - &mov ("edx","ecx"); -&function_end("OPENSSL_ia32_cpuid"); - -&external_label("OPENSSL_ia32cap_P"); - -&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); - &bt (&DWP(0,"ecx"),4); - &jnc (&label("notsc")); - &rdtsc (); -&set_label("notsc"); - &ret (); -&function_end_B("OPENSSL_rdtsc"); - -# This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], -# but it's safe to call it on any [supported] 32-bit platform... -# Just check for [non-]zero return value... -&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); - &picmeup("ecx","OPENSSL_ia32cap_P"); - &bt (&DWP(0,"ecx"),4); - &jnc (&label("nohalt")); # no TSC - - &data_word(0x9058900e); # push %cs; pop %eax - &and ("eax",3); - &jnz (&label("nohalt")); # not enough privileges - - &pushf (); - &pop ("eax") - &bt ("eax",9); - &jnc (&label("nohalt")); # interrupts are disabled - - &rdtsc (); - &push ("edx"); - &push ("eax"); - &halt (); - &rdtsc (); - - &sub ("eax",&DWP(0,"esp")); - &sbb ("edx",&DWP(4,"esp")); - &add ("esp",8); - &ret (); - -&set_label("nohalt"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &ret (); -&function_end_B("OPENSSL_instrument_halt"); - -# Essentially there is only one use for this function. Under DJGPP: -# -# #include -# ... -# i=OPENSSL_far_spin(_dos_ds,0x46c); -# ... -# to obtain the number of spins till closest timer interrupt. - -&function_begin_B("OPENSSL_far_spin"); - &pushf (); - &pop ("eax") - &bt ("eax",9); - &jnc (&label("nospin")); # interrupts are disabled - - &mov ("eax",&DWP(4,"esp")); - &mov ("ecx",&DWP(8,"esp")); - &data_word (0x90d88e1e); # push %ds, mov %eax,%ds - &xor ("eax","eax"); - &mov ("edx",&DWP(0,"ecx")); - &jmp (&label("spin")); - - &align (16); -&set_label("spin"); - &inc ("eax"); - &cmp ("edx",&DWP(0,"ecx")); - &je (&label("spin")); - - &data_word (0x1f909090); # pop %ds - &ret (); - -&set_label("nospin"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &ret (); -&function_end_B("OPENSSL_far_spin"); - -&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); - &mov ("ecx",&DWP(0,"ecx")); - &bt (&DWP(0,"ecx"),1); - &jnc (&label("no_x87")); - if ($sse2) { - &bt (&DWP(0,"ecx"),26); - &jnc (&label("no_sse2")); - &pxor ("xmm0","xmm0"); - &pxor ("xmm1","xmm1"); - &pxor ("xmm2","xmm2"); - &pxor ("xmm3","xmm3"); - &pxor ("xmm4","xmm4"); - &pxor ("xmm5","xmm5"); - &pxor ("xmm6","xmm6"); - &pxor ("xmm7","xmm7"); - &set_label("no_sse2"); - } - # just a bunch of fldz to zap the fp/mm bank followed by finit... - &data_word(0xeed9eed9,0xeed9eed9,0xeed9eed9,0xeed9eed9,0x90e3db9b); -&set_label("no_x87"); - &lea ("eax",&DWP(4,"esp")); - &ret (); -&function_end_B("OPENSSL_wipe_cpu"); - -&function_begin_B("OPENSSL_atomic_add"); - &mov ("edx",&DWP(4,"esp")); # fetch the pointer, 1st arg - &mov ("ecx",&DWP(8,"esp")); # fetch the increment, 2nd arg - &push ("ebx"); - &nop (); - &mov ("eax",&DWP(0,"edx")); -&set_label("spin"); - &lea ("ebx",&DWP(0,"eax","ecx")); - &nop (); - &data_word(0x1ab10ff0); # lock; cmpxchg %ebx,(%edx) # %eax is envolved and is always reloaded - &jne (&label("spin")); - &mov ("eax","ebx"); # OpenSSL expects the new value - &pop ("ebx"); - &ret (); -&function_end_B("OPENSSL_atomic_add"); - -# This function can become handy under Win32 in situations when -# we don't know which calling convention, __stdcall or __cdecl(*), -# indirect callee is using. In C it can be deployed as -# -#ifdef OPENSSL_CPUID_OBJ -# type OPENSSL_indirect_call(void *f,...); -# ... -# OPENSSL_indirect_call(func,[up to $max arguments]); -#endif -# -# (*) it's designed to work even for __fastcall if number of -# arguments is 1 or 2! -&function_begin_B("OPENSSL_indirect_call"); - { - my $i,$max=7; # $max has to be chosen as 4*n-1 - # in order to preserve eventual - # stack alignment - &push ("ebp"); - &mov ("ebp","esp"); - &sub ("esp",$max*4); - &mov ("ecx",&DWP(12,"ebp")); - &mov (&DWP(0,"esp"),"ecx"); - &mov ("edx",&DWP(16,"ebp")); - &mov (&DWP(4,"esp"),"edx"); - for($i=2;$i<$max;$i++) - { - # Some copies will be redundant/bogus... - &mov ("eax",&DWP(12+$i*4,"ebp")); - &mov (&DWP(0+$i*4,"esp"),"eax"); - } - &call_ptr (&DWP(8,"ebp"));# make the call... - &mov ("esp","ebp"); # ... and just restore the stack pointer - # without paying attention to what we called, - # (__cdecl *func) or (__stdcall *one). - &pop ("ebp"); - &ret (); - } -&function_end_B("OPENSSL_indirect_call"); - -&initseg("OPENSSL_cpuid_setup"); - -&asm_finish(); diff --git a/crypto/openssl-0.9/doc/HOWTO/certificates.txt b/crypto/openssl-0.9/doc/HOWTO/certificates.txt deleted file mode 100644 index a8a34c7abc..0000000000 --- a/crypto/openssl-0.9/doc/HOWTO/certificates.txt +++ /dev/null @@ -1,105 +0,0 @@ - - HOWTO certificates - -1. Introduction - -How you handle certificates depend a great deal on what your role is. -Your role can be one or several of: - - - User of some client software - - User of some server software - - Certificate authority - -This file is for users who wish to get a certificate of their own. -Certificate authorities should read ca.txt. - -In all the cases shown below, the standard configuration file, as -compiled into openssl, will be used. You may find it in /etc/, -/usr/local/ssl/ or somewhere else. The name is openssl.cnf, and -is better described in another HOWTO . If you want to -use a different configuration file, use the argument '-config {file}' -with the command shown below. - - -2. Relationship with keys - -Certificates are related to public key cryptography by containing a -public key. To be useful, there must be a corresponding private key -somewhere. With OpenSSL, public keys are easily derived from private -keys, so before you create a certificate or a certificate request, you -need to create a private key. - -Private keys are generated with 'openssl genrsa' if you want a RSA -private key, or 'openssl gendsa' if you want a DSA private key. -Further information on how to create private keys can be found in -another HOWTO . The rest of this text assumes you have -a private key in the file privkey.pem. - - -3. Creating a certificate request - -To create a certificate, you need to start with a certificate -request (or, as some certificate authorities like to put -it, "certificate signing request", since that's exactly what they do, -they sign it and give you the result back, thus making it authentic -according to their policies). A certificate request can then be sent -to a certificate authority to get it signed into a certificate, or if -you have your own certificate authority, you may sign it yourself, or -if you need a self-signed certificate (because you just want a test -certificate or because you are setting up your own CA). - -The certificate request is created like this: - - openssl req -new -key privkey.pem -out cert.csr - -Now, cert.csr can be sent to the certificate authority, if they can -handle files in PEM format. If not, use the extra argument '-outform' -followed by the keyword for the format to use (see another HOWTO -). In some cases, that isn't sufficient and you will -have to be more creative. - -When the certificate authority has then done the checks the need to -do (and probably gotten payment from you), they will hand over your -new certificate to you. - -Section 5 will tell you more on how to handle the certificate you -received. - - -4. Creating a self-signed test certificate - -If you don't want to deal with another certificate authority, or just -want to create a test certificate for yourself. This is similar to -creating a certificate request, but creates a certificate instead of -a certificate request. This is NOT the recommended way to create a -CA certificate, see ca.txt. - - openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 - - -5. What to do with the certificate - -If you created everything yourself, or if the certificate authority -was kind enough, your certificate is a raw DER thing in PEM format. -Your key most definitely is if you have followed the examples above. -However, some (most?) certificate authorities will encode them with -things like PKCS7 or PKCS12, or something else. Depending on your -applications, this may be perfectly OK, it all depends on what they -know how to decode. If not, There are a number of OpenSSL tools to -convert between some (most?) formats. - -So, depending on your application, you may have to convert your -certificate and your key to various formats, most often also putting -them together into one file. The ways to do this is described in -another HOWTO , I will just mention the simplest case. -In the case of a raw DER thing in PEM format, and assuming that's all -right for yor applications, simply concatenating the certificate and -the key into a new file and using that one should be enough. With -some applications, you don't even have to do that. - - -By now, you have your cetificate and your private key and can start -using the software that depend on it. - --- -Richard Levitte diff --git a/crypto/openssl-0.9/doc/HOWTO/keys.txt b/crypto/openssl-0.9/doc/HOWTO/keys.txt deleted file mode 100644 index 7ae2a3a118..0000000000 --- a/crypto/openssl-0.9/doc/HOWTO/keys.txt +++ /dev/null @@ -1,73 +0,0 @@ - - HOWTO keys - -1. Introduction - -Keys are the basis of public key algorithms and PKI. Keys usually -come in pairs, with one half being the public key and the other half -being the private key. With OpenSSL, the private key contains the -public key information as well, so a public key doesn't need to be -generated separately. - -Public keys come in several flavors, using different cryptographic -algorithms. The most popular ones associated with certificates are -RSA and DSA, and this HOWTO will show how to generate each of them. - - -2. To generate a RSA key - -A RSA key can be used both for encryption and for signing. - -Generating a key for the RSA algorithm is quite easy, all you have to -do is the following: - - openssl genrsa -des3 -out privkey.pem 2048 - -With this variant, you will be prompted for a protecting password. If -you don't want your key to be protected by a password, remove the flag -'-des3' from the command line above. - - NOTE: if you intend to use the key together with a server - certificate, it may be a good thing to avoid protecting it - with a password, since that would mean someone would have to - type in the password every time the server needs to access - the key. - -The number 2048 is the size of the key, in bits. Today, 2048 or -higher is recommended for RSA keys, as fewer amount of bits is -consider insecure or to be insecure pretty soon. - - -3. To generate a DSA key - -A DSA key can be used for signing only. This is important to keep -in mind to know what kind of purposes a certificate request with a -DSA key can really be used for. - -Generating a key for the DSA algorithm is a two-step process. First, -you have to generate parameters from which to generate the key: - - openssl dsaparam -out dsaparam.pem 2048 - -The number 2048 is the size of the key, in bits. Today, 2048 or -higher is recommended for DSA keys, as fewer amount of bits is -consider insecure or to be insecure pretty soon. - -When that is done, you can generate a key using the parameters in -question (actually, several keys can be generated from the same -parameters): - - openssl gendsa -des3 -out privkey.pem dsaparam.pem - -With this variant, you will be prompted for a protecting password. If -you don't want your key to be protected by a password, remove the flag -'-des3' from the command line above. - - NOTE: if you intend to use the key together with a server - certificate, it may be a good thing to avoid protecting it - with a password, since that would mean someone would have to - type in the password every time the server needs to access - the key. - --- -Richard Levitte diff --git a/crypto/openssl-0.9/doc/HOWTO/proxy_certificates.txt b/crypto/openssl-0.9/doc/HOWTO/proxy_certificates.txt deleted file mode 100644 index 3d36b02f6b..0000000000 --- a/crypto/openssl-0.9/doc/HOWTO/proxy_certificates.txt +++ /dev/null @@ -1,322 +0,0 @@ - - HOWTO proxy certificates - -0. WARNING - -NONE OF THE CODE PRESENTED HERE HAVE BEEN CHECKED! They are just an -example to show you how things can be done. There may be typos or -type conflicts, and you will have to resolve them. - -1. Introduction - -Proxy certificates are defined in RFC 3820. They are really usual -certificates with the mandatory extension proxyCertInfo. - -Proxy certificates are issued by an End Entity (typically a user), -either directly with the EE certificate as issuing certificate, or by -extension through an already issued proxy certificate.. They are used -to extend rights to some other entity (a computer process, typically, -or sometimes to the user itself), so it can perform operations in the -name of the owner of the EE certificate. - -See http://www.ietf.org/rfc/rfc3820.txt for more information. - - -2. A warning about proxy certificates - -Noone seems to have tested proxy certificates with security in mind. -Basically, to this date, it seems that proxy certificates have only -been used in a world that's highly aware of them. What would happen -if an unsuspecting application is to validate a chain of certificates -that contains proxy certificates? It would usually consider the leaf -to be the certificate to check for authorisation data, and since proxy -certificates are controlled by the EE certificate owner alone, it's -would be normal to consider what the EE certificate owner could do -with them. - -subjectAltName and issuerAltName are forbidden in proxy certificates, -and this is enforced in OpenSSL. The subject must be the same as the -issuer, with one commonName added on. - -Possible threats are, as far as has been imagined so far: - - - impersonation through commonName (think server certificates). - - use of additional extensions, possibly non-standard ones used in - certain environments, that would grant extra or different - authorisation rights. - -For this reason, OpenSSL requires that the use of proxy certificates -be explicitely allowed. Currently, this can be done using the -following methods: - - - if the application calls X509_verify_cert() itself, it can do the - following prior to that call (ctx is the pointer passed in the call - to X509_verify_cert()): - - X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); - - - in all other cases, proxy certificate validation can be enabled - before starting the application by setting the envirnoment variable - OPENSSL_ALLOW_PROXY with some non-empty value. - -There are thoughts to allow proxy certificates with a line in the -default openssl.cnf, but that's still in the future. - - -3. How to create proxy cerificates - -It's quite easy to create proxy certificates, by taking advantage of -the lack of checks of the 'openssl x509' application (*ahem*). But -first, you need to create a configuration section that contains a -definition of the proxyCertInfo extension, a little like this: - - [ v3_proxy ] - # A proxy certificate MUST NEVER be a CA certificate. - basicConstraints=CA:FALSE - - # Usual authority key ID - authorityKeyIdentifier=keyid,issuer:always - - # Now, for the extension that marks this certificate as a proxy one - proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB - -It's also possible to give the proxy extension in a separate section: - - proxyCertInfo=critical,@proxy_ext - - [ proxy_ext ] - language=id-ppl-anyLanguage - pathlen=0 - policy=text:BC - -The policy value has a specific syntax, {syntag}:{string}, where the -syntag determines what will be done with the string. The recognised -syntags are as follows: - - text indicates that the string is simply the bytes, not - encoded in any kind of way: - - policy=text:räksmörgås - - Previous versions of this design had a specific tag - for UTF-8 text. However, since the bytes are copied - as-is anyway, there's no need for it. Instead, use - the text: tag, like this: - - policy=text:räksmörgÃ¥s - - hex indicates the string is encoded in hex, with colons - between each byte (every second hex digit): - - policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73 - - Previous versions of this design had a tag to insert a - complete DER blob. However, the only legal use for - this would be to surround the bytes that would go with - the hex: tag with what's needed to construct a correct - OCTET STRING. Since hex: does that, the DER tag felt - superfluous, and was therefore removed. - - file indicates that the text of the policy should really be - taken from a file. The string is then really a file - name. This is useful for policies that are large - (more than a few of lines) XML documents, for example. - -The 'policy' setting can be split up in multiple lines like this: - - 0.policy=This is - 1.polisy= a multi- - 2.policy=line policy. - -NOTE: the proxy policy value is the part that determines the rights -granted to the process using the proxy certificate. The value is -completely dependent on the application reading and interpretting it! - -Now that you have created an extension section for your proxy -certificate, you can now easily create a proxy certificate like this: - - openssl req -new -config openssl.cnf \ - -out proxy.req -keyout proxy.key - openssl x509 -req -CAcreateserial -in proxy.req -days 7 \ - -out proxy.crt -CA user.crt -CAkey user.key \ - -extfile openssl.cnf -extensions v3_proxy - -It's just as easy to create a proxy certificate using another proxy -certificate as issuer (note that I'm using a different configuration -section for it): - - openssl req -new -config openssl.cnf \ - -out proxy2.req -keyout proxy2.key - openssl x509 -req -CAcreateserial -in proxy2.req -days 7 \ - -out proxy2.crt -CA proxy.crt -CAkey proxy.key \ - -extfile openssl.cnf -extensions v3_proxy2 - - -4. How to have your application interpret the policy? - -The basic way to interpret proxy policies is to prepare some default -rights, then do a check of the proxy certificate against the a chain -of proxy certificates, user certificate and CA certificates, and see -what rights came out by the end. Sounds easy, huh? It almost is. - -The slightly complicated part is how to pass data between your -application and the certificate validation procedure. - -You need the following ingredients: - - - a callback routing that will be called for every certificate that's - validated. It will be called several times for each certificates, - so you must be attentive to when it's a good time to do the proxy - policy interpretation and check, as well as to fill in the defaults - when the EE certificate is checked. - - - a structure of data that's shared between your application code and - the callback. - - - a wrapper function that sets it all up. - - - an ex_data index function that creates an index into the generic - ex_data store that's attached to an X509 validation context. - -This is some cookbook code for you to fill in: - - /* In this example, I will use a view of granted rights as a bit - array, one bit for each possible right. */ - typedef struct your_rights { - unsigned char rights[total_rights / 8]; - } YOUR_RIGHTS; - - /* The following procedure will create an index for the ex_data - store in the X509 validation context the first time it's called. - Subsequent calls will return the same index. */ - static int get_proxy_auth_ex_data_idx(void) - { - static volatile int idx = -1; - if (idx < 0) - { - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); - if (idx < 0) - { - idx = X509_STORE_CTX_get_ex_new_index(0, - "for verify callback", - NULL,NULL,NULL); - } - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - } - return idx; - } - - /* Callback to be given to the X509 validation procedure. */ - static int verify_callback(int ok, X509_STORE_CTX *ctx) - { - if (ok == 1) /* It's REALLY important you keep the proxy policy - check within this secion. It's important to know - that when ok is 1, the certificates are checked - from top to bottom. You get the CA root first, - followed by the possible chain of intermediate - CAs, followed by the EE certificate, followed by - the possible proxy certificates. */ - { - X509 *xs = ctx->current_cert; - - if (xs->ex_flags & EXFLAG_PROXY) - { - YOUR_RIGHTS *rights = - (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, - get_proxy_auth_ex_data_idx()); - PROXY_CERT_INFO_EXTENSION *pci = - X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL); - - switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) - { - case NID_Independent: - /* Do whatever you need to grant explicit rights to - this particular proxy certificate, usually by - pulling them from some database. If there are none - to be found, clear all rights (making this and any - subsequent proxy certificate void of any rights). - */ - memset(rights->rights, 0, sizeof(rights->rights)); - break; - case NID_id_ppl_inheritAll: - /* This is basically a NOP, we simply let the current - rights stand as they are. */ - break; - default: - /* This is usually the most complex section of code. - You really do whatever you want as long as you - follow RFC 3820. In the example we use here, the - simplest thing to do is to build another, temporary - bit array and fill it with the rights granted by - the current proxy certificate, then use it as a - mask on the accumulated rights bit array, and - voilà, you now have a new accumulated rights bit - array. */ - { - int i; - YOUR_RIGHTS tmp_rights; - memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights)); - - /* process_rights() is supposed to be a procedure - that takes a string and it's length, interprets - it and sets the bits in the YOUR_RIGHTS pointed - at by the third argument. */ - process_rights((char *) pci->proxyPolicy->policy->data, - pci->proxyPolicy->policy->length, - &tmp_rights); - - for(i = 0; i < total_rights / 8; i++) - rights->rights[i] &= tmp_rights.rights[i]; - } - break; - } - PROXY_CERT_INFO_EXTENSION_free(pci); - } - else if (!(xs->ex_flags & EXFLAG_CA)) - { - /* We have a EE certificate, let's use it to set default! - */ - YOUR_RIGHTS *rights = - (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx, - get_proxy_auth_ex_data_idx()); - - /* The following procedure finds out what rights the owner - of the current certificate has, and sets them in the - YOUR_RIGHTS structure pointed at by the second - argument. */ - set_default_rights(xs, rights); - } - } - return ok; - } - - static int my_X509_verify_cert(X509_STORE_CTX *ctx, - YOUR_RIGHTS *needed_rights) - { - int i; - int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) = ctx->verify_cb; - YOUR_RIGHTS rights; - - X509_STORE_CTX_set_verify_cb(ctx, verify_callback); - X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(), &rights); - X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); - ok = X509_verify_cert(ctx); - - if (ok == 1) - { - ok = check_needed_rights(rights, needed_rights); - } - - X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb); - - return ok; - } - -If you use SSL or TLS, you can easily set up a callback to have the -certificates checked properly, using the code above: - - SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, &needed_rights); - - --- -Richard Levitte diff --git a/crypto/openssl-0.9/doc/README b/crypto/openssl-0.9/doc/README deleted file mode 100644 index 6ecc14d994..0000000000 --- a/crypto/openssl-0.9/doc/README +++ /dev/null @@ -1,12 +0,0 @@ - - apps/openssl.pod .... Documentation of OpenSSL `openssl' command - crypto/crypto.pod ... Documentation of OpenSSL crypto.h+libcrypto.a - ssl/ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a - openssl.txt ......... Assembled documentation files for OpenSSL [not final] - ssleay.txt .......... Assembled documentation of ancestor SSLeay [obsolete] - standards.txt ....... Assembled pointers to standards, RFCs or internet drafts - that are related to OpenSSL. - - An archive of HTML documents for the SSLeay library is available from - http://www.columbia.edu/~ariel/ssleay/ - diff --git a/crypto/openssl-0.9/doc/openssl.txt b/crypto/openssl-0.9/doc/openssl.txt deleted file mode 100644 index f8817b0a71..0000000000 --- a/crypto/openssl-0.9/doc/openssl.txt +++ /dev/null @@ -1,1254 +0,0 @@ - -This is some preliminary documentation for OpenSSL. - -Contents: - - OpenSSL X509V3 extension configuration - X509V3 Extension code: programmers guide - PKCS#12 Library - - -============================================================================== - OpenSSL X509V3 extension configuration -============================================================================== - -OpenSSL X509V3 extension configuration: preliminary documentation. - -INTRODUCTION. - -For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now -possible to add and print out common X509 V3 certificate and CRL extensions. - -BEGINNERS NOTE - -For most simple applications you don't need to know too much about extensions: -the default openssl.cnf values will usually do sensible things. - -If you want to know more you can initially quickly look through the sections -describing how the standard OpenSSL utilities display and add extensions and -then the list of supported extensions. - -For more technical information about the meaning of extensions see: - -http://www.imc.org/ietf-pkix/ -http://home.netscape.com/eng/security/certs.html - -PRINTING EXTENSIONS. - -Extension values are automatically printed out for supported extensions. - -openssl x509 -in cert.pem -text -openssl crl -in crl.pem -text - -will give information in the extension printout, for example: - - X509v3 extensions: - X509v3 Basic Constraints: - CA:TRUE - X509v3 Subject Key Identifier: - 73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15 - X509v3 Authority Key Identifier: - keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00 - X509v3 Key Usage: - Certificate Sign, CRL Sign - X509v3 Subject Alternative Name: - email:email@1.address, email:email@2.address - -CONFIGURATION FILES. - -The OpenSSL utilities 'ca' and 'req' can now have extension sections listing -which certificate extensions to include. In each case a line: - -x509_extensions = extension_section - -indicates which section contains the extensions. In the case of 'req' the -extension section is used when the -x509 option is present to create a -self signed root certificate. - -The 'x509' utility also supports extensions when it signs a certificate. -The -extfile option is used to set the configuration file containing the -extensions. In this case a line with: - -extensions = extension_section - -in the nameless (default) section is used. If no such line is included then -it uses the default section. - -You can also add extensions to CRLs: a line - -crl_extensions = crl_extension_section - -will include extensions when the -gencrl option is used with the 'ca' utility. -You can add any extension to a CRL but of the supported extensions only -issuerAltName and authorityKeyIdentifier make any real sense. Note: these are -CRL extensions NOT CRL *entry* extensions which cannot currently be generated. -CRL entry extensions can be displayed. - -NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL -you should not include a crl_extensions line in the configuration file. - -As with all configuration files you can use the inbuilt environment expansion -to allow the values to be passed in the environment. Therefore if you have -several extension sections used for different purposes you can have a line: - -x509_extensions = $ENV::ENV_EXT - -and set the ENV_EXT environment variable before calling the relevant utility. - -EXTENSION SYNTAX. - -Extensions have the basic form: - -extension_name=[critical,] extension_options - -the use of the critical option makes the extension critical. Extreme caution -should be made when using the critical flag. If an extension is marked -as critical then any client that does not understand the extension should -reject it as invalid. Some broken software will reject certificates which -have *any* critical extensions (these violates PKIX but we have to live -with it). - -There are three main types of extension: string extensions, multi-valued -extensions, and raw extensions. - -String extensions simply have a string which contains either the value itself -or how it is obtained. - -For example: - -nsComment="This is a Comment" - -Multi-valued extensions have a short form and a long form. The short form -is a list of names and values: - -basicConstraints=critical,CA:true,pathlen:1 - -The long form allows the values to be placed in a separate section: - -basicConstraints=critical,@bs_section - -[bs_section] - -CA=true -pathlen=1 - -Both forms are equivalent. However it should be noted that in some cases the -same name can appear multiple times, for example, - -subjectAltName=email:steve@here,email:steve@there - -in this case an equivalent long form is: - -subjectAltName=@alt_section - -[alt_section] - -email.1=steve@here -email.2=steve@there - -This is because the configuration file code cannot handle the same name -occurring twice in the same section. - -The syntax of raw extensions is governed by the extension code: it can -for example contain data in multiple sections. The correct syntax to -use is defined by the extension code itself: check out the certificate -policies extension for an example. - -There are two ways to encode arbitrary extensions. - -The first way is to use the word ASN1 followed by the extension content -using the same syntax as ASN1_generate_nconf(). For example: - -1.2.3.4=critical,ASN1:UTF8String:Some random data - -1.2.3.4=ASN1:SEQUENCE:seq_sect - -[seq_sect] - -field1 = UTF8:field1 -field2 = UTF8:field2 - -It is also possible to use the word DER to include arbitrary data in any -extension. - -1.2.3.4=critical,DER:01:02:03:04 -1.2.3.4=DER:01020304 - -The value following DER is a hex dump of the DER encoding of the extension -Any extension can be placed in this form to override the default behaviour. -For example: - -basicConstraints=critical,DER:00:01:02:03 - -WARNING: DER should be used with caution. It is possible to create totally -invalid extensions unless care is taken. - -CURRENTLY SUPPORTED EXTENSIONS. - -If you aren't sure about extensions then they can be largely ignored: its only -when you want to do things like restrict certificate usage when you need to -worry about them. - -The only extension that a beginner might want to look at is Basic Constraints. -If in addition you want to try Netscape object signing the you should also -look at Netscape Certificate Type. - -Literal String extensions. - -In each case the 'value' of the extension is placed directly in the -extension. Currently supported extensions in this category are: nsBaseUrl, -nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl, -nsSslServerName and nsComment. - -For example: - -nsComment="This is a test comment" - -Bit Strings. - -Bit string extensions just consist of a list of supported bits, currently -two extensions are in this category: PKIX keyUsage and the Netscape specific -nsCertType. - -nsCertType (netscape certificate type) takes the flags: client, server, email, -objsign, reserved, sslCA, emailCA, objCA. - -keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation, -keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, -encipherOnly, decipherOnly. - -For example: - -nsCertType=server - -keyUsage=digitalSignature, nonRepudiation - -Hints on Netscape Certificate Type. - -Other than Basic Constraints this is the only extension a beginner might -want to use, if you want to try Netscape object signing, otherwise it can -be ignored. - -If you want a certificate that can be used just for object signing then: - -nsCertType=objsign - -will do the job. If you want to use it as a normal end user and server -certificate as well then - -nsCertType=objsign,email,server - -is more appropriate. You cannot use a self signed certificate for object -signing (well Netscape signtool can but it cheats!) so you need to create -a CA certificate and sign an end user certificate with it. - -Side note: If you want to conform to the Netscape specifications then you -should really also set: - -nsCertType=objCA - -in the *CA* certificate for just an object signing CA and - -nsCertType=objCA,emailCA,sslCA - -for everything. Current Netscape software doesn't enforce this so it can -be omitted. - -Basic Constraints. - -This is generally the only extension you need to worry about for simple -applications. If you want your certificate to be usable as a CA certificate -(in addition to an end user certificate) then you set this to: - -basicConstraints=CA:TRUE - -if you want to be certain the certificate cannot be used as a CA then do: - -basicConstraints=CA:FALSE - -The rest of this section describes more advanced usage. - -Basic constraints is a multi-valued extension that supports a CA and an -optional pathlen option. The CA option takes the values true and false and -pathlen takes an integer. Note if the CA option is false the pathlen option -should be omitted. - -The pathlen parameter indicates the maximum number of CAs that can appear -below this one in a chain. So if you have a CA with a pathlen of zero it can -only be used to sign end user certificates and not further CAs. This all -assumes that the software correctly interprets this extension of course. - -Examples: - -basicConstraints=CA:TRUE -basicConstraints=critical,CA:TRUE, pathlen:0 - -NOTE: for a CA to be considered valid it must have the CA option set to -TRUE. An end user certificate MUST NOT have the CA value set to true. -According to PKIX recommendations it should exclude the extension entirely, -however some software may require CA set to FALSE for end entity certificates. - -Extended Key Usage. - -This extensions consists of a list of usages. - -These can either be object short names of the dotted numerical form of OIDs. -While any OID can be used only certain values make sense. In particular the -following PKIX, NS and MS values are meaningful: - -Value Meaning ------ ------- -serverAuth SSL/TLS Web Server Authentication. -clientAuth SSL/TLS Web Client Authentication. -codeSigning Code signing. -emailProtection E-mail Protection (S/MIME). -timeStamping Trusted Timestamping -msCodeInd Microsoft Individual Code Signing (authenticode) -msCodeCom Microsoft Commercial Code Signing (authenticode) -msCTLSign Microsoft Trust List Signing -msSGC Microsoft Server Gated Crypto -msEFS Microsoft Encrypted File System -nsSGC Netscape Server Gated Crypto - -For example, under IE5 a CA can be used for any purpose: by including a list -of the above usages the CA can be restricted to only authorised uses. - -Note: software packages may place additional interpretations on certificate -use, in particular some usages may only work for selected CAs. Don't for example -expect just including msSGC or nsSGC will automatically mean that a certificate -can be used for SGC ("step up" encryption) otherwise anyone could use it. - -Examples: - -extendedKeyUsage=critical,codeSigning,1.2.3.4 -extendedKeyUsage=nsSGC,msSGC - -Subject Key Identifier. - -This is really a string extension and can take two possible values. Either -a hex string giving details of the extension value to include or the word -'hash' which then automatically follow PKIX guidelines in selecting and -appropriate key identifier. The use of the hex string is strongly discouraged. - -Example: subjectKeyIdentifier=hash - -Authority Key Identifier. - -The authority key identifier extension permits two options. keyid and issuer: -both can take the optional value "always". - -If the keyid option is present an attempt is made to copy the subject key -identifier from the parent certificate. If the value "always" is present -then an error is returned if the option fails. - -The issuer option copies the issuer and serial number from the issuer -certificate. Normally this will only be done if the keyid option fails or -is not included: the "always" flag will always include the value. - -Subject Alternative Name. - -The subject alternative name extension allows various literal values to be -included in the configuration file. These include "email" (an email address) -"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a -registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName. - -Also the email option include a special 'copy' value. This will automatically -include and email addresses contained in the certificate subject name in -the extension. - -otherName can include arbitrary data associated with an OID: the value -should be the OID followed by a semicolon and the content in standard -ASN1_generate_nconf() format. - -Examples: - -subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ -subjectAltName=email:my@other.address,RID:1.2.3.4 -subjectAltName=otherName:1.2.3.4;UTF8:some other identifier - -Issuer Alternative Name. - -The issuer alternative name option supports all the literal options of -subject alternative name. It does *not* support the email:copy option because -that would not make sense. It does support an additional issuer:copy option -that will copy all the subject alternative name values from the issuer -certificate (if possible). - -Example: - -issuserAltName = issuer:copy - -Authority Info Access. - -The authority information access extension gives details about how to access -certain information relating to the CA. Its syntax is accessOID;location -where 'location' has the same syntax as subject alternative name (except -that email:copy is not supported). accessOID can be any valid OID but only -certain values are meaningful for example OCSP and caIssuers. OCSP gives the -location of an OCSP responder: this is used by Netscape PSM and other software. - -Example: - -authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ -authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html - -CRL distribution points. - -This is a multi-valued extension that supports all the literal options of -subject alternative name. Of the few software packages that currently interpret -this extension most only interpret the URI option. - -Currently each option will set a new DistributionPoint with the fullName -field set to the given value. - -Other fields like cRLissuer and reasons cannot currently be set or displayed: -at this time no examples were available that used these fields. - -If you see this extension with when you attempt to print it out -or it doesn't appear to display correctly then let me know, including the -certificate (mail me at steve@openssl.org) . - -Examples: - -crlDistributionPoints=URI:http://www.myhost.com/myca.crl -crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl - -Certificate Policies. - -This is a RAW extension. It attempts to display the contents of this extension: -unfortunately this extension is often improperly encoded. - -The certificate policies extension will rarely be used in practice: few -software packages interpret it correctly or at all. IE5 does partially -support this extension: but it needs the 'ia5org' option because it will -only correctly support a broken encoding. Of the options below only the -policy OID, explicitText and CPS options are displayed with IE5. - -All the fields of this extension can be set by using the appropriate syntax. - -If you follow the PKIX recommendations of not including any qualifiers and just -using only one OID then you just include the value of that OID. Multiple OIDs -can be set separated by commas, for example: - -certificatePolicies= 1.2.4.5, 1.1.3.4 - -If you wish to include qualifiers then the policy OID and qualifiers need to -be specified in a separate section: this is done by using the @section syntax -instead of a literal OID value. - -The section referred to must include the policy OID using the name -policyIdentifier, cPSuri qualifiers can be included using the syntax: - -CPS.nnn=value - -userNotice qualifiers can be set using the syntax: - -userNotice.nnn=@notice - -The value of the userNotice qualifier is specified in the relevant section. -This section can include explicitText, organization and noticeNumbers -options. explicitText and organization are text strings, noticeNumbers is a -comma separated list of numbers. The organization and noticeNumbers options -(if included) must BOTH be present. If you use the userNotice option with IE5 -then you need the 'ia5org' option at the top level to modify the encoding: -otherwise it will not be interpreted properly. - -Example: - -certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect - -[polsect] - -policyIdentifier = 1.3.5.8 -CPS.1="http://my.host.name/" -CPS.2="http://my.your.name/" -userNotice.1=@notice - -[notice] - -explicitText="Explicit Text Here" -organization="Organisation Name" -noticeNumbers=1,2,3,4 - -TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field, -according to PKIX it should be of type DisplayText but Verisign uses an -IA5STRING and IE5 needs this too. - -Display only extensions. - -Some extensions are only partially supported and currently are only displayed -but cannot be set. These include private key usage period, CRL number, and -CRL reason. - -============================================================================== - X509V3 Extension code: programmers guide -============================================================================== - -The purpose of the extension code is twofold. It allows an extension to be -created from a string or structure describing its contents and it prints out an -extension in a human or machine readable form. - -1. Initialisation and cleanup. - -No special initialisation is needed before calling the extension functions. -You used to have to call X509V3_add_standard_extensions(); but this is no longer -required and this function no longer does anything. - -void X509V3_EXT_cleanup(void); - -This function should be called to cleanup the extension code if any custom -extensions have been added. If no custom extensions have been added then this -call does nothing. After this call all custom extension code is freed up but -you can still use the standard extensions. - -2. Printing and parsing extensions. - -The simplest way to print out extensions is via the standard X509 printing -routines: if you use the standard X509_print() function, the supported -extensions will be printed out automatically. - -The following functions allow finer control over extension display: - -int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent); -int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); - -These two functions print out an individual extension to a BIO or FILE pointer. -Currently the flag argument is unused and should be set to 0. The 'indent' -argument is the number of spaces to indent each line. - -void *X509V3_EXT_d2i(X509_EXTENSION *ext); - -This function parses an extension and returns its internal structure. The -precise structure you get back depends on the extension being parsed. If the -extension if basicConstraints you will get back a pointer to a -BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more -details about the structures returned. The returned structure should be freed -after use using the relevant free function, BASIC_CONSTRAINTS_free() for -example. - -void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); -void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); -void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); -void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); - -These functions combine the operations of searching for extensions and -parsing them. They search a certificate, a CRL a CRL entry or a stack -of extensions respectively for extension whose NID is 'nid' and return -the parsed result of NULL if an error occurred. For example: - -BASIC_CONSTRAINTS *bs; -bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL); - -This will search for the basicConstraints extension and either return -it value or NULL. NULL can mean either the extension was not found, it -occurred more than once or it could not be parsed. - -If 'idx' is NULL then an extension is only parsed if it occurs precisely -once. This is standard behaviour because extensions normally cannot occur -more than once. If however more than one extension of the same type can -occur it can be used to parse successive extensions for example: - -int i; -void *ext; - -i = -1; -for(;;) { - ext = X509_get_ext_d2i(x, nid, crit, &idx); - if(ext == NULL) break; - /* Do something with ext */ -} - -If 'crit' is not NULL and the extension was found then the int it points to -is set to 1 for critical extensions and 0 for non critical. Therefore if the -function returns NULL but 'crit' is set to 0 or 1 then the extension was -found but it could not be parsed. - -The int pointed to by crit will be set to -1 if the extension was not found -and -2 if the extension occurred more than once (this will only happen if -idx is NULL). In both cases the function will return NULL. - -3. Generating extensions. - -An extension will typically be generated from a configuration file, or some -other kind of configuration database. - -int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509 *cert); -int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509_CRL *crl); - -These functions add all the extensions in the given section to the given -certificate or CRL. They will normally be called just before the certificate -or CRL is due to be signed. Both return 0 on error on non zero for success. - -In each case 'conf' is the LHASH pointer of the configuration file to use -and 'section' is the section containing the extension details. - -See the 'context functions' section for a description of the ctx parameter. - - -X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, - char *value); - -This function returns an extension based on a name and value pair, if the -pair will not need to access other sections in a config file (or there is no -config file) then the 'conf' parameter can be set to NULL. - -X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid, - char *value); - -This function creates an extension in the same way as X509V3_EXT_conf() but -takes the NID of the extension rather than its name. - -For example to produce basicConstraints with the CA flag and a path length of -10: - -x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10"); - - -X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); - -This function sets up an extension from its internal structure. The ext_nid -parameter is the NID of the extension and 'crit' is the critical flag. - -4. Context functions. - -The following functions set and manipulate an extension context structure. -The purpose of the extension context is to allow the extension code to -access various structures relating to the "environment" of the certificate: -for example the issuers certificate or the certificate request. - -void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, - X509_REQ *req, X509_CRL *crl, int flags); - -This function sets up an X509V3_CTX structure with details of the certificate -environment: specifically the issuers certificate, the subject certificate, -the certificate request and the CRL: if these are not relevant or not -available then they can be set to NULL. The 'flags' parameter should be set -to zero. - -X509V3_set_ctx_test(ctx) - -This macro is used to set the 'ctx' structure to a 'test' value: this is to -allow the syntax of an extension (or configuration file) to be tested. - -X509V3_set_ctx_nodb(ctx) - -This macro is used when no configuration database is present. - -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); - -This function is used to set the configuration database when it is an LHASH -structure: typically a configuration file. - -The following functions are used to access a configuration database: they -should only be used in RAW extensions. - -char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); - -This function returns the value of the parameter "name" in "section", or NULL -if there has been an error. - -void X509V3_string_free(X509V3_CTX *ctx, char *str); - -This function frees up the string returned by the above function. - -STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); - -This function returns a whole section as a STACK_OF(CONF_VALUE) . - -void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); - -This function frees up the STACK returned by the above function. - -Note: it is possible to use the extension code with a custom configuration -database. To do this the "db_meth" element of the X509V3_CTX structure should -be set to an X509V3_CTX_METHOD structure. This structure contains the following -function pointers: - -char * (*get_string)(void *db, char *section, char *value); -STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); -void (*free_string)(void *db, char * string); -void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); - -these will be called and passed the 'db' element in the X509V3_CTX structure -to access the database. If a given function is not implemented or not required -it can be set to NULL. - -5. String helper functions. - -There are several "i2s" and "s2i" functions that convert structures to and -from ASCII strings. In all the "i2s" cases the returned string should be -freed using Free() after use. Since some of these are part of other extension -code they may take a 'method' parameter. Unless otherwise stated it can be -safely set to NULL. - -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct); - -This returns a hex string from an ASN1_OCTET_STRING. - -char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); -char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); - -These return a string decimal representations of an ASN1_INTEGER and an -ASN1_ENUMERATED type, respectively. - -ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str); - -This converts an ASCII hex string to an ASN1_OCTET_STRING. - -ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); - -This converts a decimal ASCII string into an ASN1_INTEGER. - -6. Multi valued extension helper functions. - -The following functions can be used to manipulate STACKs of CONF_VALUE -structures, as used by multi valued extensions. - -int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); - -This function expects a boolean value in 'value' and sets 'asn1_bool' to -it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following -strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE" -"false", "N", "n", "NO" or "no". - -int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); - -This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER. - -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist); - -This simply adds a string name and value pair. - -int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist); - -The same as above but for an unsigned character value. - -int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); - -This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool' - -int X509V3_add_value_bool_nf(char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); - -This is the same as above except it adds nothing if asn1_bool is FALSE. - -int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist); - -This function adds the value of the ASN1_INTEGER in decimal form. - -7. Other helper functions. - - - -ADDING CUSTOM EXTENSIONS. - -Currently there are three types of supported extensions. - -String extensions are simple strings where the value is placed directly in the -extensions, and the string returned is printed out. - -Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs -or return a STACK_OF(CONF_VALUE). - -Raw extensions are just passed a BIO or a value and it is the extensions -responsibility to handle all the necessary printing. - -There are two ways to add an extension. One is simply as an alias to an already -existing extension. An alias is an extension that is identical in ASN1 structure -to an existing extension but has a different OBJECT IDENTIFIER. This can be -done by calling: - -int X509V3_EXT_add_alias(int nid_to, int nid_from); - -'nid_to' is the new extension NID and 'nid_from' is the already existing -extension NID. - -Alternatively an extension can be written from scratch. This involves writing -the ASN1 code to encode and decode the extension and functions to print out and -generate the extension from strings. The relevant functions are then placed in -a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext); -called. - -The X509V3_EXT_METHOD structure is described below. - -struct { -int ext_nid; -int ext_flags; -X509V3_EXT_NEW ext_new; -X509V3_EXT_FREE ext_free; -X509V3_EXT_D2I d2i; -X509V3_EXT_I2D i2d; -X509V3_EXT_I2S i2s; -X509V3_EXT_S2I s2i; -X509V3_EXT_I2V i2v; -X509V3_EXT_V2I v2i; -X509V3_EXT_R2I r2i; -X509V3_EXT_I2R i2r; - -void *usr_data; -}; - -The elements have the following meanings. - -ext_nid is the NID of the object identifier of the extension. - -ext_flags is set of flags. Currently the only external flag is - X509V3_EXT_MULTILINE which means a multi valued extensions - should be printed on separate lines. - -usr_data is an extension specific pointer to any relevant data. This - allows extensions to share identical code but have different - uses. An example of this is the bit string extension which uses - usr_data to contain a list of the bit names. - -All the remaining elements are function pointers. - -ext_new is a pointer to a function that allocates memory for the - extension ASN1 structure: for example ASN1_OBJECT_new(). - -ext_free is a pointer to a function that free up memory of the extension - ASN1 structure: for example ASN1_OBJECT_free(). - -d2i is the standard ASN1 function that converts a DER buffer into - the internal ASN1 structure: for example d2i_ASN1_IA5STRING(). - -i2d is the standard ASN1 function that converts the internal - structure into the DER representation: for example - i2d_ASN1_IA5STRING(). - -The remaining functions are depend on the type of extension. One i2X and -one X2i should be set and the rest set to NULL. The types set do not need -to match up, for example the extension could be set using the multi valued -v2i function and printed out using the raw i2r. - -All functions have the X509V3_EXT_METHOD passed to them in the 'method' -parameter and an X509V3_CTX structure. Extension code can then access the -parent structure via the 'method' parameter to for example make use of the value -of usr_data. If the code needs to use detail relating to the request it can -use the 'ctx' parameter. - -A note should be given here about the 'flags' member of the 'ctx' parameter. -If it has the value CTX_TEST then the configuration syntax is being checked -and no actual certificate or CRL exists. Therefore any attempt in the config -file to access such information should silently succeed. If the syntax is OK -then it should simply return a (possibly bogus) extension, otherwise it -should return NULL. - -char *i2s(struct v3_ext_method *method, void *ext); - -This function takes the internal structure in the ext parameter and returns -a Malloc'ed string representing its value. - -void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); - -This function takes the string representation in the ext parameter and returns -an allocated internal structure: ext_free() will be used on this internal -structure after use. - -i2v and v2i handle a STACK_OF(CONF_VALUE): - -typedef struct -{ - char *section; - char *name; - char *value; -} CONF_VALUE; - -Only the name and value members are currently used. - -STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext); - -This function is passed the internal structure in the ext parameter and -returns a STACK of CONF_VALUE structures. The values of name, value, -section and the structure itself will be freed up with Free after use. -Several helper functions are available to add values to this STACK. - -void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, - STACK_OF(CONF_VALUE) *values); - -This function takes a STACK_OF(CONF_VALUE) structures and should set the -values of the external structure. This typically uses the name element to -determine which structure element to set and the value element to determine -what to set it to. Several helper functions are available for this -purpose (see above). - -int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent); - -This function is passed the internal extension structure in the ext parameter -and sends out a human readable version of the extension to out. The 'indent' -parameter should be noted to determine the necessary amount of indentation -needed on the output. - -void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); - -This is just passed the string representation of the extension. It is intended -to be used for more elaborate extensions where the standard single and multi -valued options are insufficient. They can use the 'ctx' parameter to parse the -configuration database themselves. See the context functions section for details -of how to do this. - -Note: although this type takes the same parameters as the "r2s" function there -is a subtle difference. Whereas an "r2i" function can access a configuration -database an "s2i" function MUST NOT. This is so the internal code can safely -assume that an "s2i" function will work without a configuration database. - -============================================================================== - PKCS#12 Library -============================================================================== - -This section describes the internal PKCS#12 support. There are very few -differences between the old external library and the new internal code at -present. This may well change because the external library will not be updated -much in future. - -This version now includes a couple of high level PKCS#12 functions which -generally "do the right thing" and should make it much easier to handle PKCS#12 -structures. - -HIGH LEVEL FUNCTIONS. - -For most applications you only need concern yourself with the high level -functions. They can parse and generate simple PKCS#12 files as produced by -Netscape and MSIE or indeed any compliant PKCS#12 file containing a single -private key and certificate pair. - -1. Initialisation and cleanup. - -No special initialisation is needed for the internal PKCS#12 library: the -standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to -add all algorithms (you should at least add SHA1 though) then you can manually -initialise the PKCS#12 library with: - -PKCS12_PBE_add(); - -The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is -called or it can be directly freed with: - -EVP_PBE_cleanup(); - -after this call (or EVP_cleanup() ) no more PKCS#12 library functions should -be called. - -2. I/O functions. - -i2d_PKCS12_bio(bp, p12) - -This writes out a PKCS12 structure to a BIO. - -i2d_PKCS12_fp(fp, p12) - -This is the same but for a FILE pointer. - -d2i_PKCS12_bio(bp, p12) - -This reads in a PKCS12 structure from a BIO. - -d2i_PKCS12_fp(fp, p12) - -This is the same but for a FILE pointer. - -3. High level functions. - -3.1 Parsing with PKCS12_parse(). - -int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert, - STACK **ca); - -This function takes a PKCS12 structure and a password (ASCII, null terminated) -and returns the private key, the corresponding certificate and any CA -certificates. If any of these is not required it can be passed as a NULL. -The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK -structure. Typically to read in a PKCS#12 file you might do: - -p12 = d2i_PKCS12_fp(fp, NULL); -PKCS12_parse(p12, password, &pkey, &cert, NULL); /* CAs not wanted */ -PKCS12_free(p12); - -3.2 PKCS#12 creation with PKCS12_create(). - -PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, - STACK *ca, int nid_key, int nid_cert, int iter, - int mac_iter, int keytype); - -This function will create a PKCS12 structure from a given password, name, -private key, certificate and optional STACK of CA certificates. The remaining -5 parameters can be set to 0 and sensible defaults will be used. - -The parameters nid_key and nid_cert are the key and certificate encryption -algorithms, iter is the encryption iteration count, mac_iter is the MAC -iteration count and keytype is the type of private key. If you really want -to know what these last 5 parameters do then read the low level section. - -Typically to create a PKCS#12 file the following could be used: - -p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0); -i2d_PKCS12_fp(fp, p12); -PKCS12_free(p12); - -3.3 Changing a PKCS#12 structure password. - -int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); - -This changes the password of an already existing PKCS#12 structure. oldpass -is the old password and newpass is the new one. An error occurs if the old -password is incorrect. - -LOW LEVEL FUNCTIONS. - -In some cases the high level functions do not provide the necessary -functionality. For example if you want to generate or parse more complex -PKCS#12 files. The sample pkcs12 application uses the low level functions -to display details about the internal structure of a PKCS#12 file. - -Introduction. - -This is a brief description of how a PKCS#12 file is represented internally: -some knowledge of PKCS#12 is assumed. - -A PKCS#12 object contains several levels. - -At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a -CRL, a private key, encrypted or unencrypted, a set of safebags (so the -structure can be nested) or other secrets (not documented at present). -A safebag can optionally have attributes, currently these are: a unicode -friendlyName (a Unicode string) or a localKeyID (a string of bytes). - -At the next level is an authSafe which is a set of safebags collected into -a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself. - -At the top level is the PKCS12 structure itself which contains a set of -authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it -contains a MAC which is a kind of password protected digest to preserve -integrity (so any unencrypted stuff below can't be tampered with). - -The reason for these levels is so various objects can be encrypted in various -ways. For example you might want to encrypt a set of private keys with -triple-DES and then include the related certificates either unencrypted or -with lower encryption. Yes it's the dreaded crypto laws at work again which -allow strong encryption on private keys and only weak encryption on other -stuff. - -To build one of these things you turn all certificates and keys into safebags -(with optional attributes). You collect the safebags into (one or more) STACKS -and convert these into authsafes (encrypted or unencrypted). The authsafes -are collected into a STACK and added to a PKCS12 structure. Finally a MAC -inserted. - -Pulling one apart is basically the reverse process. The MAC is verified against -the given password. The authsafes are extracted and each authsafe split into -a set of safebags (possibly involving decryption). Finally the safebags are -decomposed into the original keys and certificates and the attributes used to -match up private key and certificate pairs. - -Anyway here are the functions that do the dirty work. - -1. Construction functions. - -1.1 Safebag functions. - -M_PKCS12_x5092certbag(x509) - -This macro takes an X509 structure and returns a certificate bag. The -X509 structure can be freed up after calling this function. - -M_PKCS12_x509crl2certbag(crl) - -As above but for a CRL. - -PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey) - -Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure. -Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo -structure contains a private key data in plain text form it should be free'd -up as soon as it has been encrypted for security reasons (freeing up the -structure zeros out the sensitive data). This can be done with -PKCS8_PRIV_KEY_INFO_free(). - -PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) - -This sets the key type when a key is imported into MSIE or Outlook 98. Two -values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type -key that can also be used for signing but its size is limited in the export -versions of MS software to 512 bits, it is also the default. KEY_SIG is a -signing only key but the keysize is unlimited (well 16K is supposed to work). -If you are using the domestic version of MSIE then you can ignore this because -KEY_EX is not limited and can be used for both. - -PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) - -Convert a PKCS8 private key structure into a keybag. This routine embeds the -p8 structure in the keybag so p8 should not be freed up or used after it is -called. The p8 structure will be freed up when the safebag is freed. - -PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8) - -Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not -embedded and can be freed up after use. - -int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen) -int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen) - -Add a local key id or a friendlyname to a safebag. - -1.2 Authsafe functions. - -PKCS7 *PKCS12_pack_p7data(STACK *sk) -Take a stack of safebags and convert them into an unencrypted authsafe. The -stack of safebags can be freed up after calling this function. - -PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags); - -As above but encrypted. - -1.3 PKCS12 functions. - -PKCS12 *PKCS12_init(int mode) - -Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data). - -M_PKCS12_pack_authsafes(p12, safes) - -This macro takes a STACK of authsafes and adds them to a PKCS#12 structure. - -int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type); - -Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests -that SHA-1 should be used. - -2. Extraction Functions. - -2.1 Safebags. - -M_PKCS12_bag_type(bag) - -Return the type of "bag". Returns one of the following - -NID_keyBag -NID_pkcs8ShroudedKeyBag 7 -NID_certBag 8 -NID_crlBag 9 -NID_secretBag 10 -NID_safeContentsBag 11 - -M_PKCS12_cert_bag_type(bag) - -Returns type of certificate bag, following are understood. - -NID_x509Certificate 14 -NID_sdsiCertificate 15 - -M_PKCS12_crl_bag_type(bag) - -Returns crl bag type, currently only NID_crlBag is recognised. - -M_PKCS12_certbag2x509(bag) - -This macro extracts an X509 certificate from a certificate bag. - -M_PKCS12_certbag2x509crl(bag) - -As above but for a CRL. - -EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) - -Extract a private key from a PKCS8 private key info structure. - -M_PKCS12_decrypt_skey(bag, pass, passlen) - -Decrypt a shrouded key bag and return a PKCS8 private key info structure. -Works with both RSA and DSA keys - -char *PKCS12_get_friendlyname(bag) - -Returns the friendlyName of a bag if present or NULL if none. The returned -string is a null terminated ASCII string allocated with Malloc(). It should -thus be freed up with Free() after use. - -2.2 AuthSafe functions. - -M_PKCS12_unpack_p7data(p7) - -Extract a STACK of safe bags from a PKCS#7 data ContentInfo. - -#define M_PKCS12_unpack_p7encdata(p7, pass, passlen) - -As above but for an encrypted content info. - -2.3 PKCS12 functions. - -M_PKCS12_unpack_authsafes(p12) - -Extract a STACK of authsafes from a PKCS12 structure. - -M_PKCS12_mac_present(p12) - -Check to see if a MAC is present. - -int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen) - -Verify a MAC on a PKCS12 structure. Returns an error if MAC not present. - - -Notes. - -1. All the function return 0 or NULL on error. -2. Encryption based functions take a common set of parameters. These are -described below. - -pass, passlen -ASCII password and length. The password on the MAC is called the "integrity -password" the encryption password is called the "privacy password" in the -PKCS#12 documentation. The passwords do not have to be the same. If -1 is -passed for the length it is worked out by the function itself (currently -this is sometimes done whatever is passed as the length but that may change). - -salt, saltlen -A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a -default length is used. - -iter -Iteration count. This is a measure of how many times an internal function is -called to encrypt the data. The larger this value is the longer it takes, it -makes dictionary attacks on passwords harder. NOTE: Some implementations do -not support an iteration count on the MAC. If the password for the MAC and -encryption is the same then there is no point in having a high iteration -count for encryption if the MAC has no count. The MAC could be attacked -and the password used for the main decryption. - -pbe_nid -This is the NID of the password based encryption method used. The following are -supported. -NID_pbe_WithSHA1And128BitRC4 -NID_pbe_WithSHA1And40BitRC4 -NID_pbe_WithSHA1And3_Key_TripleDES_CBC -NID_pbe_WithSHA1And2_Key_TripleDES_CBC -NID_pbe_WithSHA1And128BitRC2_CBC -NID_pbe_WithSHA1And40BitRC2_CBC - -Which you use depends on the implementation you are exporting to. "Export -grade" (i.e. cryptographically challenged) products cannot support all -algorithms. Typically you may be able to use any encryption on shrouded key -bags but they must then be placed in an unencrypted authsafe. Other authsafes -may only support 40bit encryption. Of course if you are using SSLeay -throughout you can strongly encrypt everything and have high iteration counts -on everything. - -3. For decryption routines only the password and length are needed. - -4. Unlike the external version the nid's of objects are the values of the -constants: that is NID_certBag is the real nid, therefore there is no -PKCS12_obj_offset() function. Note the object constants are not the same as -those of the external version. If you use these constants then you will need -to recompile your code. - -5. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or -macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be -reused or freed up safely. - diff --git a/crypto/openssl-0.9/doc/ssleay.txt b/crypto/openssl-0.9/doc/ssleay.txt deleted file mode 100644 index c75312911f..0000000000 --- a/crypto/openssl-0.9/doc/ssleay.txt +++ /dev/null @@ -1,7030 +0,0 @@ - -Bundle of old SSLeay documentation files [OBSOLETE!] - -*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! *** - -OBSOLETE means that nothing in this document should be trusted. This -document is provided mostly for historical purposes (it wasn't even up -to date at the time SSLeay 0.8.1 was released) and as inspiration. If -you copy some snippet of code from this document, please _check_ that -it really is correct from all points of view. For example, you can -check with the other documents in this directory tree, or by comparing -with relevant parts of the include files. - -People have done the mistake of trusting what's written here. Please -don't do that. - -*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! *** - - -==== readme ======================================================== - -This is the old 0.6.6 docuementation. Most of the cipher stuff is still -relevent but I'm working (very slowly) on new docuemtation. -The current version can be found online at - -http://www.cryptsoft.com/ssleay/doc - -==== API.doc ======================================================== - -SSL - SSLv2/v3/v23 etc. - -BIO - methods and how they plug together - -MEM - memory allocation callback - -CRYPTO - locking for threads - -EVP - Ciphers/Digests/signatures - -RSA - methods - -X509 - certificate retrieval - -X509 - validation - -X509 - X509v3 extensions - -Objects - adding object identifiers - -ASN.1 - parsing - -PEM - parsing - -==== ssl/readme ===================================================== - -22 Jun 1996 -This file belongs in ../apps, but I'll leave it here because it deals -with SSL :-) It is rather dated but it gives you an idea of how -things work. -=== - -17 Jul 1995 -I have been changing things quite a bit and have not fully updated -this file, so take what you read with a grain of salt -eric -=== -The s_client and s_server programs can be used to test SSL capable -IP/port addresses and the verification of the X509 certificates in use -by these services. I strongly advise having a look at the code to get -an idea of how to use the authentication under SSLeay. Any feedback -on changes and improvements would be greatly accepted. - -This file will probably be gibberish unless you have read -rfc1421, rfc1422, rfc1423 and rfc1424 which describe PEM -authentication. - -A Brief outline (and examples) how to use them to do so. - -NOTE: -The environment variable SSL_CIPER is used to specify the prefered -cipher to use, play around with setting it's value to combinations of -RC4-MD5, EXP-RC4-MD5, CBC-DES-MD5, CBC3-DES-MD5, CFB-DES-NULL -in a : separated list. - -This directory contains 3 X509 certificates which can be used by these programs. -client.pem: a file containing a certificate and private key to be used - by s_client. -server.pem :a file containing a certificate and private key to be used - by s_server. -eay1024.pem:the certificate used to sign client.pem and server.pem. - This would be your CA's certificate. There is also a link - from the file a8556381.0 to eay1024.PEM. The value a8556381 - is returned by 'x509 -hash -noout to exit. Flags are as follows. --host arg : Arg is the host or IP address to connect to. --port arg : Arg is the port to connect to (https is 443). --verify arg : Turn on authentication of the server certificate. - : Arg specifies the 'depth', this will covered below. --cert arg : The optional certificate to use. This certificate - : will be returned to the server if the server - : requests it for client authentication. --key arg : The private key that matches the certificate - : specified by the -cert option. If this is not - : specified (but -cert is), the -cert file will be - : searched for the Private key. Both files are - : assumed to be in PEM format. --CApath arg : When to look for certificates when 'verifying' the - : certificate from the server. --CAfile arg : A file containing certificates to be used for - : 'verifying' the server certificate. --reconnect : Once a connection has been made, drop it and - : reconnect with same session-id. This is for testing :-). - -The '-verify n' parameter specifies not only to verify the servers -certificate but to also only take notice of 'n' levels. The best way -to explain is to show via examples. -Given -s_server -cert server.PEM is running. - -s_client - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server - issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify error:num=1:unable to get issuer certificate - verify return:1 - CIPHER is CBC-DES-MD5 -What has happened is that the 'SSLeay demo server' certificate's -issuer ('CA') could not be found but because verify is not on, we -don't care and the connection has been made anyway. It is now 'up' -using CBC-DES-MD5 mode. This is an unauthenticate secure channel. -You may not be talking to the right person but the data going to them -is encrypted. - -s_client -verify 0 - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server - issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify error:num=1:unable to get issuer certificate - verify return:1 - CIPHER is CBC-DES-MD5 -We are 'verifying' but only to depth 0, so since the 'SSLeay demo server' -certificate passed the date and checksum, we are happy to proceed. - -s_client -verify 1 - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server - issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify error:num=1:unable to get issuer certificate - verify return:0 - ERROR - verify error:unable to get issuer certificate -In this case we failed to make the connection because we could not -authenticate the certificate because we could not find the -'CA' certificate. - -s_client -verify 1 -CAfile eay1024.PEM - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server - verify return:1 - depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify return:1 - CIPHER is CBC-DES-MD5 -We loaded the certificates from the file eay1024.PEM. Everything -checked out and so we made the connection. - -s_client -verify 1 -CApath . - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server - verify return:1 - depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify return:1 - CIPHER is CBC-DES-MD5 -We looked in out local directory for issuer certificates and 'found' -a8556381.0 and so everything is ok. - -It is worth noting that 'CA' is a self certified certificate. If you -are passed one of these, it will fail to 'verify' at depth 0 because -we need to lookup the certifier of a certificate from some information -that we trust and keep locally. - -SSL_CIPHER=CBC3-DES-MD5:RC4-MD5 -export SSL_CIPHER -s_client -verify 10 -CApath . -reconnect - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server - verify return:1 - depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify return:1 - drop the connection and reconnect with the same session id - CIPHER is CBC3-DES-MD5 -This has done a full connection and then re-estabished it with the -same session id but a new socket. No RSA stuff occures on the second -connection. Note that we said we would prefer to use CBC3-DES-MD5 -encryption and so, since the server supports it, we are. - -===== -s_server -This program accepts SSL connections on a specified port -Once connected, it will estabish an SSL connection and optionaly -attempt to authenticate the client. A 2 directional channel will be -open. Any text typed will be sent to the other end. Type Q to exit. -Flags are as follows. --port arg : Arg is the port to listen on. --verify arg : Turn on authentication of the client if they have a - : certificate. Arg specifies the 'depth'. --Verify arg : Turn on authentication of the client. If they don't - : have a valid certificate, drop the connection. --cert arg : The certificate to use. This certificate - : will be passed to the client. If it is not - : specified, it will default to server.PEM --key arg : The private key that matches the certificate - : specified by the -cert option. If this is not - : specified (but -cert is), the -cert file will be - : searched for the Private key. Both files are - : assumed to be in PEM format. Default is server.PEM --CApath arg : When to look for certificates when 'verifying' the - : certificate from the client. --CAfile arg : A file containing certificates to be used for - : 'verifying' the client certificate. - -For the following 'demo' I will specify the s_server command and -the s_client command and then list the output from the s_server. -s_server -s_client - CONNECTED - CIPHER is CBC-DES-MD5 -Everything up and running - -s_server -verify 0 -s_client - CONNECTED - CIPHER is CBC-DES-MD5 -Ok since no certificate was returned and we don't care. - -s_server -verify 0 -./s_client -cert client.PEM - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client - issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify error:num=1:unable to get issuer certificate - verify return:1 - CIPHER is CBC-DES-MD5 -Ok since we were only verifying to level 0 - -s_server -verify 4 -s_client -cert client.PEM - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client - issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify error:num=1:unable to get issuer certificate - verify return:0 - ERROR - verify error:unable to get issuer certificate -Bad because we could not authenticate the returned certificate. - -s_server -verify 4 -CApath . -s_client -cert client.PEM - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client - verify return:1 - depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify return:1 - CIPHER is CBC-DES-MD5 -Ok because we could authenticate the returned certificate :-). - -s_server -Verify 0 -CApath . -s_client - CONNECTED - ERROR - SSL error:function is:REQUEST_CERTIFICATE - :error is :client end did not return a certificate -Error because no certificate returned. - -s_server -Verify 4 -CApath . -s_client -cert client.PEM - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client - verify return:1 - depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify return:1 - CIPHER is CBC-DES-MD5 -Full authentication of the client. - -So in summary to do full authentication of both ends -s_server -Verify 9 -CApath . -s_client -cert client.PEM -CApath . -verify 9 -From the server side - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client - verify return:1 - depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify return:1 - CIPHER is CBC-DES-MD5 -From the client side - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server - verify return:1 - depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify return:1 - CIPHER is CBC-DES-MD5 - -For general probing of the 'internet https' servers for the -distribution area, run -s_client -host www.netscape.com -port 443 -verify 4 -CApath ../rsa/hash -Then enter -GET / -and you should be talking to the https server on that host. - -www.rsa.com was refusing to respond to connections on 443 when I was -testing. - -have fun :-). - -eric - -==== a_verify.doc ======================================================== - -From eay@mincom.com Fri Oct 4 18:29:06 1996 -Received: by orb.mincom.oz.au id AA29080 - (5.65c/IDA-1.4.4 for eay); Fri, 4 Oct 1996 08:29:07 +1000 -Date: Fri, 4 Oct 1996 08:29:06 +1000 (EST) -From: Eric Young -X-Sender: eay@orb -To: wplatzer -Cc: Eric Young , SSL Mailing List -Subject: Re: Netscape's Public Key -In-Reply-To: <19961003134837.NTM0049@iaik.tu-graz.ac.at> -Message-Id: -Mime-Version: 1.0 -Content-Type: TEXT/PLAIN; charset=US-ASCII -Status: RO -X-Status: - -On Thu, 3 Oct 1996, wplatzer wrote: -> I get Public Key from Netscape (Gold 3.0b4), but cannot do anything -> with it... It looks like (asn1parse): -> -> 0:d=0 hl=3 l=180 cons: SEQUENCE -> 3:d=1 hl=2 l= 96 cons: SEQUENCE -> 5:d=2 hl=2 l= 92 cons: SEQUENCE -> 7:d=3 hl=2 l= 13 cons: SEQUENCE -> 9:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption -> 20:d=4 hl=2 l= 0 prim: NULL -> 22:d=3 hl=2 l= 75 prim: BIT STRING -> 99:d=2 hl=2 l= 0 prim: IA5STRING : -> 101:d=1 hl=2 l= 13 cons: SEQUENCE -> 103:d=2 hl=2 l= 9 prim: OBJECT :md5withRSAEncryption -> 114:d=2 hl=2 l= 0 prim: NULL -> 116:d=1 hl=2 l= 65 prim: BIT STRING -> -> The first BIT STRING is the public key and the second BIT STRING is -> the signature. -> But a public key consists of the public exponent and the modulus. Are -> both numbers in the first BIT STRING? -> Is there a document simply describing this coding stuff (checking -> signature, get the public key, etc.)? - -Minimal in SSLeay. If you want to see what the modulus and exponent are, -try asn1parse -offset 25 -length 75 next_bio list. - - - -Extra commands are normally implemented as macros calling BIO_ctrl(). -- BIO_number_read(BIO *bio) - the number of bytes processed - by BIO_read(bio,.). -- BIO_number_written(BIO *bio) - the number of bytes written - by BIO_write(bio,.). -- BIO_reset(BIO *bio) - 'reset' the BIO. -- BIO_eof(BIO *bio) - non zero if we are at the current end - of input. -- BIO_set_close(BIO *bio, int close_flag) - set the close flag. -- BIO_get_close(BIO *bio) - return the close flag. - BIO_pending(BIO *bio) - return the number of bytes waiting - to be read (normally buffered internally). -- BIO_flush(BIO *bio) - output any data waiting to be output. -- BIO_should_retry(BIO *io) - after a BIO_read/BIO_write - operation returns 0 or -1, a call to this function will - return non zero if you should retry the call later (this - is for non-blocking IO). -- BIO_should_read(BIO *io) - we should retry when data can - be read. -- BIO_should_write(BIO *io) - we should retry when data can - be written. -- BIO_method_name(BIO *io) - return a string for the method name. -- BIO_method_type(BIO *io) - return the unique ID of the BIO method. -- BIO_set_callback(BIO *io, long (*callback)(BIO *io, int - cmd, char *argp, int argi, long argl, long ret); - sets - the debug callback. -- BIO_get_callback(BIO *io) - return the assigned function - as mentioned above. -- BIO_set_callback_arg(BIO *io, char *arg) - assign some - data against the BIO. This is normally used by the debug - callback but could in reality be used for anything. To - get an idea of how all this works, have a look at the code - in the default debug callback mentioned above. The - callback can modify the return values. - -Details of the BIO_METHOD structure. -typedef struct bio_method_st - { - int type; - char *name; - int (*bwrite)(); - int (*bread)(); - int (*bputs)(); - int (*bgets)(); - long (*ctrl)(); - int (*create)(); - int (*destroy)(); - } BIO_METHOD; - -The 'type' is the numeric type of the BIO, these are listed in buffer.h; -'Name' is a textual representation of the BIO 'type'. -The 7 function pointers point to the respective function -methods, some of which can be NULL if not implemented. -The BIO structure -typedef struct bio_st - { - BIO_METHOD *method; - long (*callback)(BIO * bio, int mode, char *argp, int - argi, long argl, long ret); - char *cb_arg; /* first argument for the callback */ - int init; - int shutdown; - int flags; /* extra storage */ - int num; - char *ptr; - struct bio_st *next_bio; /* used by filter BIOs */ - int references; - unsigned long num_read; - unsigned long num_write; - } BIO; - -- 'Method' is the BIO method. -- 'callback', when configured, is called before and after - each BIO method is called for that particular BIO. This - is intended primarily for debugging and of informational feedback. -- 'init' is 0 when the BIO can be used for operation. - Often, after a BIO is created, a number of operations may - need to be performed before it is available for use. An - example is for BIO_s_sock(). A socket needs to be - assigned to the BIO before it can be used. -- 'shutdown', this flag indicates if the underlying - comunication primative being used should be closed/freed - when the BIO is closed. -- 'flags' is used to hold extra state. It is primarily used - to hold information about why a non-blocking operation - failed and to record startup protocol information for the - SSL BIO. -- 'num' and 'ptr' are used to hold instance specific state - like file descriptors or local data structures. -- 'next_bio' is used by filter BIOs to hold the pointer of the - next BIO in the chain. written data is sent to this BIO and - data read is taken from it. -- 'references' is used to indicate the number of pointers to - this structure. This needs to be '1' before a call to - BIO_free() is made if the BIO_free() function is to - actually free() the structure, otherwise the reference - count is just decreased. The actual BIO subsystem does - not really use this functionality but it is useful when - used in more advanced applicaion. -- num_read and num_write are the total number of bytes - read/written via the 'read()' and 'write()' methods. - -BIO_ctrl operations. -The following is the list of standard commands passed as the -second parameter to BIO_ctrl() and should be supported by -all BIO as best as possible. Some are optional, some are -manditory, in any case, where is makes sense, a filter BIO -should pass such requests to underlying BIO's. -- BIO_CTRL_RESET - Reset the BIO back to an initial state. -- BIO_CTRL_EOF - return 0 if we are not at the end of input, - non 0 if we are. -- BIO_CTRL_INFO - BIO specific special command, normal - information return. -- BIO_CTRL_SET - set IO specific parameter. -- BIO_CTRL_GET - get IO specific parameter. -- BIO_CTRL_GET_CLOSE - Get the close on BIO_free() flag, one - of BIO_CLOSE or BIO_NOCLOSE. -- BIO_CTRL_SET_CLOSE - Set the close on BIO_free() flag. -- BIO_CTRL_PENDING - Return the number of bytes available - for instant reading -- BIO_CTRL_FLUSH - Output pending data, return number of bytes output. -- BIO_CTRL_SHOULD_RETRY - After an IO error (-1 returned) - should we 'retry' when IO is possible on the underlying IO object. -- BIO_CTRL_RETRY_TYPE - What kind of IO are we waiting on. - -The following command is a special BIO_s_file() specific option. -- BIO_CTRL_SET_FILENAME - specify a file to open for IO. - -The BIO_CTRL_RETRY_TYPE needs a little more explanation. -When performing non-blocking IO, or say reading on a memory -BIO, when no data is present (or cannot be written), -BIO_read() and/or BIO_write() will return -1. -BIO_should_retry(bio) will return true if this is due to an -IO condition rather than an actual error. In the case of -BIO_s_mem(), a read when there is no data will return -1 and -a should retry when there is more 'read' data. -The retry type is deduced from 2 macros -BIO_should_read(bio) and BIO_should_write(bio). -Now while it may appear obvious that a BIO_read() failure -should indicate that a retry should be performed when more -read data is available, this is often not true when using -things like an SSL BIO. During the SSL protocol startup -multiple reads and writes are performed, triggered by any -SSL_read or SSL_write. -So to write code that will transparently handle either a -socket or SSL BIO, - i=BIO_read(bio,..) - if (I == -1) - { - if (BIO_should_retry(bio)) - { - if (BIO_should_read(bio)) - { - /* call us again when BIO can be read */ - } - if (BIO_should_write(bio)) - { - /* call us again when BIO can be written */ - } - } - } - -At this point in time only read and write conditions can be -used but in the future I can see the situation for other -conditions, specifically with SSL there could be a condition -of a X509 certificate lookup taking place and so the non- -blocking BIO_read would require a retry when the certificate -lookup subsystem has finished it's lookup. This is all -makes more sense and is easy to use in a event loop type -setup. -When using the SSL BIO, either SSL_read() or SSL_write()s -can be called during the protocol startup and things will -still work correctly. -The nice aspect of the use of the BIO_should_retry() macro -is that all the errno codes that indicate a non-fatal error -are encapsulated in one place. The Windows specific error -codes and WSAGetLastError() calls are also hidden from the -application. - -Notes on each BIO method. -Normally buffer.h is just required but depending on the -BIO_METHOD, ssl.h or evp.h will also be required. - -BIO_METHOD *BIO_s_mem(void); -- BIO_set_mem_buf(BIO *bio, BUF_MEM *bm, int close_flag) - - set the underlying BUF_MEM structure for the BIO to use. -- BIO_get_mem_ptr(BIO *bio, char **pp) - if pp is not NULL, - set it to point to the memory array and return the number - of bytes available. -A read/write BIO. Any data written is appended to the -memory array and any read is read from the front. This BIO -can be used for read/write at the same time. BIO_gets() is -supported in the fgets() sense. -BIO_CTRL_INFO can be used to retrieve pointers to the memory -buffer and it's length. - -BIO_METHOD *BIO_s_file(void); -- BIO_set_fp(BIO *bio, FILE *fp, int close_flag) - set 'FILE *' to use. -- BIO_get_fp(BIO *bio, FILE **fp) - get the 'FILE *' in use. -- BIO_read_filename(BIO *bio, char *name) - read from file. -- BIO_write_filename(BIO *bio, char *name) - write to file. -- BIO_append_filename(BIO *bio, char *name) - append to file. -This BIO sits over the normal system fread()/fgets() type -functions. Gets() is supported. This BIO in theory could be -used for read and write but it is best to think of each BIO -of this type as either a read or a write BIO, not both. - -BIO_METHOD *BIO_s_socket(void); -BIO_METHOD *BIO_s_fd(void); -- BIO_sock_should_retry(int i) - the underlying function - used to determine if a call should be retried; the - argument is the '0' or '-1' returned by the previous BIO - operation. -- BIO_fd_should_retry(int i) - same as the -- BIO_sock_should_retry() except that it is different internally. -- BIO_set_fd(BIO *bio, int fd, int close_flag) - set the - file descriptor to use -- BIO_get_fd(BIO *bio, int *fd) - get the file descriptor. -These two methods are very similar. Gets() is not -supported, if you want this functionality, put a -BIO_f_buffer() onto it. This BIO is bi-directional if the -underlying file descriptor is. This is normally the case -for sockets but not the case for stdio descriptors. - -BIO_METHOD *BIO_s_null(void); -Read and write as much data as you like, it all disappears -into this BIO. - -BIO_METHOD *BIO_f_buffer(void); -- BIO_get_buffer_num_lines(BIO *bio) - return the number of - complete lines in the buffer. -- BIO_set_buffer_size(BIO *bio, long size) - set the size of - the buffers. -This type performs input and output buffering. It performs -both at the same time. The size of the buffer can be set -via the set buffer size option. Data buffered for output is -only written when the buffer fills. - -BIO_METHOD *BIO_f_ssl(void); -- BIO_set_ssl(BIO *bio, SSL *ssl, int close_flag) - the SSL - structure to use. -- BIO_get_ssl(BIO *bio, SSL **ssl) - get the SSL structure - in use. -The SSL bio is a little different from normal BIOs because -the underlying SSL structure is a little different. A SSL -structure performs IO via a read and write BIO. These can -be different and are normally set via the -SSL_set_rbio()/SSL_set_wbio() calls. The SSL_set_fd() calls -are just wrappers that create socket BIOs and then call -SSL_set_bio() where the read and write BIOs are the same. -The BIO_push() operation makes the SSLs IO BIOs the same, so -make sure the BIO pushed is capable of two directional -traffic. If it is not, you will have to install the BIOs -via the more conventional SSL_set_bio() call. BIO_pop() will retrieve -the 'SSL read' BIO. - -BIO_METHOD *BIO_f_md(void); -- BIO_set_md(BIO *bio, EVP_MD *md) - set the message digest - to use. -- BIO_get_md(BIO *bio, EVP_MD **mdp) - return the digest - method in use in mdp, return 0 if not set yet. -- BIO_reset() reinitializes the digest (EVP_DigestInit()) - and passes the reset to the underlying BIOs. -All data read or written via BIO_read() or BIO_write() to -this BIO will be added to the calculated digest. This -implies that this BIO is only one directional. If read and -write operations are performed, two separate BIO_f_md() BIOs -are reuqired to generate digests on both the input and the -output. BIO_gets(BIO *bio, char *md, int size) will place the -generated digest into 'md' and return the number of bytes. -The EVP_MAX_MD_SIZE should probably be used to size the 'md' -array. Reading the digest will also reset it. - -BIO_METHOD *BIO_f_cipher(void); -- BIO_reset() reinitializes the cipher. -- BIO_flush() should be called when the last bytes have been - output to flush the final block of block ciphers. -- BIO_get_cipher_status(BIO *b), when called after the last - read from a cipher BIO, returns non-zero if the data - decrypted correctly, otherwise, 0. -- BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *key, - unsigned char *iv, int encrypt) This function is used to - setup a cipher BIO. The length of key and iv are - specified by the choice of EVP_CIPHER. Encrypt is 1 to - encrypt and 0 to decrypt. - -BIO_METHOD *BIO_f_base64(void); -- BIO_flush() should be called when the last bytes have been output. -This BIO base64 encodes when writing and base64 decodes when -reading. It will scan the input until a suitable begin line -is found. After reading data, BIO_reset() will reset the -BIO to start scanning again. Do not mix reading and writing -on the same base64 BIO. It is meant as a single stream BIO. - -Directions type -both BIO_s_mem() -one/both BIO_s_file() -both BIO_s_fd() -both BIO_s_socket() -both BIO_s_null() -both BIO_f_buffer() -one BIO_f_md() -one BIO_f_cipher() -one BIO_f_base64() -both BIO_f_ssl() - -It is easy to mix one and two directional BIOs, all one has -to do is to keep two separate BIO pointers for reading and -writing and be careful about usage of underlying BIOs. The -SSL bio by it's very nature has to be two directional but -the BIO_push() command will push the one BIO into the SSL -BIO for both reading and writing. - -The best example program to look at is apps/enc.c and/or perhaps apps/dgst.c. - - -==== blowfish.doc ======================================================== - -The Blowfish library. - -Blowfish is a block cipher that operates on 64bit (8 byte) quantities. It -uses variable size key, but 128bit (16 byte) key would normally be considered -good. It can be used in all the modes that DES can be used. This -library implements the ecb, cbc, cfb64, ofb64 modes. - -Blowfish is quite a bit faster that DES, and much faster than IDEA or -RC2. It is one of the faster block ciphers. - -For all calls that have an 'input' and 'output' variables, they can be the -same. - -This library requires the inclusion of 'blowfish.h'. - -All of the encryption functions take what is called an BF_KEY as an -argument. An BF_KEY is an expanded form of the Blowfish key. -For all modes of the Blowfish algorithm, the BF_KEY used for -decryption is the same one that was used for encryption. - -The define BF_ENCRYPT is passed to specify encryption for the functions -that require an encryption/decryption flag. BF_DECRYPT is passed to -specify decryption. - -Please note that any of the encryption modes specified in my DES library -could be used with Blowfish. I have only implemented ecb, cbc, cfb64 and -ofb64 for the following reasons. -- ecb is the basic Blowfish encryption. -- cbc is the normal 'chaining' form for block ciphers. -- cfb64 can be used to encrypt single characters, therefore input and output - do not need to be a multiple of 8. -- ofb64 is similar to cfb64 but is more like a stream cipher, not as - secure (not cipher feedback) but it does not have an encrypt/decrypt mode. -- If you want triple Blowfish, thats 384 bits of key and you must be totally - obsessed with security. Still, if you want it, it is simple enough to - copy the function from the DES library and change the des_encrypt to - BF_encrypt; an exercise left for the paranoid reader :-). - -The functions are as follows: - -void BF_set_key( -BF_KEY *ks; -int len; -unsigned char *key; - BF_set_key converts an 'len' byte key into a BF_KEY. - A 'ks' is an expanded form of the 'key' which is used to - perform actual encryption. It can be regenerated from the Blowfish key - so it only needs to be kept when encryption or decryption is about - to occur. Don't save or pass around BF_KEY's since they - are CPU architecture dependent, 'key's are not. Blowfish is an - interesting cipher in that it can be used with a variable length - key. 'len' is the length of 'key' to be used as the key. - A 'len' of 16 is recomended by me, but blowfish can use upto - 72 bytes. As a warning, blowfish has a very very slow set_key - function, it actually runs BF_encrypt 521 times. - -void BF_encrypt(unsigned long *data, BF_KEY *key); -void BF_decrypt(unsigned long *data, BF_KEY *key); - These are the Blowfish encryption function that gets called by just - about every other Blowfish routine in the library. You should not - use this function except to implement 'modes' of Blowfish. - I say this because the - functions that call this routine do the conversion from 'char *' to - long, and this needs to be done to make sure 'non-aligned' memory - access do not occur. - Data is a pointer to 2 unsigned long's and key is the - BF_KEY to use. - -void BF_ecb_encrypt( -unsigned char *in, -unsigned char *out, -BF_KEY *key, -int encrypt); - This is the basic Electronic Code Book form of Blowfish (in DES this - mode is called Electronic Code Book so I'm going to use the term - for blowfish as well. - Input is encrypted into output using the key represented by - key. Depending on the encrypt, encryption or - decryption occurs. Input is 8 bytes long and output is 8 bytes. - -void BF_cbc_encrypt( -unsigned char *in, -unsigned char *out, -long length, -BF_KEY *ks, -unsigned char *ivec, -int encrypt); - This routine implements Blowfish in Cipher Block Chaining mode. - Input, which should be a multiple of 8 bytes is encrypted - (or decrypted) to output which will also be a multiple of 8 bytes. - The number of bytes is in length (and from what I've said above, - should be a multiple of 8). If length is not a multiple of 8, bad - things will probably happen. ivec is the initialisation vector. - This function updates iv after each call so that it can be passed to - the next call to BF_cbc_encrypt(). - -void BF_cfb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -BF_KEY *schedule, -unsigned char *ivec, -int *num, -int encrypt); - This is one of the more useful functions in this Blowfish library, it - implements CFB mode of Blowfish with 64bit feedback. - This allows you to encrypt an arbitrary number of bytes, - you do not require 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. Num contains 'how far' we are though ivec. - 'Encrypt' is used to indicate encryption or decryption. - CFB64 mode operates by using the cipher to generate a stream - of bytes which is used to encrypt the plain text. - The cipher text is then encrypted to generate the next 64 bits to - be xored (incrementally) with the next 64 bits of plain - text. As can be seen from this, to encrypt or decrypt, - the same 'cipher stream' needs to be generated but the way the next - block of data is gathered for encryption is different for - encryption and decryption. - -void BF_ofb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -BF_KEY *schedule, -unsigned char *ivec, -int *num); - This functions implements OFB mode of Blowfish with 64bit feedback. - This allows you to encrypt an arbitrary number of bytes, - you do not require 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. Num contains 'how far' we are though ivec. - This is in effect a stream cipher, there is no encryption or - decryption mode. - -For reading passwords, I suggest using des_read_pw_string() from my DES library. -To generate a password from a text string, I suggest using MD5 (or MD2) to -produce a 16 byte message digest that can then be passed directly to -BF_set_key(). - -===== -For more information about the specific Blowfish modes in this library -(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the -documentation on my DES library. What is said about DES is directly -applicable for Blowfish. - - -==== bn.doc ======================================================== - -The Big Number library. - -#include "bn.h" when using this library. - -This big number library was written for use in implementing the RSA and DH -public key encryption algorithms. As such, features such as negative -numbers have not been extensively tested but they should work as expected. -This library uses dynamic memory allocation for storing its data structures -and so there are no limit on the size of the numbers manipulated by these -routines but there is always the requirement to check return codes from -functions just in case a memory allocation error has occurred. - -The basic object in this library is a BIGNUM. It is used to hold a single -large integer. This type should be considered opaque and fields should not -be modified or accessed directly. -typedef struct bignum_st - { - int top; /* Index of last used d. */ - BN_ULONG *d; /* Pointer to an array of 'BITS2' bit chunks. */ - int max; /* Size of the d array. */ - int neg; - } BIGNUM; -The big number is stored in a malloced array of BN_ULONG's. A BN_ULONG can -be either 16, 32 or 64 bits in size, depending on the 'number of bits' -specified in bn.h. -The 'd' field is this array. 'max' is the size of the 'd' array that has -been allocated. 'top' is the 'last' entry being used, so for a value of 4, -bn.d[0]=4 and bn.top=1. 'neg' is 1 if the number is negative. -When a BIGNUM is '0', the 'd' field can be NULL and top == 0. - -Various routines in this library require the use of 'temporary' BIGNUM -variables during their execution. Due to the use of dynamic memory -allocation to create BIGNUMs being rather expensive when used in -conjunction with repeated subroutine calls, the BN_CTX structure is -used. This structure contains BN_CTX BIGNUMs. BN_CTX -is the maximum number of temporary BIGNUMs any publicly exported -function will use. - -#define BN_CTX 12 -typedef struct bignum_ctx - { - int tos; /* top of stack */ - BIGNUM *bn[BN_CTX]; /* The variables */ - } BN_CTX; - -The functions that follow have been grouped according to function. Most -arithmetic functions return a result in the first argument, sometimes this -first argument can also be an input parameter, sometimes it cannot. These -restrictions are documented. - -extern BIGNUM *BN_value_one; -There is one variable defined by this library, a BIGNUM which contains the -number 1. This variable is useful for use in comparisons and assignment. - -Get Size functions. - -int BN_num_bits(BIGNUM *a); - This function returns the size of 'a' in bits. - -int BN_num_bytes(BIGNUM *a); - This function (macro) returns the size of 'a' in bytes. - For conversion of BIGNUMs to byte streams, this is the number of - bytes the output string will occupy. If the output byte - format specifies that the 'top' bit indicates if the number is - signed, so an extra '0' byte is required if the top bit on a - positive number is being written, it is upto the application to - make this adjustment. Like I said at the start, I don't - really support negative numbers :-). - -Creation/Destruction routines. - -BIGNUM *BN_new(); - Return a new BIGNUM object. The number initially has a value of 0. If - there is an error, NULL is returned. - -void BN_free(BIGNUM *a); - Free()s a BIGNUM. - -void BN_clear(BIGNUM *a); - Sets 'a' to a value of 0 and also zeros all unused allocated - memory. This function is used to clear a variable of 'sensitive' - data that was held in it. - -void BN_clear_free(BIGNUM *a); - This function zeros the memory used by 'a' and then free()'s it. - This function should be used to BN_free() BIGNUMS that have held - sensitive numeric values like RSA private key values. Both this - function and BN_clear tend to only be used by RSA and DH routines. - -BN_CTX *BN_CTX_new(void); - Returns a new BN_CTX. NULL on error. - -void BN_CTX_free(BN_CTX *c); - Free a BN_CTX structure. The BIGNUMs in 'c' are BN_clear_free()ed. - -BIGNUM *bn_expand(BIGNUM *b, int bits); - This is an internal function that should not normally be used. It - ensures that 'b' has enough room for a 'bits' bit number. It is - mostly used by the various BIGNUM routines. If there is an error, - NULL is returned. if not, 'b' is returned. - -BIGNUM *BN_copy(BIGNUM *to, BIGNUM *from); - The 'from' is copied into 'to'. NULL is returned if there is an - error, otherwise 'to' is returned. - -BIGNUM *BN_dup(BIGNUM *a); - A new BIGNUM is created and returned containing the value of 'a'. - NULL is returned on error. - -Comparison and Test Functions. - -int BN_is_zero(BIGNUM *a) - Return 1 if 'a' is zero, else 0. - -int BN_is_one(a) - Return 1 is 'a' is one, else 0. - -int BN_is_word(a,w) - Return 1 if 'a' == w, else 0. 'w' is a BN_ULONG. - -int BN_cmp(BIGNUM *a, BIGNUM *b); - Return -1 if 'a' is less than 'b', 0 if 'a' and 'b' are the same - and 1 is 'a' is greater than 'b'. This is a signed comparison. - -int BN_ucmp(BIGNUM *a, BIGNUM *b); - This function is the same as BN_cmp except that the comparison - ignores the sign of the numbers. - -Arithmetic Functions -For all of these functions, 0 is returned if there is an error and 1 is -returned for success. The return value should always be checked. eg. -if (!BN_add(r,a,b)) goto err; -Unless explicitly mentioned, the 'return' value can be one of the -'parameters' to the function. - -int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b); - Add 'a' and 'b' and return the result in 'r'. This is r=a+b. - -int BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b); - Subtract 'a' from 'b' and put the result in 'r'. This is r=a-b. - -int BN_lshift(BIGNUM *r, BIGNUM *a, int n); - Shift 'a' left by 'n' bits. This is r=a*(2^n). - -int BN_lshift1(BIGNUM *r, BIGNUM *a); - Shift 'a' left by 1 bit. This form is more efficient than - BN_lshift(r,a,1). This is r=a*2. - -int BN_rshift(BIGNUM *r, BIGNUM *a, int n); - Shift 'a' right by 'n' bits. This is r=int(a/(2^n)). - -int BN_rshift1(BIGNUM *r, BIGNUM *a); - Shift 'a' right by 1 bit. This form is more efficient than - BN_rshift(r,a,1). This is r=int(a/2). - -int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b); - Multiply a by b and return the result in 'r'. 'r' must not be - either 'a' or 'b'. It has to be a different BIGNUM. - This is r=a*b. - -int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); - Multiply a by a and return the result in 'r'. 'r' must not be - 'a'. This function is alot faster than BN_mul(r,a,a). This is r=a*a. - -int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx); - Divide 'm' by 'd' and return the result in 'dv' and the remainder - in 'rem'. Either of 'dv' or 'rem' can be NULL in which case that - value is not returned. 'ctx' needs to be passed as a source of - temporary BIGNUM variables. - This is dv=int(m/d), rem=m%d. - -int BN_mod(BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx); - Find the remainder of 'm' divided by 'd' and return it in 'rem'. - 'ctx' holds the temporary BIGNUMs required by this function. - This function is more efficient than BN_div(NULL,rem,m,d,ctx); - This is rem=m%d. - -int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *m,BN_CTX *ctx); - Multiply 'a' by 'b' and return the remainder when divided by 'm'. - 'ctx' holds the temporary BIGNUMs required by this function. - This is r=(a*b)%m. - -int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx); - Raise 'a' to the 'p' power and return the remainder when divided by - 'm'. 'ctx' holds the temporary BIGNUMs required by this function. - This is r=(a^p)%m. - -int BN_reciprocal(BIGNUM *r, BIGNUM *m, BN_CTX *ctx); - Return the reciprocal of 'm'. 'ctx' holds the temporary variables - required. This function returns -1 on error, otherwise it returns - the number of bits 'r' is shifted left to make 'r' into an integer. - This number of bits shifted is required in BN_mod_mul_reciprocal(). - This is r=(1/m)<<(BN_num_bits(m)+1). - -int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BIGNUM *m, - BIGNUM *i, int nb, BN_CTX *ctx); - This function is used to perform an efficient BN_mod_mul() - operation. If one is going to repeatedly perform BN_mod_mul() with - the same modulus is worth calculating the reciprocal of the modulus - and then using this function. This operation uses the fact that - a/b == a*r where r is the reciprocal of b. On modern computers - multiplication is very fast and big number division is very slow. - 'x' is multiplied by 'y' and then divided by 'm' and the remainder - is returned. 'i' is the reciprocal of 'm' and 'nb' is the number - of bits as returned from BN_reciprocal(). Normal usage is as follows. - bn=BN_reciprocal(i,m); - for (...) - { BN_mod_mul_reciprocal(r,x,y,m,i,bn,ctx); } - This is r=(x*y)%m. Internally it is approximately - r=(x*y)-m*(x*y/m) or r=(x*y)-m*((x*y*i) >> bn) - This function is used in BN_mod_exp() and BN_is_prime(). - -Assignment Operations - -int BN_one(BIGNUM *a) - Set 'a' to hold the value one. - This is a=1. - -int BN_zero(BIGNUM *a) - Set 'a' to hold the value zero. - This is a=0. - -int BN_set_word(BIGNUM *a, unsigned long w); - Set 'a' to hold the value of 'w'. 'w' is an unsigned long. - This is a=w. - -unsigned long BN_get_word(BIGNUM *a); - Returns 'a' in an unsigned long. Not remarkably, often 'a' will - be biger than a word, in which case 0xffffffffL is returned. - -Word Operations -These functions are much more efficient that the normal bignum arithmetic -operations. - -BN_ULONG BN_mod_word(BIGNUM *a, unsigned long w); - Return the remainder of 'a' divided by 'w'. - This is return(a%w). - -int BN_add_word(BIGNUM *a, unsigned long w); - Add 'w' to 'a'. This function does not take the sign of 'a' into - account. This is a+=w; - -Bit operations. - -int BN_is_bit_set(BIGNUM *a, int n); - This function return 1 if bit 'n' is set in 'a' else 0. - -int BN_set_bit(BIGNUM *a, int n); - This function sets bit 'n' to 1 in 'a'. - This is a&= ~(1< 0, the call is aborted -and the returned <= 0 value is returned. -The second time the callback is called, the 'cmd' value also has -BIO_CB_RETURN logically 'or'ed with it. The 'ret' value is the value returned -from the actuall function call and whatever the callback returns is returned -from the BIO function. - -BIO_set_callback(b,cb) can be used to set the callback function -(b is a BIO), and BIO_set_callback_arg(b,arg) can be used to -set the cb_arg argument in the BIO strucutre. This field is only intended -to be used by application, primarily in the callback function since it is -accessable since the BIO is passed. - --------------------------- -The PEM library. - -The pem library only really uses one type of callback, -static int def_callback(char *buf, int num, int verify); -which is used to return a password string if required. -'buf' is the buffer to put the string in. 'num' is the size of 'buf' -and 'verify' is used to indicate that the password should be checked. -This last flag is mostly used when reading a password for encryption. - -For all of these functions, a NULL callback will call the above mentioned -default callback. This default function does not work under Windows 3.1. -For other machines, it will use an application defined prompt string -(EVP_set_pw_prompt(), which defines a library wide prompt string) -if defined, otherwise it will use it's own PEM password prompt. -It will then call EVP_read_pw_string() to get a password from the console. -If your application wishes to use nice fancy windows to retrieve passwords, -replace this function. The callback should return the number of bytes read -into 'buf'. If the number of bytes <= 0, it is considered an error. - -Functions that take this callback are listed below. For the 'read' type -functions, the callback will only be required if the PEM data is encrypted. - -For the Write functions, normally a password can be passed in 'kstr', of -'klen' bytes which will be used if the 'enc' cipher is not NULL. If -'kstr' is NULL, the callback will be used to retrieve a password. - -int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, - int (*callback)()); -char *PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,int (*cb)()); -char *PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,int (*cb)()); -int PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x, - EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)()); -int PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x, - EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)()); -STACK *PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)()); -STACK *PEM_X509_INFO_read_bio(BIO *fp, STACK *sk, int (*cb)()); - -#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) -#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) -#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) -#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) -#define PEM_read_SSL_SESSION(fp,x,cb) -#define PEM_read_X509(fp,x,cb) -#define PEM_read_X509_REQ(fp,x,cb) -#define PEM_read_X509_CRL(fp,x,cb) -#define PEM_read_RSAPrivateKey(fp,x,cb) -#define PEM_read_DSAPrivateKey(fp,x,cb) -#define PEM_read_PrivateKey(fp,x,cb) -#define PEM_read_PKCS7(fp,x,cb) -#define PEM_read_DHparams(fp,x,cb) -#define PEM_read_bio_SSL_SESSION(bp,x,cb) -#define PEM_read_bio_X509(bp,x,cb) -#define PEM_read_bio_X509_REQ(bp,x,cb) -#define PEM_read_bio_X509_CRL(bp,x,cb) -#define PEM_read_bio_RSAPrivateKey(bp,x,cb) -#define PEM_read_bio_DSAPrivateKey(bp,x,cb) -#define PEM_read_bio_PrivateKey(bp,x,cb) -#define PEM_read_bio_PKCS7(bp,x,cb) -#define PEM_read_bio_DHparams(bp,x,cb) -int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); -RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); - -Now you will notice that macros like -#define PEM_write_X509(fp,x) \ - PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ - (char *)x, NULL,NULL,0,NULL) -Don't do encryption normally. If you want to PEM encrypt your X509 structure, -either just call PEM_ASN1_write directly or just define you own -macro variant. As you can see, this macro just sets all encryption related -parameters to NULL. - - --------------------------- -The SSL library. - -#define SSL_set_info_callback(ssl,cb) -#define SSL_CTX_set_info_callback(ctx,cb) -void callback(SSL *ssl,int location,int ret) -This callback is called each time around the SSL_connect()/SSL_accept() -state machine. So it will be called each time the SSL protocol progresses. -It is mostly present for use when debugging. When SSL_connect() or -SSL_accept() return, the location flag is SSL_CB_ACCEPT_EXIT or -SSL_CB_CONNECT_EXIT and 'ret' is the value about to be returned. -Have a look at the SSL_CB_* defines in ssl.h. If an info callback is defined -against the SSL_CTX, it is called unless there is one set against the SSL. -Have a look at -void client_info_callback() in apps/s_client() for an example. - -Certificate verification. -void SSL_set_verify(SSL *s, int mode, int (*callback) ()); -void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)()); -This callback is used to help verify client and server X509 certificates. -It is actually passed to X509_cert_verify(), along with the SSL structure -so you have to read about X509_cert_verify() :-). The SSL_CTX version is used -if the SSL version is not defined. X509_cert_verify() is the function used -by the SSL part of the library to verify certificates. This function is -nearly always defined by the application. - -void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg); -int callback(char *arg,SSL *s,X509 *xs,STACK *cert_chain); -This call is used to replace the SSLeay certificate verification code. -The 'arg' is kept in the SSL_CTX and is passed to the callback. -If the callback returns 0, the certificate is rejected, otherwise it -is accepted. The callback is replacing the X509_cert_verify() call. -This feature is not often used, but if you wished to implement -some totally different certificate authentication system, this 'hook' is -vital. - -SSLeay keeps a cache of session-ids against each SSL_CTX. These callbacks can -be used to notify the application when a SSL_SESSION is added to the cache -or to retrieve a SSL_SESSION that is not in the cache from the application. -#define SSL_CTX_sess_set_get_cb(ctx,cb) -SSL_SESSION *callback(SSL *s,char *session_id,int session_id_len,int *copy); -If defined, this callback is called to return the SESSION_ID for the -session-id in 'session_id', of 'session_id_len' bytes. 'copy' is set to 1 -if the server is to 'take a copy' of the SSL_SESSION structure. It is 0 -if the SSL_SESSION is being 'passed in' so the SSLeay library is now -responsible for 'free()ing' the structure. Basically it is used to indicate -if the reference count on the SSL_SESSION structure needs to be incremented. - -#define SSL_CTX_sess_set_new_cb(ctx,cb) -int callback(SSL *s, SSL_SESSION *sess); -When a new connection is established, if the SSL_SESSION is going to be added -to the cache, this callback is called. Return 1 if a 'copy' is required, -otherwise, return 0. This return value just causes the reference count -to be incremented (on return of a 1), this means the application does -not need to worry about incrementing the refernece count (and the -locking that implies in a multi-threaded application). - -void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)()); -This sets the SSL password reading function. -It is mostly used for windowing applications -and used by PEM_read_bio_X509() and PEM_read_bio_RSAPrivateKey() -calls inside the SSL library. The only reason this is present is because the -calls to PEM_* functions is hidden in the SSLeay library so you have to -pass in the callback some how. - -#define SSL_CTX_set_client_cert_cb(ctx,cb) -int callback(SSL *s,X509 **x509, EVP_PKEY **pkey); -Called when a client certificate is requested but there is not one set -against the SSL_CTX or the SSL. If the callback returns 1, x509 and -pkey need to point to valid data. The library will free these when -required so if the application wants to keep these around, increment -their reference counts. If 0 is returned, no client cert is -available. If -1 is returned, it is assumed that the callback needs -to be called again at a later point in time. SSL_connect will return --1 and SSL_want_x509_lookup(ssl) returns true. Remember that -application data can be attached to an SSL structure via the -SSL_set_app_data(SSL *ssl,char *data) call. - --------------------------- -The X509 library. - -int X509_cert_verify(CERTIFICATE_CTX *ctx,X509 *xs, int (*cb)(), - int *error,char *arg,STACK *cert_chain); -int verify_callback(int ok,X509 *xs,X509 *xi,int depth,int error,char *arg, - STACK *cert_chain); - -X509_cert_verify() is used to authenticate X509 certificates. The 'ctx' holds -the details of the various caches and files used to locate certificates. -'xs' is the certificate to verify and 'cb' is the application callback (more -detail later). 'error' will be set to the error code and 'arg' is passed -to the 'cb' callback. Look at the VERIFY_* defines in crypto/x509/x509.h - -When ever X509_cert_verify() makes a 'negative' decision about a -certitificate, the callback is called. If everything checks out, the -callback is called with 'VERIFY_OK' or 'VERIFY_ROOT_OK' (for a self -signed cert that is not the passed certificate). - -The callback is passed the X509_cert_verify opinion of the certificate -in 'ok', the certificate in 'xs', the issuer certificate in 'xi', -the 'depth' of the certificate in the verification 'chain', the -VERIFY_* code in 'error' and the argument passed to X509_cert_verify() -in 'arg'. cert_chain is a list of extra certs to use if they are not -in the cache. - -The callback can be used to look at the error reason, and then return 0 -for an 'error' or '1' for ok. This will override the X509_cert_verify() -opinion of the certificates validity. Processing will continue depending on -the return value. If one just wishes to use the callback for informational -reason, just return the 'ok' parameter. - --------------------------- -The BN and DH library. - -BIGNUM *BN_generate_prime(int bits,int strong,BIGNUM *add, - BIGNUM *rem,void (*callback)(int,int)); -int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int), - -Read doc/bn.doc for the description of these 2. - -DH *DH_generate_parameters(int prime_len,int generator, - void (*callback)(int,int)); -Read doc/bn.doc for the description of the callback, since it is just passed -to BN_generate_prime(), except that it is also called as -callback(3,0) by this function. - --------------------------- -The CRYPTO library. - -void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file, - int line)); -void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount, - int type,char *file, int line)); -void CRYPTO_set_id_callback(unsigned long (*func)(void)); - -Read threads.doc for info on these ones. - - -==== cipher.doc ======================================================== - -The Cipher subroutines. - -These routines require "evp.h" to be included. - -These functions are a higher level interface to the various cipher -routines found in this library. As such, they allow the same code to be -used to encrypt and decrypt via different ciphers with only a change -in an initial parameter. These routines also provide buffering for block -ciphers. - -These routines all take a pointer to the following structure to specify -which cipher to use. If you wish to use a new cipher with these routines, -you would probably be best off looking an how an existing cipher is -implemented and copying it. At this point in time, I'm not going to go -into many details. This structure should be considered opaque - -typedef struct pem_cipher_st - { - int type; - int block_size; - int key_len; - int iv_len; - void (*enc_init)(); /* init for encryption */ - void (*dec_init)(); /* init for decryption */ - void (*do_cipher)(); /* encrypt data */ - } EVP_CIPHER; - -The type field is the object NID of the cipher type -(read the section on Objects for an explanation of what a NID is). -The cipher block_size is how many bytes need to be passed -to the cipher at a time. Key_len is the -length of the key the cipher requires and iv_len is the length of the -initialisation vector required. enc_init is the function -called to initialise the ciphers context for encryption and dec_init is the -function to initialise for decryption (they need to be different, especially -for the IDEA cipher). - -One reason for specifying the Cipher via a pointer to a structure -is that if you only use des-cbc, only the des-cbc routines will -be included when you link the program. If you passed an integer -that specified which cipher to use, the routine that mapped that -integer to a set of cipher functions would cause all the ciphers -to be link into the code. This setup also allows new ciphers -to be added by the application (with some restrictions). - -The thirteen ciphers currently defined in this library are - -EVP_CIPHER *EVP_des_ecb(); /* DES in ecb mode, iv=0, block=8, key= 8 */ -EVP_CIPHER *EVP_des_ede(); /* DES in ecb ede mode, iv=0, block=8, key=16 */ -EVP_CIPHER *EVP_des_ede3(); /* DES in ecb ede mode, iv=0, block=8, key=24 */ -EVP_CIPHER *EVP_des_cfb(); /* DES in cfb mode, iv=8, block=1, key= 8 */ -EVP_CIPHER *EVP_des_ede_cfb(); /* DES in ede cfb mode, iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_des_ede3_cfb();/* DES in ede cfb mode, iv=8, block=1, key=24 */ -EVP_CIPHER *EVP_des_ofb(); /* DES in ofb mode, iv=8, block=1, key= 8 */ -EVP_CIPHER *EVP_des_ede_ofb(); /* DES in ede ofb mode, iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_des_ede3_ofb();/* DES in ede ofb mode, iv=8, block=1, key=24 */ -EVP_CIPHER *EVP_des_cbc(); /* DES in cbc mode, iv=8, block=8, key= 8 */ -EVP_CIPHER *EVP_des_ede_cbc(); /* DES in cbc ede mode, iv=8, block=8, key=16 */ -EVP_CIPHER *EVP_des_ede3_cbc();/* DES in cbc ede mode, iv=8, block=8, key=24 */ -EVP_CIPHER *EVP_desx_cbc(); /* DES in desx cbc mode,iv=8, block=8, key=24 */ -EVP_CIPHER *EVP_rc4(); /* RC4, iv=0, block=1, key=16 */ -EVP_CIPHER *EVP_idea_ecb(); /* IDEA in ecb mode, iv=0, block=8, key=16 */ -EVP_CIPHER *EVP_idea_cfb(); /* IDEA in cfb mode, iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_idea_ofb(); /* IDEA in ofb mode, iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_idea_cbc(); /* IDEA in cbc mode, iv=8, block=8, key=16 */ -EVP_CIPHER *EVP_rc2_ecb(); /* RC2 in ecb mode, iv=0, block=8, key=16 */ -EVP_CIPHER *EVP_rc2_cfb(); /* RC2 in cfb mode, iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_rc2_ofb(); /* RC2 in ofb mode, iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_rc2_cbc(); /* RC2 in cbc mode, iv=8, block=8, key=16 */ -EVP_CIPHER *EVP_bf_ecb(); /* Blowfish in ecb mode,iv=0, block=8, key=16 */ -EVP_CIPHER *EVP_bf_cfb(); /* Blowfish in cfb mode,iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_bf_ofb(); /* Blowfish in ofb mode,iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_bf_cbc(); /* Blowfish in cbc mode,iv=8, block=8, key=16 */ - -The meaning of the compound names is as follows. -des The base cipher is DES. -idea The base cipher is IDEA -rc4 The base cipher is RC4-128 -rc2 The base cipher is RC2-128 -ecb Electronic Code Book form of the cipher. -cbc Cipher Block Chaining form of the cipher. -cfb 64 bit Cipher Feedback form of the cipher. -ofb 64 bit Output Feedback form of the cipher. -ede The cipher is used in Encrypt, Decrypt, Encrypt mode. The first - and last keys are the same. -ede3 The cipher is used in Encrypt, Decrypt, Encrypt mode. - -All the Cipher routines take a EVP_CIPHER_CTX pointer as an argument. -The state of the cipher is kept in this structure. - -typedef struct EVP_CIPHER_Ctx_st - { - EVP_CIPHER *cipher; - int encrypt; /* encrypt or decrypt */ - int buf_len; /* number we have left */ - unsigned char buf[8]; - union { - .... /* cipher specific stuff */ - } c; - } EVP_CIPHER_CTX; - -Cipher is a pointer the the EVP_CIPHER for the current context. The encrypt -flag indicates encryption or decryption. buf_len is the number of bytes -currently being held in buf. -The 'c' union holds the cipher specify context. - -The following functions are to be used. - -int EVP_read_pw_string( -char *buf, -int len, -char *prompt, -int verify, - This function is the same as des_read_pw_string() (des.doc). - -void EVP_set_pw_prompt(char *prompt); - This function sets the 'default' prompt to use to use in - EVP_read_pw_string when the prompt parameter is NULL. If the - prompt parameter is NULL, this 'default prompt' feature is turned - off. Be warned, this is a global variable so weird things - will happen if it is used under Win16 and care must be taken - with a multi-threaded version of the library. - -char *EVP_get_pw_prompt(); - This returns a pointer to the default prompt string. NULL - if it is not set. - -int EVP_BytesToKey( -EVP_CIPHER *type, -EVP_MD *md, -unsigned char *salt, -unsigned char *data, -int datal, -int count, -unsigned char *key, -unsigned char *iv); - This function is used to generate a key and an initialisation vector - for a specified cipher from a key string and a salt. Type - specifies the cipher the 'key' is being generated for. Md is the - message digest algorithm to use to generate the key and iv. The salt - is an optional 8 byte object that is used to help seed the key - generator. - If the salt value is NULL, it is just not used. Datal is the - number of bytes to use from 'data' in the key generation. - This function returns the key size for the specified cipher, if - data is NULL, this value is returns and no other - computation is performed. Count is - the number of times to loop around the key generator. I would - suggest leaving it's value as 1. Key and iv are the structures to - place the returning iv and key in. If they are NULL, no value is - generated for that particular value. - The algorithm used is as follows - - /* M[] is an array of message digests - * MD() is the message digest function */ - M[0]=MD(data . salt); - for (i=1; i key=M[0.. 8], iv=M[ 9 .. 16]. - For key=16, iv=0 => key=M[0..16]. - For key=16, iv=8 => key=M[0..16], iv=M[17 .. 24]. - For key=24, iv=8 => key=M[0..24], iv=M[25 .. 32]. - - This routine will produce DES-CBC keys and iv that are compatible - with the PKCS-5 standard when md2 or md5 are used. If md5 is - used, the salt is NULL and count is 1, this routine will produce - the password to key mapping normally used with RC4. - I have attempted to logically extend the PKCS-5 standard to - generate keys and iv for ciphers that require more than 16 bytes, - if anyone knows what the correct standard is, please inform me. - When using sha or sha1, things are a bit different under this scheme, - since sha produces a 20 byte digest. So for ciphers requiring - 24 bits of data, 20 will come from the first MD and 4 will - come from the second. - - I have considered having a separate function so this 'routine' - can be used without the requirement of passing a EVP_CIPHER *, - but I have decided to not bother. If you wish to use the - function without official EVP_CIPHER structures, just declare - a local one and set the key_len and iv_len fields to the - length you desire. - -The following routines perform encryption and decryption 'by parts'. By -this I mean that there are groups of 3 routines. An Init function that is -used to specify a cipher and initialise data structures. An Update routine -that does encryption/decryption, one 'chunk' at a time. And finally a -'Final' function that finishes the encryption/decryption process. -All these functions take a EVP_CIPHER pointer to specify which cipher to -encrypt/decrypt with. They also take a EVP_CIPHER_CTX object as an -argument. This structure is used to hold the state information associated -with the operation in progress. - -void EVP_EncryptInit( -EVP_CIPHER_CTX *ctx, -EVP_CIPHER *type, -unsigned char *key, -unsigned char *iv); - This function initialise a EVP_CIPHER_CTX for encryption using the - cipher passed in the 'type' field. The cipher is initialised to use - 'key' as the key and 'iv' for the initialisation vector (if one is - required). If the type, key or iv is NULL, the value currently in the - EVP_CIPHER_CTX is reused. So to perform several decrypt - using the same cipher, key and iv, initialise with the cipher, - key and iv the first time and then for subsequent calls, - reuse 'ctx' but pass NULL for type, key and iv. You must make sure - to pass a key that is large enough for a particular cipher. I - would suggest using the EVP_BytesToKey() function. - -void EVP_EncryptUpdate( -EVP_CIPHER_CTX *ctx, -unsigned char *out, -int *outl, -unsigned char *in, -int inl); - This function takes 'inl' bytes from 'in' and outputs bytes - encrypted by the cipher 'ctx' was initialised with into 'out'. The - number of bytes written to 'out' is put into outl. If a particular - cipher encrypts in blocks, less or more bytes than input may be - output. Currently the largest block size used by supported ciphers - is 8 bytes, so 'out' should have room for 'inl+7' bytes. Normally - EVP_EncryptInit() is called once, followed by lots and lots of - calls to EVP_EncryptUpdate, followed by a single EVP_EncryptFinal - call. - -void EVP_EncryptFinal( -EVP_CIPHER_CTX *ctx, -unsigned char *out, -int *outl); - Because quite a large number of ciphers are block ciphers, there is - often an incomplete block to write out at the end of the - encryption. EVP_EncryptFinal() performs processing on this last - block. The last block in encoded in such a way that it is possible - to determine how many bytes in the last block are valid. For 8 byte - block size ciphers, if only 5 bytes in the last block are valid, the - last three bytes will be filled with the value 3. If only 2 were - valid, the other 6 would be filled with sixes. If all 8 bytes are - valid, a extra 8 bytes are appended to the cipher stream containing - nothing but 8 eights. These last bytes are output into 'out' and - the number of bytes written is put into 'outl' These last bytes - are output into 'out' and the number of bytes written is put into - 'outl'. This form of block cipher finalisation is compatible with - PKCS-5. Please remember that even if you are using ciphers like - RC4 that has no blocking and so the function will not write - anything into 'out', it would still be a good idea to pass a - variable for 'out' that can hold 8 bytes just in case the cipher is - changed some time in the future. It should also be remembered - that the EVP_CIPHER_CTX contains the password and so when one has - finished encryption with a particular EVP_CIPHER_CTX, it is good - practice to zero the structure - (ie. memset(ctx,0,sizeof(EVP_CIPHER_CTX)). - -void EVP_DecryptInit( -EVP_CIPHER_CTX *ctx, -EVP_CIPHER *type, -unsigned char *key, -unsigned char *iv); - This function is basically the same as EVP_EncryptInit() accept that - is prepares the EVP_CIPHER_CTX for decryption. - -void EVP_DecryptUpdate( -EVP_CIPHER_CTX *ctx, -unsigned char *out, -int *outl, -unsigned char *in, -int inl); - This function is basically the same as EVP_EncryptUpdate() - except that it performs decryption. There is one - fundamental difference though. 'out' can not be the same as - 'in' for any ciphers with a block size greater than 1 if more - than one call to EVP_DecryptUpdate() will be made. This - is because this routine can hold a 'partial' block between - calls. When a partial block is decrypted (due to more bytes - being passed via this function, they will be written to 'out' - overwriting the input bytes in 'in' that have not been read - yet. From this it should also be noted that 'out' should - be at least one 'block size' larger than 'inl'. This problem - only occurs on the second and subsequent call to - EVP_DecryptUpdate() when using a block cipher. - -int EVP_DecryptFinal( -EVP_CIPHER_CTX *ctx, -unsigned char *out, -int *outl); - This function is different to EVP_EncryptFinal in that it 'removes' - any padding bytes appended when the data was encrypted. Due to the - way in which 1 to 8 bytes may have been appended when encryption - using a block cipher, 'out' can end up with 0 to 7 bytes being put - into it. When decoding the padding bytes, it is possible to detect - an incorrect decryption. If the decryption appears to be wrong, 0 - is returned. If everything seems ok, 1 is returned. For ciphers - with a block size of 1 (RC4), this function would normally not - return any bytes and would always return 1. Just because this - function returns 1 does not mean the decryption was correct. It - would normally be wrong due to either the wrong key/iv or - corruption of the cipher data fed to EVP_DecryptUpdate(). - As for EVP_EncryptFinal, it is a good idea to zero the - EVP_CIPHER_CTX after use since the structure contains the key used - to decrypt the data. - -The following Cipher routines are convenience routines that call either -EVP_EncryptXxx or EVP_DecryptXxx depending on weather the EVP_CIPHER_CTX -was setup to encrypt or decrypt. - -void EVP_CipherInit( -EVP_CIPHER_CTX *ctx, -EVP_CIPHER *type, -unsigned char *key, -unsigned char *iv, -int enc); - This function take arguments that are the same as EVP_EncryptInit() - and EVP_DecryptInit() except for the extra 'enc' flag. If 1, the - EVP_CIPHER_CTX is setup for encryption, if 0, decryption. - -void EVP_CipherUpdate( -EVP_CIPHER_CTX *ctx, -unsigned char *out, -int *outl, -unsigned char *in, -int inl); - Again this function calls either EVP_EncryptUpdate() or - EVP_DecryptUpdate() depending on state in the 'ctx' structure. - As noted for EVP_DecryptUpdate(), when this routine is used - for decryption with block ciphers, 'out' should not be the - same as 'in'. - -int EVP_CipherFinal( -EVP_CIPHER_CTX *ctx, -unsigned char *outm, -int *outl); - This routine call EVP_EncryptFinal() or EVP_DecryptFinal() - depending on the state information in 'ctx'. 1 is always returned - if the mode is encryption, otherwise the return value is the return - value of EVP_DecryptFinal(). - -==== cipher.m ======================================================== - -Date: Tue, 15 Oct 1996 08:16:14 +1000 (EST) -From: Eric Young -X-Sender: eay@orb -To: Roland Haring -Cc: ssl-users@mincom.com -Subject: Re: Symmetric encryption with ssleay -In-Reply-To: -Message-Id: -Mime-Version: 1.0 -Content-Type: TEXT/PLAIN; charset=US-ASCII -Sender: ssl-lists-owner@mincom.com -Precedence: bulk -Status: RO -X-Status: - -On Fri, 11 Oct 1996, Roland Haring wrote: -> THE_POINT: -> Would somebody be so kind to give me the minimum basic -> calls I need to do to libcrypto.a to get some text encrypted -> and decrypted again? ...hopefully with code included to do -> base64 encryption and decryption ... e.g. that sign-it.c code -> posted some while ago was a big help :-) (please, do not point -> me to apps/enc.c where I suspect my Heissenbug to be hidden :-) - -Ok, the base64 encoding stuff in 'enc.c' does the wrong thing sometimes -when the data is less than a line long (this is for decoding). I'll dig -up the exact fix today and post it. I am taking longer on 0.6.5 than I -intended so I'll just post this patch. - -The documentation to read is in -doc/cipher.doc, -doc/encode.doc (very sparse :-). -and perhaps -doc/digest.doc, - -The basic calls to encrypt with say triple DES are - -Given -char key[EVP_MAX_KEY_LENGTH]; -char iv[EVP_MAX_IV_LENGTH]; -EVP_CIPHER_CTX ctx; -unsigned char out[512+8]; -int outl; - -/* optional generation of key/iv data from text password using md5 - * via an upward compatable verson of PKCS#5. */ -EVP_BytesToKey(EVP_des_ede3_cbc,EVP_md5,NULL,passwd,strlen(passwd), - key,iv); - -/* Initalise the EVP_CIPHER_CTX */ -EVP_EncryptInit(ctx,EVP_des_ede3_cbc,key,iv); - -while (....) - { - /* This is processing 512 bytes at a time, the bytes are being - * copied into 'out', outl bytes are output. 'out' should not be the - * same as 'in' for reasons mentioned in the documentation. */ - EVP_EncryptUpdate(ctx,out,&outl,in,512); - } - -/* Output the last 'block'. If the cipher is a block cipher, the last - * block is encoded in such a way so that a wrong decryption will normally be - * detected - again, one of the PKCS standards. */ - -EVP_EncryptFinal(ctx,out,&outl); - -To decrypt, use the EVP_DecryptXXXXX functions except that EVP_DecryptFinal() -will return 0 if the decryption fails (only detectable on block ciphers). - -You can also use -EVP_CipherInit() -EVP_CipherUpdate() -EVP_CipherFinal() -which does either encryption or decryption depending on an extra -parameter to EVP_CipherInit(). - - -To do the base64 encoding, -EVP_EncodeInit() -EVP_EncodeUpdate() -EVP_EncodeFinal() - -EVP_DecodeInit() -EVP_DecodeUpdate() -EVP_DecodeFinal() - -where the encoding is quite simple, but the decoding can be a bit more -fun (due to dud input). - -EVP_DecodeUpdate() returns -1 for an error on an input line, 0 if the -'last line' was just processed, and 1 if more lines should be submitted. - -EVP_DecodeFinal() returns -1 for an error or 1 if things are ok. - -So the loop becomes -EVP_DecodeInit(....) -for (;;) - { - i=EVP_DecodeUpdate(....); - if (i < 0) goto err; - - /* process the data */ - - if (i == 0) break; - } -EVP_DecodeFinal(....); -/* process the data */ - -The problem in 'enc.c' is that I was stuff the processing up after the -EVP_DecodeFinal(...) when the for(..) loop was not being run (one line of -base64 data) and this was because 'enc.c' tries to scan over a file until -it hits the first valid base64 encoded line. - -hope this helps a bit. -eric --- -Eric Young | BOOL is tri-state according to Bill Gates. -AARNet: eay@mincom.oz.au | RTFM Win32 GetMessage(). - -==== conf.doc ======================================================== - -The CONF library. - -The CONF library is a simple set of routines that can be used to configure -programs. It is a superset of the genenv() function with some extra -structure. - -The library consists of 5 functions. - -LHASH *CONF_load(LHASH *config,char *file); -This function is called to load in a configuration file. Multiple -configuration files can be loaded, with each subsequent 'load' overwriting -any already defined 'variables'. If there is an error, NULL is returned. -If config is NULL, a new LHASH structure is created and returned, otherwise -the new data in the 'file' is loaded into the 'config' structure. - -void CONF_free(LHASH *config); -This function free()s the data in config. - -char *CONF_get_string(LHASH *config,char *section,char *name); -This function returns the string found in 'config' that corresponds to the -'section' and 'name' specified. Classes and the naming system used will be -discussed later in this document. If the variable is not defined, an NULL -is returned. - -long CONF_get_long(LHASH *config,char *section, char *name); -This function is the same as CONF_get_string() except that it converts the -string to an long and returns it. If variable is not a number or the -variable does not exist, 0 is returned. This is a little problematic but I -don't know of a simple way around it. - -STACK *CONF_get_section(LHASH *config, char *section); -This function returns a 'stack' of CONF_VALUE items that are all the -items defined in a particular section. DO NOT free() any of the -variable returned. They will disappear when CONF_free() is called. - -The 'lookup' model. -The configuration file is divided into 'sections'. Each section is started by -a line of the form '[ section ]'. All subsequent variable definitions are -of this section. A variable definition is a simple alpha-numeric name -followed by an '=' and then the data. A section or variable name can be -described by a regular expression of the following form '[A-Za-z0-9_]+'. -The value of the variable is the text after the '=' until the end of the -line, stripped of leading and trailing white space. -At this point I should mention that a '#' is a comment character, \ is the -escape character, and all three types of quote can be used to stop any -special interpretation of the data. -Now when the data is being loaded, variable expansion can occur. This is -done by expanding any $NAME sequences into the value represented by the -variable NAME. If the variable is not in the current section, the different -section can be specified by using the $SECTION::NAME form. The ${NAME} form -also works and is very useful for expanding variables inside strings. - -When a variable is looked up, there are 2 special section. 'default', which -is the initial section, and 'ENV' which is the processes environment -variables (accessed via getenv()). When a variable is looked up, it is -first 'matched' with it's section (if one was specified), if this fails, the -'default' section is matched. -If the 'lhash' variable passed was NULL, the environment is searched. - -Now why do we bother with sections? So we can have multiple programs using -the same configuration file, or multiple instances of the same program -using different variables. It also provides a nice mechanism to override -the processes environment variables (eg ENV::HOME=/tmp). If there is a -program specific variable missing, we can have default values. -Multiple configuration files can be loaded, with each new value clearing -any predefined values. A system config file can provide 'default' values, -and application/usr specific files can provide overriding values. - -Examples - -# This is a simple example -SSLEAY_HOME = /usr/local/ssl -ENV::PATH = $SSLEAY_HOME/bin:$PATH # override my path - -[X509] -cert_dir = $SSLEAY_HOME/certs # /usr/local/ssl/certs - -[SSL] -CIPHER = DES-EDE-MD5:RC4-MD5 -USER_CERT = $HOME/${USER}di'r 5' # /home/eay/eaydir 5 -USER_CERT = $HOME/\${USER}di\'r # /home/eay/${USER}di'r -USER_CERT = "$HOME/${US"ER}di\'r # $HOME/${USER}di'r - -TEST = 1234\ -5678\ -9ab # TEST=123456789ab -TTT = 1234\n\n # TTT=1234 - - - -==== des.doc ======================================================== - -The DES library. - -Please note that this library was originally written to operate with -eBones, a version of Kerberos that had had encryption removed when it left -the USA and then put back in. As such there are some routines that I will -advise not using but they are still in the library for historical reasons. -For all calls that have an 'input' and 'output' variables, they can be the -same. - -This library requires the inclusion of 'des.h'. - -All of the encryption functions take what is called a des_key_schedule as an -argument. A des_key_schedule is an expanded form of the des key. -A des_key is 8 bytes of odd parity, the type used to hold the key is a -des_cblock. A des_cblock is an array of 8 bytes, often in this library -description I will refer to input bytes when the function specifies -des_cblock's as input or output, this just means that the variable should -be a multiple of 8 bytes. - -The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to -specify decryption. The functions and global variable are as follows: - -int des_check_key; - DES keys are supposed to be odd parity. If this variable is set to - a non-zero value, des_set_key() will check that the key has odd - parity and is not one of the known weak DES keys. By default this - variable is turned off; - -void des_set_odd_parity( -des_cblock *key ); - This function takes a DES key (8 bytes) and sets the parity to odd. - -int des_is_weak_key( -des_cblock *key ); - This function returns a non-zero value if the DES key passed is a - weak, DES key. If it is a weak key, don't use it, try a different - one. If you are using 'random' keys, the chances of hitting a weak - key are 1/2^52 so it is probably not worth checking for them. - -int des_set_key( -des_cblock *key, -des_key_schedule schedule); - Des_set_key converts an 8 byte DES key into a des_key_schedule. - A des_key_schedule is an expanded form of the key which is used to - perform actual encryption. It can be regenerated from the DES key - so it only needs to be kept when encryption or decryption is about - to occur. Don't save or pass around des_key_schedule's since they - are CPU architecture dependent, DES keys are not. If des_check_key - is non zero, zero is returned if the key has the wrong parity or - the key is a weak key, else 1 is returned. - -int des_key_sched( -des_cblock *key, -des_key_schedule schedule); - An alternative name for des_set_key(). - -int des_rw_mode; /* defaults to DES_PCBC_MODE */ - This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default). - This specifies the function to use in the enc_read() and enc_write() - functions. - -void des_encrypt( -unsigned long *data, -des_key_schedule ks, -int enc); - This is the DES encryption function that gets called by just about - every other DES routine in the library. You should not use this - function except to implement 'modes' of DES. I say this because the - functions that call this routine do the conversion from 'char *' to - long, and this needs to be done to make sure 'non-aligned' memory - access do not occur. The characters are loaded 'little endian', - have a look at my source code for more details on how I use this - function. - Data is a pointer to 2 unsigned long's and ks is the - des_key_schedule to use. enc, is non zero specifies encryption, - zero if decryption. - -void des_encrypt2( -unsigned long *data, -des_key_schedule ks, -int enc); - This functions is the same as des_encrypt() except that the DES - initial permutation (IP) and final permutation (FP) have been left - out. As for des_encrypt(), you should not use this function. - It is used by the routines in my library that implement triple DES. - IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same - as des_encrypt() des_encrypt() des_encrypt() except faster :-). - -void des_ecb_encrypt( -des_cblock *input, -des_cblock *output, -des_key_schedule ks, -int enc); - This is the basic Electronic Code Book form of DES, the most basic - form. Input is encrypted into output using the key represented by - ks. If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise - decryption occurs. Input is 8 bytes long and output is 8 bytes. - (the des_cblock structure is 8 chars). - -void des_ecb3_encrypt( -des_cblock *input, -des_cblock *output, -des_key_schedule ks1, -des_key_schedule ks2, -des_key_schedule ks3, -int enc); - This is the 3 key EDE mode of ECB DES. What this means is that - the 8 bytes of input is encrypted with ks1, decrypted with ks2 and - then encrypted again with ks3, before being put into output; - C=E(ks3,D(ks2,E(ks1,M))). There is a macro, des_ecb2_encrypt() - that only takes 2 des_key_schedules that implements, - C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1. - -void des_cbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule ks, -des_cblock *ivec, -int enc); - This routine implements DES in Cipher Block Chaining mode. - Input, which should be a multiple of 8 bytes is encrypted - (or decrypted) to output which will also be a multiple of 8 bytes. - The number of bytes is in length (and from what I've said above, - should be a multiple of 8). If length is not a multiple of 8, I'm - not being held responsible :-). ivec is the initialisation vector. - This function does not modify this variable. To correctly implement - cbc mode, you need to do one of 2 things; copy the last 8 bytes of - cipher text for use as the next ivec in your application, - or use des_ncbc_encrypt(). - Only this routine has this problem with updating the ivec, all - other routines that are implementing cbc mode update ivec. - -void des_ncbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule sk, -des_cblock *ivec, -int enc); - For historical reasons, des_cbc_encrypt() did not update the - ivec with the value requires so that subsequent calls to - des_cbc_encrypt() would 'chain'. This was needed so that the same - 'length' values would not need to be used when decrypting. - des_ncbc_encrypt() does the right thing. It is the same as - des_cbc_encrypt accept that ivec is updates with the correct value - to pass in subsequent calls to des_ncbc_encrypt(). I advise using - des_ncbc_encrypt() instead of des_cbc_encrypt(); - -void des_xcbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule sk, -des_cblock *ivec, -des_cblock *inw, -des_cblock *outw, -int enc); - This is RSA's DESX mode of DES. It uses inw and outw to - 'whiten' the encryption. inw and outw are secret (unlike the iv) - and are as such, part of the key. So the key is sort of 24 bytes. - This is much better than cbc des. - -void des_3cbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule sk1, -des_key_schedule sk2, -des_cblock *ivec1, -des_cblock *ivec2, -int enc); - This function is flawed, do not use it. I have left it in the - library because it is used in my des(1) program and will function - correctly when used by des(1). If I removed the function, people - could end up unable to decrypt files. - This routine implements outer triple cbc encryption using 2 ks and - 2 ivec's. Use des_ede2_cbc_encrypt() instead. - -void des_ede3_cbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule ks1, -des_key_schedule ks2, -des_key_schedule ks3, -des_cblock *ivec, -int enc); - This function implements outer triple CBC DES encryption with 3 - keys. What this means is that each 'DES' operation - inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))). - Again, this is cbc mode so an ivec is requires. - This mode is used by SSL. - There is also a des_ede2_cbc_encrypt() that only uses 2 - des_key_schedule's, the first being reused for the final - encryption. C=E(ks1,D(ks2,E(ks1,M))). This form of triple DES - is used by the RSAref library. - -void des_pcbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule ks, -des_cblock *ivec, -int enc); - This is Propagating Cipher Block Chaining mode of DES. It is used - by Kerberos v4. It's parameters are the same as des_ncbc_encrypt(). - -void des_cfb_encrypt( -unsigned char *in, -unsigned char *out, -int numbits, -long length, -des_key_schedule ks, -des_cblock *ivec, -int enc); - Cipher Feedback Back mode of DES. This implementation 'feeds back' - in numbit blocks. The input (and output) is in multiples of numbits - bits. numbits should to be a multiple of 8 bits. Length is the - number of bytes input. If numbits is not a multiple of 8 bits, - the extra bits in the bytes will be considered padding. So if - numbits is 12, for each 2 input bytes, the 4 high bits of the - second byte will be ignored. So to encode 72 bits when using - a numbits of 12 take 12 bytes. To encode 72 bits when using - numbits of 9 will take 16 bytes. To encode 80 bits when using - numbits of 16 will take 10 bytes. etc, etc. This padding will - apply to both input and output. - - -void des_cfb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks, -des_cblock *ivec, -int *num, -int enc); - This is one of the more useful functions in this DES library, it - implements CFB mode of DES with 64bit feedback. Why is this - useful you ask? Because this routine will allow you to encrypt an - arbitrary number of bytes, no 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. num contains 'how far' we are though ivec. If this does - not make much sense, read more about cfb mode of DES :-). - -void des_ede3_cfb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks1, -des_key_schedule ks2, -des_key_schedule ks3, -des_cblock *ivec, -int *num, -int enc); - Same as des_cfb64_encrypt() accept that the DES operation is - triple DES. As usual, there is a macro for - des_ede2_cfb64_encrypt() which reuses ks1. - -void des_ofb_encrypt( -unsigned char *in, -unsigned char *out, -int numbits, -long length, -des_key_schedule ks, -des_cblock *ivec); - This is a implementation of Output Feed Back mode of DES. It is - the same as des_cfb_encrypt() in that numbits is the size of the - units dealt with during input and output (in bits). - -void des_ofb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks, -des_cblock *ivec, -int *num); - The same as des_cfb64_encrypt() except that it is Output Feed Back - mode. - -void des_ede3_ofb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks1, -des_key_schedule ks2, -des_key_schedule ks3, -des_cblock *ivec, -int *num); - Same as des_ofb64_encrypt() accept that the DES operation is - triple DES. As usual, there is a macro for - des_ede2_ofb64_encrypt() which reuses ks1. - -int des_read_pw_string( -char *buf, -int length, -char *prompt, -int verify); - This routine is used to get a password from the terminal with echo - turned off. Buf is where the string will end up and length is the - size of buf. Prompt is a string presented to the 'user' and if - verify is set, the key is asked for twice and unless the 2 copies - match, an error is returned. A return code of -1 indicates a - system error, 1 failure due to use interaction, and 0 is success. - -unsigned long des_cbc_cksum( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule ks, -des_cblock *ivec); - This function produces an 8 byte checksum from input that it puts in - output and returns the last 4 bytes as a long. The checksum is - generated via cbc mode of DES in which only the last 8 byes are - kept. I would recommend not using this function but instead using - the EVP_Digest routines, or at least using MD5 or SHA. This - function is used by Kerberos v4 so that is why it stays in the - library. - -char *des_fcrypt( -const char *buf, -const char *salt -char *ret); - This is my fast version of the unix crypt(3) function. This version - takes only a small amount of space relative to other fast - crypt() implementations. This is different to the normal crypt - in that the third parameter is the buffer that the return value - is written into. It needs to be at least 14 bytes long. This - function is thread safe, unlike the normal crypt. - -char *crypt( -const char *buf, -const char *salt); - This function calls des_fcrypt() with a static array passed as the - third parameter. This emulates the normal non-thread safe semantics - of crypt(3). - -void des_string_to_key( -char *str, -des_cblock *key); - This function takes str and converts it into a DES key. I would - recommend using MD5 instead and use the first 8 bytes of output. - When I wrote the first version of these routines back in 1990, MD5 - did not exist but I feel these routines are still sound. This - routines is compatible with the one in MIT's libdes. - -void des_string_to_2keys( -char *str, -des_cblock *key1, -des_cblock *key2); - This function takes str and converts it into 2 DES keys. - I would recommend using MD5 and using the 16 bytes as the 2 keys. - I have nothing against these 2 'string_to_key' routines, it's just - that if you say that your encryption key is generated by using the - 16 bytes of an MD5 hash, every-one knows how you generated your - keys. - -int des_read_password( -des_cblock *key, -char *prompt, -int verify); - This routine combines des_read_pw_string() with des_string_to_key(). - -int des_read_2passwords( -des_cblock *key1, -des_cblock *key2, -char *prompt, -int verify); - This routine combines des_read_pw_string() with des_string_to_2key(). - -void des_random_seed( -des_cblock key); - This routine sets a starting point for des_random_key(). - -void des_random_key( -des_cblock ret); - This function return a random key. Make sure to 'seed' the random - number generator (with des_random_seed()) before using this function. - I personally now use a MD5 based random number system. - -int des_enc_read( -int fd, -char *buf, -int len, -des_key_schedule ks, -des_cblock *iv); - This function will write to a file descriptor the encrypted data - from buf. This data will be preceded by a 4 byte 'byte count' and - will be padded out to 8 bytes. The encryption is either CBC of - PCBC depending on the value of des_rw_mode. If it is DES_PCBC_MODE, - pcbc is used, if DES_CBC_MODE, cbc is used. The default is to use - DES_PCBC_MODE. - -int des_enc_write( -int fd, -char *buf, -int len, -des_key_schedule ks, -des_cblock *iv); - This routines read stuff written by des_enc_read() and decrypts it. - I have used these routines quite a lot but I don't believe they are - suitable for non-blocking io. If you are after a full - authentication/encryption over networks, have a look at SSL instead. - -unsigned long des_quad_cksum( -des_cblock *input, -des_cblock *output, -long length, -int out_count, -des_cblock *seed); - This is a function from Kerberos v4 that is not anything to do with - DES but was needed. It is a cksum that is quicker to generate than - des_cbc_cksum(); I personally would use MD5 routines now. -===== -Modes of DES -Quite a bit of the following information has been taken from - AS 2805.5.2 - Australian Standard - Electronic funds transfer - Requirements for interfaces, - Part 5.2: Modes of operation for an n-bit block cipher algorithm - Appendix A - -There are several different modes in which DES can be used, they are -as follows. - -Electronic Codebook Mode (ECB) (des_ecb_encrypt()) -- 64 bits are enciphered at a time. -- The order of the blocks can be rearranged without detection. -- The same plaintext block always produces the same ciphertext block - (for the same key) making it vulnerable to a 'dictionary attack'. -- An error will only affect one ciphertext block. - -Cipher Block Chaining Mode (CBC) (des_cbc_encrypt()) -- a multiple of 64 bits are enciphered at a time. -- The CBC mode produces the same ciphertext whenever the same - plaintext is encrypted using the same key and starting variable. -- The chaining operation makes the ciphertext blocks dependent on the - current and all preceding plaintext blocks and therefore blocks can not - be rearranged. -- The use of different starting variables prevents the same plaintext - enciphering to the same ciphertext. -- An error will affect the current and the following ciphertext blocks. - -Cipher Feedback Mode (CFB) (des_cfb_encrypt()) -- a number of bits (j) <= 64 are enciphered at a time. -- The CFB mode produces the same ciphertext whenever the same - plaintext is encrypted using the same key and starting variable. -- The chaining operation makes the ciphertext variables dependent on the - current and all preceding variables and therefore j-bit variables are - chained together and can not be rearranged. -- The use of different starting variables prevents the same plaintext - enciphering to the same ciphertext. -- The strength of the CFB mode depends on the size of k (maximal if - j == k). In my implementation this is always the case. -- Selection of a small value for j will require more cycles through - the encipherment algorithm per unit of plaintext and thus cause - greater processing overheads. -- Only multiples of j bits can be enciphered. -- An error will affect the current and the following ciphertext variables. - -Output Feedback Mode (OFB) (des_ofb_encrypt()) -- a number of bits (j) <= 64 are enciphered at a time. -- The OFB mode produces the same ciphertext whenever the same - plaintext enciphered using the same key and starting variable. More - over, in the OFB mode the same key stream is produced when the same - key and start variable are used. Consequently, for security reasons - a specific start variable should be used only once for a given key. -- The absence of chaining makes the OFB more vulnerable to specific attacks. -- The use of different start variables values prevents the same - plaintext enciphering to the same ciphertext, by producing different - key streams. -- Selection of a small value for j will require more cycles through - the encipherment algorithm per unit of plaintext and thus cause - greater processing overheads. -- Only multiples of j bits can be enciphered. -- OFB mode of operation does not extend ciphertext errors in the - resultant plaintext output. Every bit error in the ciphertext causes - only one bit to be in error in the deciphered plaintext. -- OFB mode is not self-synchronising. If the two operation of - encipherment and decipherment get out of synchronism, the system needs - to be re-initialised. -- Each re-initialisation should use a value of the start variable - different from the start variable values used before with the same - key. The reason for this is that an identical bit stream would be - produced each time from the same parameters. This would be - susceptible to a ' known plaintext' attack. - -Triple ECB Mode (des_ecb3_encrypt()) -- Encrypt with key1, decrypt with key2 and encrypt with key3 again. -- As for ECB encryption but increases the key length to 168 bits. - There are theoretic attacks that can be used that make the effective - key length 112 bits, but this attack also requires 2^56 blocks of - memory, not very likely, even for the NSA. -- If both keys are the same it is equivalent to encrypting once with - just one key. -- If the first and last key are the same, the key length is 112 bits. - There are attacks that could reduce the key space to 55 bit's but it - requires 2^56 blocks of memory. -- If all 3 keys are the same, this is effectively the same as normal - ecb mode. - -Triple CBC Mode (des_ede3_cbc_encrypt()) -- Encrypt with key1, decrypt with key2 and then encrypt with key3. -- As for CBC encryption but increases the key length to 168 bits with - the same restrictions as for triple ecb mode. - -==== digest.doc ======================================================== - - -The Message Digest subroutines. - -These routines require "evp.h" to be included. - -These functions are a higher level interface to the various message digest -routines found in this library. As such, they allow the same code to be -used to digest via different algorithms with only a change in an initial -parameter. They are basically just a front-end to the MD2, MD5, SHA -and SHA1 -routines. - -These routines all take a pointer to the following structure to specify -which message digest algorithm to use. -typedef struct evp_md_st - { - int type; - int pkey_type; - int md_size; - void (*init)(); - void (*update)(); - void (*final)(); - - int required_pkey_type; /*EVP_PKEY_xxx */ - int (*sign)(); - int (*verify)(); - } EVP_MD; - -If additional message digest algorithms are to be supported, a structure of -this type needs to be declared and populated and then the Digest routines -can be used with that algorithm. The type field is the object NID of the -digest type (read the section on Objects for an explanation). The pkey_type -is the Object type to use when the a message digest is generated by there -routines and then is to be signed with the pkey algorithm. Md_size is -the size of the message digest returned. Init, update -and final are the relevant functions to perform the message digest function -by parts. One reason for specifying the message digest to use via this -mechanism is that if you only use md5, only the md5 routines will -be included in you linked program. If you passed an integer -that specified which message digest to use, the routine that mapped that -integer to a set of message digest functions would cause all the message -digests functions to be link into the code. This setup also allows new -message digest functions to be added by the application. - -The six message digests defined in this library are - -EVP_MD *EVP_md2(void); /* RSA sign/verify */ -EVP_MD *EVP_md5(void); /* RSA sign/verify */ -EVP_MD *EVP_sha(void); /* RSA sign/verify */ -EVP_MD *EVP_sha1(void); /* RSA sign/verify */ -EVP_MD *EVP_dss(void); /* DSA sign/verify */ -EVP_MD *EVP_dss1(void); /* DSA sign/verify */ - -All the message digest routines take a EVP_MD_CTX pointer as an argument. -The state of the message digest is kept in this structure. - -typedef struct pem_md_ctx_st - { - EVP_MD *digest; - union { - unsigned char base[4]; /* this is used in my library as a - * 'pointer' to all union elements - * structures. */ - MD2_CTX md2; - MD5_CTX md5; - SHA_CTX sha; - } md; - } EVP_MD_CTX; - -The Digest functions are as follows. - -void EVP_DigestInit( -EVP_MD_CTX *ctx, -EVP_MD *type); - This function is used to initialise the EVP_MD_CTX. The message - digest that will associated with 'ctx' is specified by 'type'. - -void EVP_DigestUpdate( -EVP_MD_CTX *ctx, -unsigned char *data, -unsigned int cnt); - This function is used to pass more data to the message digest - function. 'cnt' bytes are digested from 'data'. - -void EVP_DigestFinal( -EVP_MD_CTX *ctx, -unsigned char *md, -unsigned int *len); - This function finishes the digestion and puts the message digest - into 'md'. The length of the message digest is put into len; - EVP_MAX_MD_SIZE is the size of the largest message digest that - can be returned from this function. Len can be NULL if the - size of the digest is not required. - - -==== encode.doc ======================================================== - - -void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); -void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, - int *outl,unsigned char *in,int inl); -void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); -int EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n); - -void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); -int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, - unsigned char *in, int inl); -int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned - char *out, int *outl); -int EVP_DecodeBlock(unsigned char *t, unsigned - char *f, int n); - - -==== envelope.doc ======================================================== - -The following routines are use to create 'digital' envelopes. -By this I mean that they perform various 'higher' level cryptographic -functions. Have a read of 'cipher.doc' and 'digest.doc' since those -routines are used by these functions. -cipher.doc contains documentation about the cipher part of the -envelope library and digest.doc contatins the description of the -message digests supported. - -To 'sign' a document involves generating a message digest and then encrypting -the digest with an private key. - -#define EVP_SignInit(a,b) EVP_DigestInit(a,b) -#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -Due to the fact this operation is basically just an extended message -digest, the first 2 functions are macro calls to Digest generating -functions. - -int EVP_SignFinal( -EVP_MD_CTX *ctx, -unsigned char *md, -unsigned int *s, -EVP_PKEY *pkey); - This finalisation function finishes the generation of the message -digest and then encrypts the digest (with the correct message digest -object identifier) with the EVP_PKEY private key. 'ctx' is the message digest -context. 'md' will end up containing the encrypted message digest. This -array needs to be EVP_PKEY_size(pkey) bytes long. 's' will actually -contain the exact length. 'pkey' of course is the private key. It is -one of EVP_PKEY_RSA or EVP_PKEY_DSA type. -If there is an error, 0 is returned, otherwise 1. - -Verify is used to check an signed message digest. - -#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) -#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -Since the first step is to generate a message digest, the first 2 functions -are macros. - -int EVP_VerifyFinal( -EVP_MD_CTX *ctx, -unsigned char *md, -unsigned int s, -EVP_PKEY *pkey); - This function finishes the generation of the message digest and then -compares it with the supplied encrypted message digest. 'md' contains the -'s' bytes of encrypted message digest. 'pkey' is used to public key decrypt -the digest. It is then compared with the message digest just generated. -If they match, 1 is returned else 0. - -int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, - int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk); -Must have at least one public key, error is 0. I should also mention that -the buffers pointed to by 'ek' need to be EVP_PKEY_size(pubk[n]) is size. - -#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) -void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); - - -int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, - int ekl,unsigned char *iv,EVP_PKEY *priv); -0 on failure - -#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) - -int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -Decrypt final return code - - -==== error.doc ======================================================== - -The error routines. - -The 'error' system I've implemented is intended to server 2 purpose, to -record the reason why a command failed and to record where in the libraries -the failure occurred. It is more or less setup to record a 'trace' of which -library components were being traversed when the error occurred. - -When an error is recorded, it is done so a as single unsigned long which is -composed of three parts. The top byte is the 'library' number, the middle -12 bytes is the function code, and the bottom 12 bits is the 'reason' code. - -Each 'library', or should a say, 'section' of the SSLeay library has a -different unique 'library' error number. Each function in the library has -a number that is unique for that library. Each 'library' also has a number -for each 'error reason' that is only unique for that 'library'. - -Due to the way these error routines record a 'error trace', there is an -array per thread that is used to store the error codes. -The various functions in this library are used to access -and manipulate this array. - -void ERR_put_error(int lib, int func,int reason); - This routine records an error in library 'lib', function 'func' -and reason 'reason'. As errors get 'put' into the buffer, they wrap -around and overwrite old errors if too many are written. It is assumed -that the last errors are the most important. - -unsigned long ERR_get_error(void ); - This function returns the last error added to the error buffer. -In effect it is popping the value off the buffer so repeated calls will -continue to return values until there are no more errors to return in which -case 0 is returned. - -unsigned long ERR_peek_error(void ); - This function returns the value of the last error added to the -error buffer but does not 'pop' it from the buffer. - -void ERR_clear_error(void ); - This function clears the error buffer, discarding all unread -errors. - -While the above described error system obviously produces lots of different -error number, a method for 'reporting' these errors in a human readable -form is required. To achieve this, each library has the option of -'registering' error strings. - -typedef struct ERR_string_data_st - { - unsigned long error; - char *string; - } ERR_STRING_DATA; - -The 'ERR_STRING_DATA' contains an error code and the corresponding text -string. To add new function error strings for a library, the -ERR_STRING_DATA needs to be 'registered' with the library. - -void ERR_load_strings(unsigned long lib,ERR_STRING_DATA *err); - This function 'registers' the array of ERR_STRING_DATA pointed to by -'err' as error text strings for the error library 'lib'. - -void ERR_free_strings(void); - This function free()s all the loaded error strings. - -char *ERR_error_string(unsigned long error,char *buf); - This function returns a text string that is a human readable -version of the error represented by 'error'. Buff should be at least 120 -bytes long and if it is NULL, the return value is a pointer to a static -variable that will contain the error string, otherwise 'buf' is returned. -If there is not a text string registered for a particular error, a text -string containing the error number is returned instead. - -void ERR_print_errors(BIO *bp); -void ERR_print_errors_fp(FILE *fp); - This function is a convenience routine that prints the error string -for each error until all errors have been accounted for. - -char *ERR_lib_error_string(unsigned long e); -char *ERR_func_error_string(unsigned long e); -char *ERR_reason_error_string(unsigned long e); -The above three functions return the 3 different components strings for the -error 'e'. ERR_error_string() uses these functions. - -void ERR_load_ERR_strings(void ); - This function 'registers' the error strings for the 'ERR' module. - -void ERR_load_crypto_strings(void ); - This function 'register' the error strings for just about every -library in the SSLeay package except for the SSL routines. There is no -need to ever register any error text strings and you will probably save in -program size. If on the other hand you do 'register' all errors, it is -quite easy to determine why a particular routine failed. - -As a final footnote as to why the error system is designed as it is. -1) I did not want a single 'global' error code. -2) I wanted to know which subroutine a failure occurred in. -3) For Windows NT etc, it should be simple to replace the 'key' routines - with code to pass error codes back to the application. -4) I wanted the option of meaningful error text strings. - -Late breaking news - the changes to support threads. - -Each 'thread' has an 'ERR_STATE' state associated with it. -ERR_STATE *ERR_get_state(void ) will return the 'state' for the calling -thread/process. - -ERR_remove_state(unsigned long pid); will 'free()' this state. If pid == 0 -the current 'thread/process' will have it's error state removed. -If you do not remove the error state of a thread, this could be considered a -form of memory leak, so just after 'reaping' a thread that has died, -call ERR_remove_state(pid). - -Have a read of thread.doc for more details for what is required for -multi-threading support. All the other error routines will -work correctly when using threads. - - -==== idea.doc ======================================================== - -The IDEA library. -IDEA is a block cipher that operates on 64bit (8 byte) quantities. It -uses a 128bit (16 byte) key. It can be used in all the modes that DES can -be used. This library implements the ecb, cbc, cfb64 and ofb64 modes. - -For all calls that have an 'input' and 'output' variables, they can be the -same. - -This library requires the inclusion of 'idea.h'. - -All of the encryption functions take what is called an IDEA_KEY_SCHEDULE as an -argument. An IDEA_KEY_SCHEDULE is an expanded form of the idea key. -For all modes of the IDEA algorithm, the IDEA_KEY_SCHEDULE used for -decryption is different to the one used for encryption. - -The define IDEA_ENCRYPT is passed to specify encryption for the functions -that require an encryption/decryption flag. IDEA_DECRYPT is passed to -specify decryption. For some mode there is no encryption/decryption -flag since this is determined by the IDEA_KEY_SCHEDULE. - -So to encrypt you would do the following -idea_set_encrypt_key(key,encrypt_ks); -idea_ecb_encrypt(...,encrypt_ks); -idea_cbc_encrypt(....,encrypt_ks,...,IDEA_ENCRYPT); - -To Decrypt -idea_set_encrypt_key(key,encrypt_ks); -idea_set_decrypt_key(encrypt_ks,decrypt_ks); -idea_ecb_encrypt(...,decrypt_ks); -idea_cbc_encrypt(....,decrypt_ks,...,IDEA_DECRYPT); - -Please note that any of the encryption modes specified in my DES library -could be used with IDEA. I have only implemented ecb, cbc, cfb64 and -ofb64 for the following reasons. -- ecb is the basic IDEA encryption. -- cbc is the normal 'chaining' form for block ciphers. -- cfb64 can be used to encrypt single characters, therefore input and output - do not need to be a multiple of 8. -- ofb64 is similar to cfb64 but is more like a stream cipher, not as - secure (not cipher feedback) but it does not have an encrypt/decrypt mode. -- If you want triple IDEA, thats 384 bits of key and you must be totally - obsessed with security. Still, if you want it, it is simple enough to - copy the function from the DES library and change the des_encrypt to - idea_encrypt; an exercise left for the paranoid reader :-). - -The functions are as follows: - -void idea_set_encrypt_key( -unsigned char *key; -IDEA_KEY_SCHEDULE *ks); - idea_set_encrypt_key converts a 16 byte IDEA key into an - IDEA_KEY_SCHEDULE. The IDEA_KEY_SCHEDULE is an expanded form of - the key which can be used to perform IDEA encryption. - An IDEA_KEY_SCHEDULE is an expanded form of the key which is used to - perform actual encryption. It can be regenerated from the IDEA key - so it only needs to be kept when encryption is about - to occur. Don't save or pass around IDEA_KEY_SCHEDULE's since they - are CPU architecture dependent, IDEA keys are not. - -void idea_set_decrypt_key( -IDEA_KEY_SCHEDULE *encrypt_ks, -IDEA_KEY_SCHEDULE *decrypt_ks); - This functions converts an encryption IDEA_KEY_SCHEDULE into a - decryption IDEA_KEY_SCHEDULE. For all decryption, this conversion - of the key must be done. In some modes of IDEA, an - encryption/decryption flag is also required, this is because these - functions involve block chaining and the way this is done changes - depending on which of encryption of decryption is being done. - Please note that there is no quick way to generate the decryption - key schedule other than generating the encryption key schedule and - then converting it. - -void idea_encrypt( -unsigned long *data, -IDEA_KEY_SCHEDULE *ks); - This is the IDEA encryption function that gets called by just about - every other IDEA routine in the library. You should not use this - function except to implement 'modes' of IDEA. I say this because the - functions that call this routine do the conversion from 'char *' to - long, and this needs to be done to make sure 'non-aligned' memory - access do not occur. - Data is a pointer to 2 unsigned long's and ks is the - IDEA_KEY_SCHEDULE to use. Encryption or decryption depends on the - IDEA_KEY_SCHEDULE. - -void idea_ecb_encrypt( -unsigned char *input, -unsigned char *output, -IDEA_KEY_SCHEDULE *ks); - This is the basic Electronic Code Book form of IDEA (in DES this - mode is called Electronic Code Book so I'm going to use the term - for idea as well :-). - Input is encrypted into output using the key represented by - ks. Depending on the IDEA_KEY_SCHEDULE, encryption or - decryption occurs. Input is 8 bytes long and output is 8 bytes. - -void idea_cbc_encrypt( -unsigned char *input, -unsigned char *output, -long length, -IDEA_KEY_SCHEDULE *ks, -unsigned char *ivec, -int enc); - This routine implements IDEA in Cipher Block Chaining mode. - Input, which should be a multiple of 8 bytes is encrypted - (or decrypted) to output which will also be a multiple of 8 bytes. - The number of bytes is in length (and from what I've said above, - should be a multiple of 8). If length is not a multiple of 8, bad - things will probably happen. ivec is the initialisation vector. - This function updates iv after each call so that it can be passed to - the next call to idea_cbc_encrypt(). - -void idea_cfb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks, -des_cblock *ivec, -int *num, -int enc); - This is one of the more useful functions in this IDEA library, it - implements CFB mode of IDEA with 64bit feedback. - This allows you to encrypt an arbitrary number of bytes, - you do not require 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. Num contains 'how far' we are though ivec. - Enc is used to indicate encryption or decryption. - One very important thing to remember is that when decrypting, use - the encryption form of the key. - CFB64 mode operates by using the cipher to - generate a stream of bytes which is used to encrypt the plain text. - The cipher text is then encrypted to generate the next 64 bits to - be xored (incrementally) with the next 64 bits of plain - text. As can be seen from this, to encrypt or decrypt, - the same 'cipher stream' needs to be generated but the way the next - block of data is gathered for encryption is different for - encryption and decryption. What this means is that to encrypt - idea_set_encrypt_key(key,ks); - idea_cfb64_encrypt(...,ks,..,IDEA_ENCRYPT) - do decrypt - idea_set_encrypt_key(key,ks) - idea_cfb64_encrypt(...,ks,...,IDEA_DECRYPT) - Note: The same IDEA_KEY_SCHEDULE but different encryption flags. - For idea_cbc or idea_ecb, idea_set_decrypt_key() would need to be - used to generate the IDEA_KEY_SCHEDULE for decryption. - The reason I'm stressing this point is that I just wasted 3 hours - today trying to decrypt using this mode and the decryption form of - the key :-(. - -void idea_ofb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks, -des_cblock *ivec, -int *num); - This functions implements OFB mode of IDEA with 64bit feedback. - This allows you to encrypt an arbitrary number of bytes, - you do not require 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. Num contains 'how far' we are though ivec. - This is in effect a stream cipher, there is no encryption or - decryption mode. The same key and iv should be used to - encrypt and decrypt. - -For reading passwords, I suggest using des_read_pw_string() from my DES library. -To generate a password from a text string, I suggest using MD5 (or MD2) to -produce a 16 byte message digest that can then be passed directly to -idea_set_encrypt_key(). - -===== -For more information about the specific IDEA modes in this library -(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the -documentation on my DES library. What is said about DES is directly -applicable for IDEA. - - -==== legal.doc ======================================================== - -From eay@mincom.com Thu Jun 27 00:25:45 1996 -Received: by orb.mincom.oz.au id AA15821 - (5.65c/IDA-1.4.4 for eay); Wed, 26 Jun 1996 14:25:45 +1000 -Date: Wed, 26 Jun 1996 14:25:45 +1000 (EST) -From: Eric Young -X-Sender: eay@orb -To: Ken Toll -Cc: Eric Young , ssl-talk@netscape.com -Subject: Re: Unidentified subject! -In-Reply-To: <9606261950.ZM28943@ren.digitalage.com> -Message-Id: -Mime-Version: 1.0 -Content-Type: TEXT/PLAIN; charset=US-ASCII -Status: O -X-Status: - - -This is a little off topic but since SSLeay is a free implementation of -the SSLv2 protocol, I feel it is worth responding on the topic of if it -is actually legal for Americans to use free cryptographic software. - -On Wed, 26 Jun 1996, Ken Toll wrote: -> Is the U.S the only country that SSLeay cannot be used commercially -> (because of RSAref) or is that going to be an issue with every country -> that a client/server application (non-web browser/server) is deployed -> and sold? - ->From what I understand, the software patents that apply to algorithms -like RSA and DH only apply in the USA. The IDEA algorithm I believe is -patened in europe (USA?), but considing how little it is used by other SSL -implementations, it quite easily be left out of the SSLeay build -(this can be done with a compile flag). - -Actually if the RSA patent did apply outside the USA, it could be rather -interesting since RSA is not alowed to let RSA toolkits outside of the USA -[1], and since these are the only forms that they will alow the algorithm -to be used in, it would mean that non-one outside of the USA could produce -public key software which would be a very strong statment for -international patent law to make :-). This logic is a little flawed but -it still points out some of the more interesting permutations of USA -patent law and ITAR restrictions. - -Inside the USA there is also the unresolved issue of RC4/RC2 which were -made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2). I have -copies of the origional postings if people are interested. RSA I believe -claim that they were 'trade-secrets' and that some-one broke an NDA in -revealing them. Other claim they reverse engineered the algorithms from -compiled binaries. If the algorithms were reverse engineered, I belive -RSA had no legal leg to stand on. If an NDA was broken, I don't know. -Regardless, RSA, I belive, is willing to go to court over the issue so -licencing is probably the best idea, or at least talk to them. -If there are people who actually know more about this, pease let me know, I -don't want to vilify or spread miss-information if I can help it. - -If you are not producing a web browser, it is easy to build SSLeay with -RC2/RC4 removed. Since RC4 is the defacto standard cipher in -all web software (and it is damn fast) it is more or less required for -www use. For non www use of SSL, especially for an application where -interoperability with other vendors is not critical just leave it out. - -Removing IDEA, RC2 and RC4 would only leave DES and Triple DES but -they should be ok. Considing that Triple DES can encrypt at rates of -410k/sec on a pentium 100, and 940k/sec on a P6/200, this is quite -reasonable performance. Single DES clocks in at 1160k/s and 2467k/s -respectivly is actually quite fast for those not so paranoid (56 bit key).[1] - -> Is it possible to get a certificate for commercial use outside of the U.S.? -yes. - -Thawte Consulting issues certificates (they are the people who sell the - Sioux httpd server and are based in South Africa) -Verisign will issue certificates for Sioux (sold from South Africa), so this - proves that they will issue certificate for OS use if they are - happy with the quality of the software. - -(The above mentioned companies just the ones that I know for sure are issuing - certificates outside the USA). - -There is always the point that if you are using SSL for an intra net, -SSLeay provides programs that can be used so you can issue your own -certificates. They need polishing but at least it is a good starting point. - -I am not doing anything outside Australian law by implementing these -algorithms (to the best of my knowedge). It is another example of how -the world legal system does not cope with the internet very well. - -I may start making shared libraries available (I have now got DLL's for -Windows). This will mean that distributions into the usa could be -shipped with a version with a reduced cipher set and the versions outside -could use the DLL/shared library with all the ciphers (and without RSAref). - -This could be completly hidden from the application, so this would not -even require a re-linking. - -This is the reverse of what people were talking about doing to get around -USA export regulations :-) - -eric - -[1]: The RSAref2.0 tookit is available on at least 3 ftp sites in Europe - and one in South Africa. - -[2]: Since I always get questions when I post benchmark numbers :-), - DES performace figures are in 1000's of bytes per second in cbc - mode using an 8192 byte buffer. The pentium 100 was running Windows NT - 3.51 DLLs and the 686/200 was running NextStep. - I quote pentium 100 benchmarks because it is basically the - 'entry level' computer that most people buy for personal use. - Windows 95 is the OS shipping on those boxes, so I'll give - NT numbers (the same Win32 runtime environment). The 686 - numbers are present as an indication of where we will be in a - few years. --- -Eric Young | BOOL is tri-state according to Bill Gates. -AARNet: eay@mincom.oz.au | RTFM Win32 GetMessage(). - - - -==== lhash.doc ======================================================== - -The LHASH library. - -I wrote this library in 1991 and have since forgotten why I called it lhash. -It implements a hash table from an article I read at the -time from 'Communications of the ACM'. What makes this hash -table different is that as the table fills, the hash table is -increased (or decreased) in size via realloc(). -When a 'resize' is done, instead of all hashes being redistributed over -twice as many 'buckets', one bucket is split. So when an 'expand' is done, -there is only a minimal cost to redistribute some values. Subsequent -inserts will cause more single 'bucket' redistributions but there will -never be a sudden large cost due to redistributing all the 'buckets'. - -The state for a particular hash table is kept in the LHASH structure. -The LHASH structure also records statistics about most aspects of accessing -the hash table. This is mostly a legacy of my writing this library for -the reasons of implementing what looked like a nice algorithm rather than -for a particular software product. - -Internal stuff you probably don't want to know about. -The decision to increase or decrease the hash table size is made depending -on the 'load' of the hash table. The load is the number of items in the -hash table divided by the size of the hash table. The default values are -as follows. If (hash->up_load < load) => expand. -if (hash->down_load > load) => contract. The 'up_load' has a default value of -1 and 'down_load' has a default value of 2. These numbers can be modified -by the application by just playing with the 'up_load' and 'down_load' -variables. The 'load' is kept in a form which is multiplied by 256. So -hash->up_load=8*256; will cause a load of 8 to be set. - -If you are interested in performance the field to watch is -num_comp_calls. The hash library keeps track of the 'hash' value for -each item so when a lookup is done, the 'hashes' are compared, if -there is a match, then a full compare is done, and -hash->num_comp_calls is incremented. If num_comp_calls is not equal -to num_delete plus num_retrieve it means that your hash function is -generating hashes that are the same for different values. It is -probably worth changing your hash function if this is the case because -even if your hash table has 10 items in a 'bucked', it can be searched -with 10 'unsigned long' compares and 10 linked list traverses. This -will be much less expensive that 10 calls to you compare function. - -LHASH *lh_new( -unsigned long (*hash)(), -int (*cmp)()); - This function is used to create a new LHASH structure. It is passed - function pointers that are used to store and retrieve values passed - into the hash table. The 'hash' - function is a hashing function that will return a hashed value of - it's passed structure. 'cmp' is passed 2 parameters, it returns 0 - is they are equal, otherwise, non zero. - If there are any problems (usually malloc failures), NULL is - returned, otherwise a new LHASH structure is returned. The - hash value is normally truncated to a power of 2, so make sure - that your hash function returns well mixed low order bits. - -void lh_free( -LHASH *lh); - This function free()s a LHASH structure. If there is malloced - data in the hash table, it will not be freed. Consider using the - lh_doall function to deallocate any remaining entries in the hash - table. - -char *lh_insert( -LHASH *lh, -char *data); - This function inserts the data pointed to by data into the lh hash - table. If there is already and entry in the hash table entry, the - value being replaced is returned. A NULL is returned if the new - entry does not clash with an entry already in the table (the normal - case) or on a malloc() failure (perhaps I should change this....). - The 'char *data' is exactly what is passed to the hash and - comparison functions specified in lh_new(). - -char *lh_delete( -LHASH *lh, -char *data); - This routine deletes an entry from the hash table. The value being - deleted is returned. NULL is returned if there is no such value in - the hash table. - -char *lh_retrieve( -LHASH *lh, -char *data); - If 'data' is in the hash table it is returned, else NULL is - returned. The way these routines would normally be uses is that a - dummy structure would have key fields populated and then - ret=lh_retrieve(hash,&dummy);. Ret would now be a pointer to a fully - populated structure. - -void lh_doall( -LHASH *lh, -void (*func)(char *a)); - This function will, for every entry in the hash table, call function - 'func' with the data item as parameters. - This function can be quite useful when used as follows. - void cleanup(STUFF *a) - { STUFF_free(a); } - lh_doall(hash,cleanup); - lh_free(hash); - This can be used to free all the entries, lh_free() then - cleans up the 'buckets' that point to nothing. Be careful - when doing this. If you delete entries from the hash table, - in the call back function, the table may decrease in size, - moving item that you are - currently on down lower in the hash table. This could cause - some entries to be skipped. The best solution to this problem - is to set lh->down_load=0 before you start. This will stop - the hash table ever being decreased in size. - -void lh_doall_arg( -LHASH *lh; -void(*func)(char *a,char *arg)); -char *arg; - This function is the same as lh_doall except that the function - called will be passed 'arg' as the second argument. - -unsigned long lh_strhash( -char *c); - This function is a demo string hashing function. Since the LHASH - routines would normally be passed structures, this routine would - not normally be passed to lh_new(), rather it would be used in the - function passed to lh_new(). - -The next three routines print out various statistics about the state of the -passed hash table. These numbers are all kept in the lhash structure. - -void lh_stats( -LHASH *lh, -FILE *out); - This function prints out statistics on the size of the hash table, - how many entries are in it, and the number and result of calls to - the routines in this library. - -void lh_node_stats( -LHASH *lh, -FILE *out); - For each 'bucket' in the hash table, the number of entries is - printed. - -void lh_node_usage_stats( -LHASH *lh, -FILE *out); - This function prints out a short summary of the state of the hash - table. It prints what I call the 'load' and the 'actual load'. - The load is the average number of data items per 'bucket' in the - hash table. The 'actual load' is the average number of items per - 'bucket', but only for buckets which contain entries. So the - 'actual load' is the average number of searches that will need to - find an item in the hash table, while the 'load' is the average number - that will be done to record a miss. - -==== md2.doc ======================================================== - -The MD2 library. -MD2 is a message digest algorithm that can be used to condense an arbitrary -length message down to a 16 byte hash. The functions all need to be passed -a MD2_CTX which is used to hold the MD2 context during multiple MD2_Update() -function calls. The normal method of use for this library is as follows - -MD2_Init(...); -MD2_Update(...); -... -MD2_Update(...); -MD2_Final(...); - -This library requires the inclusion of 'md2.h'. - -The main negative about MD2 is that it is slow, especially when compared -to MD5. - -The functions are as follows: - -void MD2_Init( -MD2_CTX *c); - This function needs to be called to initiate a MD2_CTX structure for - use. - -void MD2_Update( -MD2_CTX *c; -unsigned char *data; -unsigned long len); - This updates the message digest context being generated with 'len' - bytes from the 'data' pointer. The number of bytes can be any - length. - -void MD2_Final( -unsigned char *md; -MD2_CTX *c; - This function is called when a message digest of the data digested - with MD2_Update() is wanted. The message digest is put in the 'md' - array and is MD2_DIGEST_LENGTH (16) bytes long. - -unsigned char *MD2( -unsigned long n; -unsigned char *d; -unsigned char *md; - This function performs a MD2_Init(), followed by a MD2_Update() - followed by a MD2_Final() (using a local MD2_CTX). - The resulting digest is put into 'md' if it is not NULL. - Regardless of the value of 'md', the message - digest is returned from the function. If 'md' was NULL, the message - digest returned is being stored in a static structure. - -==== md5.doc ======================================================== - -The MD5 library. -MD5 is a message digest algorithm that can be used to condense an arbitrary -length message down to a 16 byte hash. The functions all need to be passed -a MD5_CTX which is used to hold the MD5 context during multiple MD5_Update() -function calls. This library also contains random number routines that are -based on MD5 - -The normal method of use for this library is as follows - -MD5_Init(...); -MD5_Update(...); -... -MD5_Update(...); -MD5_Final(...); - -This library requires the inclusion of 'md5.h'. - -The functions are as follows: - -void MD5_Init( -MD5_CTX *c); - This function needs to be called to initiate a MD5_CTX structure for - use. - -void MD5_Update( -MD5_CTX *c; -unsigned char *data; -unsigned long len); - This updates the message digest context being generated with 'len' - bytes from the 'data' pointer. The number of bytes can be any - length. - -void MD5_Final( -unsigned char *md; -MD5_CTX *c; - This function is called when a message digest of the data digested - with MD5_Update() is wanted. The message digest is put in the 'md' - array and is MD5_DIGEST_LENGTH (16) bytes long. - -unsigned char *MD5( -unsigned char *d; -unsigned long n; -unsigned char *md; - This function performs a MD5_Init(), followed by a MD5_Update() - followed by a MD5_Final() (using a local MD5_CTX). - The resulting digest is put into 'md' if it is not NULL. - Regardless of the value of 'md', the message - digest is returned from the function. If 'md' was NULL, the message - digest returned is being stored in a static structure. - - -==== memory.doc ======================================================== - -In the interests of debugging SSLeay, there is an option to compile -using some simple memory leak checking. - -All malloc(), free() and realloc() calls in SSLeay now go via -Malloc(), Free() and Realloc() (except those in crypto/lhash). - -If CRYPTO_MDEBUG is defined, these calls are #defined to -CRYPTO_malloc(), CRYPTO_free() and CRYPTO_realloc(). -If it is not defined, they are #defined to malloc(), free() and realloc(). - -the CRYPTO_malloc() routines by default just call the underlying library -functons. - -If CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) is called, memory leak detection is -turned on. CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) turns it off. - -When turned on, each Malloc() or Realloc() call is recored along with the file -and line number from where the call was made. (This is done using the -lhash library which always uses normal system malloc(3) routines). - -void CRYPTO_mem_leaks(BIO *b); -void CRYPTO_mem_leaks_fp(FILE *fp); -These both print out the list of memory that has not been free()ed. -This will probably be rather hard to read, but if you look for the 'top level' -structure allocation, this will often give an idea as to what is not being -free()ed. I don't expect people to use this stuff normally. - -==== ca.1 ======================================================== - -From eay@orb.mincom.oz.au Thu Dec 28 23:56:45 1995 -Received: by orb.mincom.oz.au id AA07374 - (5.65c/IDA-1.4.4 for eay); Thu, 28 Dec 1995 13:56:45 +1000 -Date: Thu, 28 Dec 1995 13:56:45 +1000 (EST) -From: Eric Young -X-Sender: eay@orb -To: sameer -Cc: ssleay@mincom.oz.au -Subject: Re: 'ca' -In-Reply-To: <199512230440.UAA23410@infinity.c2.org> -Message-Id: -Mime-Version: 1.0 -Content-Type: TEXT/PLAIN; charset=US-ASCII -Status: RO -X-Status: - -On Fri, 22 Dec 1995, sameer wrote: -> I could use documentation on 'ca'. Thanks. - -Very quickly. -The ca program uses the ssleay.conf file for most of its configuration - -./ca -help - - -verbose - Talk alot while doing things - -config file - A config file. If you don't want to use the - default config file - -name arg - The particular CA definition to use - In the config file, the section to use for parameters. This lets - multiple setups to be contained in the one file. By default, the - default_ca variable is looked up in the [ ca ] section. So in the - shipped ssleay.conf, the CA definition used is CA_default. It could be - any other name. - -gencrl days - Generate a new CRL, days is when the next CRL is due - This will generate a new certificate revocion list. - -days arg - number of days to certify the certificate for - When certifiying certificates, this is the number of days to use. - -md arg - md to use, one of md2, md5, sha or sha1 - -policy arg - The CA 'policy' to support - I'll describe this later, but there are 2 policies definied in the - shipped ssleay.conf - -keyfile arg - PEM RSA private key file - -key arg - key to decode the RSA private key if it is encrypted - since we need to keep the CA's RSA key encrypted - -cert - The CA certificate - -in file - The input PEM encoded certificate request(s) - -out file - Where to put the output file(s) - -outdir dir - Where to put output certificates - The -out options concatinates all the output certificied - certificates to one file, -outdir puts them in a directory, - named by serial number. - -infiles .... - The last argument, requests to process - The certificate requests to process, -in is the same. - -Just about all the above have default values defined in ssleay.conf. - -The key variables in ssleay.conf are (for the pariticular '-name' being -used, in the default, it is CA_default). - -dir is where all the CA database stuff is kept. -certs is where all the previously issued certificates are kept. -The database is a simple text database containing the following tab separated -fields. -status: a value of 'R' - revoked, 'E' -expired or 'V' valid. -issued date: When the certificate was certified. -revoked date: When it was revoked, blank if not revoked. -serial number: The certificate serial number. -certificate: Where the certificate is located. -CN: The name of the certificate. - -The demo file has quite a few made up values it it. The last 2 were -added by the ca program and are acurate. -The CA program does not update the 'certificate' file correctly right now. -The serial field should be unique as should the CN/status combination. -The ca program checks these at startup. What still needs to be -wrtten is a program to 'regenerate' the data base file from the issued -certificate list (and a CRL list). - -Back to the CA_default variables. - -Most of the variables are commented. - -policy is the default policy. - -Ok for policies, they define the order and which fields must be present -in the certificate request and what gets filled in. - -So a value of -countryName = match -means that the country name must match the CA certificate. -organizationalUnitName = optional -The org.Unit,Name does not have to be present and -commonName = supplied -commonName must be supplied in the certificate request. - -For the 'policy_match' polocy, the order of the attributes in the -generated certiticate would be -countryName -stateOrProvinceName -organizationName -organizationalUnitName -commonName -emailAddress - -Have a play, it sort of makes sense. If you think about how the persona -requests operate, it is similar to the 'policy_match' policy and the -'policy_anything' is similar to what versign is doing. - -I hope this helps a bit. Some backend scripts are definitly needed to -update the database and to make certificate revocion easy. All -certificates issued should also be kept forever (or until they expire?) - -hope this helps -eric (who has to run off an buy some cheap knee pads for the caving in 4 -days time :-) - --- -Eric Young | Signature removed since it was generating -AARNet: eay@mincom.oz.au | more followups than the message contents :-) - - -==== ms3-ca.doc ======================================================== - -Date: Mon, 9 Jun 97 08:00:33 +0200 -From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif) -Subject: ms3-ca.doc -Organization: TU Ilmenau, Fak. IA, FG Telematik -Content-Length: 14575 -Status: RO -X-Status: - -Loading client certs into MSIE 3.01 -=================================== - -This document contains all the information necessary to successfully set up -some scripts to issue client certs to Microsoft Internet Explorer. It -includes the required knowledge about the model MSIE uses for client -certification and includes complete sample scripts ready to play with. The -scripts were tested against a modified ca program of SSLeay 0.6.6 and should -work with the regular ca program that comes with version 0.8.0. I haven't -tested against MSIE 4.0 - -You can use the information contained in this document in either way you -want. However if you feel it saved you a lot of time I ask you to be as fair -as to mention my name: Holger Reif . - -1.) The model used by MSIE --------------------------- - -The Internet Explorer doesn't come with a embedded engine for installing -client certs like Netscape's Navigator. It rather uses the CryptoAPI (CAPI) -defined by Microsoft. CAPI comes with WindowsNT 4.0 or is installed together -with Internet Explorer since 3.01. The advantage of this approach is a higher -flexibility because the certificates in the (per user) system open -certificate store may be used by other applications as well. The drawback -however is that you need to do a bit more work to get a client cert issued. - -CAPI defines functions which will handle basic cryptographic work, eg. -generating keys, encrypting some data, signing text or building a certificate -request. The procedure is as follows: A CAPI function generates you a key -pair and saves it into the certificate store. After that one builds a -Distinguished Name. Together with that key pair another CAPI function forms a -PKCS#10 request which you somehow need to submit to a CA. Finally the issued -cert is given to a yet another CAPI function which saves it into the -certificate store. - -The certificate store with the user's keys and certs is in the registry. You -will find it under HKEY_CURRENT_USER/Software/Microsoft/Cryptography/ (I -leave it to you as a little exercise to figure out what all the entries mean -;-). Note that the keys are protected only with the user's usual Windows -login password. - -2.) The practical usage ------------------------ - -Unfortunatly since CAPI is a system API you can't access its functions from -HTML code directly. For this purpose Microsoft provides a wrapper called -certenr3.dll. This DLL accesses the CAPI functions and provides an interface -usable from Visual Basic Script. One needs to install that library on the -computer which wants to have client cert. The easiest way is to load it as an -ActiveX control (certenr3.dll is properly authenticode signed by MS ;-). If -you have ever enrolled e cert request at a CA you will have installed it. - -At time of writing certenr3.dll is contained in -http://www.microsoft.com/workshop/prog/security/csa/certenr3.exe. It comes -with an README file which explains the available functions. It is labeled -beta but every CA seems to use it anyway. The license.txt allows you the -usage for your own purposes (as far as I understood) and a somehow limited -distribution. - -The two functions of main interest are GenerateKeyPair and AcceptCredentials. -For complete explanation of all possible parameters see the README file. Here -are only minimal required parameters and their values. - -GenerateKeyPair(sessionID, FASLE, szName, 0, "ClientAuth", TRUE, FALSE, 1) -- sessionID is a (locally to that computer) unique string to correlate the -generated key pair with a cert installed later. -- szName is the DN of the form "C=DE; S=Thueringen; L=Ilmenau; CN=Holger -Reif; 1.2.840.113549.1.9.1=reif@prakinf.tu-ilmenau.de". Note that S is the -abreviation for StateOrProvince. The recognized abreviation include CN, O, C, -OU, G, I, L, S, T. If the abreviation is unknown (eg. for PKCS#9 email addr) -you need to use the full object identifier. The starting point for searching -them could be crypto/objects.h since all OIDs know to SSLeay are listed -there. -- note: the possible ninth parameter which should give a default name to the -certificate storage location doesn't seem to work. Changes to the constant -values in the call above doesn't seem to make sense. You can't generate -PKCS#10 extensions with that function. - -The result of GenerateKeyPair is the base64 encoded PKCS#10 request. However -it has a little strange format that SSLeay doesn't accept. (BTW I feel the -decision of rejecting that format as standard conforming.) It looks like -follows: - 1st line with 76 chars - 2nd line with 76 chars - ... - (n-2)th line with 76 chars - (n-1)th line contains a multiple of 4 chars less then 76 (possible -empty) - (n)th line has zero or 4 chars (then with 1 or 2 equal signs - the - original text's lenght wasn'T a multiple of 3) - The line separator has two chars: 0x0d 0x0a - -AcceptCredentials(sessionID, credentials, 0, FALSE) -- sessionID needs to be the same as while generating the key pair -- credentials is the base64 encoded PKCS#7 object containing the cert. - -CRL's and CA certs are not required simply just the client cert. (It seems to -me that both are not even checked somehow.) The only format of the base64 -encoded object I succesfully used was all characters in a very long string -without line feeds or carriage returns. (Hey, it doesn't matter, only a -computer reads it!) - -The result should be S_OK. For error handling see the example that comes with -certenr3.dll. - -A note about ASN.1 character encodings. certenr3.dll seems to know only about -2 of them: UniversalString and PrintableString. First it is definitely wrong -for an email address which is IA5STRING (checked by ssleay's ca). Second -unfortunately MSIE (at least until version 3.02) can't handle UniversalString -correctly - they just blow up you cert store! Therefore ssleay's ca (starting -from version 0.8.0) tries to convert the encodings automatically to IA5STRING -or TeletexString. The beef is it will work only for the latin-1 (western) -charset. Microsoft still has to do abit of homework... - -3.) An example --------------- - -At least you need two steps: generating the key & request and then installing -the certificate. A real world CA would have some more steps involved, eg. -accepting some license. Note that both scripts shown below are just -experimental state without any warrenty! - -First how to generate a request. Note that we can't use a static page because -of the sessionID. I generate it from system time plus pid and hope it is -unique enough. Your are free to feed it through md5 to get more impressive -ID's ;-) Then the intended text is read in with sed which inserts the -sessionID. - ------BEGIN ms-enroll.cgi----- -#!/bin/sh -SESSION_ID=`date '+%y%m%d%H%M%S'`$$ -echo Content-type: text/html -echo -sed s/template_for_sessId/$SESSION_ID/ < -Certificate Enrollment Test Page - - - - - -
-

enrollment for a personal cert

-

-

- - - - - - - - - - - - -
Country
State
Location
Organization
Organizational Unit
Name
eMail Address
- - -
-

-

- - - - -EOF ------END ms-enroll.cgi----- - -Second, how to extract the request and feed the certificate back? We need to -"normalize" the base64 encoding of the PKCS#10 format which means -regenerating the lines and wrapping with BEGIN and END line. This is done by -gawk. The request is taken by ca the normal way. Then the cert needs to be -packed into a PKCS#7 structure (note: the use of a CRL is necessary for -crl2pkcs7 as of version 0.6.6. Starting with 0.8.0 it it might probably be -ommited). Finally we need to format the PKCS#7 object and generate the HTML -text. I use two templates to have a clearer script. - -1st note: postit2 is slightly modified from a program I found at ncsa's ftp -site. Grab it from http://www.easterngraphics.com/certs/IX9704/postit2.c. You -need utils.c from there too. - -2nd note: I'm note quite sure wether the gawk script really handles all -possible inputs for the request right! Today I don't use this construction -anymore myself. - -3d note: the cert must be of version 3! This could be done with the nsComment -line in ssleay.cnf... - -------BEGIN ms-gencert.cgi----- -#!/bin/sh -FILE="/tmp/"`date '+%y%m%d%H%M%S'-`$$ -rm -f "$FILE".* - -HOME=`pwd`; export HOME # as ssleay.cnf insists on having such an env var -cd /usr/local/ssl #where demoCA (as named in ssleay.conf) is located - -postit2 -s " " -i 0x0d > "$FILE".inp # process the FORM vars - -SESSION_ID=`gawk '$1 == "SessionId" { print $2; exit }' "$FILE".inp` - -gawk \ - 'BEGIN { \ - OFS = ""; \ - print "-----BEGIN CERTIFICATE REQUEST-----"; \ - req_seen=0 \ - } \ - $1 == "Request" { \ - req_seen=1; \ - if (length($2) == 72) print($2); \ - lastline=$2; \ - next; \ - } \ - { \ - if (req_seen == 1) { \ - if (length($1) >= 72) print($1); \ - else if (length(lastline) < 72) { \ - req_seen=0; \ - print (lastline,$1); \ - } \ - lastline=$1; \ - } \ - } \ - END { \ - print "-----END CERTIFICATE REQUEST-----"; \ - }' > "$FILE".pem < "$FILE".inp - -ssleay ca -batch -in "$FILE".pem -key passwd -out "$FILE".out -ssleay crl2pkcs7 -certfile "$FILE".out -out "$FILE".pkcs7 -in demoCA/crl.pem - -sed s/template_for_sessId/$SESSION_ID/ "$FILE".cert -/usr/local/bin/gawk \ - 'BEGIN { \ - OFS = ""; \ - dq = sprintf("%c",34); \ - } \ - $0 ~ "PKCS7" { next; } \ - { \ - print dq$0dq" & _"; \ - }' <"$FILE".pkcs7 >> "$FILE".cert -cat ms-enroll2b.html >>"$FILE".cert - -echo Content-type: text/html -echo Content-length: `wc -c "$FILE".cert` -echo -cat "$FILE".cert -rm -f "$FILE".* ------END ms-gencert.cgi----- - -----BEGIN ms-enroll2a.html---- -Certificate Acceptance Test Page - - - - -
-

Your personal certificate

-

-Press the button! -

-

-

- - - - -----END ms-enroll2b.html---- - -4.) What do do with the cert? ------------------------------ - -The cert is visible (without restarting MSIE) under the following menu: -View->Options->Security->Personal certs. You can examine it's contents at -least partially. - -To use it for client authentication you need to use SSL3.0 (fortunately -SSLeay supports it with 0.8.0). Furthermore MSIE is told to only supports a -kind of automatic selection of certs (I personally wasn't able to test it -myself). But there is a requirement that the issuer of the server cert and -the issuer of the client cert needs to be the same (according to a developer -from MS). Which means: you need may more then one cert to talk to all -servers... - -I'm sure we will get a bit more experience after ApacheSSL is available for -SSLeay 0.8.8. - - -I hope you enjoyed reading and that in future questions on this topic will -rarely appear on ssl-users@moncom.com ;-) - -Ilmenau, 9th of June 1997 -Holger Reif --- -read you later - Holger Reif ----------------------------------------- Signaturprojekt Deutsche Einheit -TU Ilmenau - Informatik - Telematik (Verdamp lang her) -Holger.Reif@PrakInf.TU-Ilmenau.DE Alt wie ein Baum werden, um ueber -http://Remus.PrakInf.TU-Ilmenau.DE/Reif/ alle 7 Bruecken gehen zu koennen - - -==== ns-ca.doc ======================================================== - -The following documentation was supplied by Jeff Barber, who provided the -patch to the CA program to add this functionality. - -eric --- -Jeff Barber Email: jeffb@issl.atl.hp.com - -Hewlett Packard Phone: (404) 648-9503 -Internet and System Security Lab Fax: (404) 648-9516 - - oo ----------------------cut /\ here for ns-ca.doc ------------------------------ - -This document briefly describes how to use SSLeay to implement a -certificate authority capable of dynamically serving up client -certificates for version 3.0 beta 5 (and presumably later) versions of -the Netscape Navigator. Before describing how this is done, it's -important to understand a little about how the browser implements its -client certificate support. This is documented in some detail in the -URLs based at . -Here's a brief overview: - -- The Navigator supports a new HTML tag "KEYGEN" which will cause - the browser to generate an RSA key pair when you submit a form - containing the tag. The public key, along with an optional - challenge (supposedly provided for use in certificate revocation - but I don't use it) is signed, DER-encoded, base-64 encoded - and sent to the web server as the value of the variable - whose NAME is provided in the KEYGEN tag. The private key is - stored by the browser in a local key database. - - This "Signed Public Key And Challenge" (SPKAC) arrives formatted - into 64 character lines (which are of course URL-encoded when - sent via HTTP -- i.e. spaces, newlines and most punctuatation are - encoded as "%HH" where HH is the hex equivalent of the ASCII code). - Note that the SPKAC does not contain the other usual attributes - of a certificate request, especially the subject name fields. - These must be otherwise encoded in the form for submission along - with the SPKAC. - -- Either immediately (in response to this form submission), or at - some later date (a real CA will probably verify your identity in - some way before issuing the certificate), a web server can send a - certificate based on the public key and other attributes back to - the browser by encoding it in DER (the binary form) and sending it - to the browser as MIME type: - "Content-type: application/x-x509-user-cert" - - The browser uses the public key encoded in the certificate to - associate the certificate with the appropriate private key in - its local key database. Now, the certificate is "installed". - -- When a server wants to require authentication based on client - certificates, it uses the right signals via the SSL protocol to - trigger the Navigator to ask you which certificate you want to - send. Whether the certificate is accepted is dependent on CA - certificates and so forth installed in the server and is beyond - the scope of this document. - - -Now, here's how the SSLeay package can be used to provide client -certficates: - -- You prepare a file for input to the SSLeay ca application. - The file contains a number of "name = value" pairs that identify - the subject. The names here are the same subject name component - identifiers used in the CA section of the lib/ssleay.conf file, - such as "emailAddress", "commonName" "organizationName" and so - forth. Both the long version and the short version (e.g. "Email", - "CN", "O") can be used. - - One more name is supported: this one is "SPKAC". Its value - is simply the value of the base-64 encoded SPKAC sent by the - browser (with all the newlines and other space charaters - removed -- and newline escapes are NOT supported). - - [ As of SSLeay 0.6.4, multiple lines are supported. - Put a \ at the end of each line and it will be joined with the - previous line with the '\n' removed - eay ] - - Here's a sample input file: - -C = US -SP = Georgia -O = Some Organization, Inc. -OU = Netscape Compatibility Group -CN = John X. Doe -Email = jxdoe@someorg.com -SPKAC = MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwmk6FMJ4uAVIYbcvIOx5+bDGTfvL8X5gE+R67ccMk6rCSGbVQz2cetyQtnI+VIs0NwdD6wjuSuVtVFbLoHonowIDAQABFgAwDQYJKoZIhvcNAQEEBQADQQBFZDUWFl6BJdomtN1Bi53mwijy1rRgJ4YirF15yBEDM3DjAQkKXHYOIX+qpz4KXKnl6EYxTnGSFL5wWt8X2iyx - -- You execute the ca command (either from a CGI program run out of - the web server, or as a later manual task) giving it the above - file as input. For example, if the file were named /tmp/cert.req, - you'd run: - $SSLDIR/bin/ca -spkac /tmp/cert.req -out /tmp/cert - - The output is in DER format (binary) if a -out argument is - provided, as above; otherwise, it's in the PEM format (base-64 - encoded DER). Also, the "-batch" switch is implied by the - "-spkac" so you don't get asked whether to complete the signing - (probably it shouldn't work this way but I was only interested - in hacking together an online CA that could be used for issuing - test certificates). - - The "-spkac" capability doesn't support multiple files (I think). - - Any CHALLENGE provided in the SPKAC is simply ignored. - - The interactions between the identification fields you provide - and those identified in your lib/ssleay.conf are the same as if - you did an ordinary "ca -in infile -out outfile" -- that is, if - something is marked as required in the ssleay.conf file and it - isn't found in the -spkac file, the certificate won't be issued. - -- Now, you pick up the output from /tmp/cert and pass it back to - the Navigator prepending the Content-type string described earlier. - -- In order to run the ca command out of a CGI program, you must - provide a password to decrypt the CA's private key. You can - do this by using "echo MyKeyPassword | $SSLDIR/bin/ca ..." - I think there's a way to not encrypt the key file in the first - place, but I didn't see how to do that, so I made a small change - to the library that allows the password to be accepted from a pipe. - Either way is UTTERLY INSECURE and a real CA would never do that. - - [ You can use the 'ssleay rsa' command to remove the password - from the private key, or you can use the '-key' option to the - ca command to specify the decryption key on the command line - or use the -nodes option when generating the key. - ca will try to clear the command line version of the password - but for quite a few operating systems, this is not possible. - - eric ] - -So, what do you have to do to make use of this stuff to create an online -demo CA capability with SSLeay? - -1 Create an HTML form for your users. The form should contain - fields for all of the required or optional fields in ssleay.conf. - The form must contain a KEYGEN tag somewhere with at least a NAME - attribute. - -2 Create a CGI program to process the form input submitted by the - browser. The CGI program must URL-decode the variables and create - the file described above, containing subject identification info - as well as the SPKAC block. It should then run the the ca program - with the -spkac option. If it works (check the exit status), - return the new certificate with the appropriate MIME type. If not, - return the output of the ca command with MIME type "text/plain". - -3 Set up your web server to accept connections signed by your demo - CA. This probably involves obtaining the PEM-encoded CA certificate - (ordinarily in $SSLDIR/CA/cacert.pem) and installing it into a - server database. See your server manual for instructions. - - -==== obj.doc ======================================================== - -The Object library. - -As part of my Crypto library, I found I required a method of identifying various -objects. These objects normally had 3 different values associated with -them, a short text name, a long (or lower case) text name, and an -ASN.1 Object Identifier (which is a sequence of numbers). -This library contains a static list of objects and functions to lookup -according to one type and to return the other types. - -To use these routines, 'Object.h' needs to be included. - -For each supported object, #define entries are defined as follows -#define SN_Algorithm "Algorithm" -#define LN_algorithm "algorithm" -#define NID_algorithm 38 -#define OBJ_algorithm 1L,3L,14L,3L,2L - -SN_ stands for short name. -LN_ stands for either long name or lowercase name. -NID_ stands for Numeric ID. I each object has a unique NID and this - should be used internally to identify objects. -OBJ_ stands for ASN.1 Object Identifier or ASN1_OBJECT as defined in the - ASN1 routines. These values are used in ASN1 encoding. - -The following functions are to be used to return pointers into a static -definition of these types. What this means is "don't try to free() any -pointers returned from these functions. - -ASN1_OBJECT *OBJ_nid2obj( -int n); - Return the ASN1_OBJECT that corresponds to a NID of n. - -char *OBJ_nid2ln( -int n); - Return the long/lower case name of the object represented by the - NID of n. - -char *OBJ_nid2sn( -int n); - Return the short name for the object represented by the NID of n. - -ASN1_OBJECT *OBJ_dup( -ASN1_OBJECT *o); - Duplicate and return a new ASN1_OBJECT that is the same as the - passed parameter. - -int OBJ_obj2nid( -ASN1_OBJECT *o); - Given ASN1_OBJECT o, return the NID that corresponds. - -int OBJ_ln2nid( -char *s); - Given the long/lower case name 's', return the NID of the object. - -int OBJ_sn2nid( -char *s); - Given the short name 's', return the NID of the object. - -char *OBJ_bsearch( -char *key, -char *base, -int num, -int size, -int (*cmp)()); - Since I have come across a few platforms that do not have the - bsearch() function, OBJ_bsearch is my version of that function. - Feel free to use this function, but you may as well just use the - normal system bsearch(3) if it is present. This version also - has tolerance of being passed NULL pointers. - -==== keys =========================================================== - -EVP_PKEY_DSA -EVP_PKEY_DSA2 -EVP_PKEY_DSA3 -EVP_PKEY_DSA4 - -EVP_PKEY_RSA -EVP_PKEY_RSA2 - -valid DSA pkey types - NID_dsa - NID_dsaWithSHA - NID_dsaWithSHA1 - NID_dsaWithSHA1_2 - -valid RSA pkey types - NID_rsaEncryption - NID_rsa - -NID_dsaWithSHA NID_dsaWithSHA DSA SHA -NID_dsa NID_dsaWithSHA1 DSA SHA1 -NID_md2 NID_md2WithRSAEncryption RSA-pkcs1 MD2 -NID_md5 NID_md5WithRSAEncryption RSA-pkcs1 MD5 -NID_mdc2 NID_mdc2WithRSA RSA-none MDC2 -NID_ripemd160 NID_ripemd160WithRSA RSA-pkcs1 RIPEMD160 -NID_sha NID_shaWithRSAEncryption RSA-pkcs1 SHA -NID_sha1 NID_sha1WithRSAEncryption RSA-pkcs1 SHA1 - -==== rand.doc ======================================================== - -My Random number library. - -These routines can be used to generate pseudo random numbers and can be -used to 'seed' the pseudo random number generator (RNG). The RNG make no -effort to reproduce the same random number stream with each execution. -Various other routines in the SSLeay library 'seed' the RNG when suitable -'random' input data is available. Read the section at the end for details -on the design of the RNG. - -void RAND_bytes( -unsigned char *buf, -int num); - This routine puts 'num' random bytes into 'buf'. One should make - sure RAND_seed() has been called before using this routine. - -void RAND_seed( -unsigned char *buf, -int num); - This routine adds more 'seed' data the RNG state. 'num' bytes - are added to the RNG state, they are taken from 'buf'. This - routine can be called with sensitive data such as user entered - passwords. This sensitive data is in no way recoverable from - the RAND library routines or state. Try to pass as much data - from 'random' sources as possible into the RNG via this function. - Also strongly consider using the RAND_load_file() and - RAND_write_file() routines. - -void RAND_cleanup(); - When a program has finished with the RAND library, if it so - desires, it can 'zero' all RNG state. - -The following 3 routines are convenience routines that can be used to -'save' and 'restore' data from/to the RNG and it's state. -Since the more 'random' data that is feed as seed data the better, why not -keep it around between executions of the program? Of course the -application should pass more 'random' data in via RAND_seed() and -make sure no-one can read the 'random' data file. - -char *RAND_file_name( -char *buf, -int size); - This routine returns a 'default' name for the location of a 'rand' - file. The 'rand' file should keep a sequence of random bytes used - to initialise the RNG. The filename is put in 'buf'. Buf is 'size' - bytes long. Buf is returned if things go well, if they do not, - NULL is returned. The 'rand' file name is generated in the - following way. First, if there is a 'RANDFILE' environment - variable, it is returned. Second, if there is a 'HOME' environment - variable, $HOME/.rand is returned. Third, NULL is returned. NULL - is also returned if a buf would overflow. - -int RAND_load_file( -char *file, -long number); - This function 'adds' the 'file' into the RNG state. It does this by - doing a RAND_seed() on the value returned from a stat() system call - on the file and if 'number' is non-zero, upto 'number' bytes read - from the file. The number of bytes passed to RAND_seed() is returned. - -int RAND_write_file( -char *file), - RAND_write_file() writes N random bytes to the file 'file', where - N is the size of the internal RND state (currently 1k). - This is a suitable method of saving RNG state for reloading via - RAND_load_file(). - -What follows is a description of this RNG and a description of the rational -behind it's design. - -It should be noted that this RNG is intended to be used to generate -'random' keys for various ciphers including generation of DH and RSA keys. - -It should also be noted that I have just created a system that I am happy with. -It may be overkill but that does not worry me. I have not spent that much -time on this algorithm so if there are glaring errors, please let me know. -Speed has not been a consideration in the design of these routines. - -First up I will state the things I believe I need for a good RNG. -1) A good hashing algorithm to mix things up and to convert the RNG 'state' - to random numbers. -2) An initial source of random 'state'. -3) The state should be very large. If the RNG is being used to generate - 4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). - If your RNG state only has 128 bits, you are obviously limiting the - search space to 128 bits, not 2048. I'm probably getting a little - carried away on this last point but it does indicate that it may not be - a bad idea to keep quite a lot of RNG state. It should be easier to - break a cipher than guess the RNG seed data. -4) Any RNG seed data should influence all subsequent random numbers - generated. This implies that any random seed data entered will have - an influence on all subsequent random numbers generated. -5) When using data to seed the RNG state, the data used should not be - extractable from the RNG state. I believe this should be a - requirement because one possible source of 'secret' semi random - data would be a private key or a password. This data must - not be disclosed by either subsequent random numbers or a - 'core' dump left by a program crash. -6) Given the same initial 'state', 2 systems should deviate in their RNG state - (and hence the random numbers generated) over time if at all possible. -7) Given the random number output stream, it should not be possible to determine - the RNG state or the next random number. - - -The algorithm is as follows. - -There is global state made up of a 1023 byte buffer (the 'state'), a -working message digest ('md') and a counter ('count'). - -Whenever seed data is added, it is inserted into the 'state' as -follows. - The input is chopped up into units of 16 bytes (or less for - the last block). Each of these blocks is run through the MD5 - message digest. The data passed to the MD5 digest is the - current 'md', the same number of bytes from the 'state' - (the location determined by in incremented looping index) as - the current 'block' and the new key data 'block'. The result - of this is kept in 'md' and also xored into the 'state' at the - same locations that were used as input into the MD5. - I believe this system addresses points 1 (MD5), 3 (the 'state'), - 4 (via the 'md'), 5 (by the use of MD5 and xor). - -When bytes are extracted from the RNG, the following process is used. -For each group of 8 bytes (or less), we do the following, - Input into MD5, the top 8 bytes from 'md', the byte that are - to be overwritten by the random bytes and bytes from the - 'state' (incrementing looping index). From this digest output - (which is kept in 'md'), the top (upto) 8 bytes are - returned to the caller and the bottom (upto) 8 bytes are xored - into the 'state'. - Finally, after we have finished 'generation' random bytes for the - called, 'count' (which is incremented) and 'md' are fed into MD5 and - the results are kept in 'md'. - I believe the above addressed points 1 (use of MD5), 6 (by - hashing into the 'state' the 'old' data from the caller that - is about to be overwritten) and 7 (by not using the 8 bytes - given to the caller to update the 'state', but they are used - to update 'md'). - -So of the points raised, only 2 is not addressed, but sources of -random data will always be a problem. - - -==== rc2.doc ======================================================== - -The RC2 library. - -RC2 is a block cipher that operates on 64bit (8 byte) quantities. It -uses variable size key, but 128bit (16 byte) key would normally be considered -good. It can be used in all the modes that DES can be used. This -library implements the ecb, cbc, cfb64, ofb64 modes. - -I have implemented this library from an article posted to sci.crypt on -11-Feb-1996. I personally don't know how far to trust the RC2 cipher. -While it is capable of having a key of any size, not much reseach has -publically been done on it at this point in time (Apr-1996) -since the cipher has only been public for a few months :-) -It is of a similar speed to DES and IDEA, so unless it is required for -meeting some standard (SSLv2, perhaps S/MIME), it would probably be advisable -to stick to IDEA, or for the paranoid, Tripple DES. - -Mind you, having said all that, I should mention that I just read alot and -implement ciphers, I'm a 'babe in the woods' when it comes to evaluating -ciphers :-). - -For all calls that have an 'input' and 'output' variables, they can be the -same. - -This library requires the inclusion of 'rc2.h'. - -All of the encryption functions take what is called an RC2_KEY as an -argument. An RC2_KEY is an expanded form of the RC2 key. -For all modes of the RC2 algorithm, the RC2_KEY used for -decryption is the same one that was used for encryption. - -The define RC2_ENCRYPT is passed to specify encryption for the functions -that require an encryption/decryption flag. RC2_DECRYPT is passed to -specify decryption. - -Please note that any of the encryption modes specified in my DES library -could be used with RC2. I have only implemented ecb, cbc, cfb64 and -ofb64 for the following reasons. -- ecb is the basic RC2 encryption. -- cbc is the normal 'chaining' form for block ciphers. -- cfb64 can be used to encrypt single characters, therefore input and output - do not need to be a multiple of 8. -- ofb64 is similar to cfb64 but is more like a stream cipher, not as - secure (not cipher feedback) but it does not have an encrypt/decrypt mode. -- If you want triple RC2, thats 384 bits of key and you must be totally - obsessed with security. Still, if you want it, it is simple enough to - copy the function from the DES library and change the des_encrypt to - RC2_encrypt; an exercise left for the paranoid reader :-). - -The functions are as follows: - -void RC2_set_key( -RC2_KEY *ks; -int len; -unsigned char *key; -int bits; - RC2_set_key converts an 'len' byte key into a RC2_KEY. - A 'ks' is an expanded form of the 'key' which is used to - perform actual encryption. It can be regenerated from the RC2 key - so it only needs to be kept when encryption or decryption is about - to occur. Don't save or pass around RC2_KEY's since they - are CPU architecture dependent, 'key's are not. RC2 is an - interesting cipher in that it can be used with a variable length - key. 'len' is the length of 'key' to be used as the key. - A 'len' of 16 is recomended. The 'bits' argument is an - interesting addition which I only found out about in Aug 96. - BSAFE uses this parameter to 'limit' the number of bits used - for the key. To use the 'key' unmodified, set bits to 1024. - This is what old versions of my RC2 library did (SSLeay 0.6.3). - RSAs BSAFE library sets this parameter to be 128 if 128 bit - keys are being used. So to be compatable with BSAFE, set it - to 128, if you don't want to reduce RC2's key length, leave it - at 1024. - -void RC2_encrypt( -unsigned long *data, -RC2_KEY *key, -int encrypt); - This is the RC2 encryption function that gets called by just about - every other RC2 routine in the library. You should not use this - function except to implement 'modes' of RC2. I say this because the - functions that call this routine do the conversion from 'char *' to - long, and this needs to be done to make sure 'non-aligned' memory - access do not occur. - Data is a pointer to 2 unsigned long's and key is the - RC2_KEY to use. Encryption or decryption is indicated by 'encrypt'. - which can have the values RC2_ENCRYPT or RC2_DECRYPT. - -void RC2_ecb_encrypt( -unsigned char *in, -unsigned char *out, -RC2_KEY *key, -int encrypt); - This is the basic Electronic Code Book form of RC2 (in DES this - mode is called Electronic Code Book so I'm going to use the term - for rc2 as well. - Input is encrypted into output using the key represented by - key. Depending on the encrypt, encryption or - decryption occurs. Input is 8 bytes long and output is 8 bytes. - -void RC2_cbc_encrypt( -unsigned char *in, -unsigned char *out, -long length, -RC2_KEY *ks, -unsigned char *ivec, -int encrypt); - This routine implements RC2 in Cipher Block Chaining mode. - Input, which should be a multiple of 8 bytes is encrypted - (or decrypted) to output which will also be a multiple of 8 bytes. - The number of bytes is in length (and from what I've said above, - should be a multiple of 8). If length is not a multiple of 8, bad - things will probably happen. ivec is the initialisation vector. - This function updates iv after each call so that it can be passed to - the next call to RC2_cbc_encrypt(). - -void RC2_cfb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -RC2_KEY *schedule, -unsigned char *ivec, -int *num, -int encrypt); - This is one of the more useful functions in this RC2 library, it - implements CFB mode of RC2 with 64bit feedback. - This allows you to encrypt an arbitrary number of bytes, - you do not require 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. Num contains 'how far' we are though ivec. - 'Encrypt' is used to indicate encryption or decryption. - CFB64 mode operates by using the cipher to generate a stream - of bytes which is used to encrypt the plain text. - The cipher text is then encrypted to generate the next 64 bits to - be xored (incrementally) with the next 64 bits of plain - text. As can be seen from this, to encrypt or decrypt, - the same 'cipher stream' needs to be generated but the way the next - block of data is gathered for encryption is different for - encryption and decryption. - -void RC2_ofb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -RC2_KEY *schedule, -unsigned char *ivec, -int *num); - This functions implements OFB mode of RC2 with 64bit feedback. - This allows you to encrypt an arbitrary number of bytes, - you do not require 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. Num contains 'how far' we are though ivec. - This is in effect a stream cipher, there is no encryption or - decryption mode. - -For reading passwords, I suggest using des_read_pw_string() from my DES library. -To generate a password from a text string, I suggest using MD5 (or MD2) to -produce a 16 byte message digest that can then be passed directly to -RC2_set_key(). - -===== -For more information about the specific RC2 modes in this library -(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the -documentation on my DES library. What is said about DES is directly -applicable for RC2. - - -==== rc4.doc ======================================================== - -The RC4 library. -RC4 is a stream cipher that operates on a byte stream. It can be used with -any length key but I would recommend normally using 16 bytes. - -This library requires the inclusion of 'rc4.h'. - -The RC4 encryption function takes what is called an RC4_KEY as an argument. -The RC4_KEY is generated by the RC4_set_key function from the key bytes. - -RC4, being a stream cipher, does not have an encryption or decryption mode. -It produces a stream of bytes that the input stream is xor'ed against and -so decryption is just a case of 'encrypting' again with the same key. - -I have only put in one 'mode' for RC4 which is the normal one. This means -there is no initialisation vector and there is no feedback of the cipher -text into the cipher. This implies that you should not ever use the -same key twice if you can help it. If you do, you leave yourself open to -known plain text attacks; if you know the plain text and -corresponding cipher text in one message, all messages that used the same -key can have the cipher text decoded for the corresponding positions in the -cipher stream. - -The main positive feature of RC4 is that it is a very fast cipher; about 4 -times faster that DES. This makes it ideally suited to protocols where the -key is randomly chosen, like SSL. - -The functions are as follows: - -void RC4_set_key( -RC4_KEY *key; -int len; -unsigned char *data); - This function initialises the RC4_KEY structure with the key passed - in 'data', which is 'len' bytes long. The key data can be any - length but 16 bytes seems to be a good number. - -void RC4( -RC4_KEY *key; -unsigned long len; -unsigned char *in; -unsigned char *out); - Do the actual RC4 encryption/decryption. Using the 'key', 'len' - bytes are transformed from 'in' to 'out'. As mentioned above, - decryption is the operation as encryption. - -==== ref.doc ======================================================== - -I have lots more references etc, and will update this list in the future, -30 Aug 1996 - eay - - -SSL The SSL Protocol - from Netscapes. - -RC4 Newsgroups: sci.crypt - From: sterndark@netcom.com (David Sterndark) - Subject: RC4 Algorithm revealed. - Message-ID: - -RC2 Newsgroups: sci.crypt - From: pgut01@cs.auckland.ac.nz (Peter Gutmann) - Subject: Specification for Ron Rivests Cipher No.2 - Message-ID: <4fk39f$f70@net.auckland.ac.nz> - -MD2 RFC1319 The MD2 Message-Digest Algorithm -MD5 RFC1321 The MD5 Message-Digest Algorithm - -X509 Certificates - RFC1421 Privacy Enhancement for Internet Electronic Mail: Part I - RFC1422 Privacy Enhancement for Internet Electronic Mail: Part II - RFC1423 Privacy Enhancement for Internet Electronic Mail: Part III - RFC1424 Privacy Enhancement for Internet Electronic Mail: Part IV - -RSA and various standard encoding - PKCS#1 RSA Encryption Standard - PKCS#5 Password-Based Encryption Standard - PKCS#7 Cryptographic Message Syntax Standard - A Layman's Guide to a Subset of ASN.1, BER, and DER - An Overview of the PKCS Standards - Some Examples of the PKCS Standards - -IDEA Chapter 3 The Block Cipher IDEA - -RSA, prime number generation and bignum algorithms - Introduction To Algorithms, - Thomas Cormen, Charles Leiserson, Ronald Rivest, - Section 29 Arithmetic Circuits - Section 33 Number-Theoretic Algorithms - -Fast Private Key algorithm - Fast Decipherment Algorithm for RSA Public-Key Cryptosystem - J.-J. Quisquater and C. Couvreur, Electronics Letters, - 14th October 1982, Vol. 18 No. 21 - -Prime number generation and bignum algorithms. - PGP-2.3a - -==== rsa.doc ======================================================== - -The RSA encryption and utility routines. - -The RSA routines are built on top of a big number library (the BN library). -There are support routines in the X509 library for loading and manipulating -the various objects in the RSA library. When errors are returned, read -about the ERR library for how to access the error codes. - -All RSA encryption is done according to the PKCS-1 standard which is -compatible with PEM and RSAref. This means that any values being encrypted -must be less than the size of the modulus in bytes, minus 10, bytes long. - -This library uses RAND_bytes()() for it's random data, make sure to feed -RAND_seed() with lots of interesting and varied data before using these -routines. - -The RSA library has one specific data type, the RSA structure. -It is composed of 8 BIGNUM variables (see the BN library for details) and -can hold either a private RSA key or a public RSA key. -Some RSA libraries have different structures for public and private keys, I -don't. For my libraries, a public key is determined by the fact that the -RSA->d value is NULL. These routines will operate on any size RSA keys. -While I'm sure 4096 bit keys are very very secure, they take a lot longer -to process that 1024 bit keys :-). - -The function in the RSA library are as follows. - -RSA *RSA_new(); - This function creates a new RSA object. The sub-fields of the RSA - type are also malloced so you should always use this routine to - create RSA variables. - -void RSA_free( -RSA *rsa); - This function 'frees' an RSA structure. This routine should always - be used to free the RSA structure since it will also 'free' any - sub-fields of the RSA type that need freeing. - -int RSA_size( -RSA *rsa); - This function returns the size of the RSA modulus in bytes. Why do - I need this you may ask, well the reason is that when you encrypt - with RSA, the output string will be the size of the RSA modulus. - So the output for the RSA_encrypt and the input for the RSA_decrypt - routines need to be RSA_size() bytes long, because this is how many - bytes are expected. - -For the following 4 RSA encryption routines, it should be noted that -RSA_private_decrypt() should be used on the output from -RSA_public_encrypt() and RSA_public_decrypt() should be used on -the output from RSA_private_encrypt(). - -int RSA_public_encrypt( -int from_len; -unsigned char *from -unsigned char *to -RSA *rsa); - This function implements RSA public encryption, the rsa variable - should be a public key (but can be a private key). 'from_len' - bytes taken from 'from' and encrypted and put into 'to'. 'to' needs - to be at least RSA_size(rsa) bytes long. The number of bytes - written into 'to' is returned. -1 is returned on an error. The - operation performed is - to = from^rsa->e mod rsa->n. - -int RSA_private_encrypt( -int from_len; -unsigned char *from -unsigned char *to -RSA *rsa); - This function implements RSA private encryption, the rsa variable - should be a private key. 'from_len' bytes taken from - 'from' and encrypted and put into 'to'. 'to' needs - to be at least RSA_size(rsa) bytes long. The number of bytes - written into 'to' is returned. -1 is returned on an error. The - operation performed is - to = from^rsa->d mod rsa->n. - -int RSA_public_decrypt( -int from_len; -unsigned char *from -unsigned char *to -RSA *rsa); - This function implements RSA public decryption, the rsa variable - should be a public key (but can be a private key). 'from_len' - bytes are taken from 'from' and decrypted. The decrypted data is - put into 'to'. The number of bytes encrypted is returned. -1 is - returned to indicate an error. The operation performed is - to = from^rsa->e mod rsa->n. - -int RSA_private_decrypt( -int from_len; -unsigned char *from -unsigned char *to -RSA *rsa); - This function implements RSA private decryption, the rsa variable - should be a private key. 'from_len' bytes are taken - from 'from' and decrypted. The decrypted data is - put into 'to'. The number of bytes encrypted is returned. -1 is - returned to indicate an error. The operation performed is - to = from^rsa->d mod rsa->n. - -int RSA_mod_exp( -BIGNUM *n; -BIGNUM *p; -RSA *rsa); - Normally you will never use this routine. - This is really an internal function which is called by - RSA_private_encrypt() and RSA_private_decrypt(). It performs - n=n^p mod rsa->n except that it uses the 5 extra variables in the - RSA structure to make this more efficient. - -RSA *RSA_generate_key( -int bits; -unsigned long e; -void (*callback)(); -char *cb_arg; - This routine is used to generate RSA private keys. It takes - quite a period of time to run and should only be used to - generate initial private keys that should then be stored - for later use. The passed callback function - will be called periodically so that feedback can be given - as to how this function is progressing. - 'bits' is the length desired for the modulus, so it would be 1024 - to generate a 1024 bit private key. - 'e' is the value to use for the public exponent 'e'. Traditionally - it is set to either 3 or 0x10001. - The callback function (if not NULL) is called in the following - situations. - when we have generated a suspected prime number to test, - callback(0,num1++,cb_arg). When it passes a prime number test, - callback(1,num2++,cb_arg). When it is rejected as one of - the 2 primes required due to gcd(prime,e value) != 0, - callback(2,num3++,cb_arg). When finally accepted as one - of the 2 primes, callback(3,num4++,cb_arg). - - -==== rsaref.doc ======================================================== - -This package can be compiled to use the RSAref library. -This library is not allowed outside of the USA but inside the USA it is -claimed by RSA to be the only RSA public key library that can be used -besides BSAFE.. - -There are 2 files, rsaref/rsaref.c and rsaref/rsaref.h that contain the glue -code to use RSAref. These files were written by looking at the PGP -source code and seeing which routines it used to access RSAref. -I have also been sent by some-one a copy of the RSAref header file that -contains the library error codes. - -[ Jun 1996 update - I have recently gotten hold of RSAref 2.0 from - South Africa and have been doing some performace tests. ] - -They have now been tested against the recently announced RSAEURO -library. - -There are 2 ways to use SSLeay and RSAref. First, to build so that -the programs must be linked with RSAref, add '-DRSAref' to CFLAG in the top -level makefile and -lrsaref (or where ever you are keeping RSAref) to -EX_LIBS. - -To build a makefile via util/mk1mf.pl to do this, use the 'rsaref' option. - -The second method is to build as per normal and link applications with -the RSAglue library. The correct library order would be -cc -o cmd cmd.o -lssl -lRSAglue -lcrypto -lrsaref -ldes -The RSAglue library is built in the rsa directory and is NOT -automatically installed. - -Be warned that the RSAEURO library, that is claimed to be compatible -with RSAref contains a different value for the maximum number of bits -supported. This changes structure sizes and so if you are using -RSAEURO, change the value of RSAref_MAX_BITS in rsa/rsaref.h - - -==== s_mult.doc ======================================================== - -s_mult is a test program I hacked up on a Sunday for testing non-blocking -IO. It has a select loop at it's centre that handles multiple readers -and writers. - -Try the following command -ssleay s_mult -echo -nbio -ssl -v -echo - sends any sent text back to the sender -nbio - turns on non-blocking IO -ssl - accept SSL connections, default is normal text -v - print lots - type Q to quit - -In another window, run the following -ssleay s_client -pause new_session_cb is a function pointer to a function of type -int new_session_callback(SSL *ssl,SSL_SESSION *new); -This function, if set in the SSL_CTX structure is called whenever a new -SSL_SESSION is added to the cache. If the callback returns non-zero, it -means that the application will have to do a SSL_SESSION_free() -on the structure (this is -to do with the cache keeping the reference counts correct, without the -application needing to know about it. -The 'active' parameter is the current SSL session for which this connection -was created. - -void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,int (*cb)()); -to set the callback, -int (*cb)() SSL_CTX_sess_get_new_cb(SSL_CTX *ctx) -to get the callback. - -If the 'get session' callback is set, when a session id is looked up and -it is not in the session-id cache, this callback is called. The callback is -of the form -SSL_SESSION *get_session_callback(unsigned char *sess_id,int sess_id_len, - int *copy); - -The get_session_callback is intended to return null if no session id is found. -The reference count on the SSL_SESSION in incremented by the SSL library, -if copy is 1. Otherwise, the reference count is not modified. - -void SSL_CTX_sess_set_get_cb(ctx,cb) sets the callback and -int (*cb)()SSL_CTX_sess_get_get_cb(ctx) returns the callback. - -These callbacks are basically indended to be used by processes to -send their session-id's to other processes. I currently have not implemented -non-blocking semantics for these callbacks, it is upto the appication -to make the callbacks effiecent if they require blocking (perhaps -by 'saving' them and then 'posting them' when control returns from -the SSL_accept(). - -LHASH *SSL_CTX_sessions(SSL_CTX *ctx) -This returns the session cache. The lhash strucutre can be accessed for -statistics about the cache. - -void lh_stats(LHASH *lh, FILE *out); -void lh_node_stats(LHASH *lh, FILE *out); -void lh_node_usage_stats(LHASH *lh, FILE *out); - -can be used to print details about it's activity and current state. -You can also delve directly into the lhash structure for 14 different -counters that are kept against the structure. When I wrote the lhash library, -I was interested in gathering statistics :-). -Have a read of doc/lhash.doc in the SSLeay distribution area for more details -on the lhash library. - -Now as mentioned ealier, when a SSL is created, it needs a SSL_CTX. -SSL * SSL_new(SSL_CTX *); - -This stores a session. A session is secret information shared between 2 -SSL contexts. It will only be created if both ends of the connection have -authenticated their peer to their satisfaction. It basically contains -the information required to use a particular secret key cipher. - -To retrieve the SSL_CTX being used by a SSL, -SSL_CTX *SSL_get_SSL_CTX(SSL *s); - -Now when a SSL session is established between to programs, the 'session' -information that is cached in the SSL_CTX can me manipulated by the -following functions. -int SSL_set_session(SSL *s, SSL_SESSION *session); -This will set the SSL_SESSION to use for the next SSL_connect(). If you use -this function on an already 'open' established SSL connection, 'bad things -will happen'. This function is meaning-less when used on a ssl strucutre -that is just about to be used in a SSL_accept() call since the -SSL_accept() will either create a new session or retrieve one from the -cache. - -SSL_SESSION *SSL_get_session(SSL *s); -This will return the SSL_SESSION for the current SSL, NULL if there is -no session associated with the SSL structure. - -The SSL sessions are kept in the SSL_CTX in a hash table, to remove a -session -void SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); -and to add one -int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); -SSL_CTX_add_session() returns 1 if the session was already in the cache (so it -was not added). -Whenever a new session is created via SSL_connect()/SSL_accept(), -they are automatically added to the cache, depending on the session_cache_mode -settings. SSL_set_session() -does not add it to the cache. Just call SSL_CTX_add_session() if you do want the -session added. For a 'client' this would not normally be the case. -SSL_CTX_add_session() is not normally ever used, except for doing 'evil' things -which the next 2 funtions help you do. - -int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); -SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length); -These 2 functions are in the standard ASN1 library form and can be used to -load and save to a byte format, the SSL_SESSION structure. -With these functions, you can save and read these structures to a files or -arbitary byte string. -The PEM_write_SSL_SESSION(fp,x) and PEM_read_SSL_SESSION(fp,x,cb) will -write to a file pointer in base64 encoding. - -What you can do with this, is pass session information between separate -processes. Please note, that you will probably also need to modify the -timeout information on the SSL_SESSIONs. - -long SSL_get_time(SSL_SESSION *s) -will return the 'time' that the session -was loaded. The timeout is relative to this time. This information is -saved when the SSL_SESSION is converted to binarary but it is stored -in as a unix long, which is rather OS dependant, but easy to convert back. - -long SSL_set_time(SSL_SESSION *s,long t) will set the above mentioned time. -The time value is just the value returned from time(3), and should really -be defined by be to be time_t. - -long SSL_get_timeout(SSL_SESSION *s); -long SSL_set_timeout(SSL_SESSION *s,long t); -These 2 retrieve and set the timeout which is just a number of secconds -from the 'SSL_get_time()' value. When this time period has elapesed, -the session will no longer be in the cache (well it will actually be removed -the next time it is attempted to be retrieved, so you could 'bump' -the timeout so it remains valid). -The 'time' and 'timeout' are set on a session when it is created, not reset -each time it is reused. If you did wish to 'bump it', just after establishing -a connection, do a -SSL_set_time(ssl,time(NULL)); - -You can also use -SSL_CTX_set_timeout(SSL_CTX *ctx,unsigned long t) and -SSL_CTX_get_timeout(SSL_CTX *ctx) to manipulate the default timeouts for -all SSL connections created against a SSL_CTX. If you set a timeout in -an SSL_CTX, all new SSL's created will inherit the timeout. It can be over -written by the SSL_set_timeout(SSL *s,unsigned long t) function call. -If you 'set' the timeout back to 0, the system default will be used. - -SSL_SESSION *SSL_SESSION_new(); -void SSL_SESSION_free(SSL_SESSION *ses); -These 2 functions are used to create and dispose of SSL_SESSION functions. -You should not ever normally need to use them unless you are using -i2d_SSL_SESSION() and/or d2i_SSL_SESSION(). If you 'load' a SSL_SESSION -via d2i_SSL_SESSION(), you will need to SSL_SESSION_free() it. -Both SSL_set_session() and SSL_CTX_add_session() will 'take copies' of the -structure (via reference counts) when it is passed to them. - -SSL_CTX_flush_sessions(ctx,time); -The first function will clear all sessions from the cache, which have expired -relative to 'time' (which could just be time(NULL)). - -SSL_CTX_flush_sessions(ctx,0); -This is a special case that clears everything. - -As a final comment, a 'session' is not enough to establish a new -connection. If a session has timed out, a certificate and private key -need to have been associated with the SSL structure. -SSL_copy_session_id(SSL *to,SSL *from); will copy not only the session -strucutre but also the private key and certificate associated with -'from'. - -EXAMPLES. - -So lets play at being a weird SSL server. - -/* setup a context */ -ctx=SSL_CTX_new(); - -/* Lets load some session from binary into the cache, why one would do - * this is not toally clear, but passing between programs does make sense - * Perhaps you are using 4096 bit keys and are happy to keep them - * valid for a week, to avoid the RSA overhead of 15 seconds, I'm not toally - * sure, perhaps this is a process called from an SSL inetd and this is being - * passed to the application. */ -session=d2i_SSL_SESSION(....) -SSL_CTX_add_session(ctx,session); - -/* Lets even add a session from a file */ -session=PEM_read_SSL_SESSION(....) -SSL_CTX_add_session(ctx,session); - -/* create a new SSL structure */ -ssl=SSL_new(ctx); - -/* At this point we want to be able to 'create' new session if - * required, so we need a certificate and RSAkey. */ -SSL_use_RSAPrivateKey_file(ssl,...) -SSL_use_certificate_file(ssl,...) - -/* Now since we are a server, it make little sence to load a session against - * the ssl strucutre since a SSL_accept() will either create a new session or - * grab an existing one from the cache. */ - -/* grab a socket descriptor */ -fd=accept(...); - -/* associated it with the ssl strucutre */ -SSL_set_fd(ssl,fd); - -SSL_accept(ssl); /* 'do' SSL using out cert and RSA key */ - -/* Lets print out the session details or lets save it to a file, - * perhaps with a secret key cipher, so that we can pass it to the FBI - * when they want to decode the session :-). While we have RSA - * this does not matter much but when I do SSLv3, this will allow a mechanism - * for the server/client to record the information needed to decode - * the traffic that went over the wire, even when using Diffie-Hellman */ -PEM_write_SSL_SESSION(SSL_get_session(ssl),stdout,....) - -Lets 'connect' back to the caller using the same session id. - -ssl2=SSL_new(ctx); -fd2=connect(them); -SSL_set_fd(ssl2,fd2); -SSL_set_session(ssl2,SSL_get_session(ssl)); -SSL_connect(ssl2); - -/* what the hell, lets accept no more connections using this session */ -SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl),SSL_get_session(ssl)); - -/* we could have just as easily used ssl2 since they both are using the - * same session. - * You will note that both ssl and ssl2 are still using the session, and - * the SSL_SESSION structure will be free()ed when both ssl and ssl2 - * finish using the session. Also note that you could continue to initiate - * connections using this session by doing SSL_get_session(ssl) to get the - * existing session, but SSL_accept() will not be able to find it to - * use for incoming connections. - * Of corse, the session will timeout at the far end and it will no - * longer be accepted after a while. The time and timeout are ignored except - * by SSL_accept(). */ - -/* Since we have had our server running for 10 weeks, and memory is getting - * short, perhaps we should clear the session cache to remove those - * 100000 session entries that have expired. Some may consider this - * a memory leak :-) */ - -SSL_CTX_flush_sessions(ctx,time(NULL)); - -/* Ok, after a bit more time we wish to flush all sessions from the cache - * so that all new connections will be authenticated and incure the - * public key operation overhead */ - -SSL_CTX_flush_sessions(ctx,0); - -/* As a final note, to copy everything to do with a SSL, use */ -SSL_copy_session_id(SSL *to,SSL *from); -/* as this also copies the certificate and RSA key so new session can - * be established using the same details */ - - -==== sha.doc ======================================================== - -The SHA (Secure Hash Algorithm) library. -SHA is a message digest algorithm that can be used to condense an arbitrary -length message down to a 20 byte hash. The functions all need to be passed -a SHA_CTX which is used to hold the SHA context during multiple SHA_Update() -function calls. The normal method of use for this library is as follows -This library contains both SHA and SHA-1 digest algorithms. SHA-1 is -an update to SHA (which should really be called SHA-0 now) which -tweaks the algorithm slightly. The SHA-1 algorithm is used by simply -using SHA1_Init(), SHA1_Update(), SHA1_Final() and SHA1() instead of the -SHA*() calls - -SHA_Init(...); -SHA_Update(...); -... -SHA_Update(...); -SHA_Final(...); - -This library requires the inclusion of 'sha.h'. - -The functions are as follows: - -void SHA_Init( -SHA_CTX *c); - This function needs to be called to initiate a SHA_CTX structure for - use. - -void SHA_Update( -SHA_CTX *c; -unsigned char *data; -unsigned long len); - This updates the message digest context being generated with 'len' - bytes from the 'data' pointer. The number of bytes can be any - length. - -void SHA_Final( -unsigned char *md; -SHA_CTX *c; - This function is called when a message digest of the data digested - with SHA_Update() is wanted. The message digest is put in the 'md' - array and is SHA_DIGEST_LENGTH (20) bytes long. - -unsigned char *SHA( -unsigned char *d; -unsigned long n; -unsigned char *md; - This function performs a SHA_Init(), followed by a SHA_Update() - followed by a SHA_Final() (using a local SHA_CTX). - The resulting digest is put into 'md' if it is not NULL. - Regardless of the value of 'md', the message - digest is returned from the function. If 'md' was NULL, the message - digest returned is being stored in a static structure. - - -==== speed.doc ======================================================== - -To get an idea of the performance of this library, use -ssleay speed - -perl util/sp-diff.pl file1 file2 - -will print out the relative differences between the 2 files which are -expected to be the output from the speed program. - -The performace of the library is very dependant on the Compiler -quality and various flags used to build. - ---- - -These are some numbers I did comparing RSAref and SSLeay on a Pentium 100. -[ These numbers are all out of date, as of SSL - 0.6.1 the RSA -operations are about 2 times faster, so check the version number ] - -RSA performance. - -SSLeay 0.6.0 -Pentium 100, 32meg, Windows NT Workstation 3.51 -linux - gcc v 2.7.0 -O3 -fomit-frame-pointer -m486 -and -Windows NT - Windows NT 3.51 - Visual C++ 4.1 - 586 code + 32bit assember -Windows 3.1 - Windows NT 3.51 - Visual C++ 1.52c - 286 code + 32bit assember -NT Dos Shell- Windows NT 3.51 - Visual C++ 1.52c - 286 code + 16bit assember - -Times are how long it takes to do an RSA private key operation. - - 512bits 1024bits -------------------------------- -SSLeay NT dll 0.042s 0.202s see above -SSLeay linux 0.046s 0.218s Assember inner loops (normal build) -SSLeay linux 0.067s 0.380s Pure C code with BN_LLONG defined -SSLeay W3.1 dll 0.108s 0.478s see above -SSLeay linux 0.109s 0.713s C without BN_LLONG. -RSAref2.0 linux 0.149s 0.936s -SSLeay MS-DOS 0.197s 1.049s see above - -486DX66, 32meg, Windows NT Server 3.51 - 512bits 1024bits -------------------------------- -SSLeay NT dll 0.084s 0.495s <- SSLeay 0.6.3 -SSLeay NT dll 0.154s 0.882s -SSLeay W3.1 dll 0.335s 1.538s -SSLeay MS-DOS 0.490s 2.790s - -What I find cute is that I'm still faster than RSAref when using standard C, -without using the 'long long' data type :-), %35 faster for 512bit and we -scale up to 3.2 times faster for the 'default linux' build. I should mention -that people should 'try' to use either x86-lnx.s (elf), x86-lnxa.s or -x86-sol.s for any x86 based unix they are building on. The only problems -with be with syntax but the performance gain is quite large, especially for -servers. The code is very simple, you just need to modify the 'header'. - -The message is, if you are stuck using RSAref, the RSA performance will be -bad. Considering the code was compiled for a pentium, the 486DX66 number -would indicate 'Use RSAref and turn you Pentium 100 into a 486DX66' :-). -[ As of verson 0.6.1, it would be correct to say 'turn you pentium 100 - into a 486DX33' :-) ] - -I won't tell people if the DLL's are using RSAref or my stuff if no-one -asks :-). - -eric - -PS while I know I could speed things up further, I will probably not do - so due to the effort involved. I did do some timings on the - SSLeay bignum format -> RSAref number format conversion that occurs - each time RSAref is used by SSLeay, and the numbers are trivial. - 0.00012s a call for 512bit vs 0.149s for the time spent in the function. - 0.00018s for 1024bit vs 0.938s. Insignificant. - So the 'way to go', to support faster RSA libraries, if people are keen, - is to write 'glue' code in a similar way that I do for RSAref and send it - to me :-). - My base library still has the advantage of being able to operate on - any size numbers, and is not that far from the performance from the - leaders in the field. (-%30?) - [ Well as of 0.6.1 I am now the leader in the filed on x86 (we at - least very close :-) ] - - I suppose I should also mention some other numbers RSAref numbers, again - on my Pentium. - DES CBC EDE-DES MD5 - RSAref linux 830k/s 302k/s 4390k/s - SSLeay linux 855k/s 319k/s 10025k/s - SSLeay NT 1158k/s 410k/s 10470k/s - SSLeay w31 378k/s 143k/s 2383k/s (fully 16bit) - - Got to admit that Visual C++ 4.[01] is a damn fine compiler :-) --- -Eric Young | BOOL is tri-state according to Bill Gates. -AARNet: eay@cryptsoft.com | RTFM Win32 GetMessage(). - - - - -==== ssl-ciph.doc ======================================================== - -This is a quick high level summery of how things work now. - -Each SSLv2 and SSLv3 cipher is composed of 4 major attributes plus a few extra -minor ones. - -They are 'The key exchange algorithm', which is RSA for SSLv2 but can also -be Diffle-Hellman for SSLv3. - -An 'Authenticion algorithm', which can be RSA, Diffle-Helman, DSS or -none. - -The cipher - -The MAC digest. - -A cipher can also be an export cipher and is either an SSLv2 or a -SSLv3 ciphers. - -To specify which ciphers to use, one can either specify all the ciphers, -one at a time, or use 'aliases' to specify the preference and order for -the ciphers. - -There are a large number of aliases, but the most importaint are -kRSA, kDHr, kDHd and kEDH for key exchange types. - -aRSA, aDSS, aNULL and aDH for authentication -DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers -MD5, SHA0 and SHA1 digests - -Now where this becomes interesting is that these can be put together to -specify the order and ciphers you wish to use. - -To speed this up there are also aliases for certian groups of ciphers. -The main ones are -SSLv2 - all SSLv2 ciphers -SSLv3 - all SSLv3 ciphers -EXP - all export ciphers -LOW - all low strngth ciphers (no export ciphers, normally single DES) -MEDIUM - 128 bit encryption -HIGH - Triple DES - -These aliases can be joined in a : separated list which specifies to -add ciphers, move them to the current location and delete them. - -A simpler way to look at all of this is to use the 'ssleay ciphers -v' command. -The default library cipher spec is -!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP -which means, first, remove from consideration any ciphers that do not -authenticate. Next up, use ciphers using RC4 and RSA. Next include the HIGH, -MEDIUM and the LOW security ciphers. Finish up by adding all the export -ciphers on the end, then 'pull' all the SSLv2 and export ciphers to -the end of the list. - -The results are -$ ssleay ciphers -v '!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP' - -RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 -RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 -EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 -EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 -DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 -IDEA-CBC-MD5 SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1 -EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 -EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1 -DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 -DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 -DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 -IDEA-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5 -RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 -RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 -EXP-EDH-RSA-DES-CBC SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export -EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export -EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export -EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export -EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export -EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export -EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export - -I would recoment people use the 'ssleay ciphers -v "text"' -command to check what they are going to use. - -Anyway, I'm falling asleep here so I'll do some more tomorrow. - -eric - -==== ssl.doc ======================================================== - -SSL_CTX_sessions(SSL_CTX *ctx) - the session-id hash table. - -/* Session-id cache stats */ -SSL_CTX_sess_number -SSL_CTX_sess_connect -SSL_CTX_sess_connect_good -SSL_CTX_sess_accept -SSL_CTX_sess_accept_good -SSL_CTX_sess_hits -SSL_CTX_sess_cb_hits -SSL_CTX_sess_misses -SSL_CTX_sess_timeouts - -/* Session-id application notification callbacks */ -SSL_CTX_sess_set_new_cb -SSL_CTX_sess_get_new_cb -SSL_CTX_sess_set_get_cb -SSL_CTX_sess_get_get_cb - -/* Session-id cache operation mode */ -SSL_CTX_set_session_cache_mode -SSL_CTX_get_session_cache_mode - -/* Set default timeout values to use. */ -SSL_CTX_set_timeout -SSL_CTX_get_timeout - -/* Global SSL initalisation informational callback */ -SSL_CTX_set_info_callback -SSL_CTX_get_info_callback -SSL_set_info_callback -SSL_get_info_callback - -/* If the SSL_accept/SSL_connect returned with -1, these indicate when - * we should re-call *. -SSL_want -SSL_want_nothing -SSL_want_read -SSL_want_write -SSL_want_x509_lookup - -/* Where we are in SSL initalisation, used in non-blocking, perhaps - * have a look at ssl/bio_ssl.c */ -SSL_state -SSL_is_init_finished -SSL_in_init -SSL_in_connect_init -SSL_in_accept_init - -/* Used to set the 'inital' state so SSL_in_connect_init and SSL_in_accept_init - * can be used to work out which function to call. */ -SSL_set_connect_state -SSL_set_accept_state - -/* Where to look for certificates for authentication */ -SSL_set_default_verify_paths /* calles SSL_load_verify_locations */ -SSL_load_verify_locations - -/* get info from an established connection */ -SSL_get_session -SSL_get_certificate -SSL_get_SSL_CTX - -SSL_CTX_new -SSL_CTX_free -SSL_new -SSL_clear -SSL_free - -SSL_CTX_set_cipher_list -SSL_get_cipher -SSL_set_cipher_list -SSL_get_cipher_list -SSL_get_shared_ciphers - -SSL_accept -SSL_connect -SSL_read -SSL_write - -SSL_debug - -SSL_get_read_ahead -SSL_set_read_ahead -SSL_set_verify - -SSL_pending - -SSL_set_fd -SSL_set_rfd -SSL_set_wfd -SSL_set_bio -SSL_get_fd -SSL_get_rbio -SSL_get_wbio - -SSL_use_RSAPrivateKey -SSL_use_RSAPrivateKey_ASN1 -SSL_use_RSAPrivateKey_file -SSL_use_PrivateKey -SSL_use_PrivateKey_ASN1 -SSL_use_PrivateKey_file -SSL_use_certificate -SSL_use_certificate_ASN1 -SSL_use_certificate_file - -ERR_load_SSL_strings -SSL_load_error_strings - -/* human readable version of the 'state' of the SSL connection. */ -SSL_state_string -SSL_state_string_long -/* These 2 report what kind of IO operation the library was trying to - * perform last. Probably not very usefull. */ -SSL_rstate_string -SSL_rstate_string_long - -SSL_get_peer_certificate - -SSL_SESSION_new -SSL_SESSION_print_fp -SSL_SESSION_print -SSL_SESSION_free -i2d_SSL_SESSION -d2i_SSL_SESSION - -SSL_get_time -SSL_set_time -SSL_get_timeout -SSL_set_timeout -SSL_copy_session_id -SSL_set_session -SSL_CTX_add_session -SSL_CTX_remove_session -SSL_CTX_flush_sessions - -BIO_f_ssl - -/* used to hold information as to why a certificate verification failed */ -SSL_set_verify_result -SSL_get_verify_result - -/* can be used by the application to associate data with an SSL structure. - * It needs to be 'free()ed' by the application */ -SSL_set_app_data -SSL_get_app_data - -/* The following all set values that are kept in the SSL_CTX but - * are used as the default values when an SSL session is created. - * They are over writen by the relevent SSL_xxxx functions */ - -/* SSL_set_verify */ -void SSL_CTX_set_default_verify - -/* This callback, if set, totaly overrides the normal SSLeay verification - * functions and should return 1 on success and 0 on failure */ -void SSL_CTX_set_cert_verify_callback - -/* The following are the same as the equivilent SSL_xxx functions. - * Only one copy of this information is kept and if a particular - * SSL structure has a local override, it is totally separate structure. - */ -int SSL_CTX_use_RSAPrivateKey -int SSL_CTX_use_RSAPrivateKey_ASN1 -int SSL_CTX_use_RSAPrivateKey_file -int SSL_CTX_use_PrivateKey -int SSL_CTX_use_PrivateKey_ASN1 -int SSL_CTX_use_PrivateKey_file -int SSL_CTX_use_certificate -int SSL_CTX_use_certificate_ASN1 -int SSL_CTX_use_certificate_file - - -==== ssl_ctx.doc ======================================================== - -This is now a bit dated, quite a few of the SSL_ functions could be -SSL_CTX_ functions. I will update this in the future. 30 Aug 1996 - -From eay@orb.mincom.oz.au Mon Dec 11 21:37:08 1995 -Received: by orb.mincom.oz.au id AA00696 - (5.65c/IDA-1.4.4 for eay); Mon, 11 Dec 1995 11:37:08 +1000 -Date: Mon, 11 Dec 1995 11:37:08 +1000 (EST) -From: Eric Young -X-Sender: eay@orb -To: sameer -Cc: Eric Young -Subject: Re: PEM_readX509 oesn't seem to be working -In-Reply-To: <199512110102.RAA12521@infinity.c2.org> -Message-Id: -Mime-Version: 1.0 -Content-Type: TEXT/PLAIN; charset=US-ASCII -Status: RO -X-Status: - -On Sun, 10 Dec 1995, sameer wrote: -> OK, that's solved. I've found out that it is saying "no -> certificate set" in SSL_accept because s->conn == NULL -> so there is some place I need to initialize s->conn that I am -> not initializing it. - -The full order of things for a server should be. - -ctx=SSL_CTX_new(); - -/* The next line should not really be using ctx->cert but I'll leave it - * this way right now... I don't want a X509_ routine to know about an SSL - * structure, there should be an SSL_load_verify_locations... hmm, I may - * add it tonight. - */ -X509_load_verify_locations(ctx->cert,CAfile,CApath); - -/* Ok now for each new connection we do the following */ -con=SSL_new(ctx); -SSL_set_fd(con,s); -SSL_set_verify(con,verify,verify_callback); - -/* set the certificate and private key to use. */ -SSL_use_certificate_ASN1(con,X509_certificate); -SSL_use_RSAPrivateKey_ASN1(con,RSA_private_key); - -SSL_accept(con); - -SSL_read(con)/SSL_write(con); - -There is a bit more than that but that is basically the structure. - -Create a context and specify where to lookup certificates. - -foreach connection - { - create a SSL structure - set the certificate and private key - do a SSL_accept - - we should now be ok - } - -eric --- -Eric Young | Signature removed since it was generating -AARNet: eay@mincom.oz.au | more followups than the message contents :-) - - - -==== ssleay.doc ======================================================== - -SSLeay: a cryptographic kitchen sink. - -1st December 1995 -Way back at the start of April 1995, I was looking for a mindless -programming project. A friend of mine (Tim Hudson) said "why don't you do SSL, -it has DES encryption in it and I would not mind using it in a SSL telnet". -While it was true I had written a DES library in previous years, litle -did I know what an expansive task SSL would turn into. - -First of all, the SSL protocol contains DES encryption. Well and good. My -DES library was fast and portable. It also contained the RSA's RC4 stream -cipher. Again, not a problem, some-one had just posted to sci.crypt -something that was claimed to be RC4. It also contained IDEA, I had the -specifications, not a problem to implement. MD5, an RFC, trivial, at most -I could spend a week or so trying to see if I could speed up the -implementation. All in all a nice set of ciphers. -Then the first 'expantion of the scope', RSA public key -encryption. Since I did not knowing a thing about public key encryption -or number theory, this appeared quite a daunting task. Just writing a -big number library would be problomatic in itself, let alone making it fast. -At this point the scope of 'implementing SSL' expands eponentialy. -First of all, the RSA private keys were being kept in ASN.1 format. -Thankfully the RSA PKCS series of documents explains this format. So I now -needed to be able to encode and decode arbitary ASN.1 objects. The Public -keys were embeded in X509 certificates. Hmm... these are not only -ASN.1 objects but they make up a heirachy of authentication. To -authenticate a X509 certificate one needs to retrieve it's issuers -certificate etc etc. Hmm..., so I also need to implement some kind -of certificate management software. I would also have to implement -software to authenticate certificates. At this point the support code made -the SSL part of my library look quite small. -Around this time, the first version of SSLeay was released. - -Ah, but here was the problem, I was not happy with the code so far. As may -have become obvious, I had been treating all of this as a learning -exersize, so I have completely written the library myself. As such, due -to the way it had grown like a fungus, much of the library was not -'elagent' or neat. There were global and static variables all over the -place, the SSL part did not even handle non-blocking IO. -The Great rewrite began. - -As of this point in time, the 'Great rewrite' has almost finished. So what -follows is an approximate list of what is actually SSLeay 0.5.0 - -/********* This needs to be updated for 0.6.0+ *************/ - ---- -The library contains the following routines. Please note that most of these -functions are not specfic for SSL or any other particular cipher -implementation. I have tried to make all the routines as general purpose -as possible. So you should not think of this library as an SSL -implemtation, but rather as a library of cryptographic functions -that also contains SSL. I refer to each of these function groupings as -libraries since they are often capable of functioning as independant -libraries - -First up, the general ciphers and message digests supported by the library. - -MD2 rfc???, a standard 'by parts' interface to this algorithm. -MD5 rfc???, the same type of interface as for the MD2 library except a - different algorithm. -SHA THe Secure Hash Algorithm. Again the same type of interface as - MD2/MD5 except the digest is 20 bytes. -SHA1 The 'revised' version of SHA. Just about identical to SHA except - for one tweak of an inner loop. -DES This is my libdes library that has been floating around for the last - few years. It has been enhanced for no other reason than completeness. - It now supports ecb, cbc, cfb, ofb, cfb64, ofb64 in normal mode and - triple DES modes of ecb, cbc, cfb64 and ofb64. cfb64 and ofb64 are - functional interfaces to the 64 bit modes of cfb and ofb used in - such a way thay they function as single character interfaces. -RC4 The RSA Inc. stream cipher. -RC2 The RSA Inc. block cipher. -IDEA An implmentation of the IDEA cipher, the library supports ecb, cbc, - cfb64 and ofb64 modes of operation. - -Now all the above mentioned ciphers and digests libraries support high -speed, minimal 'crap in the way' type interfaces. For fastest and -lowest level access, these routines should be used directly. - -Now there was also the matter of public key crypto systems. These are -based on large integer arithmatic. - -BN This is my large integer library. It supports all the normal - arithmentic operations. It uses malloc extensivly and as such has - no limits of the size of the numbers being manipulated. If you - wish to use 4000 bit RSA moduli, these routines will handle it. - This library also contains routines to 'generate' prime numbers and - to test for primality. The RSA and DH libraries sit on top of this - library. As of this point in time, I don't support SHA, but - when I do add it, it will just sit on top of the routines contained - in this library. -RSA This implements the RSA public key algorithm. It also contains - routines that will generate a new private/public key pair. - All the RSA functions conform to the PKCS#1 standard. -DH This is an implementation of the - Diffie-Hellman protocol. There are all the require routines for - the protocol, plus extra routines that can be used to generate a - strong prime for use with a specified generator. While this last - routine is not generally required by applications implementing DH, - It is present for completeness and because I thing it is much - better to be able to 'generate' your own 'magic' numbers as oposed - to using numbers suplied by others. I conform to the PKCS#3 - standard where required. - -You may have noticed the preceeding section mentions the 'generation' of -prime numbers. Now this requries the use of 'random numbers'. - -RAND This psuedo-random number library is based on MD5 at it's core - and a large internal state (2k bytes). Once you have entered enough - seed data into this random number algorithm I don't feel - you will ever need to worry about it generating predictable output. - Due to the way I am writing a portable library, I have left the - issue of how to get good initial random seed data upto the - application but I do have support routines for saving and loading a - persistant random number state for use between program runs. - -Now to make all these ciphers easier to use, a higher level -interface was required. In this form, the same function would be used to -encrypt 'by parts', via any one of the above mentioned ciphers. - -EVP The Digital EnVeloPe library is quite large. At it's core are - function to perform encryption and decryption by parts while using - an initial parameter to specify which of the 17 different ciphers - or 4 different message digests to use. On top of these are implmented - the digital signature functions, sign, verify, seal and open. - Base64 encoding of binary data is also done in this library. - -PEM rfc???? describe the format for Privacy Enhanced eMail. - As part of this standard, methods of encoding digital enveloped - data is an ascii format are defined. As such, I use a form of these - to encode enveloped data. While at this point in time full support - for PEM has not been built into the library, a minimal subset of - the secret key and Base64 encoding is present. These reoutines are - mostly used to Ascii encode binary data with a 'type' associated - with it and perhaps details of private key encryption used to - encrypt the data. - -PKCS7 This is another Digital Envelope encoding standard which uses ASN.1 - to encode the data. At this point in time, while there are some - routines to encode and decode this binary format, full support is - not present. - -As Mentioned, above, there are several different ways to encode -data structures. - -ASN1 This library is more a set of primatives used to encode the packing - and unpacking of data structures. It is used by the X509 - certificate standard and by the PKCS standards which are used by - this library. It also contains routines for duplicating and signing - the structures asocisated with X509. - -X509 The X509 library contains routines for packing and unpacking, - verifying and just about every thing else you would want to do with - X509 certificates. - -PKCS7 PKCS-7 is a standard for encoding digital envelope data - structures. At this point in time the routines will load and save - DER forms of these structees. They need to be re-worked to support - the BER form which is the normal way PKCS-7 is encoded. If the - previous 2 sentances don't make much sense, don't worry, this - library is not used by this version of SSLeay anyway. - -OBJ ASN.1 uses 'object identifiers' to identify objects. A set of - functions were requred to translate from ASN.1 to an intenger, to a - character string. This library provieds these translations - -Now I mentioned an X509 library. X509 specified a hieachy of certificates -which needs to be traversed to authenticate particular certificates. - -METH This library is used to push 'methods' of retrieving certificates - into the library. There are some supplied 'methods' with SSLeay - but applications can add new methods if they so desire. - This library has not been finished and is not being used in this - version. - -Now all the above are required for use in the initial point of this project. - -SSL The SSL protocol. This is a full implmentation of SSL v 2. It - support both server and client authentication. SSL v 3 support - will be added when the SSL v 3 specification is released in it's - final form. - -Now quite a few of the above mentioned libraries rely on a few 'complex' -data structures. For each of these I have a library. - -Lhash This is a hash table library which is used extensivly. - -STACK An implemetation of a Stack data structure. - -BUF A simple character array structure that also support a function to - check that the array is greater that a certain size, if it is not, - it is realloced so that is it. - -TXT_DB A simple memory based text file data base. The application can specify - unique indexes that will be enforced at update time. - -CONF Most of the programs written for this library require a configuration - file. Instead of letting programs constantly re-implment this - subsystem, the CONF library provides a consistant and flexable - interface to not only configuration files but also environment - variables. - -But what about when something goes wrong? -The one advantage (and perhaps disadvantage) of all of these -functions being in one library was the ability to implement a -single error reporting system. - -ERR This library is used to report errors. The error system records - library number, function number (in the library) and reason - number. Multiple errors can be reported so that an 'error' trace - is created. The errors can be printed in numeric or textual form. - - -==== ssluse.doc ======================================================== - -We have an SSL_CTX which contains global information for lots of -SSL connections. The session-id cache and the certificate verificate cache. -It also contains default values for use when certificates are used. - -SSL_CTX - default cipher list - session-id cache - certificate cache - default session-id timeout period - New session-id callback - Required session-id callback - session-id stats - Informational callback - Callback that is set, overrides the SSLeay X509 certificate - verification - The default Certificate/Private Key pair - Default read ahead mode. - Default verify mode and verify callback. These are not used - if the over ride callback mentioned above is used. - -Each SSL can have the following defined for it before a connection is made. - -Certificate -Private key -Ciphers to use -Certificate verify mode and callback -IO object to use in the comunication. -Some 'read-ahead' mode information. -A previous session-id to re-use. - -A connection is made by using SSL_connect or SSL_accept. -When non-blocking IO is being used, there are functions that can be used -to determin where and why the SSL_connect or SSL_accept did not complete. -This information can be used to recall the functions when the 'error' -condition has dissapeared. - -After the connection has been made, information can be retrived about the -SSL session and the session-id values that have been decided apon. -The 'peer' certificate can be retrieved. - -The session-id values include -'start time' -'timeout length' - - - -==== stack.doc ======================================================== - -The stack data structure is used to store an ordered list of objects. -It is basically misnamed to call it a stack but it can function that way -and that is what I originally used it for. Due to the way element -pointers are kept in a malloc()ed array, the most efficient way to use this -structure is to add and delete elements from the end via sk_pop() and -sk_push(). If you wish to do 'lookups' sk_find() is quite efficient since -it will sort the stack (if required) and then do a binary search to lookup -the requested item. This sorting occurs automatically so just sk_push() -elements on the stack and don't worry about the order. Do remember that if -you do a sk_find(), the order of the elements will change. - -You should never need to 'touch' this structure directly. -typedef struct stack_st - { - unsigned int num; - char **data; - int sorted; - - unsigned int num_alloc; - int (*comp)(); - } STACK; - -'num' holds the number of elements in the stack, 'data' is the array of -elements. 'sorted' is 1 is the list has been sorted, 0 if not. - -num_alloc is the number of 'nodes' allocated in 'data'. When num becomes -larger than num_alloc, data is realloced to a larger size. -If 'comp' is set, it is a function that is used to compare 2 of the items -in the stack. The function should return -1, 0 or 1, depending on the -ordering. - -#define sk_num(sk) ((sk)->num) -#define sk_value(sk,n) ((sk)->data[n]) - -These 2 macros should be used to access the number of elements in the -'stack' and to access a pointer to one of the values. - -STACK *sk_new(int (*c)()); - This creates a new stack. If 'c', the comparison function, is not -specified, the various functions that operate on a sorted 'stack' will not -work (sk_find()). NULL is returned on failure. - -void sk_free(STACK *); - This function free()'s a stack structure. The elements in the -stack will not be freed so one should 'pop' and free all elements from the -stack before calling this function or call sk_pop_free() instead. - -void sk_pop_free(STACK *st; void (*func)()); - This function calls 'func' for each element on the stack, passing -the element as the argument. sk_free() is then called to free the 'stack' -structure. - -int sk_insert(STACK *sk,char *data,int where); - This function inserts 'data' into stack 'sk' at location 'where'. -If 'where' is larger that the number of elements in the stack, the element -is put at the end. This function tends to be used by other 'stack' -functions. Returns 0 on failure, otherwise the number of elements in the -new stack. - -char *sk_delete(STACK *st,int loc); - Remove the item a location 'loc' from the stack and returns it. -Returns NULL if the 'loc' is out of range. - -char *sk_delete_ptr(STACK *st, char *p); - If the data item pointed to by 'p' is in the stack, it is deleted -from the stack and returned. NULL is returned if the element is not in the -stack. - -int sk_find(STACK *st,char *data); - Returns the location that contains a value that is equal to -the 'data' item. If the comparison function was not set, this function -does a linear search. This function actually qsort()s the stack if it is not -in order and then uses bsearch() to do the initial search. If the -search fails,, -1 is returned. For mutliple items with the same -value, the index of the first in the array is returned. - -int sk_push(STACK *st,char *data); - Append 'data' to the stack. 0 is returned if there is a failure -(due to a malloc failure), else 1. This is -sk_insert(st,data,sk_num(st)); - -int sk_unshift(STACK *st,char *data); - Prepend 'data' to the front (location 0) of the stack. This is -sk_insert(st,data,0); - -char *sk_shift(STACK *st); - Return and delete from the stack the first element in the stack. -This is sk_delete(st,0); - -char *sk_pop(STACK *st); - Return and delete the last element on the stack. This is -sk_delete(st,sk_num(sk)-1); - -void sk_zero(STACK *st); - Removes all items from the stack. It does not 'free' -pointers but is a quick way to clear a 'stack of references'. - -==== threads.doc ======================================================== - -How to compile SSLeay for multi-threading. - -Well basically it is quite simple, set the compiler flags and build. -I have only really done much testing under Solaris and Windows NT. -If you library supports localtime_r() and gmtime_r() add, --DTHREADS to the makefile parameters. You can probably survive with out -this define unless you are going to have multiple threads generating -certificates at once. It will not affect the SSL side of things. - -The approach I have taken to doing locking is to make the application provide -callbacks to perform locking and so that the SSLeay library can distinguish -between threads (for the error state). - -To have a look at an example program, 'cd mt; vi mttest.c'. -To build under solaris, sh solaris.sh, for Windows NT or Windows 95, -win32.bat - -This will build mttest which will fire up 10 threads that talk SSL -to each other 10 times. -To enable everything to work, the application needs to call - -CRYPTO_set_id_callback(id_function); -CRYPTO_set_locking_callback(locking_function); - -before any multithreading is started. -id_function does not need to be defined under Windows NT or 95, the -correct function will be called if it is not. Under unix, getpid() -is call if the id_callback is not defined, for Solaris this is wrong -(since threads id's are not pid's) but under Linux it is correct -(threads are just processes sharing the data segement). - -The locking_callback is used to perform locking by the SSLeay library. -eg. - -void solaris_locking_callback(mode,type,file,line) -int mode; -int type; -char *file; -int line; - { - if (mode & CRYPTO_LOCK) - mutex_lock(&(lock_cs[type])); - else - mutex_unlock(&(lock_cs[type])); - } - -Now in this case I have used mutexes instead of read/write locks, since they -are faster and there are not many read locks in SSLeay, you may as well -always use write locks. file and line are __FILE__ and __LINE__ from -the compile and can be usefull when debugging. - -Now as you can see, 'type' can be one of a range of values, these values are -defined in crypto/crypto.h -CRYPTO_get_lock_name(type) will return a text version of what the lock is. -There are CRYPTO_NUM_LOCKS locks required, so under solaris, the setup -for multi-threading can be - -static mutex_t lock_cs[CRYPTO_NUM_LOCKS]; - -void thread_setup() - { - int i; - - for (i=0; i => string to prompt with -# _default => default value for people -# _value => Automatically use this value for this field. -# _min => minimum number of characters for data (def. 0) -# _max => maximum number of characters for data (def. inf.) -# All of these entries are optional except for the first one. -[ req_dn ] -countryName = Country Name (2 letter code) -countryName_default = AU - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = Queensland - -localityName = Locality Name (eg, city) - -organizationName = Organization Name (eg, company) -organizationName_default = Mincom Pty Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -organizationalUnitName_default = MTR - -commonName = Common Name (eg, YOUR name) -commonName_max = 64 - -emailAddress = Email Address -emailAddress_max = 40 - -# The next section is the attributes section. This is exactly the -# same as for the previous section except that the resulting objects are -# put in the attributes field. -[ req_attr ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - -unstructuredName = An optional company name - ----- -Also note that the order that attributes appear in this file is the -order they will be put into the distinguished name. - -Once this request has been generated, it can be sent to a CA for -certifying. - ----- -A few quick examples.... - -To generate a new request and a new key -req -new - -To generate a new request and a 1058 bit key -req -newkey 1058 - -To generate a new request using a pre-existing key -req -new -key key.pem - -To generate a self signed x509 certificate from a certificate -request using a supplied key, and we want to see the text form of the -output certificate (which we will put in the file selfSign.pem -req -x509 -in req.pem -key key.pem -text -out selfSign.pem - -Verify that the signature is correct on a certificate request. -req -verify -in req.pem - -Verify that the signature was made using a specified public key. -req -verify -in req.pem -key key.pem - -Print the contents of a certificate request -req -text -in req.pem - -==== danger ======================================================== - -If you specify a SSLv2 cipher, and the mode is SSLv23 and the server -can talk SSLv3, it will claim there is no cipher since you should be -using SSLv3. - -When tracing debug stuff, remember BIO_s_socket() is different to -BIO_s_connect(). - -BSD/OS assember is not working - diff --git a/crypto/openssl-0.9/doc/standards.txt b/crypto/openssl-0.9/doc/standards.txt deleted file mode 100644 index bda55d1581..0000000000 --- a/crypto/openssl-0.9/doc/standards.txt +++ /dev/null @@ -1,272 +0,0 @@ -Standards related to OpenSSL -============================ - -[Please, this is currently a draft. I made a first try at finding - documents that describe parts of what OpenSSL implements. There are - big gaps, and I've most certainly done something wrong. Please - correct whatever is... Also, this note should be removed when this - file is reaching a somewhat correct state. -- Richard Levitte] - - -All pointers in here will be either URL's or blobs of text borrowed -from miscellaneous indexes, like rfc-index.txt (index of RFCs), -1id-index.txt (index of Internet drafts) and the like. - -To find the latest possible RFCs, it's recommended to either browse -ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and -use the search mechanism found there. -To find the latest possible Internet drafts, it's recommended to -browse ftp://ftp.isi.edu/internet-drafts/. -To find the latest possible PKCS, it's recommended to browse -http://www.rsasecurity.com/rsalabs/pkcs/. - - -Implemented: ------------- - -These are documents that describe things that are implemented (in -whole or at least great parts) in OpenSSL. - -1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992. - (Format: TXT=25661 bytes) (Status: INFORMATIONAL) - -1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format: - TXT=32407 bytes) (Status: INFORMATIONAL) - -1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format: - TXT=35222 bytes) (Status: INFORMATIONAL) - -2246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999. - (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD) - -2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest. - January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL) - -2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski. - March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL) - -PKCS#8: Private-Key Information Syntax Standard - -PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. - -2560 X.509 Internet Public Key Infrastructure Online Certificate - Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin, - C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED - STANDARD) - -2712 Addition of Kerberos Cipher Suites to Transport Layer Security - (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes) - (Status: PROPOSED STANDARD) - -2898 PKCS #5: Password-Based Cryptography Specification Version 2.0. - B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status: - INFORMATIONAL) - -2986 PKCS #10: Certification Request Syntax Specification Version 1.7. - M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes) - (Obsoletes RFC2314) (Status: INFORMATIONAL) - -3174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones. - September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL) - -3268 Advanced Encryption Standard (AES) Ciphersuites for Transport - Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes) - (Status: PROPOSED STANDARD) - -3279 Algorithms and Identifiers for the Internet X.509 Public Key - Infrastructure Certificate and Certificate Revocation List (CRL) - Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format: - TXT=53833 bytes) (Status: PROPOSED STANDARD) - -3280 Internet X.509 Public Key Infrastructure Certificate and - Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W. - Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes - RFC2459) (Status: PROPOSED STANDARD) - -3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography - Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003. - (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: - INFORMATIONAL) - -3713 A Description of the Camellia Encryption Algorithm. M. Matsui, - J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes) - (Status: INFORMATIONAL) - -3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate - Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson. - June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD) - -4132 Addition of Camellia Cipher Suites to Transport Layer Security - (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590 - bytes) (Status: PROPOSED STANDARD) - -Related: --------- - -These are documents that are close to OpenSSL, for example the -STARTTLS documents. - -1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message - Encryption and Authentication Procedures. J. Linn. February 1993. - (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED - STANDARD) - -1422 Privacy Enhancement for Internet Electronic Mail: Part II: - Certificate-Based Key Management. S. Kent. February 1993. (Format: - TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD) - -1423 Privacy Enhancement for Internet Electronic Mail: Part III: - Algorithms, Modes, and Identifiers. D. Balenson. February 1993. - (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED - STANDARD) - -1424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key - Certification and Related Services. B. Kaliski. February 1993. - (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD) - -2025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October - 1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD) - -2510 Internet X.509 Public Key Infrastructure Certificate Management - Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178 - bytes) (Status: PROPOSED STANDARD) - -2511 Internet X.509 Certificate Request Message Format. M. Myers, C. - Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes) - (Status: PROPOSED STANDARD) - -2527 Internet X.509 Public Key Infrastructure Certificate Policy and - Certification Practices Framework. S. Chokhani, W. Ford. March 1999. - (Format: TXT=91860 bytes) (Status: INFORMATIONAL) - -2538 Storing Certificates in the Domain Name System (DNS). D. Eastlake - 3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status: - PROPOSED STANDARD) - -2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS). - D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status: - PROPOSED STANDARD) - -2559 Internet X.509 Public Key Infrastructure Operational Protocols - - LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format: - TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD) - -2585 Internet X.509 Public Key Infrastructure Operational Protocols: - FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813 - bytes) (Status: PROPOSED STANDARD) - -2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S. - Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes) - (Status: PROPOSED STANDARD) - -2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999. - (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD) - -2631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999. - (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD) - -2632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June - 1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD) - -2716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October - 1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL) - -2773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace. - February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status: - EXPERIMENTAL) - -2797 Certificate Management Messages over CMS. M. Myers, X. Liu, J. - Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status: - PROPOSED STANDARD) - -2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May - 2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED - STANDARD) - -2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes) - (Status: INFORMATIONAL) - -2876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July - 2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL) - -2984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams. - October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD) - -2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0. - M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes) - (Status: INFORMATIONAL) - -3029 Internet X.509 Public Key Infrastructure Data Validation and - Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev, - R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status: - EXPERIMENTAL) - -3039 Internet X.509 Public Key Infrastructure Qualified Certificates - Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001. - (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD) - -3058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P. - Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes) - (Status: INFORMATIONAL) - -3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol - (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001. - (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD) - -3185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner. - October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD) - -3207 SMTP Service Extension for Secure SMTP over Transport Layer - Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes) - (Obsoletes RFC2487) (Status: PROPOSED STANDARD) - -3217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001. - (Format: TXT=19855 bytes) (Status: INFORMATIONAL) - -3274 Compressed Data Content Type for Cryptographic Message Syntax - (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status: - PROPOSED STANDARD) - -3278 Use of Elliptic Curve Cryptography (ECC) Algorithms in - Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P. - Lambert. April 2002. (Format: TXT=33779 bytes) (Status: - INFORMATIONAL) - -3281 An Internet Attribute Certificate Profile for Authorization. S. - Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status: - PROPOSED STANDARD) - -3369 Cryptographic Message Syntax (CMS). R. Housley. August 2002. - (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status: - PROPOSED STANDARD) - -3370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August - 2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status: - PROPOSED STANDARD) - -3377 Lightweight Directory Access Protocol (v3): Technical - Specification. J. Hodges, R. Morgan. September 2002. (Format: - TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255, - RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD) - -3394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad, - R. Housley. September 2002. (Format: TXT=73072 bytes) (Status: - INFORMATIONAL) - -3436 Transport Layer Security over Stream Control Transmission - Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002. - (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD) - -3657 Use of the Camellia Encryption Algorithm in Cryptographic - Message Syntax (CMS). S. Moriai, A. Kato. January 2004. - (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD) - -"Securing FTP with TLS", 01/27/2000, - - -To be implemented: ------------------- - -These are documents that describe things that are planed to be -implemented in the hopefully short future. - diff --git a/crypto/openssl-0.9/tools/c_hash b/crypto/openssl-0.9/tools/c_hash deleted file mode 100644 index 5e0a908175..0000000000 --- a/crypto/openssl-0.9/tools/c_hash +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -# print out the hash values -# - -for i in $* -do - h=`openssl x509 -hash -noout -in $i` - echo "$h.0 => $i" -done diff --git a/crypto/openssl-0.9/tools/c_info b/crypto/openssl-0.9/tools/c_info deleted file mode 100644 index 0e1e633b6f..0000000000 --- a/crypto/openssl-0.9/tools/c_info +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh -# -# print the subject -# - -for i in $* -do - n=`openssl x509 -subject -issuer -enddate -noout -in $i` - echo "$i" - echo "$n" - echo "--------" -done diff --git a/crypto/openssl-0.9/tools/c_issuer b/crypto/openssl-0.9/tools/c_issuer deleted file mode 100644 index 55821ab740..0000000000 --- a/crypto/openssl-0.9/tools/c_issuer +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# -# print out the issuer -# - -for i in $* -do - n=`openssl x509 -issuer -noout -in $i` - echo "$i $n" -done diff --git a/crypto/openssl-0.9/tools/c_name b/crypto/openssl-0.9/tools/c_name deleted file mode 100644 index 28800c0b30..0000000000 --- a/crypto/openssl-0.9/tools/c_name +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh -# -# print the subject -# - -for i in $* -do - n=`openssl x509 -subject -noout -in $i` - echo "$i $n" -done diff --git a/crypto/openssl-0.9/tools/c_rehash b/crypto/openssl-0.9/tools/c_rehash deleted file mode 100644 index 3e9ba1efe4..0000000000 --- a/crypto/openssl-0.9/tools/c_rehash +++ /dev/null @@ -1,160 +0,0 @@ -#!/usr/local/bin/perl - - -# Perl c_rehash script, scan all files in a directory -# and add symbolic links to their hash values. - -my $openssl; - -my $dir = "/usr/local/ssl"; - -if(defined $ENV{OPENSSL}) { - $openssl = $ENV{OPENSSL}; -} else { - $openssl = "openssl"; - $ENV{OPENSSL} = $openssl; -} - -$ENV{PATH} .= ":$dir/bin"; - -if(! -x $openssl) { - my $found = 0; - foreach (split /:/, $ENV{PATH}) { - if(-x "$_/$openssl") { - $found = 1; - last; - } - } - if($found == 0) { - print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; - exit 0; - } -} - -if(@ARGV) { - @dirlist = @ARGV; -} elsif($ENV{SSL_CERT_DIR}) { - @dirlist = split /:/, $ENV{SSL_CERT_DIR}; -} else { - $dirlist[0] = "$dir/certs"; -} - - -foreach (@dirlist) { - if(-d $_ and -w $_) { - hash_dir($_); - } -} - -sub hash_dir { - my %hashlist; - print "Doing $_[0]\n"; - chdir $_[0]; - opendir(DIR, "."); - my @flist = readdir(DIR); - # Delete any existing symbolic links - foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { - if(-l $_) { - unlink $_; - } - } - closedir DIR; - FILE: foreach $fname (grep {/\.pem$/} @flist) { - # Check to see if certificates and/or CRLs present. - my ($cert, $crl) = check_file($fname); - if(!$cert && !$crl) { - print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; - next; - } - link_hash_cert($fname) if($cert); - link_hash_crl($fname) if($crl); - } -} - -sub check_file { - my ($is_cert, $is_crl) = (0,0); - my $fname = $_[0]; - open IN, $fname; - while() { - if(/^-----BEGIN (.*)-----/) { - my $hdr = $1; - if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { - $is_cert = 1; - last if($is_crl); - } elsif($hdr eq "X509 CRL") { - $is_crl = 1; - last if($is_cert); - } - } - } - close IN; - return ($is_cert, $is_crl); -} - - -# Link a certificate to its subject name hash value, each hash is of -# the form . where n is an integer. If the hash value already exists -# then we need to up the value of n, unless its a duplicate in which -# case we skip the link. We check for duplicates by comparing the -# certificate fingerprints - -sub link_hash_cert { - my $fname = $_[0]; - $fname =~ s/'/'\\''/g; - my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`; - chomp $hash; - chomp $fprint; - $fprint =~ s/^.*=//; - $fprint =~ tr/://d; - my $suffix = 0; - # Search for an unused hash filename - while(exists $hashlist{"$hash.$suffix"}) { - # Hash matches: if fingerprint matches its a duplicate cert - if($hashlist{"$hash.$suffix"} eq $fprint) { - print STDERR "WARNING: Skipping duplicate certificate $fname\n"; - return; - } - $suffix++; - } - $hash .= ".$suffix"; - print "$fname => $hash\n"; - $symlink_exists=eval {symlink("",""); 1}; - if ($symlink_exists) { - symlink $fname, $hash; - } else { - system ("cp", $fname, $hash); - } - $hashlist{$hash} = $fprint; -} - -# Same as above except for a CRL. CRL links are of the form .r - -sub link_hash_crl { - my $fname = $_[0]; - $fname =~ s/'/'\\''/g; - my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; - chomp $hash; - chomp $fprint; - $fprint =~ s/^.*=//; - $fprint =~ tr/://d; - my $suffix = 0; - # Search for an unused hash filename - while(exists $hashlist{"$hash.r$suffix"}) { - # Hash matches: if fingerprint matches its a duplicate cert - if($hashlist{"$hash.r$suffix"} eq $fprint) { - print STDERR "WARNING: Skipping duplicate CRL $fname\n"; - return; - } - $suffix++; - } - $hash .= ".r$suffix"; - print "$fname => $hash\n"; - $symlink_exists=eval {symlink("",""); 1}; - if ($symlink_exists) { - symlink $fname, $hash; - } else { - system ("cp", $fname, $hash); - } - $hashlist{$hash} = $fprint; -} - diff --git a/crypto/openssl-0.9/util/extract-names.pl b/crypto/openssl-0.9/util/extract-names.pl deleted file mode 100644 index 35bd6ed843..0000000000 --- a/crypto/openssl-0.9/util/extract-names.pl +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/perl - -$/ = ""; # Eat a paragraph at once. -while() { - chop; - s/\n/ /gm; - if (/^=head1 /) { - $name = 0; - } elsif ($name) { - if (/ - /) { - s/ - .*//; - s/,\s+/,/g; - s/\s+,/,/g; - s/^\s+//g; - s/\s+$//g; - s/\s/_/g; - push @words, split ','; - } - } - if (/^=head1 *NAME *$/) { - $name = 1; - } -} - -print join("\n", @words),"\n"; - diff --git a/crypto/openssl-0.9/util/extract-section.pl b/crypto/openssl-0.9/util/extract-section.pl deleted file mode 100644 index 7a0ba4f69a..0000000000 --- a/crypto/openssl-0.9/util/extract-section.pl +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/perl - -while() { - if (/=for\s+comment\s+openssl_manual_section:(\S+)/) - { - print "$1\n"; - exit 0; - } -} - -print "$ARGV[0]\n"; -